Consumer Protection Archives - Page 32 of 33

U.S. Department of Justice Postpones ADA Requirements for Swimming Pools and Spas

Recently The National Law Review published a paper by the Labor and Employment Law Department of Barnes & Thornburg LLP regarding the ADA Requirements for Pools and Spas:

On March 20, 2012, the U.S. Department of Justice (the Department) announced an immediate 60-day postponement of the effective date for the accessibility requirements for pools and spas subject to either Title II (state and local government programs) or Title III (places of public accommodation). These requirements will now take effect on May 21, 2012.

The Department also is contemplating further extending the effective date, and simultaneously issued a Notice of Proposed Rulemaking (NPRM) soliciting public comment as to whether the effective date of the pool and spa requirements should be postponed until Sept. 17, 2012, 180 days from the original effective date. The Department indicated that it was taking this action in order to allow pool owners and operators additional time to address certain misunderstandings regarding these requirements and their application to existing pools and spas.

On Sept. 15, 2010, the Department adopted the 2010 ADA Standards for Accessible Design (2010 Standards), which took effect on March 15, 2012. The 2010 Standards contain requirements for accessible means of entry into and exit from swimming pools and spas as follows:

Swimming pools with at least 300 linear feet of pool wall must provide two accessible means of entry and exit from the pool. At least one means of entry and exit must be either a sloped entry (i.e., ramp) or pool lift that complies with the requirements set forth in Section 1009 of the 2010 Standards. The second means of entry and exit can be either a transfer wall, transfer system or pool stairs. (Wave action pools, leisure rivers, sand bottom pools and other pools with only one area for entry are required to provide only one accessible means of entry and exit.)
Swimming pools with less than 300 linear feet of pool wall are required to provide only one accessible means of entry and exit, provide that means is either a sloped entry or pool lift.
Only one accessible means of entry and exit is required into spas. This means of entry and exit must be either a pool lift, transfer wall or transfer system. Furthermore, where more than one spa is provided in a cluster, only five percent (5%) of the spas are required to have an accessible means of entry and exit.

On Jan. 31, 2012, the Department issued technical guidance with respect to these requirements, in particular the manner in which they pertain to existing pools and spas. See “ADA 2010 Revised Requirements: Accessible Pools – Means of Entry and Exit,” available athttp://www.ada.gov/pools_2010.htm ). Use of pool lifts generally is the most convenient method for providing access to existing pools and spas. In its technical guidance and in subsequent correspondence further explaining the pool requirements, the Department indicated that under Title II (state and local government programs), access could be provided through the use of portable pool lifts. Under Title III, however, the Department indicated the pool lift must be fixed, or at least capable of being affixed to the pool deck or apron when in use; use of portable lifts is permitted only if provision of a fixed lift is not readily achievable. This difference stems from the fact that unlike Title III, which requires the removal of physical barriers to access where readily achievable, Title II permits state and local programs to provide access to existing facilities via alternative methods, including the purchase of equipment, in lieu of making structural modifications. Whether covered under Title II or Title III, however, newly constructed pools must comply with the 2010 Standards, and altered pools must comply to the maximum extent feasible.

In its technical guidance, the Department also indicated that pool lifts must be in place during the hours the pool or spa is open. Where a facility has multiple pools or spas that are required to be accessible, a pool lift cannot be shared among the pools and spas, unless providing multiple lifts creates an undue burden.

Following issuance of the technical guidance, certain pool owners and operators expressed concern over its substance and urged the Department to permit the use of portable lifts under Title III and to permit pool lifts to be shared among pools. They also raised safety concerns regarding the Department’s position that pool lifts must be in place during the hours the pool or spa is open.

In issuing its NPRM to further extend the effective date of the pool and spa requirements, the Department emphasized that it will not revisit the merits of the accessibility requirements for pools and spas. Public comments on the issue of whether the effective date of these requirements should be further extended to Sept. 17, 2012 must be submitted no later than April 4, 2012.

Protecting Your Rights as an Additional Insured: Why a Certificate of Insurance Is Not Enough

An article by Daniel J. Struck and Neil B. Posner of Much Shelist, P.C. regarding Certificates of Insurance recently appeared in The National Law Review:

When entering into some types of contracts, you likely require that your business be named as an “additional insured” on the other party’s insurance policies. You might do this so that your insurance will not be depleted by defense and indemnification costs for losses for which you might be legally liable by virtue of your relationship to the other party, rather than due to your own direct negligence.

There are many situations in which it makes sense to be named as an additional insured. If you are a building owner, for example, you want to be an additional insured on the property and general liability insurance of your tenants in case one of them damages your building or an accident occurs involving a visitor. If you are a mortgagee, you want to be an additional insured on the property and general liability insurance of your mortgagors in case there is damage to the mortgaged property that reduces its value. If you are the owner or a contractor on a construction project, you want to be an additional insured on the general liability insurance of your contractors and subcontractors in case there is an injury to one of their employees. If you are a distributor or a retailer, you may want to be an additional insured on the insurance programs of the manufacturers of the products that you sell. Other examples abound. Despite the ubiquity of additional insured requirements, however, misconceptions about them are numerous.

Your efforts to protect your business cannot stop at simply including an additional insured requirement in your commercial contracts. Even the strongest possible additional insured provision does little good if the other party does nothing to secure your status as an additional insured with its insurers. Nor are your interests served if you do nothing to confirm that your business has indeed been named as an additional insured. In this context, trust is never a suitable substitute for concrete verification, and otherwise careful and responsible businesses are too often surprised because one of two very basic pre-conditions have not been met: (1) they never actually became additional insureds, or (2) there is no insurance in effect that provides coverage for a particular accident or loss. How is it possible that such basic conditions can trip up sophisticated businesses? And what can be done to avoid these pitfalls?

A Certificate of Insurance Is Not Insurance

It is not unusual that the only evidence of additional insured status is a form document—known as a certificate of insurance—that is usually prepared by the insurance broker for the named insured. The standard certificate of insurance generally states that the additional insured is an insured under the listed policy(ies) and that nothing in the certificate supersedes, changes or replaces what is contained in the identified policy(ies). All too frequently, certificates of insurance are collected, stored away and quickly forgotten. But a certificate of insurance does not create insurance coverage or confer status as an insured, nor is it part of an insurance policy.

Additional insured status is effectively conferred through an additional insured endorsement (i.e., an amendment to the terms of an insurance policy that is expressly incorporated into the relevant insurance policy). These amendments can take the form of an endorsement that specifically names a particular additional insured, or a general endorsement that identifies some class of parties as additional insureds.

If there is a dispute about whether the necessary additional insured endorsement was actually issued, the certificate will only be one of the factors that is taken into account. For example, if there is evidence that the insurer failed to act on a request to add an additional insured, the putative insured may be able to establish that it actually is an insured. If no endorsement was ever issued, and all the intended additional insured has is a certificate of insurance, the frustrated party may have a basis for a declaratory judgment claim against the insurer, as well as claims against the named insured and its insurance broker. But being forced to sue to establish insured status is not the same as being provided with a defense against an ongoing claim.

Here are a few best practices that a party can implement to help make certain its status as an additional insured is in place:

At a minimum, always insist on receiving a copy of the relevant additional insured endorsement because this is the instrument that establishes its status. A certificate of insurance is not enough.
An additional insured endorsement does not, however, state an insurance policy’s terms and conditions. In order to avoid being surprised by unexpected policy terms (e.g., a strict notice requirement or unfavorable notice of cancellation provisions), require a copy of the entire insurance policy under which you are an additional insured and be sure to read it.
Retain additional insured endorsements and the relevant insurance policies for as long as there is any potential that claims triggering those policies might be made.

A Certificate of Insurance Does Not Necessarily Entitle You to Notice of Cancellation

When you require that you be named as an additional insured, is it reasonable to expect that your status will remain in effect throughout the stated term of the insurance policy? Not necessarily. For example, what if you are a landlord and there is a fire at a restaurant operated by a financially troubled tenant in one of your properties? Unknown to you, the first-party property insurance policy to which you are an additional insured was cancelled two months before the fire. You may still be able to recover under your own property insurance policy, but that will affect your loss experience.

In order to avoid such situations, additional insured provisions in commercial contracts often contain a requirement that the additional insured receive notice of a cancellation at the same time as the named insured. If your business, however, relies only on a certificate of insurance as proof of its status, you run a heightened risk of an unwanted outcome.

Certificates of insurance are form documents. The most recent version of the standard certificate of insurance—often referred to as an ACORD certificate—contains a change in its terms that has the potential to surprise unsuspecting additional insureds. The current form states that “should any of the above described polices be cancelled before the expiration date thereof, notice will be delivered in accordance with the policy provisions.” In contrast, the pre-2009 version provided that “should any of the above described policies be cancelled before the expiration date thereof, the issuing insurer will endeavor to mail…written notice to the certificate holder in the event the insurance policy is cancelled.”

On its face, the old ACORD certificate at least appeared to support the expectation that an additional insured should receive a notice of cancellation from the insurer. However, it was dangerous to rely on those terms because the certificate itself was not part of an insurance policy. Insurers regularly took the position that the ACORD certificate could not modify the terms of an insurance policy.

The new form, however, is even more problematic. The current ACORD certificate refers to the notice of cancellation provisions of the relevant insurance policy. If the relevant insurance policy provides that the only party entitled to receive notice of cancellation is the named insured, then the new ACORD certificate is not likely to support the argument that an additional insured is also entitled to receive notice of cancellation. It is all well and good that your commercial contracts require that you receive advance notice of any cancellation But remember that an insurer has no reason to know the terms of the contract between you and its insured. If you never insist on reviewing the actual additional insured endorsement and the relevant insurance policy, you have no way of knowing whether or not you are entitled to notice of cancellation from the insurer.

What can an additional insured do to make certain that it receives advance notice of the cancellation of an insurance policy? Following are some things you should consider and steps you can take to protect your interests as an additional insured:

The preferred approach is to request that the insured have its insurer provide an endorsement stating that you, as an additional insured, are entitled to the same rights as the named insured in the event of cancellation. This can take the form of a separate endorsement or an amendment to an additional insured endorsement. Although you may receive pushback from the insured and its insurers, with suitable counsel and persistence, you may be able to obtain the requested endorsement.
Your contractual additional insured provisions should be revised to reflect the foregoing requirements.
If it is not possible to secure the requested notice provisions via endorsement, the best alternative is to require that the insured provide prompt notice of cancellation and/or regular confirmations that the relevant insurance remains in force.

Additional insured status is an asset that imposes certain obligations on the party enjoying that status. Furthermore, it should not be regarded as a “freebie” to be treated in a passive manner. It is important to take an active interest in securing and knowing your rights—or risk erosion of their value. Ultimately, to be sure that you have the additional insured protection that you expect consistent with your needs, consult with your lawyer and insurance broker before signing on the dotted line.

Privacy-on-the-Go: California Attorney General and Major Mobile Application Platforms Agree to Privacy Principles for Mobile Applications

Recently The National Law Review featured an article written by Cynthia J. Larose and Jake Romero of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. regarding Mobile Apps and Privacy:

Application developers have been put on notice by the State of California. It is time to pay attention to user privacy and collection of information from user devices.

In an effort led by the office of California Attorney General Kamala D. Harris, the state has reached an agreement committing the six largest companies offering platforms for mobile applications (commonly referred to as “apps”) to a set of principles designed to ensure compliance with California’s Online Privacy Protection Act. The agreement with Apple Inc., Google Inc., Microsoft Corp., Amazon.com Inc., Hewlett-Packard Co., and Research In Motion Ltd., who collectively represent over 95% of the mobile application market, is significant for two reasons. First, it operates as an acknowledgement that California’s Online Privacy Protection Act applies to app developers as well as platform providers. Second, the agreement may effectively create a minimum standard for disclosures and transparency with regard to the collection of personal information by mobile applications. Because of the global nature of the Internet, the law will apply to every mobile app provided through the six firms’ app stores even though it is a state law.

This alert includes a description of the principles underlying this agreement, as well as certain best practices to help mobile app developers ensure compliance. The full text of the agreement, as well as comments from the Office of the Attorney General, can be accessed online at http://ag.ca.gov/newsalerts/print_release.php?id=2630.

Mobile Applications and Data Privacy

The most recent data from the Pew Research Center shows that 50% of all adult cell phone owners have apps on their mobile phones, a percentage that has nearly doubled over the past two years. This same survey also indicated that approximately 43% of those surveyed purchased a phone on which apps were already installed. Many of these mobile applications, in order to facilitate the functionality of the app, allow the app developer broad access to data held on the user’s mobile device. However, as noted by Attorney General Harris in a press conference announcing the agreement, many mobile applications, including twenty-two of the thirty most popular apps, lack a privacy policy to explain how much of the user’s data is accessible by the developer, and how and with whom that data is shared.

California’s Online Privacy Protection Act provides that “[a]n operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site,” or in the case of an operator of an online service, make that policy reasonably accessible to those consumers. In entering into this agreement, the six major platform providers have acknowledged that this requirement applies equally to mobile app developers (as “online services”) and the platform providers have agreed to, among other things, implement a means for users to report apps that do not comply with this requirement and a process for investigating and responding to those reports.

The New Privacy Standard and Ensuring Compliance

A likely outcome of this agreement is that compliance with California’s Online Privacy Protection Act will become a minimum standard for the mobile application industry, because even those developers located outside the state of California will likely conclude that it is easier to have a single policy that meets California’s requirements, rather than risk inadvertent non-compliance.

To ensure compliance, developers or providers of mobile apps that collect personal data from users’ mobile devices will be required to have a privacy policy that meets the requirements set forth in Section 22575(b) of California’s Business and Professions Code (as an incorporated portion of the Online Privacy Protection Act, Section 22575(b) can be accessed in full by following the link provided above). Specifically, the privacy policy must:

· Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.

· If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.

· Describe the process by which the operator notifies consumers who use or visit its commercial Web site or online service of material changes to the operator’s privacy policy for that Web site or online service.

· Identify its effective date.

In establishing a compliant privacy policy, an app developer or provider should take great care to ensure that the descriptions and processes contained therein match the actual operations of the company and the information it collects, and the policy should be reviewed periodically by both legal counsel and the app developer’s technical experts so that it can be updated as necessary. The policy should be clear and easy to understand, especially with regard to the collection and sharing of personal data. For those companies who may be affected by this agreement and already have a privacy policy in place, that policy should be reviewed to determine whether it should be updated. Developers and platform providers that do not comply with the law can be prosecuted under California’sUnfair Competition Law and/or False Advertising Law, which has penalties of up to $500,000 per use of the app in violation, Harris said. “If developers do not follow the privacy policies we will sue,” she added.

Anticipated Developments

Per their agreement with Attorney General Harris, the six major mobile app platforms will commence working with app developers to ensure compliance and provide education regarding privacy and data sharing. To increase awareness and promote transparency, mobile app developers will be required, as part of the application submitting an app to the platform, to provide either a link to that developer’s privacy policy, a statement describing the policy, or the full text of the policy itself. In each case, a user who is considering downloading the developer’s app will be provided access to the privacy policy associated with that app prior to downloading it.

The six major platforms have agreed to reconvene within six months to further evaluate any required changes), but no specific timeline has been stated with regard to implementing the changes described above. However, for mobile app developers who hope to continue to be a part of this quickly growing and highly lucrative market, there may not be a more opportune time to take advantage of the resources being provided on both a state and industry level.

DOJ Goes After Smaller Fraudsters, Lets Big Fish Escape

An article featured recently in The National Law Review regarding the Department of Justice’s Prosecuting Fraud was written by Nicole Kardell of Ifrah Law:

Successful criminal prosecutions of mortgage fraud seem to have one thing in common: a fraud figure well below $10 million. One of the recent cases that generated a fair amount of press involved the convictions of co-conspirators in a mortgage scheme carried out by an ex-NFL player. That scheme, which took place during the housing boom in the early 2000’s, resulted in 10 convictions. Former Dallas Cowboy linebacker Eugene Lockhart is facing jail time of up to 10 years. The nine other individuals are looking at sentences of roughly two to five years.

The mortgage scheme – which led to convictions for wire fraud, conspiracy to commit wire fraud, and making false statements to a federal agency – seems pretty typical of the conduct that prosecutors have been going after: the use of “straw borrowers” to apply for loans on home purchases; falsification of data on loan applications to ensure that straw borrowers would qualify for home loans; and creation of artificially high appraisal values for the homes to be purchased by the straw borrowers. In the case of Lockhart and his cohorts, the Justice Department alleges that the scheme resulted in an actual loss to lenders of roughly $3 million.

While $3 million is not a trivial sum, it is a very tiny portion of the housing industry. Even the total amount in all similar prosecutions nationwide is quite small. Recent headline prosecutions involving similar schemes include a Florida case valued at $8 million in loan proceeds, an Alabama case valued at $2 million, and a New York case valued at $82 million in loan proceeds. At least the latter is a more aggressive number (as apparently was one of the defendants in the New York case, who moonlighted as a dominatrix in a Manhattan club).

The government has been touting these prosecutions as a part of a major crackdown on the mortgage business. The DOJ press statements note that“[m]ortgage fraud is a major focus of President Barack Obama’s Financial Fraud Enforcement Task Force.” But these are comparatively minor matters if one looks to the real causes of the housing crash that led to the 2008 financial crisis. Bank of America, Goldman Sachs, JPMorgan Chase, and Wells Fargo, who were all in the business of packaging and selling subprime mortgages, have been more or less covered with Teflon.

The lack of criminal prosecutions against the big banks in the subprime crisis has been written about many times. But that doesn’t mean it’s not worth repeating. Something seems just wrong about the DOJ’s focus on the smaller fraudsters and its soft approach to the bigger players.

Hopefully, the SEC’s recent decision to send Wells notices to Goldman Sachs, JPMorgan Chase, and Wells Fargo indicating possible enforcement proceedings, means that at least these banks could face some civil liability for their role in the housing crash. And Bank of America recently settled a False Claims Act case with the Feds for $1 billion. But approaching the banks with civil actions, and skirting individual culpability, sends the message that once you reach a certain level of success, you are above the law.

Does Your Firm's Standard Lien Language Create a Possibility that Your Customer IRAs May Lose Their Tax Exempt Status and Protection from Third-Party Creditors?

Recently The National Law Review published an article by Jon Andrew Jacobson, Scott E. Rahn, Alex J. Rosenthal and Adam M. Starr of Greenberg Traurig, LLP regarding Lein Language for IRAs:

It is not uncommon for firms to use standard language in their account agreements that creates liens on Individual Retirement Accounts (IRAs). Two recent federal court decisions, however, suggest that granting such a lien on an IRA may constitute a prohibited transaction that causes these accounts to lose their tax exempt status, which in turn could potentially make IRAs subject to third-party creditor claims. These two decisions could have far-reaching implications for any firm that has used or still uses similar lien-creating language in their account agreements.

In the first case, In re Daley, 459 B.R. 270 (Bankr.E.D. Tenn. 2011), the Bankruptcy Court for the Eastern District of Tennessee sustained the chapter 7 trustee’s objection to an exemption claimed by the debtor for his Merrill Lynch IRA. Normally, because an IRA generally is exempt property under the bankruptcy code, it will be protected from creditor claims against the IRA owner. In Daley, the debtor scheduled his IRA as exempt from property of his bankruptcy estate pursuant to Tennessee Code Annotated § 26-2-105(b),¹ which provides that a retirement plan that is qualified under Section 408 of the Tax Code is exempt from claims by creditors. Years before the debtor’s bankruptcy filing, Merrill Lynch, the debtor’s brokerage firm, had obtained a determination letter from the Internal Revenue Service that indicated the Merrill Lynch IRA “satisfie[d] the requirements of Code section 408[].” This determination letter created a rebuttable presumption under the Bankruptcy Code that the debtor’s IRA satisfied the terms of the Tax Code and was therefore exempt from property of the bankruptcy estate. See 11 U.S.C. 522(b)(4).²

The trustee contended that the IRA was not exempt because the Merrill Lynch Relationship Agreement gave rise to a “prohibited transaction” under 26 U.S.C. §4975. Certain prohibited transactions can cause retirement plans to lose their qualification under Section 408. One such prohibited transaction is by the IRA owner granting an extension of credit from the IRA. See 26 U.S.C. § 4975. In denying the debtor’s claim of exemption, the court found that certain language contained in the Terms and Conditions of the Merrill Lynch Client Relationship Agreement that created a lien on the IRA was tantamount to an extension of credit. Accordingly, the court found that the IRA lost its tax exempt status which, in turn, caused the debtor to forfeit the right to claim it as exempt under the Bankruptcy Code.

The court, in finding that the trustee had successfully rebutted the presumption that the IRA was exempt, relied heavily on an October 27, 2009 advisory opinion letter from Louis J. Campagna, Chief, Division of Fiduciary Interpretations, Office of Regulations and Interpretations for the Department of Labor, which definitively stated that granting a security interest in an IRA constitutes an extension of credit and a prohibited transaction. Ultimately, the result reached in Daley likely may be a function of the arguments raised — and, perhaps even more importantly, those not raised — by counsel, the paucity of law surrounding Section 522(b)(4), and a potential gap in the statutory scheme.

First, in light of the advisory opinion letter and because the debtor failed to even raise the issue, the Daley Court did not probe into whether the grant of lien by the debtor was a legitimate extension of credit within the meaning of Section 4975. As the court acknowledged, any lien granted by the debtor was conditional because the debtor never opened other accounts with Merrill Lynch nor attempted to borrow on his IRA. Generally speaking, a lien only attaches to property to the extent that it secures an obligation. If there is no obligation, then arguably the significance of that lien is greatly diminished. Yet still, in Daley, the court found that even the conditional lien eliminated the debtor’s ability to exempt his IRA.

Second, because the parties stipulated to the point, the court never examined whether the letter from the Internal Revenue Service to Merrill Lynch in fact constituted a “favorable determination” within the meaning of Section 522(b)(4)(A).³ Importantly, the Congressional intent behind Section 522(b)(3) and (b)(4) was “to expand the protection for tax-favored retirement plans.” H. Report No. 109-31 to accompany S. 256, 109th Cong., 1st Sess. (2005) pp. 63-64 (emphasis added). The Daley holding, however, did the exact opposite by effectively penalizing the debtor for having an IRA that arguably had received a “favorable determination.” Indeed, the presence of a “favorable determination” precluded the debtor from making an argument that the IRA was exempt under Section 522(b)(4)(B). Although it was not enough to change the court’s ruling, the court did acknowledge that the result it reached seemed “incongruous.”

In the second case, Yoshioka v. Charles Schwab Corp., 2011 WL 6748984 (N.D.Cal. 2011), the plaintiff class alleged that its IRAs’ tax exempt status had been put at risk based on lien-creating language contained in Charles Schwab’s account agreements. Charles Schwab’s IRA account agreement at issue provided that “each Schwab IRA account holder grants [Charles Schwab] a continuing security interest in and lien on . . . all securities and other property . . . maintained for any purpose in or through the Schwab IRA . . . .” The class alleged that such language caused it to engage in a prohibited transaction which, in turn, caused its IRAs to lose their tax exempt status. In response to the plaintiff’s complaint, Charles Schwab agreed to retroactively amend the IRA agreement to remove the lien-creating language.

The Northern District court, in a November 22, 2011 Order, denied final approval of the settlement, questioning whether the non-monetary settlement was sufficient to compensate the class for its purported, yet-unrealized “damages.” Although the court did not reach the merits of the allegations, by denying class settlement it inferred that the language contained in the agreement might be interpreted as having effectively voided the tax exempt status of the IRAs notwithstanding Charles Schwab’s attempt to retroactively amend the agreement. The court questioned whether retroactively amending the agreement would be permitted by the Tax Code; and even if permissible, if it would function to avoid creating a prohibited transaction resulting in the permanent loss of the accounts’ tax exempt status. The court did not answer these questions, however, and they remain open for further conjecture.

These holdings have potentially far-reaching implications for firms whose standard account agreements currently (or used to) contain language similar to the language in the agreements referenced above. At a minimum, these cases may give disgruntled customers ammunition to argue, as incongruous as it may sound, that they lost the tax exempt status of their IRAs simply by opening an account that grants a lien on the IRA assets.

_{1 Under the Bankruptcy Code, the debtor’s bankruptcy estate generally includes all property owned by the debtor at the time the debtor files for bankruptcy. See 11 U.S.C. § 541. Section 522 provides various exemptions of property from the bankruptcy estate; however, Section 522(b) provides an “opt out” provision, which allows states to require debtors to use the state’s exemption rather than the federal exemptions. Tennessee, like many states, is an “opt out” state. Accordingly, Tennessee’s exemptions, not the federal exemptions, applied in Daley.

2 Under Section 522(b) of the Bankruptcy Code, if retirement funds are in a fund that has received a “favorable determination” through means such as a determination letter, the funds are presumed exempt. If the fund has not received a favorable determination, however, the debtor has the burden to show that no prior determination to the contrary has been made by a court or the IRS and either (i) the fund is in substantial compliance with the Internal Revenue Code or (ii) the fund is not in substantial compliance, but the debtor was not materially responsible for the failure. See 11 U.S.C. § 522(b)(4).

3 Notably, the letter from the Internal Revenue Service explicitly declined to express any opinion as to whether the IRA language created a prohibited transaction; and because Section 522(b)(4) was added to the Bankruptcy Code in 2005, there is little case law to shed light on the meaning of a “favorable determination.”}

Cutting Edge Issues in Asbestos Litigation Conference

The National Law Review would like to advise you of the upcoming Perrin Conference regarding Cutting-Edge Issues in Asbestos Litigation:

Thursday, March 1^st – Friday, March 2^nd, 2012
Beverly Wilshire, A Four Seasons Hotel
Beverly Hills, CA

The Anatomy of Data Risk Management

An article by Risk and Insurance Management Society, Inc. (RIMS) recently found in The National Law Review focused on Data Risk Management:

Think of data as a living organism.

Just like a human body, data has various components and life support systems that must be maintained to ensure the whole thrives and survives. You can think of a data risk specialist as a doctor trying to keep the organism healthy through its various life stages.

Data, our hypothetical patient, (you’re welcome Star Trek fans) needs a safe and healthy environment, a supportive lifestyle and good hygiene. Just as a doctor has to consider external threats (“do you smoke?”) so does the data risk manager.

Let’s look at what this all means, and how this philosophy can be applied to your businesses policies and practices.

Data, our hypothetical patient, has three basic forms: paper, electronic and human memory. A good data risk management plan must consider all three.

Controlling paper and electronic data is what we think of most when considering data security. This is your standard (or what should be standard) security policy, access controls procedures, system audits, and the like. It’s where security planning meets IT.

Human memory is a little more elusive. Education, security training and a reward-demotion plan can help control human errors, as can confidentiality agreements, and project-specific security contracts. These are the tools of teachers and lawyers. Generally speaking, there are four key rules to protecting data in all its forms:

Be stingy with sensitive data, internally and externally;
Provide access to data on a need-to-know basis;
Provide access only to that specific data, rather than entire data sets;
Be deliberate in how data is handled, used and shared.

Data has a life cycle. If your data doesn’t, it should. Whether it’s government secrets or an online shopper’s credit card number, data is received or created within your company’s computer systems. It is used, maintained and stored. It is archived or destroyed. That data, in all cases, has three basic states: in action, in motion or at rest. Take the credit card number example: that information can be used, the card charged, or moved to another computer system, or archived. Use, motion, rest.

There are four fundamental rules regarding the life cycle of data:

If the organization doesn’t need it, don’t collect it.
If data must be collected, collect only what is needed.
If data is needed, control it and encrypt it.
When data is no longer needed, get rid of it – SECURELY.

Now that we know what data looks like (paper, electronic, mnemonic) and how it lives (in action, in motion, at rest) we should consider those external threats, namely data breaches. A data breach is an incident (or series thereof) in which sensitive, protected or confidential information has potentially been viewed, stolen or used with unauthorized access. This can be a hacker attack, an internal company mistake that results in exposed information or, in some cases, corporate or government espionage. A data breach can be anything that jeopardizes data.

These threats range from simple user negligence, operating or systemic issues, all the way to highly complex criminal attacks launched against your organization. As anyone who follows the tech news knows, sensitive consumer and business information has become a criminal commodity.

With this hostile environment in mind, it is imperative for the business to plan and prepare not only for the protection of their information, but also for the response and recovery of their data and business in the event of a data breach. For a data manager or security professional to fail to issue such a warning would be akin to that doctor not asking about smoking.

At the end of the day, data as an organism is more than an extended metaphor. It’s a means to look at your company’s data products in an abstract way and understand how it operates. This, in turn, will allow you to develop the proper health plan. Just like with our health, there is no single wonder pill. But there are data doctors out there who can analyze your businesses’ risk posture and recommend ways to get it in shape.

Brian McGinley, senior vice president of data risk management at Identity Theft 911 offers this well-written piece on the timely topic.

Category: Consumer Protection

U.S. Department of Justice Postpones ADA Requirements for Swimming Pools and Spas

Like this:

Protecting Your Rights as an Additional Insured: Why a Certificate of Insurance Is Not Enough

A Certificate of Insurance Is Not Insurance

Here are a few best practices that a party can implement to help make certain its status as an additional insured is in place:

A Certificate of Insurance Does Not Necessarily Entitle You to Notice of Cancellation

Like this:

Privacy-on-the-Go: California Attorney General and Major Mobile Application Platforms Agree to Privacy Principles for Mobile Applications

Mobile Applications and Data Privacy

The New Privacy Standard and Ensuring Compliance

Anticipated Developments

Like this:

DOJ Goes After Smaller Fraudsters, Lets Big Fish Escape

Like this:

Does Your Firm's Standard Lien Language Create a Possibility that Your Customer IRAs May Lose Their Tax Exempt Status and Protection from Third-Party Creditors?

Like this:

Cutting Edge Issues in Asbestos Litigation Conference

Like this:

The Anatomy of Data Risk Management

Like this:

Cutting Edge Issues in Asbestos Litigation Conference

Like this:

Cutting Edge Issues in Asbestos Litigation Conference

Like this:

Cutting Edge Issues in Asbestos Litigation Conference

Like this:

Share this:

Like this:

A Certificate of Insurance Is Not Insurance

Here are a few best practices that a party can implement to help make certain its status as an additional insured is in place:

A Certificate of Insurance Does Not Necessarily Entitle You to Notice of Cancellation

Share this:

Like this:

Mobile Applications and Data Privacy

The New Privacy Standard and Ensuring Compliance

Anticipated Developments

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: