Information Intersection > Troutman Sanders LLP

CFPB Imposes $13 Million FCRA Consent Order on Large Consumer Reporting Agencies Due to Employment Background

On October 29, 2015, the Consumer Financial Protection Bureau (“CFPB”) announced the settlement of an enforcement action against two affiliated consumer reporting agencies under the Fair Credit Reporting Act (“FCRA”) based on these companies’ employment background screening practices. The consent order requires these background screeners to pay a total of $13 million in penalties and consumer redress. The Order also requires significant changes in the companies’ practices with regard to matching and use of public record information. This enforcement action provides another example of the CFPB flexing its regulatory muscle in the FCRA arena. All consumer reporting agencies (“CRAs”), all businesses that furnish data to a CRA (“furnishers”), and all users of data obtained from a CRA (“users”) should be concerned about the CFPB’s use of its enforcement authority. [Read more →]

November 6, 2015   No Comments

Trump Hotels Hit With Data Breach Class Action Lawsuit

A new putative class action lawsuit has been filed against the hotel chain owned by Donald Trump in the United States District Court for the Southern District of Illinois, after the hotel chain revealed that it had been the subject of a data breach.  The suit asserts claims under “state consumer protection laws” and “state data breach notification statutes” of the states of the affected class members, along with claims of negligence, breach of implied contract, and unjust enrichment.  [Read more →]

October 21, 2015   No Comments

FTC Takes on Video Game “Influencers”



When the FTC revised its Endorsement Guides in 2009, it signaled that it would focus more of its efforts on deceptive advertising conveyed through social media and evolving methods of online advertising. The FTC warned advertisers that they risk enforcement action when material connections between an endorser and an advertiser are not disclosed, regardless of where the endorsement appears.

Since then, the FTC has kept that promise, and last week announced that it settled a case against Machinima involving its deployment of “influencers” who were paid to “build an early buzz” surrounding the launch of Microsoft’s Xbox One console in late 2013.

[

September 9, 2015   No Comments

Third Circuit Rules That FTC Can Police “Unfair” Data Security Practices

Server Room (c) Torkild Retvedt

Server Room (c) Torkild Retvedt

The Federal Trade Commission scored a major win today in its efforts to regulate cybersecurity when the Third Circuit affirmed that the agency can exercise its unfair practices jurisdiction to sue companies that do not take reasonable data security measures.

The FTC sued Wyndham Worldwide Corp. in district court after hackers obtained over 600,000 consumers’ credit card information from the hotel group’s systems in 2008 and 2009, resulting in over $10 million in fraudulent charges. Unlike virtually all other FTC cybersecurity cases, Wyndham opted to challenge the FTC’s authority rather than settling.

[

August 25, 2015   No Comments

Criminalization of Robocalls?

U.S. Senator Chuck Schumer (D. N.Y.) has introduced a bill that would criminalize the act of knowingly initiating a commercial robocall without the prior express written consent of the recipient.

Photo by Kesneme

Photo by Kesneme

The bill, S. 1681, defines a “commercial robocall” as a telephone call made for the purpose soliciting a purchase, rental, enrollment or investment in goods or services using an “automatic telephone dialing system” or an artificial or prerecorded voice.

[

August 14, 2015   No Comments

OMG! FDA Cracks Down on Kim Kardashian Social Media Drug Endorsement

Forbes / Kim Kardashian / Instagram

Forbes / Kim Kardashian / Instagram


Tens of millions of people around the world follow Kim Kardashian’s every move on social media. So apparently does the FDA’s Office of Prescription Drug Promotion. Last week, the FDA issued a Warning Letter to Canadian drug manufacturer Duchesnay concerning Kardashian’s social media posts promoting the morning sickness drug Diclegis. The FDA warned that the posts unlawfully misbranded Diclegis under the Federal Food, Drug, and Cosmetic Act. [Read more →]

August 13, 2015   No Comments

Building Your Cybersecurity Team

Troutman Sanders LLP, in conjunction with the New York State Bar Association’s (“NYSBA”) International Section, hosted a Cybersecurity Symposium last week at the firm’s New York City office.


The Symposium was attended by a large and diverse audience consisting of lawyers, compliance officers, government officials, and founders, from the finance, real estate, insurance, start-up, and medical technical spaces.

Troutman Sanders attorneys involved included Aurora Cassirer, Erin Whaley, and Christina Bost Seaton, who collectively have experience in privacy compliance, employee privacy, class action litigation, corporate governance, and healthcare privacy.

Kevin Chalker, a former CIA operative, Clandestine Services, who is the Founder and CEO of Global Risk Advisors, a premier strategic consulting firm focused on security strategy and innovative technical solutions, which counts some or the United States’ largest and most prominent businesses as its clients, discussed the many surprising ways in which technology can lead to security vulnerabilities, and some strategies for preventing and remediating a cybersecurity incident.

[

July 31, 2015   2 Comments

DOJ Issues Cyber-Security and Data Breach Best Practices

Organized crime and other criminal enterprises consider cyber-intrusions to be a “low-risk, high-reward proposition” that pose a serious threat to every business that is connected to the internet or uses electronic systems. The U.S. Department of Justice (DOJ) has joined the growing list of federal agencies to weigh in on cyber-security “best practices.” On the heels of The Federal Trade Commission and the HHS Office of Civil Rights and Office of the National Coordinator, DOJ just released its own guidance on steps to take before a cyber-intrusion or data breach occurs, as well as a template response for cyber-intrusions and attacks.[1] Following an accepted protocol of “Preparedness, Response and Recovery” the Guidance identifies steps a business should take before, during and after cyber-intrusions to minimize risk and defuse the impact of breaches when they do occur. [Read more →]

May 7, 2015   No Comments

Supreme Court Grants Certiorari In Spokeo Case – Set To Address Article III Standing In Cases With No Concrete Harm

On April 27, 2015, the United States Supreme Court granted certiorari in Spokeo Inc. v. Robins, a case which could have wide-ranging implications for lawsuits, including class actions, against businesses under a number of consumer protection statutes.

In a case that the Supreme Court will hear and decide in its next term, the Court will address the question of whether Congress may confer Article III standing on a plaintiff who suffers no concrete harm, by simply authorizing a private right of action based on the violation of a federal statute alone.  If the Court reverses the lower court’s decision, it could mean the death-knell of “no harm” class action lawsuits that have proliferated under statutes that allow for statutory damages without proof of actual harm. [Read more →]

April 28, 2015   No Comments

HIT is Hot in Congress

Doctors Studying Data on ComputerLately there’s been a flurry of activity related to health IT in the 114th Congress.  At the end of March, the House passed the SGR bill, or “Doc Fix,” by an overwhelming vote of 392-37.  If there are no hang-ups, the Senate is expected to pass it Tuesday night.

The SGR bill repeals the old formula to pay doctors and creates a new formula for a value-based Medicare payment system.  The bill also includes a few key HIT measures: it requires HHS to create metrics to determine if EHRs are interoperable by July 2016, it defines interoperability as the ability of two health systems to exchange clinical data, and it includes language requiring providers to show they are not blocking information – just to name a few provisions. [Read more →]

April 15, 2015   No Comments