September 06, 2018

MONTH-IN-BRIEF: Internet Law & Cyber-Security

Juliet Moringiello, Sara Beth A.R. Kohut

Cybersecurity

Anthem Data Breach Settlement Approved

By Sara Beth A.R. Kohut, Young Conaway

The U.S. District Court for the Northern District of California has approved a settlement of class action litigation stemming from the 2015 data breach of health-insurer Anthem, Inc. In re Anthem, Inc. Data Breach Litigation, Nos. 15-MD-02617-LHK (N.D. Cal. Aug. 15, 2018). The settlement provides $115 million for a class that includes more than 79 million people whose personal information was compromised in the breach. The settlement will cover credit monitoring services for two years, or alternative cash payments for class members who already have those services. Additionally, Anthem will triple its annual data-security spending for three years and adopt additional cybersecurity controls. The settlement also includes a cy pres component, by which any funds not claimed by class members would be paid to two non-profit privacy entities.

FBI Issues Email-Scam Alert

By Lawrence Thomas, Drexel University Thomas R. Kline School of Law

The FBI recently released a public service announcement regarding Business E-mail Compromise (BEC) and E-mail Account Compromise (EAC). BEC/EAC is a scam focusing on wire transfer payments from businesses and individuals, with other variations including compromising business e-mail accounts and requesting personally identifiable information or employees’ wage and tax statements. The most recent targets have been real estate transactions affecting title companies, law firms, real estate agents, and buyers and sellers. These scams have taken place all over the country and throughout the world with over 78,000 domestic and international incidents reported between October 2013 and May 2018 causing over $12.5 billion in actual and attempted loss. BEC/EAC actors’ behavior can include requesting changes to wire dispersal from check dispersal, communicating exclusively through e-mail, or requesting personal information during phone calls. The FBI suggests verifying all requests for changes in payment type and location, establishing other means of communication for verification, and establishing code phrases known only to the actual parties to counter fraudulent activity. If you are a victim, the FBI suggests contacting your financial institution and local FBI office, as well as reporting to the Internet Crime Complaint Center (IC3).

Data Privacy

Two Circuits Find that Carpenter Does Not Apply to Prior Searches

By Sara Beth A.R. Kohut, Young Conaway

The U.S. Courts of Appeals for the Second Circuit and the Seventh Circuit both recently determined that Carpenter v. U.S., 138 S.C. 2206 (2018), does not require suppression of cell-phone location data acquired before that decision held that a warrant is required to obtain such data. In U.S. v. Zodhiates, No. 17-839-cr (2d Cir. Aug. 21, 2018), the Court of Appeals affirmed the U.S. District Court for the Western District of New York in convicting Philip Zodhiates for conspiring to unlawfully remove a child from the U.S. after cell-phone records tied him to other conspirators. In U.S. v. Curtis, No. 17-1833 (7th Cir. Aug. 24, 2018), the Court of Appeals affirmed the U.S. District Court for the Northern District of Illinois in convicting Eric Curtis on robbery and related charges after cell-phone location data placed him near four robbery sites. Both Courts of Appeals found that the “good faith” exception to the exclusionary rule applied because the government had relied on then-existing precedent that only a subpoena was needed under the federal Stored Communications Act to obtain the cell phone records at issue.

E-Commerce

Unpaid Highway Tolls Are Not "Debt" Under FDCPA

By Sara Beth A.R. Kohut, Young Conaway 

The U.S. Court of Appeals for the Third Circuit has affirmed the U.S. District Court for the District of New Jersey in its finding that unpaid highway tolls do not constitute “debt” that can support a claim under the Fair Debt Collection Practices Act. St. Pierre v. Retrieval-Masters Creditors Bureau, Inc., Nos. 17-731 and 17-1941 (3d Cir. Aug. 7, 2018). After Thomas St. Pierre’s E-ZPass account fell into arrears, the defendant company sent him a collection letter, which St. Pierre challenged on the basis that his account number and other information was visible through the window of the envelope in which it was mailed. The Court of Appeals held that St. Pierre had sufficiently alleged standing, but upheld the District Court’s finding that the highway tolls were a tax and not a consumer payment obligation primarily for personal, family or household purposes that would be subject to the FDCPA.

Juliet Moringiello

Commonwealth Professor of Business Law, Widener University Commonwealth Law School

Juliet Moringiello is the Commonwealth Professor of Business Law at Widener University Commonwealth Law School in Harrisburg, PA, where she teaches Property, Bankruptcy, Secured Transactions, Sales, and a seminar on Cities in Crisis. She earned her B.S.F.S. at Georgetown University, her J.D. at Fordham University School of Law, and her LL.M in Legal Education at Temple University School of Law. Professor Moringiello is Chair of the Pennsylvania Bar Association Business Law Section, a Uniform Law Commissioner for Pennsylvania, and a member of the American Law Institute. She is also a Fellow of the American College of Commercial Finance Lawyers and has held several leadership positions in the American Bar Association Business Law Section.

Sara Beth A.R. Kohut

Co-Chair; Cybersecurity, Privacy, and Data Protection Group; Young Conaway

Sara Beth’s practice focuses on advising legal representatives for future claimants in connection with asbestos mass tort insolvency matters and settlement trusts. She has also represented national and local businesses in cases involving intellectual property, corporate and commercial issues in the federal and state courts in Delaware. Sara Beth has advised clients on strategies for protecting intellectual property rights and complying with obligations governing the privacy and security of sensitive data. She currently co-chairs Young Conaway’s Cybersecurity, Privacy, and Data Protection group.