In This Issue:

• New in False Advertising Lawsuits: Security Systems and Oatmeal
• CFPB Wades Into Data Security Enforcement With $100,000 Fine
• Ninth Circuit Affirms Joint and Several Liability Available Under FTC Act
• Rise of Online Shopping Yields Questions About Pricing

New in False Advertising Lawsuits: Security Systems and Oatmeal

Class action complaints alleging false advertising run the gamut of products and services, and recent lawsuits filed across the country bear this principle out, with cases challenging everything from oatmeal to home security systems.

A Florida resident filed suit against ADT Corporation in federal court, asserting that the largest residential and small business electronic security provider in the country deceptively markets its equipment and monitoring systems as safe and reliable, using claims such as "We Save Lives," "Get Security You Can Count On. Every Day of the Year," and "ADT takes pride in using the most advanced technology."

"In truth, ADT's wireless signals are anything but safe and reliable, as the wireless signals are both unencrypted and unauthenticated, and can easily be intercepted and interfered with by unauthorized third parties," according to Santiago Hernandez's complaint. "As such, ADT's customers are far more vulnerable and less safe than ADT leads them to believe."

According to the complaint, all it takes to hack the ADT system is a simple and inexpensive device that can enable a third party to see transmissions from ADT's sensors, track when people are opening and closing doors, manipulate the system by falsely triggering an alarm, jam the system so that alarms are not triggered, and remotely disconnect or disable security systems.

ADT was aware of the vulnerability of its customers, Hernandez added, but the company turned "a blind eye" to its problems and failed to notify consumers that its signals are unencrypted and unsecure. "ADT's misleading marketing statements and omissions are particularly egregious given that they provide a false sense of security to those individuals and businesses that are most vulnerable: individuals and businesses who are seeking the comfort of an extra level of security that a home security system provides," the plaintiff said.

The defendant's misrepresentations violated Florida's consumer protection law, Hernandez alleged, requesting declaratory and injunctive relief requiring ADT to change its marketing materials, secure customers' wireless systems, and pay damages to an estimated class of hundreds of thousands of consumers.

As for Darren Eisenlord's oatmeal, he claimed in a putative class action in California federal court that Quaker Oats Company's labels for six different types of oatmeal—featuring the image of a maple syrup jug and the words "maple and brown sugar" prominently displayed—tricked him into purchasing what he thought was oatmeal flavored with maple and brown sugar but didn't actually contain any maple syrup or maple sugar.

Maple syrup and maple sugar are premium ingredients that companies add to sweeten food products, according to the complaint, with a material bearing on consumers' purchasing decisions. Maple is also a substance derived from the heat treatment of sap from the maple tree, Eisenlord added, and none of the defendant's products qualify as maple syrup under this definition.

This deceptive labeling constituted a breach of express warranty and violations of various California laws, including the Consumer Legal Remedies Act, the False Advertising Law, and the Unfair Competition Law, as well as both the federal Food, Drug, and Cosmetic Act and its state analogue, the plaintiff said. Requesting that the court certify a nationwide class and a subclass of California residents who purchased the Quaker Oats oatmeal products during the previous four years, Eisenlord asked for actual damages, an injunction, and disgorgement of profits.

To read the complaint in Hernandez v. The ADT Corporation, click here.

To read the complaint in Eisenlord v. The Quaker Oats Company, click here.

Why it matters: False advertising lawsuits remain a popular consumer class action fixture with no signs of abating, challenging products and services ranging from home security systems to oatmeal.

CFPB Wades Into Data Security Enforcement With $100,000 Fine

Following in the footsteps of the Federal Trade Commission, the Consumer Financial Protection Bureau has brought its first enforcement action for alleged misrepresentations about a company's data security practices, imposing a $100,000 fine against an online payment system company.

Iowa-based Dwolla, Inc. operated an online payment system that by May 2016 had more than 650,000 users and transferred as much as $5 million per day. As part of its operations, the company collected and stored sensitive personal information including a user's name, address, date of birth, telephone number, Social Security number, bank account and routing numbers, password, and unique 4-digit PIN.

From December 2010 until 2014, according to the CFPB's complaint, Dwolla claimed that its financial platform provided "safe" and "secure" transactions and that "anyone with an Internet connection" could "safely send money to friends or businesses." The company also assured consumers that it encrypted all sensitive personal information and that its security practices exceeded industry standards, achieving compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

Contrary to such claims, the Bureau alleged, the company failed to employ reasonable and appropriate measures to protect consumer data from unauthorized access, did not encrypt some of the sensitive consumer personal information it held, and released applications to the public before testing whether they were secure.

The company neither admitted nor denied the CFPB's charges but the consent order requires Dwolla to pay a $100,000 fine and stop misrepresenting its data security practices. Specifically, the company may not deceive consumers about the security of its online payment system and must enact comprehensive data security measures and policies, complete with a program of risk assessments and audits.

In addition, Dwolla needs to fix its security flaws, securely store and transmit consumer data, and properly train its employees on the company's data security policies and procedures, as well as how to protect the sensitive personal information provided by consumers.

The CFPB brought its first data security case pursuant to its power, under the Dodd-Frank Wall Street Reform and Consumer Protection Act, to take action against institutions engaged in unfair, deceptive, or abusive acts or practices, noting that the effort "builds off advances made by several other agencies."

"Consumers entrust digital payment companies with significant amounts of sensitive personal information," CFPB Director Richard Cordray said in a statement about the case. "With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing. It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices."

To read the consent order in In the Matter of Dwolla, Inc., click here.

Why it matters: The CFPB's enforcement action made headlines not for the allegations themselves or the amount of the fine but for the agency's expansion of its authority into the cybersecurity ecosystem and seeming encroachment on the FTC's turf. Over the last decade, the Commission has pursued more than 50 data security actions and has positioned itself as the federal agency policing such issues. With the CFPB asserting itself as an enforcer of cybersecurity, the action puts financial institutions and other entities under the Bureau's enforcement umbrella on notice to review their data security claims and practices. Importantly, the CFPB relied upon its authority to challenge unfair or deceptive acts and practices as no actual breach or compromise of consumer information gave rise to the action.

Ninth Circuit Affirms Joint and Several Liability Available Under FTC Act

The Ninth Circuit Court of Appeals affirmed that a California federal court had the power to impose an $18.2 million restitution award upon the former president of Commerce Planet, Inc. after a finding that the company violated Section 5 of the Federal Trade Commission Act.

The dispute began when the FTC filed suit against Commerce Planet, Inc. and three of its top officers for engaging in unfair or deceptive business practices with regard to the marketing of a product called "OnlineSupplier." Although the company touted the product as a Web site hosting service enabling consumers to make money by selling products online, the agency said it was a negative option scam that made millions by tricking purchasers who were surprised to find themselves paying $29.95 to $59.95 each month.

Two of the individual defendants and the company settled with the FTC but Commerce Planet's former president, Charles Gugliuzza, elected to stand trial. After a 16-day bench trial in California federal court, the judge ruled the company had violated Section 5 and held Gugliuzza personally liable for the unlawful conduct. The defendant exercised operational control over the company during the relevant time period, the court held, and oversaw and directed the marketing of the product, including approval of the negative option feature. Gugliuzza was permanently enjoined from engaging in similar misconduct and ordered to pay $18.2 million in restitution, an amount determined by reducing the $36.4 million total net revenues of the company.

Gugliuzza appealed, arguing that the district court lacked the authority to award restitution, or, alternatively, should have limited the award to the unjust gains he personally received, which was roughly $3 million.

The Ninth Circuit had no trouble finding that the district court had the authority to award restitution pursuant to Section 13(b) of the Federal Trade Commission Act, which provides that "in proper cases the Commission may seek, and after proper proof, the court may issue, a permanent injunction," with case law from the Circuit that district courts are empowered to grant "any ancillary relief necessary to accomplish complete justice."

This equitable jurisdiction includes the power to deprive defendants of their unjust gains from past violations, the panel said, and does not limit a court to award restitution limited to the unjust gains each defendant personally received.

"Restitution does involve the return to the plaintiff of gains a defendant has unjustly received," the court noted. "But the relevant question in a case like this one—in which an individual defendant violates the FTC Act by acting in concert with a corporate entity—is whether the individual may be held personally liable for restitution of the corporation's unjust gains. The answer is yes—provided the requirements for imposing joint and several liability are satisfied, and here they are."

Gugliuzza satisfied the two-part test for determining when an individual may be held personally liable for corporate violations of the Act, the court said, because the district court found he had the authority to control the unlawful acts or practices at issue and had actual knowledge of the misrepresentations involved, with an awareness of the high probability of fraud.

If an individual may be held personally liable for corporate violations of the FTC Act under this test, nothing more needs to be shown to justify imposition of joint and several liability for the corporation's restitution obligations, the panel explained. "Defendants held jointly and severally liable for payment of restitution are liable for the unjust gains the defendants collectively received, even if that amount exceeds (as it usually will) what any one defendant pocketed from the unlawful scheme," the court wrote.

However, the district court judge failed to enter judgment against Gugliuzza on the basis of joint and several liability. Lacking the power to correct the error, the Ninth Circuit vacated the judgment and remanded for the court to either hold Gugliuzza jointly and severally liable with Commerce Planet for the $18.2 million or limit the award to the unjust gains Gugliuzza himself received (about $3 million). The court added that Gugliuzza should receive a credit for any sums the FTC collected from the settling defendants, such as the $522,000 paid by the other individuals and the company.

The panel also rejected Gugliuzza's challenge to the amount of the restitution award. Under the two-step burden-shifting framework used to calculate restitution awards under Section 13(b), the FTC presented undisputed evidence that Commerce Planet received $36.4 million in net revenues from the sale of OnlineSupplier during the relevant period. The agency also proved that the company made widely disseminated material misrepresentations, entitling it to a presumption that all consumers who purchased the product did so in reliance on the misrepresentations.

When the burden shifted to the defendant, he argued that not all consumers who purchased OnlineSupplier were deceived, but he failed to offer a reliable method of quantifying what portion were free from deception, the panel said. The district court could therefore rely on testimony from the FTC's expert that "most" consumers were deceived—evidence that actually benefitted Gugliuzza as the court relied upon it to reduce the award.

"The district court did not abuse its discretion when it instead decided to err on the side of caution by slashing the otherwise-permissible award in half," the Ninth Circuit wrote. "Any error in that regard could only have benefitted Gugliuzza."

To read the opinion in FTC v. Commerce Planet, click here.

Why it matters: The Ninth Circuit decision offers a valuable roadmap to individual liability under the FTC Act. Federal district courts have the power to order restitution where an individual defendant is found to have violated the Act by directing or acting in concert with a corporate entity, and the amount of the award is not limited to the individual's unlawful gains. Joint and several liability can leave a company executive like Gugliuzza on the hook for millions of dollars when the court determines the individual had the authority to control the unlawful acts or practices at issue and had actual knowledge of the misrepresentations involved. In the defendant's case, although he claimed to have walked away with just $3 million, he may be liable for the $18.2 million judgment (less the $522,000 from the other defendants' settlement deal).

Rise of Online Shopping Yields Questions About Pricing

What value does a list price have?

Not much, The New York Times reported in a story about the growing number of lawsuits alleging retailers engage in deceptive pricing by claiming a markdown from an arbitrary "list price." For example, the Times checked online prices for a Le Creuset iron-handle skillet in cherry red, measuring 11 ¾ inches wide. While half a dozen sites offered the product for $200, each seller said that price was a markdown from a different list price, ranging from $285 to $260.

The issue first made headlines in 2014, when a group of California district attorneys brought a false advertising suit against Overstock.com, accusing the online marketplace of using misleading list prices in order to exaggerate the amount of a customer's savings. One example cited in the complaint referenced an incident where Overstock advertised a patio set for $449.99 with a list price of $999. A consumer claimed that when he received the set, it had a retailer sticker on it with a list price of $247.

"Overstock has consistently used [advertised reference prices] in a manner designed to overstate the amount of savings to be enjoyed by shopping on the Overstock site," California Judge Wynne Carvill wrote, ordering the company to pay $6.8 million.

Overstock.com appealed the decision. But the case launched a trend among consumers, who have filed dozens of putative class actions alleging deceptive pricing, targeting outlet stores and other discount retailers. The suits are costing retailers millions of dollars, as demonstrated by Michael Kors agreeing to pay almost $5 million last year to reach a deal in over pricing in its outlet stores.

A new complaint in New York federal court follows this trend, this time against J. Crew's outlet Web site. The national retailer offered sale prices on its factory store Web site that had no basis for comparison because the original "valued at" price was never actually charged, Joseph D'Aversa told the court.

In addition, the defendant "perpetually held" a series of site-wide "sales" that purported to discount, for a limited time, all items on the Web site by a certain percentage, often claiming the sale price was available only for a limited time (such as a 24-hour period, for example). Because the purported sale prices never end "but rather continue on a daily basis and are available anytime a customer visits the website, they are not actually discounts at all, but rather the everyday, regular prices of the items," the plaintiff alleged.

The New Jersey resident—who purchased two sweaters from the factory site—sought damages for a proposed class and subclass totaling at least 10,000 members under state consumer protection laws.

However, not all plaintiffs are successful. A federal court in Massachusetts recently tossed a deceptive pricing suit after concluding that the plaintiff had not suffered a cognizable injury in her suit against Kohl's Department Stores.

The Times pointed to the rise of the Internet as the reason behind the fall of the list price. Online shoppers want to believe they are getting a bargain and retailers are willing to help them believe just that, consumer protection advocates and plaintiff's attorney argued. As the former director of the Federal Trade Commission's Bureau of Consumer Protection, David C. Vladeck, told the Times, "If you're selling $15 pens for $7.50, but just about everybody else is also selling the pens for $7.50, then saying the list price is $15 is a lie."

To read the complaint in D'Aversa v. J. Crew Group, click here.

Why it matters: Deceptive pricing has also caught the eye of federal lawmakers, who requested that the Federal Trade Commission take a closer look at the issue with regard to outlet stores, even suggesting the agency consider establishing a formal definition of terms like "factory outlet" or "outlet store." Agency action may be a possibility as the use of a "list price" continues to trigger controversy and lawsuits.