Tuesday, January 23, 2024

FYI: New Jersey Enacts Comprehensive Consumer Data Privacy Law

New Jersey Governor Phil Murphy on Jan. 16, 2024 signed into law Senate Bill 332, making New Jersey the thirteenth state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, Oregon and Delaware. 

 

The new law will go into effect Jan. 16, 2025.

 

For a chart comparing the state comprehensive data privacy acts, and more information and insight from Maurice Wutscher on data privacy and security laws and legislation, click here.

 

APPLICABILITY

 

The Act applies to controllers that conduct business in New Jersey or produce products or services that are targeted to New Jersey residents, and that during a calendar year either:

 

    control or process the personal data of at least 100,000 consumers, excluding personal data processed solely for the purpose of completing a payment transaction; or

    control or process the personal data of at least 25,000 consumers and the controller derives revenue or receives a discount on the price of any goods or services, from the sale of personal data.

 

EXEMPTIONS

 

Exemptions include, but are not limited to:

 

    A financial institution, data, or affiliate of a financial institution that is subject to Gramm-Leach-Bliley Act and implementing rules;

    Protected health information collected under the Health Insurance Portability and Accountability Act of 1996;

    Personal data collected, processed, sold, or disclosed by a consumer reporting agency as authorized by the Fair Credit Reporting Act.

 

CONSUMER RIGHTS

 

Consumers have the right to:

 

    Confirm a controller's processing of their personal data;

    Correct inaccuracies in their personal data;

    Delete their personal data;

    Obtain a copy of their personal data held by the controller;

    Opt out of the processing of their personal data if the processing is for the purpose of targeted advertising, sale of their personal data, or certain profiling.

 

SENSITIVE DATA

 

A controller may not process sensitive data concerning a consumer without first obtaining the consumer's consent, or, in the case of the processing of personal data concerning a known child, without processing such data in accordance with the Children's Online Privacy and Protection Act.

 

"Sensitive data" means personal data revealing:

 

    Racial or ethnic origin;

    Religious beliefs;

    Mental or physical health condition, treatment, or diagnosis;

    Financial information, which shall include a consumer's account number, account log-in, financial account, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a consumer's financial account;

    Sex life or sexual orientation;

    Citizenship or immigration status;

    Status as transgender or non-binary;

    Genetic or biometric data that may be processed for the purpose of uniquely identifying an individual;

    Personal data collected from a known child; or

    Precise geolocation data.

 

CONTRACT REQUIREMENTS

 

A contract between a controller and processor must clearly set forth:

 

    The processing instructions to which the processor is bound, including the nature and purpose of the processing;

    The type of personal data subject to the processing, and the duration of the processing;

    That the processor ensures each person processing the personal data is subject to a duty of confidentiality;

    That any subcontractor engaged by the processor is subject to the same contractual obligations as between the controller and the processor;

    That the controller and processor implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk;

    That the processor deletes or returns all personal data to the controller as requested at the end of the provision of services;

    That the processor makes available to the controller all information necessary to demonstrate compliance; and

    That the processor allows for, and contributes to, reasonable assessments and inspections by the controller.

 

DATA PROTECTION ASSESSMENTS

 

A controller must conduct a data protection assessment for processing that presents a heightened risk of harm to a consumer, including:

 

    Processing personal data for the purposes of targeted advertising or certain profiling;

    Selling personal data;

    Processing sensitive data.

 

ENFORCEMENT

 

The Act does not create a private right of action. A violation that is not cured within 30 days of notice is an unlawful practice under N.J. Stat. § 56:8-1, et seq., and the Attorney General may seek injunctive relief, costs, and penalties of not more than $10,000 for the first offense and not more than $20,000 for the second and each subsequent offense.

RULEMAKING

 

The Attorney General, through the Division of Consumer Affairs, is charged with promulgating rules and regulations.

 

IMPRESSIONS

 

This legislation, which was introduced in 2022, is a good example of legislators listening to stakeholders and making appropriate changes in response. The bill was amended six times, with the next to the last gutting the bill and replacing it with provisions akin to those in laws adopted by most other states, which will be a relief to those incorporating the requirements into a compliance program.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Thursday, January 4, 2024

FYI: Data Privacy & Security Roundup: New Laws, Regulations and Important Dates in 2024

The upward trend in data privacy legislation continued in 2023. According to the National Conference of State Legislatures, "[a]t least 40 states and Puerto Rico introduced or considered at least 350 consumer privacy bills in 2023," a significant increase from the 200 bills in 2022

 

Many of these bills were limited in scope, relating to, for example, biometric, genetic and geolocation data, data brokers, and internet service providers.

 

STATE COMPREHENSIVE CONSUMER DATA PRIVACY LAWS

 

Narrowing the focus to legislation that conveys certain rights to consumers and restricts the use of personal information, more than 60 bills were considered in almost 30 states. A comparison chart of those bills can be accessed here.

 

In 2023, seven states joined California, Virginia, Colorado, Utah and Connecticut in passing comprehensive data privacy legislation.

 

    Iowa SF 262 was enacted March 28 and goes into effect Jan. 1, 2025.

    Indiana SB 5 was enacted May 1 and goes into effect Jan. 1, 2026.

    Tennessee HB 1181 was enacted May 11 and goes into effect July 1, 2024.

    Montana SB 384 was enacted May 19 and goes into effect Oct. 1, 2024.

    Texas HB 4 was enacted June 18 and goes into effect July 1, 2024.

    Oregon SB 619 was enacted July 18 and goes into effect July 1, 2024.

    Delaware HB 154 was enacted Sept. 11 and goes into effect Jan. 1, 2025.

 

Although there are differences worth attention, these laws are very similar to those enacted after the California Consumer Protection Act, and most include:

 

    Right to access

    Right to correct (except Iowa)

    Right to delete

    Right to obtain

    Right to opt-out of certain processing

    Data and entity-level Gramm-Leach-Bliley Act exemptions (Oregon is data-level only but includes an entity-level exemption for financial institutions as defined in Rev. Stat. Ann. § 706.008)

    Requirements for contracts between controllers and processors

    Risk assessments for processing certain data (except Iowa)

    No private right of action

 

A chart comparing the comprehensive data privacy laws is available here.

 

STATE DATA BREACH NOTIFICATION LAWS

 

Utah SB 127 was enacted March 23 and went into effect May 3. Amendments include:

 

    Creation of the Utah Cyber Center tasked with, among other things, developing a cybersecurity plan for government agencies, identifying, assessing, and mitigating cyber threats, and promoting cybersecurity best practices;

    Requiring notification to the attorney general and the Utah Cyber Center.

 

Texas SB 768 was enacted May 27 and went into effect Sept. 1. Amendments include:

 

    Shortening the time to notify the attorney general from 60 days to 30;

    Requiring notification be submitted electronically using a form provided on the attorney general's website.

 

Nevada SB 355 was enacted June 15 and went into effect Oct. 1. The law amends Nevada's data breach notification statutes (Nev. Rev. Stat. Ann. § 603A.300, et seq.) by exempting installment loan companies and making them subject to different data breach notification provisions, including:

 

    Determination whether notice is required is based in part on an analysis of the risk of harm to affected residents;

    The notice deadline is 30 days, as opposed to "in the most expedient time possible and without unreasonable delay";

    Breach notification by email is prohibited if a breach involves a username, password or other login credentials to an email account furnished by the licensee;

    The law specifies information that must be included in a breach notification;

    Notice must be made to the attorney general if there are more than 500 affected residents;

    There is no safe harbor for data controllers subject to and compliant with the privacy and security provisions of the Gramm-Leach-Bliley Act;

    Notice must be provided to consumer reporting agencies if the breach affects more than 1,000 persons.

 

Connecticut SB 1058 was enacted June 26 and went into effect Oct. 1. Amendments include:

 

    Adding "precise geolocation data" to the definition of "personal information";

    Depositing civil penalties into a "privacy protection guaranty and enforcement account";

    Designating a violation as an unfair trade practice under Conn. Gen. Stat. § 42-110b.

 

Rhode Island SB 5684 was enacted June 27 and went into effect upon passage. Amendments include:

 

    Adding definitions for "classified data" and "cybersecurity incident";

    Shortening the notification period to individuals from 45 days to 15;

    Requiring notification to the state police within 24 hours;

    Specifying what must be included in a notification.

 

STATE REGULATION

 

California

 

In March, the California Privacy Protection Agency received approval of its first substantive rulemaking implementing the California Consumer Protection Act as amended by the California Privacy Rights Act.  The regulations became effective March 29, but enforcement of some provisions has been delayed until March 29, 2024.  The regulations include:

 

    Methods for allowing consumers to exercise the right to correct personal information;

    Required terms that must be included in contracts between businesses and the service providers and third parties with whom personal information is shared or disclosed;

    Modified notice requirements;

    Additional guidance on what constitutes a "dark pattern";

    Expectations regarding opt-out preference signals.

 

New York

 

In November, amendments to New York's cybersecurity regulations were adopted by the Department of Financial Services with staggered implementation dates for covered entities, small businesses, and Class A companies

 

The amendments include:

 

    Creation of a category for "Class A companies" based on revenue in New York, and number of employees or global revenue;

    Heightened security measures for Class A companies;

    Annual penetration testing by a qualified internal or external party;

    Automated or manual scans of information systems;

    Risk assessments reviewed and updated annually, or as necessary;

    Multi-factor authentication for any individual accessing any information system;

    Notification to the Superintendent of any cybersecurity incident within 72 hours;

    Annual certification of compliance, or acknowledgment of noncompliance;

    Notice and explanation of extortion payments made in connection with a cybersecurity incident.

 

FEDERAL REGULATION

 

Safeguards Rule

 

In September, the Federal Trade Commission announced its approval of an amendment to the Gramm-Leach-Bliley Act Safeguards Rule requiring nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a "notification event"). The amendment, which becomes effective May 13, 2024, also provides:

 

    Notification must be made as soon as possible, and no later than 30 days after discovery of the event;

    Notice must be provided through an online form that will be available on the FTC's website;

    The notice must include:

        the name and contact information of the reporting financial institution;

        a description of the types of information that were involved in the notification event;

        if the information is possible to determine, the date or date range of the notification event;

        the number of consumers affected or potentially affected by the notification event;

        a general description of the notification event; and

        whether any law enforcement official provided a written determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security, and a means for the Federal Trade Commission to contact the law enforcement official.

 

CONCLUSION

 

2024 will undoubtedly be a remarkable year with respect to data privacy and security legislation and regulation and we expect an increased focus on issues related to the use of artificial intelligence. For more information and insight from Maurice Wutscher on data privacy and security laws and how to stay compliant click here.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Saturday, December 9, 2023

FYI: ❄️ Warm wishes for a magical holiday season ❄️

  Maurice Wutscher LLP -

 

From all of us at Maurice Wutscher, sending you our heartfelt thanks for your continued support and partnership.

 

And wishing you and yours the joys of the season and all good things in the new year.

 

 

 

 

 

 

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

Saturday, December 2, 2023

FYI: Cal App Ct (4th Dist) Rejects Borrowers' Claims Arising Out of Regulator's Unlicensed Lending Action

The California Court of Appeal, Fourth District, recently held two borrowers' allegations that their lender was not properly licensed were insufficient to establish an actual economic injury, necessary for standing under California Business and Professions Code section 17200, and that there was no private right of action under California Financial Code sections 22100 and 22751.

 

A copy of the opinion is available at:  Link to Opinion

 

In 2020, California regulators entered into a settlement agreement with a mortgage lender to address its unlicensed lending activity. Pursuant to the settlement agreement, included as exhibit B to the original complaint, the lender was ordered to "refrain from violating Financial Code section 22100, subdivision (a), by engaging in the business of a finance lender without obtaining a license" and to pay an administrative penalty of $75,000. The parties acknowledged the settlement agreement was "intended to constitute a full, final, and complete resolution of the violations." The settlement was the first public revelation of the lender's unlicensed lending activity, and the impetus for the current litigation.

 

In 2017, the borrowers applied for and obtained a loan with the lender secured by a mortgage on their residence.  In 2021, the borrowers sued the lender, individually and on behalf of a class of similarly situated persons, alleging that the lender was not licensed to engage in lending in the state of California between 2014 and 2018 and asserting violations of California Business and Professions Code section 17200 and Financial Code sections 22100 and 22751.

 

The trial court sustained the lender's demurrer to the borrowers' complaint without leave to amend, concluding that the borrowers could not establish injury in fact by alleging that they suffered an injury in fact or lost money or property as a result of the lender's licensing status. The borrowers timely appealed.

 

Business and Professions Code section 17200 (commonly referred to as the Unfair Competition Law, or the "UCL") defines unfair competition as "any unlawful, unfair or fraudulent business act or practice and unfair, deceptive, untrue or misleading advertising and any act prohibited by Chapter 1 (commencing with Section 17500)." Section 17204 further provides, in relevant part, that "[a]ctions for relief pursuant to this chapter shall be prosecuted exclusively in a court of competent jurisdiction by . . . a person who has suffered injury in fact and has lost money or property as a result of the unfair competition." Bus. & Prof. Code § 17204.

 

Proposition 64 amended Section 17204 and imposed narrower standing requirements. A party must (1) establish a loss or deprivation of money or property sufficient to qualify as injury in fact, i.e., economic injury, and (2) show that that economic injury was the result of, i.e., caused by, the unfair business practice or false advertising that is the gravamen of the claim." Kwikset Corp. v. Superior Court (2011) 51 Cal. 4th 310, 320-322; accord California Medical Assn. v. Aetna Health of California Inc. (2023) 14 Cal.5th 1075, 1086.

 

The lender contended on appeal, as it did in the trial court, that the complaint failed to adequately allege that the borrowers suffered an injury in fact or lost money or property as a result of its licensing status.

 

Here, the Fourth District noted that the borrowers did not allege that the lender made an affirmative representation about its licensing status or, more importantly, that the borrowers relied on any statements the lender made about its licensing status when choosing to enter into the loan transaction.

 

Thus, even if an omission could fall into the Kwikset framework, as the borrowers asserted, the Fourth District concluded that the borrowers still had not established causation, the second element required for standing under the UCL. Kwikset noted that "a plaintiff 'proceeding on a claim of misrepresentation as the basis of his or her UCL action must demonstrate actual reliance on the allegedly deceptive or misleading statements' " and show that " 'the misrepresentation was an immediate cause of the injury-producing conduct.' " Kwikset, supra, 51 Cal.4th at pp. 326–327.

 

Instead, the borrowers attempted to establish causation by alleging that they would not have obtained the loan had they known the lender was unlicensed, a fact they only discovered three years later because of a public settlement. The Fourth District reasoned that this subjective assertion of an intangible harm falls short of establishing the elements for standing under the UCL.

 

As the Kwikset court pointed out, whereas federal standing may be based on "intangible" injury that does not involve lost money or property, UCL standing is more stringent. Kwikset, supra, 51 Cal.4th at p. 324. The Court did not believe that the Kwikset court intended to expand Proposition 64 to include standing to plaintiffs based on their intangible distaste for a lender's failure to complete the licensing process in California.

 

Thus, the Fourth District held that the borrowers did not establish that they suffered an economic injury caused by an unfair or unlawful business practice of the lender. Therefore, they lacked standing to assert the UCL claims, and the trial court did not err in dismissing the first and second causes of action.

 

In the third cause of action in complaint, the borrowers also asserted violations of California Finance Code sections 22100 and 22751 based on the allegation that the lender lacked a license to lend money to California borrowers. They alleged that the law specifically commands that an unlicensed lender is to forfeit all interest and finance charges made on any unlicensed loan.

 

California Financial Code section 22100, subdivision (a) provides, "[n]o person shall engage in the business of a finance lender or broker without obtaining a license from the commissioner." Section 22751, subdivision (a) provides, "[i]f any amount other than or in excess of the charges permitted by this division is charged or contracted for, or received, for any reason other than a willful act of the licensee, the licensee shall forfeit all interest and charges on the loan and may collect or receive only the principal amount of the loan." And related section 22752, subdivision (a) likewise provides that the licensee shall forfeit all interest and charges on the loan "[i]f any provision of this division is violated in the making or collection of a loan."

 

However, the Fourth District observed that a violation of a state statute does not automatically give rise to a right of recovery by a private individual. Courts will allow a private right of action only where a statute allows one. Mayron v. Google LLC (2020) 54 Cal.App.5th 566, 571. The statute must contain " ' " 'clear, understandable, unmistakable terms,' " which strongly and directly' indicate a private right of action is allowed." Ibid., citing Lu v. Hawaiian Gardens Casino, Inc. (2010) 50 Cal.4th 592, 596–597. If the statue "does not contain an unmistakable directive," the court may consider the legislative history of the statute to determine whether the Legislature intended to create a private right of action. Mayron, supra, at p. 571.

 

As relevant here, Financial Code section 22713 specifically provides that the commissioner may bring an action or request that the Attorney General bring an action in the name of the people of the State of California. Fin. Code § 22713, subd. (a). The violator may then be liable for civil penalties, as the lender was here. (Fin. Code § 22713, subd. (b).) Moreover, "[i]f the commissioner determines that it is in the public interest," the commissioner may include "a claim for restitution, disgorgement, or damages." Fin. Code § 22713, subds. (b) & (c).

 

Here, the Fourth District reviewed the record and found it undisputable that the commissioner resolved such an action against the lender through a settlement in December 2020. Despite the final resolution of that matter, the borrowers sought to pursue damages for the lender's alleged Financial Code violations in addition to those recovered by the commissioner. But the Court held that, when regulatory statutes, like the Financial Code, " ' "provide a comprehensive scheme for enforcement by an administrative agency, the courts ordinarily conclude that the Legislature intended the administrative remedy to be exclusive unless the statutory language or legislative history clearly indicates an intent to create a private right of action." ' " See Noe v. Superior Court (2015) 237 Cal. App. 4th 316, 337.

 

Accordingly, the Fourth Appellate District also concluded that the provisions of the Financial Code do not provide "clear, understandable, unmistakable terms" for a private cause of action, but instead provide for enforcement of violations via an action by the commissioner, which is what occurred in this case. Thus, the Court affirmed the decision of the trial court.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Sunday, November 26, 2023

FYI: 8th Cir Rejects Challenge to Advertised Discounts as "Deceptive"

The U.S. Court of Appeals for the Eighth Circuit recently upheld the dismissal of a putative class action challenging an advertised discount as supposedly deceptive.

 

In so ruling, the Eighth Circuit held that the named plaintiff's allegations failed to meet the "ascertainable loss" requirement under the Missouri Merchandising Practices Act ("MMPA"). Furthermore, the Court held that an unjust enrichment claim based on the same facts as that of the MMPA claim fails for the same reasons.

 

A copy of the opinion is available at:  Link to Opinion

 

A consumer brought a putative class action under the Class Action Fairness Act against a retailer and its wholly-owned subsidiary. The consumer alleged that she purchased numerous products at physical stores and online at discount prices that were deceptively advertised because the defendants allegedly did not sell a substantial quantity of these products at the advertised "regular" prices prior to selling them at the advertised "sale" prices. The consumer sought class-wide compensatory damages under the MMPA, along with the price she paid the defendants under the equitable doctrine of unjust enrichment.

 

The trial court granted the defendants' motion to dismiss the consumer's amended complaint with prejudice. The consumer timely appealed.

 

To recover damages under the MMPA, a private plaintiff must allege and prove that she "(1) purchased merchandise . . . from [the defendant]; (2) for personal, family, or household purposes; and (3) suffered an ascertainable loss of money or property; (4) as a result of an act declared unlawful under the [MMPA]." Goldsmith v. Lee Enter., Inc., 57 F.4th 608, 615 (8th Cir. 2023).

 

Furthermore, Missouri courts generally apply the common-law "benefit of the bargain" rule to determine whether an MMPA plaintiff has suffered an ascertainable loss. Vitello v. Natrol, LLC, 50 F.4th 689, 693 (8th Cir. 2022). "The 'benefit of the bargain rule' awards a prevailing party the difference between the value of the product as represented and the actual value of the product as received." Id. The Supreme Court of Missouri adopted the rule in Kendrick v. Ryus, 123 S.W. 937, 939-40 (Mo. 1909).

 

Therefore, as the consumer had not alleged a deficiency in the quality of the clothing she purchased compared to the quality the retailers' advertising represented, the Eighth Circuit held that the consumer has the right to sue for rescission in a common law fraud action, but there was no ascertainable loss under the MMPA. Goldsmith v. Lee Enter., Inc., 57 F.4th 608, 610 (8th Cir. 2023).

 

Thus, the Court agreed with the trial court's decision to "join[] a growing number of courts, in finding that complaints based solely on a plaintiff's disappointment over not receiving an advertised discount at the time of purchase has not suffered an ascertainable loss." Robey v. PVH Corp., 495 F. Supp. 3d 311, 321 (S.D.N.Y. 2020).

 

Regarding the consumer's second cause of action, a claim for unjust enrichment under Missouri law requires the plaintiff to plead and prove three elements, "a benefit conferred by a plaintiff on a defendant; the defendant's appreciation of the fact of that benefit; and the acceptance and retention of the benefit by the defendant in circumstances that would render that retention inequitable." Topchian v. JPMorgan Chase Bank, N.A., 760 F.3d 843, 854 (8th Cir. 2014). Only the third element was in dispute here on appeal.

 

The Eighth Circuit found that the consumer's unjust enrichment claim was based on the same facts as her MMPA claim and that it failed for the same reason -- she received the products she intended to purchase and paid the advertised sale price. "[T]here can be no unjust enrichment if the parties receive what they intended to obtain." Howard v. Turnbull, 316 S.W.3d 431, 436 (Mo. App. 2010). Moreover, the Court concluded that the existence of an express contract precluded a claim of unjust enrichment. Topchian, 760 F.3d at 854. "[A] contract for the sale of goods may be made in any manner sufficient to show agreement, including conduct by both parties which recognizes the existence of such a contract." Dean Mach. Co. v. Union Bank, 106 S.W.3d 510, 520 (Mo. App. 2003).

 

Accordingly, the Eighth Circuit affirmed the judgment of the trial court and held that the trial court did not err in dismissing the customer's MMPA and unjust enrichment claims.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Monday, November 20, 2023

FYI: CFPB's Annual Report on FDCPA Spotlights 'Continued Concerns' About Medical Debt

The Consumer Financial Protection Bureau on Nov. 16, 2023 released its annual report regarding its activities taken in 2023 to administer the Fair Debt Collection Practices Act, spotlighting, among other topics, the collection of medical debt.

 

A copy of the Report is available at:  Link to Report

 

Emphasizing the "significant actions" taken by the CFPB concerning the collection of medical debt, the Report highlights the CFPB's "continued concerns" about the "medical collection ecosystem." The Report specifies that the collection of medical debt that is either inaccurate or not owed raises significant concerns under the FDCPA and the Fair Credit Reporting Act, statutes that are enforced by the CFPB.

 

Specifically, the Report notes that roughly 15% of all collection complaints the CFBP sent to industry members for review and response involved medical debt, with consumers primarily complaining of the inaccuracy of medical debt being sought and the quality of information being provided during the medical debt collection process.

 

The Report goes on to note the "commonly" reported complaints as:

 

    - The medical bill being collected has already been paid or should have been paid by someone else.

    - Medical bills are collected long after services are provided.

    - Medical bills that patients have no prior knowledge of appear on their credit reports.

 

The Report includes concerns the CFPB had with debt collector's responses to complaints. It notes many medical debt collectors were quick to cut bait by closing the account in issue and deleting the account from a consumer credit report in response to a dispute of the accuracy of the information being reported. The CFPB suggests that this behavior raises questions as to whether there are deficiencies in the quality and quantity of information medical collectors receive at placement or at sale of the medical debt. The CFPB also said it suggests that medical debt collectors may not have confidence in the data and information provided to them regarding a medical debt's accuracy.

 

Citing the challenging nature of medical billing, including consumers being faced with "multiple bills from different providers, confusing procedure codes, opaque pricing, and uncertain insurance coverage" as well as emergency medical services that fail to provide up-front service costs, the CFPB concludes that many medical debts sought for collection may not be owed or may be seeking to collect the wrong amount due to:

 

    - Prior payment of the bill.

    - Insurance or financial assistance being responsible for the bill.

    - The services provided are being billed at a higher billing code.

    - State laws may provide for a bill to not be owed or to be owed in an amount different from that which is billed and sought for collection.

    - Federal laws may provide that the bill is not owed.

 

In this regard, the Report reminds the industry that collection of debts, medical or otherwise, that are not owed or are in the wrong amount may violate the FDCPA, specifically under 1692f(1), which the CFPB explains permits the collection of a debt only where (1) expressly permitted by the underlying agreement creating the debt and no law prohibits its collection or (2) where a law expressly permits the charge.

 

The CFPB's Report highlights "contexts" where the collection of medical debt runs afoul of certain federal or state laws:

 

    - The bill may be prohibited by the federal No Surprises Act.

    - The bill may be prohibited under the federal Nursing Home Reform Act.

    - State law may prohibit recovery of a medical bill above a "reasonable amount" for the medical services provided.

 

Considering this, the Report advises state and federal regulators, as well as private litigants, to pay careful attention to whether medical debt collectors are collecting debts not owed or are in the wrong amount and, if state law provides, whether the bills sought do not reflect "reasonable" amounts for the medical services provided.

 

The Report also suggests that a debt may be invalid or inaccurate for any number of reasons and invites consumers and regulators to routinely challenge medical debt collectors on the accuracy of the debts they collect only on the assumption that the debt may be invalid or inaccurate. 

 

The Report concludes with the CFPB's stated intention of taking further action regarding medical debt collection and working with states to further consumer protection. Given the CFPB's posture towards medical debt, the accuracy and propriety of medical debt balances being collected will continue to face heightened scrutiny from state and federal regulators.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars