Wednesday, September 28, 2016

CFPB Monthly Report Shows Spike in Debt Collection Complaints in August

The CFPB issued its monthly report on consumer complaints this week. The report is a high level snapshot of trends in consumer complaints. Here are the big stories in this month’s report:

  • The three products which continue to yield the highest volume of complaints on a three-month average are debt collection, credit reporting and mortgage. 
  • While the number of debt collection complaints remains almost flat when compared to the same three-month time period for 2015, it’s worth noting that debt collection complaints picked up in volume in August, showing a 50% increase over July.
  • For the second month in a row, student loans indicated the highest increase in change from last year– a 78% increase when compared to the same three-month period in  2015.  Similarly, payday loan complaints continue to show the greatest decrease from last year – an 18% decrease when compared to the same period for 2015; and
  • With all the media reports concerning the Wells Fargo Consent Order, it will be interesting to watch whether complaints against Wells Fargo spike in the coming months and in what categories.  Currently, they are in the middle of “Top 10 Most Complained-About Companies according to this month’s report, checking in at Number 6 with approximately 1/3 of the complaints against them being attributable to bank account/services and credit cards.

Tuesday, September 27, 2016

Bankruptcy Court Shuts the Door on Trustee's Settlement of TCPA Claim

By: Caren Enloe and Parker Dozier
September 26, 2016
A bankruptcy court has dealt a blow to a TCPA defendant’s attempt to moot a class action lawsuit by entering into a settlement with the class representative’s bankruptcy trustee.  In re Presswood, Case No. 12-60237 (Bankr. S.D. Ill. 2016).   In Presswood, the Chapter 7 debtor, a sole proprietor, received two prepetition faxes which he alleged violated the TCPA.  Three years after filing a Chapter 7 bankruptcy, the debtor filed a class action for violations of the TCPA.  After filing the class action, the debtor amended his bankruptcy schedules to disclose the pre-petition TCPA claim, valuing the claim at $500 and seeking to exempt it on his Schedule C.   The trustee did not object.  Thereafter, the trustee entered into a proposed settlement with the TCPA defendant for $10,000.00 and filed an application to approve compromise.  The debtor objected, calling into question the trustee’s standing and submitting that the proposed settlement amount grossly exceeds the value of the claim.  Specifically, the debtor alleged that the settlement was an attempt to “buy off” the class action.

The bankruptcy court in reviewing the application to approve settlement first addressed the issue of the standing of both the debtor to object to the proposed settlement and the trustee to settle the suit.  In reviewing the two competing interests, the court noted that, in order for the debtor to have standing, he must have a pecuniary interest in the outcome.  However, “if as posited by the Debtor on his amended Schedule C, the cause of action is actually worth no more than the claimed exemption, the issue becomes not whether the Debtor has standing to challenge the Trustee’s proposed settlement, but, rather, whether the Trustee has standing to settle a suit that is not property of the bankruptcy estate.” 

After conducting a valuation hearing as to the value of the debtor’s TCPA claim based upon two faxes, the court determined that it could not find that the value of the TCPA claim exceeded the $500 exemption claimed by the debtor.  Moreover, the court was troubled by the fact that there were no other class representatives and that a dismissal of the debtor’s claims would defeat the class action in its entirety because the statute of limitations had run.  “By offering to settle the estate’s claim for $10,000, which is over three times more than the highest possible recovery under the relevant sections of the TCPA and twenty times the value supported by the evidence, the Court can only conclude that Pernix is attempting to “buy off not only the estate’s claim but those of all of the other putative class members as well.”

This case is reminiscent of the spate of recent offer of judgment cases. See Campbell-Ewald Co. v. Gomez, 136 S. Ct. 663 (2016).  Defendants’ attempts to moot class actions by settling with the named plaintiff have met the same fate as the defendant in this case.  Ironically, the defendant in this matter had a better chance of the settlement being approved, and therefore the class action being dismissed, if it had offered a lower, more realistic settlement amount to the trustee.  Offering $1,000.00 instead of $10,000.00, which the court found suspect, could have led to the settlement being approved and the class action’s dismissal because the statute of limitations would have been a bar to a new named plaintiff being substituted.

Thursday, September 22, 2016

Wells Fargo is Not the End of the Incentive Compensation Discussion

Prepared remarks and testimony of Thomas J. Curry, the Comptroller of the Currency, to the Senate Committee on Banking, Housing and Urban Affairs make it imminently clear that cross-selling, sales practices and related incentive compensation will be a focal point for examinations of banks of all sizes and that the OCC continues to review the Wells Fargo matter for "individual misconduct and culpability."  Curry stated that he has ordered examiners to "review the sales practices of all large and midsize banks we supervise and assess the sufficiency of controls with respect to sales practices." Oral Statement of Thomas J. Curry (Sept. 20, 2016). Logic dictates that the FDIC has issued a similar  directive to its examiners, as well. 

Moving forward, the regulatory agencies are also being scrutinized for their part in the Wells Fargo incident.  Congressional leaders are questioning whether the agencies acted quickly enough.  Curry stated in his Testimony that "the actions against Wells Fargo highlight that we must continue our efforts to improve and refine the agency's supervisory program, to sharpen our early warning processes, and to enhance our supervisory capabilities, particularly with respect to our largest, most complex banks."  Testimony of Thomas J. Curry Comptroller of the Currency before the Committee on Banking, Housing, and Urban Affairs (Sept. 20, 2016). 

Banks and credit unions of all sizes should carefully review their sales incentive packages and relevant risk management and audit practices.  As we indicated last week, the Wells Fargo Orders provides guidance as to the expectations of examiners.  Supervised entities should review their product lines, perform independent risk management and internal audits to identify any weaknesses in their compliance management and review their policies and procedures to insure they are consistent with the expectations of examiners..

Wednesday, September 21, 2016

CFPB Provides Some Hints as to First Party Debt Collection Rules

In prepared remarks to the National Association of Federal Credit Unions, the CFPB provided some hint as to what we can expect with regard to first party debt collection rules.  In July, the CFPB released a debt collection proposal regarding traditional third party debt collectors.  At the time, the CFPB stated that it would also be releasing a debt collection proposal addressed to first party debt collectors at a later date.  While the two proposals are being released separately, we expect they will ultimately be addressed in rule making at the same time.

Cordray's prepared remarks to the National Association of Federal Credit Unions indicate that a first party debt collection proposal may be coming soon. Banks, credit unions and other financial service companies can expect the proposal to address the documentation a bank or other lender must provide to third party debt collector prior to any debt collection.  Additionally, Cordray's prepared remarks suggest that we may also see provisions addressed to first-party debt collectors setting forth specific dispute resolution procedures.   

Tuesday, September 20, 2016

New Jersey District Court Rejects Meaningful Involvement Claim

A New Jersey district court has dismissed an FDCPA claim which alleged a debt collection complaint was misleading because the collection attorneys were not meaningfully involved in its preparation.  Lopez v. Law Offices of Faloni & Assocs., LLC, 2016 U.S. Dist. LEXIS 124730 (D.N.J. Sept. 14, 2016).  In Lopez, the consumer alleged that the collection firm violated 15 U.S.C. §§1692e and f by filing the complaint “without first having an attorney individually review the file, make the appropriate inquiry and exercise professional judgment.”  Lopez at *8.  In support of her claim, the consumer further alleged that the collection firm filed 198 complaints on the same day that it filed its complaint against her.  The consumer also pointed to the fact that the collection complaint contained a discrepancy in the amount owed, alleging in one paragraph that a balance of $1,000.48 was owed and in another that a balance of $1010.48 was owed. 

The collection firm moved to dismiss and asserted in that the complaint did not state a plausible claim for violation of the FDCPA.  The court agreed, noting that the complaint did not include allegations as to: (a) the number of attorneys employed by the collection firm; (b) the number of attorneys who actually reviewed the complaint; or (c) over what period of time the collection complaint was drafted and reviewed.  Id. at *9.  “Without these details, Plaintiff’s allegations regarding attorney involvement are speculative and do not support a plausible claim for violation of the FDCPA based on a lack of meaningful attorney involvement.” Id.  

The decision continues a string of decisions in New Jersey refusing to extend the district’s holding in Bock v. Pressler & Pressler, 30 F. Supp. 3d 283 (D.N.J. 2014) which has been remanded to the district court for further proceedings as to whether the consumer has standing.  See also Morales v. Pressler & Pressler, 2015 U.S. Dis. LEXIS 49928 (Apr. 16, 2015 D.N.J.); Barata v. Nudelman, Klemm & Golub, P.C., 2015 U.S. Dist. LEXIS 20280 (Feb. 19, 2015 D.N.J.).

Monday, September 19, 2016

Fifth Circuit Weighs in on Time Barred Debt

The Fifth Circuit has joined the growing split in circuits concerning the collection of time barred debt. In Daugherty v. Convergent Outsourcing, Inc., 2016 U.S. App. LEXIS 16531 (5th Cir. Tex. Sept. 8, 2016), the Fifth Circuit joined the Sixth and Seventh Circuit in holding that “a collection letter that is silent as to litigation, but which offers to “settle” a time-barred debt without acknowledging that such a debt is judicially enforceable, can be sufficiently deceptive or misleading to violate the FDCPA.” Daugherty at * 7.  

In Daugherty, the collection letter provided that 

This notice is being sent to you by a collection agency. The records of LVNV Funding LLC show that your account has a past due balance of $32,405.91.

Our client has advised us that they are willing to settle your account for 10% of your total balance due to settle your past balance. The full settlement must be received in our office by an agreed upon date. If you are interested in taking advantage of this offer, call our office within 60 days of this letter. Your settlement amount would be $3,240.59 to clear this account in full.
Even if you are unable to take advantage of this offer, please contact our office to see what terms can be worked out on your account. We are not required to make this offer to you in the future.
Daugherty v. Convergent Outsourcing, Inc., 2016 U.S. App. LEXIS 16531, *3 (5th Cir. Tex. Sept. 8, 2016). The letter offered three payment opportunities: “(1) a "Lump Sum Settlement Offer of 10%" requiring a single payment of $3,240.59; (2) a "Settlement Offer of 25% & Pay Over 3 Months" requiring three payments of $2,700.49; or (3) "Spread Your Payments Over 12 Months" requiring monthly payments of $2,700.49 over the course of a year.” Id. at *3-4.

In siding with the Sixth and Seventh Circuits, the Fifth Circuit adopted the rationale of the Seventh Circuit- specifically, that the plain language of the FDCPA prohibits not only threatening to take actions that a debt collection cannot take, but also using false, deceptive or misleading representations concerning the character or legal status of the debt. The court therefore concluded that “a collection letter seeking payment on a time-barred debt (without disclosing its unenforceability) but offering a “settlement” and inviting partial payment (without disclosing the possible pitfalls) could constitute a violation of the FDCPA.” Daugherty at *13. The Fifth Circuit reversed the district court’s dismissal of the action and remanded the matter for further proceedings.

For those keeping score.  The Third and Eighth Circuits have held that "[i]n the absence of a threat of litigation or actual litigation, no violation of the FDCPA has occurred when a debt collector attempts to collect on a potentially time-barred debt that is otherwise valid." Huertas v. Galaxy Asset Mgmt, 641 F.3d 28, 33 (3d Cir. 2011) (quoting Freyermuth, v. Credit Bureau Services, Inc., 248 F.3d 767, 771 (8th Cir. 2001). Additionally, the CFPB is considering a proposal that would require debt collectors to provide a disclosure that advises the consumer that the debt is time barred and the debt collector cannot sue to recover it.

Wednesday, September 14, 2016

What Can We Learn from the Wells Fargo Consent Orders?

By now, most have read about the consent orders issued last week by the CFPB and the OCC concerning Wells Fargo. The consent orders ordered Wells Fargo to pay a total of $185 million in civil monetary penalties ($100 million to the CFPB, $50 million to the OCC and $35 million to the City and County of Los Angeles), as well as reimbursing customers an estimated $5 million because Wells Fargo employees, in an effort to boost sales figures and earn bonuses: (a) opened deposit and credit card accounts without customer consent; (b) moved funds from authorized accounts to the new deposit accounts without customer consent; (c) enrolled customers in online banking services they did not request; and (d) ordered and activated debit cards business customer information again, without customer consent. The consent orders shine a large spotlight on the problems that can occur when employees are provided incentive compensation without adequate compliance management systems in place to insure bad things don’t happen. The CFPB is quick to say that they are not prohibiting incentive compensation, but “companies need to pay very close attention to make sure they have effective monitoring in place to ensure that consumers are protected.” Prepared Remarks of Richard Cordray (Sept. 8, 2016).

