1 / 73

e -Matters, Privacy, and More: What YOU Need to Know!

e -Matters, Privacy, and More: What YOU Need to Know!. Presented by:. Brian T. Casey, Partner Patrick J. Hatfield, Partner. October 13, 2009 Association of Corporate Counsel – Georgia Chapter Monthly Luncheon. ATL Doc# 381372_3. Agenda. Preliminary Comments 6 Point Risk Framework

kanan
Download Presentation

e -Matters, Privacy, and More: What YOU Need to Know!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. e-Matters, Privacy, and More: What YOU Need to Know! Presented by: Brian T. Casey, PartnerPatrick J. Hatfield, Partner October 13, 2009 Association of Corporate Counsel – Georgia Chapter Monthly Luncheon ATL Doc# 381372_3

  2. Agenda • Preliminary Comments • 6 Point Risk Framework • Case Law Update • Overview of e-Payments • e-Delivery • Assurances for your e-Sign vendor/IT Department • Telemarketing Rules Updates • Privacy & Security Laws Updates • Q & A

  3. Preliminary Comments • A reasonably well designed process, supported by solid technology, can actually reduce risk, relative to traditional process • It’s more about process and workflow than it is about technology, but technology plays important role

  4. Preliminary Comments • In designing where the records will be stored and which records will be kept, consider long-term e-discovery implications • Use of e-signatures for existing customers still presents a huge opportunity for savings and customer retention

  5. Preliminary Comments • Consider use of e-sign process for your workforce for various acknowledgements, authorizations, enrollments, elections and deliveries • Consider buying the solutions rather than building - the choice of vendors continues to improve

  6. Preliminary Comments • See link for more info: http://www.lockelord.com/services/ServiceDetail.aspx?service=371 • Occasionally we will send out an e-Matters alert on this and related topics, refer to last slide for more information

  7. Basics of e-Sign Laws in the U.S. • Federal e-Sign law effective Oct 1, 2000 • 47 states have adopted UETA (not IL, NY or WA) • Preemption in fed law limits state variation • Companies can implement a national e-sign process

  8. Basics of e-Sign Laws in the U.S. • “e-Signature”: electronic sounds, symbol, or process attached to or logically associated with a contract or record and executed or adopted with intent to sign the record - Many different forms of e-sign technologies - Clicking “I AGREE” or saying “I AGREE” - One may sign electronically a tangible document - May use a voice signature to sign a “hard copy”

  9. Basics of e-Sign • e-Sign laws don’t elevate e-signatures, just that signatures and records may not be denied because they are electronic • All other contract principles apply, such as evidentiary rules, unconscionability, fraud, etc.

  10. Basics of e-Sign • Documents required to be provided in writing may be e-delivered • Consumer disclosures may be e-delivered, with an extra step

  11. Voice Signatures • Single call to do it all • “4 Corners” principle • Consumer disclosure challenge • Need to audit • Viable alternatives • Shroyer v. New Cingular Wireless

  12. 6 Point Risk Framework

  13. e-Signature Mock Trials • Why we did it? • Online customer purchase scenario • Key Lessons: • Challenge of conveying complex testimony about technology system and process • Proper e-signature process and audit trail may reduce risks existing in current processes

  14. Web: Unknown CustomerWork Flow Process Diagram

  15. 6-Point Framework • Developed over time from risks identified by clients and attendees at sessions like this • Framework helps distinguish the risk, to match the mitigation strategy with level of paranoia • Helps multi-disciplinary team communicate

  16. 6-Point Framework: Risks • Authentication Risk – “That’s not my signature” • Repudiation Risk – “That’s not what I signed” • Admissibility Risk – “Objection, your honor!” • Compliance Risk – “I never saw that” • Adoption Risk – “Am I done yet?” • Relative Risk – “How does it compare to the traditional way?”

  17. 6-Point Framework: Mitigants • Authentication Risk – Use “shared secrets” or other ways to affirm identity • Repudiation Risk – Hash each document and hash the audit trail • Admissibility Risk – Determine who is able and willing to testify – upfront, read Markel • Compliance Risk - Varies • Adoption Risk – Test, adjust, test, repeat • Relative Risk – Still important

  18. Sample Project 1 - Life Insurance Application E-Signed on PDA • Scenario: “Turbo App” - Face-to-Face home life insurance solicitation; no consumer required device • Document at Issue: Life insurance application and life insurance replacement notice and other consumer disclosures with delivery receipt

  19. Sample Project 1 - Life Insurance Application E-Signed on PDA • Key Law in Play: Insurance code governing insurance application, replacement notice • Process Design: content provided in paper form but embedded in PDA; customer reads physical content, agent inputs answers in PDA with interactive pop-ups using stylus, customer signs on PDA and signed documents printed for customer on site or mailed

  20. Sample Project 2 – e-Delivery Notices of GLBA Privacy Notices • Project A - Website delivery of e-privacy notice by national personal lines property & casualty insurance agency • Project B - Telephonic IVR system for written consent to disclosure of non-public personal financial information of personal lines property & casualty insurance customer

  21. Case Law Update

  22. Case Selection Criteria • Some are employer/employee cases – employees and consumers may be viewed alike by the courts, esp. in area of disclosures • Our review, based on broad Lexis net, is current • Receive our e-Matters updates (see last slide)

  23. Long v. Time Insurance Co. • Federal Court in OH, decided in mid 2008 • Application for health insurance signed by the agent, after reviewed and confirmed by insured (health insurance) • Policy issued, with app attached • Based on pre-existing condition discovered at claim time, Time denied coverage • Insured (rep of insured) claimed insured verbally disclosed pre-existing condition to the agent

  24. Long v. Time Insurance Co. • Very helpful case for insurers looking for support of use of e-signature in application process, especially where the signed application is provided with the policy issue • Court discusses various other traditional reasons to hold for Time • See our extensive write-up in on this case

  25. General Dynamics Line of Cases • Kerr v. Dillard (D. Kansas) • Verizon Communications v. Pizzirani (Federal Court in PA, 2006) • Bell v. Hollywood Entertainment Corp. (Ohio Appeals Court, 2006) • Campbell v. General Dynamics (Federal Court of Appeals 1st Circuit, 2005)

  26. General Dynamics Line of Cases • Cases are instructive in designing a process (for employees or consumers in the new business process). - e-Delivery can be effective, regardless of whether the person to be bound actually opens or reads the substantive new terms - Critical to the process is masking the significance of the e-Delivered document very clear and requiring an affirmative act to signify acceptance, such as “clicking” I agree

  27. Point of Sale Process • Labajo v. Best Buy Stores (Federal Court NY, 2007) • Process involved selling subscriptions by including not-so-conspicuous notices on printed receipts, when the consumer used the electronic signature pad to sign for purchases • Case was a class action based on improper charges when plaintiff did not timely cancel “free” subscription

  28. Point of Sale Process • The court held the process was flawed because BB did not show the keypad made clear to the consumer the consequence of signing for a “free” subscriptions • BB compounded by not responding to consumer complaints very well • Case is noteworthy on the process of making the significance of certain actions very clear and the class action risk

  29. Voice Signature • Shroyer v. New Cingular Wireless (Federal Appeals Court, 2007) • Process involved printed terms and conditions in the box with the phone – to activate the phone, consumer dials a number and electronically accepts the printed terms in the box • The court held that the process was just fine • The terms in the box can of course be signed in this fashion

  30. Voice Signature • The court refused to enforce the terms of the contract signed in this fashion, they were unconscionable • Case is instructive because, as we have helped clients do, one can use an electronic signature (including saying “I agree”) to sign a document in hard paper

  31. Class Action Risk • Brueggemans v NCOA Select, et al. (Federal District, June 29 2009) • Process involved website sale of insurance-extended warranty insurance for a phone • Website T’s&C’s – mandatory arbitration • By clicking to proceed, consumer accepted T’s & C’s • Court enforced the T’s & C’s, including arbitration

  32. Class Action Risk • Automated e-sign processes will result in greater consistency and more accessible record of each person involved • Consistently right, or consistently wrong • Possibly greater class action risk • Options for mitigating the greater class action risk • Seriously consider the class action risk

  33. Absent Cases • The opinions re: the processes used in Time, Bell, Verizon and Kerr are helpful for the financial services sector broadly • We have yet to see the case where the consumer claims he never signed the application for insurance or the loan (Long in Time may have come close) – to do so admits no coverage

  34. Summary • We’ve yet to see a bad case, but there are a few bad processes • The courts are not struggling to recognize electronic signatures can be enforceable • Take-away: Courts continue confirming e-Delivery and e-Signatures in the employee/consumer settings, as long as it is made clear to the person the significance of the action accepting new terms • Plan for admissibility, we suspect there will be more disputes in this area

  35. Overview of e-Payments

  36. e-Payments • Remember the other payment laws and rules: - ACH – Reg E and NACHA rules and the contract with your bank - Credit cards and debit cards – merchant aggreements, PCI standards • Rules vary by payment type (ACH vs. card) and whether one-time vs. Recurring payment • Consider using payment processor better equipped to handle some of these compliance burdens

  37. e-Delivery of the Fulfillment Package: Can it be Done?

  38. e-Delivery • Yes – e-Delivery is permissible • Requires clear consent from recipient • Consider obtaining consumer’s consent for e-delivery for all permitted notices, such as: - GLB annual notices - FCRA opt-out notices - Security breach notices - Other notices that may be required

  39. e-Delivery • e-Delivery method can reduce risk: - proof of delivery of complete package - proof of when delivery occurred • e-Delivery can also present a quandary: what happens if consumer does not retrieve package/notice?

  40. e-Delivery • Better method appears to be: - email alert that something is ready - consumer logs into secure site to access materials

  41. What Assurances Should You Get From Your e-Sign Vendor or Internal IT Shop?

  42. Assurances from e-Sign Vendors/IT • Avoid surprises- ask now who will be there to testify on critical points: • System creates an Audit Trail • Audit Trail is securely archived • What is generated and available as evidence • One credible source reports significantly improved settlement conferences

  43. Assurances from e-Sign Vendors/IT • Audit Trail and each document/record presented, including each that was signed, are unaltered without detection • Who will testify as to the above? • Requires specific opt-out mechanisms for customers

  44. Assurances from e-Sign Vendors/IT • In sum, ask for full sample of what would be generated to prove: - To a judge, how the company is sure the application with the misrepresentations is in fact what the customer signed; and - To a regulator, how you are so sure that each and every required disclosure was in fact provided to the PI/PO

  45. Telemarketing Rules Updates:Prerecorded Telemarketing Callsand Automatic Telephone Dialing Systems

  46. FTC Telemarketing Sales Rules (TSR) Amendments • Prerecorded Telemarketing Call Amendment (16 C.F.R. 310) • Prerecorded = Not defined, but should mean any message not delivered by a live human voice • Requires specific opt-out mechanisms for customers (effective December 2008) • Requires prior written consent for placing pre-recorded calls to consumers, including those with established business relationship (effective September 2009) • Preempts less restrictive state laws but does not preempt more restrictive state laws • Healthcare/HIPAA exemption

  47. Prerecorded TelemarketingOpt-Out Requirement Rules • Minimum 15 seconds/4 rings before disconnecting an unanswered call • Within 2 seconds of end of greeting, call must identify seller, state purpose is to sell, describe product/service followed immediately by: • In Person answered calls- provide opt-out via IVR or keypad usable anytime during call, which must add caller’s number to DNC list and disconnect call • Answering Machine/Voice Mail answered calls- provide toll-free phone number for opt-out that connects to opt-out via IVR or keypad, which must add caller’s number to DNC list and disconnect call

  48. Prerecorded TelemarketingPrior Written Consent Rules • Request for written consent must be preceded by a “clear and conspicuous” disclosure to consumer that agreement authorizes seller to make prerecorded sales calls to consumer • Consent must be in writing and cannot be condition to buying product or service • Consent must have callee’s telephone number and signature • E-signature for consent expressly recognized by amended rule

More Related