Department of Insurance files data security bill in SC legislature

Standard

Bill is similar to model data security law adopted by NAIC

If you are a SC title agent, this bill will likely affect you if it passes!

The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law, intending to promote rigorous cyber risk management practices, in October. And the South Carolina Department of Insurance (SCDOI) has introduced a similar bill in the South Carolina legislature. The South Carolina version, the South Carolina Insurance Data Security Act, is now in committee, and can be read here.

The model law creates data security standards for insurers and agents. The rules would apply to the real estate lawyers in South Carolina who are also title insurance agents. The rules require overseeing third-party providers, investigating data breaches and notifying consumers and regulators of data breaches.

security unlocked data breach

Insurers and agents will be required to have a written information security program for protecting sensitive date. Incident response plans and data recovery plans will also be required. Compliance certifications to the DOI will be required annually.

One important exemption applies to licensees with ten or fewer employees. This exemption will benefit small South Carolina law firms. Cyber security insurance may become a hotter commodity in South Carolina if this law passes, but the law is not intended to create a private cause of action.

We will watch this legislation and keep everyone posted on how it proceeds through the legislative process in South Carolina.

Advertisements

SC dirt lawyers sued for email funds diversion by a third-party criminal

Standard

This is the first suit of this type I’ve seen. I’m confident it won’t be the last!

A dirt lawyer friend sent a copy to me of a hot-off-presses lawsuit filed in a circuit court in South Carolina against a closing law firm because the purchaser’s $50,000 in closing funds were diverted by a third-party criminal posing in an email exchange as the transaction’s real estate agent. My friend said he sent the case for my information. I think he sent it so I wouldn’t sleep!

Here are the facts as recited in the complaint. The names are being changed to protect all parties.

Paul and Penny Purchaser signed an Attorney Preference Form on March 28, 2017, selecting Ready and Able, LLC as their legal counsel for the purchase of a residential home and the closing of a purchase money mortgage with Remedy Mortgage, LLC.

On April 10, Paul and Penny Purchaser received Ready and Able, LLC’s “Purchaser’s Information Sheet” which required Paul and Penny to pay all closing funds over $500 to Ready and Able, LLC by wire transfer. The complaint states that these were silent as to the security of wire transfers, the security of private information to be conveyed between the purchasers and the law firm, and the security or lack of security of the use of email for closing information.

Also on April 10, Penny Purchaser telephoned the law firm and spoke with paralegal, Candy Competent, providing her with the purchasers’ Social Security numbers. The complaint states that Ms. Competent accepted the information and provided no wiring information or warnings.

hacker

The complaint states that on April 14, Paul Purchaser received what purported and reasonably appeared to be an email from Regina Realtor, their real estate agent for the transaction, asking Mr. and Mrs. Purchaser to wire closing funds in the amount of $48,490.31 that day so that the closing scheduled for April 21 would not be delayed. Penny Purchaser replied to the email requesting wiring instructions. An attachment purporting to be wiring instructions for Ready and Able, LLC. was sent via reply email.  The complaint states that the wiring instructions reasonably appeared to be the correct wiring instructions for the law firm and appeared to be printed on law firm letterhead. This email exchange was actually with a third-party criminal.

Later on April 14, Penny Purchaser telephoned Candy Competent and requested the amount needed to close. Ms. Competent discussed the amount needed to close despite the fact, according to the complaint, that she knew or should have known that the law firm had not sent wiring instructions to the purchasers or the real estate agent.

On April 17, Ms. Competent sent an email to Mrs. Purchaser advising her to add $550 to the funds due to close to cover a survey bill that came in on April 14. No mention was made of wiring instructions in that email. The email also did not discuss the fact that the law firm had not yet provided an amount to close to the purchasers or to the real estate agent. Mrs. Purchaser wired $49,015.31 using the wiring instructions provided by the third-party criminal.

On April 21, Paul and Penny Purchaser learned for the first time that the wiring instructions were the work of a criminal third party, who received the funds and has failed to return the funds.

The complaint states two causes of action, negligence and legal malpractice, and lists the following breaches of duty committed by the law firm:

  • Requiring the plaintiffs to use wire closing funds to defendant, without counseling the plaintiffs about the methods by which the secure delivery of such funds could be compromised;
  • Failing to counsel the plaintiffs about the risks and insecurity of email communications, particularly of private, sensitive, or financial closing information; and
  • Failing to be alerted by the circumstances of Mrs. Purchaser’s telephone call on April 14, and therefore to warn her that no communication had been sent by the law firm.

Is this, in fact, negligence or legal malpractice?  We will have to wait to see.  Would the processes established by your law firm for the protection of your clients’ funds prevent this type of crime? That is the question of the day. Please discuss among yourselves!

Airbnb in Sea Pines?

Standard

Court of Appeals says “yes” under some circumstances

I wouldn’t have predicted it, based on the history of exclusive Sea Pines Plantation in Hilton Head, its extensive set of restrictive covenants and the aggressive efforts to enforce those restrictive covenants over the years. But our Court of Appeals approved an owner’s rental through Airbnb of a portion of a residence in a December 6, 2017 case*.

Mr. and Mrs. Wall bought their residence at 48 Planters Wood Drive in 1998. The second story of the home consists of a guest suite that is accessible only by an outside staircase. In 2012, the Walls began renting a room through Airbnb, an online rental broker. The Airbnb listing was titled “Hilton Head Organic B&B, Sea Pines”. The Walls cooked breakfast for their renters.

AirBnB

Community Services Associates, Inc. (CSA), the property owners’ association in power to enforce Sea Pines’ restrictive covenants, expressed concern about the Airbnb listing, and the Walls changed the listing to the “Whole House” category and began renting out the entire first floor of their home while living in the second-story guest suite. They also dropped the “Hilton Head Organic B&B, Sea Pines” title and stopped cooking breakfast for their renters.

CSA filed suit seeking temporary and permanent injunctions against the Walls because of their alleged operation of a “bed and breakfast” in their home and the rental of less than the entire residence.

Here are the operative provisions of the restrictions:

  1. All lots in said Residential Areas shall be used for residential purposes exclusively, No structure, except as hereinafter provided, shall be erected, altered, placed or permitted to remain on any lot other than one (1) detached single dwelling not to exceed two (2) stories in height and one small one-story building that may include a detached private garage and/or servant’s quarters, provided the use of such dwelling or accessory building does not overcrowd the site and provided further that such building is not used for any activity normally conducted as a business. Such assessor building may not be constructed prior to the main building.

  2. A guest suite or like facility without a kitchen may be included as part of the main dwelling or accessory building, but such suite may not be rented or leased except as part of the entire premises, including the main dwelling, and provided, however, that such guest suite would not result in over-crowding of the site.

CSA took the position that the restrictions authorized the short-term rental of the entire residence but not part of the residence, that the Walls were operating an offending bed and breakfast, and that the guest suite included a second kitchen.

At a hearing before the master-in-equity, Mr. Wall testified that the couple kept an induction plate, a toaster oven, and a mini-refrigerator in the guest suite, and they occasionally prepared their food and washed their dishes in the suite.

The master denied the motion for injunctive relief and dismissed CSA’s complaint.

The Court of Appeals affirmed, stating that the dorm-style portable appliances used by the Walls did not create a kitchen. The Court held that the express terms of paragraph 6 require a residence with a guest suite to be rented in its entirety when the guest suite is rented out, but paragraphs 5 and 6 do not, by their express terms or by plain and unmistakable implication, require a residence with a guest suite to be rented in its entirety in every circumstance.

At best, according to the Court, paragraphs 5 and 6 are capable of two reasonable interpretations: (1) a residence with a guest suite must be rented in its entirety in every circumstance, or (2) the owners of a single family dwelling with a guest suite may stay in the guest suite themselves while renting out the remaining space. Because the latter interpretation least restrict the use of the property, the Court adopted that interpretation.

Understanding a little about the culture of Sea Pines, I will be surprised if we don’t hear more about this Airbnb issue in the future.

Does Facebook’s move into real estate signify the end of the Realtor?

Standard

Social media has long been involved in real state. Aren’t all your real estate agent contacts your “friends” on Facebook? Aren’t you connected with them on LinkedIn? Don’t you regularly see their listings on all your social media outlets?  But the plot thickens!

According to a November 13 story in HousingWire, Facebook announced last week that it is significantly expanding the real estate listings section on its Marketplace, which is Facebook’s attempt to take on Zillow, Trulia, Realtor.com, Redfin, Craigslist, eBay and other e-commerce platforms.

facebook

The HousingWire story, which you can read here, reports that Facebook currently allows individual homeowners to list their homes for sale on Marketplace. The new development is that Facebook is significantly expanding the real estate listings section on Marketplace. The new feature is said to be “rolling out gradually” and is currently only available via the mobile app in the United States.

And, according to the same report, Facebook is going full force into rental listings via partnerships with Apartment List and Zumper.

Facebook plans to upgrade its platform to include custom filters for location, price, numbers of bedrooms and bathrooms, rental type, square footage and pet friendly designations. Also included will be the ability to upload 360-degree photos for individual rental listings. When the potential renter selects a property, he or she will complete s contact form on Marketplace, and the property manager or agent will contact him or her directly.

Facebook says it will not participate in any transactions. It will simply connect the parties. Real estate agents are probably safe for now, but it’s a brave new world out there as social media infiltrates all aspects of our professional and personal lives! Dirt lawyers who fail to embrace social media may be left behind sooner rather than later.

Day of the Dead: Director Cordray didn’t get his Halloween wish

Standard

President Trump signed the legislation repealing the CFPB arbitration rule

As we discussed in this blog last week, the United States Senate recently voted to dispose of a Consumer Financial Protection Bureau (CFPB) rule that allowed consumers the right to bring class action lawsuits to resolve financial disputes. Under that rule, banks and credit card companies could not use mandatory pre-dispute arbitration clauses in the fine print of credit card and checking account agreements.

Day of the DeadThe vote was 51-50 with Vice President Pence casting the deciding vote. The vote in the Senate followed a previous vote with the same result in the House of Representatives, leaving only the stroke of President Trump’s pen to finalize the repeal.

After the Senate’s vote, CPBP director Richard Cordray released a statement stating the action was “a giant setback for every consumer in the country.” “Wall Street won”, he said, “and ordinary people lost.”  Interestingly, Director Cordray wrote a letter directly to President Trump on October 30 pleading with him to save the arbitration rule.

The letter said, “This rule is all about protecting people who simply want to be able to take action together to right the wrongs done to them.” It also appealed to President Trump’s support of veterans and lower income Americans by saying, “I think you really don’t like to see American families, including veterans and service members, get cheated out of their hard-earned money and be left helpless to fight back.”

The letter obviously had no effect. President Trump signed the law on November 1 to the delight of banking and business groups. Director Cordray said, “In signing this resolution, the President signed away consumers’ right to their day in court.”  The Trump administration, however, is clearly in favor of dismantling regulatory efforts it believes may put a damper on the free market in any way.

CFPB announces top TRID mistakes

Standard

cfpb-logoWe’re learning for the first time what the CFPB considers the top mistakes being made by lenders in mortgage originations under TRID. CFPB’s September 2017 Supervisory Highlights reports on the Bureau’s first round of mortgage origination compliance examinations. Prior to these examinations, the Bureau refused to provide a grace period for lender compliance but stated publicly that it would be sensitive to the progress made by lenders who focused on making good faith efforts to comply with the rule.

Some of these mistakes may be attributed, at least from the viewpoint of the lenders who were pinpointed by CFPB, to settlement service providers (real estate lawyers in South Carolina), so we should pay close attention to this list. Failure to pay attention to it may place some of us squarely on lenders’ naughty lists.

This report indicates most lenders were able to effectively implement and comply with the rule changes, but the examiners did find some violations. The following list contains the most common mistakes:

  • Amounts paid by the consumers at closings exceeded the amounts disclosed on the Loan Estimates beyond the applicable tolerance thresholds;
  • The entity or entities failed to retain evidence of compliance with the requirements associated with Loan Estimates;
  • The entity or entities failed to obtain and/or document the consumers’ intent to proceed with the transactions prior to imposing fees in connection with the consumers’ applications;
  • Waivers of the three-day review period did not contain bona fide personal financial emergencies;
  • The entity or entities failed to provide consumers with a list identifying at least one available settlement service provider in cases where the lender permits consumers to shop for settlement services;
  • The entity or entities failed to disclose the amounts payable into an escrow account on the Loan Estimate and Closing Disclosure when consumers elected to escrow taxes and insurance;
  • Loan Estimates did not include dates and times at which estimated closing costs expire; and
  • The entity or entities failed to properly disclose on the Closing Disclosures fees the consumers paid prior to closing.

The report boasts that the CFPB examiners worked in a collaborative manner with one or more of the entities to identify the root causes of the violations and to determine appropriate corrective actions, including reimbursements to consumers.

The report also covered the Bureau’s supervisory activities outside the mortgage origination arena and indicated nonpublic supervisory resolutions have resulted in total restitution payments of approximately $14 million to more than 104,000 consumers during the review period (January through June, 2017). The CFPB also touted resolutions of public enforcement actions resulting in about $1.15 million in consumer remediation and an additional $1.75 million in civil penalties during the review period.

Despite the notion that the CFPB may be in disfavor in the Trump administration, it remains a powerful body in our industry. Compliance with its directives is crucial to remain in the residential closing business at this point.

What should dirt lawyers do about the Equifax data breach?

Standard

Protect yourself! Advise your clients!

Everyone should have heard about the Equifax data breach at this point, but have you taken any action to protect yourselves and your clients in the face of it?

Equifax has created a website that allows individuals to determine whether their information has been compromised and allows them to sign up for a free year of credit monitoring. Originally, the fine print on this site indicated taking advantage of the free-year credit monitoring service would result in a waiver of legal rights against the company, but I understand the company folded under extreme pressure and removed this language. In any event, please read the fine print since it is apparently changing as this story unfolds.

This website indicated my information had been stolen as well as my husband’s and several colleagues at work. I recommend that you check here to find out whether you need to take further action.

security unlocked data breach

What action should you take?  I am already a member of a credit monitoring service, so I did not sign up for the free year with Equifax. Regardless, I prefer to keep my legal rights intact. I may need those rights! You may decide to take advantage of the service. You may decide to bite the bullet and sign up for an independent credit monitoring service, and you may decide to remain with that service for more than a year.

What else can be done? I have read many news articles and opinion pieces on this matter and decided to have my credit reports frozen with TransUnion, Experian and Equifax.  You may want to take that action, too, so I have linked those websites for you.

Consider this. If your name, address and social security numbers were compromised, this information is not going to change and the potential financial devastation is not going to resolve itself in the span of one year. Everyone who was compromised will need to be vigilant about checking and credit card accounts indefinitely.

As a real estate lawyer, you may want to advise your clients, as a service to them, about this conundrum and the actions they may be able to take to protect themselves. You may also want to reach out to your real estate agents and lender contacts to ask them to spread the word. Assuming a leadership role in this situation will serve those who rely on you well and will set you apart as a professional who works diligently to protect those who need protection.