Federal Deception Law: 11.6.5 Private Remedies
Older state debt relief laws are sometimes contained in the state criminal codes or otherwise do not provide for private enforcement.
Older state debt relief laws are sometimes contained in the state criminal codes or otherwise do not provide for private enforcement.
Abuses by credit counseling, debt settlement, debt negotiation, and debt relief services are actionable under state unfair and deceptive acts and practices (UDAP) statutes.315 Every state has a UDAP statute, and every state affords consumers a private cause of action for violations.316 UDAP precedent concerning debt relief is detailed in NCLC’s Unfair and Deceptive Acts and Practices.317
Debt relief schemes may run afoul of state statutes and regulations governing the unauthorized practice of law328 where the scheme provides the debtor with pleadings, discovery requests, briefs, and other legal services. The same may be the case with a non-attorney involved in a debt settlement service that offers legal advice.329
Common law claims such as breach of contract, negligent misrepresentation, breach of fiduciary duty,344 and fraud may apply to debt relief services.
While some consumers are attracted to debt relief services because they hope to avoid bankruptcy, for-profit debt relief programs often force consumers deeper into debt, leaving bankruptcy as the only source of relief. Filing bankruptcy may be a particularly attractive option to recover funds lost to a debt relief program.
In any action against an insolvent but licensed or registered debt relief service, one source of funds to pay for a judgment may be a bond. State licensing laws typically require the agency to purchase a bond to cover consumer claims. Another way to reach deep pockets is to sue third parties involved with the scheme, such as the party holding consumer accounts in a debt settlement scheme355 or any other party aiding and abetting the scheme.356
Many constitutions and statutes create a right of privacy against intrusion by a government and its agencies. For example, the United States Constitution prohibits governments from conducting unreasonable searches and seizures27 and from enacting laws that violate the Fourteenth Amendment’s guarantee of privacy.28 As a general rule, government agencies cannot freely disclose the information they have gathered on individuals.
Protection of individuals from invasions and disclosures by non-governmental entities developed at common law with the tort of invasion of privacy.
Even if one of the four torts constituting the tort of invasion of privacy may be appropriate for a particular consumer, the FCRA provides qualified immunity from privacy actions based on information disclosed pursuant to specific provisions of the FCRA.47 This immunity extends to consumer reporting agencies and those who use their information and furnish information to them.48 If the immunity applies, the plaintiff must show that the information was both false and furnished with malice or willful i
In addition to affiliate disclosures, Regulation P describes three sets of exempt disclosures. The first two sets of disclosures are exempt not just from the privacy notices but also from the consumer’s opt-out rights. That is, a financial institution need not disclose that it will make these disclosures, even to nonaffiliated third parties (beyond a statement that the institution will “make disclosures to nonaffiliated third parties . . .
While the GLBA exempts disclosures for servicing and processing the consumer’s transaction and disclosures falling within the GLBA’s laundry list of exemptions, the Act restricts what the receiver of an exempt disclosure may do with the information once it has been disclosed.
Fundamentally, the GLBA is a notice statute, not a privacy protection statute. The Act describes two sets of notices: privacy notices and opt-out notices. Opt-out notices are discussed in § 18.4.1.8.2, infra.
The time the institution must give the notice depends on whether the consumer has customer status.169 Customers must be given the notice no later than the time the customer relationship starts,170 except in two cases: when someone other than the customer establishes the customer relationship,171 or when providing the notice would substantially delay the customer’s transaction and the customer agrees to receive notice at a later time.
The required contents of the privacy notices revolve around the concept of “categories.” The notices, whether initial, annual, or revised, must include the following information:
Certain financial institutions do not have to provide an annual privacy notice once they have provided an initial privacy notice.
Regulation P provides for a model privacy form that provides a safe harbor for institutions that use it.189 In developing the model privacy form, the original regulators who created the form190 had studied the privacy notices that financial institutions had been using to comply with the GLBA and observed that many were “long and complex.”191 Perhaps of even more concern, some institutions added opening statements to their notices that claimed how m
The opt-out right is the core privacy protection of the GLBA. However, it applies only to nonexempt disclosures of nonpublic personal information to a nonaffiliated third party. Note that if a financial institution does not make nonexempt disclosures of nonpublic personal information, then the GLBA, as modified by the FAST Act, permits the institution to forgo annual privacy notices.194
If an institution wants to disclose, or to reserve the right to disclose, nonpublic personal information about a consumer to a nonaffiliated third party, the institution must furnish the consumer with an opt-out notice that meets the Act’s requirements. The foremost of these requirements is that the institution provide “a clear and conspicuous notice . . .
Regulation P requires an institution to comply with a consumer’s opt-out direction “as soon as reasonably practicable after [the institution] receives it.”215 The opt-out continues until the consumer revokes it in writing or electronically.216 Until it is revoked, the consumer may exercise the opt-out right at any time.217
A hodge-podge of other federal privacy statutes provide limited privacy protections for specific kinds of information in certain circumstances. The following is not a complete list, but rather some prominent examples.
State laws that specifically prohibit the disclosure of financial data to non-governmental third parties might be more effective than the traditional torts.
In addition to statutes, common law may impose on banks an implied contractual duty to keep financial information concerning a depositor confidential.344 Explained one court, “[i]nviolate secrecy is one of the inherent and fundamental precepts of the relationship of the bank and its customers or depositors.”345 Accordingly, if the state recognizes a duty of confidentiality in its case law, the bank may be liable for all damages proximately caused by the bank’s wrongful disclosure of information.
Expanding privacy law to cover more consumer protections has and will continue to meet with resistance: there is simply too much money to be had in the disclosure of personal identifying information.
Critical to an understanding of most of the provisions dealing with secured claims is a familiarity with a key concept in the Bankruptcy Code—the “allowed secured claim.” Although not defined in the definition section of the Code,4 the term is explained by section 506, which is applicable to cases under all chapters of the Code.5