MoFo’s State + Local Government Enforcement Newsletter

Morrison Foerster’s State and Local Government Task Force is pleased to provide our bimonthly newsletter summarizing some of the most important and interesting developments from state attorneys general across the country and local government agencies and legislative bodies, with links to primary resources. This month’s topics include the following:

• A suit challenging single-use plastic as an environmental hazard filed by the New York attorney general (NYAG);
• 21 attorneys general’s efforts to obtain assistance from federal authorities in securing compliance from federal chartered financial institutions with state investigative requests;
• The NYAG’s calls for increased regulation of health plans relating to mental health providers;
• 25 attorneys general addressing concerns to the Food and Drug Administration (FDA) about a class of medical device and its lack of efficacy in communities of color; and
• Six attorneys general reaching a $6.5 million resolution with a financial institution in connection with a data security incident.

1. The NYAG Brings Enforcement Action Targeting Single-Use Plastic

On November 17, 2023, the NYAG filed a civil complaint against PepsiCo, Inc. and related companies alleging that the defendants’ manufacturing of single-use plastic products was contributing to high levels of pollution along the Buffalo River that have contaminated drinking water and harmed wildlife. The NYAG’s complaint alleges that the defendants created a public nuisance by contributing to widespread plastic pollution in New York. In addition, the NYAG alleges that the defendants should be strictly liable, under a product liability theory, for their failure to warn consumers about the environmental harms associated with single-use packaging.  Finally, the NYAG alleges that the defendants’ failure to warn consumers about the risks associated with single-use packaging was a persistent and repeated deceptive marketing practice. The NYAG’s suit appears to be the first of its kind to be initiated by a government actor.[1]

Given both the ubiquity of single-use plastic in a number of consumer industries and the fact that actions by the NYAG often become models for other prosecutors, there may be additional investigations initiated by other government entities against companies that manufacture and sell single-use plastic products. The defendants’ success in challenging the NYAG’s largely untested and aggressive regulatory theory will likely shape both future potential governmental actions as well as suits that might be commenced by shareholders, consumer advocates, or other private litigants.

2. Attorneys General Seek Federal Assistance in Support of Investigations of National Financial Institutions

On December 6, 2023, a coalition of 21 attorneys general[2] sent letters to the Office of the Comptroller of the Currency (OCC) and the federal Consumer Financial Protection Bureau (CFPB) seeking assistance from federal regulators in connection with the alleged failings of national banks and other federally chartered financial institutions to cooperate with investigations by the attorneys general. As claimed in that letter, the OCC-regulated banks “regularly refuse” to produce documents sought by state regulators in connection with investigations. The attorneys general allege that this practice both creates risks that they may not be able to sufficiently uncover and address potential violations of state laws and also creates a costly and unnecessarily adversarial set of incentives where state attorneys general “who have reason to suspect legal violations to sue first and ask questions later.  It leaves the banks in an adversarial posture vis-à-vis the state AGs rather than a cooperative one, resulting in costly litigation rather than collaborative dialogue.”

The attorneys general claim that their efforts to address these concerns with OCC staff, and, in particular, the existence of a 2002 OCC advisory letter that “effectively tells” state attorneys general to refer violations of state law to the OCC rather than proceeding with their own enforcement actions. As a result, the attorneys general requested that the OCC issue updated supervisory guidance that would encourage national and other federally chartered banks to cooperate with state inquiries and note that such cooperation is expected. The letter from the attorneys general to the CFPB similarly sought federal assistance, requesting that the CFPB take action, otherwise banks purportedly will create “material risk” by refusing to cooperate with information requests from state attorneys general who are seeking to enforce state laws.

The attorneys general indicated that the financial institutions’ purported failure to cooperate had impacted investigations into diverse topics from data breaches and elder fraud to debt collection misconduct and the discriminatory allocation of federal funds. The attorney generals further claimed that, if left unaddressed, the lack of cooperation could impact the efficacy of investigations in areas of growing regulatory concern, such as cryptocurrency and novel Fintech practices.

These letters are the latest chapter in the long-running debate of the appropriate role of state government actors in overseeing federally chartered banks — an issue that has previously been litigated before the United States Supreme Court.[3] This very public plea for support from the attorneys general signals both their continued to commitment to consumer protection investigations in the financial services arena and their willingness to use their “bully pulpits” to attempt to pressure federal authorities to support those efforts. It also demonstrates that certain attorneys general continue to view their jurisdiction broadly, including in the bank regulatory space.

3. The NYAG Issues Investigative Report on Gaps in Mental Health Coverage

On December 7, 2023, the NYAG issued an extensive report identifying significant gaps in the mental health services offered by health plan providers operating in New York. The NYAG’s findings indicated that 86% of mental health care providers identified by the health plan providers as “in-network” and available to provide services were actually not available to provide services and were, in fact, part of a “ghost network.” This “ghost network” consisted of providers for which the provided contact information was inaccurate, which were not actually part of the health plan network in questions, or which were not accepting new patients.

