Consumer Protection & Privacy

    • 10 Dec 2015

    Privilege Protects Cyber Breach Investigation: A Norton Rose Fulbright Whitepaper

    By David Navetta and Kris Kleiner On October 23, 2015, the Federal District Court in Minnesota upheld Target’s assertion that documents produced pursuant to an internal investigation of its 2013 security incident fell within the protections of the attorney-client privilege and work-product doctrine [ lexis.com subscribers can read the enhanced opinion | Lexis Advance ]. The plaintiffs, comprised of a class of...
    • 10 Dec 2015

    ACC Foundation Releases Largest Study of its Kind on Cybersecurity Among In-House Counsel Underwritten by Ballard Spahr LLP

    The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report underwritten by Ballard Spahr on December 9, 2015. The report provides valuable insights on cybersecurity issues from more than 1,000 corporate lawyers at 887 organizations worldwide—most of whom hold the position of General Counsel (GC) or Chief Legal Officer (CLO). The report can be used by in-house lawyers to assess...
    • 17 Nov 2015

    Is the Filing of a "Stale" Proof of Claim a Violation of the FDCPA?

    by Jeana R. Long Last year, the Eleventh Circuit was the first to hold that a debt collector engages in deceptive, misleading, unfair, or unconscionable conduct in violation of the Fair Debt Collection Practices Act (the "FDCPA") by filing a bankruptcy proof of claim on a debt that is barred by the applicable statute of limitations. Crawford v. LVNC Funding, LLC, 758 F.3d 1254, 1261 (11th Cir. 2014) [subscribers...
    • 11 Nov 2015

    FTC Announces “Operation Collection Protection”

    The Federal Trade Commission (FTC) yesterday announced its new coordinated effort against unlawful debt collection practices, “Operation Collection Protection.” The FTC also announced that federal, state and local law enforcement agencies have brought 30 new actions against debt collectors nationwide. FTC Chairwoman Edith Ramirez and Illinois Attorney General Lisa Madigan claimed that the FTC and the Illinois...
    • 5 Nov 2015

    Peter S. Vogel: MaaS (Malware-as-a-Service) – the Cybercrime Cloud Service NO ONE Wants to Think about

    By Peter S. Vogel According to the 2015 Threat Report about MaaS is that the “ average price for exploit kits is usually between $800- $1,500 a month, depending on the features and add-ons” and the “price is likely to remain low due to increased competition.” The Websense Report was issued in April 2015 and included these trends in two categories (1) Human Behavioral Trends and (2) Technique...
    • 5 Nov 2015

    Peter S. Vogel: Advice about Cybersecurity Blind Spots Including Cloud Access

    By Peter S. Vogel A report from Tenable Network Security identifies that blind spots “can increase legal risk because information retention policies designed to limit legal liability are very unlikely to be applied to electronically stored information (ESI) contained on unauthorized cloud, mobile and virtual assets.” Tenable Network Security’s April 15, 2015 report entitled “ Eliminating Cybersecurity...
    • 5 Nov 2015

    New York Times Article Omits Critical Pro-Arbitration Facts

    by Alan S. Kaplinsky An article on consumer arbitration in this week’s Sunday New York Times concludes that “[b]y inserting individual arbitration clauses into a soaring number of consumer and employment contracts, companies … devised a way to circumvent the courts and bar people from joining together in class-action.” Unfortunately, the Times article (in which I’m quoted extensively...
    • 4 Nov 2015

    Troutman Sanders LLP: Trump Hotels Hit With Data Breach Class Action Lawsuit

    A new putative class action lawsuit has been filed against the hotel chain owned by Donald Trump in the United States District Court for the Southern District of Illinois, after the hotel chain revealed that it had been the subject of a data breach. The suit asserts claims under “state consumer protection laws” and “state data breach notification statutes” of the states of the affected class members...
    • 4 Nov 2015

    Peter S. Vogel: Cyber Intrusion Planning Should Include Training Employees about eMail

