Sign Up
Stay current with GH&R Newsletters. Click here to sign up.
E-Commerce News
E-SIGN MAY PERMIT ELECTRONIC NOTICE OF BENEFICIARY CHANGE; SHODDY DATA HANDLING IS BIG TROUBLE FOR REAL ESTATE COMPANIES
September 26, 2006
E-SIGN MAY PERMIT ELECTRONIC NOTICE OF BENEFICIARY CHANGE
According to a California federal court, under the federal E-Sign Act, an electronic transmission of a change of beneficiary may constitute "written notice" to the insurance company. But, whether that transmission satisfies the contract between the parties is a separate issue.
The lawsuit arose when Seagate US LLC brought a lawsuit against its insurance provider, Cigna Corp., seeking to compel Cigna to accept change of beneficiary requests filed electronically. Seagate's contract with Cigna required that change of beneficiary notices be communicated "by giving written notice." Cigna filed a motion to dismiss, arguing that E-Sign required judgment in its favor. Seagate argued in opposition that E-Sign, in fact, compelled judgment in its favor.
Cigna pointed to the provision in E-Sign which provides that the law does not require a company to accept electronic records against its wishes. But Seagate argued that, under E-Sign, Cigna cannot deny the validity of the notice merely because it is in electronic form. Seagate also argued that while the E-Sign Act requires that consumers affirmatively consent to electronic records, there is no consent requirement applicable to businesses, such as Cigna, who draft the agreements.
The judge rendered a sort of "baby splitting" decision, ruling that the ordinary and proper meaning of "written notice" may include "an electronic communication." The court noted specifically the E-Sign provision that "a signature, contract, or other record ... may not be denied legal effect solely because it is in electronic form." But, having made that decision, the court determined that the parties may have reached a different conclusion via the specific wording and meaning in their contract. For this reason, the court ruled that "[t]he record should be further developed to determine the meaning of the phrase 'written notice.' " The court denied Cigna's motion to dismiss.
The lesson? If you're not certain that electronic notice is sufficient, it may make sense to use an acceptable form of notice in addition to the electronic means.
SHODDY DATA HANDLING IS BIG TROUBLE FOR REAL ESTATE COMPANIES
Real estate services companies Nations Title Agency, Inc. (NTA) and Nations Holding Co. (NHC) recently entered a consent order with the Federal Trade Commission (FTC) in order to settle claims brought by the FTC that the companies had mishandled sensitive data. The companies had made matters even worse for themselves by failing to abide by their own privacy and security policies.
NHC is a Kansas City-based privately held holding company that provides real estate services in 44 states. A subsidiary, NTA, provides a range of services in connection with financing home purchases and refinancing existing home mortgages.
In the course of its business, NHC and NTA routinely obtain sensitive information about consumers from banks, real estate brokers, consumers, and public records, including information such as consumer names, Social Security numbers, bank and credit card account numbers, and credit histories.
NHC and NTA maintained privacy policies which claimed that the companies had "instituted measures to guard against" unauthorized access to confidential consumer information. According to the companies, they "maintain physical, electronic, and procedural safeguards in compliance with federal standards to protect" such sensitive information.
But according to the FTC, the companies failed to:
-assess risks to the information they collected and stored, both online and offline;
-implement reasonable policies and procedures in key areas such as employee screening and training and the collection, handling, and disposal of personal information;
-implement simple, low-cost, readily available defenses to common Web site attacks or implement reasonable measures to prevent hackers from gaining access to their computer network;
-employ reasonable measures to detect and respond to unauthorized access to the data or to conduct security investigations; and
-provide reasonable oversight for the handling of personal information by service providers, such as third parties employed to process the information and assist in real estate closings.
The FTC alleged that these failures allowed a hacker to obtain access to NHC's computer network. To make matters worse, a Kansas City television station found documents containing sensitive consumer information discarded in NHC's and NTA's unsecured dumpster.
The companies ran afoul of the FTC in several ways. First, the FTC alleged that the failure to provide reasonable and appropriate security to protect the information violated the FTC's Safeguards Rule, which requires financial institutions to take appropriate measures to protect customer information. The FTC also complained that NTA's privacy policy claims were deceptive because the failures demonstrated that NTA had failed to disclose accurately the manner in which they safeguard customer information. Finally, according to the complaint, the companies violated FTC Act prohibitions against unfair or deceptive practices.
The proposed consent order would require NHC and NTA to establish and maintain a comprehensive information security program that includes administrative, technical, and physical safeguards, and would also require the companies to obtain--every two years for the next 20 years--an audit from a qualified, independent, third-party professional to confirm that their security program meets the standards of the order, and to comply with standard bookkeeping and record-keeping provisions.
Twenty years is a pretty stiff penalty for improper dumping. But, it demonstrates how serious the FTC takes data security these days.
This Newsletter is a periodic publication of Graydon Head & Ritchey LLP and should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only, and you are urged to consult your own advisor concerning your situation and any specific legal question you may have.