How Retailers Can Avoid Regulatory Scrutiny During Holiday Season
By Richard Lawson, Partner, Consumer Protection
With the holiday season often accounting for one-third of a retailer’s annual sales, competition can be fierce. Tempting as it is to grab for every advantage, this can have the unpleasant consequence of legal entanglements with the Federal Trade Commission (FTC) or a state attorney general that are expensive to resolve and can bring reputational damage at a critical time of year.
Retailers can protect themselves by focusing on three key areas where regulators look for potential violations this time of year: advertising disclosures, compliance with laws on continuity plans and bogus discount prices.
1. Clear Disclosures
In my former position as Director of the Florida Attorney General’s Consumer Protection Division, I saw first-hand that the prime driver of consumer complaints about retailers usually involved feeling duped by hidden fees, costs or payment plans. The best way to avoid these types of complaints is through clear and conspicuous disclosure of all key terms. This is easy to say, but, as always, the devil is in the details on how to implement it. My favorite saying about “clear and conspicuous” disclosures is that the disclosure should find the consumer, not the other way around. Common complaints include: items noted as free when there was, in fact, a charge (or perhaps shipping and handling roughly equal to the retail value of the item), a list price that is not actually the charged price and receiving charges based on a continuity plan when they had no idea they had been enrolled in one.
Retailers engaged in any of these practices should take great care to make sure that any consumer buying the product is fully aware of the terms – true cost, any shipping fees and any recurring charges. State and local consumer protection agencies take these complaints very seriously, as they represent real, out-of-pocket expenses for their consumers.
2. Continuity Plans
In addition to disclosure considerations, there are specific laws about recurring charges which retailers must be ready to navigate. Chief among them is ROSCA, the Restore Online Shopper’s Confidence Act. Enacted by Congress in 2010, this law has seen considerable enforcement activity in recent years from both state and federal regulators. As referenced in the name, the law speaks to online retail sales involving recurring negative option charges and has two main areas of focus: disclosures and consent before purchase, and means of cancellation.
ROSCA requires a retailer to disclose terms of the recurring charge prior to obtaining billing information, and then the consumer’s consent prior to charging. With cancellation, ROSCA requires that the retailer must provide, “simple mechanisms for a customer to stop recurring charges.” “Simple mechanisms” does not mean that if the consumer enrolled online they have to be able to cancel online, but again, in my time investigating complaints, a prime motivator for a consumer to contact the Attorney General was getting the runaround from a retailer when they tried to cancel. Retailers engaged in online sales should make sure that they comply with ROSCA’s terms for recurring charges, as it will be very easy for a regulator to find a violation.
3. Discount Pricing
Discount pricing is another area where state and local regulators keep a sharp watch. Regulators have no issue with consumers getting a good deal, but when a discount sale becomes a permanent event, it may be seen as a deceptive act designed to generate an urgent ‘buy-now’ mentality in the consumer.
A related issue is whether there is even a sale at all. Some retailers have received unwelcome regulatory scrutiny by listing products at a discount, with a hidden disclaimer that the ‘original price’ was, in fact, essentially made of whole cloth. There are some specific state statutes that address when and for how long items must be offered at the original price, but beyond this, there is the simple theory of deception – you can’t really say something is at a discount when the ‘original’ price is simply made up.
Keeping an eye on the issues addressed above will help a retailer avoid any unwelcome regulator attention this holiday season. As mentioned above, indulging in a deceptive practice might be tempting, but unlike a new year’s resolution to work off the excess pounds gained during this time of year, working out a regulator action will be much more unpleasant.
This article was originally published in Retail Merchandiser on November 17, 2016.
back to top
No Class Certification Where Employer Lacked Uniform Policy
Why it matters
An employer’s lack of a uniform policy necessitated the reversal of class certification, a California federal court judge recently ruled, refusing to reconsider his decision to decertify the class. Several AutoZone employees filed suit in 2010, accusing their employer of failing to provide them with rest breaks. Several other actions were consolidated into a multi-district litigation and a class was certified in 2012. As discovery went on, AutoZone moved to decertify the class. The court granted the motion in August, finding that written records keeping track of workers’ breaks were not kept and that a lawful policy had been in place for several years of the class period.
The plaintiffs asked the judge to reconsider the motion, suggesting that, instead of decertifying the class, he redefine it. But the court affirmed the decertification ruling. “AutoZone’s policy was, for a significant portion of the class period, lawful on its face and, ‘[a]s a result, the bulk of the issues that are truly in dispute … are inherently individualized,’ ” the judge concluded.
Detailed discussion
Multiple cases were filed in California federal courts against AutoZone, alleging the company failed to provide legally mandated rest breaks for its workers. After a multi-district litigation (MDL) was established, U.S. District Court Judge Charles R. Breyer certified a class in December 2012, defined as: “All non-exempt or hourly paid employees who have been employed at Defendant’s retail stores in the State of California at any time on or after July 29, 2005 until the date of certification.”
However, as discovery went on, AutoZone moved to decertify the class based on the evidence that had come to light since certification. Judge Breyer granted the motion in August, writing that “Plaintiffs have failed to demonstrate predominance or manageability/superiority.” The plaintiffs then moved for the court to reconsider the motion, arguing the decertification ruling was error or, in the alternative, that the court should have redefined the class.
But the court disagreed.
At the class certification stage, the court had accepted the plaintiffs’ representation that throughout the relevant time period, the employer had a written rest break policy applicable to all AutoZone stores. Based on this, the court found predominance. But the evidence told a different story, the court said.
“The evidence demonstrates that at the beginning of the class period, AutoZone’s written policy was that ‘[rest] breaks are scheduled in accordance with California law,’ and AutoZone posted the relevant Wage Order in each store,” Judge Breyer wrote. “The unlawful-as-written language that Plaintiffs had earlier represented as AutoZone’s sole policy throughout the class period was not in place until 2008.”
This left the plaintiffs without a uniform policy warranting certification, the court said, rejecting their contention that just because the 2008 policy was unlawful, the earlier policy similarly violated labor law.
“[T]he evidence does not suggest that, despite different written policies, AutoZone had a uniform practice of denying rest breaks,” the court wrote. “Rather, the existence of the conflicting policies during the class period, some of which appear facially lawful and others of which appear facially unlawful, which existed over different time periods, and which were applied differently to various employees, negates Plaintiffs’ claims of uniformity. The evidence suggests that many class members received proper breaks, and that when they did not, it was due to a variety of reasons, not all of them unlawful.”
Because there was no single uniform policy in place from 2005 to 2012—nor a consistent practice of denying rest breaks during that time—the court did not err in concluding that the plaintiffs failed to demonstrate predominance, Judge Breyer said.
He also rejected the plaintiffs’ proposal to redefine the class, limiting it to the period in which the 2008 policy was in effect, holding that individual issues would predominate.
“Common issues do not predominate where a policy was applied differently to different class members: some class members testified that they did not receive breaks, others testified that they did take breaks, some stated that they told subordinates to take a break every two hours, others explained that whether they received a break depended on the manager, position held, hours worked and/or staffing at that location,” the court said. “It was not clear error to decline to redefine the class where there was significant variability among class members.”
In addition to failing to satisfy the predominance requirement, the plaintiffs did not demonstrate that class certification would render the case more manageable. Despite their reassurances that rest break records existed, the plaintiffs were unable to find them. “The Court expected that the records would help Plaintiffs establish liability as to each class member, so that Plaintiffs would not need to rely on employees’ recollections from years past,” Judge Breyer explained. “That Plaintiffs could no longer point to either a uniform policy or a record of when rest breaks were actually taken struck the Court as problematic.”
To read the order in In re: AutoZone, Inc. Wage and Hour Employment Practices Litigation, click here.
back to top
NLRB Asks Supreme Court—Again—to Speak on Arbitration
Why it matters
Not for the first time, the National Labor Relations Board (NLRB) has asked the U.S. Supreme Court to weigh in on whether the National Labor Relations Act (NLRA) bars arbitration agreements that prohibit employees from pursuing employment-related claims on a class or collective basis in any forum. The most recent writ of certiorari comes from a case out of the Fifth Circuit Court of Appeals. The NLRB argued that a national fitness chain’s employment agreements violated employees’ Section 7 right to engage in protected, concerted activity by requiring individual arbitration and foreclosing class or collective actions of any kind.
An administrative law judge sided with the NLRB, following the D.R. Horton and Murphy Oil line of cases, but the Fifth Circuit reversed, siding with the employer. The Board’s petition to the Justices emphasized that the federal appellate panels are increasingly divided on the issue, with the Fifth Circuit on one side and the Seventh and Ninth Circuits agreeing with the Board. Given the split, it seems likely that the Court will grant cert on one of the cases sooner or later.
Detailed discussion
In 2011, the National Labor Relations Board (NLRB) issued a complaint alleging that 24 Hour Fitness violated the National Labor Relations Act (NLRA) by requiring employees to agree to resolve all employment-related disputes through individual arbitration. This waiver of class and collective actions ran contrary to employees’ Section 7 right to engage in protected, concerted activity, the NLRB alleged.
An administrative law judge (ALJ) agreed, leaning on the NLRB’s decision in D.R. Horton for support. That decision—followed by Murphy Oil—established the Board’s position that any employment agreement requiring the waiver of class or collective actions violated the NLRA.
The national fitness chain appealed and the NLRB affirmed. Even the use of an opt-out provision in 24 Hour Fitness’ employment agreement did not save it, the majority of the Board panel wrote.
The Fifth Circuit—which had already rejected the NLRB’s position in both D.R. Horton and Murphy Oil—granted the employer’s motion to reverse in a single-sentence order.
Undeterred, the Board filed a petition for a writ of certiorari to the U.S. Supreme Court, requesting yet again that the Justices take a stance on the issue. Specifically, the NLRB posed the question: “Whether arbitration agreements with individual employees that bar them from pursuing work-related claims on a collective or class basis in any forum are prohibited as an unfair labor practice under 29 U.S.C. 158(a)(1), because they limit the employees’ right under the National Labor Relations Act to engage in ‘concerted activities’ in pursuit of their ‘mutual aid or protection,’ 29 U.S.C. 157, and are therefore unenforceable under the savings clause of the Federal Arbitration Act, 9 U.S.C. 2.”
The NLRB had already sought review from the Fifth Circuit’s Murphy Oil decision as well as a similar Second Circuit case while employers asked the high court to consider cases from the Seventh and Ninth Circuits, where the federal appellate panels embraced the Board’s position.
“There is a clear conflict in the courts of appeal regarding the validity, in light of the NLRA, of arbitration agreements that would preclude employees from pursuing class or collective actions that assert employment-related claims,” the Board wrote. Noting that it has already filed prior writs, the NLRB suggested that the Court hold the petition in 24 Hour Fitness pending the disposition of the other four petitions.
To read the NLRB’s writ of certiorari in NLRB v. 24 Hour Fitness, click here.
back to top
Court Sides With Insurer on Coverage for Cyber Event
Why it matters
Another court has held that traditional general liability and property policies do not provide coverage for losses arising from a cyber attack. A grocery store in Alabama had its customers' credit and debit card information compromised, and was then sued by three credit unions for the cost of reissuing cards, reimbursing customers for fraud losses, and administrative expenses.
When the grocer tendered defense of the suit to State Farm, the insurer refused to defend or indemnify the claims. The policy only provided coverage for direct loss to computer programs and electronic data, the Alabama federal court determined, and not the harm alleged by the third parties in the underlying complaint. This decision highlights the challenges facing policyholders when seeking to recover for cyber-related events under traditional general liability and property policies, and underscores the need for companies exposed to cyber-related risk to consider purchasing specialized cyber policies.
Detailed discussion
An Alabama grocery store, Camp's Grocery, Inc., was hit with a lawsuit by three credit unions. The credit unions alleged that Camp's computer network was hacked, compromising confidential data on its customers, including their credit card, debit card, and check card information.
As a result, the credit unions alleged, they were forced to reissue cards, reimburse customers for fraudulent activity, pay various administrative expenses. In addition, the credit unions asserted, they suffered losses such as diminished goodwill and lost customers. The suit asserted claims for negligence, wantonness, misrepresentation, and breach of contract.
Camp's sought coverage for the lawsuit from State Farm Fire & Casualty Company, but State Farm refused to defend. Camp's then filed a declaratory action suit against State Farm. The relevant policy provided coverage for both first-party property losses and general liability, but expressly excluded coverage for "electronic data." Moreover, a covered "accident" was defined as not including any "loss of 'electronic data,' … or other condition within or involving 'electronic data' of any kind."
Camp's pointed the court in the direction of two endorsements attached to the policy, the "FE-8743 Inland Marine Computer Property Form" (IMCPF) and the "FE-8739 Inland Marine Conditions" (IMC). The IMCPF included a general insuring provision that State Farm would pay for "accidental direct physical loss" to computer equipment and removable data storage media.
