Tag Archives: consumer protection

Pennsylvania consumers protections under the Fair Credit Extension Uniformity Act

In previous blogs, I have discussed the protections provided consumers under the Federal Fair Debt Collection Practices Act (“FDCPA”). The FDCPA is a powerful deterrence to unscrupulous debt collectors and unlawful debt collection practices. The FDCPA is a comprehensive and reticulated statutory scheme, involving clear definitions, precise requirements, and particularized remedies. The validity of the underlying debt is not relevant or an issue under the FDCPA. There is no exception to liability for violating the FDCPA as a result of fraud on the part of the consumer. As long as the underlying obligation is a “debt” as defined b the FDCPA, the method of collections is irrelevant. The validity of the underlying debt is irrelevant as well.

The FDCPA “provides a remedy for consumers who are subjected to abusive, deceptive, or unfair trade collection practices by debt collectors.” A single violation of the Act triggers statutory liability and remedies. Under the FDCPA, a plaintiff may collect statutory damages even if he has suffered no actual damages. The FDCPA is essentially a strict liability statute, where the degree of the defendant’s culpability is relevant only in computing damages, not in determining liability.

Under the FDCPA, consumers are enforcing the FDCPA essentially acting as private attorney generals. Because consumers are acting as private attorney generals, an award of attorney fees is mandatory in an FDCPA case. That means that the FDCPA is essentially a fee shifting statute. If a consumer can demonstrates that the FDCPA has been violated, the consumer may recover actual damages, statutory, costs and attorney’s fees. The longer the lawsuit goes, the more the consumer can recover in attorney’s fees. The threat of an award of attorney’s fees is a very effective deterrent and leads to mean settlements early in litigation.

The FDCPA is not without its limitations. One of the biggest limitations of the FDCPA is that it only applies to debt collectors as defined by the FDCPA. It does not apply to creditors or assignees of the creditor when the assignment has occurred prior to the consumer’s default on the debt obligation. Attorneys acting as debt collectors are also included in the definition of debt collector under the FDCPA.

Typically when bringing a suit under the FDCPA, a consumer will name the debt collectors, and possible law firm and individual attorney hired by the creditor to collect on the debt for any violations of the FDCPA. However the creditor may not be named under the FDCPA.

From the perspective of obtaining the greatest recovery in a lawsuit, a consumer’s best option is to target the creditor as they usually have the deepest pockets. Under Pennsylvania’s Fair Credit Extension Uniformity Act (“FCEUA”), a consumer may also sue the creditor.

The FCEUA is Pennsylvania’s analogue to the FDCPA and applies to both debt collectors and creditors. A debt collector’s violation of any provision of the FDCPA constitutes a violation of the FCEUA which in turn constitutes a violation of Pennsylvania’s consumer protection law, the Unfair Trade Practices and Consumer Protection Law (“UTPCPL”). The FCEUA allows a consumer to sue the original creditor as well as the debt collector for any violations of the FCEUA. The FCEUA protections mirror the FDCPA’s protections.

The FCEUA also has a two year statute of limitations as opposed to the FDCPA’s one year statute of limitations. Finally, as the FCEUA is also a violation of the UTPCPL, a consumer may recover actual damages or statutory damages whichever is greater, costs and reasonable attorney’s fees. Under the UTPCPL, a court may also award treble damages. Again a very effective deterrent which can lead to early settlements.

Any action by a consumer for unlawful debt collection practices must include claims for violations of the FDCPA as well as the FCEUA. It allows the consumer to sue the creditor as well as include older violations.

Advertisements

Leave a comment

Filed under Consumer Advocacy, Uncategorized

PUC Seeks Comments on Changes to Utility Regulations

puc_sealThe Pennsylvania Public Utility Commission (PUC or Commission) today issued for comment revisions to Chapter 56 of the Public Utility Code (Chapter 56), including but not limited to new utility reporting requirements, a new definition for medical certificates, an end to Friday utility service terminations, and installments for customers’ security deposits.

The Commission voted 4-0 to adopt the revisions to Chapter 56, which relates to the standards and billing practices for residential utility service.  Act 155 of 2014, which reauthorized and amended Chapter 14 of the Public Utility Code (Chapter 14) and partially superseded Chapter 56, directed the Commission to revise Chapter 56 and promulgate regulations to administer and enforce Chapter 14 (Responsible Utility Customer Protection).

In making Chapter 56 consistent with the amended Chapter 14, the Commission has revised and updated several key areas. Relating to the definition of a “Medical Certificate,” the Commission is proposing new content standards for medical certificates, which under Act 155 must be in writing and in a form approved by the Commission.  Prior to Act 155, the Public Utility Code contained no definition for medical certificates.  Act 155 also added physician assistants to the list of health professionals who can authorize medical certificates, a change also sought in the proposed rulemaking.

Additionally, the Commission seeks further comment on several other proposed changes to Chapter 56, including but not limited to a requirement for utilities to report annually medical certificate usage, as well as customer accounts with arrearages in excess of $10,000; the end of termination of utility service on Fridays; and allowing customers to pay security deposits in three installments over a 60-day period.  The proposed rulemaking also would make small natural gas distribution companies, as well as steam heat and wastewater utilities, comply with the same rules as electric and natural gas utilities.

Act 155 was signed into law on Oct. 22, 2014, by Governor Tom Corbett. It amends Chapters 5, 14, 22 and 28 of the Public Utility Code. In addition to establishing a definition for medical certificate, Act 155 allows the PUC to: 1) establish annual fees to fund the Commission’s oversight of natural gas suppliers and electric generation suppliers; 2) include the intrastate operating revenues of licensed entities in determining its budget cap; and 3) exclude from its budget cap funds received from the federal government and other sources to perform functions unrelated to the Commission’s jurisdictional regulation.

To learn how Prince Law Offices, P.C. can assist you with PUC matters including comments to the proposed regulations, contact attorney Jeffrey A. Franklin at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Consumer Advocacy, Energy Law, Real Estate

National Consumer Protection Week

Prince Law Offices, P.C. and the Federal Trade Commission (FTC) — working with more ftc_logo_430than 100 federal, state and local agencies, consumer groups, and national organizations — will spotlight efforts to protect consumers from fraud, identity theft and other consumer issues during National Consumer Protection Week (NCPW), March 6-12, 2016.

For 18 years, NCPW has been a time to encourage consumers to learn about their rights, and how to make informed buying decisions and report scams, identity theft and unfair business practices. NCPW.gov offers information on a wide range of topics, including credit and debt, online safety, imposter and other scams, identity theft and more.

The site features a blog to update visitors on the latest consumer protection news, including legal actions, new resources and partner-sponsored NCPW events. People also can get free resources and promotional tools for their own consumer education activities, as well as information on filing consumer complaints.

“The FTC and our NCPW partners are on the front lines of consumer protection every day,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “We hope people will take advantage of this week to find resources that will help them fight scams and fraud in their communities all year long.”

During NCPW, partners and hundreds of community groups across the country host events to promote general consumer education or highlight a specific issue, such as a shred-a-thon to reduce the risk of identity theft.

Contact Prince Law Offices, P.C. to lean more about your rights and how to address scams, identity theft and unfair business practices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Criminal Law, News & Events

ASUS Settles FTC Charges Routers Put Consumers’ Privacy At Risk

ftc_logo_430ASUSTeK Computer, Inc. (ASUS)  has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers’ insecure “cloud” services led to the compromise of thousands of consumers’ connected storage devices, exposing their sensitive personal information on the internet.  If you have a ASUS router at home, perhaps it is time for an upgrade.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”

ASUS marketed its routers as including numerous security features that the company claimed could “protect computers from any unauthorized access, hacking, and virus attacks” and “protect [the] local network against attacks from hackers.” Despite these claims, the FTC’s complaint alleges that ASUS didn’t take reasonable steps to secure the software on its routers.

