• Attorneys
  • Attorneys A-L
    • Aaron N. Bailey
    • Holly W. Batten
    • Amanda L. Bryant
    • Stephanie F. Bynum
    • Connie E. Carrigan
    • W. Thurston Debnam, Jr.
    • Franklin Drake
    • Caren D. Enloe
    • Beth B. Godfrey
    • Adam M. Gottsegen
    • Thomas A. Gray
    • Gerald Henry Groon, Jr.
    • John B. Honeycutt, Jr.
    • Thomas R. Lenfestey
    • Lynn W. Lupton
  • Attorneys M-Z
    • Christina McAlpin
    • Jerry T. Myers
    • John W. Narron
    • Max R. Rodden
    • Jeff D. Rogers
    • Byron L. Saintsing
    • Chad A. Sharkey
    • David H. Simpkins
    • Bettie Kelley Sousa
    • Rose H. Stout
    • Alicia J. Whitlock
• Practice Areas
  • Adoption
  • Business Litigation
  • Collections
  • Commercial Bankruptcy and Reorganization
  • Commercial & Residential Real Estate
  • Community & Homeowner Associations
  • Construction Law
  • Corporate & Business Law
  • Creditors' Rights
  • Employment Law
  • Equipment Leasing & Finance
  • Estate Planning, Administration & Wills
  • Family Law
  • Foreclosures
  • Immigration & Nationality Law
  • Insurance Subrogation
  • Lender Liability Defense
  • Mediation & Arbitration
  • Personal Injury & Professional Negligence
• Professional Opportunities
  • Attorneys
  • Summer Associates
  • Paralegals
  • Administrative Staff
  • Benefits and Compensation
  • Current Openings
• Locations
  • Raleigh Office
  • Charlotte Office
• News and Events
• Legal Insights
• Contact Us

In recent years, the number of reports of identity theft has increased dramatically in North Carolina. Personal information, including a social security number, is regularly requested by businesses from their employees and customers for a variety of purposes. Consequently, many of these businesses possess large databases of personal information that are ideal targets of perpetrators of identify fraud. In response to this growing problem, the North Carolina Legislature adopted The Identity Theft Protection Act, with an effective date of December 1, 2005 for the main provisions. The Act affects all companies doing business in North Carolina and imposes upon these specific duties and restrictions regarding the use and maintenance of personal records of their employees and customers. While we provided our clients with an overview of this law in our last issue of Legal Insights, in this issue we offer a more in-depth review of the contents and implications of this bill.

The Identity Theft Protection Act (ITPA) has three main goals: (1) to prevent personal information of individuals from falling into unauthorized hands by imposing specific regulations on businesses; (2) to require businesses to properly dispose of all personal information of their customers and employees; and (3) to require businesses to provide adequate notice of a security breach to any affected party upon discovery that personal information has been either lost or stolen. The ITPA’s intent is to protect the personal information of those individuals identified as either consumers or employees of a business. This includes any combination of a person's name and another personal identifier, including social security number, PIN number, driver's license number or bank account number. 

Businesses Must Take Affirmative Steps to Prevent Disclosure of Personal Information

The ITPA prohibits businesses from intentionally communicating or otherwise making available to the general public an individual's social security number, aside from its last four digits. As such, a business that uses a social security number as a means of identification of an employee or customer must make sure that it eliminates any possibility of unintended dissemination of the personal identifier. Specifically, a company doing business in North Carolina cannot: (1) intentionally print an individual's social security number on any card required for access to products or services; (2) require an individual to transmit his or her social security number over the internet, unless the connection is secure; (3) require an individual to transmit a social security number to access an internet website, unless a password is also required; (4) print an individual's social security number that may be visible on any mailed materials; and (5) sell, lease, loan, trade, rent, or otherwise intentionally disclose an individual's social security number to a third party without written consent. 

A few exceptions, however, allow a business to use a social security number for limited purposes. The prohibitions do not apply when the social security number is (1) included in an application; (2) used for internal verification and administrative purposes; (3) used to open an account; (4) used to investigate fraud, conduct background checks, collect debts, obtain credit reports, furnish information to a reporting agency, or locate an individual; or, (5) produced pursuant to a court order or valid subpoena.

Affirmative Steps to Destroy All Personal Information

The ITPA imposes on businesses a duty to take all reasonable measures to properly dispose of all personal information of consumers in order to prevent any unauthorized use of the information during and after its disposal. All businesses have a duty not only to implement but also to monitor formal policies and procedures that require proper disposal of all personal information. The Act also imposes a duty to destroy any data located in electronic media. Businesses have the option to employ a commercial record disposal company in order to ensure that proper disposal of personal information is performed. A commercial record disposal company will help a business ensure that the personal information is properly and adequately disposed, preventing any opportunity for unlawful dissemination of the same. However, since the disposal of personal information must be done in strict compliance with the Act, before a business can enter into a written contract with a disposal company, it must first exercise "due diligence" in selecting and evaluating said company to ensure that it will, in fact, adopt appropriate measures.

