Welcome

Welcome to the 24th and final issue of Decoded for the year.

As we come to the top of 2022, we invite you to supply us any suggestions relating to points you want to us to revisit. Is there a subject that you just discover fascinating and will use some steerage? Would you want our opinion a couple of explicit challenge or case? Please your ideas and we’ll embrace them in our 2023 planning.

We want you and yours an exquisite vacation and a affluent new 12 months!

We hope you get pleasure from this challenge and, as all the time, thanks for studying.

North Carolina Power Outage Points to Homeland Security Long-Documented Threats to US Power Grid

“Moore County blackouts serve as reminder that nation’s electricity infrastructure could be vulnerable targets for domestic terrorists.”

Why that is vital: This article experiences on an influence outage ensuing from a bodily assault on an influence substation in North Carolina, leaving tens of hundreds in Moore County with out energy. The assault on this case, whereas bodily, reminds everybody of the warnings by the Department of Homeland Security and different authorities businesses of the vulnerability of important infrastructure, together with vulnerability to cyberattacks. While cybersecurity requirements for the electrical grid have been accepted by the Federal Energy Regulatory Commission, there nonetheless is far work to be accomplished to make sure that these requirements handle the entire present potential cyber vulnerabilities. In response to the assault mentioned right here, FERC and different authorities businesses have really helpful utilities implement further safety measures. This article is vital in displaying us that, whereas a whole lot of consideration is being paid to fixing the cybersecurity vulnerabilities of the nation’s energy grid, stopping bodily assaults can’t be forgotten. — Nicholas P. Mooney II

New Technology Could Increase Scan Speeds of Three-Dimensional MRIs

“The invention could lead to faster results, increase the clinical applications of MRIs, and ultimately improve patient care.”

Why that is vital: Dr. Nicholas Dwork of University of Colorado School of Medicine has filed a provisional patent for a way of adjusting the sampling sample created by a magnetic resonance imaging (“MRI”) machine’s magnetic fields utilizing pulse sequence diagrams, which might be able to scale back scan occasions drastically. With scan occasions estimated to be decreased by 25 %, docs would have entry to quicker outcomes, sufferers must spend much less time within the machine, and the potential for broader use of MRI would significantly improve. While MRIs for pregnant individuals and younger youngsters are typically thought-about protected, they’re typically prevented. With decreased time within the machine and fewer publicity to the scan, sufferers, particularly youngsters, could have a better time staying nonetheless so a top quality and helpful picture may be produced. Dwork’s expertise seems to be a win-win for docs and sufferers and exhibits the significance of biomedical informatics in rising the standard of healthcare. — Shane P. Riley

New Class Action Litigation Aimed at Website Chat Features

“Recently, a spate of class action lawsuits has been filed in California state and federal courts asserting violations of section 631(a) of the California Invasion of Privacy Act, claiming that website operators are intentionally wiretapping or eavesdropping on users by recording and sharing information gathered during use of the site’s chat feature without user consent.”

Why that is vital: Collecting knowledge from a California buyer’s use of the chat characteristic in your web site with out first acquiring the client’s permission could represent a violation of Section 631(a) of the California Invasion of Privacy Act (“CIPA”). Under the CIPA, it’s unlawful to document conversations except everybody concerned within the dialog consents first. In response to a violation of the CIPA, a California buyer can deliver a personal reason behind motion. Recently, quite a few class motion lawsuits have been filed beneath the CIPA associated to allegations that web site operators are recording and sharing info gathered with out permission from California prospects who use the web sites’ chat options. The plaintiffs in these instances allege that web sites are embedding third celebration code into their web sites that permits third events to intercept or snoop on buyer’s webchats. The impetus for these fits is the Ninth Circuit’s latest resolution in Javier v. Assurance IQ, LLC, No. 21-16351, 2022 WL 1744107 (ninth Cir. May 31, 2022). In that call, the Ninth Circuit held that getting person consent after amassing the client’s private info didn’t defeat wiretapping claims beneath the CIPA. Even although the problems in Javier didn’t contain the gathering of knowledge via an internet site’s chat characteristic, the plaintiffs in these webchat class actions argue that the holding in Javier requires web site operators to acquire buyer permission earlier than recording or sharing info obtained via the web site’s chat perform. Plaintiffs’ lawsuits additionally embrace claims that internet operators’ use of session replay software program, which document the keystrokes, mouse clicks, and knowledge entry of each customer interplay on the web site, additionally represent violations of the CIPA. Courts all through the nation are cut up on whether or not any such knowledge constitutes wiretapping. What is evident is that the legislation of knowledge privateness is consistently evolving. If you want to assist navigating the ever-changing panorama of U.S. privateness legislation, please contact a member of Spilman’s Technology Practice Group. — Alexander L. Turner

US Senators Ask SoFi About Its Banking Law Compliance

“Four U.S. senators have signed a letter to SoFi Technologies CEO Anthony Noto expressing concerns about the online personal finance company and online bank’s digital asset trading activities and asking if it is working to conform them to U.S. banking law.”

Why that is vital: SoFi Technologies, Inc. is a finance firm that gives many nonbank companies, but in addition permits some “deposits” or investments to be held in digital forex (together with cryptocurrency). According to its personal web site, it’s “A one-stop shop for your finances.” Its standing as a nonbank allowed it to disregard in lots of respects U.S. financial institution legislation. In February 2022, SoFi acquired Golden Pacific Bancorp, Inc., a California financial institution holding firm. Part of the corporate now holds precise financial institution deposits. That implies that, though the financial institution is held individually and, to some extent walled off from SoFi’s former nonbanking actions, your entire group now’s topic to U.S. banking legislation and evaluation/examination by the Federal Reserve. Four U.S. senators (all Democrats) have questioned whether or not SoFi’s connection to cryptocurrency and different actions are in keeping with working a U.S. financial institution holding firm. This shall be fascinating to observe, as a result of SoFi’s former marketing strategy beforehand labored properly by staying out of regulatory crosshairs. This could set a form of commonplace for coping with these hybrid entities. It additionally could set tips for the way far conventional banks – BOA, Chase, Truist, and many others. – could go in providing non-traditional, non-bank merchandise.  

My colleague, Brian Richardson, identified that SoFi had a latest unforced error that will assist the regulation proponents. The firm despatched out an e mail to their full mailing checklist relating to shoppers’ necessary IRA distributions for 2022. The downside was that it went out to all of the mailing checklist, together with individuals who had by no means arrange an IRA and even an account. People who had merely submitted an inquiry on the web site acquired the identical message. This precipitated some confusion. A number of hours later, the corporate despatched a second e mail that mainly stated, “Whoops! We’re not phishing you, we just made a mistake! Your data is still safe with us!” That’s in all probability the suitable message, however the incident nonetheless could add gasoline to the “more regulation” argument. — Hugh B. Wellons

FTC Probes ‘Possible Misconduct’ in Cryptocurrency Advertising

“Additionally, the agency enforces laws that require truth in advertising, including rules that individuals disclose when they have been paid for endorsements or reviews.”

Why that is vital: This article provides to the information of latest investigations and fees involving individuals within the cryptocurrency world. The FTX cryptocurrency change not too long ago collapsed. Its CEO, Sam Bankman-Fried, has been arrested within the Bahamas and charged by U.S. authorities with fraud. He intends to battle extradition. Celebrity endorsers of the change like Tom Brady and Steph Curry are getting caught up within the scandal as regulators have introduced investigations into whether or not they violated securities legal guidelines. The Federal Trade Commission not too long ago introduced that the FTX saga isn’t the one crypto investigation. It introduced that it has launched an investigation towards “several unnamed crypto firms” relating to alleged “deceptive or misleading crypto advertising.” This challenge (and the continued issues FTX, its CEO, and celeb endorsers are dealing with) exhibits once more that the cryptocurrency world isn’t the wild west and that laws, whether or not they be Know-Your-Customer guidelines, securities laws, legal guidelines relating to fraud or deceptive promoting, or different guidelines, are being utilized by regulators, generally even with prison fees. — Nicholas P. Mooney II

BlockFi Files for Bankruptcy Amid FTX Contagion

“The crypto lender has initiated a cost-cutting plan that involves ‘major layoffs,’ according to Decrypt.”

Why that is vital: This chapter submitting represents the preliminary ripple of what may develop into a wave as cryptocurrency corporations reevaluate their positions within the downstream fallout from the latest FTX collapse. Multiple cryptocurrency exchanges halted transactions in mid-November in the course of the preliminary fallout from the FTX chapter submitting. Among the “first day” motions within the BlockFi chapter case was a key worker retention plan that contemplates main layoffs in an effort to cut back ongoing working prices and streamline the enterprise going ahead. We count on to see additional protecting actions taken by different corporations within the crypto markets, although this isn’t the primary occasion of crypto corporations going via the chapter course of. A Virginia Beach-based bitcoin mining operation filed for chapter 11 chapter within the spring of 2019. Bankruptcy courts have gotten well-equipped to deal with the number of points offered in restructurings for crypto corporations. Interested events ought to take note of these instances (FTX and BlockFi) as they might lay some basis and precedent for the way different crypto companies could also be restructured via the courts in future instances. — Brian H. Richardson

OCR Outlines Proper Use of Tracking Tech to Maintain HIPAA Compliance

“Covered entities and business associates using tracking tech such as Google Analytics and Meta Pixel should pay close attention to whether PHI is being handled in accordance with HIPAA.”

Why that is vital: In the last edition of Decoded, we mentioned lawsuits towards Duke and WakeMed relating to their use of Meta’s Meta Pixel monitoring product and the alleged improper disclosure of sufferers’ protected well being info (“PHI”). The U.S. Department of Health and Human Services’ Office of Civil Rights (“OCR”) not too long ago weighed in relating to the usage of monitoring expertise by lined entities and enterprise associates lined by HIPAA. The OCR on December 2, 2022, issued a bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” in an effort to give entities lined by HIPAA steerage on the right way to use on-line monitoring expertise and nonetheless defend sufferers’ PHI. The OCR determined to challenge the bulletin after experiences that affected person PHI was transmitted to Facebook via monitoring expertise put in on hospital web sites and inside password protected affected person portals. The OCR instructed lined entities and enterprise associates that they aren’t permitted to make use of monitoring applied sciences that may end in an impermissible disclosure of affected person PHI. The bulletin additionally included the requirement that lined entities enter into enterprise affiliate agreements with monitoring expertise distributors if these distributors create, keep, or obtain PHI. Additionally, “it is insufficient for a tracking technology vendor to agree to remove PHI from the information it receives or de-identify the PHI before the vendor saves the information.” Accordingly, a disclosure of PHI to a monitoring expertise vendor requires the seller to have executed a enterprise affiliate settlement with the lined entity and that there’s an relevant Privacy Rule permission for the disclosure. If affected person PHI is disclosed to a monitoring expertise vendor within the absence of those two necessities, then that disclosure can be thought-about a breach and HIPAA notification necessities would apply, together with notifying the OCR. — Alexander L. Turner

Cuba Ransomware Group Hitting US Organizations in 5 Critical Sectors

“The ransomware group and its affiliates more than doubled the number of organizations it hit between November 2021 and August 2022, bringing its total illicit haul to date to more than $60 million.”

Why that is vital: There is a whole lot of speak about Russian cyberattackers and ransomware teams, and for good motive. However, they don’t have a nook on the risk actor market. This article discusses the rise in ransomware assaults from teams in Cuba. Those teams had been suspected of acquiring roughly $44 million in ransom funds in 2021, and so they’ve obtained double that quantity in 2022. The teams use the identical sorts of assaults, together with phishing campaigns, a most popular instrument of risk actors. In addition, the teams make the most of identified safety vulnerabilities, use compromised credentials, and exploit issues in distant desktop protocols. While Russian attackers would possibly get extra press, this text exhibits that Cuban teams are one other risk. — Nicholas P. Mooney II

Crypto Needs an FDIC-Like Protocol to Prevent Liquidity Crises

“How does the FTX fallout resemble the history of bank runs?”