As with many of the Consent Orders issued by the CFPB and other federal regulators, the Consent Orders issued as to Wells Fargo are an excellent place for others in the financial industry to begin in assessing whether their compliance management systems regarding incentive compensation are adequate.

Here are Our Takeaways:

  • Banks and Credit Unions should take a hard look at incentive compensation structures across all business lines to insure they do not provide a heightened risk of unfair or abusive practices;
  • Banks and Credit Unions should require ongoing training of all sales personnel reasonably designed to prevent improper sales practices (in the case of Wells Fargo, the opening of accounts without customer consent, etc.) and such training should be repeated and assessed for adequacy at recurring intervals.  Training records should be maintained.
  • Banks and Credit Unions should implement a system to report sales integrity issues internally and provide training to employees as to the use of the same;
  • Banks and Credit Unions should proactively monitor their sales practices on a regular basis, hire adequate personnel and resources to do so, and implement policies and procedures insuring the same. 
  • Banks and Credit Unions should maintain adequate policies and procedures for:
    • Receiving, retaining and addressing customer inquiries or complaints and escalating the same;
    • Receiving, retaining and addressing internal allegations of improper sales practices or other sales integrity violations and escalating the same;
    • Identifying, tracking and addressing indicators of improper sales practices or other sales integrity violations;
    • Addressing improper sales practices and other sales integrity violations, both internally and externally;
  • Banks and Credit Unions should review their policies and procedures regarding sales of deposit accounts, credit cards, unsecured lines of credit, and related products and services (both internally and with associated vendors) to insure they are reasonably designed to procure and document customer consent;
  • Banks and Credit Unions should assess whether their performance-management, sales goals and incentive compensation are reasonably designed to prevent improper sales practices or other sales integrity violations;
  • Similarly, Banks and Credit Unions should review their risk management and oversight programs to insure they include policies and procedures for reporting and escalating sales practice information in a timely manner;
  • Banks and Credit Unions should review their risk management and oversight protocols to insure they establish key risk indicator metrics to monitor for unsafe and unsound sales practices.  In the case of Wells Fargo, the OCC Order provided that, at a minimum, this information should include customer surveys, customer complaints, bank employee ethics allegations or complaints and Corporate Investigation metrics;
  • Banks and Credit Unions should employ a comprehensive written assessment of any new or materially revised incentive structures prior to implementation to ensure that risks are controlled.

Tuesday, September 13, 2016

Bankruptcy Court Sanctions Hospital for Proof of Claim Snafu

A recent decision from a North Carolina Bankruptcy Court emphasizes the need for proper training for those who file proofs of claim on behalf of anyone providing consumer credit, including healthcare providers.  Bankruptcy Rule 9037 requires that in all court filings containing an individual’s social security number, taxpayer-identification number, birth date and financial account number be redacted to the last four digits of the social security or taxpayer identification number, the year of the individual’s birth and the last four digits of the account number.  Additionally, if the filing identifies a minor, it may only contain the minor’s initials. 

A series of sanctions motions brought in the Eastern District of North Carolina alleged that a hospital filed a large volume of proofs of claim which contained personal information of the debtors that should have been redacted under Bankr. Rule 9037.  Moreover, a number of the proofs of claim also may have contained protected health information. See In re Wayne Edward Branch, Case No. 14-02379-5-SWH (Bankr. E.D.N.C.); In re Carla Lynette Bostick, Case No. 15-5318-5-SWH (Bankr. E.D.N.C.); In re Janis Monroe Clark, Case No. 15-01265-5-SWH (Bankr. E.D.N.C.).  The debtors asserted that the inclusion of such information violated federal and state identity protection laws and Rule 9037 and also violated the hospital’s own “Privacy Policy” which is provided to patients. See, e.g., In re Wayne Edward Branch, Dkt Nos. 143 and 146. 

Testimony at the sanctions hearing highlights the importance of an adequately training staff.  At the sanctions hearing, staff for the hospital testified that their HIPAA training did not cover bankruptcy claims filing, no audit system was in place and there was no record keeping policy in place with respect to proofs of claim.  At the sanction hearing, staff for the hospital further testified that they were unaware that electronically filed proofs of claim were accessible by persons other than the trustees and believed that the filing of proofs of claim were payment collections and thus, an exception to HIPAA.  Testimony at the sanction hearing further made clear the issues alleged in the sanctions motions were systemic.

In its Sanctions Order, the court first noted that with respect to HIPAA, it did not believe it had jurisdiction to opine or determine sanctions for violations of HIPAA.  The court however, did note that the majority of bankruptcy courts that have reviewed the issue have found there to be no private right of action under HIPAA and the remedy under Bankruptcy Rule 9037 is to restrict the offending information from public view.  In re Branch, 2016 Bankr. LEXIS 3194 (E.D.N.C. Bank. Aug, 31, 2016).  The court went on, however, to award sanctions for violation of Bankruptcy Rule 9037.  The court concluded that the fact that there was no supervision or training indicated that the hospital was more than negligent.  Id. at *34.  “An institution that participates in the bankruptcy process as frequently as Wake Med simply cannot ignore the requirements of the court; the Code and Rules are of equal importance to the requirements of HIPAA and other regulations that govern Wake Med’s business practices.”  Id. “Based upon the sheer volume and the limitations on the ability of the court staff to restrict access to more than 1,410 claims on any given day, it took several weeks for all of the claims to be restricted and/or redacted.” Id.  The court awarded the lead consumers’ their attorney’s fees and ordered the hospital to pay punitive damages in the amount of $70,000.  The court’s order requires remediation by the hospital and the filing of quarterly reports with the Bankruptcy Administrator for five years.

The hospital’s saga emphasizes the need for health care providers and other entities providing non-traditional financial services to examine their compliance management systems and insure compliance with not only HIPAA but also data privacy and other consumer protection statutes. 

For healthcare providers in particular, the order serves as a wake up call.  To the extent proofs of claim are filed, healthcare providers should insure that they are familiar with the Bankruptcy Rule requirements.  Any proofs of claim filed with the bankruptcy court should:

  • Be limited to the last four digits of the social security or taxpayer identification number,
  • Be limited to the year of the individual’s birth
  • Be limited to the last four digits of the account number; and
  • Redact all individuals’ protected healthcare information.

Moreover, healthcare providers should have policies and procedures in place which require the retention of all filed proofs of claim, as well as periodic training and audits to insure there are no violations of HIPAA, federal or state privacy laws or the Bankruptcy Rules. 


Monday, September 5, 2016

Pennsylvania District Court Applies Benign Language Exception to Barcode

A Pennsylvania district court has recognized that a benign language exception exists under 15 U.S.C. 1692f(8) and may be applied to barcodes under appropriate circumstances.  Anenkova v. Van Ru Credit Corp., C.A. No. 15-4968 , 2016 U.S. Dist. LEXIS 108950(E.D. Pa. Aug. 17, 2016).  The court’s decision signals a welcome step back from other district courts’ expansion of the Third Circuit’s decision in Douglass v. Convergent Outsourcing, 765 F.3d 299 (3rd Cir. 2014).  In Douglass, the Third Circuit held, without deciding if a benign language exception existed to 15 U.S.C. § 1692f(8), that an account number capable of revealing that a recipient was a debtor was a violation within the scope of the plain language of the Fair Debt Collection Practices Act.

In Anenkova, the debt collector used a letter vendor to send a debt collection letter.  A barcode was visible through the glassine window in the envelope’s return address field.  When scanned, the barcode revealed a sequence of twenty-five numbers which were comprised of the letter vendor’s five-digit code identifying the debt collector, the letter vendor’s eight digit identifier for the particular mailing and a twelve numbers for the date and time of mailing.  The numbers did not contain or resemble the consumer’s account number and were a unique tracking number used by the letter vendor to track and identify returned mail.

The consumer filed a motion for summary judgment urging the court to adopt a strict prohibition on the use of barcodes consistent with other precedent within the district and contended that in the wake of Douglass, “district courts in the Third Circuit have uniformly applied Douglass to prohibit barcodes that when scanned reveal a “sequence linked to the addressee’s account information.”” Anenkova at *13.  The court rejected the argument and in doing so, may have provided the first sign that courts in the Third Circuit may be tempering their application of Douglass.

The district court first addressed the issue of whether there is a benign language exception to 1692f(8).  Section 1692f(8) prohibits debt collectors from using any language or symbol, other than their address and business name (as long as it does not indicate it is a debt collector), on any envelope communicating with a consumer.   The court noted that while the Fifth and Eighth Circuits have recognized a benign language exception, the Third Circuit in Douglass declined to make that determination.    Instead, the Douglass court concluded that “the contours of such an exception must comport with the purposes of the Act.”  Douglass, 765 F.3d at 303.  In rejecting the consumer’s argument that Douglass prohibited all barcodes, the court stated that “[o]nly those barcodes or QR codes, visible to the public, that disclose that the communication is a debt collection effort and exposes the debtor’s financial predicament and personal identifying information violate 1692f(8).”  Id.

The court concluded that a benign language exception to section 1692f(8) exists and depending on the circumstances of the case, it applies to barcodes.  In doing so, the court noted that the FDCPA was intended to protect the debtor’s privacy and prevent abusive and coercive debt collection practices.  “Thus, if the language and markings do not intrude upon the debtor’s privacy by revealing her personal information, or identifying her as a debt or the communication as a debt collection matter, they are not abusive or coercive.” Anenkova at *11. The court further supported its position by relying upon the FTC guidelines which advise that “a debt collector does not violate §1692f(8) by using an envelope printed with words or notations that do not suggest the purpose of the communication.”  53 Fed. Reg. at 50097-02, 50108.    

Having concluded that a benign language exception exists, the court turned to the barcode at issue in this case to determine whether the scanned barcode implicates the privacy concerns of 15 U.S.C. §1692f(8).  The court concluded it did not.  The barcode, while containing a unique tracking number used by the letter vendor to identify returned mail, did not contain the consumer’s account number or her personal identifying information nor did it identify her as a debt or refer to the debt.  It therefore did not implicate the FDCPA’s purpose to prohibit abusive debt collection practices and to protect the debtor’s privacy.  The court concluded the information was benign and granted summary judgment in favor of the debt collector.

Sunday, September 4, 2016

Court Holds That Consumers Cannot Engineer FDCPA Violations

A Missouri district court has refused to grant partial summary judgment in favor of a consumer who asserted violations of 15 U.S.C. 1692e(11).  In Dodd v. Delta Outsource Group, the consumer, who was employed as a collector by another debt collector, received two calls from the collection agency while at work.  A week later, the consumer filed suit asserting violations of the FDCPA, including violations of section 1692e(11), contending that the collector failed to disclose the communications were from a debt collector.  In support of his motion for partial summary judgment, the consumer submitted recordings of both calls.

Section 1692e(11) provides that

A debt collector may not use any false, deceptive, or misleading representation or means in connection with the collection of any debt…[including]…The failure to disclose in the initial written communication with the consumer and, in addition, if the initial communication with the consumer is oral, in that initial oral communication, that the debt collector is attempting to collect a debt and that any information obtained will be used for that purpose, and the failure to disclose in subsequent communications that the communication is from a debt collector…

In opposition to the motion, the debt collector asserted that: [a] the consumer admitted in his deposition testimony that he knew Delta Outsource Group was a debt collector; and [b] it could not be held liable for its failure to disclose when the consumer interrupted the collector in both calls, preventing him from making the disclosure.”  The court denied summary judgment agreeing with the debt collector that a question of fact remains as to whether the debt collector violated the FDCPA.  In doing so, the court cited with favor a 2015 Utah district court decision where the court held that “the FDCPA does not entitle a plaintiff “to disrupt a collection call, prevent the debt collector from making its required identifications and disclosures, end the call, and through his own actions, create a violation of the FDCPA on the part of the debt collector.”  Dodd v. Delta Outsource Group, C.A. No. 4:15-cv-1744 (E.D. Mo. Aug. 25, 2016) quoting Lauer v. Credit Control Services, 2015 WL 5824941 (D. Utah Oct. 6, 2015).  The court concluded that the FDCPA penalizes a failure to disclose but it does not reward a debtor’s actions to prevent that disclosure.

Friday, September 2, 2016

Guest Post: Why Rental Cars May Present a Serious Loophole in Privacy Policies

By Ragan Riddle
September 2, 2016

If you are charging your phone through a USB port or connecting to Bluetooth in your rental car, you may want to think twice. Last week, an FTC article highlighted the dangers of this seemingly innocent conduct, as it creates an avenue for compromising both you and your clients’ sensitive information.
While individuals connect their devices to rental cars to charge their phones, make calls, listen to music, or use their GPS systems, what these individuals fail to consider is that many cars automatically store this information. If the information is not cleared by the renter or the rental car company, anyone who subsequently rents that car has access to this data. Call and message logs, location coordinates, and contact information then remains long after the rental car is returned.

