Educational Series

Identity theft remains on top of FTC’s national complaints list

Identity theft continues to top the FTC’s national ranking of consumer complaints, with American consumers reported as losing over $1.6 billion to overall fraud in 2013, according to its annual report released last month. The FTC received more than two million complaints overall, of which 290,056 or 14%, involved identity theft. Thirty percent of these were tax or wage-related, which continues to be the largest category within identity theft complaints. Debt collection followed identity theft with 204,644 or 10% of total complaints, and banking and lending was number three with 152,707 or 7%.

Florida was noted as the state with the highest per capita rate of reported identity theft and fraud complaints, followed by Georgia and California for identity theft complaints, and Nevada and Georgia for fraud and other complaints.

Accuracy issues top credit reporting complaints

The Consumer Financial Protection Bureau (CFPB) last month released its report regarding approximately 31,000 complaints filed between October 22, 2012 and February 1, 2014, by consumers frustrated with credit reporting companies. The majority of the complaints pertained to accuracy and completeness of credit reports.

SEC defines “compensated solicitor” and “participation” under bad actor Rule 506(d)

As we reported previously, on September 23, 2013, new Rules 506(d) and (e) of Regulation D under the Securities Act and changes to Form D (“Bad Actor Rules”) went into effect, making all Rule 506 offerings subject to certain disqualification, disclosure and certification requirements.

In this blog, we want to bring to your attention the SEC’s compliance and disclosure interpretations (“C&DIs”) issued December 4, 2013, which, among other provisions, define what constitutes a “compensated solicitor” and “participation” in an offering, in case the SEC’s expanded guidance warrants an assessment of your particular services, especially if you are a professional advisor.

The CD&Is define “compensated solicitors” as “all persons who have been or will be paid, directly or indirectly, remuneration for solicitation of purchasers, regardless of whether they are, or are required to be, registered under Exchange Act Section 15(a)(1) or are associated persons of registered broker-dealers.”

According to the CD&Is, “participation in an offering is not limited to the solicitation of investors, and includes involvement in due diligence activities or the preparation of offering materials (including analyst reports used to solicit investors), providing structuring or other advice to the issuer in connection with the offering, and communicating with the issuer, prospective investors or other participants about the offering. To constitute ‘participation,’ such activities must be more than transitory or incidental–administrative functions, such as opening brokerage accounts, wiring funds, and bookkeeping activities, would generally not be deemed to be deemed as ‘participating’ in the offering.”

Stricter Volcker Rule final; banking entities have until July 21, 2015 to conform

On December 10, 2013, five federal agencies approved the regulation known as the Volker Rule which introduces a variety of guidelines to limit risk-taking by banks with federally insured deposits. The Federal Reserve Board announced that banking entities covered by section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act will be required to fully conform their activities and investments by July 21, 2015. The compliance requirements will vary based on the size of the entity and the scope of activities conducted.

The rule prohibits insured depository institutions and any company affiliated with an insured depository institution from engaging in short-term proprietary trading of certain securities, derivatives, and other financial instruments for the firm’s own account, subject to certain exemptions, including market making and risk-mitigating hedging. It also imposes limits on banking entities’ investments in, and other relationships with, hedge funds and private equity funds.

Scrutiny of predictive scoring products is on the FTC’s agenda in 2014

According to the Federal Trade Commission (‘the “FTC”) and media reports, companies are using predictive scoring for a variety of purposes, ranging from identity verification and fraud prevention to marketing and advertising. The scores, are touted to predict, for example, the likelihood that a person has committed identity fraud or that a certain transaction will result in fraud; the credit risk associated with mortgage loan applications; whether contacting a consumer by mail or phone will lead to successful debt collection; or whether sending a catalog to a certain address will result in an in-store or online purchase.

Consumers are largely unaware of these scores, and have little or no access to the underlying data. As a result, predictive scoring products raise a variety of privacy concerns and questions that the FTC intends to explore. Among the issues, are what consumer protections exist or should be provided, and whether certain scores are considered eligibility determinants that fall under the ambit of the Fair Credit Reporting Act.

New York joins in efforts to root out misclassification of independent contractors

On November 18, 2013, New York’s attorney general and the state labor department entered into agreements with the U.S. Department of Labor’s Wage and Hour Division to coordinate investigations, make referrals, share data and take other actions to combat worker misclassification.  Fourteen other states (California, Colorado, Connecticut, Hawaii, Illinois, Iowa, Louisiana, Maryland, Massachusetts, Minnesota, Missouri, Montana, Utah and Washington) already participate in this national “misclassification initiative” that is a collaboration between the U.S. Department of Labor and the Internal Revenue Service.

An employer that misclassifies an employee as an independent contractor faces significant consequences that can include the payment of back taxes plus interest, overtime and state workers’ compensation, and the provision of health and welfare benefits.

Reminder to New Jersey employers to provide required CEPA notice

New Jersey employers with 10 or more employees are reminded of their annual obligation to provide to their employees, in both English and in Spanish, the required notice under the Conscientious Employee Protection Act (the “CEPA”). The notice may be distributed in hard copy or electronic format, but having only a poster or a policy in a handbook does not fulfill an employer’s notice obligation under the CEPA.

Enacted in 1986, this anti-retaliation statute is known as New Jersey’s Whistleblower’s Act. The goal of the CEPA is to encourage whistleblowers to report wrongdoing to their employers without fear of reprisals. Overall, CEPA provides a broader range of protections and remedies than other similar statutes, such as the federal False Claims Act.

California passes two new data privacy laws

Effective January 1, 2014, California will have two new data privacy laws: AB 370, which mandates disclosure of “do not track” and other tracking practices in online privacy policies, and SB 46, which amends the state’s data security breach notification law.

AB 370 adds to the California Online Privacy Protection Act (“CalOPPA”) a requirement for companies that collect personally identifiable information online to include disclosures regarding (1) how they respond to a web browser’s “do not track” (DNT) signal, and (2) if third-parties can collect personal information across a network of sites. The law does not require websites to honor browser DNT signals or block third-party tracking; it simply tries to increase transparency about the site’s practices.

SB 46 adds a new category of data triggering California’s breach notification requirements, to wit: “a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.” The new law requires notification of unauthorized access to user credential information even if that information is encrypted.

Grace period for E-Verify compliance ends November 5, 2013

Now that E-Verify services are back online, employers must create an E-Verify case for each employee hired during the shutdown (October 1-17, 2013) no later than November 5, 2013. When prompted by the E-Verify system to explain why the case was initiated late (a violation of the three-day E-Verify rule), employers should select “other” from the drop-down menu and enter into the text field “federal government shutdown.” See the USCIS E-Verify instructions page for handling specific situations.

Go to Top