Why that is vital: Cryptocurrency is getting unhealthy press lately, a lot of it deserved. Creativity and minimal regulation contributed to the expansion of those currencies. Many cryptocurrencies had been profitable to personal for years. Investors started to overlook that this was a dangerous funding. Minimal regulation creates alternative, but it surely cuts each methods. That benefit seems to be beneath assault. This article opinions the Great Depression and discusses how one thing like an FDIC, with guidelines setting apart a proportion of capital, could stabilize these “currencies.” It considers financial institution runs in the course of the Depression and the way they is perhaps analogous to what’s occurring now in cryptocurrency markets. It additionally discusses how deposit insurance coverage, because it did for banks, would possibly present confidence and stability on this market. The twist is that the article proposes insurance coverage that’s, in impact, voluntary. The FDIC is a U.S. federal group. It depends on many legal guidelines and laws. No unregulated entity (with very slender exceptions) can each make loans and maintain deposits. The FDIC depends on the complete religion and credit score of the U.S. greenback. It depends on the truth that failure of anybody financial institution isn’t prone to bankrupt the system. Cryptocurrencies have none of that. This can be a voluntary effort. If it was not coordinated amongst a number of currencies, a client can be accountable to evaluate that danger, together with how a lot the so-called “insurance” ameliorated that danger. Could this be accomplished by a joint effort of main nationwide economies (such because the World Economic Forum or a mix of APEC, the EU, and Great Britain)? Maybe, however then that group would choose the winners or losers in cryptocurrency, primarily based on who will get insurance coverage. That form of defeats the aim of cryptocurrency, to some extent. International insurance coverage could also be the place all this goes, however we may have extra ache earlier than a treatment develops, assuming that one is even wanted. — Hugh B. Wellons

West Virginia AG Raises Alarm Over Recent Unsolicited Text Messages

“’Don’t fall for it,’ Patrick Morrisey stated of those misleading ‘smishing’ scams concentrating on shoppers forward of the vacation season.

Why that is vital: Smishing is a textual content model of a phishing rip-off that encourages the recipient to supply delicate private knowledge, like bank card info. West Virginia’s AG is warning residents {that a} new smishing marketing campaign is showing wherein the sender of the textual content claims to be a consultant of the U.S. Postal Service and states that he or she wants the recipient’s bank card info to pay a $3 redelivery payment in an effort to obtain a package deal. West Virginia’s AG has been lively prior to now in warning residents about present e mail, cellphone, and textual content threats. Responding to unsolicited phishing assaults continues to be a number one method wherein risk actors compromise delicate knowledge of people and firms, which relying on sort of compromised knowledge may result in identification theft, unauthorized fees, or an information breach. — Nicholas P. Mooney II

How Technology is Changing the Debt Collection Market

“The $18.8 billion debt collection industry in the US is one of the less digitized sectors within financial services.”

Why that is vital: This article discusses the methods wherein accounts, or money owed, are collected. It argues that growing older expertise and legacy servicing (assortment) infrastructure restricts a lender’s capability to leverage automation and expertise. Without this automation and expertise, a lender’s capability to gather is diminished, forcing it to promote money owed to 3rd events who’re optimized for assortment. This hurts the lender because it receives pennies on the greenback when promoting accounts. Also, it doubtlessly causes the lender to lose its relationship with its borrower. The article argues that leveraging expertise to be extra clear and interact in cross-channel communications with debtors will enhance a lender’s capability to gather and permit it to maintain its relationship with its debtors. The article additionally rightly mentions the provisions in Regulation F that can allow assortment via textual content messages and different channels, whereas permitting debtors to decide on the channel on which they need to be contacted. Modern servicing platforms permit debtors to retain flexibility over their money owed by permitting them to vary due dates, create cost plans, reverse funds, and extra. At backside, this text sounds prefer it’s arguing that assortment techniques ought to function prefer it’s 2022, not 1952. That’s good recommendation and, whereas remaining aware of authorized restrictions like these in Regulation F and elsewhere, lenders, servicers, and others engaged in assortment ought to search for methods to incorporate expertise into their servicing and join with debtors in ways in which resemble how individuals talk in 2022. — Nicholas P. Mooney II