Consumer Finance Law Blog : Consumer Finance Lawyer & Attorney : Kelley Drye & Warren Law Firm : Financial Privacy & Security

You may have noticed that premiums for Directors and Officers Liability (“D&O”) insurance are skyrocketing, largely as a result of the subprime lending crisis, stock market volatility, and the ensuing financial uncertainty. According to the American Banker, since 2008 D&O premiums, depending on the coverage type, have increased between 15% to 40% since last year. This trend shows no sign of abating. Other reports, including a recent analysis by Aon, confirm this trend.  Similar increases are forecast for the next several years as claims stemming from the current financial crisis are litigated and resolved. In fact, directors and officers of certain troubled businesses, particularly of financial institutions, may soon find that they are uninsurable at any reasonable price.

Higher premiums, however, are only one of the insurance industry’s reactions to the current financial conditions. Insurers also are instituting more restrictive terms and conditions, lower limits of liability, higher deductibles, and in some cases, specifically tailored exclusions that eliminate coverage for liability resulting from bankruptcy, bank failures, or claims brought by the Federal Deposit Insurance Corporation. In light of these developments, many financial institutions may find it difficult to retain and attract talented directors and officers at the very moment when such leadership is most needed. In fact, this current talent drain is a continuation of a trend that began in 2002 with the passage of the Sarbanes-Oxley Act.

One factor impacting rates and the availability of D&O insurance is the uncertainty surrounding AIG’s financial condition and future viability. AIG has long been the dominant underwriter of D&O insurance. As banks turn away from AIG for their D&O coverage, they are not finding the competition for their business that one might expect when an industry leader appears vulnerable. On the contrary, banks are facing a shrinking D&O market as several smaller carriers have decided to stop underwriting such coverage, especially for banks and other financial institutions, because the premiums are no longer perceived as worth the potential risk. In turn, those smaller insurers’ withdrawal from the market should only exacerbate the rate at which D&O insurance premiums increase in the ensuing months and years.

Faced with higher premiums for less D&O coverage, companies and their directors and officers should aggressively negotiate the most favorable coverage for their money. To that end, when negotiating new policies or renewals, they should carefully gauge their risk and exposure, and closely review proposed D&O policies, including exclusions, for provisions that could potentially eliminate coverage. If the proposed coverage is insufficient, or if sufficient coverage is only available at unreasonable rates, policyholders should consider alternative ways to maximize coverage and/or minimize risk going forward.

• Email This
• Print
• Comments (2)
• Trackbacks
• Share Link

Over the last few years, incidents involving disclosures of personal information by consumer financial service providers have been big news, ranging from the theft of laptop computers containing social security numbers, to hacker attacks on computer networks containing confidential information, to the more "vanilla" theft of personal documents. Not surprisingly, the plaintiffs' bar has been attempting to turn all of this worry about identity theft into big money - even where no identity theft has occurred. However, courts around the nation have been considering such claims, and responding with a virtually uniform voice to state that, however the claim may be styled, a plaintiff's speculative fear of potential future identity theft does not constitute "actual damages" under the law, and accordingly reject such lawsuits.

In the latest court opinion to address this issue, Pinero v. Jackson Hewitt Tax Service, Inc., No. 08-3535, 2009 U.S. Dist. LEXIS 660, (E.D. La. January 7, 2009), Chief Judge Sarah S. Vance dismissed various statutory and tort claims, including negligence, breach of contract, violations of a Louisiana data breach notification statute, and claims under the Tax Reform Act of 1976, against a national franchisor of income tax preparation services and its local independent franchisee. In the Pinero case, the plaintiff contended that the independent franchisee had failed to dispose of certain documents properly, which allegedly contained personal information. However, the plaintiff neither contended that her documents fell into the hands of a wrong-doer, nor that she had suffered any actual identity theft. Her damages claims were largely based on alleged emotional injuries and mental anguish, and theoretical consequential damages about steps she might need to take to deal with potential identity theft.

The Court rejected this theory of damages, and dismissed 6 of 7 claims, including negligence, breach of contract, and violations of the Louisiana data breach notification statute, holding that this type of speculative “injury” does not meet the required damages element. Also, in a holding of first impression, Judge Vance dismissed the federal claim for statutory penalties under the Tax Reform Act of 1976, ruling that commercial tax preparers are simply not subject to the provisions of the law governing disclosure of tax return information by the I.R.S. or its agents. The Court further ruled that the Louisiana data breach notification statute did not apply to paper documents – notably, Louisiana is not alone in this regard. Judge Vance also dismissed claims for fraudulent inducement and the Louisiana unfair trade practice law for a failure to adequately allege an intent to defraud. The Court only let the invasion of privacy claim survive, albeit noting skepticism about whether such a claim could succeed on the merits.

For further discussion of this case, see our recently published piece in the ABA "Secure Times" newsletter. And for a broader discussion of how other cases have addressed these types of claims, please see our article published in Andrews Litigation Reporter.

