Legal Brief: Consumer Fraud Lawsuits

Nov. 11, 2022
Acquiring and storing sensitive information is simply part of most security integration businesses, thus it is vital to be diligent and responsible with business and sales practices

This article originally appeared in the November 2022 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.

Fraud. It sounds serious, right? It can be, when credibly alleged in a lawsuit.

Google learned this the hard way recently – when, after nearly two years of hard-fought litigation, it agreed to pay $85 million to settle claims brought by the Attorney General of the State of Arizona under the Arizona Consumer Fraud Act.

The lawsuit alleged that Google misled and deceived consumers about the collection and use of their personal location data by tracking smartphones even when consumers disabled the “location history” setting. Among other remedies, the Arizona Consumer Fraud Act allows for civil penalties of up to $10,0000 per violation (i.e., per impacted user), which was among the reasons for the size of the settlement.

Like Arizona, every state has one or more consumer protection laws that prohibit deceptive trade practices such as false or misleading advertisements, bait-and-switch tactics, and other fraudulent marketing methods. Since the Arizona suit, Washington, Texas, Indiana, and the District of Columbia have also filed lawsuits against Google for alleged deceptive practices under their respective consumer fraud statutes.

In addition to these general consumer protection laws, there are laws that target specific industries or practices, such as telemarketing, predatory lending, health or travel club memberships, and in-person solicitations, etc.

If a State Attorney General launches an investigation or files a lawsuit under a state consumer protection (also sometimes known as a deceptive or unfair trade practices law), they have the power and resources of the state behind them. Depending on the state, they also may have the authority to dissolve the offending company and/or to impose monetary or even criminal penalties. That puts your company at an immediate disadvantage – even if you are Google.

When the FTC Comes into Play

State Attorneys General often share consumer complaints and other information with each other as well as with the Federal Trade Commission (FTC). As the most powerful consumer protection agency in the country, the FTC’s Bureau of Consumer Protection stops unfair, deceptive and fraudulent business practices by collecting complaints and conducting investigations, suing companies and people that break the law, developing rules to maintain a fair marketplace, and educating consumers and businesses about their rights and responsibilities.

The FTC (and only the FTC) has the authority to enforce Section 5 of the FTC Act – a federal statute which prohibits “unfair methods of competition” and “unfair or deceptive acts or practices” “in or affecting commerce.” Conduct that violates the FTC Act will often violate state consumer protections laws; thus, states sometimes bring consumer protection actions in coordination with the FTC against the same defendant(s).

Private Litigants (i.e., Consumers)

In addition to regulators such as the FTC and State Attorneys General, individual consumers have the power to bring private lawsuits under most state consumer protection laws. Many laws allow the consumer to recover heightened damages and attorneys’ fees, which makes such actions attractive to plaintiffs’ lawyers.

While private lawsuits should be taken seriously and could pose a meaningful risk to your company, private litigants generally cannot obtain the full range of remedies available to Attorneys General. Also, a private litigant may have a higher evidentiary burden than a State Attorney General – because the private litigant may have to prove that they relied on and were proximately damaged by the specific business practice that gave rise to the lawsuit.

Over the years, I have defended several private consumer fraud actions brought against my security clients in various states. While none of those cases succeeded, because security integrators often acquire and store sensitive information and, ultimately, are sales organizations who market their products and services to commercial and residential consumers, it is important to be diligent and responsible with your business and sales practices – with the guidance of capable counsel – lest you find yourself on the wrong side of a consumer fraud claim.

Timothy J. Pastore, Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (, where he is Vice-Chair of the Litigation Department. Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. Reach him at (212) 551-7707 or by e-mail at [email protected].