This can be problematic on two fronts: for rental car companies providing the service and for individuals employed by companies with rigorous privacy standards who compromise this personal information simply by connecting their smart phone to the car.

Rental car companies should consider including a disclosure provision that is given to the customer with the initial pre-rental paperwork. After the rental is returned, these companies should have a policy requiring the information is cleared from the system before the car is rented to anyone else. Failure to address this privacy implication can have unintended compliance consequences as privacy becomes an increasingly prevalent focus for regulatory agencies.

For companies handling sensitive information, however, it is equally important to have a provision within the companies’ existing privacy standards that details appropriate protocol for connecting employee devices to rental cars. As the FTC, CFPB, and other regulatory organizations continue to focus on privacy standards for sensitive consumer information, taking action against those who fail to do so, companies would be remiss to ignore this obvious but often unrecognized privacy loophole.

The FTC article and its mirror article for consumers recommend, among other things, disabling automatic settings that sync electronic devices to rental cars or avoiding connecting mobile devices altogether. While wise, it is unlikely that this will solve the privacy loophole in its entirety.

Though no official action has been taken concerning this issue, it is unlikely that this will refrain from becoming a pressing area for concern and investigation in the future. Recognizing this loophole now may help entities avoid unanticipated privacy issues and impending regulatory action.
About the Author: Ragan Riddle is a summer law clerk with Smith Debnam Narron Drake Saintsing & Myers and a third year law student at Elon University's School of Law


Thursday, September 1, 2016

Deposit Accounts Remain in the CFPB Crosshairs

The CFPB issued its monthly report on consumer complaints this week making it clear that consumers’ access to depository accounts remains a focal point for the CFPB. The monthly report is a high level snapshot of trends in consumer complaints and spotlights a different product type each month on a rotating basis. The Report provides a summary of the volume of complaints by product category, by company and by state.   
This month’s report highlights "bank account and service" complaints and echoes a recurring concern for the CFPB: that it believes that banks are under serving a portion of the banking population who are being rejected from the banking system because they have a poor depository account history. We have previously published posts on a number of occasions concerning the CFPB’s focus on deposit accounts and credit reporting and this month’s complaint report confirms the CFPB’s continued concerns. In its press release, CFPB Director Richard Cordray is quoted as saying: “Deposit accounts are an essential component of millions of consumers’ financial lives…We are concerned that consumers continue to face difficulties accessing and managing this cornerstone financial tool. Consumers who are eligible for a deposit account should be able to get one and use it effectively.”  
Here are the highlights of this month’s report:

 Complaint Volume by Product

  •  The four products which yield the highest volume of complaints on a three month average remain debt collection, credit reporting, mortgage and bank account or service;
  •  A trend worth noting is that the number of debt collection and mortgage complaints showed a significant decrease in volume over the same three month period in 2015;
  • For the three month period, student loans and bank account or service indicated the highest increase in change – 64% (student loan) and 26% (bank account or service) when compared to 2015; and
  • On a monthly basis, debt collection and mortgage complaints were both down in July compared to June.

 Highlighted Product: Bank Account or Service

  •  The CFPB notes that, the overwhelming majority of complaints regarding bank accounts or service revolve around checking accounts (64% of all bank account or service complaints);
  • The CFPB report indicates that complaints “about the use of consumer and credit reporting data for account screening are increasingly common”;
  • The CFPB report also emphasizes that complaints related to overdrafts, particularly as to transaction ordering are also common;
  • Consumers also complain regularly about the disparity between the size of overdraft fees when compared to the relatively small purchase that triggers the fee;
  • Consumers remain frustrated concerning bank holding policies as they pertain to deposits and the delay in crediting funds;
  • The report also notes complaints about error resolution procedures for their deposit accounts; and
  •  As expected, the national banks are the targets of the majority of complaints, but several regional banks also appear on the “most complained about companies” list.
 As the CFPB continues to focus on consumer access to depository accounts and overdrafts, banks and credit unions of all sizes should expect their compliance management systems regarding the same to face further scrutiny by regulators and should expect to see additional guidance issued by regulators regarding the use of overdraft fees.