State Farm countered with a motion to dismiss, arguing that the IMCPF could not be read to provide defense or indemnity for the underlying lawsuit because it was a first-party insuring agreement that covered only losses sustained directly by the insured itself.
U.S. Magistrate Judge John E. Ott agreed. The Alabama Supreme Court has recognized a distinction between first-party insurance and third-party insurance, he explained, and neither the IMCPF nor the IMC contained language in which State Farm promised to "defend" or "indemnify" Camp's "whether in regard to claims involving computer equipment, electronic data, or anything else, for that matter." Rather, the general insuring agreement of the IMCPF provided that State Farm "will pay for accidental direct physical loss."
"Such promises to pay the insured's 'direct loss' unambiguously afford first-party coverage only and do not impose a duty to defend or indemnify the insured against legal claims for harm allegedly suffered by others, as in third-party coverage," the court wrote, citing similar decisions from California, Colorado, Florida, New York, and the Ninth U.S. Circuit Court of Appeals. "Therefore, the terms of the IMCPF itself impose no obligation on State Farm to either defend or indemnify Camp's in the underlying action."
Judge Ott was not persuaded by Camp's alternative argument that the IMC provides that in the event of a covered loss, the insurer "may elect to defend [the insured] at [State Farm's] expense." While the policyholder read this language to mean that State Farm has assumed a duty to defend, the court disagreed. "On its face, a policy provision that the insurer 'may elect to defend' an insured unambiguously gives the insurer a discretionary choice or right to defend; it does not create a duty, that is a nondiscretionary legal obligation, to do so."
The insured then urged the court to declare the elective language in the IMC ambiguous in light of other provisions of the policy. The endorsements expanded the scope of liability under the policy, Camp's said, requiring State Farm to render a defense and indemnity for claims based on losses involving computers and electronic data. But the court again disagreed, finding the argument "fatally flawed." Because the credit unions did not allege "property damage" covered by the policy, the suit was therefore excluded from coverage, and the policy provisions and the endorsements did not render the policy ambiguous.
"Camp's suggests that it is merely interpreting the different coverages of the Policy as an integrated whole," Judge Ott wrote. "But what Camp's is actually doing is selectively reading the Policy in a piecemeal fashion, picking and choosing parts of different coverages while conveniently ignoring other terms from those same coverages that would preclude or exclude their application to the Credit Unions' claims."
The provisions of the endorsements "stand distinctly separate and apart from the business liability insurance afforded" by the policy and do not expand it, the court concluded. "In the end, the … endorsements afford only first-party coverage for certain computer equipment and electronic data, as specified in the IMCPF," the judge said. "Those endorsements do not create, recognize, or assume the existence of a duty to defend or indemnify against claims brought by third parties."
Finding the policy language was not ambiguous, the court held State Farm did not have a duty to defend or indemnify Camp's in the underlying action, granting the insurer's motion for summary judgment.
To read the memorandum opinion in Camp's Grocery, Inc. v. State Farm Fire & Casualty Co., click here.
back to top
Lyft Hit With Yet Another TCPA Action
Why it matters
Already facing a consumer class action for allegedly violating the Telephone Consumer Protection Act, Lyft was hit with its second case this year that alleges the ride-sharing company sent texts using an automated telephone dialing system without recipient consent.
Lyft's experience with the TCPA demonstrates the myriad ways a company can be tripped up by the statute. From the FCC citation to consumer class actions based on text invitations, driver applications, and links to the company's app, the lawsuits and regulatory action provide a snapshot of what pitfalls might exist for marketers.
Detailed discussion
Douglas O'Connor sued the company in January, claiming he received multiple texts from Lyft urging him to complete an application to be a driver, despite the fact that he did not provide consent to receive the messages.
In the new lawsuit, Jason David Bodie asserted in California federal court that Lyft sent an unsolicited text message instructing him to download the app on October 10. The defendant followed up with a second text, Bodie alleged, this time with a link to download Lyft's app in the app store.
Bodie's complaint alleged both texts were sent using an ATDS and constituted a "telephone solicitation" within the meaning of the TCPA because they were initiated for the purpose of encouraging the purchase of a good or service. He claimed he did not provide prior express consent to receive the texts and did not have an established business relationship with Lyft.
"Plaintiff was personally affected by Defendant's aforementioned conduct because Plaintiff was frustrated and distressed that Defendant interrupted Plaintiff with an unwanted solicitation text message using an ATDS," according to the complaint. "Defendant's text messages forced Plaintiff and other similarly situated class members to live without the utility of their cellular phones by occupying their cellular telephone with one or more unwanted calls, causing a nuisance and lost time."
Seeking to certify a nationwide class of "several thousands, if not more" text recipients dating back four years, the lawsuit requests damages and injunctive relief based on allegations of negligent and willful violations of the TCPA.
The TCPA has presented numerous challenges for Lyft in recent years, including a third consumer class action in Washington federal court over an advertising campaign that allowed users to send text invitations to their friends, as well as a citation from the Federal Communications Commission for unlawfully conditioning consumers' ability to use Lyft's services on their agreement to receive marketing text messages.
To read the complaint in Bodie v. Lyft, Inc., click here.
back to top
Survey Says High Anxiety Over Corporate IP Cyber Theft
Why it matters: An online poll recently conducted by Deloitte Advisory Cyber Risk Services reflects growing concern among IP professionals across all business sectors and industries about the security of their companies' IP assets in the face of an anticipated increase in cyber thefts. A majority of those surveyed believe that IP cyber theft incidents will increase over the next 12 months. Although IP can constitute upwards of 80% of a single company's value today, the poll results indicate that a significant portion of their companies had yet to fully secure their IP assets. In the face of a growing threat to some of their most valuable assets, companies would be well-served by proactively developing and having in place a comprehensive plan for securing their IP assets and, should it occur, for effectively dealing with IP cyber theft.
Detailed discussion: On October 25, 2016, Deloitte Advisory Cyber Risk Services released the results of an online poll of intellectual property (IP) professionals it had conducted on September 28, 2016, in conjunction with a webcast entitled "Cyberattackers and your intellectual property: Valuing and guarding prized business assets." The survey reflected a growing concern among IP professionals about the security of their companies' IP assets in the face of an anticipated increase in actual and attempted cyber thefts in the coming year. Notwithstanding this concern, the survey also reflected that, even though IP can constitute a large percentage (sometimes more than 80%) of a company's value, almost 50% of respondents said that their companies are either still in the building stages of their IP security plans or have not yet started putting one together.
Poll Breakdown
The nearly 3,000 poll respondents were IP professionals that came from a broad array of business sectors, including:
Banking and securities: 13.5%
Technology: 8.4%
Investment management: 6.1%
Travel, hospitality and services: 5.4%
Insurance: 5.1%
Retail, wholesale and distribution: 5.0%
Anxiety About Rise in Cyber Theft
The poll results showed that 58% of respondents across all business sectors expect the number of IP cyber theft incidents (defined as successful or attempted cyber theft of trade secrets, drawings and plans, or proprietary know-how) to increase over the next 12 months. Broken down by individual industries, the percentage of respondents who anticipate IP cyber theft incidents to increase is even higher:
Power and utilities: 68.8%
Telecom: 68.8%
Industrial products and services: 64.7%
Automotive: 63.9%
Company Insiders Seen as Main Cyber Theft Threat; Many Companies Not Prepared
The survey showed that 20.1% of respondents across all business sectors (higher when polled by individual industry) believe that the IP cyber theft will come from "employees and other insiders" at their organizations, followed by competitors (16.3%), activist groups (12%), third-party vendors (11.7%) and nation states (10.1%). Notwithstanding this, only 16.7% of respondents said that access to their companies' IP was "very limited, on a need-to-know basis only," while 36.1% said that their organizations' efforts to secure their IP were in the "building stage," and 12.1% said that their efforts were "lacking" and that they did not have a defined program to protect and monitor access to their IP. Given that a large number of those polled believe that IP cyber theft will come from insiders, it was suggested that companies create a specific "insider threat mitigation program" that includes both routine and random auditing and established policies and training for employees.
Perceived Major Challenges in the Event of Cyber Theft Incident
Even though IP can constitute a large percentage of a company's value, when asked about the biggest challenges their organizations would face in the event of an IP cyber theft incident, a combined 44.1% of poll respondents answered "assessing what IP had been stolen, or the impact of IP loss" and "managing investor and customer/client relationships." Suggested actions companies can take to mitigate these challenges include developing plans to identify key IP assets, assessing in advance the potential impact to the organization of their loss, and developing a concrete plan to secure them from both internal and external cyber theft because, in short, "[o]rganizations need to define their cyber risk, up front, in conjunction with their strategic priorities when making decisions on protecting their most critical assets because they recognize what the adverse consequences would be otherwise."
back to top