Class Actions Put Financial Services in CrosshairsFebruary 19, 2020
Lawyers or business people who feel they have been hearing about a lot more consumer protection class actions lately have good reason for that feeling. A recent report by Lex Machina, part of LexisNexis, highlights an extraordinary increase in federal consumer protection class actions over the last decade. The number of such class actions almost tripled, even though consumer protection suits generally (i.e., suits other than class actions) increased by less than 20% over the period studied, 2009 through 2018. The number of class action filings focused on consumer protection issues rose from 1,223 in 2009 to 3,382 in 2018. Though 2019 filings have not been compiled and verified as of this time, observers widely expect a number similar to, or larger than, 2018.
In its “Consumer Protection Litigation Report,” Lex Machina noted that cases involving data privacy issues and unwanted text messages were most responsible for the increase. Plaintiffs’ attorneys evidently perceive the potential for substantial company liability in data breach cases. At the same time, consumers and regulators alike are communicating higher expectations for companies’ data security systems and privacy measures. Regulators, in particular, are increasing the pressure on companies to bolster and protect their privacy and security practices and standards. This has created an opportunity for private plaintiffs and their counsel. In certain circumstances, they can contend that, among other things, a company’s alleged failure to conform to “accepted best practices” (as manifested, perhaps, in statutes like the much-discussed California Consumer Privacy Act) contributed to the injuries suffered by the putative class.
Consumer protection class actions in the period studied were, of course, hardly limited to data breach cases. Class actions alleging violations of the Telephone Consumer Protection Act (TCPA), for example, rose 740%, and ones asserting Fair Credit Reporting Act (FCRA) claims increased by more than 150%. TCPA lawsuits in recent years have most often focused on text messages sent to cellphones. FCRA suits over the last few years have reflected consumers’ higher expectations that their data will be kept private, not sold, or widely shared.
Financial services companies may be among the companies most vulnerable to putative class actions focused on supposed data privacy violations. They generally have access to customers’ sensitive financial information, not to mention other personally identifiable information (such as social security numbers, address information, and sometimes health-related information) of employees and customers. Many companies in the financial services industry also sell, transfer or assign financial instruments (residential mortgage loans, as one example), and in so doing, must convey to the receiving company…