IDENTITY THEFT What’s a lawyer to do. H. Amos Goodall, Jr IDENTITY THEFT What’s a lawyer to do? H. Amos Goodall, Jr., CELA, FACTEC Goodall & Yurchak, PC 328 South Atherton Street State College, PA 16801 goodall@centrelaw.com 814-237-4100 Special Needs Alliance Armchair Chat November 24, 2009
The Problem In 2006, almost 10 million Americans were the victims of identity theft. Losses totaled $56.6 Billion http://consumertheft.com/identity-theft-statistics.php
The Solution—Civil Liability for Identity Theft Identity theft can cause catastrophic financial damage . . . . Civil claims against the responsible parties can help repair the damage.” Dione, Jeffrey R; Ferguson, James A. “Civil Liability for Identity Theft”, Trial Magazine, February, 2007 at 58,
Elements of A Cause of Action Third Party Liability 1. The entity committed some act that enabled or helped the identity theft to occur. 2. The entity owed a duty to the consumer whose identity was stolen 3. The entity breached that duty 4. The breach was the actual and proximate cause of the consumer’s injury
Wood, Stephen L. et al., “Identity Theft: Developments in Third Party Liability”, 2002 ABA Section of Litigation Consumer and Personal Rights Newsletter, Vol. VIII, No. 3
Duty: Liability to Third Parties Patrick v. Union State Bank, 681 So. 2d 1364 (Ala 1996) A bank opened an account for an imposter without verifying information and, after imposter overdrew account, argued that there was no duty to the victim because no relationship between the bank and the person who became the victim.
Patrick, 681 So. 2d at 1369 “The bank undeniably thought it had a relationship with Ms. Patrick [the victim] when it opened the account for, and gave checks to, an imposter; the fact that [the bank opened the account under the victim’s name, using her social security number and upon presentation of a misplaced driver’s license] persuades us that there is some relationship between the parties.”
Red Flag Rule The Red Flags Rule was promulgated in 2007 pursuant to Section 114 of the Fair and Accurate Credit Transaction Act of 2003 (FACT Act), Pub. L. 108-159, amending the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681m(e). The Red Flags Rule is published at 16 C.F.R. § 681.2. See also 72 Fed. Reg. at 63,772 (Nov. 9, 2007)
Red Flag Rule 16 CFR §571.90 Each financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Program must be appropriate to the size and complexity of the financial institution or creditor and the nature and scope of its activities.
Definition of Creditor . . . [A]ny person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit. 15 USCA §1691a(e)
Definition of “Credit” The term "credit" means the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefor. 15 USCA §1691a(d)
Creditor A natural gas utility was “creditor” where it regularly provided gas to its customers prior to being paid therefore. In re Brazil, Bkrtcy.N.D.Ohio 1982, 21 B.R. 333. Are lawyers who provide services without being paid in advance creditors?
Riethman v. Berry 287 F 3d 274 (3 Cir 2002) Law firms are not creditors under definitions in Equal Credit Opportunity Act.
FTC’s Position Business Alert: An entity which defers payment for goods or services wound be considered a creditor, subject to compliance with Red Flag Rule duties. FTC publications: Specifically identify law firms as covered entities.
American Bar Association v American Bar Association v. Federal Trade Commission, (DDC 2009) Civil Action No. 09-1636 FTC’s application of the Red Flags Rule to attorneys exceeds the Commission's statutory authority based on prior litigation between the same parties. [ABA v. FTC, 430 F.3d 457 (D.C. Cir. 2005)]. http://www.abanet.org/poladv/priorities/redfla grule/2009oct30_amendedorder.pdf
NAELA Aspirational Standard No. 2 [The Attorney] meets with the identified prospective or actual client in private at the earliest possible stage
Risk of Identity Theft FTC template is for use by organizations with low risk of identity theft.
Red Flag Rule Four Elements 1. Policies Reasonable policies and procedures to identify the “red flags” of identity theft Suspicious patterns or practices, or specific activities that indicate possibility of identity theft
Red Flag Rule Four Elements 2. Program Program must be designed to detect red flags that have been identified
Red Flag Rule Four Elements 3. Actions Program must spell out appropriate actions you’ll take when red flags are identified
Red Flag Rule Four Elements 4. Re-evaluation Because identity theft is an ever-changing threat, Program must be re-evaluated periodically to reflect new risks
FTC Template Author’s Opinion: Although an Identity Theft Program developed in accordance with FTC guidelines may not be an absolute defense to a common law identity theft claim, the absence of such a Program could well be evidence of negligence. http://www.ftc.gov/bcp/edu/microsites/redflagsrule/ diy-template.shtm