    By Peter S. Vogel Everyone should already know cyber intrusions are “when not if,” so the Federal Communications Commission (FCC) prepare a tool which “is designed for businesses that lack the resources to hire dedicated staff to protect their business, information and customers from cyber threats.” The FCC’s “ Small Biz Cyber Planner ” was assembled with help from the Department...
    • 4 Nov 2015

    Peter S. Vogel: Cyber Intrusion Responsibility Shared by General Counsel & IT

    By Peter S. Vogel It is imperative that General Counsel learn IT technology and lingo- and that IT legal jargon given a recent survey identified that in almost 450 companies 31% rely on IT and 21% rely on General Counsel to be primarily responsible for assuring legal compliance when cyber intrusion occurs. Zurich sponsored Advisen’s recent white paper entitled “ The Fifth Annual Survey on the Current State...
    • 4 Nov 2015

    Peter S. Vogel: SEC Declares Planning for Prevention and Detection of Cyber Intrusions is Essential!

    By Peter S. Vogel In a recent speech SEC Chair Mary Jo White declared that while “cybersecurity attacks cannot be entirely eliminated, it is incumbent upon private fund advisers to employ robust, state-of-the-art plans to prevent, detect, and respond to such intrusions.” On October 16, 2015 Chair White also stated that: Cybersecurity is the shared responsibility of all regulators and market participants...
    • 4 Nov 2015

    Duane Morris LLP: FDA Publishes Draft Guidance Documents on Compounding Using Bulk Drug Substances

    On October 27, 2015, the U.S. Food and Drug Administration (FDA) published notice of two draft guidance documents in the Federal Register [1] : “Interim Policy on Compounding Using Bulk Drug Substances Under Section 503A of the Federal Food, Drug, and Cosmetic Act” [2] and “Interim Policy on Compounding Using Bulk Drug Substances Under Section 503B of the Federal Food, Drug, and Cosmetic Act.”...
    • 4 Nov 2015

    Duane Morris LLP: FDA Publishes Revised Guidance on Product Tracing Requirements for Dispensers

    On November 27, 2013, the Drug Supply Chain Security Act (DSCSA) was enacted “to build an electronic, interoperable system by November 27, 2023, which will identify and trace certain prescription drugs as they are distributed in the United States.” This year, trading partners were required to exchange product tracing information, as well as maintain the information for at least six years after the date of...
    • 3 Nov 2015

    CFPB Orders Another Auto Lender to Pay $3.28 Million to Settle Claims for Illegal Debt Collection Involving Service Members

    by Ethan G. Ostroff , Keith J. Barnett and Alan D. Wingfield On October 28, the Consumer Financial Protection Bureau filed an administrative consent order against Security National Automotive Acceptance Company (“SNAAC”), an Ohio auto lender specializing in loans to service members, for engaging in illegal debt collection practices. The order requires the company to refund or credit about $2.28 million...
    • 3 Nov 2015

    Is Your Putative Consumer Class Ascertainable? The 7th Circuit Suggests It Doesn’t Really Matter at the Certification Stage

    by Amy R. Jonker Class action plaintiffs have a new reason to file suit in the Seventh Circuit. In Mullins v. Direct Digital, LLC, 795 F.3d 654 (7th Cir. 2015), the Seventh Circuit refused to follow the Third Circuit’s imposition of a heightened “ascertainability” requirement at the class certification stage [subscribers can access an enhanced version of this opinion: lexis.com | Lexis Advance ]....
    • 3 Nov 2015

    CFPB Sues Company and Owner for Alleged Student Financial Aid Scam

    by Barbara S. Mishkin A new lawsuit filed by the CFPB in a California federal district court alleges that the defendants, a company and its individual owner, are engaged in a nationwide student financial aid scam. In addition to injunctive relief, the complaint seeks redress for harmed consumers and civil money penalties. According to the CFPB’s complaint , the defendants contacted students and their families...
    • 2 Nov 2015

    Sixth Circuit Holds Voicemail From Debt Collector Does Not Violate FDCPA

    by Samantha L. Walls On October 22, 2015, the Sixth Circuit Court of Appeals, in a 2-1 decision, clarified the types of “communication” that can violate the Fair Debt Collection Practices Act FDCPA). In Brown v. Van Ru Credit Corp. , No. 15-1323 (recommended for publication), the Sixth Circuit affirmed the trial court’s order granting judgment on the pleadings, holding that debtor failed to allege...
    • 29 Oct 2015

    CFPB Highlights Credit Card Complaints in Fourth Monthly Complaint Report

    by Barbara S. Mishkin The CFPB has issued its October 2015 complaint report , the fourth in its new series of monthly complaint reports. The new report highlights credit card complaints and complaints from consumers in the Chicago, Illinois metro area. General findings include the following: • As of October 1, 2015, the CFPB handled approximately 726,000 complaints nationally, including approximately...
    • 28 Oct 2015

    CFPB Director Provides Additional Commentary on Efforts to Address Arbitration Issues

    by Tim J. St. George , David M. Gettings , David N. Anthony and John C. Lynch On October 22, Consumer Financial Protection Bureau Director Richard Cordray delivered prepared remarks to the Consumer Advisory Board. At the meeting, Cordray discussed arbitration and issues relating to non-English or limited English-speaking consumers. The issue of arbitration, however, was at the forefront of the discussion. As we...
    • 28 Oct 2015

    Norton Rose Fulbright: California Attorney General seeks to change Proposition 65 settlement landscape

    By Lauren Shoor Continuing a flurry of activity this year to reform Proposition 65 in California, the Office of the Attorney General is proposing amendments to the Proposition 65 regulations that would affect settlement terms, penalty amounts, and attorneys’ fees in civil actions filed by private persons in the public interest . For a more detailed discussion of Proposition 65 settlements in private enforcement...
    • 28 Oct 2015

    DLA Piper LLP: Plan now to use off-band communications during an incident response: key points

    By Tara McGraw Swaminatha Your company is in crisis mode in the throes of a security incident response (IR). But you are calmly executing your well-honed IR plan − a plan you developed and tested during mock exercises over the past year. You are confident in your team’s ability to triage the incident and your technical security experts’ ability to stop the attack. You know you will return your company...
    • 23 Oct 2015

    Ballard Spahr: Our Thoughts on Director Cordray’s Arbitration Comments to the CFPB’s Consumer Advisory Board

    by Alan S. Kaplinsky In his remarks today to the CFPB’s Consumer Advisory Board, Director Cordray denigrated arbitration agreements as a “free pass” that allows companies to “sidestep the legal system, avoid big refunds, and continue to pursue profitable practices that may violate the law and harm consumers on a large scale.” He also repeated the CFPB’s claim that class actions “can...
    • 21 Oct 2015

    Ballard Spahr LLP: California Updates Data Breach Notification Statute

    By Odia Kagan, Philip N. Yannella and Roshni Patel Three bills that will update California’s data breach notification requirements have been signed into law by Governor Jerry Brown. The bills impose specific requirements on providing breach notification to consumers, add a definition of “encryption,” and amend the definition of “personal information.” These updates take effect on January...
    • 21 Oct 2015

    Norton Rose Fulbright: New California Consumer Products Legislation

    By Will Troutman (US) Last week marked the last chance for California Governor Jerry Brown to sign or veto legislation the California Legislature passed this year. The legislation goes into effect January 1, 2016. Although it was a quiet year for consumer products, several of the new laws are significant. Here is a rundown of relevant bills Governor Brown signed: AB 888 – Microbead Ban Prohibits a person...
    • 16 Oct 2015

    Peter S. Vogel: Cyber Theft of Millions Caused by Phishing Malware!

    By Peter S. Vogel Criminal charges have been filed against the botnet administrator of “Bugat,” “Cridex” or “Dridex” which is a “sophisticated malware package designed to steal banking and other credentials from infected computers” and the “FBI estimates at least $10 million in direct loss.” The US Attorney General’s office announced on October 13, 2015...