The State AG Report Weekly Update February 23, 2017

Breaking News

Mike Hunter Appointed as Attorney General of Oklahoma Following Scott Pruitt’s Confirmation to Head the EPA

  • Oklahoma Governor Mary Fallin appointed Secretary of State Mike Hunter as Oklahoma AG to succeed former AG Scott Pruitt, who was confirmed as EPA Administrator by the U.S. Senate last Friday. AG Hunter will serve until the next scheduled general election in 2018.
  • Before being appointed Secretary of State, Hunter served as first assistant AG under Pruitt. Hunter’s previous experience includes serving as Chief Operating Officer (“COO”) of the American Bankers Association, Executive Vice President and COO of the American Council of Life Insurers, Chief of Staff to former Congressman J.C. Watts, Jr., and a member of the Oklahoma House of Representatives for six years.
  • Pruitt, Hunter’s predecessor, was first elected Oklahoma AG in 2010 and reelected in 2014 and served for two terms as Chairman of the Republican Attorneys General Association. Prior to serving as AG, Pruitt was an Oklahoma state senator from 1998 until 2006.

Consumer Protection

FTC and 10 Attorneys General Settle with Companies for Allegedly Assisting Unlawful Telemarketing Scheme

  • The Federal Trade Commission (“FTC”) and 10 AGs reached a settlement with Telephone Management Corporation, TM Caller ID, LLC, Pacific Telecom Communications Group, International Telephone Corporation, and International Telephone, LLC, and their owner (collectively “Pacific Telecom”) over alleged violations of the FTC Act and the federal Telemarketing and Consumer Fraud and Abuse Prevention Act.
  • According to the complaint filed by the FTC and AGs in 2015 against Pacific Telecom, as well as Caribbean Cruise Line, Inc. and others who have previously settled, the companies allegedly “assisted and facilitated” unwanted robocalls by providing robocallers with hundreds of telephone numbers, allowing robocallers to change caller ID information to avoid recognition by consumers, funding a portion of the robocalling campaigns, and hiding the robocallers’ identities from authorities.
  • Under the terms of the consent judgment, Pacific Telecom is prohibited from engaging in illegal telemarketing and must pay a civil penalty of $1.35 million, with all but $2,500 suspended upon partial payment.

Arkansas Attorney General Files Lawsuit Against Vacation Rental Business for Allegedly Deceitful Business Practices

  • Arkansas AG Leslie Rutledge filed a lawsuit against vacation rental companies The Resort Place, LLC d/b/a Resort Place Travel, X4Sucess, and its owners and operators (collectively “The Resort Place”) for allegedly under-delivering promised goods and services in violation of the Arkansas Deceptive Trade Practices Act.
  • According to the AG’s office, The Resort Place allegedly accepted payment for vacation bookings but failed to provide the advertised and agreed upon accommodations by, among other things, not booking the rental requested, moving the initial resort reservation to a hotel with different accommodations and amenities, and not reimbursing consumers for the more costly alternative accommodations.
  • The lawsuit seeks restitution for consumers, attorneys’ fees, and penalties of $10,000 per violation of the Arkansas Deceptive Trade Practices Act.

New York Attorney General Files Lawsuit Against Defunct Fitness Club

  • New York AG Eric Schneiderman filed a lawsuit against Club Ventures, LLC d/b/a David Barton Gyms and related entities (collectively “David Barton Gyms”) for allegedly denying its members an opportunity to be issued refunds for prepaid services prior to closure in violation of state laws.
  • According to the AG’s office, David Barton Gyms allegedly failed to provide refunds to members with prepaid membership and training packages and failed to notify its gym members and staff before it abruptly filed for bankruptcy and closed.
  • The lawsuit seeks full restitution for those consumers with unused prepaid services.

Data Privacy

New Jersey Attorney General, Division of Consumer Affairs Reach Settlement with Healthcare Provider Over Alleged HIPAA Violations

  • New Jersey AG Christopher Porrino and the Division of Consumer Affairs reached a settlement with healthcare provider Horizon Healthcare Services, Inc. d/b/a Horizon Blue Cross Blue Shield of New Jersey (“Horizon”) for allegedly failing to properly safeguard consumers’ personal information in violation of the Health Insurance Portability Accountability Act (“HIPAA”) and the New Jersey Consumer Fraud Act.
  • According to the original complaint, two laptops stolen from the insurer’s headquarters contained the Electronic Protected Health Information (“ePHI”) of 690,000 New Jersey policyholders that were not encrypted and should not have been stored on the laptops. After reporting the theft, Horizon announced it had encrypted all computers, but the Division’s investigation allegedly discovered more than 100 other laptops at the facility were still not properly encrypted, in violation of HIPAA protocol.
  • Under the terms of the consent judgment, Horizon must implement a Corrective Action Plan and submit status reports to be reviewed by the Division. Horizon also must pay approximately $900,000 in civil penalties (partially suspended upon compliance with the consent judgment), $90,000 in attorneys’ fees, and $80,000 to the AG’s office for consumer privacy programs.

Vermont Attorney General Settles with Restaurant Over Allegedly Inadequate Credit Card Security Practices

  • Vermont AG T.J. Donovan reached a settlement with Grand Buffet Essex Junction Inc. and its owners (collectively “Grand Buffet”) over allegations that the Chinese‑style buffet failed to implement certain operational safeguards after repeated incidents of stolen credit card information, a violation of Vermont’s Consumer Protection Act.
  • According to the AG’s office, Grand Buffet failed to implement improved security measures recommended by the AG’s office after an employee stole customers’ credit card information and committed fraud, which allowed additional incidents of credit card information theft and fraud to occur.
  • Under the terms of the settlement, Grand Buffet must implement more secure operating systems for credit cards, create a new employee record keeping system, and agree to a $30,000 civil penalty to be paid to the state of Vermont. The employee responsible for the credit card fraud was recently sentenced to pay $25,000 restitution to the victims.