Category Archives: Consumer Advocacy

Did the FCC Just Kill the Internet?

ftc_logo_430Federal Trade Commission (FTC) Acting Chairman Maureen K. Ohlhausen issued the following statement in response to today’s vote by the Federal Communications Commission (FCC) on the Restoring Internet Freedom Order regarding net neutrality:

“The FCC’s action today (December 14, 2017) restored the FTC’s ability to protect consumers and competition throughout the Internet ecosystem. The FTC is ready to resume its role as the cop on the broadband beat, where it has vigorously protected the privacy and security of consumer data and challenged broadband providers who failed to live up to their promises to consumers. In addition, the FCC’s new transparency rules provide additional tools to help ensure that consumers get what they expect from their broadband providers, who will be required to disclose their traffic management practices. The Memorandum of Understanding establishes a framework for FTC-FCC cooperation. Together we will move ahead to protect consumers and help ensure they enjoy the many benefits of online innovation.”

So did the FCC just kill the internet?  Probably not, but time will tell.

If you or your business have legal questions or concerns regarding communications law, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Advertisements

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Fraud alert, freeze or lock after Equifax?

After the Equifax breach, clients and friends have been coming to us with questions. Some people are considering placing a fraud alert on their credit file. Others are thinking about freezing or locking their credit files to help prevent identity thieves from opening new accounts in their name. Here are some FAQs to help you think through your options.

FRAUD ALERT

  • What is it? A fraud alert requires companies to verify your identity before extending new credit. Usually that means calling you to check if you’re really trying to open a new account.
  • How does it work? The process is easy – you contact any one of the three nationwide credit reporting agencies (Equifax, Experian, TransUnion) and that one must notify the other two.
  • How long does it last? An initial fraud alerts last 90 days. After 90 days, you can renew your alert for an additional 90 days, as many times as you want. Military who deploy can get an active duty alert that lasts one year, renewable for the period of deployment. Identity theft victims (whose information has been misused, not just exposed in a breach) are entitled to an extended fraud alert, which lasts seven years.
  • How much does it cost? Fraud alerts are free.
  • Is this for me? With a fraud alert, you keep access to your credit and federal law protects you. But an initial fraud alert lasts only 90 days and then you’ll need to remind yourself to renew it every 90 days.

CREDIT FREEZE

  • What is it? A credit freeze limits access to your credit file so no one, including you, can open new accounts until the freeze is lifted.
  • How does it work? To be fully protected, you must place a freeze with each of the three credit reporting agencies. Freezes can be placed by phone or online. You’ll get a PIN to use each time you freeze or unfreeze, which may take one to three business days.
  • How long does it last? A freeze lasts until you temporarily lift or permanently remove it (except in a few states where freezes expire after seven years).
  • How much does it cost? Fees are set by state law. Generally, it costs $5 to $10 each time you freeze or unfreeze your account with each credit reporting agency. You can get a free freeze if you are an identity theft victim, or in some states, if you’re over age 62. Equifax is offering free freezes until January 31, 2018.
  • Is this for me? Freezes are generally best for people who aren’t planning to take out new credit. Often, that includes older adults, people under guardianship, and children. People who want to avoid monthly fees also may prefer freezes over locks.

CREDIT LOCK

  • What is it? Like a freeze, a credit lock limits access to your credit file so no one, including you, can open new accounts until you unlock your credit file.
  • How does it work? Like a freeze, to be fully protected, you must place locks with all three credit reporting agencies. With locks, however, there’s no PIN and usually no wait to lock or unlock your credit file (although the current Equifax lock can take 24 to 48 hours). You can lock and unlock on a computer or mobile device through an app – but not with a phone call.
  • How long does it last? Locks last only as long as you have an ongoing lock agreement with each of the credit reporting agencies. In some cases, that means paying monthly fees to maintain your lock service.
  • How much does it cost? Credit reporting agencies can set and change lock fees at any time. As of today, Equifax offers free locks as part of its free post-breach credit monitoring. Experian and TransUnion may charge monthly fees, often about $20.
  • Is this for me? Depending on your particular lock agreement, your fees and protections may change over time. So, if you sign up for a lock, it’s hard to be sure what your legal protections will be if something goes wrong later. Also, monthly lock fees can quickly exceed the cost of freezes, especially if the lock fees increase over time.

The FTC has more information for consumers about protecting their identity, including Credit freeze FAQsFraud alert or credit freeze – which is right for you, and Free freezes from Equifax. Also, check out the FTC’s resource page about the Equifax data breach. And if your personal information has been misused,  visit IdentityTheft.gov to report identity theft and get a personal recovery plan.

Initial fraud alerts, credit freezes, and credit locks: What’s the difference?
What you should know about Initial fraud alerts Credit freezes Credit locks
Purpose Verify your identity before extending new credit Restricts access to credit file to prevent identity theft
Legal protections Based on federal law (Fair Credit Reporting Act) Based on state law Based on consumer’s lock agreement with each credit reporting agency (CRA)

Varies by CRA & may change over time

Fees Free
  • Free from Equifax until January 31, 2018
  • Free for id theft victims & in some states free for people over age 62
  • Otherwise, $5-$10 per credit reporting agency (CRA) each time you freeze or unfreeze
  • Free from Equifax, as part of free credit monitoring service
  • Otherwise, CRAs may charge monthly fees
  • Monthly fees may change
Links Place a fraud alert with any one of the three:

Place a credit freeze with all three:

Place a credit lock with all three:

Turning them on and off A fraud alert:

  • Lasts 90 days
  • Can be renewed for free for an additional 90 days, as many times as you want
To freeze or unfreeze:

  • Online or by phone
  • Requires a PIN
To lock or unlock:

  • Online only
  • No PIN required

Downloadable PDF version

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy

The Dark Web: What you and your business need to know

ftcDuring a recent meeting at Prince Law Offices, P.C., we were discussing ransomware and the dark web.  The Federal Trade Commission (FTC) recently posted a helpful description of the dark web and how it may impact you and your business.

You probably have heard about the “dark web” and wondered how it affects businesses – including small businesses. That was one of the topics addressed at an FTC conference earlier this year on identity theft. Recent headlines about high-profile data breaches have added even more urgency to the discussion. So why should the dark web matter to your company? Unfortunately, when a business suffers a breach, the dark web is often the next stop that sensitive data makes after it’s been stolen.

What is the dark web?

It’s a term that describes places on the internet not indexed by traditional search engines. While not every site on the dark web engages in criminal activity, the dark web is where sites that illegally sell consumer data and other black market goods tend to congregate. For identity thieves, the dark web is a sophisticated marketplace providing one-stop shopping to get the tools to commit cybercrime – whether it’s malware kits, stolen account information, or “drop” or “cash-out” services to help monetize their crimes.

What’s the link between the dark web and a business that experiences a breach?

In many instances, data stolen from businesses ends up on the dark web where criminals buy and sell it to commit fraud, get fake identity documents, or fund their criminal organizations.

Dark web offerings often include but aren’t limited to stolen credit cards. Identity thieves also can get compromised bank accounts, health records, credentials, and forged documents. They can even buy entire wallets, complete with credit cards, driver’s licenses, and documents like Social Security numbers and birth certificates – everything a criminal needs to create a new identity.

 

 

How does the dark web impact small businesses?

With so much media focus on data breaches at companies that possess personal information about millions of consumers, some smaller businesses and organizations might think that cybercriminals wouldn’t target them. They would be wrong. First, the reality is that cybercriminals don’t always target a particular business. They often use automated tools to scope out vulnerabilities in any system, including small businesses. Second, as presenters noted at the FTC conference, information available for sale on the dark web is up to 20 times more likely to come from an entity whose breach wasn’t reported in the media. Many of these are smaller retailers, restaurant chains, medical practices, school districts, etc. In fact, most of the breaches the U.S. Secret Service investigates involve small businesses.

There’s another way that data breaches injure us all. Identity theft and fraud have become go-to methods for funding criminal activity in the U.S. and around the world.

And all of this data links back to a real person – your customer – whose life can be adversely affected. Turning their financial affairs into a Gordian Knot is just the start. Some people have had their licenses revoked, been pulled over and arrested, or had criminal warrants issued in their name because of identity theft. When their information is used to commit medical identity theft, even their health could be at risk. Criminals have been known to use stolen data to get medical care or prescription drugs in someone else’s name. When an identity theft victim’s medical records become commingled with a perpetrator’s health information, the consequences could be catastrophic.

What can you and your business do to reduce the risk that information you collect could find its way to the dark web?

It starts with security and continues with your commitment to stick with it. The FTC’s data security page has resources for businesses of any size and sector. If you have customers, employees, or friends who are victims of identity theft, encourage them to report it and get a customized recovery plan at IdentityTheft.gov.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Uncategorized

National Cyber Security Awareness Month

DHS logoOctober is National Cyber Security Awareness Month which is an annual campaign to raise awareness about the importance of cybersecurity. The Internet touches almost all aspects of everyone’s daily life. National Cyber Security Awareness Month (NCSAM) is designed to engage and educate partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.

More information is available from www.dhs.gov/national-cyber-security-awareness-month.  A free toolkit is available here: https://www.dhs.gov/stopthinkconnect-toolkit.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

A Pennsylvania tenant’s right to recover a security deposit.

Under Pennsylvania’s Landlord and Tenant Act of 1951, 68 P.S. ‘250.101, et. Seq., a landlord may require a security deposit to be held for tenant caused damages and possible past due rent. See 68 P.S. §250.511 and §250.512. A security deposit is not the same as rent. It is money that actually belongs to the tenant, but is held by the landlord for tenant-caused damages and sometimes past-due rent. Without the agreement of the landlord, a security deposit may not legally be used as the last month’s rent.

Pennsylvania law places a limit on the amount of a security deposit that a landlord may require. Under 68 P.S. §250.511a (a), no landlord may require a sum in excess of two months’ rent to be deposited in escrow for the payment of damages to the leasehold premises and/or default in rent thereof during the first year of any lease. During the second and subsequent years of the lease or during any renewal of the original lease the amount required to be deposited may not exceed one month’s rent. See 68 P.S. §250.511a (b). At the beginning of the second year of a lease the landlord may not keep a security deposit equal to more than one month’s rent and must return any money greater than one month’s rent still being held as a deposit. See 68 P.S. §250.511a (c) After five years the landlord cannot increase a security deposit even if the monthly rent is increased. 68 P.S. §250.511a (d).

Pennsylvania also regulates where residential security deposits must be kept and when interest payments on the security deposits must be made to the tenant. Security deposit monies in excess of $100 and held more than two years must be deposited by the landlord in an approved bank, and the tenant must be notified in writing where the bank and deposit is located. See 68 P.S. §250.511b (a). A landlord is entitled to receive as administrative expenses, a sum equivalent to one per cent per annum upon the security money so deposited, which shall be in lieu of all other administrative and custodial expenses. The balance of the interest paid shall be the money of the tenant making the deposit and will be paid to the tenant annually upon the anniversary date of the commencement of his lease. See 68 P.S. §250.511b (b).

After termination the lease or upon surrender of the lease and acceptance by the landlord of the leasehold premises, a landlord must provide a tenant with a written list of any damages to the leasehold premises for which the landlord claims the tenant is liable. Delivery of the list shall be accompanied by payment of the difference between any sum deposited in escrow, including any unpaid interest thereon, for the payment of damages to the leasehold premises and the actual amount of damages to the leasehold premises caused by the tenant. See 68 P.S. §250.512.

Reasonable wear and tear caused by a tenant’s lawful use of the lead premises is not damages. In 1979, the Pennsylvania Supreme Court officially recognized that an Warranty of Habitability that is implied in every residential lease agreement. Pugh v. Holmes, 486 Pa. 272, 405 A.2d 897 (1979). The Supreme Court decided that landlords who rent property for people to live in must make sure such property is “safe, sanitary and fit for human habitation.” A landlord’s obligations under the Warranty of Habitability cannot be taken from a tenant even if you sign a lease that says you are renting the property “as is” or that you are responsible for all repairs.

The warranty implies that the landlord has placed the rented premises in a livable conditions prior to the occupancy by the tenant; or that he will do so within a reasonable time after the occupancy of the demised residence; that the facilities will remain usable during the entire term of the lease and that the landlord will maintain the demised premises in a condition which will render the premises livable. Any repairs made necessary by reasonable wear and tear are the responsibility of the landlord. Derr v. Cangemi, 66 Pa. D & C 2nd 162 (1974).

A landlord is responsible for all normal wear and tear and must bear that cost as part of the implied Warranty of Habitability whenever he leases a property to a tenant. A landlord can not pass on normal wear and tear expenses to a tenant. Deluca v. Matthews, 2015 Pa. Dist & Cnty. Dec. Lexis 14718.

Assuming that there are valid damages, a landlord must refund the security deposit less the cost of the repairs on the list. If the landlord fails to do this, the tenant cannot be sued for any damages the landlord claims the tenant caused. In addition, if the landlord does not give the tenant this 30-day response, the tenant may sue for double the amount of the security deposit. In order to be able to sue for double the deposit, the tenant must give the landlord written notice of his or her new address once the tenant has moved out. See 68 P.S. §250.512.

Under 68 P.S. §250.512 (e), failure of the tenant to provide the landlord with his new address in writing upon termination of the lease or upon surrender and acceptance of the leasehold premises shall relieve the landlord from any liability under this section.

1 Comment

Filed under Consumer Advocacy, Landlord/Tenant, Uncategorized

Pennsylvania consumers protections under the Fair Credit Extension Uniformity Act

In previous blogs, I have discussed the protections provided consumers under the Federal Fair Debt Collection Practices Act (“FDCPA”). The FDCPA is a powerful deterrence to unscrupulous debt collectors and unlawful debt collection practices. The FDCPA is a comprehensive and reticulated statutory scheme, involving clear definitions, precise requirements, and particularized remedies. The validity of the underlying debt is not relevant or an issue under the FDCPA. There is no exception to liability for violating the FDCPA as a result of fraud on the part of the consumer. As long as the underlying obligation is a “debt” as defined b the FDCPA, the method of collections is irrelevant. The validity of the underlying debt is irrelevant as well.

The FDCPA “provides a remedy for consumers who are subjected to abusive, deceptive, or unfair trade collection practices by debt collectors.” A single violation of the Act triggers statutory liability and remedies. Under the FDCPA, a plaintiff may collect statutory damages even if he has suffered no actual damages. The FDCPA is essentially a strict liability statute, where the degree of the defendant’s culpability is relevant only in computing damages, not in determining liability.

Under the FDCPA, consumers are enforcing the FDCPA essentially acting as private attorney generals. Because consumers are acting as private attorney generals, an award of attorney fees is mandatory in an FDCPA case. That means that the FDCPA is essentially a fee shifting statute. If a consumer can demonstrates that the FDCPA has been violated, the consumer may recover actual damages, statutory, costs and attorney’s fees. The longer the lawsuit goes, the more the consumer can recover in attorney’s fees. The threat of an award of attorney’s fees is a very effective deterrent and leads to mean settlements early in litigation.

The FDCPA is not without its limitations. One of the biggest limitations of the FDCPA is that it only applies to debt collectors as defined by the FDCPA. It does not apply to creditors or assignees of the creditor when the assignment has occurred prior to the consumer’s default on the debt obligation. Attorneys acting as debt collectors are also included in the definition of debt collector under the FDCPA.

Typically when bringing a suit under the FDCPA, a consumer will name the debt collectors, and possible law firm and individual attorney hired by the creditor to collect on the debt for any violations of the FDCPA. However the creditor may not be named under the FDCPA.

From the perspective of obtaining the greatest recovery in a lawsuit, a consumer’s best option is to target the creditor as they usually have the deepest pockets. Under Pennsylvania’s Fair Credit Extension Uniformity Act (“FCEUA”), a consumer may also sue the creditor.

The FCEUA is Pennsylvania’s analogue to the FDCPA and applies to both debt collectors and creditors. A debt collector’s violation of any provision of the FDCPA constitutes a violation of the FCEUA which in turn constitutes a violation of Pennsylvania’s consumer protection law, the Unfair Trade Practices and Consumer Protection Law (“UTPCPL”). The FCEUA allows a consumer to sue the original creditor as well as the debt collector for any violations of the FCEUA. The FCEUA protections mirror the FDCPA’s protections.

The FCEUA also has a two year statute of limitations as opposed to the FDCPA’s one year statute of limitations. Finally, as the FCEUA is also a violation of the UTPCPL, a consumer may recover actual damages or statutory damages whichever is greater, costs and reasonable attorney’s fees. Under the UTPCPL, a court may also award treble damages. Again a very effective deterrent which can lead to early settlements.

Any action by a consumer for unlawful debt collection practices must include claims for violations of the FDCPA as well as the FCEUA. It allows the consumer to sue the creditor as well as include older violations.

Leave a comment

Filed under Consumer Advocacy, Uncategorized

When the Lights Go Out – Black Sky Power Outage Mass Event – Preparedness

What would you do if you didn’t have power for an extended period of time? For one week? For one month? For six months? “EARTH EX” is designed to help you think through this scenario and increase your preparedness.

Leadership and staff from the Pennsylvania Public Utility Commission (PUC), Pennsylvania Emergency Management Agency (PEMA) and Pennsylvania Governor’s Office of Homeland Security today, August 23, 2017, joined with government agencies, utilities, emergency responders and other stakeholders around the world in a first-ever transnational exercise to test responses to a large-scale power outage event.

Today’s Pennsylvania involvement in EARTH EX 2017 is part of a continuing collaboration of public and private sector leaders to strengthen the state’s effort to prepare for “Black Sky” events – defined as extraordinary, wide-reaching events capable of producing power outages that last significantly longer than typical weather or operational outages.

Because of the large-scale nature of Black Sky events, they have the potential to impact not only electricity, but also other critical systems, such as natural gas, water, wastewater treatment, telecommunications and transportation services. These events could be caused by a cyber-attack on the electric grid, severe weather or physical attacks.

“Black Sky events have the potential to disrupt essential services across large areas, impacting the lives of millions of people,” said PUC Chairman Gladys M. Brown. “It is essential that we work collectively to address these threats, because it will require the work of government, private sector and not-for-profit organizations to better safeguard our critical systems, strengthen our response and enhance our ability to recover from Black Sky events.”

“This exercise gives us the opportunity to work with our partners in preparedness, response and recovery to identify ways we can work together more efficiently and effectively in the event of a Black Sky incident,” said PEMA Director Richard D. Flinn, Jr.

“Planning exercises like EARTH EX are a critical part of developing an effective, coordinated response to a Black Sky event,” said Marcus L. Brown, director of Pennsylvania’s Office of Homeland Security. “The lessons learned will help all of the participants prepare for, and recover from, a catastrophic disruption of electricity and other essential services.”

Pennsylvania’s first Black Sky exercise – one of the first in the country – was held in June 2016, hosted by the PUC and Gov. Tom Wolf. Since that time, the PUC, PEMA and the Governor’s Office of Homeland Security have continued to integrate Black Sky planning and practice into broader discussions about emergency response planning.

Today’s EARTH EX exercise, developed by the Electric Infrastructure Security Council (EIS Council), is the first phase of a nearly year-long series of international exercises intended to develop, test and enhance planning and preparation for Black Sky events. EIS Council hosts national and international collaborations on resilience and whole community restoration and response planning, addressing severe, national and global scale hazards to lifeline infrastructures.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices. Learn more about preparedness at EARTH EX 2017.  Tell us how you are preparing in the comments.

1 Comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law