(Andrew S. Wein and Veronica D. Gray represent Jackson Hewitt Tax Service in this case.)
 

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

The latest class action complaints alleging improper subprime lending practices are due to be filed against two banks today. The NAACP plans to file separate class action lawsuits today against Wells Fargo and HSBC. According to news reports, the suits, which will be filed in district court in California, allege that those banks engaged in deliberate discriminatory practices that forced minority borrowers into loans with higher interest rates than non-minority borrowers with similar credit histories. These actions follow, and appear to be an extension of, an NAACP lawsuit filed against HSBC, Countrywide, and at least 17 other mortgage lenders in 2007. That suit, which is still under way and recently survived a motion to dismiss, alleges broad discriminatory lending practices by mortgage lenders. These NAACP actions are just a few in a growing number of cases filed by private individuals and state and local governments relating to subprime lending.

All of those suits presumably support Congress' aggressive financial system reform agenda, including legislation to address mortgage lending practices. Yesterday, the House Committee on Financial Services held a major hearing to review mortgage lending practices and legislation to reform those practices. The chairman of that committee, Barney Frank (D-MA), announced that he plans to move that legislation out of committee this month, with the goal of a full House vote some time in April.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

If you or your company have a loyalty program or collect customer information in any form, and reverse data mine for additional customer information, you face the risk of being sued in California for a violation of the California Constitutional right to privacy. Recently, in Watkins v. Autozone Parts, Inc., No. 08-cv-01509-H, 2008 WL 5132092 (S.D. Cal. Dec. 5, 2008), the United States District Court for the Southern District of California held that all a plaintiff needs to allege to state a claim for a breach of the constitutional right to privacy is that the defendant requested plaintiff’s personal information and then “covertly” reverse data mined for additional information about that plaintiff. As you may know, this decision cuts against the recent trend in California Courts of Appeal decisions aimed at narrowing the types of actions involving the collection of customer data that can be brought against retailer defendants (see e.g. Absher v. AutoZone, Inc., 164 Cal. App. 4th 332 (2008); TJX Cos., Inc. v. Sup. Ct., 163 Cal. App. 4th 80 (2008)), and creates great uncertainty for companies with respect to their ability to collect customer information.

In Watkins, plaintiff brought a putative class action alleging that Autozone violated the California Song-Beverly Credit Card Act, California Civil Code §1747.08 (the “Act” or “Section 1747.08”) by unlawfully requesting and recording personal customer information, and then “covertly” engaging in a “reverse search” to determine additional customer personal information, in violation of the California Constitution’s privacy provision.

First, the court held that plaintiff plead facts sufficient to support a claim for a violation of Section 1747.08. See 2008 WL 5132092, at *6. Second, and more significantly, in holding that plaintiff sufficiently plead a claim for invasion of privacy, the court reasoned that:

• plaintiff adequately alleged a legally protected privacy interest in his home address;
• the allegations that Autozone obtained and subsequently used his home address information from using his telephone number and credit card information after plaintiff’s purchase at Autozone satisfied the pleading requirements of a reasonable expectation of privacy in these circumstances; and
• plaintiff sufficiently alleged that the invasion into his privacy was "serious," given his allegation that Autozone used his private information for profit without his consent and without informing him of the use of his information. See id.
• Further, the court stated that the purpose of statutory provisions (including Section 1747.08) prohibiting the requesting of personal information from credit card customers “speaks to the potential seriousness of invasions that may occur.” Id. at *7 (citation omitted).

This holding creates great uncertainty for companies in determining in what circumstances collecting customer information and then reverse data mining is permissible. For instance:

• Can a company utilize information that was obtained from a credit card customer for shipping purposes to reverse data mine for additional information about that customer?
• Does a retail company violate a customer’s right to privacy by using a credit card customer’s zip code to obtain additional information about that customer given the recent California Court of Appeal holding that a zip code is not “personal identification information” under Section 1747.08? See Party City Corp. v. Sup. Ct. of San Diego County, No. D053530 (Cal. Ct. App. Dec. 19, 2008).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

As of January 1, 2009, and in contrast to federal law, California Civil Code Section 1747.09 requires that no more than the last five digits of a credit or debit card number be printed on both the electronically-printed card receipt retained by the business as well as the receipt provided to customers. See CAL. CIVIL CODE § 1747.09(a)-(d). If you or your business accept credit cards or debit cards for payment you must ensure that all machines and registers are in compliance with these truncation requirements. Businesses that fail to comply with revised Section 1747.09 face potentially significant consequences, including enforcement actions by state agencies, and, perhaps more significantly, individual and class action lawsuits brought by cardholders.

A brief look at the recent history of class actions filed under the federal truncation statute – the Fair Credit Reporting Act (“FCRA”), which applies only to transaction receipts provided to customers – may offer guidance on how California courts may deal with actions brought under Section 1747.09.

