United States: The State AG Report Weekly Update June 20, 2019

Last Updated: June 25 2019
Article by Lori Kalani and Bernard Nash


California Attorney General Sues Country Club Owners and Operators Over Allegedly Failing to Repay Deposits to Members

  • California AG Xavier Becerra filed a lawsuit against country club owners and operators ClubCorp Holdings, Inc., ClubCorp Club Operations, Inc., CCA Club Operations Holding, LLC, ClubCorp USA, Inc., and their subsidiaries and affiliates (collectively, "ClubCorp") over allegations that they failed to repay deposits owed to their members under membership agreements in violation of the state's Unfair Competition Law and False Claims Act.
  • According to the complaint, ClubCorp allegedly failed to return over $10 million in membership initiation deposits to members as required by membership contracts or, if members could not be located, escheat their deposits to the state Controller's Office ("SCO"); counted members' deposits as part of their assets; and omitted the deposits in reports to the SCO.
  • The complaint seeks injunctive relief, restitution, civil penalties, damages, and attorney's fees and costs.

FTC Holds Hearing on Competition and Consumer Protection Featuring Attorneys General and Staff

  • The Federal Trade Commission ("FTC") held its final session of its Hearings on Competition and Consumer Protection in the 21st Century, which featured Nebraska AG Doug Peterson, Louisiana AG Jeff Landry, South Dakota AG Jason Ravnsborg, and Tennessee AG Herbert Slatery, as well as senior consumer protection, antitrust, and data privacy staffers.
  • According to reports, the AGs and staff discussed the need for greater federal and state involvement in protecting competition in the technology industry and increasing transparency regarding use of personal data, among other things.
  • As previously reported, the National Association of Attorneys General submitted comments to the FTC, signed by a bipartisan coalition of 43 AGs, noting similar antitrust and data privacy concerns.


New York Legislature Passes Bill Expanding Data Security and Consumer Privacy Protections

  • The New York Legislature passed the Stop Hacks and Improve Electronic Data Security ("SHIELD") Act, submitted by New York AG Letitia James, that would expand the state's data breach law and Internet Security and Privacy Act.
  • The bill, S5575B, expands the definition of "personal information" to include additional information such as biometric information, email addresses, and corresponding passwords or security questions and answers; expands the definition of "data breach" to include unauthorized access to private information; applies data breach notification requirements to any entity that owns or licenses data containing private information of a state resident; and specifies reasonable data security requirements depending upon the size of a business.
  • The bill is pending the Governor's signature and, if signed, will go into effect 90 days after enactment, except for the section of the bill applying data breach notification requirements to additional entities, which will go into effect 240 days after enactment

FTC Settles With Auto Dealer Software Provider Over Allegedly Failing to Protect Consumers' Personal Information

  • The Federal Trade Commission ("FTC") reached a settlement with auto dealer software provider LightYear Dealer Technologies, LLC d/b/a DealerBuilt ("DealerBuilt") to resolve allegations that it failed to protect consumers' personal information in violation of the FTC Act and Safeguards Rule of the Gramm-Leach-Bliley Act.
  • According to the complaint, DealerBuilt allegedly failed to impose access controls or authentication protections for personal and financial data it stored and transmitted, failed to address an insecure connection to its backup network for 18 months, failed to perform adequate vulnerability testing, and failed to develop and implement written information security policies, allegedly leading to a breach of its backup database in October 2016.
  • Under the terms of the decision and order, DealerBuilt must cease maintaining consumers' personal information until it implements a comprehensive information security program and submit to the FTC biennial third-party assessments of its information security program, among other things.

FTC Warns that Claims of "Participation" in International Privacy Frameworks Are False Unless Participation Is Certified

  • The Federal Trade Commission ("FTC") reached a settlement with background screening company SecurTest, Inc. and issued warning letters to 15 other companies over allegations that they falsely claimed compliance with international privacy requirements in violation of the FTC Act.
  • According to the complaint, SecurTest allegedly falsely claimed on its website that it participated in the European Union ("EU")-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks—which establish processes to allow companies to transfer consumer data from those foreign jurisdictions to the United States in compliance with those jurisdictions' laws—when, in reality, it never received certification of compliance with the frameworks.
  • Under the terms of the decision and order, SecurTest is enjoined from misrepresenting its participation in either framework and must monitor compliance with the terms of the order.
  • In letters to 15 companies, the FTC warned the companies that claims of "participation" in international privacy frameworks, including the U.S.-EU Safe Harbor and U.S.-Swiss Harbor frameworks and the Asia-Pacific Economic Cooperation ("APEC") Cross-Border Privacy Rules system, when they are not in fact certified participants, are false and violate the FTC Act. The letters instruct the companies to remove the claims from all of their public documents.

FTC Releases Agenda For Fourth Annual Workshop on Consumer Privacy and Data Security

  • The Federal Trade Commission ("FTC") released the agenda for its fourth annual PrivacyCon, a workshop on research and trends related to consumer privacy and data security.
  • The agenda details four sessions of presentations and discussions on topics such as privacy policies, disclosures, and permissions; the impact of the European Union General Data Protection Regulations on web privacy; consumer preferences, expectations, behaviors, and understanding and attitudes about digital privacy and online tracking; online advertising; mobile applications; and data vulnerabilities, leaks, and breach notifications.
  • PrivacyCon 2019 will take place on June 27, 2019, at the Constitution Center in Washington, D.C., and is open to the public.


California Attorney General Settles With Automotive Replacement Parts Retailer and Distributor Over Allegedly Improper Disposals of Hazardous Waste and Consumer Personal Information

  • California AG Xavier Becerra reached a settlement with automotive replacement parts retailer and distributor AutoZone, Inc. over allegations that it disposed of hazardous and universal waste at unauthorized landfills in violation of the state's Hazardous Waste Control Law and Consumer Privacy Act.
  • According to the final judgment and permanent injunction on consent ("Consent Judgment"), AutoZone allegedly disposed of hazardous and universal waste—including batteries, aerosol cans, electronic devices, and receptacles containing auto fluids—at landfills not authorized to accept hazardous waste, allowed its customers to deposit hazardous auto fluids and other waste into trash containers in its stores' parking lots, and disposed of customers' records without rendering customers' personal information unreadable.
  • Under the terms of the Consent Judgment, AutoZone must pay $8.9 million in civil penalties, $1.35 million towards environmental projects, and $750,000 to reimburse investigative and enforcement costs, but may earn a $1 million credit towards the penalties by undertaking at least $2 million in environmental enhancement work not required by law, among other things.


Maryland Attorney General Settles With Information Technology Companies Over Allegedly Misrepresenting Software to State Health Benefit Exchange

  • Maryland AG Brian Frosh and the U.S. Department of Justice ("DOJ") reached separate settlements with Curám Software Ltd. and Curám Software, Inc. (collectively, "Curám") and its parent, International Business Machines Corporation ("IBM") over Curám's role, as a subcontractor, in the failed launch of Maryland's health exchange website in violation of the federal and state False Claims Acts.
  • According to the settlement agreement, Curám allegedly failed to deliver on what it promised, resulting in the botched development and launch of the website, which crashed shortly after launching in October 2013.
  • Under the terms of the settlement agreement, the parties must pay $2.8 million to the state, which includes restitution and will accrue interest, and pay $12 million to the United States.
  • As previously reported, AG Frosh reached a settlement in 2015 with Noridian Healthcare Solutions LLC, the lead contractor hired to build the state's health exchange website, over similar allegations.


45 Attorneys General and CFPB Settle With Lender Over Allegedly Offering Deceptive Student Loans

  • 45 AGs, led by Kentucky AG Andy Beshear, and the Consumer Financial Protection Bureau ("CFPB") reached separate settlements with lender Student CU Connect CUSO, LLC ("CUSO") to resolve allegations that it offered deceptive loans to students in violation of the federal Dodd-Frank Wall Street Reform and Consumer Financial Protection Act of 2010 and the states' and the District of Columbia's unfair trade practices and consumer protection laws.
  • According to the AGs' assurance of voluntary compliance ("AVC") and the CFPB's complaint, CUSO allegedly issued loans to students of for-profit college ITT Technical Institute ("ITT Tech") who it knew were likely to default on their loans, did not understand the terms of their loans, or did not realize they had taken out loans.
  • Under the terms of the AGs' AVC and the CFPB's proposed stipulated judgment, CUSO must forgive over $168 million in debt for former ITT Tech students, cease collecting on and discharge outstanding loans, and seek deletion of tradelines in students' credit reports relating to these loans.


New York Attorney General Issues Cease and Desist Letters to 44 Pharmacies Over Allegedly Failing to Post Prices for Commonly Prescribed Drugs

  • New York AG Letitia James issued cease and desist letters to 44 pharmacies over allegations that they failed to post prices of commonly prescribed drugs in violation of the state's consumer protection law.
  • According to the AG's office, the pharmacies allegedly failed to maintain and update weekly the list of prices of the most commonly prescribed drugs (the "Drug Retail Price List") and post conspicuous signage notifying consumers that the list is available for their review.
  • The letters, which are not publicly available, reportedly demand that the pharmacies come into full compliance within 15 days of receipt of the letter.


New York Attorney General Settles With Fuel Supplier Over Allegedly Failing to Deliver Fuel to Consumers

  • New York AG Letitia James reached a settlement with fuel supplier Ferrellgas Partners LP ("Ferrellgas") to resolve allegations that it failed to deliver fuel to consumers. The AG's office and news reports do not disclose the statutory authority the AG asserted to reach this settlement.
  • According to the AG's office, Ferrellgas allegedly failed to deliver fuel to consumers, causing consumers to nearly or completely run out of fuel, and failed to provide live customer service for consumers to contact.
  • According to the AG's office, under the terms of the settlement, Ferrellgas must pay $75,000 in costs to the AG's office, compensate consumers who experienced a disruption to their fuel supply, reimburse consumers for certain disruption-related expenses, increase its fuel storage capacity in the state, expand its customer service operations at certain locations, and obtain additional trucks to ship and deliver fuel.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions