This year's Legal Seminar for Credit Professionals took place on Wednesday, May 18.
The agenda was as follows:
8:45-9:45 a.m. Protecting Sensitive Personal Data and Liability for Data Breach
Mark Manoukian and Luis Alcalde will present issues of critical importance to the credit professional who has collected sensitive personal and business information. Mark will discuss common means used by hackers to steal private business information. Luis will then describe theories of legal liability if private information is stolen or accessed for improper purposes
9:45-10:00 a.m. Break + refreshments
10:00-10:45 a.m. Securing Payment—Secured Transactions, PMSI and Consignments
Larry J. McClatchey will help credit managers understand how and when to use security agreements to ensure payment for goods, how a purchase money security interest can benefit a seller, and what is required for an effective consignment agreement.
10:45-11:30 a.m. Current Legal Issues in Bankruptcy and Collections
Christy A. Prince will cover recent bankruptcy and collection cases of interest to credit professionals, including how to use the most common defenses to preference cases: ordinary course of business and new value. Materials will be supplemented up to the day of the program to cover late breaking developments.
11:30a.m.-12:00 p.m. Discussion, questions and answers and wrap-up
5. z
Consequences of Data Breach
+ Money
+ Identity Theft
+ Ransom
+ Useful Secrets
+ Punishment
+ Damage to Reputation Loss of Business
+ Civil Liability
+ Criminal Liability
6. z
Major Data Breaches of 2015
From http://www.zdnet.com/pictures/worst-largest-security-data-breaches-
2015/
+ Kapersky Labs
+ LastPass
+ CVS, Walgreen’s, Costco
+ Carhone Warehouse (UK)
+ UCLA Health
+ Hacking Team
+ Ashley Madison
+ Anthem
+ IRS
+ Office of Personnel
Management
8. z
Protecting Our Data in the Old Days
1. Communications were secure in that virtually all
communications were internal.
2. Data was secure in that it was stored on our servers in our
offices.
3. Access is restricted access by usernames and passwords?
4. You had full control over your PC, but it was
inconsequential.
5. Points of entry – desktop PCs in our office – were secure.
6. The only real threat was known viruses attached to e-mail.
7. Our firewall kept uninvited guests out.
8. We were low-value targets.
10. z
Communications
+ Employees are able to access our network remotely
across the public Internet.
+ We routinely use 3rd party services, typically web
sites, wherein we are communicating across the
public Internet.
11. z
Data
+ We store sensitive data of our clients.
+ Third parties store our sensitive data.
12. z
Points of Entry
+ Home PCs
+ Mobile Devices, Lots of Them
+ Public PCs Devices
13. z
Viruses Have Evolved Into
Malware
+ Malware > Viruses.
+ Some malware is indefensible…
+ …in that it attacks flaws in the software that are unknown to
all, including the makers of the software.
+ …sometimes bespoke, just for you.
+ …it piggybacks on other, legit apps or web sites– e.g. Java,
Adobe Flash.
15. z
Net Effect
1. Communications were secure in that virtually all
communications were internal.
2. Data was secure in that it was stored on our servers in our
offices.
3. Access is restricted access by usernames and passwords,
which may be easily broken.
4. You had full control over your PC, but it was
inconsequential.
5. Points of entry – desktop PCs in our office – were secure.
6. The only real threat was known viruses attached to e-mail.
7. Our firewall kept uninvited guests out.
8. We are a high-value low-value target.
16. z
Order of Events in Hack of RSA, Inc.
Recon
• Research public info about RSA employees
E-Mail
• Create e-mail accounts purporting to be a close friend or employee
Payload
• Payload is an indefensible piece of malware
Malware
• Malware leverages privileges to gain access
Damage
• Data is stolen
17. z
Recourse?
+ Yes, it’s illegal.
+ Remediation is difficult-to-impossible.
+ Prevention is the best strategy.
18. z
Action Items For…
+End Users – That’s You
+I.T. Staff
+Firm Management
+Technology Vendors
+Non-Technology Vendors
19. z
Action Item #1 for Employees:
Don’t let them in by e-mail.
+ Who is the e-mail actually from?
+ If you have to ask me if it is legit then you’ve already
told me that you don’t know this person.
+ Verify by an alternate method.
27. z
Test Yourself on #1 and #2
E-Mail Phishing Quiz:
http://www.sonicwall.com/phishing/
Web Site Phishing Quiz:
https://www.opendns.com/phishing-quiz/
28. z
Action Item #3: Maintain Your
Software
+ If you didn’t go looking for it then don’t install it.
+ If you installed it, then update it. The vast majority of
patches go to security.
+ If you don’t use it then uninstall it.
29. z
Action Item #4: Protect Your
Passwords
+ Don’t reuseshare passwords across high-value
accounts.
+ Keep them secure, in a password vault or paper in a
locked drawer in your desk.
+ Not in a Word or Excel document.
30. z
Action Item #5: Secure Your
Mobile Devices
+ Laptops
+ Smartphones
+ Tablets
+ Fitness gadgets
31. z
Action Item #6: This is a
mindset.
+ This is a marathon not a sprint.
+ There will be more action items.
+ For the rest of your life.
+ This is a perpetually, quickly moving target.
32. z
Recurring THEMES
Your PC + data are more valuable than you realize
Person using PC is the weakest link
Phishing is the most common attack vector
Test yourself!
33. z
Mark B. Manoukian
Director of Information Technology
Kegler Brown Hill + Ritter
mmanoukian@keglerbrown.com
keglerbrown.com/manoukian
614-462-5429
Thank You!
45. z
Applicable U.S. Law
+ No common set of laws
governing civil liability
+ Claimants use patchwork
of federal and state
statutory claims +
common law claims
46. z
Federal Statutes
Health Insurance
Portability and
Accountability
Act (HIPPA)
Health Information
Technology for
Economic and
Clinical Health
Act (HITECH)
Stored
Communications
Act (SCA)
Fair Credit
Reporting
Act (FCRA)
Graham-Leach-Bliley
Act (GLBA)
47. z
State Law Claims
Consumer protection statutes
Unfair trade practices statutes
Negligence
Invasion of privacy
Breach of implied or express contract
Unjust enrichment
48. z
Standing + Injury Requirement
Need to establish injury in-fact to support Article III
standing in federal court (biggest impediment so far)
Concrete + particularized
Actual + imminent, not conjectural or hypothetical
Possible future injury not enough
Threatened injury must be impending
Plaintiffs often allege risk of future injury + expenses
to mitigate that risk
50. z
Lack of evidence of what
happened to the PII
Lack of evidence of financial
loss or proof of identity theft
Lack of loss because claimants
were reimbursed within
payment card system
Federal courts dismiss on mere
possibility of future harm
Plaintiff’s principal theory of
harm is risk that loss of PII puts
at higher risk of identity theft
Some district courts have found
standing on facts falling short
of actual financial harm
52. z
re Sony Gaming Networks
…996 F. Supp 2d 942
(S.D. Cal. 2014)
April 2011: hackers attacked computer network
used to provide Sony PlayStation Network (PSN)
and related networks
53. z
re Sony Gaming Networks
…996 F.Supp 2d 942
(S.D. Cal. 2014)
Lawsuit claims that Sony did not adequately
protect networks and hackers were able to
access certain account holder information
54. z
re Sony Gaming Networks
…996 F.Supp 2d 942
(S.D. Cal. 2014)
Claims were that hackers stole information to
commit fraud and identity theft + account holders
were legally injured by the unavailability of the
network while temporarily off-line for 24 days
66. z
Obstacles to Securing Payment
+ Type of Goods
+ Seller’s Existing Credit Terms + Conditions
+ Buyer’s Existing Credit Terms + Conditions
+ PO + Supply Agreements
67. z
UCC – Nationwide Rules for
Commerce
+ Rules for Sales + Leases
+ Banking, Checks + Letters of Credit
+ Procedures for Warehouse Receipts + Bills of Lading
+ Agreement to Grant Security to Seller
68. z
Not All Transactions +
Collateral Covered
Secured Transactions
Under Article 9
Classification of Collateral
69. z
Security Agreements
+ Identifies Parties
+ Buyer Grants Security Interest
+ Describes Collateral
+ Specific listing
+ Category of Goods
+ Type of Goods
+ Include Proceeds and Products of Collateral
+ Specifies Indebtedness to be Secured
70. z
Attachment of
Security Interests
+ Value given by creditor
+ Debtor has rights in collateral
+ Authenticated Security Agreement
1
Formal Requirements
72. z
Filing Rules
+ Name of Individual Debtor
+ Name of Registered Organization
+ Place of Filing
+ Changes in Name or Location
+ Sufficient description of Collateral
3
73. z
Basic Rules of Priority
+ First to File or Perfect
+ Filing Before Loan Closing
+ Lapse in Filing
4
74. z
The Purchase Money
Security Interest
A PMSI is distinguished from a standard security
interest in two main ways: its manner of creation
and the priority it receives relative to other
security interests in the same collateral.
75. z
Collateral Subject to PMSI:
+ Goods
+ Software
+ Consignor’s Inventory
The Purchase Money
Security Interest
80. z
True Consignment Characteristics
+ Generally consumer goods
+ Value of goods less than $1000.
+ Delivered to merchant for sale
+ Merchant/auctioneer known to sell on consignment
+ Usually subject to state bailment law
81. z
UCC “Consignment”
Characteristics
+ Merchant deals with goods other than under
consignor’s name
+ Merchant is not an auctioneer
+ Not generally known as reseller
+ Aggregate value of goods over $1000
+ Inapplicable to consumer goods
+ Transaction does not create a security
interest to secure an obligation.
82. z
Common Commercial
“Consignment”
+ Security for payment of an obligation
+ Consignment of goods treated as PMSI in inventory
+ Rights between consignor and consignee unimpaired
+ Several practical problems with consignments
83. z
Priority of Consignor’s Claim
Dependent on Perfection
+ Priority over floating inventory lien
+ Must create and perfect as PMSI
+ Financing statement and notice
84. z
Practical Problems in Securing
Payment Under UCC
+ Transactional Costs
+ Change of Name of Debtor
+ Mergers/Successor Debtor
+ Remedies Upon Default
+ Disposition of Recovered Collateral
85. z
Issues to Consider
+ What Agreements in Effect Already?
+ Eligible for Statutory Lien?
+ Would PMSI Be Effective?
+ Do We Sell Type of Goods Suitable for Security
Agreement?
+ Practical Problems with Collateral?
86. z
Thank You!
Larry J. McClatchey, Director
Kegler Brown Hill + Ritter
lmcclatchey@keglerbrown.com
keglerbrown.com/mcclatchey
614-462-5463
88. z
What is a Preference?
Payment or transfer made during the
ninety days prior to bankruptcy
Debtor makes a payment or payments
to some creditors and not to others
90
89. z
Purpose of Preference Law?
Prevent “piecemeal” dismemberment of a debtor
Avoid the “race to the court house” among creditors
To promote equal distribution among creditors
similarly situated
90. z
Who Can Avoid a
Preferential Transfer?
1
Bankruptcy trustee or
“debtor in possession”
2
Representative of Liquidating
Trust in chapter 11 case
91. z
Elements of a
Preference Claim
Transfer of
property of
a debtor
To or for
benefit of
creditor
On account
of an
antecedent
debt
Made while
debtor was
insolvent
Enables creditor
to receive more
than if transfer
had not been
made
Within 90
days prior to
bankruptcy
95. z
+ Debtor owes Creditor, and Creditor owes ABC Company
+ Debtor pays ABC Company for Creditor’s debt in
consideration of Debtor’s debt to Creditor
+ Debtor can recover the transfer from Creditor
96. z
+ Creditor applies credit for damaged goods to Debtor’s
account, reducing amount due from Debtor to Creditor
+ Application of credit to Debtor’s account is not a transfer
for the benefit of Creditor
+ Review records of alleged preferential transfers to weed
out credits
107. z
Element: Creditor Receives More
If debt fully secured
by collateral,
transfer didn’t allow
creditor to obtain
more than it would
have in bankruptcy
108. z
Element: Creditor Receives More
If creditors will be
paid in full through
bankruptcy, this
element would not
be met
109. z
Debtor/trustee must prove each
element of preference
Burden of proof for elements is
on debtor/trustee
Creditor can establish an
“affirmative defense”
Creditor has burden of proof on
any affirmative defense
Defense Considerations
111. z
Ordinary Course of
Business Defense
The debt was incurred in the ordinary course of the business
between debtor and creditor, AND:
EITHER
Payment is made in the ordinary course of business
of the debtor and the transferee
OR
Payment is made according to
ordinary business terms in the industry
112. z
Ordinary Course of Business
Between the Parties
Payment that is “normal” in parties’
course of dealing
Consistency with other business
transactions between parties
Examines course of conduct + payment
history prior to filing
Historical period v. preference period
Consistency late payments may qualify
as ordinary payments
113. z
Payment NOT in Subjective
Ordinary Course of Business
Creditor requires a cashier’s check for the first time
Creditor imposes new terms during the preference period
Payment results from coercive collection practices
Creditor imposes or threatens credit hold
114. z
Ordinary Business Terms:
Objective Ordinary Course
Payment is “ordinary” in relation to
the relevant industry standard
Examine industry as a whole
Explore practices common to
similarly situated businesses
Usually requires expert testimony
117. z
Subsequent New Value
Transfer by creditor after payment received
Not secured by “otherwise unavoidable” security interest
On account of which new value debtor did not make
an otherwise unavoidable transfer to or benefit of creditor
New value determined as of petition date,
so post-petition payments are not relevant
118. z
May not be available if
Creditor retains a
security interest
May not be available if
Debtor later paid for the
new goods prior to the
petition date
Subsequent New Value
119. z
+ June 1: Debtor pays Creditor $200,000
+ June 15: Creditor ships new goods on credit
+ August 1: Debtor files bankruptcy
+ Zero preference exposure because of SNV
+ Creditor has a proof of claim for $200,000
120. z
+ June 1: Debtor owes creditor $500,000
+ June 15: Debtor pays creditor $200,000
+ June 30: Creditor ships new goods ($100,000) on credit
+ August 1: Debtor files bankruptcy
+ $100,000 preference exposure because of SNV
+ Creditor has a proof of claim for $400,000
121. z
+ June 1: Creditor ships new goods ($200,000) on credit
+ June 15: Debtor pays creditor $200,000
+ August 1: Debtor files bankruptcy
+ $200,000 preference exposure
124. z
Transfer <$5,000 in business cases<$5000
Amount in controversy
Case filed too late (statute of limitations)
Transfer to holder of unperfected lien rights
Other Potential Defenses
+
Transfer <$600 in consumer cases <$600
125. z
Where is the lawsuit filed?
When was the lawsuit filed?
How much is the claim?
Did the debtor make the transfer?
Checklist of Defenses
Against Preference Claims
126. z
Checklist of Defenses
Against Preference Claims
Do lien rights exist? PMSI?
Did debtor receive “20 day goods”?
Has debtor made “critical vendor” offer?
Section 503(b)(9) bargaining chip?