Beginning in December 2006, plaintiffs’ attorneys began filing class action lawsuits against a broad spectrum of retailers and other businesses in California based largely on the failure to truncate expiration dates on electronically printed credit card receipts provided to consumers, and sought statutory penalties of between $100 and $1,000 per transaction for each “willful” violation alleged, plus attorneys’ fees, costs and punitive damages. See15 U.S.C. § 1681n. In order to prevent consumers, who had not suffered any actual damage, from recovering potentially annihilating statutory damages against retailers and other merchants, Congress passed the Credit and Debit Card Receipt Clarification Act, which added a provision to the Fair and Accurate Credit Transactions Act (“FACTA”) preventing consumers from obtaining statutory damages for willful expiration date violations taking place between December 4, 2004 and June 3, 2008. Further, several courts refused to certify a class on the theory that a class action is not superior to other methods for the fair and efficient adjudication of the controversy. However, no similar legislation has been enacted by the California legislature, and it remains to be seen whether courts will deny certification of a class action brought under Section 1747.09, as several courts have done in FACTA cases, to limit abusive lawsuits brought by consumers under California state law.

Accordingly, if you have not already done so, you should act swiftly to ensure that all machines and registers are in compliance with the truncation requirements. To accomplish this, consider auditing machines and registers by printing out receipts both retained by the company and issued to the customer. If any violation of Section 1747.09 or FACTA is detected, corrective action should be taken to limit potential liability and to decrease the risk of a potential lawsuit. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In yet another reminder to credit card providers that they need to continue monitoring government attempts to legislate and regulate credit card products, services and policies, two pieces of credit card legislation have been introduced that could significantly impact your business. The legislation follows recent action by the Federal Reserve Board, which on December 18, 2008, approved final regulations regarding credit card and other consumer banking practices that will take full effect by July 1, 2010. Those final rules virtually mirror the Fed’s May 2008 draft rules (summarized in this Kelley Drye Advisory). 

First, on January 22, 2009, Rep. Maloney (D-NY) re- introduced the Credit Card Holders’ Bill of Rights (H.R. 627), a prior version of which passed the House in 2008 but did not make it through the Senate. Then, on February 11, 2009, Chairman of the Senate Banking Committee Chris Dodd (D-CT), re-introduced The Credit Card Accountability, Responsibility and Disclosure Act (S. 414). That legislation likewise had a prior life, though it did not make it out the Senate Banking Committee during the 110th Congress.

The apparent purpose of the legislation is to attempt to fill perceived gaps in and to expedite implementation of the changes offered by the Fed rules. As a representative from the American Bankers Association testified during a recent Senate hearing regarding Senator Dodd’s bill, the legislation goes beyond the Fed rules in certain respects. For example, among other things, that bill would prohibit card companies from charging customers for paying their bill by phone, it would attempt to control charges for late payments or other violations of the cardholder agreement, and it would prohibit the issuance of cards to consumers under 21 years of age. These and other measures would significantly restrict institutions’ abilities to manage their business and offer choices to consumers. Further, in attempting to bring about reform more quickly, both pieces of legislation would shorten the implementation period needed by financial institutions to alter their business practices and comply with the new rules.

With so much government and public attention on financial services and given the consumer protection focus of the Obama Administration and Democrats on the Hill, credit card legislation may pick up substantial support and momentum in the current Congress. Whether lawmakers can agree on how to move forward, and whether they can do so before the Federal Reserve rules take effect, remains to be seen. In any event, credit card providers should stay tuned!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Which among the following businesses are potentially subject to consumer financial services laws, rules, and regulations?

A. a retail clothing chain
B. a bank or mortgage company
C. an internet retailer
D. a fast food franchisor
E. all of the above

If you answered E, “All of the above,” you are CORRECT. However, many companies do not realize their businesses are subject to consumer financial services laws. Consequently, their businesses may not be compliant and may be subject to litigation risk.

The focus of the Consumer Finance Law Blog is to keep – all on one site – traditional and non-traditional financial service providers subject to consumer financial services laws abreast of recent developments in:

• State consumer protection statutes and regulations
• State privacy statutes
• Privacy and consumer protection litigation
• Card Association Rules
• Equal Credit Opportunity Act
• Electronic Funds Transfer Act
• Fair Credit Reporting Act
• Fair Credit Transactions Act
• Fair Debt Collection Practices Act
• Payment Card Industry Data Security Standard
• State Money Transmitter Statutes
• State Retail Installment Sales Act
• State and Federal Unfair and Deceptive Trade Practices Acts
• TILA, RESPA, and related federal and state consumer disclosure and notice requirements
• Insurance coverage issues
• Legislation that may impact company compliance or create new litigation risk.

We welcome you and hope that you find our posts interesting, educational, and thought provoking. We also welcome your feedback and invite you to suggest topics or recent decisions of interest that you would like us to address.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link