The Third Circuit has ruled that consumers have standing to sue under Section 8 of the Real Estate Settlement Procedures Act, regardless of whether they were overcharged for a settlement service. The issue of whether Section 8 requires an overcharge allegation has divided courts across the country and previously had been addressed by only one other circuit. The district court had granted the lender’s motion to dismiss on the grounds that plaintiffs had paid the filed rate for the private mortgage insurance at issue and therefore could not allege an overcharge.The Third Circuit reversed, holding that consumers have standing to pursue alleged Section 8 violations even if the alleged violation did not result in an “overcharge” for settlement services. Ruling consistently with the Sixth Circuit, the Court looked at the plain language of RESPA, and the damages provision of Section 8(d)(2) in particular. The Court focused on the absence of the word “overcharge” in that section, and the language allowing damages of “three times the amount of any charge paid,” as evidence that there is no overcharge requirement in Section 8. The Court also briefly addressed the filed-rate doctrine, holding that it did not apply because plaintiffs only challenged wrongful conduct and not the reasonableness of the rates paid for private mortgage insurance. The Court did not address the merits of plaintiff’s claims. Click here for Alston v. Countrywide Financial Corp., No. 08-4334 (3rd Cir. Oct. 28, 2009).
The Massachusetts Office of Consumer Affairs and Business Regulation filed final amendments to the state’s data security rules, set forth in 201 CMR 17.00. The rules impose significant requirements on those possessing personal information of state residents.
Most provisions in the rules are identical to the proposed rules released on August 17, 2009. The effective date of the rules remains March 1, 2010. Changes from the proposed version of the rules include the following:
- The definitions of a “Service Provider” and an entity that “owns and licenses” personal information now include persons that “store” personal information. The definitions in the proposed rules previously included persons that “maintain” personal information, so this change appears to be a clarification.
- The proposed rules stated that entities must contractually require third-party service providers to implement and maintain appropriate security measures, but grandfathered existing contracts entered into before March 1, 2010. The final rules maintain this provision but clarify that the contract must be entered into no later than March 1, 2010 and that the grandfather provision is valid until March 1, 2012.