Eleventh Circuit Court of Appeals
The Eleventh Circuit Court of Appeals has rejected a fax class action which argued that solicited faxes needed to have opt-out notices. Gorss Motels, Inc. v. Safemark Systems, LP.
Comment: The Court noted the Federal Communications Commission’s (“FCC”) held the solicited fax rule was invalid and was never legally enforceable despite the fact that plaintiffs argued it should be enforced retrospectively.
European Union General Data Protection Regulation
The United Kingdom’s data regulator has issued two proposed fines for security breaches. British Airways will be subject to a fine amounting to more than $220 million USD for a breach involving 500,000 customers’ data. Marriot International will be fined more than $120 million USD for a breach that occurred in 2014 to Starwood Hotels, subsequently acquired by Marriot in 2016.
Comment: If you have European Union citizens’ data in your systems, you should carefully review your compliant with the General Data Protection Regulation.
Federal Communications Commission
Reply comments to the FCC proposed rules to eliminate illegal robocalls were due August 23, 2019 (CG Docket No. 17-59). See https://www.fcc.gov/ecfs/. The FCC cites estimates that almost 48 billion robocalls were made in 2018, an increase of 50 percent over 2017. The rules aim to implement a system to confirm a call actually comes from a number indicated in caller ID.
Comment: Legitimate callers will face some burden from these regulations because their caller ID numbers may be blocked in error by carriers. In my experience, however, these legitimate callers will be able to validate legitimate caller IDs with the carriers and reduce or eliminate this administrative burden. Illegitimate callers will not be able to do this, thus legitimate calls may become more effective under this regime.
Federal Trade Commission
The Federal Trade Commission (“FTC”) announced that in 2020 the fee for the national “do-not-call” list will increase to $17,765 per year, up from $17,406 in 2019. If your business accesses the “do-not-call” list per area code, the fee will increase to $65, from $63 per area code.
First Circuit Court of Appeals
The First Circuit Court of Appeals has upheld a trial court’s ruling that an arbitration agreement was not effective because a plaintiff’s claims under the Telephone Consumer Protection Act (“TCPA”) were “completely unrelated” to a prior agreement containing an arbitration clause. Breda v. Cellco Partnership.
Comment: It is extremely important that the arbitration language be written to include TCPA claims and waiver of class action allegations. Please contact us if you would like to discuss including an arbitration clause in your contract or lead language.
United States Senate
A bill has been introduced in the United States Senate (116S2342) which would require data brokers to register with the FTC and adopt security for personal information in their possession, as well as impose restrictions on acquisition and use of that data. The bill is jointly sponsored by Senators Gary Peters (D-MI) and Martha McSally (R-AZ).
A California data broker law (CA AB 1202) which passed the General Assembly in May has been referred to the State Senate Committee on Appropriations. The bill would also require data brokers to register, this time with the California Attorney General.
A Colorado court has dismissed a TCPA case where the plaintiff could offer no proof defendant called him. Robinson v. ACG Processing.
Comment: Frequently, plaintiffs will claim calls from a defendant without proof simply lumping all calls received into a demand. This is not sufficient legally, and a compliant business should insist on proof of calls and consider not settling without such proof.
A Michigan court has adopted the logic from the California case Marks v. San Diego interpreting an automatic telephone dialing system (“ATDS”) to be any system which can call a list of individuals without human intervention. Allan v. Pennsylvania Higher Education Assistance Agency. Courts in the same jurisdiction (the Eastern District of Michigan) have held to the contrary, i.e. a system is an ATDS only if it can randomly or sequentially generate telephone numbers.
Comment: The conservative course until the ATDS issue is resolved is to consider a system non-ATDS only if direct human intervention is involved in each call or text and the system lacks capacity to dial without such intervention. I would be happy to review your system or answer questions at your convenience.
New Hampshire enacted the Insurance Data Security Law (SB 194) on August 2, 2019. N.H. Rev. Stat. Ann. § 420-P:1. The law applies to individuals and entities licensed pursuant to New Hampshire’s insurance laws (“licensee”). § 420-P:3(IX). Licensees are excluded under the law if they have fewer than 20 employees. § 420-P:9(1).
Licensees are required to implement information security programs designed to protect nonpublic information, based on the results of a risk assessment. § 420-P:4. Risk assessments should be conducted by an employee or outside vendor and should, among other requirements, identify security threats and potential damages, assess the sufficiency of safeguards to manage threats, and implement safeguards as necessary in ongoing assessments. § 420-P:4(III). Also required are written schedules for document retention/destruction and written plans for responding to and recovering from cybersecurity events (i.e. unauthorized access to nonpublic information or information system). Id.
The law takes effect January 1, 2020.
Comment: If you are a licensed insurance company or do business with insurance companies, you likely will need to show compliance with this law. Please contact me if you would like to discuss.
The New York General Assembly is considering a bill (AB 8526) which would regulate data brokers. “Data broker” is defined as a business that earns its primary revenue from supplying data about people mainly gathered from data sources other than those people. Data brokers would be prohibited from transferring, using, or processing to a third-party any personal data without prior express consent.
A judge has denied certification of a TCPA class action brought against Time Warner Cable alleging Time Warner sent artificial or prerecorded voice calls to wrong numbers in violation of the TCPA. Hunter v. Time Warner Cable, Inc. The court held that the class was not ascertainable because plaintiffs would use a “reverse lookup” tool to determine purported class members’ telephone numbers and that tool was not sufficiently accurate.
North Carolina has passed a law (HB 2019 NCHP 724) changing its caller ID rules to include texts. Telephone solicitors are barred from causing misleading information to be transmitted using caller ID technology.
A Texas court has ruled that an allegation that a call had a “pause” prior to the speaker’s voice being heard by the recipient was sufficient to allege use of an ATDS. Adams v. Safe Home Security, Inc. The judge ruled the system did not have to generate random or sequential numbers to meet that definition.
Comment: Some courts have ruled an ATDS has to randomly or sequentially generate numbers to be called, but decisions fall on both sides of this issue.