Technology Law Source

Verify your wires!

By Jack Beeler on

The FBI’s Internet Crime Complaint Center has released its 2018 annual report, which includes statistics that internet-enabled theft, wire fraud and exploitation were responsible for a staggering $2.7 billion in financial losses in 2018. If you are involved in transactional work, this can happen to you.

Reports detail an increasingly common story of wire fraud accompanying large sum transactions. The story line often includes a spoofed email invoice in connection with closing, which instructs one party to wire closing related expenses to a fraudulent account. As a result of the detailed and convincing invoice, one party loses their funds forever when they wire a large sum to the hacker’s offshore account.

What are the courts saying?

Recent news reported on a story about a hack that took place during a real estate closing. A law firm forwarded money to Deutsche Bank in accordance with instructions from a mortgage company. Through “mimicking” the e-mail address that the lender used, the hacker provided fraudulent wiring instructions to the law firm.

In rejecting the law firm’s complaint against the lender, the U.S. District Court for the Eastern District of Virginia ruled that state law does not allow companies to bring negligence claims against organizations that are hit with a data breach based on “a duty to safeguard the private information of another individual.” The court observed that its decision rests on a developing area of law: “whether or how to impose liability on a party whose potentially negligent conduct flows from a data breach.” Courts have come down on both sides of the issue, giving companies little clarity on who is liable for negligence after a data breach.

Red flags to watch for:

Above all, verifying the wire instructions verbally with the creditor/vendor can easily prevent loss in such scenarios. Through quick communication, parties can discover incorrect bank account information and avoid wire fraud. There are many indicia that point to suspicious e-mailed (or faxed) instructions. Here are a few red flags to keep in mind:

  • A message from a Gmail or Hotmail account, especially late in a transaction
  • A slight misspelling of words in the sender’s address or message
  • Instructions that direct a wire to a foreign account, an account without the payee’s proper name, or an unknown bank
  • Changing wire instructions
  • Any “rush” transaction

These cases demonstrate the importance of maintaining adequate cyber insurance and the necessity of independently verifying all wire instructions transmitted through non-secure servers. Finally, calling a known telephone number is typically the safest way to verify information with any party to a matter.

Riding the waves of U.S. data privacy legislation

By Donna Ruscitti on

privacy legislationMuch has been written about the European General Data Protection Regulation (GDPR). Commentators have touted the EU’s supposedly superior data protection regimen. But don’t lose focus on what is happening within the U.S. and the implications for U.S. companies that may not be focused on GDPR requirements. Even companies that are GDPR focused may not meet the upcoming requirements. At least three significant privacy legislation fronts in the U.S. bear mentioning: Continue Reading

The United States Patent and Trademark Office’s intellectual property attaché program offers valuable resources to guide U.S. businesses in navigating IP systems abroad

By Porter Wright on

The United States Patent and Trademark Office (USPTO) offers valuable IP-related business resources through an intellectual property (IP) attaché program. The program is structured to generally improve IP policies, laws and regulations abroad for the benefit of U.S. businesses and stakeholders, while providing country-specific IP-related materials and services to teach and inform. However, the program also makes representatives available who can act as points of contact for U.S. businesses to guide actions and to provide interactions with foreign governmental entities to addresses country-specific IP-related legal issues.

Continue Reading

Pilot program for PCT applications streamlines examination and search procedures

By Porter Wright on

On July 1, 2018, the United States Patent and Trademark Office (USPTO) began a 3-year pilot program known as The PCT Collaborative Search and Examination Pilot (CS&E) Program, to streamline examination and search procedures for patent examiners in multiple countries. The program is a coordinated effort with patent offices from around the world, together known as the IP5 offices. Specifically, participating International Search Authority (ISA) members include the USPTO, European Patent Office (EPO), Japan Patent Office (JPO), Korean Intellectual Property Office (KIPO), and State Intellectual Property Office of the People’s Republic of China (SIPO). This program is a continuation of two previous programs launched in 2010 and 2011, respectively, involving the USPTO, EPO and KIPO that laid the groundwork for this expanded program aimed at testing user interest, operational and quality standards, and the electronic platform.

Currently, upon filing a PCT application, applicants designate one of the IP5 offices to provide an international search report (ISR) and written opinion. However, upon reaching the national stage as applicants pursue applications in individual countries, applicants can be presented with country-specific search reports involving entirely new art depending on varying search criteria. This can place a burden on applicants and hinder cohesive world-wide prosecution strategies. The CS&E program addresses this issue by coordinating searches from each office, thereby providing a higher quality work product which is more likely to comprehensively identify and consider world-wide art. The CS&E program provides the advantages of having the searching performed by multiple examiners with different language capabilities and an increased predictability of outcome. Importantly, at this time the CS&E program requires no extra cost. Continue Reading

Ohio passes new law providing safe harbor to businesses suffering a data breach and amends Ohio law to allow records and contracts secured by blockchain technology

By Ryan Graham on

Implementing a cybersecurity framework may begin to pay off for companies doing business in Ohio. As anyone following data privacy litigation knows, litigation stemming from data breach incidents can prove to be extraordinarily burdensome and expensive. Ohio is the first state to pass a law that will limit a business’s exposure in data breach litigation if the businesses has voluntarily adopted an identified cybersecurity framework.

In terms of the particulars, Ohio recently passed S.B. 220, which provides an affirmative defense against tort claims to businesses sued by data breach plaintiffs. The law will be codified at R.C. 1354.01–1354.05 and will go into effect on Nov. 2, 2018.

The law will provide a business with a “legal safe harbor” if the business adopts and complies with a “recognized cybersecurity framework.” The act lists a number of qualifying safe harbor cybersecurity frameworks including, but not limited to: Continue Reading

Sixth Circuit finds insurance coverage for phishing losses

By Donna Ruscitti on

“The risk of loss due to some form of cyberattack should prompt employers to consider insuring against those losses. But, not all cyberinsurance policies are created equal.” Our colleague, Brian Hall, writes in the most recent Employer Law Report blog post which discusses the recent 6th Circuit case, American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America.

“When shopping for insurance to cover potential losses due to cyber activity, businesses will need to make sure that they understand exactly what the policy terms mean and what events will trigger coverage under the policy and which will not. In addition, it is important to know what the policy will pay once a triggering event occurs. For instance, will it pay for regulatory fines, the cost of sending data breach notices, the cost of identity theft services for customers, or business interruption?”

Read the full post at Employer Law Report.

Big changes for internet shopping

By Mark Snider on

On June 21, 2018, the U.S. Supreme Court ruled in Wayfair v. South Dakota that internet and catalogue retailers can be required to collect sales taxes from customers in states where they have no physical presence. In plain English, in most situations, no more tax-free shopping on the internet. Buyers have always technically been required to pay a use tax to their state if no sales tax was collected by the seller. This decision overrules two older decisions that allowed retailers to avoid collecting sales tax on customers outside of its home state and outside other states where the retailer had employees, a store, a warehouse or some other physical presence. This is likely the most significant state and local tax case in 25 years and will have a profound impact on businesses who sell taxable goods or services online. Further, there are implications for mergers and acquisitions and could have a chilling effect when the potential buyer of a company realizes that the target has major sales tax exposure. Continue Reading

UPDATE: All fifty states now have data breach statutes

By Ryan Graham on

On July 1, 2018, all fifty states will have active data breach statutes that govern the notification process for companies that experience a data loss incident. Alabama and South Dakota both recently passed data breach laws, representing the last two states to enact data breach legislation. As with other data breach statutes, Alabama and South Dakota have imposed slightly different requirements on businesses that experience a breach event, contributing to the increasingly rich tapestry of state laws governing data breaches. Continue Reading

The federal landscape on self-driving cars

By Jill Okun on

Motivated by the unprecedented spike in automotive fatalities in 2015, mostly caused by human error, the United States Department of Transportation (DOT), through the National Highway Traffic Safety Administration (NHTSA), has embraced self-driving cars as a means to significantly reduce motor vehicle crashes. In so doing, the DOT stands behind developing a regulatory framework which encourages the safe development, testing and deployment of automated vehicles. Because current legislation and policies have not caught up with technology, Congress and the DOT are hoping to create legislation which balances technology and car manufacturers’ freedom to test, evaluate and deploy driverless cars with ascertaining the best ways to operate and govern these vehicles on U.S. roadways.

Continue Reading

ADA Website filings show no sign of slowing down

By Porter Wright on

Regardless of industry, website accessibility has become an area of focus for ADA litigation. My colleague, Jamie LaPlante, was recently interviewed by the Bristol Herald Courier regarding a filing against Highlands Union Bank in the U.S. District Court in Abingdon, Virginia, where the plaintiff is a blind man from Fairfax county. The case follows a similar fact pattern to the 2017 Florida case against Winn-Dixie where a federal judge ruled the supermarket chain failed to make its website accessible due to the site’s lack of integration with screen reader technology. The last few years have seen an increase in threats of litigation and filings of lawsuits of this nature. We thought it was worth sharing this with you; check out the full article here.

LexBlog