Increasing Awareness
Published: May 30, 2008
Several federal and state laws address data security requirements.

Identity theft is an ever-growing problem in today's digital age and one reason why consumer groups, lawmakers and the business community continue to struggle with data security.

Today, data security is more important to the health of your business than ever. Companies have a vested interest in keeping client and customer data safe. Lax data security policies can have real-world consequences as current and potential clients and customers may take their business elsewhere if they learn of a company's failure to keep data secure.

A proactive and comprehensive data security policy is also necessary because the failure to properly secure data can lead to potential legal consequences at both the federal and state level. While numerous proposals have been introduced recently by Congress to address data security, at least two federal laws currently require the implementation of data security procedures.

First, the Gramm-Leach-Bliley Act requires certain companies to create and implement a written comprehensive information security program appropriate to the size, nature, scope and complexity of the company.

Second, the Health Insurance Portability and Accountability Act requires covered entities to adopt standards ensuring safeguards are in place to protect the confidentiality, integrity and availability of electronic protected health information. This requirement similarly applies to third-party debt collectors operating under a business associate agreement.

In addition to federal laws governing data security, at least 43 states and the District of Columbia have enacted data security statutes. While these statutes vary, generally a security breach takes place when there is an unauthorized acquisition of data that materially compromises the security, confidentiality or integrity of personal information. A security breach often requires the company to notify individuals whose information was breached and may also require the company to notify its clients.

Some states require a company to provide notice only if a security breach of unencrypted data occurs. Additionally, a number of states permit substitute notice (such as providing notice to major statewide media) if the cost of providing notice exceeds a certain financial threshold, if the breach requires notice be provided to a certain number of individuals, or if the company has insufficient contact information for the individuals to provide notice.

Almost all data used in the credit and collection industry is now stored electronically and is easier to transfer than ever before. While companies must comply with federal and state security breach requirements, it is important to remember other potential consequences of failing to adequately protect personal information, such as the loss of future business. As a result, companies storing, using and transferring personal information should be diligent in creating or re-evaluating data security policies and procedures.

David D. Cherner is ACA International's legal counsel and legislative director of state government affairs.

By David D. Cherner

Total Bankruptcy Filings Increase
Published: June 13, 2008
The first quarter 2008 filing total represented a 110 percent increase from the 116,771 filings recorded during the first quarter of 2006, the first full quarter following the implementation of the Bankruptcy Abuse Prevention and Consumer Protection Act of 2005.

The total number of U.S. bankruptcies filed during the first three months of 2008 increased 26.9 percent over the same period in 2007 in all bankruptcy court districts, according to data released June 3, 2008, by the Administrative Office of the U.S. Courts.

The total number of filings for the first quarter of 2008 was 245,695, compared to 193,641 filed in the same period in 2007. This represents an 8.5 percent increase from the 226,413 bankruptcies filed during the fourth quarter of 2007.

The first quarter 2008 filing total represented a 110 percent increase from the 116,771 filings recorded during the first quarter of 2006, the first full quarter following the implementation of the Bankruptcy Abuse Prevention and Consumer Protection Act of 2005 (BAPCPA).

Consumer filings increased 26.5 percent to 236,982 for the three-month period ending March 31, 2008, from the 2007 first quarter total of 187,361. This also represents an 8.5 percent increase form the fourth quarter of 2007, which recorded a total of 218,428 nonbusiness filings.

The percentage of consumer filings for chapter 13 protection fell slightly from 39.3 percent during the first quarter of 2007 (Jan. 1- March 31) to 35.6 percent over the same period in 2008. The number of consumers filing for chapter 7 protection increased to 64.4 percent during the first three months of 2008, the largest percentage of consumer chapter 7 filers since the implementation of BAPCPA.

Business filings for the three-month period ending March 31, 2008, totaled 8,713, representing a 38.7 percent increase over the first quarter 2007 total of 6,280. The first quarter 2008 business filing total also represented a 9.1 percent increase over the fourth quarter 2007 total of 7,985.

The 12-month filing total of 901,927 for the period ending March 31, 2008, is an increase of 29.7 percent from the same period in 2007, which totaled 695,575 filings. Nonbusiness filings for the 12-month period ending March 31, 2008, totaled 871,186, up 29.3 percent from the 673,615 total nonbusiness filings in the 12-month period ending March 31, 2007.

Business filings for the 12-month period ending March 31, 2008, totaled 30,741, up 40 percent from the 21,960 business bankruptcy petitions filed in the 12-month period ending March 31, 2007.