For instance, according to the complaint, hackers could exploit pervasive security bugs in the router’s web-based control panel to change any of the router’s security settings without the consumer’s knowledge.  A malware researcher discovered an exploit campaign in April 2015 that abused these vulnerabilities to reconfigure vulnerable routers and commandeer consumers’ web traffic. The complaint also highlights a number of other design flaws that exacerbated these vulnerabilities, including the fact that the company set – and allowed consumers to retain – the same default login credentials on every router: username “admin” and password “admin”.

According to the complaint, ASUS’s routers also featured services called AiCloud and AiDisk that allowed consumers to plug a USB hard drive into the router to create their own “cloud” storage accessible from any of their devices. While ASUS advertised these services as a “private personal cloud for selective file sharing” and a way to “safely secure and access your treasured data through your router,” the FTC’s complaint alleges that the services had serious security flaws.

For example, the complaint alleges that  hackers could exploit a vulnerability in the AiCloud service to bypass its login screen and gain complete access to a consumer’s connected storage device without any credentials, simply by accessing a specific URL from a Web browser. Similarly, the complaint alleges that the AiDisk service did not encrypt the consumer’s files in transit, and its default privacy settings provided – without explanation – public access to the consumer’s storage device to anyone on the Internet.

In February 2014, hackers used readily available tools to locate vulnerable ASUS routers and exploited these security flaws to gain unauthorized access to over 12,900 consumers’ connected storage devices.

The Commission alleges that, in many instances, ASUS did not address security flaws in a timely manner and did not notify consumers about the risks posed by the vulnerable routers.  In addition, the complaint alleges that ASUS did not notify consumers about the availability of security updates.  For example, according to the complaint, the router’s software update tool – which allowed consumers to check for new router software – often told consumers that their router was on the most current software when, in fact, newer software with critical security updates was available.

In addition to establishing a comprehensive security program, the consent order will require ASUS to notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through email, text message, or push notification).  The consent order will also prohibit the company from misleading consumers about the security of the company’s products, including whether a product is using up-to-date software.

This matter is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they provide to consumers.

The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 24, 2016, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically.

If you or your business have questions or concerns regarding consumer protection, fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy

A Consumer’s Rights Under Pennsylvania’s Home Improvement Consumer Protection Act.

In 2009, Pennsylvania enacted the Home Improvement Consumer Protection Act (“HICPA”) to protect consumers from unfair trade practices and fraudulent home improvement contractors. Prior to 2009, consumers could bring suit against home improvement contracts under several common law theories, including breach of contract or fraud. Nothing specifically dealt with the numerous so called home improvement contractors who misrepresented themselves as professionals or experts.

Anyone could call himself a contractor and claim to do a job better and cheaper then the next guy. I once hired contractor who I later discovered was a recently fired cook who was doing home improvement with his brothers without a license.  While my cook/contractor did a fine job for the minor job I contracted him for, more often than not that is not the case. Many naïve and unsophisticated consumers have found themselves victims of poor workmanship, unconscionable contract requirements, or scams in which they paid thousands up front and received nothing in return.

HICPA altered the regulatory landscape within Pennsylvania for the home improvement industry. HICPA specifically required all contractors to register with the Bureau of Consumer Protection of the Pennsylvania Attorney General (Bureau).

HICPA defines contractors as, “Any person who owns and operates a home improvement business or who undertakes, offers to undertake or agrees to perform any home improvement. The term includes a subcontractor or independent contractor who has contracted with a home improvement retailer, regardless of the retailer’s net worth, to provide home improvement services to the retailer’s customers.”

The term contractor specifically excludes contractors who have not performed more than $5,000 in total cash value of home improvement work the previous year, and large home improvement retailers having a net worth of more than $50,000,00 and their employees that do not do home improvement work.

HICPA further defines home improvement as anything done to a private residence, building or land exceeding $500.00 including, but not limited to: 1) Repair, replacement, remodeling, demolition, removal, renovation, installation, alteration, conversion, modernization, improvement, rehabilitation or sandblasting; 2) construction, replacement, installation or improvement of driveways, swimming pools, pool houses, porches, garages, roofs, siding, insulation, solar energy systems, security systems, flooring, patios, fences, gazebos, sheds, cabanas, painting, doors and windows and waterproofing, 3) the installation of central heating, air conditioning, storm windows or awnings.

HICPA requires all home improvement contracts be in writing and provided in their entirety to the consumer at the time it is signed.  Each home improvement contract must contain: 1) The registration number of the contractor;
 2) Signature of the owner and the contractor or a salesperson of the contractor: 3) The date of the transaction; 4) Contact information of the contractor; 5) The total sales price and any down payments;
 6 ) An approximate starting date and completion date; 7) A description of the work to be performed, the materials to be used and a set of specifications; 
8) The names, addresses and telephone numbers of all subcontractors on the project;
 9) A statement that the contractor agrees to maintain insurance and identifies the current amount of insurance; 10) The toll-free telephone number for the Bureau; and 11) A notice of a three day Right of Rescission.

Under HICPA, home improvement contracts may NOT contain certain provisions including: 1) A hold harmless clause; 2) A waiver of Federal, State or local health, life, safety or building code requirements; 3) A confession of judgment clause; 4) A waiver of any right to a jury trial in any action brought by or against the owner; 5) An assignment of or order for payment of wages or other compensation for services.; 7) A provision by which the owner agrees not to assert any claim or defense arising out of the contract; 8) A provision that the contractor shall be awarded attorney fees and costs; 9) A clause by which the owner relieves the contractor from liability for acts committed by the contractor or the contractor’s agents in the collection of any payments or in the repossession of any goods; and 10) A waiver of any rights provided under the HICPA.

Under HICPA, a home improvement contractor must register with Bureau. A contractor is required to fully refund any amount paid by a customer within 10 days after it receives a written request for refund, if 45 days have passed since the work was to begin, and no substantial portion of the work has been performed. A contractor may not materially deviate from plans or specifications without a written change order that contains the price change for the deviation. 

Any contract of more than $1,000, the contractor cannot accept a deposit in excess of 1/3 of the contract price, or 1/3 of the contract price plus the cost of special order materials.

Violation of HICPA can carry both criminal and civil penalties.  Home Improvement Fraud is punishable as Felony of the Third degree if the amount exceeds $2,000.00 and as a Misdemeanor of the First Degree, if the amount involved is less than $2,000.00.

Civilly, violations of HICPA are deemed violations of the Uniform Trade Practices and Consumer Protection Law (“UTPCPL”).  HICPA extends the prohibitions, remedies, and damages available under UTPCPL to home improvement contractors.  Under the UTPCPL, penalties for contractors may include treble damages and attorney’s fees.

HICPA provides significant statutory protection and remedies for consumers where there was previously none.

Leave a comment

Filed under Consumer Advocacy, Uncategorized

Oracle Agrees to Settle FTC Charges It Deceived Consumers About Java Software Updates

According to the Federal Trade Commission (FTC), Oracle has agreed to settle FTC charges that it deceived consumers about the security provided by updates to its Java Platform, Standard Edition software (Java SE), which is installed on more than 850 million personal computers. Under the terms of a proposed consent order, Oracle will be required to give consumers the ability to easily uninstall insecure, older versions of Java SE.ftc_logo_430

“When a company’s software is on hundreds of millions of computers, it is vital that its statements are true and its security updates actually provide security for the software,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “The FTC’s settlement requires Oracle to give Java users the tools and information they need to protect their computers.”

Oracle’s Java SE provides support for a vast array of features consumers use when browsing the web, including browser-based calculators, online gaming, chatrooms, and 3D image viewing.

According to the FTC’s complaint, since acquiring Java in 2010, Oracle was aware of significant security issues affecting older versions of Java SE. The security issues allowed hackers to craft malware that could allow access to consumers’ usernames and passwords for financial accounts, and allow hackers to acquire other sensitive personal information through phishing attacks.

In its complaint, the FTC alleges that Oracle promised consumers that by installing its updates to Java SE both the updates and the consumer’s system would be “safe and secure” with the “latest… security updates.” During the update process, however, Oracle failed to inform consumers that the Java SE update automatically removed only the most recent prior version of the software, and did not remove any other earlier versions of Java SE that might be installed on their computer, and did not uninstall any versions released prior to Java SE version 6 update 10. As a result, after updating Java SE, consumers could still have additional older, insecure versions of the software on their computers that were vulnerable to being hacked.

In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not working,” and that a large number of hacking incidents were targeting prior versions of Java SE’s software still installed on consumers’ computers.

While Oracle did have notices on their website relating to the need to remove older versions because of the security risk they posed, the information did not explain that the update process did not automatically remove all older versions of Java SE. The updates continued to remove only the most recent version of Java SE installed until August 2014.

The complaint charges that this failure to disclose the limitations of the updates in light of the statements made about the security benefits of the updates was deceptive and in violation of Section 5 of the FTC Act.

Under the terms of the proposed consent order, Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it. In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software.

The consent order also will prohibit the company from making any further deceptive statements to consumers about the privacy or security of its software and the ability to uninstall older versions of any software Oracle provides.

 

If you or your business have questions or concerns regarding consumer protection, fraud, computer law, privacy, cybersecurity or administrative law matters, contact attorney Jeffrey A. Franklin or any of our attorneys at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Uncategorized

FTC’s $100 million settlement with LifeLock

Today, the Federal Trade Commission (FTC) released the following: The law may not authorize the use of light sabers, but to protect consumers and ensure that companies comply with existing orders, the FTC will use the forces within its power. It’s a lock that the agency’s $100 million settlement with LifeLock – one of the largest redress orders of its kind – makes that point as big as life.

ftc_logo_430

LifeLock’s first go-round with the FTC and 35 state AGs was in 2010. According to that complaint, LifeLock didn’t live up to identity protection claims it made in its ads. To settle that case, the company agreed to secure customers’ sensitive information and promised not to mislead consumers in the future with deceptive claims about its services.

But as the FTC alleges, LifeLock violated four key provisions of that order. First, the FTC says that from October 2012 through March 2014, LifeLock failed to set up and maintain a comprehensive information security program to protect customers’ sensitive data, including their Social Security, credit card, and bank account numbers. The safety of consumers’ confidential information should be a serious consideration for any business – but for a company already under FTC order and in the business of selling identity protection services? You get the point.

Second, the filing charges that during that period, LifeLock falsely advertised that it protected consumers’ sensitive information with the same high-level safeguards as financial institutions. What about the company’s promise it would send alerts “as soon as” it received any indication that a customer may be a victim of identity theft? According to the filing, that ad claim was false, too. Finally, the FTC says LifeLock didn’t live up to the record-keeping provisions of the 2010 settlement, an essential part of any order.

Under the terms of the proposed settlement, the $100 million LifeLock has to pay will go toward consumer refunds. To make sure consumers are protected, the settlement explains in detail how that has to happen. LifeLock must deposit $100 million into the registry of the United States District Court in Arizona. Of that total, the company may use $68 million in settling an ongoing class action lawsuit related to the conduct alleged in the FTC’s filing. But let’s be clear: That money must go directly to consumers. Not one penny can be used for administrative costs or legal fees associated with the class action. Any money not received by consumers in the class action settlement or through settlements between LifeLock and the state AGs will go to the FTC for further consumer redress.

Surprised by the number of zeros in the settlement? You shouldn’t be. There’s not much the FTC takes more seriously than effective enforcement of existing orders. Furthermore, the FTC has made it clear that it won’t tolerate deceptive advertising and unreasonable data security practices. Today’s announcement gives companies 100 million more reasons to avoid both courses of conduct.

If you or your business have questions or concerns regarding consumer protection, fraud, or administrative law matters, contact attorney Jeffrey A. Franklin or any of our attorneys at Prince Law Offices, P.C.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy