Confusion and uncertainty abound in the business world, with many business owners unable to meet a variety of contractual obligations as a result of the COVID-19 pandemic, and related government shut downs, employee limitations, and supply chain disruptions. Naturally this never-before-seen set of circumstances are leading to questions from both sides of the contract around force majeure, the doctrines of impossibility and frustration of purpose, and how California business owners can most effectively deal with current contractual obligations that may be substantially impacted by the pandemic’s fallout.

This article discusses how California courts interpret and apply explicit force majeure provisions and how/when California courts infer force majeure relief in agreements without such provisions, as well as analysis of related contract defenses. In so doing, it will examine how California businesses may benefit from aggressive or proactive litigation tactics, including early dispute resolution, identification of key issues, and language, and potentially the early commencement of actions for declaratory relief before a breach of contract claim is filed.

Whether the ultimate goal is to excuse the contractual obligations in their entirety, or simply delay the obligations until the force majeure event has concluded, a proactive litigation strategy can not only increase the leverage in negotiations with the opposing party for an alternative (better) resolution, but can also provide valuable and necessary clarity with respect to a company’s current and future liabilities—something every California company (and person) is in short supply of. Additionally, this article will look forward to a post-coronavirus world, and provide suggested language for force majeure provisions so as to best protect the company from similar pandemic shut downs in the future.

Explicit force majeure provision in agreement

The principle underlying the doctrine of force majeure is simple and set forth in Cal. Civ. Code § 3526: “No [wo]man is responsible for that which no [wo]man can control.” Generally, a force majeure clause is triggered when the occurrence of a force majeure event, sometimes generally referred to as an “act of God,” ultimately renders performance so impracticable that it is excused.

As always should be the case, one must first look to explicit language in the contract relating to “force majeure,” “impossibility or impracticability of performance,” “ purpose,” and “early termination.” In California and around the country, where the parties’ written agreement evidences an intent to address specific contingencies, those terms will generally control and be enforced by courts.

In many states around the country, such as New York, the specification of any force majeure event necessarily precludes other force majeure events from being included within the definition. In other words, if earthquakes and fires are listed, but viral pandemic is not listed, many of these courts  will not find the force majeure provision to excuse performance obligations. However, California interprets these provisions a bit “less narrowly” than other states, in as much as a non-listed event can still fit within a written force majeure provision if it is “unforeseeable at the time of contracting”. See Autry v. Republic Productions (1947) 30 Cal.2d 144.

This isn’t to say that the legal argument over applicability and scope of such clauses is over, but it is to say that California courts may be more willing and capable to open the door for non-listed force majeure events to be covered under such provisions, providing the equitable considerations outlined below are also considered and weighed.

Force majeure and other reasons California courts excuse contractual obligations

When there is no applicable contract language (or when an unforeseeable event occurred that was not listed in a force majeure provision), contract law has long recognized and accommodated situations in which one party’s contractual performance is made impossible or impractical by intervening and unforeseeable events—such as the outbreak of a war or a similar catastrophic event—notwithstanding any language in the agreement.

In fact, the California legislature codified its equitable protections in Cal. Civ. Code § 1511(2), providing that the performance of an obligation is excused “when it is prevented or delayed by an irresistible, superhuman cause, or by the act of public enemies of this state or of the United States, unless the parties have expressly agreed to the contrary.” (emphasis added)

Again, unlike some other states in the country, California applies this equitable principle broadly, holding that “force majeure…is not necessarily limited to the equivalent of an act of God.” Pac. Vegetable Oil Corp. v. C.S.T., Ltd., 29 Cal.2d 238 (Cal. 1946). As such, one could argue in other states that while the virus may not have been man-made, the spread of the virus and resulting epidemic is certainly man-made, and therefore not an “act of God” in the traditional sense. However, the analysis in California is different. In the Golden Bear state, the test for whether a force majeure / act of God situation is present is “whether…there was such an insuperable interference…as could not have been prevented by the exercise of due diligence.” Id. (emphasis added)

Citing Witkin Summary of Law, California courts have specifically held that “force majeure is the equivalent of the common law contract defense of impossibility and/or frustration of purpose: performance of a contract is excused when an (1) unforeseeable event, (2) outside of the parties’ control, (3) renders performance impossible or impractical. Citizens of Humanity, LLC v. Caitac Int’l, Inc., No. B215233, 2010 WL 3007771 (Cal. Ct. App. Aug. 2, 2010). (emphasis added)

As it pertains to impossibility, California courts hold that the inability to perform “must consist in the nature of the thing to be done and not in the inability of the obligor to do it.” El Rio Oils, Canada, Limited v. Pacific Coast Asphalt Co. (1949) 95 Cal.App.2d 186.

Thus, in addition to highlighting the impact the pandemic has on individual companies, focusing on the industry-wide impact of the pandemic or shutdown may also bolster any argument for force majeure to apply. Moreover, the disruption of different supply chains and other vendor shut downs may also contribute to an inability to perform due to the “nature of the thing being done”, even if they do not directly disable the obligor from performing. However, it must be noted that “impossibility as excuse for nonperformance of a contract is not only strict impossibility but includes impracticability because of extreme and unreasonable difficulty, expense, injury, or loss involved.” Autry v. Republic Productions (1947) 30 Cal.2d 144.

Closely related to impossibility is the legal concept of frustration of purpose, where “performance remains possible, but is excused whenever a fortuitous event supervenes to cause a failure of the consideration or a practically total destruction of the expected value of the performance.” Id. (see also Restatement (Second) of Contract 265 and Lloyd v. Murphy, 25 Cal. 2d 48, 54, 153 P.2d 47, 50 (1944), enumerating the frustration of purpose doctrine when “a party’s “principal purpose is substantially frustrated.”) This situation is now arising as a result of the cancellation of numerous trade shows and other similar events due to the pandemic, where vendors are still able to perform the services to support the trade shows, but the “principal purpose” of the transaction (thousands of attendees) is now frustrated, delayed, or cancelled altogether.

Application of force majeure provisions

Unfortunately, no published California decision has squarely confronted a virus or pandemic in relation to these contract and equitable principles. And as is very often the case, the unique factual circumstances present with each industry, each party and each agreement will dictate the result.

However, the California Supreme Court has been clear that compliance with a contract that involves greater expense or hardship than anticipated does not by itself excuse the obligation. Instead, the party bearing the burden must prove that there exists “extreme and unreasonable difficulty, expense, injury, or loss involved.” See Metzler v. Thye (1912) 163 Cal. 95, 98; see also Oosten v. Hay Haulers Dairy Emps & Helpers Union (1955) 45 Cal.2d 784, 788.

California law similarly requires that parties invoking force majeure demonstrate that they made “sufficient” or “reasonable” efforts to avoid the consequences of the force majeure event, such as seeking other suppliers or other methods of performance. A prime example is the case of Butler v. Nepple (1960) 54 Cal.2d 589. 599, where force majeure did not excuse a drilling company from its contractual obligations where the company could not obtain necessary tools because its supplier was on strike. Although strikes were among the force majeure events enumerated in the clause, the court found the company was obliged to source the tools from an alternate supplier, even though doing so would cause the company to incur additional expense, and there was no showing that the additional expense or other methods to drill were “extreme or unreasonably difficult.”

In Mitchell v. Ceazan Tires, Ltd. (1944) 25 Cal.2d 45, a tenant who had leased space for a tire store argued World War II triggered governmental regulations on the sale of new tires making performance impossible. The California Supreme Court rejected this argument, not only because the contract was entered into when the country was debating entry into the war, making this not entirely an unforeseeable or remote possibility, but also because the contract still retained value notwithstanding the limitation.

While it is necessary to provide evidence of unreasonable difficulty and/or lack of value, the landmark Autry case also brings up another threshold question that will need to be considered after impossibility is determined or a force majeure provision is enforced—and that is whether the circumstances merit only a delay in performance, or a complete termination of all contractual obligations. In such situations, courts will look to whether “time is of the essence” in the contract, and if it is, then a complete termination of all contractual obligations may be the most equitable result for the court to adopt (see, e.g. Autry, supra, which held that by the time Word War II was over, the economic conditions had changed to such a degree that the famous actor was excused from the performance of a contract he signed prior to the war).

Strategies to deal with contractual obligations

While these inquiries are hugely fact-dependent, the issues of contract interpretation, impossibility, and frustration of purpose are all questions of law for the court to decidenot the jury. See Oosten, supra, 45 Cal.2d at 788. As a result, instead of waiting to get sued, a party who knows it will not be able to perform an obligation has the right to bring an action for declaratory relief first. While the burden of proof remains with the party who is looking to excuse the contractual obligation, there may be some additional benefits to this strategy when dealing with the current pandemic.

To begin with, it is important to remember that the issues are equitable in nature, therefore judges are asked to look at things like fairness and public policy. Accordingly, any litigation strategy should begin by a good faith attempt to reach out to the opposing party, set forth either the reasons for the impossibility (both internal and industry-wide), or the reasons for why the obligation should not be excused in light of these events, and attempt to find a resolution outside of court.

If this is ultimately unsuccessful, so be it, the action for declaratory relief can still be proactively filed, at which time the filing party will be the one framing the issues for the judge—something that may be important since, as discussed above, there is no specific California case on  pandemics to guide courts on this subject.

Given the uncertainty around the availability of jurors and jury trials, as well as the backlog already created by court cancellations, an action for declaratory relief from the court without the involvement of a jury can also serve to quicken the litigation process—saving both time and money for the company. But perhaps more important than saving litigation costs, is providing some semblance of clarity and certainty for companies to know the true nature of their liabilities and financial obligations in the post-coronavirus world. And in times like these, clarity and certainty are seemingly as rare and coveted as rolls of toilet paper.

Suggested language for future force majeure provisions in contracts

Given that a pandemic and shutdown of this magnitude is, forever more, a foreseeable event, its description should be found more frequently in force majeure contractual provisions going forward, so as to erase any doubt.

Drafters of agreements need to be careful to not simply provide boilerplate / catch-all language, which has been held insufficient in California and other states—a good example being Watson Labs, Inc. v. Rhone-Poulenc Rorer, Inc., 178 F.Supp.2d 1099, 1111 (C.D. Cal. 2001), where language referring to “regulatory, governmental … action” was found to be too vague and boilerplate to reflect that the parties considered that the shutdown of the Defendant’s plant would be encompassed. In contrast, in Eastern Airlines, Inc. v. –McDonnell Douglas Corp., 532 F.2d 957, 963 (5th Cir. 1976), the court found the force majeure language was specific enough by referring to precisely the kind of governmental action that caused the delay: “any act of government, governmental priorities, allocation regulations or orders affecting materials, equipment, facilities or completed aircraft.”

Accordingly, while specificity may be a double edged sword, over-inclusiveness on all of the potential effects from a pandemic such as the coronavirus is advisable. In other words, instead of simply including “viral pandemic,” parties may want to include many of the by-products we’ve seen from the spread of the epidemic, such as shelter-in-place orders, quarantines, government shutdowns, substantial interruption to air travel, substantial interruptions in supply chains, and other economic ripples caused by the response to an epidemic or pandemic.

Below are some drafting tips to address COVID-19 or a similar future event:

  1. Ensure the contract has a force majeure clause or related contractual defense clause to cover COVID-19 or a similar future event, with considerations given to whether the clause should be open and unqualified or a closed list of force majeure events (as outlined above)
  2. Consider how the governing law of the contract affects the force majeure clause in the contract (see differences between California law and New York law, outlined above)
  3. Ensure the contract has clear notification provisions relating to notice being provided of the force majeure event
  4. Provide for rights to suspend and terminate the contract as appropriate, as well as the time period of suspension before any termination right can be exercised
  5. Consider provisions requiring the party claiming force majeure to mitigate the effects of the force majeure event
  6. Consider if all obligations should be suspended during the period of suspension, or if only some of the obligations should be suspended (such as payment obligations)
  7. Consider whether clauses providing for injunctive relief are appropriate to address these scenarios.

And as always, all parties are encouraged to wash their hands, thoroughly and often.

Now more than ever businesses need to be able to quickly and efficiently communicate with clients and customers about issues related to the COVID-19 pandemic. However, as many businesses know, the Telephone Consumer Protection Act (“TCPA”) is often an obstacle to quick and efficient communication. A new ruling from the FCC clarifies that certain calls regarding COVID-19 are exempt from TCPA liability.

Background

The TCPA prohibits, among other things, calling or texting customers’ cell phones using an automatic telephone dialing system (“ATDS”), artificial voice or prerecorded voice (commonly referred to as “robocalls”) unless:

  1. the call is made for “emergency purposes,” meaning that the call is “necessary in any situation affecting the health and safety of consumers;”[1] or
  2. the called party has given the business prior express consent to call their cell phone.[2]

Callers who fail to comply with this rule are subject to a statutory fine of $500 to $1,500 per call or text. And, because the TCPA imposes no aggregate limit on damages, the risk of non-compliance is significant, particularly when TCPA cases are filed as putative class actions, as many are.

The scope of the “emergency purposes” exception has not been litigated extensively. Those court opinions and FCC orders that do address the issue have narrowly construed the exception. For instance, text messages and calls asking customers to return contaminated food products or informing parents of school closings and school safety concerns fall within the emergency purposes exception; however, calls regarding healthcare account balances or other general school activities do not.[3] Further, courts have split on the issue of whether certain healthcare-related calls, such as prescription refill reminders, fall within the emergency purposes exception.[4]

The March 20, 2020 FCC Ruling

Recognizing that further guidance on the “emergency purposes” exception was needed in the face of the ongoing COVID-19 pandemic, the FCC sua sponte issued a declaratory ruling on Friday, March 20, 2020.[5]

While the FCC explicitly recognized that COVID-19 poses the type of imminent health risk to which the “emergency purposes” exception was intended to apply, it took a limited view of the type of calls to which the exception applies:

In determining whether a call relating to the COVID-19 pandemic qualifies as a call made for an emergency purpose, we look to the identity of the caller and content of the call. First, the caller must be from a hospital, or be a health care provider, state or local health official, or other government official as well as a person under the express direction of such an organization and acting on its behalf.  Second, the content of the call must be solely informational, made necessary because of the COVID-19 outbreak, and directly related to the imminent health or safety risk arising out of the COVID-19 outbreak.[6]

Further, the FCC ruled that calls advertising services which are extremely useful to the millions of consumers currently sheltering in place—such as those advertising “commercial grocery delivery service[s]”—do not fall within the “emergency purposes” exception.  Neither do “calls made to collect debt, even if such debt arises from [COVID-19] related health care treatment.”[7]

Whether courts will construe this new Declaratory Ruling as binding and thereby limit the definition of emergency COVID-19 related calls as narrowly as the FCC is an issue which will be litigated extensively in the near future. In the meantime, healthcare providers, government officials and those acting on their behalf can take solace in knowing that their COVID-19 related communications likely fall within the “emergency purpose” exception. However, as a best practice, non-governmental entities outside the healthcare industry should confirm that they have the appropriate consent from customers prior to calling or texting them about COVID-19 related issues and keep procedures in place for allowing customers to opt-out from such communications.

 

 

[1] 47 C.F.R. § 64.1200(f)(4).

[2] Prior express consent may be inferred when the customer voluntarily provides his or her cell phone number in connection with a business transaction and the call concerns that transaction.  However, written consent is required for calls to cell phones that are not purely transactional in nature, i.e., calls that also advertise goods or services.  Id. § 64.1200(a)(2).

[3] See Brooks v. Kroger Co., No. 19-00106, 2019 WL 3778675, at *3 (S.D. Cal. Aug. 12, 2019) (text messages asking customers to return ground beef that may have been contaminated with salmonella were sent for an emergency purpose); ACA Int’l v. FCC, 885 F.3d 687, 714 (D.C. Cir. 2018) (calls from healthcare providers concerning “[a]dvertisements, solicitations, and post-treatment financial communications are not the sort of ‘emergencies’ that would justify suspending the TCPA’s consent regime”); In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, 31 FCC Rcd. 9054, 9061 ¶ 17, 9063 ¶¶ 21–22 (2016) (emergency purposes exception includes calls regarding school closings due to weather, “incidents of threats and/or imminent danger to the school due to fire, dangerous persons, health risks (e.g., toxic spills), and unexcused absences” but does not include calls regarding parent-teacher conferences or general school activities).

[4] Compare Roberts v. Medco Health Solutions, Inc., No. 15-1368, 2016 WL 3997071, at *3 (E.D. Mo. July 26, 2016) (prescription reminder calls are sent for “emergency purposes”) and Lindenbaum v. CVS Health Corp., No. 17-1863, 2018 WL 501307 (N.D. Ohio Jan. 22, 2018) (same) with Smith v. Rite Aid Corp., No. 17-6044, 2018 WL 5828693 (W.D.N.Y. Nov. 7, 2018) (refusing to rule that prescription notice calls, as a matter of law, fall within the “emergency purposes” exception) and Kolinek v. Walgreens Co., No. 13-4806, dkt. no. 66, at 2 (N.D. Ill. Aug. 11, 2014) (same).

[5] The FCC is the administrative body charged with promulgating rules under the TCPA.

[6] Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Declaratory Ruling, DA 20-318 ¶ 7 (March 20, 2020) (emphasis added).

[7] Id. ¶ 9.

The Illinois Supreme Court recently affirmed a state appellate court’s holding that in class action lawsuits, an effective tender made before a named plaintiff files a class certification motion satisfies the named plaintiff’s individual claim and moots the plaintiff’s interest in the litigation.

For employers facing workplace class actions in Illinois and other states with similar statutes involving tenders of complete relief, this opinion provides an excellent framework for how to moot and defeat a class action lawsuit prior to class certification briefing.

Case Background

In Joiner v. SVM Management, LLC, 2020 IL 124671 (Ill. Feb. 21, 2020), the plaintiffs rented an apartment in a large residential apartment complex from the defendant. Although the defendant returned the plaintiffs’ full security deposit, the defendant did not pay security interest on that deposit at any time. Thereafter, the plaintiffs filed a three-count complaint in the Circuit Court of Cook County. In Count I, they alleged on behalf of themselves and others similarly situated that the defendant violated the Illinois Deposit Act by failing to pay interest on its tenants’ security deposits. In Count II, they alleged on behalf of themselves and others similarly situated that the defendant violated the Illinois Uniform Deceptive Trade Practices Act by way of various allegedly unlawful lease and rider provisions. Finally, in Count III, they alleged, individually, that the defendant violated the Illinois Rental Property Utility Service Act by failing to provide required notices and disclosures.

Although the plaintiffs brought Count I as a class action, they did not file a motion for class certification. The defendant responded to the pleadings by tendering the plaintiffs’ requested damages and attorney fees on Count I, and later moving to dismiss the other two causes of action. The plaintiffs refused that tender, and the defendant later argued that its tender mooted Count I pursuant to the Illinois Supreme Court’s decision in Barber v. American Airlines, Inc., 241 Ill. 2d 450 (2011), which held that if a tender is made to the named plaintiff before the filing of a motion for class certification, the claims are moot because the interests of the other class members are not before the trial court. The Circuit Court ultimately dismissed Count I with prejudice.

Before the Illinois Appellate Court, the plaintiffs argued that Barber was no longer good law in light of the U.S. Supreme Court’s decision in Campbell-Ewald Co. v. Gomez, 136 S. Ct. 663 (2016), which held that a case becomes moot only when it is impossible for a court to grant any effectual relief whatever to the prevailing party. As such, the plaintiffs argued that if Barber was still good law, then the Circuit Court erred in holding that Barber permitted dismissal of all counts when the defendant only tendered on one count. After noting that Barber was still good law in Illinois, the Appellate Court held that the defendant made a sufficient tender and therefore the Circuit Court properly dismissed Count I as moot. The plaintiffs then appealed this issue (among others) to the Illinois Supreme Court.

The Illinois Supreme Court’s Decision

The Illinois Supreme Court affirmed the Appellate Court’s dismissal of Count I based on the tender. Regarding the application of the Barber rule, the Supreme Court explained that it, “has long held that, when a defendant tenders the full amount requested by a plaintiff purporting to represent a class before the named plaintiff files a class-certification motion, the plaintiff’s claim becomes moot.” Id. at 7 (citation omitted).

In its analysis, the Supreme Court examined federal court precedent from the Seventh Circuit and U.S. Supreme Court relative mooting class actions. After summarizing the federal case law, the Supreme Court explained that as a threshold matter, federal Rule 68 offers of judgment were distinguishable from “tenders.” The Illinois Code of Civil Procedure provides that a defendant must “tender what he or she shall conceive sufficient amends for the injury done or to pay the unliquidated damages or demands” to shift costs to the plaintiff. 735 ILCS 5/5-126 (2016) (emphasis added). Under the federal rule, conversely, a defendant only needs to “offer to allow judgment” and can do so, “on specified terms.” Fed. R. Civ. P. 68(a). Further, the Supreme Court noted that the federal rule expressly contemplates a plaintiff’s choice to accept or decline such an offer, while the Illinois rule does not. Id. at *13. Accordingly, the Supreme Court rejected the plaintiffs’ argument that the Campbell-Ewald holding was not limited to Rule 68, and held that when a defendant admits liability and provides the plaintiff with all relief requested — as one does with a tender — no controversy exists, and the trial court must dismiss the case if no other plaintiff steps into the named plaintiff’s shoes to represent the class. Id. at *15-16.

Applying this analysis to the case at hand, the Supreme Court noted that the defendant’s attorney brought the tender check with him to the oral argument and in no way intimated that the defendant intended to keep the check or not pay the plaintiffs’ reasonable attorney fees. The Supreme Court opined that future tenders made to satisfy a demand, if made after filing of suit, should be made to the trial court, and if the tender fully satisfies the plaintiff’s demand absent costs and attorneys’ fees, the trial court could then hold a hearing on costs and attorneys’ fees before dismissing the case. Accordingly, the Supreme Court affirmed the Appellate Court’s dismissal, and held that the defendant must pay the tendered funds to the Circuit Court pending a hearing on costs and attorney fees and dismissal. Id. at 19.

Implications For Employers

Although this case is outside the employment law context, the opinion in Joiner provides valuable strategic insight for employers who find themselves embroiled in bet-the-company workplace class actions. Particular to litigants in Illinois state courts, the opinion can be used as an instruction manual for how to tender complete relief to a named plaintiff and moot class actions where the named plaintiff has not yet moved for class certification. The Illinois Supreme Court’s analysis additionally provides an excellent framework to distinguish the U.S. Supreme Court’s decision in Campbell-Ewald and similar federal appellate court rulings, since those cases dealt with offers of judgment under the Federal Rules of Civil Procedure, which are merely “offers” of settlement, as opposed to an actual tender that completely satisfies a plaintiff’s demand

On January 21, 2020, the Oakland City Council unanimously passed the Fair Chance Housing Ordinance (“FCHO”), which will restrict landlords in their ability to reject a potential tenant because of prior criminal history. It also impacts background check companies that offer a tenant screening product (“consumer reporting agencies”) because they will have to modify their processes and procedures to ensure that information that is “off limits” to landlords and property managers is not included in a tenant screening report (“consumer report”). The Council will take a final vote on February 4, 2020. Given that Oakland is not the first jurisdiction to enact such an ordinance, and there are other similar laws pending across the country, background check companies need to monitor this evolving area of the law and take affirmative steps to avoid a class action.

Seattle Paved the Way for Laws Restricting Reporting and Consideration of Criminal History for Rental Housing Purposes

In the context of tenant screening, restrictions on consideration of criminal history appear to be gaining traction. The first such law was passed in 2017, when the City of Seattle enacted its own “Fair Chance Housing Ordinance.” In Seattle, it now is an unfair practice for any “person” (broadly defined to include landlords/property managers and their agents) to, among other things, “[r]equire disclosure, inquire about, or take an adverse action against a prospective occupant, a tenant or a member of their household, based on any arrest record, conviction record, or criminal history.” The exceptions are quite narrow, however, Seattle allows landlords and property managers to consider a tenant applicant’s status as a registered sex offender (but an applicant only can be denied on this basis if there is a “legitimate business reason” to do so).

While at first blush it appears the Seattle ordinance only restricts the information that landlords and property managers may request and consider, Seattle’s FAQ expressly states that “[u]nless there is an exclusion, neither landlords nor any person may run criminal background checks,” adding that “any person” includes, but is not limited to “property managers, owners, screening companies, etc.” As a result, we previously have recommended that background check companies consider modifying their processes to ensure that criminal history information is not reported to Seattle landlords and property managers, absent clear proof that an exception applies (e.g., sex offender registry status).

Oakland Follows the Trend With a More Comprehensive Ordinance

Citing a need “to give previously incarcerated persons or other persons with a criminal history a fair opportunity to compete for rental housing and to be able to reside with family members and others,” and also to reduce the incidence of homelessness for persons with a criminal history, the FCHO will make it unlawful for a housing provider (e.g., landlord, property manager, etc.) to, “at any time or by any means, whether direct or indirect,” inquire about a rental or leasing applicant’s criminal history, require an applicant to disclose or authorize the release of their criminal history or, if such information is received, base an adverse action in whole or in part on an applicant’s criminal history. Retaliation against any individual for exercising or attempting in good faith to exercise any protected rights under the FCHO is expressly prohibited.

“Criminal history” is broadly defined to include virtually any type of criminal record, regardless of how it is transmitted or obtained, and from whom, including one or more convictions or arrests, convictions that have been sealed, dismissed, vacated, expunged, sealed, voided, invalidated, or otherwise rendered inoperative by judicial action or by statute, juvenile records, or records reflecting participation in or completion of a diversion or a deferral of judgment program.

There are limited exceptions. First, it is not unlawful for a housing provider to comply with federal or state laws that require the housing provider to automatically exclude tenants based on certain types of criminal history, including, but not limited to:

  • Ineligibility of Dangerous Sex Offenders for Admission to Public Housing (42 U.S.C. § 13663(a).
  • Ineligibility of Individuals Convicted for Manufacturing Methamphetamine on Premises of Federally Assisted Housing for Admission to Public Housing and Housing Choice Voucher Programs (24 C.F.R. § 982.553).

If such a requirement applies, however, the FCHO states that the housing provider may not inquire about, require disclosure of, or, if such information is received, review an applicant’s criminal history until after the housing provider does the following: (1) informs the applicant in advance that the housing provider will check for certain types of criminal history; and (2) requests written consent, or if the applicant objects, provides the applicant the opportunity to withdraw the rental application.

Next, a housing provider may review California’s sex offender registry, provided that it (1) has stated the lifetime sex offender screening requirement in writing in the rental application, and (2) does not inquire about, require disclosure of, or, if such information is received, review an applicant’s criminal history until after the housing provider:

  • determines whether the applicant is qualified for the rental under all of the housing provider’s criteria for assessing applicants (except for any criteria related to criminal history);
  • provides to the applicant a conditional rental agreement that commits to providing the rental to the applicant as long as the applicant meets the housing provider’s criminal history criteria with respect to the registry of lifetime sex offenders; and
  • informs the applicant in advance that the housing provider will be checking the sex offender registry and requests written consent or, if the applicant objects, provides the opportunity to withdraw the rental application.

If a housing provider takes adverse action against an applicant based in whole or in part on their criminal history, it must provide a written notice to the applicant regarding the decision that includes, at a minimum:

  • the reason(s) for the adverse action;
  • instructions regarding how to file a complaint about the decision with the City;
  • a list of local legal services providers, including contact information;
  • a copy of any criminal history, background check report, or other information related to the applicant’s criminal history that served as a basis for the decision; and
  • an opportunity to respond with rebutting or mitigating information prior to the denial of the application.

Notably, the FCHO requires that the adverse action notice go above and beyond what the Fair Credit Reporting Act (“FCRA”) and the California Investigative Consumer Reporting Agencies Act (“ICRAA”) require. While both statutes require a notice that simply advises of the adverse decision, the right to submit a dispute, the right to request a copy of the report, and the contact information for the consumer reporting agency that furnished the report, the FCHO adds to these by requiring a copy of the report, an explanation for the decision, and an opportunity for rebuttal (in addition to the other information described above).

The FCHO also makes it unlawful for a housing provider to require reimbursement or payment from the applicant for providing any criminal history or criminal background check report.

The FCHO requires housing providers to follow additional requirements, such as posting a notice advising of applicants’ rights (in a form to be published by the City), including a copy of that same notice with any rental or leasing application, and maintaining a record of any criminal history obtained for any applicant for a period of three years.

Aggrieved applicants can file a complaint with the City, who, upon the finding of a violation, may issue a civil penalty of up to $1,000 for each violation, recover the costs of any investigation or issuance of civil penalties, and/or issue a warning letter and assess costs in lieu of issuing a civil penalty for a violation. Alternatively, aggrieved applicants (as well as the City Attorney or a tax exempt organization whose mission is to protect the rights of tenants or incarcerated persons in Oakland or Alameda County) may file a civil lawsuit against the housing provider. Aside from equitable relief, damages may include liquidated damages (e.g., three times the greater of either actual damages (including damages for mental or emotional distress), one month’s rent that the housing provider charges for the rental unit in question, or the fair market value of such rental unit); punitive damages; and attorney’s fees and costs. The City Attorney also may include requests for civil penalties of up to $1,000 per violation.

Violations of the FCHO also are subject to criminal liability: an infraction for a violation, and a misdemeanor for a violation that is knowing and willful. Especially important for background check companies, the criminal penalties section of the FCHO recognizes an aiding and abetting theory of liability by stating that any person who “aids” a housing provider can be criminally responsible. Thus, like Seattle, background check companies should consider modifying their processes to ensure that criminal history information is not reported to housing providers in Oakland unless an exception applies and any request for such information comports with the procedural requirements set out above.

Increased Risk of Consumer Class Actions

Given the growing trend of reporting and restrictions on consideration of criminal history, there is an equivalent growing risk of consumer class actions against landlords, property managers, and/or background companies for non-compliance. Alternatively, an enterprising plaintiffs’ bar may look to create a new basis to bring class action claims against these parties. Both providers and recipients of criminal history information for any purpose should evaluate state and local laws that regulate use of such of information, modify their policies and practices, and take steps to stay abreast of this evolving area of law.

Seyfarth Synopsis: On January 29, 2020, Facebook announced that it had reached a settlement with plaintiffs in a class action brought under the Illinois Biometric Information Privacy Act (the “BIPA”) in the U.S. District Court for the Northern District of California. The settlement represents one of the largest payouts in a case brought under the BIPA since the law was passed in 2008. However, as the case against Facebook was not reflective of typical litigation brought under the BIPA, companies and their counsel should not be used it as a yardstick to value the majority of BIPA settlements moving forward.

Wednesday’s settlement puts an end to the largest BIPA case filed to date. Though the settlement included a hefty price tag, the Facebook litigation was an unusual case filed under the BIPA in both class size and subject matter and should not necessarily serve a guidepost for BIPA settlements in the future.

Case Background

In In Re Facebook, plaintiffs alleged that Facebook violated the BIPA when it unlawfully collected and stored biometric data on Facebook users without prior notice or consent. Plaintiffs’ claims arose out of Facebook’s “Tag Suggestions” function, which identifies other Facebook users through scanning uploaded photographs. Plaintiffs alleged that Facebook created and stored digital representations of people’s faces based on the geometric relationship of facial features unique to each individual.

The case was originally filed as three separate lawsuits in the U.S. District Court for the Northern District of Illinois. After the parties stipulated to transfer the cases to the Northern District of California, the Court consolidated the three suits into one class action complaint and Facebook moved to dismiss, asserting that the plaintiffs lacked standing under Article III to bring the suit because the collection of biometric information without notice or consent did not result in “real-world harms,” “such as adverse employment or even just anxiety.” Facebook’s motion to dismiss was denied. The District Court held that the plaintiffs had standing because they were never offered the opportunity to withhold consent from the storage of biometric data. The District Court also certified a class of “Facebook users located in Illinois for whom Facebook created and stored a face template after June 7, 2011.” Patel v. Facebook, Inc., 932 F.3d 1264, 1269 (9th Cir. 2019).

Facebook subsequently appealed the denial of the motion to dismiss and the class certification order to the U.S. Court of Appeals for the Ninth Circuit. In Patel v. Facebook, Inc., 932 F.3d at 1277, the Ninth Circuit affirmed the District Court’s decision in August 2019, holding that plaintiffs had alleged a harm sufficient to confer standing and that the class had been appropriately certified. Facebook then appealed the decision up to the U.S. Supreme Court, which denied certiorari last week on January 22, 2020. See Facebook, Inc. v. Patel, No. 19-706, 2020 WL 283288 (Jan. 21, 2020).

The Settlement

Facebook disclosed the settlement of the In Re Facebook case in conjunction with its quarterly financial results on January 29, 2020. Facebook’s disclosure indicated that, under the settlement agreement, Facebook will pay $550 million to eligible class members and plaintiffs’ attorneys. The parties have not yet released any additional information about the settlement, which follows closely on the heels of the Supreme Court’s decision last week not to hear Facebook’s appeal.

Implications For Illinois Companies

While the size of this settlement should certainly be noteworthy to companies doing business in Illinois, it is not reflective of the typical value of settlements for BIPA cases. The class certified in In Re Facebook included all Facebook users located in Illinois for whom Facebook created or stored a face template after June 2011. Extrapolating from the Plaintiffs’ allegations, the class could have presumably included millions of members, each of whom may have been awarded statutory damages ranging from $1,000 to $5,000 under the BIPA had Facebook proceeded to trial. Further, Facebook’s alleged use of the biometric information was much different than the typical BIPA case, which usually involves fingerprint or retina scans for payroll or security purposes.

However, despite the unique posture of the Facebook lawsuit, this significant settlement amount may exacerbate an already growing trend in privacy lawsuits being filed across the nation, with Illinois serving as a hotbed for such litigation under the BIPA (we have previously discussed the rise in BIPA lawsuits and the onset of other biometric privacy legislation here). Companies conducting business in Illinois and utilizing biometric information (such as fingerprint scans, retina scans, or, like Facebook, facial mapping or imaging, among other types) should be mindful that they are aware of and compliant with the requirements of the BIPA.

Synopsis: On January 6, 2020, Andrew Smith, director of the Federal Trade Commission’s Bureau of Consumer Protection, outlined in a blog post the agency’s new approach to data security orders. The agency implemented this approach in 2019 following a December 2018 hearing it held on the topic and an 11th Circuit decision that struck down a data security order as unenforceably vague. Elevating data security considerations to the C-Suite and Board level and increasing third-party assessor accountability are key features of its new approach, which Smith described as resulting in “significant improvements.”

The FTC’s “improvements” fall into the following three categories:

Elevated data security considerations to the C-Suite and board level. Companies must now present their boards with a written information security program annually. Senior officers then must provide annual certifications of compliance to the FTC with an order’s provisions. As support for the FTC’s efforts to improve corporate governance on data security, the FTC cited a number of studies, including one that “found a 35% decrease in the probability of information security breaches when companies include the Chief Information Security Officer (or equivalent) in the top management team and the CISO has access to the board.”

More specificity. The orders continue to require that a comprehensive information security program is implemented, but now provide more specificity on how that is to be accomplished. As previously mentioned, this change was prompted in part by a 2018 case in which the Eleventh Circuit vacated an FTC order as unenforceably vague. The FTC had ordered LabMD to implement a comprehensive information security program that included: 1) designated employees accountable for the program; 2) identification of material internal and external risks to the security, confidentiality and integrity of personal information; 3) reasonable safeguards to control identified risks; 4) reasonable steps to select service providers capable of safeguarding personal information and requiring them to do so; and 5) ongoing evaluation and adjustment of the program. The court concluded that the order “mandate[d] a complete overhaul of LabMD’s data-security program and [said] precious little about how this [was] to be accomplished.”

The orders now require companies to implement specific safeguards targeted at addressing problems alleged in the complaint. Smith gave a number of examples of such safeguards, including yearly employee training, encryption, monitoring systems for data security incidents, patch management systems, and access controls.

Increased third-party assessor accountability. A third improvement focuses on increasing the rigor of third-party assessors. The FTC continues to rely on outside assessors to review the implementation of the comprehensive data security programs required by the orders. For each biennial assessment, the FTC now has the authority to approve or reject the selected assessor. The orders also require assessors to identify specific evidence to support their conclusions, including, but not limited to, documents reviewed, sampling and testing performed, and interviews conducted. Documents related to the assessment must be maintained, and the assessor cannot refuse to provide such documents on the basis of certain privileges.

On December 16, 2019, the United States Supreme Court declined to review Krakauer v. Dish Network LLC, thus leaving unresolved a circuit split regarding Article III standing under the Telephone Consumer Protection Act (“TCPA”). As you may recall, on June 3, 2019, we reported on the Fourth Circuit’s opinion in Krakauer v. Dish Network, an opinion upholding a historic, $61 million TCPA jury award in the face of an Article III standing challenge.

Dish Network’s Petition for Certiorari

Following the Fourth Circuit’s ruling, Dish Network petitioned for a writ of certiorari to the Supreme Court.  In the petition, Dish Network stated the question presented as “whether a call placed in violation of the [TCPA], without any allegation or showing of injury—even that plaintiffs heard the phone ring—suffices to establish concrete injury for purposes of Article III.”  Dish Network argued that there was no evidence that any of the 18,000 class members were even aware they received a telemarketing call.  Notably, Dish Network cited the post-Spokeo circuit split between the Eleventh Circuit and the Second, Third, Fourth, and Ninth Circuits as to the Article III concrete injury standing requirement.

Implications for Business

Business groups had hoped that the Supreme Court would take up these cases and issue a decision that would resolve the circuit split. As it stands now, consumers in the Second, Third, Fourth and Ninth Circuits can bring claims under the TCPA without showing a concrete injury beyond the mere receipt of a text message. We will continue to monitor the landscape of TCPA litigation and report on any developments. Stay Tuned.

Synopsis: On December 6, 2019, the Federal Trade Commission issued a unanimous ruling against political data firm Cambridge Analytica for violating Section 5 of the FTC Act by misrepresenting that it would not download personally identifiable information when it in fact harvested this information from over 50 million Facebook users. Specifically, Cambridge Analytica represented that it would not download Facebook users’ name or any other identifiable information. To the contrary, its app collected a bevy of personally identifiable information, notably including Facebook User IDs, in creating voter profiles and targeted advertising leading up to the 2016 US Presidential election. The FTC also found that Cambridge Analytica made false or misleading representations that it still participated in the EU-US Privacy Shield Framework, an agreement designed to protect personal data transferred from the EU to the United States. The FTC imposed a 20-year injunction which, among other things, required that Cambridge Analytica delete or destroy the Facebook data it deceptively obtained and any information or work product, including any resultant algorithms or equations. While Cambridge Analytica is now in bankruptcy, this injunction also restrains its successors, assigns, officers, agents, employees, and attorneys, and all other persons in active concert or participation with any of them, from disclosing, using, selling or receiving any benefit from the information collected about the individual consumers. The FTC further ordered, among other things, that none of these affiliates of Cambridge Analytica shall possess or control personal information from an EU resident without complying with the EU-US Privacy Shield framework principles.

Background

Cambridge Analytica obtained Facebook data in 2014, which it used to develop methods that allegedly could identify personality traits of American voters and influence their behavior through targeted advertising. Cambridge Analytica obtained this data by paying Facebook users small sums to take a survey and download an app, which harvested private information from their profiles and their Facebook friends’ profiles. An outside researcher then used the survey responses and public Facebook page “likes” harvested from users and their friends to populate and train an algorithm that predicted users’ personality traits.

To gain access to the users’ data, Cambridge Analytica misrepresented to users the collection of data as follows: “In this part, we would like to download some of your Facebook data using our Facebook app. We want you to know that we will NOT download your name or any other identifiable information—we are interested in your demographics and likes.” Cambridge Analytica only included this representation after finding that half of the survey participants initially refused to grant the app permission to collect their profile data. Contrary to this representation, the app collected the Facebook User ID of these users, which is a unique identifier that connects individuals to their profiles. The app also harvested additional profile data, such as users’ gender, birthdate, location, friends list, and Facebook page “likes.” Cambridge Analytica ultimately harvested profile data from approximately 250,000 to 270,000 app users located in the United States and approximately 50 to 65 million friends of these users, without the users’ knowledge or informed consent.

In the wake of this scandal, the FTC imposed a $5 billion penalty on Facebook on July 24, 2019, and required it to, among other things, submit to new compliance restrictions and greater accountability at the board of directors level by establishing an independent privacy committee. That same day, the FTC filed a Complaint against Cambridge Analytica and simultaneously filed proposed settlements with its former chief executive Alexander Nix and app developer Aleksandr Kogan, which have since then been approved. Those settlements included restricting how Nix and Kogan conduct business in the future and requiring them to delete or destroy any personal information they collected. Cambridge Analytica filed for bankruptcy prior to the issuance of the Complaint. The Complaint alleged that Cambridge Analytica, Nix and Kogan deceived consumers by falsely claiming they did not collect personally identifiable information from Facebook users and by falsely claiming the Company still participated in the EU-US Privacy Shield Framework and that it adhered to Privacy Shield principles.

Takeaways

The FTC Act’s prohibition on deceptive acts or practices includes misrepresentations with respect to how companies handle consumers’ personal information. The FTC in its Opinion explained that an act or practice will be found to be deceptive if “(1) there is a representation, omission or practice, (2) that is likely to mislead consumers acting reasonably under the circumstances, and (3) the representation, omission, or practice is material.” Through a three-step inquiry, the FTC determines “(1) what claims are conveyed [to consumers]; (2) whether those claims are false, misleading or unsubstantiated; and (3) whether the claims are material.” Claims are considered material if they involve “information that is important to consumers and, hence, likely to affect their choice of, or conduct regarding a product.” Express claims, including both explicit statements made in a claim and necessary implications derived from the statements, are presumptively material.

Here, the FTC pointed to the express claims that personally identifiable information would not be downloaded and the EU-US Privacy Shield framework principles would be followed. The FTC also pointed to other evidence of materiality, including that Cambridge Analytica only included the statement regarding not downloading identifiable information in its request to collect data from survey participants after half of the participants had refused to grant access to data absent that assurance. The FTC, therefore, inferred that the assurance provided by that statement likely affected the choices and changed the decisions of a substantial number of users.

With respect to the Privacy Shield misrepresentation, this case is one of several that the FTC has brought or settled in recent months against companies for deceiving consumers over their participation in the Privacy Shield. This case is yet another reminder that companies must ensure that any representations they make to consumers about participation in the Privacy Shield or any other privacy regimen are accurate and up-to-date.

The FTC took a broad view of what is personally identifiable information in finding that Cambridge Analytica’s statement that it would not download names or other identifiable information was false and misleading. In addition to users’ Facebook ID, the FTC viewed the covered information to include any persistent identifier, such as a customer’s number held in a “cookie,” a mobile device ID, or processor serial number or information collected from data fields through Facebook about users’ “likes,” “hometowns,” “birthdates,” “photos,” “gender,” “educational information,” “religious or political views,” or “marital” or other “relationship” status and any data regarding a consumer’s activities online (e.g., searches conducted, web pages visited, or content viewed).

While the Opinion itself focused principally on the express deceptive claim that Cambridge Analytica would not download users’ names or other identifiable information, it also noted that Cambridge Analytica then went on to use the data it surreptitiously collected. Perhaps because the non-use of that data would flow as a necessary implication of the claim that no users’ identifiable information would be downloaded, the FTC did not address the undisclosed use of the data as a separate deceptive act, even though the use of that data in voter targeting is what seemed to have stoked public ire when news of the scandal broke in 2018.

For a copy of the Opinion, click here. For a copy of the Final Order, click here.

Synopsis: FTC publishes a quick-resource guide for influencers to encourage advertising compliance on social media.

For the last several years the Federal Trade Commission has been addressing the misleading marketing of consumer goods through social media influencers. At the beginning of this month, the FTC reinforced its concern with social media influencers by publishing a short guide and a video directed at those that endorse products online. Misleading influencer conduct triggers Section 5 of the FTC Act, 15 U.S.C. § 45, which prohibits unfair or deceptive acts or practices in or affecting commerce. The focus on educating influencers is part of the FTC’s increasingly aggressive action against influencers and companies using online endorsements that do not properly disclose the connection between the influencer and the company.

On April 19, 2017, the FTC announced that it sent out more than 90 letters reminding influencers and marketers to clearly and conspicuously disclose their relationships to products and companies. Less than five months later, the FTC settled its first complaint against individual social media influencers. In that case, the respondents paid influencers $2,500 to $55,000 to promote their company on YouTube, Twitch, Twitter, and Facebook, but the influencers did not disclose this financial relationship in their promotions. At the time, the FTC insisted that the action “should send a message t

hat such connections must be clearly disclosed so consumers can make informed purchasing decisions.” The following year, a public relations firm and publisher settled similar claims with the FTC, where they had not only paid two gold medal Olympians to advertise a product but also asked their employees and “friends” to do the same, all without revealing these relationships to the public. In June 2019, the FTC, this time in conjunction with the Food and Drug Administration, sent warning letters to four sellers of e-liquids, in which it “urge[d] [the recipients] to review your marketing, including endorsements by your social media influencers, and ensure that necessary and appropriate disclosures are made.”

The new guide “lays out the agency’s rules of the road for when and how influencers must disclose sponsorships to their followers.” Titled, “Disclosures 101 for Social Media Influencers,” the guide contains tips from the FTC staff about when disclosures are required. This publication joins the other existing resources on topic, including the FTC’s 2009 Endorsement Guides and 2017 Informal FAQ Sheet. Importantly, the FTC’s press release accompanying the new guide underscores that the responsibility of disclosures “lies with the influencer.”

Key take-aways from the new guide include:

(1) Material Connection: Influencers are required to make it obvious to consumers when they have a “material connection” to the product or company he or she is endorsing. A “material connection” — “in other words, a connection that might affect the weight or credibility that consumers give the endorsement” — extends beyond a business relationship with the brand and incudes a personal, family or employee relationship.

(2) Financial Isn’t Limited to Money: Influencers who receive other benefits in exchange for promoting a product, including discounted products or services, free products or other perks, still have to disclose their relationship.

(3) Endorsements Beyond Pictures: Tags, pins, reposts, likes and other methods of supporting a brand on social media qualify as endorsements.

(4) Clear and Conspicuous Disclosure: Disclosures need to be made so that they are seen by consumers. The FTC advises that, “to be both ‘clear’ and ‘conspicuous,’ the disclosure should use unambiguous language and stand out.” The disclosure should not be hidden in text, covered with multiple hashtags, or buried in a video. For example, where text for a social media post requires a consumer to click “more,” the disclosure should appear above the “more” button.

(5) Be Honest: Influencers cannot attest to a product or experience that they have not tried and misrepresent their true results. Just the same, influencers cannot make up claims about the product.

The foregoing reminders from the FTC are consistent with the prior guidelines and warning letters but are presented in a more concise and current format. The new guide is also accompanied by a short video providing advice for social media influencers. These resources are intended to remind influencers that they need to take responsibility for their role in influencing consumers and not to assume that consumers understand their relationship to the product or services they are endorsing.

This latest guidance from the FTC also serves as a reminder to those involved in social media marketing, whether as a brand, a marketer, or an influencer, to ensure the FTC’s guidelines are followed. As the FTC states in its form enforcement letter: “If your company has a written social media policy that addresses the disclosure of material connections by endorsers, you may want to evaluate how it applies to” posts made by your endorsers. “If your company does not have such a policy, you may want to consider implementing one that provides appropriate guidance” and “ensure[s] that posts contain necessary disclosures and they are clear and conspicuous.”

Seyfarth’s False Advertising, Product Labeling & Warnings practice group is here to help you understand the implications of FTC’s latest guidelines and answer any questions.

Synopsis: Last month, the Ninth Circuit issued an opinion, affirming broad Article III standing and holding that, for permissible-purpose claims, a consumer-plaintiff need allege only that his/her credit report was obtained for a purpose not authorized by the statute to survive a motion to dismiss, regardless of whether the report is published or otherwise used by the third party.

Case Background

In June 2016, Plaintiff Freshta Nayab discovered that a banking institution (“the Bank”) had made several inquiries on her Experian credit report. She sued the Bank alleging that the unauthorized inquiries violated the Fair Credit Reporting Act (“FCRA”) because she never conducted any business with nor incurred any financial obligations to the Bank.

The Bank moved to dismiss the complaint for failure to state a claim. Instead of opposing the motion, Nayab filed an amended complaint where she cited various permissible purposes for obtaining a credit report under the FCRA, and alleged that the Bank did not have any of those permissible purposes to make inquiries on her credit report.

The district court dismissed the case, finding that Nayab did not have standing to pursue her FCRA claim because, even if the Bank’s credit inquiries were impermissible under the FCRA, “absent disclosure to a third party or an identifiable harm from the statutory violation, there is no privacy violation.” Nayab, slip op. at 5. The district court also dismissed Nayab’s complaint for failure to state a claim, finding that “bare allegations that the defendant did not have a permissible purpose for obtaining a credit report, without more, are insufficient.” Id. at 5.

Nayab appealed.

The Ninth Circuit’s Opinion

In an opinion by Judge Rice, the Ninth Circuit considered two issues: (1) whether a consumer suffers a concrete Article III injury in fact when a third-party obtains her credit report for a purpose not authorized by the FCRA, and (2) whether the consumer-plaintiff must plead the third-party’s actual unauthorized purpose in obtaining the report to survive a motion to dismiss. Id. at 4.

The Ninth Circuit rejected the district court’s holding that Nayab lacked standing because she did not suffer concrete harm where the unauthorized inquiries were not disclosed or used by the Bank. Relying on Robins v. Spokeo, Inc. (Spokeo III), the Ninth Circuit reiterated that some statutory violations alone confer Article III standing. 867 F.3d 1108, 1113 (9th Cir. 2017), cert. denied, 138 S. Ct. 931 (2018). In Spokeo III, the Ninth Circuit held that a statutory violation can by itself manifest concrete injury where “the procedural right [was created] to protect a plaintiff’s concrete interests and where the procedural violation presents ‘a risk of real harm’ to that concrete interest.” Spokeo III, 867 F.3d at 1113.

Based on this reasoning, the Ninth Circuit held that Nayab had standing to pursue her FCRA claims because “obtaining a credit report for a purpose not authorized under the FCRA violates a substantive provision of the FCRA,” and thus “Plaintiff need not allege any further harm to have standing.” Nayab, slip op. at 11. The court disagreed with the district court’s finding that a user must disclose or otherwise use the credit report for the consumer to suffer an injury. Id. at 15.

Next, the Ninth Circuit found that the district court erred in holding that Nayab, as the plaintiff, had the burden of pleading the actual purpose behind the Bank’s procurement of her credit report. Id. at 16. The court instead found that the authorized purposes listed under the FCRA were exceptions that the defendant must plead as affirmative defenses. Id. at 20. The Ninth Circuit also determined that placing the burden on Nayab would be unfair because that would require her to plead a negative fact peculiarly within the knowledge of the defendant. Id.

Against this backdrop, the Ninth Circuit found that Nayab pleaded facts sufficient to give rise to a reasonable inference that the Bank obtained her credit report for an unauthorized purpose. Id. The Bank argued that Nayab’s allegations failed because there were numerous possible reasons that the Bank may have accessed her credit report that would be fully lawful under the FCRA. But the Ninth Circuit rejected this argument, noting that Nayab’s factual assertions negating each permissible purpose for which the Bank could have obtained her credit report, together with Nayab’s allegation that the Bank, in fact, obtained her report, stated a plausible claim for relief. Id.

A split Ninth Circuit reversed the district court’s dismissal of Nayab’s FCRA claim and remanded the case to the district court.

Judge Rawlinson partially dissented. Although agreeing that Nayab had standing to pursue her action under the FCRA, Judge Rawlinson took issue with the pleading standard set forth by the majority. Id. at 29. She strongly disagreed that Nayab had laid out a sufficiently plausible case. Id. at 35. Further, Judge Rawlinson found that the majority’s conclusion that Nayab had no obligation to plead the unauthorized purpose for which the credit report was obtained was inconsistent with Twombly and Iqbal.

Implications for Businesses

Businesses obtaining consumer reports, including credit reports or criminal background checks, should review their compliance practices to ensure that the business has procedures in place to ensure that reports are obtained only for permissible purposes only. Businesses may also want to consider having a process for documenting the permissible purpose for each report and for conducting periodic audits to ensure compliance with company policy. Having sound policies and procedures will ensure regular compliance and will limit liability for willful violations, which expose businesses to punitive damages.

Consumer reporting agencies (“CRAs”) furnishing consumer reports, particularly credit reports, should also review their procedures for confirming permissible purpose. All businesses obtaining reports (“users”) should be credentialed and should provide a permissible purpose before receiving any reports. Having procedures in place for periodic review of users will also reduce a CRA’s potential liability risk.