Featured posts for main page slider

On Monday, May 14, 2018, the Federal Communications Commission (“FCC”) issued a public notice seeking comment on interpretation of the Telephone Consumer Protection Act (“TCPA”) in light of the D.C. Circuit’s decision in ACA International v. FCC. The notice reflects an intent by the FCC to take up the proper interpretation of the TCPA promptly. Specifically, the FCC seeks comment on key areas of the TCPA, including:

  • How to interpret “capacity” in light of the D.C. Circuit’s decision in ACA, including the amount of user effort required to enable a device to function as an automatic telephone dialing system (“ATDS”);
  • The functions a device must be able to perform to qualify as an ATDS, including whether the word “automatic” envisions only non-manual dialing of telephone numbers;
  • How to treat reassigned wireless numbers and how to interpret the term “called party” for reassigned numbers, including whether the term refers to the person the caller expected to reach, the party the caller reasonably expected to reach, or the person actually reached;
  • Revocation of prior consent, including particular opt-out methods that would suffice to revoke consent;
  • The scope of the term “person” under the statute, and whether it includes federal government contractors; and
  • The appropriate limit for calls made to a reassigned number.

The initial comment period closes on June 13, 2018 and the reply comment period closes on June 28, 2018, meaning that the issues would be ripe for decision by the FCC in short order.

The ACA decision was immediately hailed by current FCC Chairman Ajit Pai, who said in a statement that the “unanimous D.C. Circuit decision addresses yet another example of the prior FCC’s disregard for the law and regulatory overreach. As the court explains, the agency’s 2015 ruling placed every American consumer with a smartphone at substantial risk of violating federal law. That’s why I dissented from the FCC’s misguided decision and am pleased that the D.C. Circuit too has rejected it.” Commissioners O’Rielly and Carr similarly praised the decision, giving Chairman Pai the necessary majority to effect major change in the TCPA landscape.

The call for comments also follows on the heels of a petition filed with the FCC by the U.S. Chamber of Commerce and 17 trade groups. The petition focused solely on the definition of an ATDS. Like the FCC’s request for comment, the petition tracks the language of the D.C. Circuit’s decision in ACA, where it struck down major portions of the FCC’s previous expansive interpretations of the TCPA, including its definition of an ATDS. While the FCC has taken the position for 15 years that a predictive dialer is an ATDS, the D.C. Circuit found that the 2015 Order and its predecessors do not give a clear answer as to whether a device qualifies as an ATDS only if it can generate random or sequential numbers for dialing. The U.S. Chamber petition urges the FCC to confirm that equipment must use a random or sequential number generator to store or produce numbers and dial those numbers without human intervention to qualify as an ATDS and to find that only calls made using actual ATDS capabilities are subject to the TCPA. Calling the ACA decision “an opportunity to restore rationality to . . . the TCPA,” the groups ask the Commission to issue a declaratory ruling as soon as possible to clarify the ATDS definition.

In sum, the groundwork is being laid at the FCC for a major change in interpretation of the TCPA, and the changes under consideration would substantially reduce the legal risks for companies using telephony to contact consumers.

Troutman Sanders LLP has unique industry-leading expertise with the TCPA, with experience gained trying TCPA cases to verdict and advising Fortune 500 companies regarding their compliance strategy. We will continue to monitor legislative developments and regulatory implementation of the TCPA in order to identify and advise on potential risks.

The District of Nevada recently applied the D.C. Circuit’s decision in ACA International v. FCC and granted summary judgment in favor of the defendant on plaintiff’s Telephone Consumer Protection Act claim.  Specifically, the Court held in Marshall v. The CBE Group, Inc. that CBE’s phone system does not qualify as an automatic telephone dialing system, commonly referred to as an “ATDS.”

Plaintiff Gretta Marshall filed suit against CBE, a third-party debt collector, alleging that it violated the TCPA and the Fair Debt Collection Practices Act through its collection efforts related to her outstanding bill.  Marshall alleged that CBE’s agents used an ATDS to contact her in violation of the TCPA.  CBE places calls using a Manual Clicker Application (“MCA”), requiring the call agent to click a bullseye on a computer screen to place a call.  When a CBE agent clicks the bullseye, a call is sent through a cloud-based connectivity pass-through, LiveVox, and then the CBE agent is connected with the person to whom the call is placed.

In analyzing CBE’s “communication infrastructure,” the Court stated that in light of the ACA v. FCC decision, it would apply the statutory language defining an ATDS, resulting in a focus on whether CBE’s phone equipment has the capacity to produce or store phone numbers to be called using a random or sequential number generator.  The Court noted that the overwhelming authority held that “point and click” dialing systems, used in unison with cloud-based pass-through services, did not qualify as ATDSs due to the human intervention required to place the call.  Applying this rationale, the Court found that CBE agents who were required to click the bullseye were “integral to initiating outbound calls.”  This finding weighed in favor of finding that the MCA, used with LiveVox, was not an ATDS.

Further, the Court dismissed Marshall’s allegations that LiveVox, the cloud-based pass-through, placed the calls and qualified as an ATDS.  Marshall argued that because LiveVox could perform call progress analysis (such as maintaining call logs), it actually initiated the call, not CBE.  Ultimately, the Court found that Marshall had not presented any evidence or legal authority sufficient to create a genuine dispute of material fact as to LiveVox’s alleged qualification as an ATDS.  Specifically, Marshall did not show that LiveVox’s ability to track calling information meant that LiveVox has the capacity to produce or store telephone numbers to be called, using a random or sequential number generator, and to dial the numbers.

Given the human intervention necessary to place calls using MCA and Marshall’s failure to create a genuine dispute of material fact regarding LiveVox’s role, the Court held that CBE did not use an ATDS to place calls to Marshall.

The District of Nevada is one of the first courts to apply the decision from ACA International v. FCC when interpreting the definition of an ATDS.  The decision in Marshall v. CBE indicates that courts will be able to simplify their analysis of whether a telephone system qualifies as an ATDS under the TCPA by eliminating the need to determine “potential functionalities” of a calling system and instead focusing on the calling systems’ “capacity to store or produce telephone numbers to be called, using a random or sequential number generator.”

Within days of realizing a data breach incident had occurred, Under Armour, Inc.—the owner of the popular calorie counting application, MyFitnessPal—began notifying its users of the breach that impacted approximately 150 million user accounts.  According to the data breach notice, the MyFitnessPal team learned on March 25 that an unauthorized party acquired data associated with MyFitnessPal user accounts.  The affected information included user names, email addresses, and passwords, but users’ payment card data remained secure since that information is collected and processed separately by MyFitnessPal.

In response to the data breach, MyFitnessPal immediately began taking steps to protect the MyFitnessPal community, including:

  1. Providing users with information on how they can protect their data;
  2. Requiring users to change their passwords and urging them to do so immediately;
  3. Monitoring accounts for suspicious activity and coordinating the company’s efforts with law enforcement authorities; and
  4. Continuing to make enhancements to their systems to detect and prevent unauthorized access to user information.

MyFitnessPal also instructed users to change their passwords for other accounts that use the same or similar information as their MyFitnessPal accounts and to monitor all accounts for suspicious activity. It is currently unknown who is responsible for the data breach. However, Under Armour has made it clear that the investigation into the matter remains ongoing.

Under Armour has already earned high marks for its quick response to the data breach, which in large part can likely be attributed to a well-oiled Incident Response Plan that had been tested through tabletop exercises.  This should serve as a reminder that companies are no longer being judged on whether a data incident occurs but rather on how they respond to such incidents—with timeliness being a key component.

On March 29, 2018, the United States Court of Appeals for the Second Circuit rendered a long-awaited opinion in what is commonly called a “reverse-Avila” or “current account balance” case, holding that it is not a violation of the Fair Debt Collection Practices Act (“FDCPA”) for a debt collector to state a consumer’s balance without mentioning interest or fees, when no such interest or fees are accruing.

The case is Christine Taylor, et al. v. Financial Recovery Services, Inc. No. 17-cv-1650 (2d Cir. Mar. 29, 2018), and the opinion is available here.

