Category: Privacy & Information Security

1
Dodd-Frank Reform 2.0
2
The Screen Scrape Debate will not Abate
3
District Court Set to Rule on Cross Motions for Summary Judgment in First Amendment Challenge to TCPA
4
No Class Conflict in Data Breach Settlement Involving Class Members With and Without Economic Injury
5
FDIC Economic Inclusion Summit A Good Reminder of Fair and Responsible Banking Practices
6
FCC Begins Rulemaking Process to Allow Blocking of “Spoofed” Number Calls
7
Federal Government Not Successful in Moving to Dismiss First Amendment Challenge to TCPA
8
Eighth Circuit Requires Further Review of Data Breach Settlement Involving Class Members Who Have No Loss
9
Court Rejects TCPA Claims Based on Theory of Third-Party Liability
10
TRUMP’S CAMPAIGN TO GO IT ALONE ON FIRST AMENDMENT CHALLENGE TO THE TCPA

Dodd-Frank Reform 2.0

By: Daniel F. C. Crowley, Bruce J. Heiman, William A. Kirk, Karishma Shah Page, Dean A. Brazier, Eric A. Love, Eli M. Schooley

Recent activity in Congress suggests that the return from the July 4th recess will see a continued push to reform the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”) before year’s end. This alert provides an overview of the current state of play and the most likely outcome.

Read More

The Screen Scrape Debate will not Abate

By Judith E. Rinearson, Rizwan Qayyum

The debate surrounding “screen-scraping” continues as Member States of the European Union are preparing for the impending Second Payment Services Directive (“PSD2”). Screen scraping is the practice in which third-party Payment Initiation Service Providers (“PISPs”) and Account Information Service Providers (“AISPs”) are granted access to bank accounts of a client utilising their credentials to perform a service. As heralded in our discussion in July identifying the problem, the European Banking Authority (“EBA”) maintained their stance of outlawing the practice in the final draft Regulatory Technical Standards (“RTS”) on secure communication and Strong Customer Authentication (“SCA”). Consistent industry pressure has led the European Commission (“EC”) to request of the EBA to permit AISPs and PISPs to utilise screen scraping as a “fallback option”.

Read More

District Court Set to Rule on Cross Motions for Summary Judgment in First Amendment Challenge to TCPA

By Andrew C. Glass, Gregory N. Blase, Christopher J. Valente, Michael R. Creta, and Natasha C. Pereira

Last week, a bi-partisan coalition of political groups and the federal government completed briefing cross motions for summary judgment in American Association of Political Consultants, Inc., et al. v. Sessions, Case No. 5:16-cv-00252-D (E.D.N.C.). The case challenges the constitutionality of a portion of the Telephone Consumer Protection Act (“TCPA”). The plaintiffs contend that the TCPA’s prohibition on making auto-dialed calls or texts to cell phones without the requisite consent, 47 U.S.C. § 227(b)(1)(A)(iii) (the “cell phone ban”), imposes a content-based restriction on speech that fails to pass strict scrutiny and is unconstitutionally under-inclusive (the plaintiffs’ complaint is discussed here). The government is defending the statute’s constitutionality (previously discussed here).

Read More

No Class Conflict in Data Breach Settlement Involving Class Members With and Without Economic Injury

By Andrew Glass, Matthew Lowe, and Brandon Dillman

On remand from the Eighth Circuit,[1] the United States District Court for the District of Minnesota recently recertified a data breach settlement class over an objector’s assertion of an intraclass conflict.  Specifically, the objector asserted that a conflict existed between class members who purportedly had suffered loss and were guaranteed a payout under the proposed settlement, and those who had not suffered loss and were not guaranteed a payout.  See In re Target Customer Data Security Breach Litig., No. 14-2522 (PAM), 2017 WL 2178306 (D. Minn. May 17, 2017).  In rejecting the objector’s alleged conflict, the Court emphasized that “the question is not whether there is any potential or theoretical conflict among class members, it is whether class members’ different interests are antagonistic to each other.”  Id. at *3.

Read More

FDIC Economic Inclusion Summit A Good Reminder of Fair and Responsible Banking Practices

By Soyong Cho

Yesterday, the FDIC hosted a day-long Economic Inclusion Summit that brought together stakeholders in private industry, the government, and non-profit organizations to discuss strategies to expand credit to under-served communities. Speakers stressed the need to understand the personal and financial challenges facing low- and moderate-income (“LMI”) populations in order to more effectively design products and marketing channels to reach LMI communities. Leveraging big data and technology were identified as key factors to reducing costs and profitably serving LMI customers.

Banks are of course rated on their outreach initiatives to under-served communities under the Community Reinvestment Act (“CRA”), but profitably expanding their customer base is also good business. The FDIC’s Summit serves as a reminder of the established programs, partnerships, and networks that exist to assist banks to meet their CRA obligations. However, it is also a good reminder that banks must be sensitive to the regulatory compliance and other risks attendant with marketing to and servicing LMI communities in particular, as even the best intentions can be undermined by flawed implementation or unclear regulatory guidance. Among others, UDAAP, fair lending, and privacy issues should be considered in all phases of product development and delivery. In the coming months, K&L Gates will be hosting a series of webinars focused on the nuts and bolts of consumer protection compliance.

FCC Begins Rulemaking Process to Allow Blocking of “Spoofed” Number Calls

By Pamela J. Garvie, Andrew C. Glass, Joseph Wylie II, Gregory N. Blase, and Matthew T. Houston

The Federal Communications Commission unanimously voted at its March 23, 2017, “open meeting” to begin the process for adopting rules allowing carriers to block “spoofed” number calls. These are calls that use a reputable or commonly-known telephone number to mask the actual originating number. The proposed rules would allow carriers to block calls purporting to originate from telephone numbers that (1) are not assigned to a subscriber, (2) are invalid, or (3) are assigned to a subscriber expressly requesting that its number not be spoofed. In his remarks, Chairman Ajit Pai indicated that the proposed rules are needed to target scammers impersonating federal agencies, such as the Internal Revenue Service, and to protect consumers from unwanted solicitations. Commissioner Michael O’Rielly indicated that the proposed rules aim to address illegal “robocalls” in a manner that does not affect legitimate businesses, as opposed to prior efforts to regulate such calls under the Telephone Consumer Protection Act, 47 U.S.C. § 227. The proposed rules and accompanying comments suggest an effort by the now Republican-controlled FCC to issue rules specifically intended to block unwanted robocalls, often from overseas, intended to defraud consumers.

The FCC approved both a Notice of Proposed Rulemaking and a Notice of Inquiry to solicit feedback from consumers and other parties with an interest in the proposed rules. Comments on the proposed rules will be due within forty-five (45) days after publication in the Federal Register. Final rules are unlikely to take effect earlier than late 2017.

Federal Government Not Successful in Moving to Dismiss First Amendment Challenge to TCPA

By Andrew C. Glass, Gregory N. Blase, Christopher J. Valente, and Michael R. Creta

A North Carolina federal district court recently denied a motion by the federal government to dismiss claims raising a First Amendment challenge to a portion of the Telephone Consumer Protection Act (“TCPA”). See American Ass’n of Political Consultants v. Lynch, Case No. 5:16-00252-D (E.D.N.C.). At this early stage of the case, the government did not address the substance of the constitutional challenge. Rather, the government asserted that the court did not have jurisdiction over the case and that the political organizations which filed the suit did not have standing to maintain suit. The court, however, rejected the government’s arguments and allowed the case to proceed.

Read More

Eighth Circuit Requires Further Review of Data Breach Settlement Involving Class Members Who Have No Loss

By Andrew C. Glass, Matthew N. Lowe, and Brandon R. Dillman

In a decision that could affect the resolution of future data breach class actions, the Eighth Circuit recently set aside the settlement in the Target Corp. data breach litigation. See In re Target Corp. Customer Data Security Breach Litig., No. 15-3909, — F.3d —, 2017 WL 429261 (8th Cir. Feb. 1, 2017). The litigation arose from claims that in 2013, hackers compromised credit and debit card data of up to 110 million Target customers. The parties ultimately agreed to a settle on a class basis. According to the settlement agreement, Target agreed to establish a $10 million settlement fund, which would be allocated first to class members with documented losses and then to members with asserted, but undocumented, losses. Members who had “suffered no loss from the security breach [would] receive nothing from the settlement fund,” but would still be “bound under the settlement to release Target from liability for any claims” that may someday arise in the future. Id. at *1.

Read More

Court Rejects TCPA Claims Based on Theory of Third-Party Liability

By Andrew C. Glass, Gregory N. Blase, Roger L. Smerage, and Matthew T. Houston

The U.S. District Court for the Northern District of West Virginia recently granted summary judgment for the defendant alarm manufacturers in In re Monitronics International, Inc. Telephone Consumer Protection Act Litigation (“Monitronics”). In doing so, the Monitronics court rejected Telephone Consumer Protection Act (“TCPA”) claims based on alleged liability for acts of vendors, distributors, or other third parties. The court also expressly overruled its own earlier, contrary opinion rendered in Mey v. Monitronics International, Inc., which matter was consolidated into Monitronics as part of a multidistrict litigation (“MDL”). Thus, the court joined a growing number of jurisdictions that have questioned the ability of plaintiffs to prove vicarious liability in connection with TCPA claims.

To read the full alert, click here.

TRUMP’S CAMPAIGN TO GO IT ALONE ON FIRST AMENDMENT CHALLENGE TO THE TCPA

By Andrew C. Glass, Gregory N. Blase, Christopher J. Valente, and Michael R. Creta

On Monday, the U.S. Department of Justice (“DOJ”) declined to intervene in Thorne v. Donald J. Trump for President, Inc., 1:16-cv-04603 (N.D. Ill.). As previously discussed here, a class of plaintiffs sued President-Elect Trump’s campaign alleging violations of the Telephone Consumer Protection Act (“TCPA”) in connection with text messages sent during the campaign. In seeking dismissal of the suit, the campaign argued that the TCPA does not pass muster under the First Amendment. Specifically, the campaign asserted that Congress’s November 2015 exemption of calls relating to government debt constitutes “preferential treatment” and qualifies as a “blatant and egregious form of content discrimination.”

The DOJ did not provide a reason for declining to intervene, and the campaign is now faced with the prospect of going it alone in its First Amendment challenge to the TCPA.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.