Consumer Finance Law Blog

Consumer Finance Law Blog

Developments and Analysis of Consumer Financial Services Laws, Rules, and Regulations

Category Archives: Privacy

Subscribe to Privacy RSS Feed

CFPB Director Cordray Testifies Before House Financial Services Committee

Posted in Consumer Financial Protection, Gift Cards, Privacy
CFPB Director Richard Cordray testified before the House Financial Services Committee today, fielding questions and comments on an array of issues from the CFPB’s data collection practices to the Qualified Mortgage Rule, which went into effect on January 10, 2014. The hearing was scheduled in response to the CFPB’s release of its fourth Semi-Annual Report … Continue Reading

FTC Commissioner Discusses CFPB at Privacy Conference

Posted in Consumer Financial Protection, Fair Credit Reporting Act (FCRA), Privacy
FTC Commissioner Julie Brill spoke about the new Consumer Financial Protection Bureau (“CFPB”) during a keynote address she delivered at the International Association of Privacy Professionals Second Annual Conference on December 7th. While describing how Congress enacted the Fair Credit Reporting Act (“FCRA”) to protect consumers’ personal information, Brill stated that the FTC and CFPB … Continue Reading

California’s Song-Beverly Credit Card Act: The Past, Present, and Future

Posted in Class Action, Credit Cards, Privacy, Song-Beverly Credit Card Act
Last week the BNA Privacy & Security Law Report published an article discussing in detail California’s Song-Beverly Credit Card Act (the “Act”). The aim of the article is to provide those persons and businesses that regularly engage in credit card transactions in California, most notably retail merchants, with a meaningful primer on some critical current and … Continue Reading

S.D.N.Y: Plaintiffs Asserting Claims Based on Risk of Identity Theft Lack Standing

Posted in Data Security, Privacy
The Southern District of New York, recently, in Hammond v. The Bank of New York Mellon Corp., No. 08-6060, 2010 WL 2643307 (S.D.N.Y. June 25, 2010) joined other courts from around the country in holding that plaintiffs who bring claims based on the risk of identity theft lack Article III standing. In each case, including the … Continue Reading

Identify Theft Litigation Update: Ninth Circuit Upholds Dismissal Of Speculative Claims

Posted in Class Action, Data Security, Privacy
Updating a prior post, the Ninth Circuit, in Ruiz v. Gap, Inc., recently upheld a dismissal on summary judgment on the grounds that the mere risk of identity theft is too speculative of an injury to substantiate a cause of action based on negligence. See Ruiz v. Gap, Inc., No. 09-15971, 2010 WL 2170993 (9th … Continue Reading

Legal Developments Affecting Payment Card Data Pass Practices

Posted in Data Security, Merchant Billing & Payment, Privacy
On-line marketers that share their customers’ credit or payment card information with other business partners without the consumer’s knowledge or active consent – a practice referred to as a “data pass” – may wish to read a recently published BNA Privacy & Security Law Report titled “Scrutiny on Payment Card Data Pass: Raising the Profile … Continue Reading

Appellant Attempts to Re-litigate Issue of Whether Retailers that Collect Customer Zip Codes During Credit Card Transactions Violate California’s Song Beverly Credit Card Act

Posted in Class Action, Credit Cards, Privacy, Song-Beverly Credit Card Act
In a previous post, we noted that the California Supreme Court in Pineda v. Williams-Sonoma Stores, Inc., granted a petition to review the issue of whether a retailer violates California’s Song-Beverly Credit Card Act if, in connection with a credit card transaction, it records a customer’s zip code for the purpose of later using it … Continue Reading

Another Missive from the Data Breach Front: Remote Risk of Identity Theft Does Not Confer Standing in Allison v. Aetna

Posted in Data Security, Privacy
Allison v. Aetna, Inc., a recent opinion out of the Eastern District of Pennsylvania, adds to the burgeoning area of law that holds when a plaintiff fails to allege an actual injury resulting from a data breach, but instead only alleges an enhanced risk of identity theft, an injury-in-fact does not exist and the suit … Continue Reading

UPDATE: Data Breaches on the Rise in 2010

Posted in Data Security, Privacy
Updating a previous post regarding the rise last year in the number of data breaches involving customers’ personal information in the general business sector, the numbers of these breaches for the first third of 2010 reflect a similarly troubling trend. According to the Identity Theft Resource Center (“ITRC”), the total number of reported data breaches as … Continue Reading

Study Suggests that Data Breaches Among Businesses May Be on the Rise

Posted in Data Security, Privacy
A recent study released by the Identity Theft Resource Center (“ITRC”), a non-profit organization dedicated exclusively to the prevention of identity theft, suggests that in 2009, while the government appeared to be improving data security, the protection of customers’ private information by some businesses may have worsened. The annual ITRC study is funded by the U.S. … Continue Reading

Update: California Supreme Court Agrees to Review Issue of Whether Collecting Customer Zip Codes and Reverse Data Mining for Additional Customer Information Violates California’s Song-Beverly Credit Card Act

Posted in Merchant Billing & Payment, Privacy, Song-Beverly Credit Card Act
If you or your company collect zip codes in California as part of a loyalty program or otherwise, and reverse data mine for additional customer information, you should be aware that the California Supreme Court recently granted a petition to review the issue of whether a retailer violates California’s Song-Beverly Credit Card Act if, in … Continue Reading

Recent Decisions Find In Favor of Insurance Coverage for “Blast Faxes”

Posted in Class Action, Insurance Coverage & Recovery, Privacy
Numerous class action suits have been brought over the past several years under the Telephone Consumer Protection Act (“TCPA”) against entities that fax unsolicited advertisements (so-called “blast faxes”) to individuals and businesses.  Companies facing such suits in turn have sought insurance coverage under their comprehensive general liability (“CGL”) policies for costs incurred defending TCPA suits, … Continue Reading

Identity Theft Litigation Update: Recent Cases Show Trend Toward Dismissal of Speculative Claims

Posted in Class Action, Data Security, Privacy
Several weeks ago, we discussed how most courts were rejecting lawsuits where the plaintiffs claimed “damages” in the form of an increased risk of identity theft, generally stemming from allegations of an accidental loss or theft of personal confidential information. Since we last blogged on this issue, two recent decisions highlight how that trend is … Continue Reading

Merchants Beware: Protect Your Customers and Company from Credit Card “Skimming”

Posted in Credit Cards, Data Security, Privacy
The current economic climate has had many consequences, including an apparent increase in economic crimes such as credit card fraud. In recent months, numerous credit card scams involving restaurant chains have been reported. For example, the Washington Examiner reported on March 29 that wait staff at several high-end restaurants in Washington, DC, including M&S Grill, … Continue Reading

Fears of Future Identity Theft Generally Not Sufficient To Establish “Actual Damages” In A Lawsuit

Posted in Class Action, Data Security, Privacy
Over the last few years, incidents involving disclosures of personal information by consumer financial service providers have been big news, ranging from the theft of laptop computers containing social security numbers, to hacker attacks on computer networks containing confidential information, to the more "vanilla" theft of personal documents. Not surprisingly, the plaintiffs’ bar has been … Continue Reading

Use Of Customer Information For Data Mining May Be A Violation Of California Constitutional Right To Privacy

Posted in Credit Cards, Privacy, Song-Beverly Credit Card Act
If you or your company have a loyalty program or collect customer information in any form, and reverse data mine for additional customer information, you face the risk of being sued in California for a violation of the California Constitutional right to privacy. Recently, in Watkins v. Autozone Parts, Inc., No. 08-cv-01509-H, 2008 WL 5132092 (S.D. … Continue Reading