State-Level Trends in Enforcement

By: and

State attorneys general have always taken an aggressive stance toward consumer protection issues. Lately, however, many states have stepped up the resources they devote to consumer protection enforcement in certain areas. Some have openly stated a desire to protect the consumers within their states, while others have interpreted their jurisdictional powers more broadly, and they are seeking to enforce laws against any company that touches their borders.

We looked at state enforcements over the past year to identify trends. Although they are by no means exhaustive, here are some of our observations.


Some states are showing increased interest in regulating telemarketers. For example, New York Gov. Andrew Cuomo released a plan late last year to protect New Yorkers from deceptive telemarketing practices in response to rising consumer complaints.

Indiana Attorney General Curtis Hill announced a new telephone privacy campaign, “Do Not Call/Do Not Answer,” in February to protect consumers from phone scams. Indiana offers an online reporting option that allows consumers to complain about specific telephone numbers and specific companies, making it easier for the attorney general’s office to identify and focus enforcement actions. Thousands of complaints have been generated relating to robocalling and Do Not Call violations since the registry went live.

Arizona law makes a telemarketer’s failure to register with its secretary of state a Class 5 felony. In August 2016, the state legislature passed a bill expanding the definition of “telephone solicitation” to include calls made from within Arizona to out-of-state consumers, and the state has entered multiple settlements, including a $6 million ruling against a Phoenix-based telemarketer.

In addition to the states mentioned above, Idaho, Utah, Florida, Ohio, and Missouri are actively targeting telemarketers. The Utah Department of Commerce’s Division of Consumer Protection, for example, has a three-pronged approach—education, registration, and enforcement. State law requires companies—even out-of-state companies—to register with the state, and the division makes a practice of targeting companies that fail to register or violate Utah’s consumer protection laws following registration.

Mail Fraud

Mail may seem passé, but it still generates consumer response and regulatory scrutiny. Companies making claims through mailings are not in the clear. Iowa has brought several cases against mailing operations that solicited Iowa consumers recently, including cases against lead generators and companies that help facilitate marketing, billing, and debt collection. Iowa isn’t shying away from out-of-state companies, either, entering settlements with a Nevada company issuing “Beat the Lottery” and “Beat the House” direct mailings, and a California tax relief/tax preparation company.

Kentucky, Washington, New York, and Tennessee are targeting out-of-state companies for sending deceptive direct mail into their states, including mailings that impersonated state government correspondence, solicited businesses, and advertised vacation rentals.

Data Privacy and Security

New York has been particularly active in enforcing data privacy and data security laws, reaching multiple settlements with companies for data breaches in the past year, including, among others, computer manufacturer Acer, an online retailer, and a website developer.

California entered into an $8.5 million settlement with Wells Fargo over privacy violations that included recording consumers’ phone calls without notifying consumers that they were being recorded in a timely manner. In the arena of online privacy, the California attorney general announced a new web-based complaint portal where consumers can easily report violations of California’s “Shine the Light” law, which requires websites that collect certain personal information from consumers who visit the site to post a privacy policy.

California’s movement in the area didn’t surprise us; Kansas’ activity in this area did. The state filed a suit alleging that a document management company disposed of business records containing consumers’ personal information in dumpsters, in violation of Kansas’ data safeguard law. But multistate settlements such as the Adobe data breach serve as a reminder that states are happy to work together in the area of data privacy and security, even when the FTC is not involved.

Many states appear to have stepped up the resources they devote to consumer protection enforcement.

Food, Drugs, and Everything In-Between

Claims for dietary supplements, food, and drugs continue to be a large area of enforcement activity. California’s Food, Drug, and Medical Device Task Force, comprised of numerous local district attorneys, continues to target companies large and small, filing multiple suits and entering into significant settlements. Following California’s lead, New Jersey established the Dietary Supplements Task Force to examine and make recommendations for legislative or executive action regarding the sale and use of dietary supplements in the state. New York, unsurprisingly, continues to target dietary supplements, as does Missouri, which is perhaps more surprising.

Continuity Programs

Colorado, Florida, Washington, Iowa, Texas, and California are targeting negative-option and continuity programs aggressively, and the settlements aren’t small. Colorado’s attorney general announced an $11.1 million judgment against Subscriber Services, Inc., alleging that the company sent postcards and text messages to consumers urging them to call an 800 number regarding an “unclaimed reward,” and then entering those who called into multiyear subscriptions and refusing to cancel their contracts.

Washington entered into a settlement with Julep Beauty, Inc., that required the company to pay $3 million for using deceptive negative-option marketing tactics that lured consumers into signing up for recurring shipments of Julep products, and then making it very difficult to cancel their subscriptions.

Other states have reached settlements involving out-of-state companies that violated their buying club laws, as well as settlements against publishing groups, tech support companies, and electronic services plans.

A recurring theme in autorenewal settlements is that companies enrolled consumers in an automatic payment program without consumer consent or without disclosing the terms of these plans clearly and conspicuously. The failure to make clear, complete, and timely disclosures to consumers is a recipe for regulatory scrutiny.

Financial Services

States have been aggressively pursuing companies that provide consumer financial services. Arkansas, Connecticut, the District of Columbia, Illinois, Iowa, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Mexico, New York, North Carolina, Vermont, and Virginia have been active in the area of consumer finance, particularly in short-term lending and debt collection. At the same time, Kansas, Massachusetts, Michigan, Minnesota, North Dakota, and West Virginia have been aggressively targeting companies engaging in debt collection and debt servicing.

Another indication of willingness by state attorneys general to work together is the recent multimillion-dollar settlement that attorneys general from 48 states and the District of Columbia reached with MoneyGram Payment Systems, Inc. That settlement resolved a multistate investigation focused on consumer complaints alleging that MoneyGram sent money to third parties involved in schemes to defraud consumers.

States are also implementing task forces to analyze areas of consumer financial services and target companies engaged in unfair or unlawful practices. For example, Texas started a task force related to debt collection practices. And Alabama instituted the Consumer Protection Task Force, which will review Alabama’s consumer lending laws and different types of consumer lending.

It may be tempting to view changes at the FTC or the presidential administration’s aggressive efforts to roll back federal regulations as a signal that consumer protection enforcement will soon become more lax. However, state attorneys general and California district attorneys (who have the same enforcement powers) have demonstrated that aggressive consumer protection enforcement remains the order of the day, regardless of what happens in Washington, D.C. Marketers and their service providers should consult and work with experienced legal counsel to ensure compliance and mitigate legal risk.