In Case of a Breach, What Must A Business Do?

If a business becomes aware of a security breach (for example, if information has been lost or stolen), the Act obligates the business to give notice "without unreasonable delay" to the affected party whose personal information may have been compromised. The notice must be clear and conspicuous and its content must specifically adhere to the requirements delineated in the Act. Furthermore, the notice must be provided by one of the methods specified, by telephone, written correspondence, or email.

Are Damages Assessed In The Case of A Violation?

Yes. A violation of the Act can result in significant damages if it is found that the business was negligent in developing and monitoring its disposal policies and training and supervising its employees, or was willful in allowing personal information to be lost or stolen.


How Can A Business Ensure Compliance With The Requirements And Duties Imposed By The Identity Theft Protection Act?

There are three primary actions a business in North Carolina should take in order to ensure compliance with the ITPA. First, the business should perform an initial assessment of its current measures and procedures employed to protect personal information of its consumers and employees to determine whether they are in compliance. Then, a formal written policy should be developed and implemented which details the proper procedure for disposal of all personal information, and all employees should be properly trained accordingly. And lastly, the business should develop a strategy for storing personal information in a manner that safeguards it. This policy should also address the protocol for dealing with possible breaches, including plans for proper notice to any affected individual.

For additional information or questions about The Identity Theft Protection Act, contact Caren D. Enloe in our Raleigh office at 919-250-2000, e-mail cenloe@smithdebnamlaw.com or Xavier M. Bailliard in our Charlotte office at 704-643-3220, e-mail xbailliard@sminthdebnamlaw.com.

Back to Index

HOA LEGAL ALERT

Recently, there has been a flurry of litigation and legislation regarding what homeowners’ associations (“HOAs”) can and cannot do. What follows is a brief summary of the laws that have taken shape regarding these issues.

Architectural Review Committee Decisions in North Carolina¹ 

Architectural review committees (ARC’s) are typically the branch of HOAs charged with maintaining the status quo of the general appearance of the planned development. What follows are recent decisions detailing ARC authority.

The North Carolina Court of Appeals recently filed an opinion in the matter of Pendleton Lake Homeowners Association, Inc. v. Carnell and Burch, 2006 N.C. App. LEXIS 242, (2006). The case is of particular relevance to property managers and HOA boards because of its concise explanation of the body of law surrounding ARC’s and their underlying grounds. This case involved an ARC’s decision regarding the Carnell and Burch’s (“Defendants”) desired construction of a detached garage measuring 20 x 30’ for the purpose of housing two historic cars. 

The covenants allowed for the construction of a garage for no more than 4 cars, and the covenants provided for the usual review process by the ARC. In particular, the covenants granted the ARC broad authority to approve or disapprove any structure. 

You probably can guess the rest of this story. Defendants applied to the ARC for approval and were rejected. They appealed to the HOA president, and the board held an appeal hearing where it also denied the request. The board backed the ARC’s decision that the garage did not comport with the

Undeterred, Defendants began construction. The HOA sought and obtained temporary and preliminary restraining orders commanding Defendants to stop construction. The trial court later granted the HOA’s summary judgment motion. Defendants appealed, claiming that the ARC and Board ignored the covenants, acted unreasonably, and failed to act in good faith.

In beginning its analysis, the Court noted that covenants in North Carolina that vest broad and discretionary architectural authority in ARC’s are valid and enforceable so long as the ARC acts reasonably and in good faith. However, such authority cannot be exercised arbitrarily. The Court stated that:

In the end, the main question is whether the applicable committee or board acts reasonably and in good faith, to be determined from the particular facts of a given case. In support of this view, the Court cited another NC case where the ARC was deemed to have acted reasonably and in good faith when it considered an application more than once, personally viewed the site before their decision, and used covenant guidelines as part of their decision-making process. Acknowledging the full review of Defendants’ application, personal visits and interviews, the Pendleton court said the ARC and board acted reasonably. 

The lesson to be learned here is that as a property manager or board member, it is advisable to be sure that rejection of an owner’s proposed architectural changes is based on factors set forth in the covenants and in consideration of the overall scheme of development. A summary rejection without explanation will be subject to attack. In addition, having a two-tiered process for decisions (ARC and then appeal to board) provides a solid foundation before a court – the court will see that the decision failed two stages of review, which would reduce the likelihood of it being determined an unreasonable or arbitrary action.

Collection of Assessments and Application of Payments in North Carolina

Pursuant to revisions of the NC Planned Community Act, which took effect January 1, 2006, liens based solely upon unpaid late charges, fines, and/or attorney fees must be foreclosed pursuant to judicial foreclosure. This full-scale lawsuit can take many months to complete with legal fees typically much higher due to the nature of the lawsuit and the requirement to be heard by a judge. By contrast, foreclosure of liens based at least partially on assessments may follow procedures applicable to the more simple power-of-sale foreclosure. This type of foreclosure takes considerably less time and expense, and the county clerk of court, not a judge, conducts the hearings. 

As a result of these changes, when payments are received for North Carolina assessment accounts that contain late charges, fines, and/or attorney fees, it is our recommendation that these payments be applied FIRST to late charges, fines, and/or attorney fees and THEN to the underlying assessments. While this may cause a change in bookkeeping procedures, it could be a key cost-saving exercise for an HOA should the account and property proceed to foreclosure. 

Note that the forgoing must be read with an awareness of fair debt collection laws. Should a homeowner dispute an item(s) charged to his account, payments should not be applied to the disputed portion(s). In addition, if a homeowner directs that a payment be applied in a certain manner, the payment should be applied in the specified manner. Failure to do so may create liability for failure to comply with state and/or federal debt collection laws, which can create significant monetary penalties.

Collection of Attorney Fees for HOA Litigation in South Carolina

Aside from the day-to-day requirements of maintaining a collective and uniform planned development, homeowner associations are quite often involved in litigation. HOA clients which have matters that need to be litigated (enforcement of covenants, foreclosure of assessment liens, etc.) are often concerned about the costs and attorney fees involved and whether such fees can be assessed against the violating homeowner. The Court of Appeals for South Carolina (“Court”) recently decided a case that addressed these concerns: Sebrook Island Property Owners’ Association, v. Joseph A. Berger, 365 S.C. 234, 616 S.E.2d 431 (Ct. App. 2005).

As a preliminary matter, property managers and boards need to be aware of the enforcement provisions in the relevant covenants and whether they provide for the assessment of attorney fees and/or costs in actions against owners. Most covenants have such a provision, but the absence of such a provision may preclude assessment and/or collection of attorney fees and costs. Where the covenants lack such a provision and the HOA runs on a tight budget, it may be prudent to take time to amend the covenants to add a provision for attorney fees and costs.

In Seabrook, the HOA filed an action against Berger essentially for the enforcement of covenants based on Berger’s unkempt yard and floating dock. After Berger failed to respond to the HOA’s direct communications, the HOA forwarded the matter to its attorney. The HOA attorney attempted, over a span of two years, to resolve the issue with Berger and his attorney on numerous occasions, and later filed suit. The trial court held for the HOA, ordered Berger to correct his violations, awarded the HOA $43,945.00 for assessments and fines, and awarded the HOA attorney fees and costs. 

While Berger appealed on the merits, the trial court stayed determination of attorney fees. In all, the case took six years to resolve. Berger’s appeal failed and the HOA petitioned the trial court for an award of $39,194.08 in attorney fees. The trial court granted the HOA’s request. Berger appealed, arguing that the award was excessive and punitive. 

The Court first recounted the law of attorney fee awards by saying that, “[t]he general rule is that attorney’s fees are not recoverable unless authorized by contract or statute.” Restrictive covenants are contractual and bind the parties just as any other contract. Specific sections of the covenants and bylaws authorizing the HOA to bill an owner for attorney fees, costs, and other collection expenses were noted.

The Court then delineated the six factors considered in South Carolina for an award of attorney’s fees: “1) nature, extent, and difficulty of legal services rendered; 2) time and labor devoted to the case; 3) professional standing of counsel; 4) contingency of compensation; 5) fee customarily charged in the locality for similar services; and 6) beneficial results obtained.” The trial court considered these factors and made detailed findings after applying them in the Seabrook case. The Court noted that the case took 6 years to resolve, involved an appeal, and encompassed more than 250 hours of attorney time. The HOA’s attorney charged rates that were his usual rates and which were customary for the community and he made several attempts to resolve the matter before trial. Also noted was the attorney’s sound reputation as a practitioner in the area of HOA law. 

Berger argued that the matter was not complicated enough to warrant the award. The Court, noting the trial court’s reasoning, disagreed, and it also disagreed with Berger that the award was punitive and excessive because the HOA actually incurred the awarded fees. Thus, Berger lost and was ordered to pay the HOA $39,194.08.

Therefore, South Carolina HOAs should take comfort in knowing that SC courts recognize and enforce attorney’s fees provisions in covenants so long as the award is supported by the six factors listed above. Whether such attorneys’ fees are ultimately collectible is another matter.

For additional information or questions on legal issues pertaining to Home Owners Associations, contact David H. Simpkins in our Charlotte office at 704-643-3220 or by e-mail at dsimpkins@sminthdebnamlaw.com.

Back to Index

Social Security “No-Match” Letters
What’s an Employer to do?

The Immigration Reform and Control Act of 1986 put in place regulations relating to an employer’s mandatory verification of each employee’s identity and the prohibition from knowingly granting employment to an unauthorized person. Media coverage of immigration events and politics over recent years have heightened both awareness and concern among most employers as to how they can ensure compliance with this Act.

These requirements are often confusing, particularly when they seemingly conflict with other government requirements. One such situation arises when an employer receives notification from the Social Security Administration (SSA) that the name or social security number listed on the individual’s W-2 form does not match SSA records. Employers may become understandably concerned that the government will use these “No-Match” letters as notice that an individual is not authorized to work in the United States. Yet, the discrepancy that resulted in the letter may be wholly unrelated to any immigration issues. So, what’s an employer to do?

Understanding the enforcement structure of the federal government is a useful place to start in grappling with this issue. For example, older versions of the “No Match” letters from the SSA contained language that some employers mistook as a notice that they were being fined. But, only the IRS has the responsibility to enforce tax laws -- the SSA does not. With regard to social security numbers, the IRS may impose a fine of $50 per violation (or higher) against anyone filing incorrect information returns. Should a fine be assessed, the employer will receive a separate notice from the IRS, and also will have the opportunity to correct the information. If simply correcting the information resolves the issue, the penalty can be reduced, or even waived, upon a determination that the failure was due to “reasonable cause.”

Another federal agency involved is Immigration and Customs Enforcement (ICE). ICE is the largest investigative sector of the U.S. Department of Homeland Security. Among other things, ICE looks for violations of employment verification procedures, as well as the knowing employment of unauthorized workers. While currently ICE officials are not informed when a “No-Match” notification is issued by the SSA, proposed immigration reform could provide for the future exchange of this information between these agencies.

While a “No-Match” notification on its own is not grounds for termination of the employee, it requires decisions as to the steps an employer should take in response. A good first step is to notify the employee in writing about the SSA letter and provide him/her an opportunity to resolve it. Current practice varies as to whether the employer gives a specified period of time to resolve the issue before being terminated, or adopts a less rigid policy whereby the employer can “wait and see” if another No-Match letter is received the following year for the same individual. When the latter approach is taken, the employer must again notify the employee of the discrepancy following receipt of the second “No-Match” letter. This time, however, the employer should also give the individual a specified period of time to resolve the issue, or else face termination. Under either approach, determining the appropriate amount of time to allow for correction is uncertain, and could range from a matter of days to weeks or months. 

The right strategy can vary depending upon the type of business. For example, sometimes an employer’s clients regularly require indemnity agreements, whereby the employer promises not to hire undocumented workers. In that context, a more rigid policy may be advisable. 

Recently proposed changes to the regulations provide some guidance on the approach an employer should take. The proposed changes define a procedure that, if followed, should prevent a finding that the employer knew a foreign individual lacked authorization to work in the U.S. In a nutshell, this procedure would require that the employer give the employee a specific period of time following receipt of the “No-Match” letter to resolve the discrepancy. If the employee is unable to do so within that timeframe, the employer would be permitted to re-verify employment eligibility, and can then become more selective about the documents used to provide verification. Such an elevated review at this point would not risk running afoul of immigration discrimination laws. 

This proposed safe harbor procedure would not be mandatory, and may not necessarily be advisable in all circumstances. However, the proposed regulations do give employers a helpful glimpse at “good faith compliance” from the government’s point of view. This information should, therefore, cause those employers who have adopted the more lenient, “wait and see” approach to consider significantly tightening their policy.

Whatever policy is adopted, it is important that it be applied uniformly to all employees, thereby helping to preclude the occurrence, or even the appearance, of discrimination. 

In establishing an appropriate strategy, each employer must weigh the risks, including that of fines for tax reporting and/or immigration violations, the potential for a hiring discrimination lawsuit, and the possibility of defending an indemnification claim by a client corporation that has been sanctioned for the use of contracted labor (such as occurred in the recent highly-publicized Wal-Mart case). 

Businesses may not always find it easy to identify compliant hiring practices, and a qualified attorney can help determine the best approach. If you are unsure whether your business is in compliance, contact attorney Amanda Bryant.

Contact Amanda Bryant at 919-250-2000 or by e-mail at abryant@smithdebnamlaw.com.

Back to Index