Five Things You Need to Know About Attorney General Enforcement Actions

A conversation with Helen Mac Murray, Founding Partner, Mac Murray & Shuster, LLP

Do You Need to Worry About Consumer Protection Laws?

The short answer is yes.

A quick primer: Consumer protection laws are an important tool in the arsenals of state attorneys general (AGs), and their offices are quick to take targeted enforcement action against any business found to be engaged in unfair or deceptive marketing or advertising practices. AGs may work independently or together across states, and may also collaborate with federal regulators in actions against allegedly violating businesses.

Regulatory enforcement actions usually begin in the form of a letter and/or a subpoena and request for extensive information. Settlements for these actions can require the business in question to refrain from the alleged violating practice in the future and pay civil penalties that can range from tens of thousands to millions of dollars.

All business owners should be aware of state and federal consumer protection laws and remain abreast of current best practices.

Five things you need to know:

1. Small businesses are not exempt!

Think your small business is flying under the radar? It’s not. No business is too small to escape scrutiny when AGs are considering a specific area of consumer protection. Twenty percent of the actions I’ve handled have involved sole proprietors. They have often mishandled consumer protection responsibilities by assuming they were too little to be a target.

Every business that engages with consumers, selling services or products, is responsible for knowing and following consumer protection laws. Know the laws that apply to you, stay abreast of current regulatory actions in your industry, and audit your practices regularly to ensure you are keeping compliant. The time and money you spend proactively cannot compare to the penalties you will pay if action is brought against you.

2. Your own state’s laws apply to you. And so do those of any other state where you have customers.

Do you sell goods and services online? Ship outside your state’s borders? Then you can be held accountable for laws in other states.

It’s not enough to know the laws in your own state. There are small differences in laws across the country, and you need to be on the right side of every consumer protection law in any state in which you do business.

3. Pay attention to AG enforcement trends.

They might not be as eye-catching as celebrity fashion or as volatile as the stock market. Still, there are changing trends in the consumer protection enforcement arena, and you need to know what they are.

The trends in AG enforcement depend on a lot of factors and are continually evolving. Right now, we see a lot of new actions in the financial services sector. Student loan lenders, payday lenders, and other financial players that cater to consumers are under intense and growing scrutiny.

Another area receiving a lot of focus now is telemarketing, particularly with robocalls. The problem is that not all robocalls are illegal, but many are and it’s hard to know the difference. A consumer may have put their number on the Do Not Call list, but then given their informed consent to receive calls from a specific business. There is a lot of discussion – and confusion – about what constitutes consent in this arena.

4. The person sitting in the Oval Office matters.

State consumer protection laws are somewhat non-specific, which makes their enforcement subjective. Historically, Democratic-led administrations tend to be more aggressive in enforcement of consumer protection, generally taking a more liberal view of what might be considered “deceptive practices.” With a Democratic president and federal regime, and about half the states’ attorneys general Democratic, we see an uptick in enforcement actions, especially in high-profile areas.

During the previous Republican administration, there was a lot of collaboration between Democratic state regulators, who banded together to advance issues in the face of regulatory forces in a federal administration deemed “business-friendly.” Now that the pendulum has swung the other way, we see significant collaboration on hot-button regulatory issues like those mentioned above. In fact, I am seeing more collaboration between states and the federal government today than I have witnessed in twenty years working in this arena. This means resultant actions will be bigger and much more costly—potentially devastating to some businesses and industries.

5. Be careful who you get in bed with.

Good advice in life, but also when considering partnering with vendors and other parties. In 2013, one of the first big data breach cases in the United States involved a small third-party vendor who fell prey to hackers and ended up releasing consumer payment information for 41 million customers that was collected by a major retailer. Though the retailer itself was not directly responsible for the breach, the attorneys general found otherwise, and it paid $18.5 million in a multistate settlement.

You are responsible for the actions of your vendors in many cases, and even a well-written contract might not be enough to protect your business from the unscrupulous or careless actions they take. Conduct your due diligence and ensure your contracts are vetted by experienced attorneys who are familiar with regulatory demands. Put extra effort into making sure your partners have stayed above board in the past and don’t have a history of regulatory action.

If you are the target of regulatory action, you need experienced help.

If you’ve received a subpoena and a request for information, you will need an experienced consumer protection regulatory attorney to guide you through the investigative process. One who brings previous experience as a regulator and who maintains relationships with the current regulators will bring unique insight and capability to the process.

The important thing to realize is that if you’ve been subpoenaed, it’s likely you’ve actually been under investigation for months or even years. The regulators have been watching and gathering information. Once they contact you, their goal is to secure the documentation needed to prove what they already believe to be true, settle, and collect the penalties.

In other words? You are presumed guilty.

A regulatory attorney focused in this area can guide you through responding to regulators, offering the correct information at the right time, and helping you make a case for your business and yourself, often greatly lessening the penalties you might be subject to. If you try to handle the response yourself or bring in an inexperienced attorney, it will cost you.

The consumer business landscape is more riddled with potholes and landmines than ever before, but a practiced regulatory compliance firm can help you navigate.

At Mac Murray & Shuster, we’re happy to help clients understand their obligations and ensure their business practices are in line with current consumer protection laws. Reach out to us today at compliance@mslawgroup.com and let us help your business thrive against its greatest compliance challenges.

Helen Mac Murray is a founding partner of Mac Murray & Shuster LLP, a boutique law firm focused on consumer protection and privacy regulatory compliance and defense. She is a former Chief of the Ohio Attorney General’s Consumer Protection Section.