2016 legal seminar for credit professionals

z
presented by Mark B. Manoukian
Securing Sensitive
Personal Data

z
1 Change our perspective
2 Improve our defenses

z
Consequences of Data Breach
+ Money
+ Identity Theft
+ Ransom
+ Useful Secrets
+ Punishment
+ Damage to Reputation Loss of Business
+ Civil Liability
+ Criminal Liability

z
Major Data Breaches of 2015
From http://www.zdnet.com/pictures/worst-largest-security-data-breaches-
2015/
+ Kapersky Labs
+ LastPass
+ CVS, Walgreen’s, Costco
+ Carhone Warehouse (UK)
+ UCLA Health
+ Hacking Team
+ Ashley Madison
+ Anthem
+ IRS
+ Office of Personnel
Management

z
Protecting Our Data in the Old Days
1. Communications were secure in that virtually all
communications were internal.
2. Data was secure in that it was stored on our servers in our
offices.
3. Access is restricted access by usernames and passwords?
4. You had full control over your PC, but it was
inconsequential.
5. Points of entry – desktop PCs in our office – were secure.
6. The only real threat was known viruses attached to e-mail.
7. Our firewall kept uninvited guests out.
8. We were low-value targets.

z
Communications
+ Employees are able to access our network remotely
across the public Internet.
+ We routinely use 3rd party services, typically web
sites, wherein we are communicating across the
public Internet.

z
Data
+ We store sensitive data of our clients.
+ Third parties store our sensitive data.

z
Points of Entry
+ Home PCs
+ Mobile Devices, Lots of Them
+ Public PCs Devices

z
Viruses Have Evolved Into
Malware
+ Malware > Viruses.
+ Some malware is indefensible…
+ …in that it attacks flaws in the software that are unknown to
all, including the makers of the software.
+ …sometimes bespoke, just for you.
+ …it piggybacks on other, legit apps or web sites– e.g. Java,
Adobe Flash.

z
Usernames and Passwords
+ Public.
+ Broken.
+ Stolen.
+ Shared.
+ Reused.

z
Net Effect
1. Communications were secure in that virtually all
communications were internal.
2. Data was secure in that it was stored on our servers in our
offices.
3. Access is restricted access by usernames and passwords,
which may be easily broken.
4. You had full control over your PC, but it was
inconsequential.
5. Points of entry – desktop PCs in our office – were secure.
6. The only real threat was known viruses attached to e-mail.
7. Our firewall kept uninvited guests out.
8. We are a high-value low-value target.

z
Order of Events in Hack of RSA, Inc.
Recon
• Research public info about RSA employees
E-Mail
• Create e-mail accounts purporting to be a close friend or employee
Payload
• Payload is an indefensible piece of malware
Malware
• Malware leverages privileges to gain access
Damage
• Data is stolen

z
Recourse?
+ Yes, it’s illegal.
+ Remediation is difficult-to-impossible.
+ Prevention is the best strategy.

z
Action Items For…
+End Users – That’s You
+I.T. Staff
+Firm Management
+Technology Vendors
+Non-Technology Vendors

z
Action Item #1 for Employees:
Don’t let them in by e-mail.
+ Who is the e-mail actually from?
+ If you have to ask me if it is legit then you’ve already
told me that you don’t know this person.
+ Verify by an alternate method.

z
E-mail may
appear very
genuine

z
Address the
recipient
by name
Use lingo/
jargon of
company
Reference
actual
procedures,
SOPs/TTPs

z
Action Item #2: Look for “HTTPS”
Example of a Success

z
Action Item #2: Look for “HTTPS”
Example of a Failure

z
Test Yourself on #1 and #2
E-Mail Phishing Quiz:
http://www.sonicwall.com/phishing/
Web Site Phishing Quiz:
https://www.opendns.com/phishing-quiz/

z
Action Item #3: Maintain Your
Software
+ If you didn’t go looking for it then don’t install it.
+ If you installed it, then update it. The vast majority of
patches go to security.
+ If you don’t use it then uninstall it.

z
Action Item #4: Protect Your
Passwords
+ Don’t reuseshare passwords across high-value
accounts.
+ Keep them secure, in a password vault or paper in a
locked drawer in your desk.
+ Not in a Word or Excel document.

z
Action Item #5: Secure Your
Mobile Devices
+ Laptops
+ Smartphones
+ Tablets
+ Fitness gadgets

z
Action Item #6: This is a
mindset.
+ This is a marathon not a sprint.
+ There will be more action items.
+ For the rest of your life.
+ This is a perpetually, quickly moving target.

z
Recurring THEMES
Your PC + data are more valuable than you realize
Person using PC is the weakest link
Phishing is the most common attack vector
Test yourself!

z
Mark B. Manoukian
Director of Information Technology
Kegler Brown Hill + Ritter
mmanoukian@keglerbrown.com
keglerbrown.com/manoukian
614-462-5429
Thank You!

z
Litigation
THEORIES
in Data Breach Litigation
presented by Luis M. Alcalde

z
Lost or stolen
computers containing
PII or SPI

z
Theft of financial
data hacking

z
Publication of
personal information

z
Suits by banks against
corporate hacking
victim to recover cost

z
LEGAL PITFALLS
POTENTIAL
Was it preventable?

z
LEGAL PITFALLS
POTENTIAL
Was it preventable?Federal + 50 state disclosure requirements

z
LEGAL PITFALLS
POTENTIAL
Federal + 50 state disclose requirementsPublic reporting to SEC + federal/state agencies

z
Applicable U.S. Law
+ No common set of laws
governing civil liability
+ Claimants use patchwork
of federal and state
statutory claims +
common law claims

z
Federal Statutes
Health Insurance
Portability and
Accountability
Act (HIPPA)
Health Information
Technology for
Economic and
Clinical Health
Act (HITECH)
Stored
Communications
Act (SCA)
Fair Credit
Reporting
Act (FCRA)
Graham-Leach-Bliley
Act (GLBA)

z
State Law Claims
Consumer protection statutes
Unfair trade practices statutes
Negligence
Invasion of privacy
Breach of implied or express contract
Unjust enrichment

z
Standing + Injury Requirement
Need to establish injury in-fact to support Article III
standing in federal court (biggest impediment so far)
Concrete + particularized
Actual + imminent, not conjectural or hypothetical
Possible future injury not enough
Threatened injury must be impending
Plaintiffs often allege risk of future injury + expenses
to mitigate that risk

z
RISK of Future
Harm is Obstacle to
Consumer Cases

z
Lack of evidence of what
happened to the PII
Lack of evidence of financial
loss or proof of identity theft
Lack of loss because claimants
were reimbursed within
payment card system
Federal courts dismiss on mere
possibility of future harm
Plaintiff’s principal theory of
harm is risk that loss of PII puts
at higher risk of identity theft
Some district courts have found
standing on facts falling short
of actual financial harm

z
Mitigation
EXPENSES
Need to mitigate against
fraud + identity theft
Purchasing credit
monitoring services
Purchasing identity
theft insurance

z
re Sony Gaming Networks
…996 F. Supp 2d 942
(S.D. Cal. 2014)
April 2011: hackers attacked computer network
used to provide Sony PlayStation Network (PSN)
and related networks

z
…996 F.Supp 2d 942
(S.D. Cal. 2014)
Lawsuit claims that Sony did not adequately
protect networks and hackers were able to
access certain account holder information

z
…996 F.Supp 2d 942
(S.D. Cal. 2014)
Claims were that hackers stole information to
commit fraud and identity theft + account holders
were legally injured by the unavailability of the
network while temporarily off-line for 24 days

z
California D.C. court found
plaintiffs alleged sufficient
facts of “impending injury”

z
Alternative Theories of Harm
Lost time +
inconvenience
Emotional
distress
Decreased
economic
value of PII
Denied benefit
of the bargain

z
Suits by Banks + Financial Institutions

z
Luis M. Alcalde, Of Counsel
lalcalde@keglerbrown.com
keglerbrown.com/alcalde
614-462-5480
Thank You!

z
presented by Larry J. McClatchey
Understanding Secured Transactions +
Consignments
SECURING PAYMENT

z
Pre-pay or COD
Traditional Means
to Secure Payment
Letters of Credit
Guarantee
Liens in Seller’s Favor

z
Obstacles to Securing Payment
+ Type of Goods
+ Seller’s Existing Credit Terms + Conditions
+ Buyer’s Existing Credit Terms + Conditions
+ PO + Supply Agreements

z
UCC – Nationwide Rules for
Commerce
+ Rules for Sales + Leases
+ Banking, Checks + Letters of Credit
+ Procedures for Warehouse Receipts + Bills of Lading
+ Agreement to Grant Security to Seller

z
Not All Transactions +
Collateral Covered
Secured Transactions
Under Article 9
Classification of Collateral

z
Security Agreements
+ Identifies Parties
+ Buyer Grants Security Interest
+ Describes Collateral
+ Specific listing
+ Category of Goods
+ Type of Goods
+ Include Proceeds and Products of Collateral
+ Specifies Indebtedness to be Secured

z
Attachment of
Security Interests
+ Value given by creditor
+ Debtor has rights in collateral
+ Authenticated Security Agreement
1
Formal Requirements

z
Perfection of Security
Interest
+ Possession
+ Control
+ Perfection by Filing
2

z
Filing Rules
+ Name of Individual Debtor
+ Name of Registered Organization
+ Place of Filing
+ Changes in Name or Location
+ Sufficient description of Collateral
3

z
Basic Rules of Priority
+ First to File or Perfect
+ Filing Before Loan Closing
+ Lapse in Filing
4

z
The Purchase Money
Security Interest
A PMSI is distinguished from a standard security
interest in two main ways: its manner of creation
and the priority it receives relative to other
security interests in the same collateral.

z
Collateral Subject to PMSI:
+ Goods
+ Software
+ Consignor’s Inventory
The Purchase Money
Security Interest

z
The Purchase Money
Security Interest
Priority of PMSI:
+ Goods other than inventory
+ Inventory

z
The Purchase Money
Security Interest
“Superior Priority Status”:
+ Security Interest in Favor of Seller
+ Cost of Purchase of Collateral

z
The Purchase Money
Security Interest
Limitations on PMSI:
+ Notice of Conflicting Inventory
+ Prior Secured Party

z
True Consignment Characteristics
+ Generally consumer goods
+ Value of goods less than $1000.
+ Delivered to merchant for sale
+ Merchant/auctioneer known to sell on consignment
+ Usually subject to state bailment law

z
UCC “Consignment”
Characteristics
+ Merchant deals with goods other than under
consignor’s name
+ Merchant is not an auctioneer
+ Not generally known as reseller
+ Aggregate value of goods over $1000
+ Inapplicable to consumer goods
+ Transaction does not create a security
interest to secure an obligation.

z
Common Commercial
“Consignment”
+ Security for payment of an obligation
+ Consignment of goods treated as PMSI in inventory
+ Rights between consignor and consignee unimpaired
+ Several practical problems with consignments

z
Priority of Consignor’s Claim
Dependent on Perfection
+ Priority over floating inventory lien
+ Must create and perfect as PMSI
+ Financing statement and notice

z
Practical Problems in Securing
Payment Under UCC
+ Transactional Costs
+ Change of Name of Debtor
+ Mergers/Successor Debtor
+ Remedies Upon Default
+ Disposition of Recovered Collateral

z
Issues to Consider
+ What Agreements in Effect Already?
+ Eligible for Statutory Lien?
+ Would PMSI Be Effective?
+ Do We Sell Type of Goods Suitable for Security
Agreement?
+ Practical Problems with Collateral?

z
Thank You!
Larry J. McClatchey, Director
lmcclatchey@keglerbrown.com
keglerbrown.com/mcclatchey
614-462-5463

z
Understanding +
DEFENDING
Preference Claims
presented by Christy A. Prince

z
What is a Preference?
Payment or transfer made during the
ninety days prior to bankruptcy
Debtor makes a payment or payments
to some creditors and not to others
90

z
Purpose of Preference Law?
Prevent “piecemeal” dismemberment of a debtor
Avoid the “race to the court house” among creditors
To promote equal distribution among creditors
similarly situated

z
Who Can Avoid a
Preferential Transfer?
1
Bankruptcy trustee or
“debtor in possession”
2
Representative of Liquidating
Trust in chapter 11 case

z
Elements of a
Preference Claim
Transfer of
property of
a debtor
To or for
benefit of
creditor
On account
of an
antecedent
debt
Made while
debtor was
insolvent
Enables creditor
to receive more
than if transfer
had not been
made
Within 90
days prior to
bankruptcy

z
Element: A Transfer
Must be of
the debtor’s
property

z
Element: A Transfer
Typically
from debtor
to creditor

z
Element: A Transfer
Could be
payment
from debtor
to third-
party

z
+ Debtor owes Creditor, and Creditor owes ABC Company
+ Debtor pays ABC Company for Creditor’s debt in
consideration of Debtor’s debt to Creditor
+ Debtor can recover the transfer from Creditor

z
+ Creditor applies credit for damaged goods to Debtor’s
account, reducing amount due from Debtor to Creditor
+ Application of credit to Debtor’s account is not a transfer
for the benefit of Creditor
+ Review records of alleged preferential transfers to weed
out credits

z
Element: Antecedent Debt
Transfer
must be on
account of
preexisting
debt

z
If payment
terms are
Cash on
Delivery, no
antecedent
debt

z
If payment
terms are
paying old
invoices, there
is antecedent
debt

z
Element: Time Span
If creditor is an
insider, preference
period is one year
prior to bankruptcy
petition date

z
Element: Time Span
If creditor is not an
insider, preference
period is 90 days
prior to bankruptcy
petition date

z
Element: Debtor’s Insolvency
Transfer must
have been
made while
debtor was
insolvent

z
Insolvency is
presumed for
the 90 days
prior to
bankruptcy

z
Creditor can
introduce
evidence that
debtor was
solvent at time
of transfer

z
If bankruptcy
filed suddenly
after
meaningful
event, explore
this element

z
Element: Creditor Receives More
Disputes over this
element are rare

z
If debt fully secured
by collateral,
transfer didn’t allow
creditor to obtain
more than it would
have in bankruptcy

z
If creditors will be
paid in full through
bankruptcy, this
element would not
be met

z
Debtor/trustee must prove each
element of preference
Burden of proof for elements is
on debtor/trustee
Creditor can establish an
“affirmative defense”
Creditor has burden of proof on
any affirmative defense
Defense Considerations

z
Ordinary Course of
Business Defense
Encourages creditors to deal with companies on
“normal” credit terms

z
Ordinary Course of
Business Defense
The debt was incurred in the ordinary course of the business
between debtor and creditor, AND:
EITHER
Payment is made in the ordinary course of business
of the debtor and the transferee
OR
Payment is made according to
ordinary business terms in the industry

z
Ordinary Course of Business
Between the Parties
Payment that is “normal” in parties’
course of dealing
Consistency with other business
transactions between parties
Examines course of conduct + payment
history prior to filing
Historical period v. preference period
Consistency late payments may qualify
as ordinary payments

z
Payment NOT in Subjective
Ordinary Course of Business
Creditor requires a cashier’s check for the first time
Creditor imposes new terms during the preference period
Payment results from coercive collection practices
Creditor imposes or threatens credit hold

z
Ordinary Business Terms:
Objective Ordinary Course
Payment is “ordinary” in relation to
the relevant industry standard
Examine industry as a whole
Explore practices common to
similarly situated businesses
Usually requires expert testimony

z
Subsequent New Value
Defense
Creditor may have replenished the value of Debtor
by continuing to supply goods/services

z
Transfer by creditor after payment received
Not secured by “otherwise unavoidable” security interest
On account of which new value debtor did not make
an otherwise unavoidable transfer to or benefit of creditor
New value determined as of petition date,
so post-petition payments are not relevant

z
May not be available if
Creditor retains a
security interest
May not be available if
Debtor later paid for the
new goods prior to the
petition date

z
+ June 1: Debtor pays Creditor $200,000
+ June 15: Creditor ships new goods on credit
+ August 1: Debtor files bankruptcy
+ Zero preference exposure because of SNV
+ Creditor has a proof of claim for $200,000

z
+ June 1: Debtor owes creditor $500,000
+ June 15: Debtor pays creditor $200,000
+ June 30: Creditor ships new goods ($100,000) on credit
+ $100,000 preference exposure because of SNV
+ Creditor has a proof of claim for $400,000

z
+ June 1: Creditor ships new goods ($200,000) on credit
+ June 15: Debtor pays creditor $200,000
+ $200,000 preference exposure

z
Transfer <$5,000 in business cases<$5000
Amount in controversy
Case filed too late (statute of limitations)
Transfer to holder of unperfected lien rights
Other Potential Defenses
+
Transfer <$600 in consumer cases <$600

z
Where is the lawsuit filed?
When was the lawsuit filed?
How much is the claim?
Did the debtor make the transfer?
Checklist of Defenses
Against Preference Claims

z
Checklist of Defenses
Against Preference Claims
Do lien rights exist? PMSI?
Did debtor receive “20 day goods”?
Has debtor made “critical vendor” offer?
Section 503(b)(9) bargaining chip?

z
Review your invoices
to compare to
industry standards

z
Stay consistent in
your collection
practices

z
If a problem customer
files bankruptcy,
work up defenses
while fresh

z
Preserve all records
of collection
communications

z
Don’t ignore a
demand letter

z
Christy A. Prince, Director
cprince@keglerbrown.com
keglerbrown.com/prince
614-462-5444
Thank You!

2016 legal seminar for credit professionals

More Related Content

What's hot (14)

Viewers also liked (20)

Similar to 2016 legal seminar for credit professionals (20)

More from Kegler Brown Hill + Ritter (20)

Recently uploaded (20)

2016 legal seminar for credit professionals