| |
| META TOPICPARENT | name="WebPreferences" |
|---|
The Certegy Data Misappropriation Case |
| | On July 3, 2007, Certegy announced that one of its employees had misappropriated 8.4 million records over a five-year period and sold that data to marketers. A class action lawsuit was brought against Certegy. In September 2008, a settlement was approved by a federal judge. The settlement provides for a range of credit monitoring services and reimbursement of expenses for those whose identity was stolen. All that Certegy is required to pay under the terms of the settlement are the legal fees and credit and bank monitoring fees for members of the class, amounting to less than $5 million. |
|
<
< | Was Certegy guilty of any crime? If so, what crime? Was there negligence on their part? Most importantly, were there any damages? |
>
> | Was Certegy guilty of any crime? |
| | |
|
>
> | What has crime to do
with it? Do you mean, are they civilly liable? Or are you actually
raising a question of criminal liability, and on what basis?
If so, what crime? Was there negligence on their part?
Are you asking about the facts, or do you mean is negligence the relevant standard of care, or are you asking whether res ipsa loquitur when customer financial data is misappropriated by employees?
Most importantly, were there any damages?
Do you mean how does one
prove actual harm in particular cases from identity theft, or that
the mere creation of a risk without the occurrence of a fraud causes
no harm? |
| | Discussion |
| | Is a check writer a consumer of Certegy’s service? Technically, the merchant is Certegy's consumer; a contract exists between Macy’s and Certegy, not between John Doe and Certegy. Nevertheless, it is logical to assume that John Doe is also a consumer of Certegy’s product. John directly benefits from Certegy's service in that the merchant is now willing to accept his checks. |
|
>
> | But this isn't the
question unless the point is that only a regulatory liability could
have created a duty of care to the merchant or its
customers. |
| |
2. Was Certegy negligent? |
| | Second, Certegy was negligent by giving the keys to the kingdom to its employees. Although their network was secure from external threats, perhaps the overemphasis on external security caused them to neglect guarding against internal theft. Certegy should have ensured that a system of checks and balances existed. No one person should have had access to this data without oversight by some committee. The system Certegy had in place was insecure and was begging to be compromised. |
|
>
> | I don't understand how
or why one would come to a conclusion about negligence on a partial
evaluation of some of the facts. And I don't know why this is the
standard of inquiry. |
| |
3. What damages occurred? |
| | Although at first glance the Certegy case seems similar to Chase, a closer look distinguishes it from Chase. In Certegy, the data was sold to a company who in turn sold this data to other marketing firms that were being investigated by the FTC for marketing and telemarketing fraud. One of the companies was running a scam with the data it received where they would contact consumers with a compelling offer for some largely worthless gifts in exchange for accepting a free trial in a discount-shopping club. After tricking the consumers into providing their bank account numbers, the company would make unauthorized debits. |
|
<
< | In Forbes v. Wells Fargo Bank, although the court found that the personal time and money spent by the class in monitoring their financial accounts against potential loss due to data misappropriation "was not the result of any present injury, but rather the anticipation of future injury that has not materialized", using the argument mentioned above, it would seem that the Certegy data theft was a ‘present injury’ unlike the future injury in Forbes. In the Certegy case, the data had been delivered to unscrupulous marketing corporations who used the data for their nefarious schemes. A possibility exists that these firms may in turn pass along this sensitive data to others who might attempt to take out bank loans or open credit cards with this information. Thus, the affected class members are not simply taking steps to avoid future injury; they were aware of a clear and present danger and are therefore entitled to seek reimbursement for their damages from defendant Certegy. |
>
> | Surely this just proves
how pointless it is to keep asking these rhetorical questions of the
reader about a case in which no facts are known until you pull them
like rabbits from your hat. |
| | |
|
>
> | In Forbes v. Wells Fargo Bank, although the court found that the personal time and money spent by the class in monitoring their financial accounts against potential loss due to data misappropriation "was not the result of any present injury, but rather the anticipation of future injury that has not materialized", using the argument mentioned above, it would seem that the Certegy data theft was a ‘present injury’ unlike the future injury in Forbes. In the Certegy case, the data had been delivered to unscrupulous marketing corporations who used the data for their nefarious schemes. A possibility exists that these firms may in turn pass along this sensitive data to others who might attempt to take out bank loans or open credit cards with this information. Thus, the affected class members are not simply taking steps to avoid future injury; they were aware of a clear and present danger and are therefore entitled to seek reimbursement for their damages from defendant Certegy. |
| | |
|
>
> | Why is all this talk
relevant to the discussion of a settlement. Are we supposed to have
been deciding whether to bet on the favorite or the long shot?
|
| | Conclusion
Although no actual financial fraud took place as a direct result of the data misappropriation, had this case gone to trial, Certegy would have been found to have negligently violated the Financial Services Modernization Act. |
|
>
> | Confidently predicting
the outcome of a trial is just silly. |
| | -- DavidMehl - 26 Apr 2010 |
|
>
> | I don't understand the
point of this essay. Without looking at the evidence in this matter,
how can we know whether you are judging accurately what you purport
to judge, and so what anyway? |
| | |