Digest 11.05.2020: AG Elections Roundup | FTC Requires Medical Device Divestiture | Aetna Data Breach Settlement

2020 AG Elections

Ten AG elections were held on November 3, 2020. As of this writing, six incumbent AGs won their elections, and Republicans held the open-seats in Indiana and Montana. In the two undecided races, Democratic incumbents in North Carolina and Pennsylvania are narrowly leading Republican challengers. For more AG election news, insights, and polls, visit Cozen O’Connor’s State AG Election Tracker.

  • Todd Rokita (R) won the Indiana AG open-seat race over Jonathan Weinzapfel (D).
  • Incumbent AG Eric Schmitt (R) won the Missouri AG race over Rich Finneran (D).
  • Austin Knudsen (R) won the Montana AG open-seat race over Raph Graybill (D).
  • Incumbent AG Josh Stein (D) is leading in the North Carolina AG race over Jim O’Neill (R) by a margin of 50.1% to 49.9% with 100% of precincts reporting and 74.6% of ballots counted.
  • Incumbent AG Ellen Rosenblum (D) won the Oregon AG race over Michael Cross.
  • Incumbent AG Josh Shapiro (D) is leading in the Pennsylvania AG race over Heather Heidelbaugh (R) by a margin of 49.7% to 47.5% with 99.9% of precincts reporting.
  • Incumbent AG Sean Reyes (R) won the Utah AG race over Greg Skordas (D).
  • Incumbent AG TJ Donovan (D) won the Vermont AG race over H. Brooke Paige (R).
  • Incumbent AG Bob Ferguson (D) won the Washington AG race over Matt Larkin (R).
  • Incumbent AG Patrick Morrisey (R) won the West Virginia AG race over Sam Petsonk (D).


FTC Requires Divestiture in Blockbuster Medical Device Deal

  • The Federal Trade Commission reached a settlement with medical device companies Stryker Corp. (“Stryker”) and Wright Medical Group N.V. (“Wright”) to resolve allegations that Stryker’s proposed $4 billion acquisition of Wright will harm competition in the total ankle replacement and finger joint implant markets in violation of the FTC Act and the Clayton Act.
  • The FTC’s complaint alleged that, because the two companies are suppliers of close substitutes in both markets, the elimination of their direct head-to-head competition would allow the combined entity to control 75% of the U.S. market for total ankle replacements and more than 50% of the U.S. market for finger joint implants, giving it significant market power that would result in higher consumer prices and reduced research and development.
  • Under the proposed consent order, Stryker and Wright must divest all assets associated with Stryker’s total ankle replacement products and finger joint implants to Colfax Corporation. The proposed settlement is subject to a 30-day public comment period, after which the FTC will decide whether to make the proposed consent order final.

 Consumer Financial Protection Bureau

The CFPB Issues Two Final Rules on Debt Collection, Treatment of Confidential Information

  • The Consumer Financial Protection Bureau (“CFPB”) issued a final rule restating and clarifying prohibited practices and conduct by consumer debt collectors and explaining how consumer protections under the Fair Debt Collection Practices Act apply to electronic communications. Among other things, the rule establishes a presumption that debt collectors act illegally if they place more than seven calls on seven consecutive days to the same consumer in connection with the same debt. The rule also requires debt collectors to provide instructions in each electronic communication that provide for a simple and reasonable way for a consumers to opt-out of receiving further electronic communications.
  • The CFPB also issued a final rule amending its Disclosure of Records and Information Regulation to address the treatment of confidential information that the CFPB generates or receives in connection with exercising its authority. Among other things, the rule revises previous rules related to the CFPB’s information practices, including how it shares confidential and sensitive information with other agencies and with its contractors, and improves the CFPB’s ability to protect confidential information.

 Consumer Protection

Court Issues Judgment Against Property Manager For Allegedly Hijacking Owners’ Rental Properties

  • Washington AG Bob Ferguson obtained a default judgment for restitution and injunctive relief against Travis Jackson and his two property management companies (collectively “Jackson”) for allegedly engaging in a deceptive and unfair scheme to promote “free” property management services to homeowners in violation of the Washington Consumer Protection Act.
  • The complaint alleged that, among other things, Jackson operated a property management company without a license, pressured rental property owners to sign unconscionable contracts that gave him sole control over the properties, added new walls and rooms to rental properties without the owners’ knowledge or permission, and failed to pay the rent owed to property owners.
  • Under the terms of the order, Jackson must pay more than $256,000 in restitution, $252,300 in civil penalties, and over $76,000 in attorneys’ costs and fees. Jackson is also enjoined from engaging in property management activities without a license and making unauthorized modifications to homes under his care, among other things.

 Data Privacy & Security

Aetna Pays $1 Million to HHS to Resolve Allegations of HIPAA Violations

  • The Office of Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) reached a settlement agreement with Aetna Life Insurance Company and related entities (collectively “Aetna”) to resolve alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules.
  • According to the resolution agreement, Aetna submitted breach reports about three separate incidents to the OCR. The first involved two web services that displayed plan-related documents to health plan members without requiring login credentials, which were later indexed on online search engines. This breach resulted in the disclosure of over 5,000 individuals’ protected health information. The other two breach reports related to physical mail in which protected health information, including information relating to recipients’ HIV status, was visible without opening the mailing’s envelope.
  • Under the terms of the resolution agreement, Aetna will pay $1 million to HHS, develop a corrective action plan to strengthen its information safeguards, including developing and implementing written policies and procedures to comply with HIPAA’s privacy and security standards, executing staff training reforms, and submitting annual compliance reports, among other things.
  • As previously reported, Aetna also reached settlements with state AGs to resolve allegations stemming from the same incidents.

 Financial Industry

California Takes KPMG to Task Over Admissions of Cheating

  • California AG Xavier Becerra and the California Board of Accountancy (“CBA”) reached a settlement with multinational accounting firm KPMG LLP over its admission to being disciplined by the U.S. Securities and Exchange Commission (“SEC”) for misusing confidential information from the Public Company Accounting Oversight Board (“PCAOB”) to improve its PCAOB inspection results, and admitting that many of its certified public accountants (CPA) cheated on internal continuing education exams in violation of the Accountancy Act.
  • According to the AG’s office, the matter arose from KPMG’s admission that it was disciplined by the SEC over its improper access and use of PCAOB’s information and its CPAs’ cheating. KPMG allegedly accessed PCAOB’s information after it had received a high number of deficiency findings in PCAOB’s inspection of its public company audits.
  • Under the terms of the settlement and disciplinary order, among other things, KPMG will pay a $1.3 million administrative penalty as well as enforcement costs to the CBA, and will be subject to a 30-day license suspension, which will be stayed during a three-year probation.