The State Attorney General Enforcement Era
If it is news to you or your company or clients that we are now in a State Attorney General Enforcement Era, take note: State AGs have been wielding new powers in novel ways to regulate business like never before. To avoid being caught flat-footed when served with an AG subpoena, it is imperative to stay current on how AGs are using and expanding their authority and to educate yourself about the AGs who are focusing on your company or your client.
The trend of expanding AG enforcement can be traced to the tobacco litigation of the 1990s, when tobacco companies settled with 46 AGs for nearly $370 billion. In the course of the tobacco litigation, AGs partnered with private counsel, pooled state resources to create a multistate action, and argued (among other things) that the common law tort of public nuisance entitled the states to restitution for the public health care costs caused by tobacco. The remarkable success of this action has been viewed as the catalyst that resulted in AGs expanding the multistate model to other industries and has emerged as a potent tool for states to leverage settlements.
More recently, in August 2012, AGs from 53 states, U.S. territories, and the District of Columbia reached a $69 million settlement with three of the nations top publishers to resolve allegations of price fixing of e-books; a few months later, a fourth publisher joined the settlement. In May 2012, Abbott Laboratories reached a $1.5 billion settlement with 49 states and the District of Columbia for allegedly promoting Depakote for a use not approved by the FDA. Abbott agreed to pay a substantial portion of this settlementnearly $240 millionto the states. Most recently, in March 2013, 39 AGs settled with Google for $7 million over allegations that Googles Street View vehicles collected data from unsecured wireless networks.
The multistate action will continue to be popular in this time of tight state budgets, as AGs are pressured to contribute to their states treasuries.
Federal Co-Enforcement Authority
Many are not aware of the significant co-enforcement authority AGs have in a number of traditional areas of federal enforcement. State AGs now enforce, inter alia, key provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act and regulations promulgated by the Consumer Financial Protection Bureau (CFPB), certain provisions of federal consumer product safety statutes administered by the Consumer Product Safety Commission, the Childrens Online Privacy Protection Act, and health care data protection and notification rules under HIPAA. Increasingly, proposed federal legislation provides for enforcement by State AGs as well as federal authorities.
The most prominent recent example of this co-enforcement authority is the Dodd-Frank Act. The Act deputized State AGs to enforce certain consumer protection provisions and any regulations promulgated by the CFPB, as well as their own state consumer protection laws. We expect to see a great deal of partnering between State AG offices and the CFPB going forward.
New York AG Schneidermans September 2012 lawsuit against JPMorgan Chase regarding alleged defective mortgage-backed securities is yet another example of increased federal-state cooperation. In his suit, the AG alleges that Bear Stearns, which JPMorgan acquired in 2008, deceived investors about the defective loan-backed securities they purchased, leading to monumental losses. This was the first suit to be filed under the auspices of the Residential Mortgage-Backed Working Group, established by President Barack Obama to investigate and prosecute misconduct that contributed to the financial crisis. In November 2012, AG Schneiderman sued Credit Suisse based on similar allegations through the working group.
False Claims Act, Qui Tam, and Reverse Qui Tam Actions
AGs also have increased the use of state False Claims Act (FCA) claims. With states facing dwindling budgets, qui tam lawsuits have become a revenue-raising tool. In 2012, nearly 30 states settled with McKesson Corporation for over $150 million to resolve allegations that the company inflated drug prices, causing states Medicare programs to overpay for medications. Also in 2012, several states and the federal government reached the largest healthcare fraud settlement in history$3 billionwith GlaxoSmithKline, resolving similar allegations.
In the past year, New York AG Schneiderman has been at the forefront of bringing reverse qui tam actions to recover monies that companies have failed to pay to the state, such as unpaid fees and taxesa novel application of FCA. While a state legislator, AG Schneiderman succeeded in amending the states FCA to allow suits based on tax fraud, which was the first FCA in the country to include such an amendment. As AG, Schneiderman established a Tax Protection Bureau and has utilized the expanded FCA to seek payment of money owed to the state.
In April 2012, Schneiderman filed suit against Sprint Nextel to recover allegedly unpaid sales tax. If the state prevails, New York may recover three times the amount of back taxes (alleged to total $300 million), plus costs, interest, and penalties, which likely will encourage other states to pursue similar claims or press for legislative amendments to their existing FCA statutes to allow these suits.
Evolving Areas of Interest to AGs
State AGs also have increased activity in a variety of substantive areas, such as mortgage fraud and data breach and privacy issues.
The ongoing mortgage crisis presented an opportunity for multistate and federal cooperation: in 2012, 49 states and the federal government sued Bank of America, JPMorgan Chase, Wells Fargo, Citigroup, and Allied Financial (formerly GMAC) and simultaneously settled for $25 billion (Oklahoma later settled separately).
Another area of significant growth in AG activity involves data privacy and data breach notification laws. A number of states, led by Massachusetts, have passed laws regarding the handling of personal data. The Massachusetts data privacy regulations require companies to maintain data privacy regulations, training programs and encryption measures, and ensure that these requirements are adhered to by their vendors.
California AG Kamala Harris also has been particularly active in protecting consumer privacy. Last year, she reached a best practices agreement with the six largest mobile app platforms (Facebook joined later) governing mobile privacy. She also created a Privacy Protection and Enforcement Unit, which sent letters to the largest 100 mobile app companies notifying them that they were in violation of Californias new Online Privacy Protection Act (OPPA).
In part because of the absence of comprehensive federal data breach notification laws, states have created their own, which AGs enforce. To date, 46 states have laws requiring data owners and licensees to notify residents whose data may have been breached. Further, 14 states either have passed or amended state data breach notification laws to require companies to notify the AG of breaches exposing consumers personal information. These mandatory notifications will almost certainly lead to greater AG activity.
Being on the losing side of state AG action, particularly a multistate action, is a damaging proposition. To ensure that your company or client is not the next target of AG action, attorneys should stay current on AG settlements, actions, or new divisions or units, which are often early signs of enforcement priorities, and proactively track AG activity in specific industries and geographic regions. Investing the time in developing a targeted AG strategy is necessary to avoid playing catch-up after a subpoena has been served.
Bernard Nash leads Dickstein Shapiros State Attorneys General Practice, where he represents clients in complex state and federal legal and legislative matters. Mr. Nashs work typically involves cases of first impression, matters having public policy implications and/or a governmental interest, and complex litigation. He can be reached at (202) 420-2209 or email@example.com. Divonne Smoyer is a Washington, D.C.-based partner in Dicksteins State Attorneys General Practice. Recognized by Chambers USA: Americas Leading Lawyers for Business as one of the countrys top attorneys in her field, Ms. Smoyer has extensive experience counseling major corporations through state level investigations. She can be reached at (202) 420-2665 or firstname.lastname@example.org. Milton Marquis is a partner in Dicksteins State Attorneys General Practice and has developed an active antitrust and public policy litigation practice. He served with the government for 14 years at the U.S. Department of Justice and the offices of the Attorneys General of Virginia and Massachusetts. He can be reached at (202) 420-2659 or email@example.com.
The authors would also like to thank Ann-Marie Luciano and Alison Gary, attorneys at Dickstein Shapiro, for their contributions to this article.