Roth and Reilly Invited to Speak at PACE Convention on TSR and TCPA Compliance and Related Developments
At the Professional Association for Customer Engagement (PACE) National Convention & Expo, attendees will hear from leading customer engagement brands and thought leaders on strategies and best practices to improve the customer experience at the point of engagement and ultimately grow their businesses.
Marc Roth and Christine Reilly, co-chairs of Manatt’s TCPA Compliance and Class Action Defense Group, have been invited to speak at a session titled “Legal Compliance Update: What You Need to Know to Avoid TSR and TCPA Liability.” Joined by Cindy Liebes (Director of the FTC’s Southeast Regional office), Marc and Christine will discuss recent FTC telemarketing enforcement cases, trends and priorities, with a focus on supplier and vendor liability for “assisting and facilitating” offensive marketer behavior. Attendees will also hear about TCPA litigation trends and developments in the past year and strategies for minimizing litigation risk.
The conference will be held April 19-22, 2015, at the Atlanta Marriott Marquis in Atlanta, Georgia.
back to top
It’s Back: Congress Considers Data Broker Legislation Again
The Data Broker Accountability and Transparency Act has returned to Congress. Re-introduced by Sens. Edward Markey (D-Mass.), Richard Blumenthal (D-Conn.), Sheldon Whitehouse (D-R.I.), and Al Franken (D-Minn.), the bill would establish federal oversight for the collection, retention, and use of consumer information in the data broker industry.
A pet issue for former Sen. Jay Rockefeller (D-W.Va.), who launched a Senate investigation of the industry and introduced a version of the legislation last year before he retired, the bill defines a “data broker” as “a commercial entity that collects, assembles, or maintains personal information concerning an individual who is not a customer or an employee of that entity in order to sell the information or provide third party access to the information.”
The law would allow consumers to stop data brokers from using and selling their information and would create a mechanism to correct information. The Federal Trade Commission—which conducted its own study of the industry last year—would be tasked with crafting regulations to establish a centralized Web site for consumers to learn about their rights and obtain information from the companies.
“Data brokers seem to believe that there is no such thing as privacy,” Sen. Markey said in a statement, citing a need to “shed light on this ‘shadow’ industry,” a sentiment echoed by co-sponsor Sen. Franken. “I believe Americans have a fundamental right to privacy, including the right to determine whether information about their personal lives should be available for sale to the highest bidder,” Sen. Franken said in a statement.
Consumer groups like the Center for Digital Democracy and Consumer Watchdog praised the proposal, while FTC Commissioner Julie Brill expressed her “strong support.”
The Direct Marketing Association spoke out against the measure, calling it unnecessary in part because of self-regulatory efforts by the industry. “There’s not a business in America that’s not dependent on the responsible flows of data about consumers,” said Rachel Thomas, vice president of government affairs for the group.
To read the Data Broker Accountability and Transparency Act, click here.
Why it matters: The measure faces an uncertain future in Congress given pushback from the industry, a division along party lines, and other privacy-related proposal issues like data breach notification and cyberthreat information sharing, which are currently under legislative consideration.
back to top
Paying for Consumer Reviews Gets Company FTC Action
Accused of failing to disclose that it gave cash discounts to customers to post online reviews, AmeriFreight and owner Marius Lehmann agreed to a settlement with the Federal Trade Commission.
The Georgia-based automobile shipment broker’s Web site claimed that the company had “more highly ranked ratings and reviews than any other company in the automotive transport business,” in ads such as: “Google us ‘bbb top rated car shipping.’ You don’t have to believe us, our consumers say it all.”
In its first complaint charging that the defendant violated Section 5 of the Federal Trade Commission Act by failing to disclose that incentives were tied to reviews, the agency said customers were provided with a $50 discount for a review and the chance to win a $100 “Best Monthly Review Award” for most creative subject title and “informative content.” Customers that elected not to write a review were charged an additional $50.
AmeriFreight even contacted customers after their cars had been shipped to remind them about the “online review discount” and the chance to qualify for the award, the FTC said.
A proposed order settling the suit would prohibit future misrepresentations about customer reviews and require clear and prominent disclosures of any material connections with endorsers. In addition, the defendants would be required to maintain records of all advertisements and relevant documents, among other notice requirements, for the life of the 20-year order.
To read the complaint and proposed consent order in In the Matter of AmeriFreight, click here.
Why it matters: “Companies must make it clear when they have paid their customers to write online reviews,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said in a statement about the case. “If they fail to do that—as AmeriFreight did—then they’re deceiving consumers, plain and simple.” Advertisers should ensure compliance with the agency’s Guides Concerning the Use of Endorsements and Testimonials, which require that “[w]hen there exists a connection between the endorser and the seller of the advertised product that might materially affect the weight or credibility of the endorsement (i.e., the connection is not reasonably expected by the audience), such connection must be fully disclosed.”
back to top
Congress Tries Its Own Privacy Proposal
Following the poor response to President Barack Obama’s Consumer Privacy Bill of Rights, lawmakers have taken matters into their own hands.
The Commercial Privacy Rights Act of 2015 features general privacy protections as well as specific provisions for children and a section on data breach notification.
In February, the White House released a draft of the President’s proposed Bill of Rights that united privacy advocates, industry representatives, and legislators in general unhappiness. The next week, Sen. Robert Menendez (D-N.J.) produced a counterpart.
The Commercial Privacy Rights Act covers entities within the Federal Trade Commission’s jurisdiction, common carriers under the Communications Act, and 501(c) non-profit organizations that “collect, use, transfer, or store” covered information of more than 5,000 individuals during a consecutive 12-month period.
The Act’s definition of “covered information” is more narrowly defined than the White House proposal, and includes “personally identifiable information” and “unique identifier information,” as well as an individual’s name, e-mail address, physical address, telephone number, Social Security number, and biometric data. Other data—like precise geographic location—is covered when paired with one of the types of personal information.
The bill defines “unauthorized use” as information for any purpose not authorized by the individual and makes such use potentially actionable.
The Federal Trade Commission was granted rulemaking authority to establish recognized security practices (proportional to the size and type of the entity) consistent with industry norms and existing FTC guidance. Covered entities would be responsible for implementing such practices and the bill mandates privacy by design throughout the data life cycle.
As transparency is key under the bill, the FTC is also tasked with establishing rules for the collection, use, transfer, and storage of covered information. If a covered entity makes material changes to any relevant information policies, it would be required to provide prior notice. The measure incorporates the principle of data minimization and limits retention of information to the necessary time period.
Consumers would be granted the right to access their covered information and a procedure for correcting any errors.
Importantly, the bill provides two means of safe harbor for businesses: compliance with industry-specific self-regulatory programs and an exemption for covered entities to the extent they are subject to data security and privacy provisions of specifically enumerated federal laws, including the Children’s Online Privacy Protection Act, the Fair Debt Collection Practices Act, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and the Fair Credit Reporting Act, among others.
Enforcement would be led by the FTC pursuant to Section 5 of the Federal Trade Commission Act, with supplementary enforcement by state attorneys general. No private right of action was provided in the bill. Civil damages would be available for up to $33,000 per day or per individual with a maximum of a $6 million penalty.
The bill also features the return of the Do Not Track Kids Act and a data breach notification provision.
COPPA would be tweaked to apply the Commercial Privacy Rights Act’s regulations on the collection of information to children, the definition of “operator” would be updated to include online and mobile applications, an “erase” mechanism would be provided for underage users, and the sharing of information about a minor with third parties for targeted marketing purposes absent verifiable parental consent would be prohibited.
The data breach notification provision sets forth the circumstances under which a covered entity must provide notice to consumers, the FTC, third parties, service providers, and credit reporting agencies. Exemptions exist if the company concludes “there is no reasonable risk of identity theft, fraud, or other unlawful conduct.”
Why it matters: Privacy and data security remains a hot topic for both the President and Congress. With so many proposals floating around the Capitol (a few days after the Commercial Privacy Rights Act was introduced, another data breach notification bill was presented by lawmakers), the likelihood of actually passing legislation remains unclear.
back to top