Underlying Facts

In Taylor, both Plaintiffs incurred debts with a bank, which after default were placed with Financial Recovery Services (“FRS”) for collection. At the time of placement, the bank instructed FRS not to accrue any interest or fees on the accounts. FRS thereafter sent a series of collection notices to both Plaintiffs, each notice containing the identical balance due as the previous notice. None of the notices contained a disclosure that interest and fees may accrue on the balance of the account. Neither Plaintiff made any payments on their accounts and each ultimately filed for Chapter 7 bankruptcy protection.

Due to the lack of a specific disclosure regarding whether interest and fees were accruing, the Plaintiffs argued the letters could be interpreted to have more than one meaning, and they filed suit claiming violations of Section 1692e and 1692g of the FDCPA. Plaintiffs relied heavily on the Second Circuit’s holding in Avila v. Riexinger & Associates, LLC, 817 F.3d 72 (2d Cir. 2016), where the court held a debt collection letter violates the FDCPA if it states a “current balance” of a consumer’s debt without disclosing that interest and fees are accruing on that balance, when they are in fact accruing such that paying the balance listed on a letter would not pay a debt in full.

The District Court’s Decision Granting Summary Judgment in Favor of the Debt Collector

In May 2017, the District Court granted summary judgment to FRS, holding its letters did not violate the FDCPA and noting the collection notices were not false, misleading, or deceptive as a matter of law. The Court further found that the Plaintiffs failed to present evidence that the balances on the face of the notices were inaccurate. Since the balances were accurate, the Court found it “irrelevant” whether or not the balances, in fact, accrued interest or fees after being referred to FRS. Furthermore, the Court pointed out that the statements were not misleading because the balances owed were stated numerous times within each letter and the balances remained the same in successive letters.

In analyzing the “least sophisticated consumer” standard, the Court stated that “[t]he letters are not misleading to the least sophisticated consumer, who (i) might not understand or even consider the concept of interest and when it accrues; (ii) could reasonably take the language at face value as the amount owed; or (iii) might infer from the unchanging amount in each of the coupons and successive letters that interest was not accruing.” Importantly, the Court noted that “[o]nly a consumer in search of an ambiguity and not the least sophisticated consumer relevant here, would interpret the letters to mean that interest was accruing .” (emphasis added).

In distinguishing this case from the holding in Avila, the District Court recognized that the Plaintiffs provided no evidence that paying the balance on their respective letters would not satisfy their debts.

The Second Circuit’s Decision Rejecting the Plaintiffs’ Interpretations of the FDCPA

On appeal to the Second Circuit, Plaintiffs argued that FRS’s collection notices were misleading within the meaning of Section 1692e “because the least sophisticated consumer could have interpreted them to mean either that interest and fees on the debts in question were accruing or that they were not accruing.” Relying heavily on Avila, Plaintiffs argued a debt collector commits a per se violation of Section 1692e whenever it fails to disclose whether interest or fees are accruing on a debt. The Second Circuit made clear the Plaintiffs were mistaken, noting the violation in Avila arose because “[a] reasonable consumer could read the notice and be misled into believing that she could pay her debt in full by paying the amount listed on the notice” where such payment would not have settled the debt in that case.

In Taylor, however, the Court noted no interest or fees were accruing, so the balances included in the collection notices sent to Plaintiffs correctly stated the payment needed to satisfy the debt in full, and that no language regarding interest and fees was required. Unlike Avila where the Court found the message prejudicially misleading, in Taylor prompt payment of the stated balance would have satisfied Plaintiffs’ debts. In the words of the Court:

Thus, the only harm that Taylor and Klein suggest a consumer might suffer by mistakenly believing that interest or fees are accruing on a debt is being led to think that there is a financial benefit to making repayment sooner rather than later. This supposed harm falls short of the obvious danger facing consumers in Avila.

It is hard to see how or where the FDCPA imposes a duty on debt collectors to encourage consumers to delay repayment of their debts. And requiring debt collectors to draw attention to the fact that a previously dynamic debt is now static might even create a perverse incentive for them to continue accruing interest or fees on debts when they might not otherwise do so. Construing the FDCPA in light of its consumer protection purpose, we hold that a collection notice that fails to disclose that interest and fees are not currently accruing on a debt is not misleading within the meaning of Section 1692e.

Opinion at 6 – 7.

In holding Plaintiffs’ letters were not misleading under the FDCPA, the Court mirrored its decision with the Seventh Circuit’s holding in Chuway v. National Action Financial Services, Inc., which stated the following:

[I]f a debt collector is trying to collect only the amount due on the debt the letter is sent, then he complies with the [FDCPA] by stating that the creditor has “assigned your delinquent account to our agency for collection,” and asking the recipient to remit the balance listed and stopping there, without talks of the “current” balance.

362 F.3d 944, 949 (7th Cir. 2004) (Emphasis added).

The Second Circuit further read sections 1692e and 1692g of the FDCPA in harmony, meaning that if there is no interest and fees accruing on the balance, then collection notices are not misleading under section 1692e and the balance is accurately stated under section 1692g. Conversely, if interest and fees are accruing and no disclosure is given in the notice, then it would run afoul of both sections 1692e and 1692g.

Plaintiffs also unsuccessfully raised two additional arguments before the court. First, Plaintiffs argued the bank continued to accrue interest on Plaintiffs’ accounts even after they were placed with FRS for collection. The Court refused to consider this argument because Plaintiffs failed to raise this issue before the district court, so it could not be raised on appeal.

Second, Plaintiffs argued that even though the bank may not have accrued interest, it nonetheless retained the right to do so and could start adding interest onto the accounts at any point in the future. The Court rejected this argument because it would be so far in the future it would have no effect on the notice sent by FRS. Further, since nothing was being added to the account balances, Plaintiffs’ debts were static so they could satisfy them by prompt payment.


The Taylor opinion is a response to the flood of “current account balance” lawsuits filed in the wake of the Avila decision. Its common-sense approach gives debt collectors a clear answer to what should be a straightforward question of statutory interpretation. It can also be interpreted as a statement by the Second Circuit regarding the confusing tangle of opinions that have come out of the Eastern District of New York on the issue. Debt buyers and collectors should be refreshed by any opinion that recognizes when an idiosyncratic interpretation of the FDCPA affects their business by encouraging consumers to delay repayment of their debts.

As newspaper articles, academic studies, and politicians’ speeches have repeated, statistics suggest that a student loan crisis may be building. The share of students graduating with more than $50,000 in student loan debt has more than tripled since 2000, increasing from 5% in 2000 to 17% in 2014. As a result, this group of “large-balance borrowers” now holds the majority (58%) of the outstanding student debt owed to the federal government, approximately $790 billion of the $1.4 trillion accumulated by December 31, 2017. 

In recent days, the idea of “risk-sharing plans,commonly referred to as “RSPs,” has gathered momentum. In general, these arrangements compel educational institutions to repay taxpayers for some of the loans taken out by their defaulting graduates. One iteration, created by Tiffany Chou from the Office of Economic Policy at the Department of Treasury, Adam Looney from the Brookings Institution, and Tara Watson of Williams College and endorsed by Brookings itself, uses a purportedly hard-to-manipulate repayment rate—the amount each institution’s students have repaid after five years—to set minimum thresholds below which institutions would have to contribute. These scholars currently propose a rate of 20%. Thus, if the repayment rate falls below 20%, the college would be required to pay part of the difference to the federal government, with differing obligations as the rate decreases. According to its defenders, such an RSP would correct for the distortion in the student loan market created by federal guarantees of student loans. 

Significantly, this idea received a boost from favorable mention in a white paper released on February 1 by the staff of the Senate’s Committee on Health, Education, Labor and Pensions (or “HELP Committee), the very committee presently considering various reforms of the federal government’s student loan system. It even earned a reference on page 41 of the President’s Fiscal Year 2019 budget proposal. As of March 26, whether the HELP Committee will include such a program in a future bill and what form it would take remain unknown.


On March 12, Judge Eldon E. Fallon of the U.S. District Court for the Eastern District of Louisiana tossed a plaintiff’s putative class action lawsuit against the American Heart Association (“AHA”), Anthem Foundation, Inc., and Anthem, Inc. under the Telephone Consumer Protection Act relating to text messages sent to a consumer following her attendance at a CPR training course. This decision provides some additional clarity for health care companies in distinguishing between informational and telemarketing outreach under the TCPA.

The underlying facts are straightforward. The plaintiff attended a CPR training event and provided her cellular telephone number to the AHA to receive content including “monthly CPR reminders” and “healthy messaging information.” She subsequently received “more than 20 text messages” from AHA, such as “AHA/Anthem Foundation: Memorize your work address. You may need to recite it to a dispatcher should you have to call 9-1-1 from the office.” Each of the roughly two dozen text message included “AHA/Anthem Foundation” at the beginning of the message. Although the text messages generally provided health-related informational content, one text message provided a link to the AHA’s website to find available CPR courses in a specific geographic area—some of which were free, and others available for a fee.

The plaintiff’s theories of liability were that (1) the messages were telemarketing, and thus the prior express consent she provided to AHA was not sufficient for the at-issue text messages; (2) nonprofit Anthem Foundation was vicariously liable for text messages sent by AHA because “Anthem Foundation” was included in the body of the message; and (3) Anthem, Inc. was vicariously liable because the inclusion of Anthem Foundation in the text messages was a “purely commercial plug” of its corporate parent. The defendants jointly moved to dismiss the complaint, claiming that the consent provided to AHA was sufficient for the whole of the communications with the plaintiff, and submitted the entire text-message log between the plaintiff and AHA.

The lawsuit attempted to broaden the TCPA in two key ways: (1) expanding vicarious liability to brands allegedly affiliated with the communications, and (2) applying the TCPA’s prior express written consent standard for telemarketing to text messages providing information about local CPR classes—neither of which Judge Fallon was willing to indulge. On the vicarious liability point, the Court found that “although the text messages reference Anthem Foundation, this is irrelevant because the sender was, in fact, AHA.” The Court further noted the lack of any authority suggesting that “a nonprofit’s association with a donor or another charitable entity—i.e., Anthem Foundation—gives rise to a TCPA claim when she voluntarily sought to receive certain communications and information.”

As to the content of the messages, Judge Fallon examined the text message relating to CPR courses, which contained a link to a search function allowing users to find nearby classes. The Court visited the link and provided screenshots of the website in its ruling. It observed that “[t]o sign up for a CPR class—whether for-pay or free—a visitor must click on one of the providers, in which the [visitor] is taken to the provider’s Website.” The Court wrote, “[I]n this case, common sense tells the Court that the information in which Plaintiff labels as ‘commercial’ is undoubtedly informational. Defendants AHA and Anthem Foundation provide individuals with a public resource to seek CPR training. This resource is the type of communications Plaintiff wanted and signed up to receive: information about CPR and healthy living. Her complaint is thus unwarranted.”

With this dismissal and others like it, health care companies can be heartened that multiple courts have taken a “common sense” approach interpreting the TCPA to permit beneficial, health-related outreach to their members and consumers. However, this area of law remains murky, and thus companies are reminded of the importance of maintaining accurate records to minimize litigation risks.

The defendants were jointly represented by Covert J. Geary of Jones Walker LLP in New Orleans, Louisiana. Anthem Foundation, Inc. and Anthem, Inc. were also represented by Chad R. Fuller, Virginia Bell Flynn, and Justin M. Brandt of Troutman Sanders LLP.


Like a bevy of other jurisdictions, the District of Columbia has established a “borrower’s bill of rights” which creates minimum standards for timely processing, correction of errors, and communication for servicers of federal student loans. 

In response to this state-level action, the U.S. Department of Education recently argued that all such regulations are wholly preempted by its own regulatory efforts and the Higher Education Act of 1965 (HEA).  

On March 20, the Student Loan Servicing Alliance (SLSA), a trade group representing companies who collect education debt payments, invoked federal preemption in a lawsuit seeking invalidation of D.C.’s borrower’s bill of rights. In particular, the complaint by SLSA argues that the bill violates a provision of the HEA that says loans authorized by the federal government are not subject to any disclosure requirements under state law. 

“This lawsuit is about preserving uniform federal guidelines to ensure borrowers know what to expect from their servicer regardless of where they live,” the SLSA’s spokesman contended. 

In general, the SLSA and individual servicers argue that state laws purporting to regulate student lending interject more complexity and confusion into an already complicated federal statutory and regulatory structure for student lending. “It makes perfect sense that the federal government — not individual states — should control who services these assets and how they do it,” asserted the servicers’ attorney. “It helps consumers avoid confusion to have one set of rules as opposed to 50.” 

Borrower advocacy groups and some states, on the other hand, argue that state-level action is needed to supplement the regulatory efforts of the DOE and the Consumer Financial Protection Bureau. In particular, states point to their historic role in regulating the field of consumer protection. 

This issue arose most recently at congressional hearings on March 20 at which DOE Secretary Elisabeth (“Betsy”) DeVos testified.

Largely rejecting the Trump Administration’s proposals regarding student lending championed by Betsy DeVos, Secretary of the Department of Education, the $1.3 trillion budget deal announced by Congressional negotiators on March 21 includes a number of provisions that may aid students:

  • The budget increases the Pell Grant award by $175 per student, bringing maximum Pell Grants up to $6,095 from $5,920. Approximately 27% of students receiving Pell Grants in the 2015-2016 school year received the maximum grant funding, and approximately eight million lower-income undergraduate students are eligible for Pell Grants annually. Unfortunately, grant amounts are not indexed to inflation, and their value remained unchanged between the 2016-17 and 2017-18 academic years.
  • The $732 million Federal Supplemental Education Opportunity Grant received an additional $107 million in funding. This grant provides up to $4,000 annually for students with extraordinary financial need. Approximately 1.6 million students receive these grants; 71% come from families whose household incomes fall below $30,000.
  • The budget increased funding for federal work-study programs by $140 million, bringing total funding up to $1.1 billion. Federal work-study programs help make on- and off-campus jobs available to part-time and full-time undergraduate and graduate students, and more than 300,000 students currently participate in federal work-study.
  • The budget creates a $350 million fund to help support Public Service Loan Forgiveness, or “PSLF.” The program allows eligible borrowers to earn loan forgiveness by working in the public service sector and by making 120 qualifying payments. The budget actually expands this program by providing relief for borrowers enrolled in ineligible repayment plans but who would otherwise have qualified for relief.
  • The budget provides $40 million for the D.C. Tuition Assistance Grant. This grant offers eligible students living in Washington, D.C. up to $10,000 per academic year to help reduce out-of-state tuition costs.
  • The budget provides a $50 million increase for apprenticeship programs and, relatedly, raises funding for career and technical education programs by $75 million.
  • The budget increases Education and Innovation Research Grants by $20 million, thereby bringing total funding to $120 million. These grants encourage states and local communities to develop evidence-based projects for improving education. Surprisingly, Congress rejected expanding funding to explore school choice initiatives.
  • The budget provides $700 million for mental health counselors in schools and $25 million for mental health services through a Department of Health and Human Services program.
  • The budget provides a 14% increase in funding for historically black colleges and universities (“HBCUs”), bringing total spending up to nearly $280 million in the 2018 fiscal year.

The House and Senate approved this spending bill on March 22 and 23.  Although the President expressed frustration at the bill, he ultimately signed it on the afternoon of March 23, 2018.

In a unanimous decision on March 20, 2018, the United States Supreme Court held in Cyan, Inc. et al. v. Beaver County Employees Retirement Fund, et al., 583 U.S. ____ (2018) that state and federal courts retain concurrent jurisdiction to adjudicate class actions brought under the Securities Act of 1933 (the “Securities Act”) and such claims may not be removed to federal court. The opinion, delivered by Justice Elena Kagan, affirms the decision of the California Court of Appeals First Appellate District and settles a long-standing circuit split over whether the Securities Litigation Uniform Standards Act of 1998 (the “SLUSA”) divested state courts of subject matter jurisdiction over “covered class actions” where plaintiffs allege only Securities Act claims and no state law claims.

The decision was largely based on the statutory interpretation and legislative history of SLUSA—namely, its amendments to the jurisdictional provisions of the Securities Act. Indeed, the crux of this case lies in the interpretation of SLUSA’s amendment stating:

The district courts of the United States . . . shall have jurisdiction . . . , concurrent with State and Territorial courts, except as provided in section 77p of this title with respect to covered class actions, of all suits in equity and actions at law brought to enforce any liability or duty created by this subchapter. [1]

Defendants argued that this provision strips state courts of concurrent jurisdiction over Securities Act claims because of the “except as provided” clause’s reference to “covered class actions.” Plaintiffs argued that this provision maintains state courts’ jurisdiction over all suits – including “covered class actions” – alleging only Securities Act claims. Notably, the U.S. government, which filed an amicus brief at the Court’s request, took a third approach, arguing that SLUSA does not deprive state courts of concurrent jurisdiction over cases brought under the Securities Act but does allow defendants to remove these cases to federal court.

The Court found that class actions asserting only Securities Act claims are unaffected by SLUSA, and thus, can be brought in state court – Section 77p “says nothing, and so does nothing, to deprive state courts of jurisdiction over class actions based on federal law.” The Court concluded that “SLUSA’s text, read most straightforwardly,” leaves state court jurisdiction intact and, if Congress wanted to deprive state courts of jurisdiction, it could have inserted an exclusive federal jurisdiction provision. Additionally, the Court held that SLUSA does not permit defendants to remove class actions alleging only Securities Act claims from state to federal court. Finally, the Court concluded that, “[i]f further steps are needed, they are up to Congress.”

The practical impact of the Court’s ruling is a likely increase in Securities Act claims brought in state court, with defendants potentially having to litigate these federal securities claims in federal and state courts simultaneously and in various venues. Given that plaintiffs may continue to argue for the application of certain state courts’ more lenient pleading standards and discovery procedures, defendants may be exposed to protracted, expensive, and cumbersome litigation in various courts across the country.

[1] 15 U.S.C. § 77v(a) (emphasis added).

Going slow and steady may work out for you if you’re a tortoise competing against an overly confident hare. However, if you’re in the mobile device industry and have been lagging on sending out security updates, it’s time to pick up the pace. A new Federal Trade Commission report issued last month found that while the industry has taken steps to expedite the security update process, more can be done to streamline the process and make it easier for consumers to ensure their devices are secure.

As noted in the FTC’s report, “[s]ecurity researchers and government agencies have consistently maintained that the best way to secure consumer information is to take reasonable steps to design secure products and maintain their security with updates that patch vulnerabilities in device software. Despite this consensus, security researchers and industry observers have reported that many mobile devices’ operating systems (the software that powers the devices’ basic functions) are not receiving the security patches they need to protect them from critical vulnerabilities.”

While the FTC commended the mobile device industry for its efforts to expedite the security update process, it set forth the following five recommendations as ways to continue and improve such efforts:

  1. Educating Consumers: Government, industry, and advocacy groups should work together to educate consumers about their role in the operating system update process and the significance of security update support. The FTC notes that the more consumers understand the importance of updates, the more likely they are to install available updates and consider security updates when making decisions to purchase, use, and upgrade devices.
  2. Start with Security: Businesses should consider security as a foundational aspect of their practices and procedures. As such, manufacturers, carriers, and operating system developers should ensure that reasonable security update support is a shared priority, reflected in each company’s policies, practices, and contracts.
  3. Learning from the Past: Companies should evaluate current practices by studying past practices. This requires keeping more consistent records on security support topics such as update decisions, support length, update frequency, customized patch development time, carrier testing time, and uptake rate. The FTC notes that an analysis of this data may provide an empirical basis for improving mobile device security.
  4. Security-Only Updates: The industry should consider how best to package security updates to encourage consumers to accept them. This may require offering security-only updates that do not include general software updates, which some users may be hesitant to accept due to feature changes or potential impact on memory, battery life, bandwidth, or the operating system.
  5. Providing Consumers With Better Information About the Security Update Process: Device manufacturers should consider adopting and stating minimum guaranteed support periods for their devices and should clearly explain the date on which updates will end.

The report was primarily based on the FTC’s findings from information they requested in May 2016 from eight mobile device manufacturers about how they issue security updates. It also took into consideration information it received from wireless carriers about their security updates practices. The FTC noted that while the data provided by these companies was not sufficiently representative to permit definitive conclusions about industry practices as a whole, it did provide remarkable insight into the security update practice that affects a large proportion of the devices on the U.S. market.