The 560,015 total chapter 7 filings for the 12-month period ending March 31, 2008, represent a 35.5 percent increase from the 413,294 filings from the same period in 2007. Chapter 13 filings increased 20.9 percent to 334,551 in the 12-month period ending March 31, 2008 from 276,649 in the same period last year. Chapter 11 filings also increased, rising 34.1 percent to 6,971 in 2008 from 5,199 in 2007. Chapter 12 filings decreased 8.5 percent from 372 in 2007 to 343 in 2008.

For more information, please visit the American Bankruptcy Institute Web site.

This article is provided as a service of ACA International's Legal and Government Affairs Department.

Fourth Circuit Rules on Disputes to CRA
Published: June 17, 2008
A data furnisher who failed to mark an account as “disputed” in response to a dispute received through a consumer reporting agency was subject to a private cause of action under the Fair Credit Reporting Act (FCRA).

The Fourth Circuit recently found a data furnisher who failed to mark an account as “disputed” in response to a dispute received through a consumer reporting agency (CRA) was liable under section § 623(b) of the Fair Credit Reporting Act (FCRA).

In this case, the court rejected the argument that the failure to mark an account as disputed based upon a dispute from a CRA is governed exclusively by section § 623(a) of the Act. The court determined that both §§ 623(a) and 623(b) require a data furnisher to mark a debt as disputed. This decision is significant because consumers are unable to bring a private cause of action for a violation of § 623(a) of the FCRA, but can bring a private cause of action for violations of § 623(b).

In this case, the consumer purchased an automobile from a car dealer and the dealer assigned the loan to a lender. When the consumer did not receive a payment book for the new car, both he and his attorney contacted the lender several times to request payment information so he could begin paying on the loan. Each time the lender's employees informed him he owed the bank nothing.

The consumer then received a letter from the lender informing him he was seriously delinquent on his payments, his loan was in default, and the lender had accelerated the payment schedule demanding the total balance on the loan including principal, interest, late fees and other charges. After receipt of the letter, the consumer contacted the lender who ultimately refused to waive the late fees as the consumer requested.

The consumer refused to pay the additional charges, and the lender later repossessed the car and reported the account to a CRA. The consumer submitted a notice of dispute to the CRA who forwarded the dispute to the lender, triggering the lender's duty to investigate the dispute. In response to the dispute, the lender updated the account to show the loan as a “profit and loss writeoff,” but did not mark the account as disputed.

The consumer sued the lender, alleging the data furnisher violated its duties under § 623(b) by failing to report the account as disputed. At trial, the jury found in favor of the consumer and awarded the consumer statutory and punitive damages. The lender appealed.

At issue on appeal were the duties a data furnisher incurs under § 623(b) when a consumer disputes the accuracy of information to a CRA and the CRA notifies the data furnisher of such dispute. Specifically, the court examined whether a data furnisher has a duty to mark an account as disputed under § 623(b).

The lender argued § 623(b) does not require data furnishers to report disputes when responding to a consumer dispute received from a CRA. The lender stated other courts have found a data furnisher's duty to mark the account as disputed based on a consumer's dispute to a CRA is controlled exclusively by § 623(a).

The instant court rejected this line of reasoning, noting such arguments ignore the interplay between §§ 623(a) and 623(b) of the FCRA. The court stressed that the first subsection, § 623(a), provides that data furnishers have a general duty to provide accurate and complete information; the next subsection, § 623(b), imposes an obligation to review the previously reported information and report whether the information is incomplete or inaccurate upon receipt of a notice of dispute from a CRA. Thus, the court reasoned § 623(b) requires data furnishers to review the previous report for accuracy and completeness but does not set forth specific requirements as to what must be reported, because those requirements are already set forth in § 623(a), and the requirements include marking a debt as disputed.

Therefore, the court asserted under § 623(b), a data furnisher has a duty to mark an account as disputed upon the receipt of notice of a consumer's dispute from a CRA. Since the lender failed to reflect the dispute on the consumer's credit report, the data furnisher was liable for violating § 623(b). As discussed earlier, unlike violations of § 623(a), a private cause of action does exist for violations of § 623(b). Accordingly, the Fourth Circuit affirmed the decision of the district court.

The important thing to take away from this decision is that a data furnisher has a duty to mark an account as disputed based upon a consumer's dispute received from a CRA. Failure to comply with this duty may subject the data furnisher to a private cause of action for violations of the FCRA. No. 07-1108, 2008 WL 2042620 (4th Cir. May 14, 2008).

Voice messages failing to provide meaningful disclosure and mini-Miranda may violate the FDCPA
Published: June 17, 2008
The court denied the collector's motion to dismiss the consumer's claims of violations under the FDCPA when the court determined §§ 806(6) and 807(11) of the FDCPA apply to voice messages.

The consumer received a series of five messages on his answering machine from the collector. In each message, the name of the representative, the case number, and a return phone number was provided; however, the name of the agency was only provided in four of the five messages. The consumer claimed these messages violated various sections of the FDCPA, including §§ 806(6) and 807(11), as the messages failed to meaningfully disclose the caller's identity and failed to provide the required mini-Miranda disclosure.

The consumer argued § 806(6) requires the collector to provide her identity, the identity of the collection agency, and the nature of the agency's business when leaving messages. The collector argued it was not required to identify the nature of her business, as the nature of the business was provided in a collection letter which was previously sent to the consumer. Thus, the collector argued the previously sent collection letter coupled with the case number provided in the message notified the consumer of the nature of the collector's business. Finally, the collector argued it could not identify itself in a voice message due to the risk of third party disclosure.

As a threshold matter, the court held § 806(6) applied to voice messages. The court noted that although the messages provided certain identifying information, none of the messages disclosed the nature of the agency's business. The court held the purported collection letter was not within the court's jurisdiction on a motion to dismiss nor included in the pleadings, and thus, the letter could not be considered by the court. Further, the court held the argument regarding third party disclosure risks was not applicable at the current stage in the proceedings, as the location where the messages were left was unknown. Thus, the court denied the collector's motion to dismiss the claim under this section.

The consumer also claimed the collector violated § 807(11), which requires a collector to provide the mini-Miranda (“This communication is an attempt to collect a debt and any information obtained will be used for that purpose.”) in the initial communication with the consumer. As an initial matter, the court held § 807(11) also applied to voice messages. The collector contended the initial collection letter sent to the consumer contained the proper warnings and disclosures; however, the court could not consider the letter due to the aforementioned reasoning. Thus, the court denied the collector's motion to dismiss based on the letter. The consumer also stated a claim under § 807(11), which requires subsequent communications disclose the communication is from a debt collector. As the record did not show the collector provided the subsequent required disclosure, the court determined the collector was not entitled to a dismissal of the consumer's claim under this section. No. 07-cv-2579 (JNE/JJG), 2008 WL 2042622 (D. Minn. May 3, 2008).

FTC to Host Workshop on Debt Settlement
Published: June 20, 2008
The Federal Trade Commission (FTC) will host a workshop on Sept. 25, 2008, in Washington, D.C., to discuss the industry trend toward for-profit consumer debt relief services.

The use of debt relief services by consumers has been a growing trend, especially given the current state of the economy.

The FTC is hosting a workshop on Sept. 25, 2008 in Washington, D.C., to learn about the growth of for-profit debt relief entities and examine how the for-profit debt relief model is affecting consumers and businesses.

Consumer advocates, industry representatives, and state and federal regulators will discuss a range of issues, including the history and expansion of the debt relief industry, the advertising and marketing of debt relief services, the role of third-party lead generators and other service providers, legal developments in the regulation of the industry, and ways to address consumer protection issues and education needs.

In preparing for the workshop, the FTC is welcoming any original researching, surveys and academic papers regarding for-profit consumer debt relief services. The deadline to submit materials is Aug. 15, 2008. The FTC will be posting additional information about the workshop in the near future.

The workshop is free and open to the public.

Foreclosure Activity Increases 7 Percent in May
Published: June 20, 2008
One in every 483 U.S. households received a foreclosure filing during May 2008.

Foreclosure filings—default notices, auction sale notices and bank repossessions—were reported on 261,255 properties during May 2008, a 7 percent increase from the previous month and a 48 percent increase from May 2007, according to RealtyTrac's U.S. Foreclosure Market Report. The report also shows one in every 483 U.S. households received a foreclosure filing during the month, the highest monthly foreclosure rate since RealtyTrac began issuing the report in January 2005.

With one in every 118 households receiving a foreclosure filing in May, Nevada posted the highest state foreclosure rate for the 17th consecutive month. Foreclosure filings were reported on a total of 9,009 Nevada properties, an increase of nearly 24 percent from the previous month and a 72 percent increase from May 2007.

California foreclosure activity in May increased 11 percent from the previous month and 81 percent from May 2007, helping the state continue to register the nation's second highest state foreclosure rate. One in every 183 California households received a foreclosure filing during the month, a rate that was 2.6 times the national average.

Arizona's May foreclosure rate—one in every 201 households received a foreclosure filing during the month—ranked third highest among the states for the second month in a row. Arizona foreclosure activity increased nearly 12 percent from the previous month and almost 119 percent from May 2007.

One in every 228 Florida households received a foreclosure filing in May, giving it the fourth highest foreclosure rate among the states. Michigan foreclosure activity in May increased nearly 25 percent from the previous month, helping the state's foreclosure rate to jump to fifth highest among the states after ranking No. 9 the previous month. One in every 353 Michigan households received a foreclosure filing in May.

Other states with foreclosure rates ranking among the top 10 were Georgia, Colorado, Massachusetts, Ohio and New Jersey.