The National Law Forum

The Blog of the The National Law Review
computer office man dispair

Are UK-to-US employee data transfers sunk by ECJ’s torpedoing of Safe Harbor regime?

So there it is – in a tremendous boost for transatlantic relations, the European Court of Justice has decided that America is not to be trusted with the personal data of EU residents.  That is not exactly the way the decision is phrased, of course, which (so far as relevant to UK HR) is more like this:

Under the Eighth Principle of the UK’s Data Protection Act (and all or most of its EU cousins) the personal data of your employees can be transferred outside the EU only where the recipient country ensures an adequate level of protection for the rights and freedoms of data subject.

Until now an EU employer has been able to rely in this respect on a US company’s registration with the Safe Harbor (sic) scheme, a series of commitments designed to replicate the safeguards of EU law for that data.  As of this week, however, that reliance has been deemed misplaced – the ability and tendency of the US security agencies to access personal data held by US employers has been found to compromise those commitments beyond immediate repair.  In addition, one of the EU “model clauses” which can legitimise international data transfers requires the US recipient to confirm that it is aware of no legislation which could compel it to disclose that personal data to third parties without the employee’s consent.  New US laws enacted to boost homeland security mean that this can simply no longer be said.  Therefore Safe Harbor has been comprehensively blown up and can no longer be used as automatic air-cover for employee data transfers to the US.

This creates two immediate questions for HR in the UK.  First, what exposure do we have for past data transfers to the US on a basis which is now shown to be illegitimate?  Second, what do we do about such transfers starting now?

  • Don’t panic! To make any meaningful challenge out of this issue, the UK employee would need to show some loss or damage arising out of that transfer.  In other words, even if the data has been used in the US as the basis for a negative decision about him (dismissal or demotion or no bonus), the employee would need to show that that decision would have been more favourable to him if it had been taken by the same people based on the same data but physically within the EU.  Clearly a pretty tough gig.

Second, all this case does is remove the presumption that Safe Harbor registrants are safe destinations – it does not prove that they are not, either now or historically.  The question of adequacy of protection is assessed by reference to all the circumstances of the case, including the nature of the personal data sent, why it is sent to the US and what relevant codes of conduct and legislative protections exist there.

Last, Schedule 4 of the DPA disapplies the Eighth Principle where the data subject (the employee) has given his consent to the international transfer, or where the transfer is necessary for the entering or performance of the employment contract between the employee and the UK employer.  It will rarely be the case that neither of these exceptions applies.

If you have not previously had complaints from your UK employees that their personal data has been misused/lost/damaged in the US, nothing in this decision makes that particularly likely now.

  • Still don’t panic.

  • However, do be aware that this case is likely to lead to stricter precautions being required to ensure that what is sent to the US is genuinely only the bare minimum.

  • On its face, Schedule 4 should allow most reasonable international transfers of employee data anyway, pretty much regardless of what level of protection is offered in the destination country. However, there is a strong body of opinion, especially in Continental Europe, that reliance on this provision alone is unsafe and that it is still appropriate for the EU employer to take specific steps (most usually, some form of data export agreement with its US parent) to satisfy itself that a reasonable level of protection for that data exists. It may also wish to be seen to reconsider how far those HR decisions need to be made in the US at all, and whether EU employee data could be kept on an EU-based server if that is not currently the case.

  • To the extent that employment contracts do not already include it, amend them to include an express consent to the transfer of relevant personal data to the US (but do note another possible avenue of attack much mulled-over in Europe, i.e. that consent in an employment contract is not freely given because the job hangs upon it). Last, be seen to prune the UK employee data you do hold in the US back to what is strictly necessary and get rid of stuff which is no longer (if it ever was) relevant to the performance of the employment contract.

© Copyright 2015 Squire Patton Boggs (US) LLP

water with a green ball_WIDE

BREAKING: EPA Water Rule Blocked Nationwide By Sixth Circuit

The Sixth Circuit today stayed the effect of the Environmental Protection Agency’s new “Clean Water Rule” nationwide, while the Court of Appeals considers whether it has original jurisdiction to hear challenges to the regulation or whether those challenges should proceed first in the federal district courts.  Among other reasons, the court said staying the Rule would remove uncertainty and confusion by restoring a uniform definition of “waters of the United States” nationwide.  Before today, the prior regulatory definition of waters of the United States was in effect in 13 states where the federal district court for North Dakota had enjoined the new Clean Water Rule; the new Rule’s definition applied in the rest of the country.

In granting the stay, the Sixth Circuit found that petitioners had a “substantial possibility” of succeeding on the merits of their challenge, for both substantive and procedural reasons.  Substantively, the court questioned whether the  Clean Water Rule’s provisions limiting jurisdiction over certain types of waters to those located within a specified distance from a navigable waterway are consistent with the Supreme Court’s decision in Rapanos v. United States, 547 U.S. 715 (2006).  Procedurally, the court found the rulemaking process by which the distance limitations were established was “facially suspect” because respondents have not shown those provisions were a “logical outgrowth” of the proposed regulations or that the public had “reasonably specific notice” the distance limitations were among the range of alternatives being considered.

As one member of the three-judge panel noted in dissent, the majority’s ruling is unusual in that the court enjoined implementation of the Clean Water Rule while it is still considering whether it even has jurisdiction to hear the challenges to the Rule.  In fact, petitioners have moved to dismiss their own petitions for lack of subject matter jurisdiction while also seeking a stay.  The majority’s statement that there is “no compelling showing that any of the petitioners will suffer immediate irreparable harm” in the absence of a stay is also in some tension with the Supreme Court’s decision in Winter v. Natural Resources Defense Council, 555 U.S. 7 (2008), where the Court held (in the context of a NEPA challenge) that the party seeking a preliminary injunction must show a likelihood—not just a possibility—of irreparable harm absent an injunction.

The court said that briefing on the jurisdictional question will be complete, and the question ready for decision, “in a matter of weeks.”

Copyright © 2015, Sheppard Mullin Richter & Hampton LLP.

healthcare background

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

On October 5, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services launched a new platform to enable developers of mobile health technology, as well as others “interested in the intersection of health information technology and HIPAA privacy protection.” OCR notes that there is currently “an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes.” The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.

The platform invites mobile health developers to submit questions and topics for future guidance. The portal asks:

What current provisions leave you scratching your heads? How should this guidance look in order to make it more understandable, more accessible? Use this page to submit your questions about HIPAA. Or present a use case. Look at what your peers are discussing, comment on it and vote on which topics or use cases would be the most helpful or important to your work.

As of now, the platform features questions (though no answers yet) regarding:

  • what entities are covered by HIPAA;

  • the application of HIPAA to cloud computing;

  • what aspects of the application (environment) must be HIPAA compliant;

  • the content of business associate agreements;

  • the flow of patient-generated data; and

  • the use of audit logging by developers.

Anyone can browse the site, but users who wish to submit questions must register. Registered users may also offer comments on other submissions or vote on the relevance of a topic. The portal represents that the entities and email addresses associated with posts by registered users will be anonymous to OCR. OCR also states that posting or commenting on a question on the portal will not subject anyone to enforcement action. While OCR will moderate comments posted by users, it will not vouch for the accuracy of these comments. Thus, users must pay close attention as to whether guidance appearing on by the portal is endorsed by OCR before taking action in reliance on this guidance.

The release of the portal comes at a time of particular uncertainty for medical application developers. HHS has acknowledged that existing HIPAA guidance has not addressed all of the questions raised by emerging technologies and has said that it plans to seek guidance from mobile application developers themselves. Depending on the timeliness of, and level of detail contained in, OCR’s responses to questions, the portal could prove a useful resource to a quickly evolving industry.

© 2015 Covington & Burling LLP

Original Visa Bulletin Not Restored

The July 2015 Visa Bulletin Brings Little ChangeOn September 28, 2015, several highly-skilled immigrant workers from India and China filed a federal class action lawsuit in the State of Washington against the U.S. Department of State (“DOS”) and U.S. Department of Homeland Security (“DHS”) over revisions to the October 2015 Visa Bulletin (Revised Visa Bulletin).  A temporary restraining order was subsequently filed on September 30, 2015.

Unfortunately on October 7, 2015, the court denied the plaintiffs’ request for a temporary restraining order. The court denied the request for a temporary restraining order because it found that (1) the plaintiffs failed to show a likelihood of success on the merits, and (2) the revision of the Visa Bulletin did not substantially alter the plaintiffs’ rights.  According to the court, the Revised Visa Bulletin only clarified a prior incorrect statement of their rights.

The immediate effect of this decision is that the Revised Visa Bulletin will remain in effect and DHS will not be required to accept Adjustment of Status applications that could have been filed under the Original Visa Bulletin but not under the Revised Visa Bulletin. The underlying lawsuit, however, is still ongoing.

Many foreign nationals who very recently found themselves one step closer to having a green card are now looking at lengthy wait times once again.  A good portion of these individuals have also incurred costs associated with their anticipated applications to adjust status including legal fees, medical exams, and passport photos.  We will continue to monitor the progress of the case moving forward.

©2015 Greenberg Traurig, LLP. All rights reserved.

Businessman with report and phone

To Specialize or Not to Specialize, That is the Question for Attorneys

As the number of attorneys in the marketplace continues to grow, it is becoming more important to differentiate yourself.  One of the best ways to do this is through specialization.  Becoming a “specialist” can be a scary proposition as your messaging and marketing efforts change to accommodate this new direction. The obvious fear is giving up some potential business by speaking and marketing openly about your new focus. While most of these fears are not grounded in reality, most generalists are worried about the possible loss that may occur when making the transition.  In working with hundreds of attorneys, we regularly discuss the ups and downs to becoming a specialist. If the timing is right and you are well prepared, it might be the best way for you to stay relevant, while also growing your practice and obtaining additional financial security. That being said, it’s one thing to be “known” as a specialist versus “identifying oneself” as a specialist. It’s always better to be considered an industry specialist and leader rather than having to advertise that information. In some states, calling yourself a “specialist” is not allowed. Be sure to stay in compliance within your states’ guidelines.

Take a moment and think about two of the most successful attorneys you know.  Really, close your eyes for five seconds and get their names in your head.  I would bet dollars to donuts that at least one of the names you thought of was someone who is a specialist. It should come as no surprise that an attorney who builds a reputation around being great at one thing is memorable to you. The reality is that when you build a reputation in one industry, market or vertical, your practice can grow more quickly than you ever thought possible. Of course, a number of elements need to be in place before taking this leap. Here are a few things to think about before making the switch to becoming a specialist:

#1. You need to be the best at what you do.

Whether you are a litigator or an estate-planning attorney, nothing is more important than being skilled at your craft. When thinking about specializing, be sure you have the baseline skills and experience to succeed in one particular area of the law. It might make sense to get at least 2-3 clients under your belt in a particular area to test it out and see if specializing in one area makes sense for you. Achieving notoriety as a specialist may take months or many years to achieve. The important thing is that you eat, sleep and breathe within the space that you’ve chosen.

A good example of this occurred when I was badly injured in a plane crash back in 1996. That’s right, I survived a plane crash.  During my recovery from looking like a human pretzel, my father, a now retired attorney, put me on the phone with Bob Clifford of Clifford Law Offices. He chose Bob Clifford because he is well branded as the leader in aviation and personal injury litigation. We didn’t speak to any other law firms because who could possibly be better?

Being the best at what you do and building a strong reputation around that specialty can make obtaining new clients very easy. However, as you probably know, it takes real effort and conviction to build a specialized practice.

#2. Choose the right industry or vertical that’s a fit for you.

The easiest and most time effective way to develop a niche’ is to leverage the work you’ve already done in one particular area. It may make sense to target specific people, companies or issues that will allow you to draw out more work.  For example, if you’ve worked with textile manufacturers and enjoy the work, be sure to target other textile companies in your area. You can do a search on google or LinkedIn to identify the people and companies to call on. Try to leverage your existing clients and strategic relationships to obtain introductions to these business owners if possible.

As an example, you could call up your client in the industry and say, “I know you’ve been happy with the work I’ve done for you over the past few years. I am looking to help others in the same area. Who are you friendly with in the textile industry that I should be speaking with as well?” The key here is to develop a great relationship with your client to ensure that he/she is open to making these types of strategic introductions. Think about it this way. If you had the best dermatologist and someone had a nasty rash, wouldn’t you feel great making the introduction?

Another easy way to find the right specialty for you is by asking yourself, “What am I truly passionate about?”  If you care about something, it drives you to become more involved. For example, one of my clients is very passionate about animals and is now focusing on working with dog shelters and veterinarians.  She joined the shelter’s board and is routinely interacting with prospective clients for her practice. She is wowing them with her ability to solve problems and is routinely asked legal questions from the board members. These inquiries turn into business meetings and eventually new business.  She’s doing all of this without working harder than before as the new originations roll in. Finding a niche’ that you are passionate about can make your legal career much more meaningful and enjoyable. You will also have a greater chance of meeting prospective clients, as you will be interacting with them on a more regular basis.

#3. Find a space, where there is space.

Be aware of your market and niche’ and who else may already be there before committing to a specific specialty.  While you may have vast experience in commercial real estate for example, there may already be too many lawyers in that area to easily separate yourself from the pack. Do your research and try to find a segment of real estate that isn’t as fully saturated. It might also make sense to branch off into other areas of law to ensure you have your eggs in a few different baskets.

When the recession hit in 2008, many real estate lawyers were hit pretty hard. One of my clients saw this as an opportunity to study estate planning as a backup plan to real estate law. This ended up being a great fit as he was able to leverage his real estate clients and personal contacts to help set up estate plans for everyone he could.  Now that real estate is back, he has doubled his book by focusing on both specialties.

By studying the competition, understanding the marketplace and the amount of business generated in a particular area or niche’, you can better hedge your bets when selecting a specialty.

#4. Look to the future.

Earlier this year, I had the great pleasure of interviewing Jerry Maatman of Seyfarth Shaw to learn a little more about his successful practice. One of the key elements to his amazing achievements as an attorney came from his thirst for knowledge within his area of Labor and Employment. He voraciously read everything he could to better understand what was coming down the pipe to see how he could leverage it to build his practice. He describes in his interview, the 1992 legislation for the Americans with Disabilities Act and how he got ahead of the law to be seen as the premier expert on the subject. He effectively packaged a “Survival Guide” for companies to better deal with the changing laws and regularly spoke on the subject before anyone else. By being a forward thinker, he locked-in his success and was repeatedly hired as the expert on ADA law by some of the largest companies in America.

Developing a niche’ can be a game changer for you as a practicing attorney. For those who are worried about missing other business opportunities because of specializing, who’s to say you can’t take on new business in other areas? However, by focusing your outbound marketing on one thing, you’ll have the opportunity to build your brand name much more quickly than staying a generalist.  You need to have the experience, the passion, the space or the forward thinking that will allow you to become successful in specializing.

Copyright @ 2015 Sales Results, Inc.

Get every new post delivered to your Inbox.

Join 23,092 other followers