As part of its investigation, NYAG staffers conducted “secret shopper surveys” by attempting to secure mental health appointments with nearly 400 healthcare providers throughout New York State.  NYAG staff placed calls to providers located in four different cities listed in the directories of 13 different health plans. Based on attempts to contact 396 providers, 23% of the providers had non-working or incorrect telephone numbers or failed to return the call. For the remaining providers who responded to the outreach, 14% of calls resulted in an offer of an appointment and only 8% of the calls resulted in the offer of an in-person appointment. 

The NYAG’s report outlined the risks for insurers, concluding that the health plan providers’ alleged failure to maintain accurate directories of providers violates both the New York State Insurance and Public Health laws and federal laws, including the Affordable Care Act and 2022’s No Surprises Act.  As a result of its findings, the NYAG has called for increased regulation of the health plan providers, including: (i) requiring health plan providers audit their provider networks and report to regulators for public disclosure; (ii) requiring health plan providers to report data relating to “network adequacy” to regulators; (iii) establishing “wait time” standards for mental health treatment appointments; (iv) requiring health plan providers to ensure that mental health providers are “culturally and linguistically competent” and that the health plan providers have an improved consumer complaint mechanism; (v) increasing law enforcement efforts, including the imposition of monetary penalties, for violations of the law regarding the accuracy of provider information; and (vi) exploring the possibility of centralized provider directory across health plan providers.

The NYAG’s report reflects both a risk and an opportunity for healthcare companies. As set forth in the report, there is currently an acute mental health need that is going unmet. The recommendations set forth in the report provide healthcare companies with a template for how to change their practices to remediate the concerns identified in the report and meet the needs of patients requiring mental health services. Moreover, the report identifies the significant regulatory risk that healthcare companies may face if they do not change their practices given the myriad of both state and federal laws available to regulators if the accuracy of provider lists continues to be in question.

4. Attorneys General Ask the FDA to Act on Pulse Oximeter Skin Color Bias

In November 2023, the attorneys general of 25 states sent a letter to the FDA, calling for the agency “act with urgency” to address the skin color bias programmed into pulse oximeter medical devices. These devices, which measure blood oxygen levels, are routinely used in hospitals and other healthcare settings to make critical treatment decisions in many life-or-death medical scenarios, including in cases of heart attack, heart failure, pneumonia, asthma, COVID-19, pregnancy, and postpartum care. The attorneys general admonished the FDA for not taking quick action in the year following a meeting of the FDA’s Medical Devices Advisory Committee that addressed safety concerns about the device’s inaccuracy in reading blood oxygen levels for patients with darker skin tones.

The attorneys general pointed to clinical studies that found that failed pulse oximeter readings in darker-skinned patients had resulted in delayed access to treatment and increases in times to diagnosis serious illnesses. Inaccurate blood oxygen readings delay care and exacerbate existing health disparities between Black and White Americans. Research highlighted by the attorney generals found that pulse oximeter errors linked to patients’ darker skin tones likely caused Black COVID-19 patients to have significant delays in access to life-saving medical care, like supplemental oxygen, compared to patients with lighter skin tones. The Attorneys General pointed out inaccurate pulse oximeter readings contribute to the “avoidable crisis of maternal and infant mortality” for Black and Brown Americans.

The attorneys general asked the FDA to quickly take the following actions:

1. Require warning labels on pulse oximeters about skin tone and device accuracy.
2. Require warning labels on devices that incorporate pulse oximeters.
3. Release an updated public safety communication about pulse oximeters, supplementing the FDA’s November 2022 release.
4. Issue a warning letter to healthcare providers about pulse oximeter accuracy for darker skin tones.
5. Accelerate the timeline for the public review of the Medical Device Advisory Committee’s recommendations for pulse oximeters.
6. Update regulations to require demographically representative skin tones for clinical trials of medical devices, including for devices that have been previously approved.

The letter to the FDA from the attorneys general is likely to spur a response both from the FDA and, potentially, from private litigants. This is particularly true given recent public scrutiny from the press with respect to alleged systematic deficiencies in how the FDA handles medical device complaints, which have caused the FDA to fail to send warning letters to doctors and patients or issue recalls.  While different, this area also may be of related interest to those attorneys general and private litigants who are interested in, and/or have challenged, facial recognition technology based on bias of skin pigment. 

5. Labor Enforcement and Regulation: 16 Attorneys General Argue Against Mandatory Arbitration for Certain Workers

Attorneys general continue to bring significant enforcement actions and lend the weight of their office to litigation relating to employees’ rights. In November 2023, 16 attorneys general, led by the attorney general of Illinois, filed an amicus brief with the United States Supreme Court in connection to the scope of exemptions under the Federal Arbitration Act (FAA) and its applicability to workers in the transportation industry.

The litigation in question, Bissonnette v. LePage Bakeries Park St., LLC, et al., was initiated by plaintiff truck drivers who deliver products from warehouses to retail stores for a baked-goods company. The litigation centers on the question of whether the plaintiff drivers may raise labor and employment claims against their employers in court under an exemption applicable to transportation workers under the FAA, or whether the plaintiffs fell outside the scope of the exemption and must bring such claims in private arbitration proceedings. In concluding that the plaintiffs did not qualify for the arbitration exemption, the Second Circuit held that  the plaintiffs were not part of the “transportation industry” and thus did not fall within the class of workers who are exempt from mandatory arbitration under Section 1 of the FAA. 

The brief filed by the attorneys general supported the plaintiffs’ Supreme Court petition seeking to overturn the Second Circuit’s decision, arguing that the plaintiffs should fall under the Section 1 exemption for transportation industry workers. The attorneys general argued that, as a matter of policy, their ability to regulate the “smooth flow” of commerce was best served when workers were able to adjudicate disputes in the public forums of state and federal courts. The attorneys general argued that the private nature of arbitration proceedings governed by confidentiality requirements, in contrast, does not permit regulators to identify and, as necessary, intervene to address workers’ complaints. The attorneys general also argued that the Second Circuit’s interpretation of the Section 1 exemption would create regulatory uncertainty by forcing courts to conduct a fact-intensive inquiry to determine which industry actually employs individuals involved in transportation tasks.     

The outcome of this case will have a lasting impact on the scope and implementation of the FAA beyond the transportation industry, as the manner in which the courts interpret Section 1’s arbitration exemptions will play a significant role in determining which workers can avail themselves of the courts and which will be compelled to proceed via arbitration. Additionally, the amicus brief reflects state attorneys general’s willingness to use the weight of their offices and their public-facing nature to stake out policy positions on labor and employment issues and their continued interest in preventing mandatory arbitration for employees. Through both enforcement actions and legal proceedings, state attorneys general are increasingly demonstrating that they can and will intervene in labor disputes — interventions that can significantly raise the public profile of such disputes and increase the potential legal risk for employers.  

6. Multistate Attorneys General Coalition Secures $6.5 Million from Investment Bank for Data Security Incident

On November 13, 2023 the attorneys general of Connecticut, Florida, Indiana, New Jersey, New York, and Vermont announced a settlement agreement with Morgan Stanley Smith Barney LLC (“Morgan Stanley”) related to two data security incidents. The incidents were initially reported to authorities on July 10, 2020, and had occurred in 2016.  Both data security incidents were related to the handling of devices containing unencrypted sensitive personally identifiable information (PII) following the closure of two data centers.

As set forth in the settlement agreement, in the first incident, Morgan Stanley contracted with a vendor to remove data from decommissioned devices. This vendor in turn subcontracted certain services to an unauthorized entity, which ultimately led to the sale of decommissioned devices that had not been fully erased and continued to contain unencrypted customer data.  In the second incident, software used during a decommissioning event contained a flaw that may have permitted unencrypted data to remain on the devices even subsequent to decommissioning.

Pursuant to its settlement with the attorneys general, Morgan Stanley agreed to implement the following enhanced controls relating to its maintaining (and disposing of) data including PII:

• Maintain a comprehensive information security program;
• Encrypt all personal information;
• Maintain a vendor risk assessment team; and
• Implement manual and electronic tools to track hardware that contains PII.

This resolution followed additional settlements by Morgan Stanley relating to the 2016 data security incidents.  For instance, the U.S. Department of Treasury previously fined Morgan Stanley $60 million in relation to the two 2016 data breach incidents.  In 2022, the U.S. Securities and Exchange Commission fined Morgan Stanley $35 million for violations related to these same incidents. Morgan Stanley also settled a class action for $60 million and agreed to provide consumers with two years of fraud insurance coverage.

Morgan Stanley’s multiple government settlements reflect that despite prosecutors’ claims that they want to avoid duplicative investigations and settlements, especially in the data security area, companies still can expect to face multiple government investigations of the same data incident. 

[1] In 2020, the not-for-profit Earth Island Institute filed a civil complaint in California Superior Court against 10 major food, beverage, and consumer goods companies, including PepsiCo, Inc., on similar theories that the defendants’ manufacture and sale of single-use plastic constituted a public nuisance and that they had failed to warn consumers about the risks associated with the products. That case is pending.

[2] The letters were signed by the attorneys general of Arizona, California, Colorado, Connecticut, the District of Columbia, Hawaii, Illinois, New York, the Northern Mariana Islands, Maryland, Massachusetts, Michigan, Minnesota, New Jersey, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, and the U.S. Virgin Islands.

[3] In Cuomo v. Clearing House Ass’n, LLC, 557 U.S. 519, 531 (2009), the United States Supreme Court acknowledged the authority of state attorneys general to enforce state banking laws against national banks.