At the CFPB
On January 9th, the Consumer Financial Protection Bureau (CFPB) announced it has filed suit in the U.S. District Court for the Central District of California against several companies that offer student debt relief services. The CFPB alleges that the companies have violated the Fair Credit Reporting Act (FCRA), Consumer Financial Protection Act (CFPA), and the Telemarketing Sales Rule (TSR). For example, one company allegedly obtained consumer reports for millions of consumers with student loan debt from a credit bureau on the pretense that the company planned to use the information to offer mortgage loans when the company was actually providing the reports to student loan debt-relief companies to use in marketing their services. In addition, the CFPB alleges that some companies made misrepresentations about their services to consumers with student debt claiming they would reduce their interest rates and have their credit scores improved. The CFPB also alleges that some defendants unlawfully charged and collected at least $15 million in fees before consumers received any adjustment to their student loans or made any payments toward their loans.
At the EEOC
On January 10th, the Equal Employment Opportunity Commission (EEOC) announced a settlement with Jacksonville Plumbers and Pipefitters Joint Apprenticeship and Training Trust (JPPJATT). The settlement resolved the EEOC’s allegations that JPPJATT’s apprentice selection process was racial discriminatory in violation of Title VII of the Civil Rights Act of 1964. According to the EEOC’s complaint, JPPJATT selected apprentices through an interview process whereby a selection committee interviewed each applicant, asking each the same 14 questions. Each member of the selection committee then scored each applicant on a scale of 1-20 in 4 categories: (i) education, (ii) personal interests, (iii) personal traits, and (iv) attitude. Selection committee members were not provided with any instructions or training on how to assign scores to each applicant. As a result, scores were assigned subjectively. For example, a black applicant with a 2.57 GPA received an education score of 6 while a white applicant with a 2.12 GPA received an education score of 11. Black applicants were less likely to be selected for the apprenticeship than white applicants. Under the terms of the settlement, in addition to paying $207,500 in monetary relief to black applicants denied apprenticeship positions, JPPJATT agreed to hire a consultant to review and revise its selection process and implement and train employees in the new process, and to hold information sessions at locations in the black community. This case reinforces the importance of implementing objective and consistent hiring criteria.
At the FTC
On January 9th, the Federal Trade Commission (FTC) announced it has finalized a settlement announced in November 2019 with Medable, Inc.—a technology solutions provider to businesses in the pharmaceutical, biotechnology, and research industries—regarding allegations that it falsely claimed participation in the EU-U.S. Privacy Shield framework. While the company initiated an application, it did not complete the steps necessary to finalize participation in the framework. As part of the settlement, Medable is prohibited from misrepresenting its participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization.
On January 7th, the FTC announced a settlement with a California-based mortgage broker doing business as Mount Diablo Lending, and its sole owner, Ramon Walker. The FTC alleged that Mount Diablo Lending and Walker violated the Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA) by revealing personal information about consumers, including information from their consumer reports, in response to negative reviews posted on Yelp. According to the complaint filed by the FTC, Walker responded to consumers who posted negative Yelp reviews about his business by revealing their credit histories, debt-to-income ratios, taxes, health, sources of income, family relationships, and other personal information. In addition, Mount Diablo Lending failed to implement an information security program until 2017, and once it did, it never tested the program. As part of the settlement, Mount Diablo Lending will pay a $120,000 penalty for violating the FCRA. It must also implement a comprehensive data security program designed to protect the personal information it collects and obtain third-party assessments of its information security program every two years.
On January 6th, the FTC announced it has finalized its proposed settlement with InfoTrax Systems, L.C., a Utah-based technology company, and its former CEO, Mark Rawlins. The settlement resolved allegations that the company failed to enact reasonable security safeguards, allowing a hacker to access the personal information of more than a million consumers, including Social Security numbers. A hacker infiltrated InfoTrax’s server more than 20 times from May 2014 until March 2016. Under the terms of the settlement, InfoTrax is prohibited from collecting, selling, sharing, or storing personal information unless it implements an information security program that would remedy its security failures. In addition, the settlement requires the company to obtain third-party assessments of its information security program every two years. We previously reported on this proposed settlement in the November edition of the Washington Report.
On December 20th, the FTC announced it has extended the deadline to submit comments on accuracy in consumer reporting until January 31, 2020. The FTC and CFPB sought comment on issues affecting the accuracy of both traditional credit reports and employment and tenant background screening reports in conjunction with the December 10, 2019 workshop on the topic co-hosted by both agencies. The original deadline to submit comments was January 10, 2020.
On December 18th, the FTC announced it has reached a final settlement with former CEO of Cambridge Analytica, LLC, Alexander Nix, and app developer, Aleksandr Kogan. The settlement resolves allegations that the two worked with Cambridge Analytica to enable Kogan’s app to collect Facebook data from app users and their Facebook friends. The FTC alleged that app users were falsely told the app would not collect users’ names or other identifiable information, when, in fact, the app collected users’ Facebook User ID, which connects individuals to their Facebook profiles. As previously reported in the December edition of the Washington Report, the FTC announced an opinion on December 6th finding that Cambridge Analytica, LLC engaged in similar deceptive behavior in violation of the Federal Trade Commission (FTC) Act.