Privacy & Information Security – Page 3 – Consumer Financial Services Watch

Connecticut Mandates Identity Theft Services for SSN Data Breaches

Jul 07 2015

On June 30, 2015, Connecticut’s governor signed into law an amendment to the state’s data-security-breach-notice statute to mandate “appropriate” identity theft prevention services for breaches involving social security numbers. Identity theft mitigation services are also required “if applicable” (e.g., if identify theft actually occurs). The services must be provided at no cost and for at least 12 months. The statute does not explain which identity theft “prevention” or “mitigation” services are mandated or which are “appropriate.”

FCC Empowers TCPA Plaintiffs At Peril Of Businesses

Jun 22 2015

By: Martin L. Stern, Andrew C. Glass, Gregory N. Blase, Joseph C. Wylie

At its June 18, 2015, open meeting, a sharply divided Federal Communications Commission made good on Chairman Tom Wheeler’s recent promise to bolster the Telephone Consumer Protection Act’s already strict rules and to bring about “one of the most significant FCC consumer protection actions since it established the Do-Not-Call Registry with the FTC in 2003.” While plaintiffs’ class action lawyers are likely to applaud the new measures, businesses are concerned that the new rules could unfairly restrict legitimate communications with customers.

Proposed Arbitration Fairness Act Would Ban Pre-Dispute Arbitration Clauses in Consumer Contracts

May 06 2015

By: Andrew C. Glass, Robert W. Sparkes, III, Roger L. Smerage, Eric W. Lee

Two members of Congress are seeking to expand the reach of a federal ban on pre-dispute arbitration agreements to cover nearly all consumer contracts. The proposed legislation would have a widespread effect, barring the use of pre-dispute arbitration provisions in credit card agreements, auto loan agreements, wireless telephone service contracts, and many other types of consumer-facing agreements that often contain such provisions.

Five Steps To Data Breach Coverage For Card Issuer Liability

Apr 21 2015

By: Roberta D. Anderson

Target’s recent $19 million settlement with MasterCard underscores very significant sources of potential exposure that often follow a data breach incident. In the wake of any significant breach involving payment cards, such as the Target breach, retailers and other organizations that accept those cards are likely to face — in addition to a slew of claims from consumers and investors — claims from financial institutions seeking to recover their losses associated with issuing replacement credit and debit cards, among other losses.

Client of Blast Fax Solutions Provider Hit with $22 Million TCPA Judgment

Apr 14 2015

By: Joseph C. Wylie II, Molly K. McGinley, Nicole C. Mueller

A new decision once again highlights the dangers that companies face if their independent contractors engage in conduct that violates the Telephone Consumer Protection Act, and highlights the need to monitor contractor compliance with the TCPA. In City Select Auto Sales, Inc. v. David/Randall Assocs., Inc., a federal court in New Jersey recently found a roofing company, David/Randall Associates, liable for $22.4 million under the TCPA for the actions of its blast fax solutions provider, Business to Business Solutions (B2B).

To read the full alert, click here.

A Primer on Insurance Coverage Issues under the Telephone Consumer Protection Act

Mar 04 2015

By: Steven P. Wright, Gregory N. Blase, Samantha A. Miko

In the past several years, plaintiffs’ attorneys around the country have exploited a once-unknown 1991 law, the Telephone Consumer Protection Act (“TCPA”), to obtain headline-grabbing, multimillion-dollar judgments and settlements from some of the country’s largest financial services companies. Because financial services companies are often required to communicate with customers by telephone, these companies have attracted an undue amount of attention from the TCPA plaintiffs’ bar. Seemingly, each new day brings another lawsuit or settlement, and so, it is no surprise that the TCPA remains a hot topic in the financial services and related industries. In this alert, we explore current trends in insurance coverage claims attendant to TCPA class action claims.

To read the full alert, click here.

Cybersecurity: The Obama Administration Proposes Legislation Proposals Would Standardize Breach Notification Requirements, Enhance Cybersecurity-Related Information Sharing, and Toughen Cybercrime Prosecution

Jan 21 2015

By: R. Paul Stimers, András P. Teleki, Bruce J. Heiman, Michael J. O’Neil

On January 13, 2015, in response to the continuing onslaught of cyber attacks, including the recent cybersecurity attack and data loss at Sony Pictures Entertainment, the Obama Administration sent to Congress three legislative proposals to improve cybersecurity. The proposals would:

Establish a single federal breach notification standard preempting a patchwork of state notification laws;
Encourage cyber threat information sharing within the private sector and between the private sector and the federal government; and
Enhance law enforcement’s ability to investigate and prosecute cyber crimes.

The President has been highlighting the cybersecurity proposals in a series of speeches leading up to the State of the Union Address.

To read the full alert, click here.

Cybersecurity Lessons Learned From the FTC’s Enforcement History

Dec 22 2014

By: Soyong Cho, Andrew L. Caplan

In 2014, cybersecurity and data breach incidents regularly made the headlines, with the reported breaches becoming increasingly large and complex. As in the past, these data breaches have inevitably been followed by a flurry of class actions and government investigations. But amid this flurry of activity, one federal regulator in particular, the Federal Trade Commission (the “FTC” or “Commission”), has unquestionably been the most prominent and active cybersecurity enforcer.

To read the full alert, click here.

Class Certification Trends in Consumer Data Breach Litigation—Individualized Damages Theories May Preclude Certification

Dec 16 2014

By: Nicholas Ranjan and James P. Angelo

In the last two years, there has been a proliferation of class action lawsuits filed in response to high-profile data breaches compromising the personally identifiable information of customers of various companies. Major corporations including Target, Coca-Cola, and Michaels have all fallen victim to such suits. In many cases, a single data breach event has spawned dozens of class action lawsuits (for example, Target, at one point, faced over 100 such suits in a number of jurisdictions, which have since been consolidated in an MDL).

Although a number of class actions in the data-breach context have been filed, there have been relatively few class certification decisions at this point. However, as the pending cases make their way to the class certification stage, two recent decisions may prove useful for defendants in attempting to defeat class certification—principally, on the basis of Federal Rule of Civil Procedure 23(b)(3)’s “predominance” requirement. That is, In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21 (D. Me. 2013) and Comcast v. Behrend, 133 S.Ct. 1426 (2013), suggest that class certification may be difficult in certain types of data breach cases due to the existence of individualized damages issues, which may undercut the predominance of common questions necessary to pursue a class action.

To read the full alert, click here.

Catagory:Privacy & Information Security