TABLE OF CONTENTS
The Target Data Breach: What can you and your business learn?
By: Donald R. Geiter, CIPP/US
Unless you have been in hibernation this winter, you are likely aware of the massive data breach that Target Corporation suffered between November 27, 2013 and December 15, 2013. Target has disclosed that hackers accessed more than 40,000,000 accounts during that time by stealing customers’ personal information — encrypted PIN data, customer names, credit and debit card numbers, card expiration dates and the embedded code located on the magnetic strip on the back of cards.
What lessons can your business learn from this massive data breach? While the size of your business may be a fraction of Target’s, your business may face the same cyber threats as Target and may be responsible to meet similar legal obligations following a data breach.
No doubt, having a system of data security policies, procedures and tools in place to guard against data breaches in the first place is of paramount importance to a business. Such a system will likely reduce the occurrences of data breaches and may serve to reduce some of the costs of a data breach. However, a multi-billion dollar company like Target likely has a very complex, and seemingly thorough, system in place to guard against data breaches, simply proving that no system is perfect and that data breaches are inevitable. Consequently, it is in the best interest of your business to be aware of the myriad of laws relating to the protection and sharing of data, all of which impact the liability a business can suffer upon the occurrence of a data breach. These laws include a web of federal and state laws. The federal laws include the Federal Trade Commission Act, Gramm-Leach-Bliley Act, the Fair and Accurate Credit Transactions Act, and the Health Insurance Portability Act. State laws include breach notification laws, consumer protection laws, safeguard laws, social security number protection laws and disposal requirements.
As an example, the relevant data breach notification law in Pennsylvania is called the “Breach of Personal Information Notification Act.” This law applies to all types of businesses and covers breaches of personal information that occur under many circumstances — including both purposeful, illegal “hacks”, like what occurred in the Target breach, along with inadvertent disclosures, like a lost laptop or PDA containing personal information. The law requires that upon discovery of a breach, or reasonable belief that a breach may have occurred, the business must provide notice without “unreasonable delay” to the customer whose personal information may have been compromised. The form of notice varies depending on the breadth of the breach. In addition to notifying the affected resident, the business may also be required to notify all major reporting agencies. A violation of the law constitutes a violation of the Pennsylvania Unfair Trade Practices and Consumer Protection Act, which could result in damages and costs to the violating business.
Since the Target breach affected Pennsylvania residents, Target was required to follow the Pennsylvania law. However, it is likely that your business, like Target’s, also handles personal information of residents from various states. Therefore, upon a data breach, your business, like Target, may have to follow the breach notification laws of dozens of states. Most states and the District of Columbia have enacted their own laws relating to data breach notifications. While there are several common notification obligations across the various sets of state law, many states have enacted provisions that require unique forms and timing of responses. In addition to requiring notice to affected persons, some states also require notice of the breach be made to certain state agencies and law enforcement authorities. Furthermore, businesses regulated by certain governmental authorities may have additional data breach notification requirements. As you can probably guess, the task of figuring out what sort of notice your business would need to provide, when you need to provide it and to whom you need to provide it to could be a complex and expensive endeavor.
Without a doubt, Target is quickly learning that a data breach is long and painful. While the breach itself lasted less than three weeks, litigation will likely last for years. You can expect to see many individual lawsuits brought against Target by affected customers, many of which may ultimately combine into a class-action lawsuit. Experts are estimating that Target may end up spending over $100,000,000 in legal fees alone.
With your business’ reputation on the line, data security should be on your radar screen. You must be aware of the laws and the risks now, and develop your own comprehensive data security policy and procedure before a data breach occurs. Please contact us for more information on responding to a data breach, or general questions relating to data security policies and procedures.
Property Tax Assessments: Should you appeal?
By: Jeremy D. Frey
Do you want to lower your property taxes? Would it surprise you to learn that you could do so at little to no net cost? There may be an opportunity to do exactly this if your property is currently assessed too high. Your property’s tax assessment forms the basis for all of your real estate taxes. The assessment, which is different than the appraised value of your property and in most cases does not equal 100 percent of the fair market value of your property, is established by the County once every few years and remains fixed as property values move up and down. So if your assessment is too high (either because it was originally assessed too high or because of a decrease in your property’s value), you are paying too much in taxes each year that the assessment remains the same. The assessment will remain the same until the property is changed (improvements are added or removed), the County undergoes a county-wide reassessment, or your file an appeal of your assessment. County-wide reassessments usually occur only once or twice a decade although in some counties, a county-wide reassessment has not occurred in nearly 20 years. If you lower your assessment, you will lower your real estate taxes until the next County-wide reassessment occurs which could be several years. You are entitled to challenge the assessment every year if you believe the assessment is too high. The amount of costs involved in the appeal are often far less than the total savings you will receive if the appeal is successful. In most cases, the only costs are an appraisal of the property and legal fees.
To determine whether an appeal is appropriate, you must first estimate what your property is worth. Then, find the common level ratio for your county below:
• Adams – 119%
• Berks – 78.1%
• Lancaster – 80.6%
• York – 89.2%
 The common level ratio is used to determine assessments in the years following a county-wide reassessment. In the first two years following the county-wide reassessment, your assessment should equal 100 percent of the fair market value of the property. In all subsequent years, the assessment should equal the common level ratio then in effect multiplied by the fair market value. The common level ratio, which is determined by the state, varies by county and changes in July every year.
Now multiply your estimated fair market value by the common level ratio. For example, if your property is located in York County and is worth $500,000, multiply $500,000 by .892 and your assessed value should be $446,000. This figure should be close to your assessed value. If it is significantly lower than your assessed value, you may want to consider challenging your assessment. If you are unsure what your assessed value is, check your most recent property tax bill or call your County’s assessment office and ask.
Another way to determine if your assessment is too high is to take the assessment and multiply it by the number listed below for the County in which the property is located:
• Adams – .84
• Berks – 1.28
• Lancaster – 1.24
• York – 1.12
Again, if your property is located in York County and is assessed at $500,000, you multiply $500,000 by 1.12 and your property is being taxed as though it is worth $560,000. If the figure is higher than what you believe the property is currently worth, it might make sense to appeal your assessment.
So how do you challenge your tax assessment? The process is started by filing an appeal to the County’s Board of Assessment Appeals. The Board will review your assessment and determine if it is too high. For a successful appeal, you will most likely need a recent appraisal of the property. If the Board’s decision is not satisfactory, you can appeal this decision to the Court of Common Pleas which then determines the fair market value and applies the common level ratio to establish your new assessment.
Keep in mind that any reduction in your assessment will most likely result in tax savings not just in the year in question but in future years as well. While in general you cannot receive a refund for past taxes paid if your assessment is too high, your assessment will be reduced for future years which will save you money. To determine how much savings you could receive, determine your local millage rates and multiply these by the difference between the current assessment and what you believe the assessment should be and you can determine the savings for one year. For example, if the combined millage rates in your municipality (School, County and Municipal millage rates) are 25 mills (or 2.5%), you would save $250 for every $10,000 that you reduce your assessment.
Barley Snyder has attorneys with experience handling tax assessment appeals throughout Pennsylvania. If you believe your assessment is too high, give us a call to see if we can help lower your assessment and lower your taxes.
Living Trusts: Myths and Realities
By: Michael L. Mixell
Revocable trusts have become increasingly popular as substitutes for wills in estate planning. Many people believe that by creating a revocable living trust, naming themselves as trustees, and transferring their assets to the trust, they will save taxes, simplify the administration of their estates, and save money for their children or other beneficiaries. Unfortunately, these beliefs are not based in fact, and are typical of the myths that surround so-called “living trusts.” Below is a summary of some of the common myths and realities of living trusts.
Although this is true, the only reason to avoid probate is to save time and money.
Even with a living trust, it is rare to avoid probate. There are usually one or two assets outside of the trust that require the estate to be probated.
Probate costs in Pennsylvania are very reasonable. For example, a $1 million estate will have an average probate fee of $500.
The probate process in Pennsylvania is quick and efficient and does not require the intervention of the Court unless a matter is contested.
Delays in settling an estate usually result from required tax filings and the sale of an illiquid asset. Even with a living trust, death tax returns have to be filed.
In Pennsylvania, a copy of the inheritance tax return remains filed in the Register of Wills office in the local courthouse. You are required to include trust assets on the return and attach a copy of the trust. These files are open to the public.
Assets of a living trust are still subject to Pennsylvania inheritance tax and federal estate tax. A good Will can save as much death tax as a good living trust.
Income tax is not saved during your life because the trust is ignored under federal and state income tax rules until you die.
Reduces legal fees and administrative costs:
The filing fees imposed at death are typically less when assets are held in a living trust. However, the cost to establish the living trust and transfer the assets to it during your lifetime are typically two to three times more than the cost of a Will.
Even with a trust, your estate will incur fees for the preparation of the death tax returns and to transfer the assets to the beneficiaries.
A living trust provides a management vehicle for assets while you are alive, but this can also be achieved with a properly drafted Power of Attorney.
Having a living trust means you may avoid the cost for guardianship of the estate, but you still may need to have a guardian of the person appointed, if you become incapacitated.
A living trust is only really effective if all of your assets are in the trust. Most people will still need a Power of Attorney.
If you own assets in two or more states, putting those assets in a living trust can save significant costs following death because probate is avoided in the second state.
By: Troy B. Rider
In the wake of the 2008 financial meltdown, corporate conduct has been subject to increased scrutiny as regulators, shareholders and other third parties demand accountability for any misconduct or wrongdoing. Since a corporation is a legally created artificial entity, the question remains how can a corporation be held liable for any wrongdoing when the corporation itself cannot physically commit any act? The answer is relatively easy but can carry significant risk for the company and its officers and directors.
A corporation can only act through its officers, employees and agents (collectively, “representatives”) and courts have generally held corporations vicariously liable for the actions committed by such persons while acting within the scope of their employment. Moreover, the United States Supreme Court has extended such liability to criminal acts where the acts of the corporation’s representatives were motivated, at least in part, to benefit the corporation. The phrase “scope of employment” is broadly defined to include acts committed on the corporation’s behalf in performing the representative’s general line of work. Consequently, if the representative is performing some job-related duty, he or she will generally be considered to be acting within the “scope of employment.”
In certain circumstances, officers of the corporation may be strictly liable for an act committed by a representative, even though the officer did not know about the wrongdoing. This “doctrine” is commonly known as the “responsible corporate officer” doctrine. To be held strictly liable for such wrongdoing, a corporate officer without knowledge or involvement in a subordinate’s illegal conduct may be held criminally liable for such conduct if the officer had actual authority to exercise control over the specific activities that caused the conduct or failed to enact measures to prevent the conduct. Despite preventative measures being in place, the officer may still be held liable if such officer knew of possible violations and failed to carry out his duty to search for and correct them when they occurred.
Corporations subject to liability for the acts of its representatives could face a variety of fines and sanctions, including a criminal indictment. The repercussions of such fines and sanctions stretch far beyond monetary loss. For example, the corporation could be subject to invasive court proceedings, close supervision of the corporation’s business by a third party (such as a receiver), loss of reputation, and the opportunity cost of foregoing other business pursuits.
To mitigate such risks, a corporation should consider enacting a compliance program. An effective compliance program should contain, at a minimum, the following:
– Oversight of the program by executive level personnel;
– Employee training;
– A Monitoring and auditing process; and
– Procedures for responding to any complaint or questioned action.
While maintaining a compliance program will not eliminate all liability for the actions of corporate representatives, it may be an effective tool for reducing fines and sanctions.