Tag: DNC

SPAM FROM HOME?: Home Shopping Network (HSN) Hit With New TCPA Class Action Over DNC Text Messages

TCPA class actions against retailers arising out of SMS channel communications continue to roll in, despite Facebook severely limiting the availability of TCPA ATDS claims.

The issue, of course, is the DNC rules that prevent SMS messages to residential phones for marketing purposes absent prior express invitation or permission or an established business relationship.

For instance a consumer in Florida filed a TCPA class action lawsuit against HSN (home shopping network) yesterday in federal court claiming the company sent him promotional text messages without his consent and despite the fact he was on the national DNC list.

Complaint here: HSN COmplaint

The Complaint alleges HSN had a “practice” of sending text messages to consumers on the DNC list and seeks to represent a class of:

All persons throughout the United States (1) who did not provide their
telephone number to HSN, Inc., (2) to whom HSN, Inc. delivered, or
caused to be delivered, more than one call or text message within a 12-
month period, promoting HSN, Inc. goods or services, (3) where the
person’s residential or cellular telephone number had been registered
with the National Do Not Call Registry for at least thirty days before
HSN, Inc. delivered, or caused to be delivered, at least two of the calls
and/or text messages within the 12-month period, (4) within four years
preceding the date of this complaint and through the date of class
certification.

As these cases continue to roll in it is critical that retailers and brands keep the DNC rules in mind. Most companies only seek to contact consumers that sign up for their messages but numerous challenges to compliance exist:

  1. Third-party lead suppliers often provide false information;
  2. Consumers enter the wrong phone numbers on POS systems and online; and
  3. Phone numbers change hands regularly.

While tools exist to help limit exposure on these challenges it is critical to maintain a strong DNC policy and attendant training to provide a defense. And don’t forget about the new revocation rules!

© 2024 Troutman Amin, LLP
For more on the TCPA, visit the NLR Communications Media Internet section

DNC, Bernie Sanders’ Data Breach – Breaches Are Not Just About Social Security Numbers or Payment Cards

Are pundits discussing the personal information allegedly accessed by a campaign staffer for Bernie Sanders? No, not really, and that is the point.

In Saturday’s debate at St. Anselm College in Manchester, New Hampshire, Democratic presidential candidates Bernie Sanders and Hillary Clinton jousted over an alleged intrusion into Clinton’s voter data by a Sanders campaign staffer. According to reports, the staffer accessed confidential voter data maintained by a vendor, NGP VAN, while the firewall protecting that data had been removed. (hmmm…a third party vendor) In response, the Democratic National Committee (DNC) terminated the Sanders campaign’s access to all voter data, including the campaign’s own data. Litigation followed, a deal was reached, but reverberations continue. Turn to your favorite cable news channel.

One hears “data breach” and immediately Social Security numbers, credit card data, or medical information come to mind. In this case, the personal information reported to be involved included names, addresses, ethnicity, and voting history, hardly considered to be sensitive personal information in the United States. In fact, none of the state data breach notification laws would require notification based solely on these data elements. (But see, e.g., FTC settlement involving email addresses). But, some of the information, particularly analytical data concerning voter preferences, can be tremendously helpful to a campaign. So it is easy to see why it is causing such a stir, particularly for the Sanders campaign.

Why is this important beyond presidential politics?

Organizations are beginning to recognize the need for data breach preparedness. This is good – we are seeing more internal teams being assembled and comprised of key stakeholders within organizations. They are meeting, learning and developing data breach response plans including sample investigation checklists and policies, template notification letters, vendor relationships and engaging in tabletop exercises.

Their initial focus, however, is often exclusively on breaches involving personal information that would trigger notification obligations under federal (e.g., HIPAA) and state laws. The Sanders breach and others before it should make clear that these teams need to look beyond Social Security numbers and payment cards and account for data breaches that could initiate an entirely different set of concerns, exposures, considerations and mitigation steps.

If breached, an organization’s proprietary data, internal email communications among executives and management, customer or client data, sales information, and as we are seeing even voter data can have catastrophic consequences for an organization. A breach exposing insensitive email correspondence in the c-suite about customers, or suggesting systemic discriminatory employment practices, or outlining detailed labor management strategies can have significant implications for a company’s market position and workforce management. It can also trigger unwanted litigation and adversely impact the organization’s reputation. Putting data belonging to others at risk also could result in the loss of access to critical business information help by others, as in the Sanders breach. These are only a handful of examples and one need only think about some of the sensitive business information maintained or accessed by their own organizations that is not personal information to understand the effects of a breach of that information.

Organizations cannot prevent all unflattering emails that are sent and received by members of their workforce, they cannot avoid collecting or accessing sensitive business information entirely, nor can they prevent all data breaches from occurring. But they can take steps to be prepared in the event of a breach and in doing so, should consider the broad range of breaches they could encounter. Organizations engaged in data breach response planning, therefore, need to consider a wide range of data breaches that could affect their organizations – those affecting personal information and those affecting other sensitive and critical business information.

Article By Joseph J. Lazzarotti of Jackson Lewis P.C.

Jackson Lewis P.C. © 2015