Attorneys General: Valuing Privacy in the Digital Age

The Internet has transformed everything we do—from buying groceries to boarding an airplane—and has emerged as the engine of a new global economy. Its growth is fueled by a set of emerging technologies and business models that are challenging our ability to control how and with whom our personal information is shared, as well as changing our understanding of privacy. These developments in technology and enterprise have created new privacy risks for individuals and corporations. Attorneys general are seeking the best ways to manage those risks by investigating, educating and advocating for meaningful online protections and controls that protect our privacy while also protecting the growth of this new economy. The attorneys general also are tracking implementation of the national $25 billion mortgage
servicing settlement they reached last year to bring relief to homeowners.

  Download the Article in PDF / E-Reader Compatible Format

About the National Association of Attorneys General

The National Association of Attorneys General was founded in 1907 to help attorneys general fulfill the responsibilities of their office and to assist in the delivery of high quality legal services to the states and territorial jurisdictions. Its members are the attorneys general of the 50 states and Washington, D.C., and the chief legal officers of the commonwealths of Puerto Rico (secretary of justice) and the Northern Mariana Islands, and the territories of American Samoa, Guam and the U.S. Virgin Islands. This article was written by Steve Ruckman, assistant attorney general, Maryland Attorney General’s Office, and NAAG Consumer Protection Counsel Dennis Cuevas.

Evolving Notions of Privacy
We live in an age in which digital technology allows information to be shared freely and quickly across many miles and with many people and companies. Thanks to ubiquitous Internet connectivity and cloud storage, consumers are able to submit personal information like locations and credit card numbers to businesses in seconds, and those businesses are able to use that information to better tailor their offerings of products and services. The online interface allows consumers and businesses to transact with each other anonymously in that they never have to meet face-to-face.
But because we are sharing more information about ourselves and storing more of that information not in locked cabinets, but in porous “clouds,” more of our information is available on the Internet to be aggregated and analyzed without our knowledge. For consumers, this means companies can learn a great deal about us—down to what time we wake up and where we go throughout the day—without ever having to ask us our name. For companies, this means competitors and hackers can peer into company files and steal, copy or publish highly sensitive corporate information. As a result, the Digital Age is challenging our understanding of what is private. Consumers and the businesses that serve them can no longer assume their privacy is protected as long as a business cannot identify them by name, and businesses must continually find new ways to guard online information.
Attorneys general have long been champions of consumers and responsible businesses, and they have been active in protecting offline privacy for decades. Many of the state consumer laws they enforce were written with privacy in mind, like laws concerning secure maintenance and destruction of records, and laws protecting Social Security numbers from disclosure. These tools, however, need to be updated for our modern era, where the nature of secure maintenance is constantly shifting, and where disclosing passwords is at least as damaging as disclosing Social Security numbers.
Attorneys general need to reorient their enforcement and advocacy efforts toward the privacy challenges posed by the online economy. That is why Maryland Attorney General Douglas Gansler, as 2012–2013 president of the National Association of Attorneys General, known as NAAG, announced his presidential initiative would focus on privacy in the Digital Age. Those involved are working to reorganize state and territorial attorneys general offices to better combat online privacy threats, investigate those bad actors who exploit Internet privacy weaknesses or mishandle online information, improve legal protections for online privacy, and educate businesses and customers about ways to control their information online.
Reorganizing Attorneys General Offices
Gansler’s first act as NAAG president was to create a Cyber Privacy Committee, which enables centralized coordination among attorneys general as they confront Internet privacy issues. The committee also keeps close watch on developments that affect consumers’ control over their information.
At the individual state level, Gansler has supported the formation and growth of divisions with a focus on Internet privacy, like New York’s Internet Bureau and California’s new Privacy Enforcement and Protection Unit. In his office, Gansler has created an Internet Privacy Unit, which provides outreach and education to businesses and consumers to improve their ability to manage online privacy challenges. It also monitors developments and brings enforcement actions when the online privacy of Maryland consumers is threatened.
Investigating Those Who Mishandle Online Information
Attorneys general have redoubled their efforts to hold accountable those who play fast and loose with sensitive personal and corporate information shared online. As one example, the states brought an enforcement action against TJX Companies Inc., owner of TJ Maxx, for an online breach that led to the theft of consumer credit card data from 100 million transactions.
Attorneys general also are being vigilant in holding companies accountable when they gather data from kids and then fail to store it securely as required by the Children’s Online Privacy Protection Act, which states have authority to enforce. Soon after Maryland launched an inquiry into McDonald’s data collection practices from its child-oriented website, the company announced changes to these practices.
Attorneys general also have publicly questioned corporate choices that may limit consumers’ control over how the information collected about them is shared online. When Google changed its privacy policy to allow it to consolidate consumer information collected from across its entire ecosystem of products and services without giving existing consumers the ability to opt out, Gansler and 35 fellow attorneys general raised concerns about the policy. The resulting discussions will lead to better upfront notice about privacy policies and the ways consumers can control their information while using Google products and services.
Lastly, attorneys general have taken steps to shine a light on problems created by online piracy and insufficient intellectual property protections. They have spoken out against information technology theft, which reduces corporate competitiveness, and have worked with companies to find ways to curb economically damaging and potentially dangerous knockoff sales, such as counterfeit medications.
Improving Legal Protections
Many federal and state laws related to the Internet were passed in its infancy and have not been updated or revisited. Attorneys general have been supporting efforts among states to bring their Internet laws into the modern era. In Maryland, Gansler strongly advocated for the state’s Personal Information Protection Act, which took effect in January 2008. It requires businesses to implement and maintain reasonable security procedures and practices to protect personal information kept online and to notify consumers of any security breaches.
Education on Privacy Controls
One key way attorneys general stand up for online privacy is through public education. Gansler hosted an April 2013 summit as part of his initiative that brought together business, government and consumer stakeholders providing education about emerging challenges and potential solutions in the online space. The challenges included cybersecurity, data mining and data brokering, intellectual privacy and threats from Internet piracy, and the impact of privacy protection on competition.
Through all of these efforts—reorganization, enforcement, legislation and education—attorneys general are leading the way to empower consumers and companies and keep their information safe. The goal is to ensure the online marketplace can thrive without compromising the privacy and safety of those who enjoy it. State attorneys general, as consumer first responders, are in the best position to advocate for that goal.
Landmark Mortgage Settlement Implemented
Forty-nine state attorneys general, joined by the U.S. Department of Housing and Urban Development, U.S. Department of Justice and other state mortgage regulatory agencies, reached a three-year, $25 billion settlement in February 2012 with Bank of America, JPMorgan Chase, Wells Fargo, Citibank and Ally Bank, formerly GMAC. The settlement resolves allegations that the companies routinely signed foreclosure-related documents outside the presence of a notary public and without really knowing whether the facts they contained were correct. The settlement also resolves allegations of other fraudulent practices while servicing loans of struggling homeowners.
The settlement overhauls mortgage-servicing standards to prevent future abuses that many consumers faced while attempting to save their homes and homeowners can try to save their house before the foreclosure process started and during the foreclosure process. Under the settlement, distressed borrowers are now considered for a loan modification, rather than being automatically referred to foreclosure. Furthermore, no loan can be referred to foreclosure while a loan modification is being considered. Borrowers are allowed to appeal a denial of a loan modification. Mortgage servicers must provide a single point of contact for borrowers, as well as easier methods for checking on the progress of their loan modification applications, and loan servicers are being held to strict timelines in dealing with distressed borrowers.
The settlement puts protections in place to ensure fairness and accuracy for all borrowers making mortgage payments, including increased disclosures on their monthly mortgage billing statements, maintenance of procedures to ensure the accuracy in the posting of mortgage payments, the posting of a schedule of fees on the banks’ websites, and the requirement that all fees must be reasonable, bona fide and accurate.
Homeowners whose loans were serviced by these banks also may qualify for direct relief. These include borrowers who have lost their homes, borrowers still in their homes but who are at imminent risk of defaulting on their mortgages, and borrowers who are current on payments but whose loans are underwater, which means the outstanding loan balance is more than the current appraised value of the home. The settlement set aside $17 billion to help borrowers at imminent risk of default remain in their homes through principal reduction on first and second liens. Of that, $3 billion will assist borrowers whose loans are underwater refinance their homes, and $1.3 billion will be provided for restitution to borrowers who have already lost their homes.
The settlement does not grant any immunity from criminal offense nor does it prevent homeowners or investors from pursuing individual, institutional or class action civil cases against the five banks. State attorneys general in March 2012 appointed Joseph A. Smith Jr., formerly the North Carolina commissioner of banks, as monitor to oversee the banks’ compliance with the settlement. Smith issued his first report1 in August 2012. In it, he stated that from March 1, 2012, to June 30, 2012, the servicers reported the following consumer relief activity (not all inclusive):
  • Overall, 137,846 borrowers received some type of consumer relief during this period totaling $10.56 billion, which, on average, represents about $76,615 per borrower.
  • 7,093 borrowers successfully completed a first lien modification and received $749.4 million in loan principal forgiveness, averaging approximately $105,650 per borrower.
  • An additional 5,500 borrowers received forgiveness of pre-March 1, 2012, forbearances of approximately $348.9 million, representing an average of about $63,445 in forgiveness per borrower.
  • Servicers refinanced 22,073 home loans with a total value—unpaid principal balance—of $4.9 billion. The estimated annual relief provided to borrowers is approximately $102.8 million, resulting from an average annual interest rate reduction of about 2.1 percent. On average, the estimated annual interest savings to each borrower will be approximately $4,655 or $388 monthly.
  • In addition, during this period 74,614 borrowers had either a short sale completed, in which the servicer agreed to a sale of a home for an amount less than the principal balance on the mortgage, or the lender agreed to accept a deed in lieu of foreclosure, waiving any unpaid principal balance in either case. The total amount of this type of relief approximated $8.67 billion, averaging about $116,200 per borrower.
Additionally, each of the servicers had implemented between 35 and 72 percent of the servicing standards enumerated in the settlement and four of the five servicers had implemented more than half of the standards. All five servicers indicated they had implemented 56 servicing standards. Most notably, documents filed in bankruptcy and foreclosure proceedings are now based on the affiant’s personal knowledge, fully comply with all applicable state law requirements, are complete with required information at time of execution, are signed by hand of affiant (except for permitted electronic filings) and dated, and do not contain false or unsubstantiated information.
Servicers have established an easily accessible and reliable single point of contact for each potentially eligible borrower—those at least 30 days delinquent or at imminent risk of default due to financial situation. The single point of contact explains to the borrower the programs and requirements for which the borrower is eligible, obtains information throughout the loss mitigation, loan modification and foreclosure processes, and coordinates receipt of documents associated with loan modification or loss mitigation, among other duties.
Service standards are also in place. Servicers are communicating with borrowers’ authorized representatives upon written request and with representatives from state attorneys general offices and financial regulatory agencies who act upon a written complaint filed by borrower. This includes copying the applicable attorney general on all correspondence with the borrower regarding the complaint. Servicers also report they have adequate staffing and systems to track borrower documentation and information and are making periodic assessments to ensure adequacy. They have established reasonable minimum experience, education and training requirements for loss mitigation staff; ensure that employees who are regularly engaged in servicing mortgage loans receive training specifically addressing bankruptcy issues; have no compensation arrangements that encourage foreclosure over loss mitigation alternatives; and are not discouraging borrowers from working or communicating with legitimate nonprofit housing counseling services.
With respect to loss mitigation, servicers report they have designed proprietary first lien loan modification programs to provide affordable payments for borrowers needing longer-term or permanent assistance and are not levying application or processing fees for first and second lien modification applications. They are performing an independent evaluation of initial denial of an eligible borrower’s complete application for a first lien loan modification.
Lastly, servicers say they are complying with the Servicemembers Civil Relief Act and any applicable state law offering protections for service members. They have engaged independent consultants to review all foreclosures in which a Servicemembers Civil Relief Act-eligible service member is known to have been a mortgagor and to sample to determine whether foreclosures were compliant with the act.
The national mortgage servicing settlement is a significant law enforcement action with local and national implications that addressed a serious and widespread issue. More work remains to implement the agreement’s goals and objectives in the next two years. The monitor anticipates issuing a final progress report in spring 2016. For more information, go to National Mortgage Settlement or Mortgage Oversight.

naag_2013.pdf70.95 KB