Category: Administrative & Regulatory

Basic Guidelines for Protecting Company Trade Secrets

Lewis & Roca

Under the Uniform Trade Secrets Act (UTSA), “trade secrets” are generally defined as confidential proprietary information that provides a competitive advantage or economic benefit. Trade secrets are protected under the Economic Espionage Act of 1994 (EEA) at the federal level, and the vast majority of states have enacted statutes modeled after the UTSA (note that some jurisdictions, such as California, Texas and Illinois, have adopted trade secret laws that differ substantially from the UTSA; thus, businesses should research laws in the relevant jurisdiction(s).). Under the UTSA, to be protectable as a trade secret, information must meet three requirements:

i. the information must fall within the statutory definition of “information” eligible for protection;

ii. the information must derive independent economic value from not being generally known or readily ascertainable by others using appropriate means; and

iii. the information must be the subject of reasonable efforts to maintain its secrecy.

Trade secret theft continues to accelerate among U.S. companies, and can have drastic consequences. To combat this threat, Congress and certain state legislatures have recently enacted legislation to broaden trade secret protection. As a result, it is paramount that companies safeguard all proprietary information that may qualify as protectable trade secrets. This blog post explains some key trade secrets concepts, and offers pointers on how to identify and protect trade secrets.

(1) Determine Which Data Constitutes “Information”

The UTSA-type statutes generally define “information” to include:

Financial, business, scientific, technical, economic, and engineering information;

Computer code, plans, compilations, formulas, designs, prototypes, techniques, processes, or procedures; and

Information that has commercial value, such as customer lists or the results of expensive research.

Courts have similarly interpreted “information” to cover virtually any commercially valuable information. Examples of information that has been found to constitute trade secrets includes pricing and marketing techniques, customer and financial information, sources of supplies, manufacturing processes, and product designs.

(2) “Valuable” and “Not Readily Ascertainable” Information

To be protectable, information must also have “economic value” and not be “readily ascertainable” by others. Courts generally determine whether information satisfies this standard by considering the following factors:

Reasonable measures have been put in place to protect the information from disclosure;

The information has actual or potential commercial value to a company;

The information is known by a limited number of people on a need-to-know basis;

The information would be useful to competitors and would require a significant investment to duplicate or acquire the information; and

The information is not generally known to the public.

(3) Take Reasonable Measures to Maintain Secrecy

Businesses should implement technical, administrative, contractual and physical safeguards to keep secret the information sought to be protected. Companies should identify foreseeable threats to the security of confidential information; assess the likelihood of potential harm flowing from such threats; and implement security protocols to address potential threats. Examples of security measures might include restricting access to confidential information on a need-to-know basis, employing computer access restrictions, circulating an employee handbook that outlines company policies governing confidential information, conducting entrance interviews for new hires to determine whether they are subject to restrictive covenants with former employers, conducting exit interviews with departing personnel to ensure that the employee has returned all company materials and agrees to abide by post-employment obligations, encrypting confidential information, limiting access to confidential information through passwords and network firewalls, track all access to network resources and confidential information, restrict the ability to email, print or otherwise transfer confidential information, employ security personnel, limit visitor access, establish surveillance procedures, and limit physical access to areas that may have confidential information.

Conclusion

This blog post is intended to provide some broad guidelines to identifying and protecting company trade secrets. Most if not all companies have confidential information that may be protectable as a trade secret. But certain precautions need to be in place to ensure that the information is protectable. Because each company and situation is different, you should seek advice about your specific circumstances.

Article By:

 of

Tri-Agencies Release Final Rules on Wellness Programs

SchiffHardin-logo_4c_LLP_www

On May 29, 2013, the U. S. Departments of Labor, Health and Human Services and the Treasury (the Tri-Agencies) issued final regulations (the final rules) implementing the changes that the Patient Protection and Affordable Care Act (PPACA) made to wellness programs. The final rules apply to both grandfathered and non-grandfathered group health plans and are effective for plan years beginning on or after January 1, 2014.

The final rules do not change the basic distinction between “participatory” wellness programs and “health-contingent” wellness programs. The final rules, consistent with the proposed rules, focus largely on revisions to health-contingent wellness programs. The key PPACA changes to the 2006 wellness regulations include:

  • Increases in the maximum allowable rewards under a health-contingent wellness program from 20% of the cost of coverage to 30% for non-smoking related programs and a 50% maximum for smoking related programs;
  • Clarifications of what constitutes a “reasonably designed” health-contingent wellness program; and
  • Additional guidance on reasonable alternatives that must be offered under any health-contingent wellness program so that the program remains non-discriminatory.

Participatory wellness programs are programs that either do not provide a reward or do not require an individual to meet a standard related to a health factor in order to obtain a reward. Participatory wellness programs are presumed to be nondiscriminatory if participation is made available to all similarly situated individuals, regardless of their health status. Examples include programs that reimburse employees for the cost of membership in a fitness center, or reward employees who complete a health risk assessment. These programs are easier to administer and not subject to the more exacting criteria that apply to health-contingent wellness programs.

Health-Contingent wellness programs require an individual to satisfy a health-related standard to obtain a reward. Examples include programs that provide a reward for smoking cessation, or programs that reward achievements for specified health-related goals, such as lowering cholesterol levels or losing weight. The final rules subdivide health-contingent wellness programs into two types: activity-only and outcome-based. An activity-only wellness program requires an individual to perform or complete an activity related to a health factor (e.g., a diet or exercise program), but it does not require the individual to reach or maintain a specific health result. In contrast, an outcome-based wellness program requires an individual to reach or maintain a specific health outcome (such as not smoking or attaining certain results on biometric screenings).

Modification to Maximum Rewards

All health-contingent wellness programs must satisfy five requirements to ensure compliance with the HIPAA non-discrimination rules. The final rules, as noted above, increase the maximum rewards allowed under a health-contingent wellness program. The five requirements are listed below and reflect the PPACA increases in the maximum rewards:

  1. The reward must be available to all similarly situated individuals;
  2. The program must give eligible individuals the opportunity to qualify for the reward at least once a year;
  3. The program must be reasonably designed to promote health and prevent disease;
  4. The reward must not exceed 30% of the cost of coverage (or 50% for programs designed to prevent or reduce tobacco use); and
  5. The program must provide a reasonable alternative standard to an individual who informs the plan that it is unreasonably difficult or medically inadvisable for him or her to achieve the standard for health reasons and therefore will not get the reward.

Clarifications to Reasonable Designs

Consistent with the 2006 regulations, the final rules continue to require that health-contingent wellness programs be reasonably designed to promote health or prevent disease. A program will meet this standard if it has a reasonable chance of improving health or preventing disease; is not overly burdensome; is not a subterfuge for discrimination based on a health factor; and is not highly suspect in the method chosen to promote health or prevent disease. The rules provide plan sponsors with a great deal of flexibility to design a wellness program.

Guidance on Reasonable Alternatives

The final rules modify the structure of the 2006 requirements with respect to providing reasonable alternatives for those individuals who are unable to attain the health-related goals of a health-contingent wellness program.

First, to satisfy the reasonable alternative requirement, the same full reward must be available to individuals who satisfy the reasonable alternative as is provided to individuals who are able to satisfy the standard program. As noted in the Preamble to the final rules, this means that the reasonable alternative must allow the individual a longer period to complete the program, and the reward earned must be the same as that given under the standard program.

The final rules do not require that the reasonable alternative be determined in advance and, consistent with past practice, allows the alternative to be set on an individual-by-individual basis. The final rules reiterate that, in lieu of providing a reasonable alternative, a plan or issuer may waive the otherwise applicable standard and simply provide the reward. Although in general a doctor’s verification is not needed for an individual to qualify for the reasonable alternative, the final rules do permit a doctor’s verification to be required under the activity-based reasonable alternative.

 of

Federal Energy Regulatory Commission (FERC) To Hold Technical Conference on Centralized Capacity Markets in Regional Transmission Organizations (RTOs) and Independent System Operators (ISOs)

SchiffHardin-logo_4c_LLP_www

The Federal Energy Regulatory Commission (FERC) announced this week that it will hold a technical conference on centralized capacity markets in Regional Transmission Organizations (RTOs) and Independent System Operators (ISOs). The purpose of the technical conference is to consider how current centralized capacity market rules and structures are supporting the procurement and retention of resources necessary to meet future reliability and operational needs. In its Notice, FERC pointed out that since their establishment, centralized capacity markets have continued to evolve. Meanwhile, the mix of resources is also evolving in response to changing market conditions, including low natural gas prices, state and federal policies encouraging the entry of renewable resources and other specific technologies, and the retirement of aging generation resources. This changing resource mix, according to FERC, may result in future reliability and operational needs that are different than those of the past. In addition, some states have pursued individual resource adequacy policies to ensure the development of new resources in particular areas or with particular characteristics, and questions have been raised as to how those individual policies can be accommodated in centralized capacity markets.

FERC noted that it has addressed a number of these issues in specific cases, based on the facts and circumstances presented in a given case and the particular centralized capacity market design implemented by individual regions. This technical conference will provide an opportunity to review at a high level the centralized capacity market rules and structures, and will examine how these markets are accomplishing their intended goals and objectives through a competitive, market-based process. Recognizing and respecting differences across the markets, the technical conference will focus on the goals and objectives of existing centralized capacity markets (e.g., resource adequacy, long-term price signals, fixed-cost recovery, etc.) and examine how specific design elements are accomplishing existing and emerging goals and objectives (e.g., forward period, commitment period, product definition and specificity, market power mitigation, etc.).

The technical conference will take place at the Commission on September 25, 2013 from 9:00 a.m. to approximately 5:00 p.m. All interested persons are invited to participate and the conference will be broadcast free by webcast. A supplemental notice will be issued in Docket No. AD13-7-000 with further details regarding the agenda and information regarding interest in speaking at the technical conference.

Article By:

 of

U.S. International Trade Commission Grants Injunctive Relief on Standard Essential Patent

McDermottLogo_2c_rgb

The U.S. International Trade Commission has issued an exclusion order barring importation of certain older model Apple products for infringing a Samsung patent.  The case is significant because the infringed patent was standard essential and encumbered by a commitment to license on fair, reasonable and non-discriminatory terms.  Patent holders and potential defendants should carefully monitor further developments regarding the availability of injunctive relief for infringement of standard essential patents.

On June 4, 2013, the U.S. International Trade Commission (ITC) issued an exclusion order barring the importation and sale of several older model Apple iPhones and iPads for infringing a Samsung patent.  This in itself is unremarkable, as the patent laws permit patent holders to seek monetary and injunctive relief against anyone who infringes their patents, and injunctive relief is commonly granted to prevailing patent holders.  The ITC ruling is noteworthy, however, because the infringed patent was essential to the 3G standard and was subject to a fair, reasonable and non-discriminatory (FRAND) licensing commitment.  The ruling therefore runs counter to views expressed by the U.S. antitrust enforcement agencies to the effect that injunctive relief should be disfavored when dealing with FRAND-encumbered standard essential patents (SEPs), underscoring the growing debate as to the appropriate balance between the rights of SEP holders under the patent laws and antitrust policy.

In September 2012, the presiding administrative law judge (ALJ) ruled that Apple had not infringed any of the patents-in-suit, and that one of those patents was invalid.  Samsung and the staff attorney from the ITC’s Office of Unfair Import Investigations petitioned for review of the ALJ’s decision.  The ITC then requested public comment on its authority to issue an import ban (which is in essence injunctive-type relief) on products that infringe SEPs.  (Monetary damages are not awarded in ITC cases.)  After receiving a number of comments, the ITC issued its decision modifying the ALJ’s construction of certain terms in one of the patents and holding that, as modified, Apple had infringed the patent.  The ITC determined that two of the three remaining patents were not invalid, but also not infringed, and the final of those patents was both invalid and not infringed.  Based on the infringement of one of Samsung’s patents, the ITC issued an import ban with one commissioner dissenting on public interest grounds.

The case arose as part of the broader ongoing intellectual property disputes between Apple and Samsung over popular consumer electronics devices.  The matter has been submitted to the White House and U.S. Trade Representative for a 60-day presidential review period, but it has been decades since an administration overruled an ITC exclusion order.  If the administration does not reverse the decision, Apple can appeal the decision to the U.S. Court of Appeals for the Federal Circuit.

In a recent policy paper entitled “Policy Statement on Remedies for Standards-Essential Patents Subject to Voluntary F/RAND Commitments,” the U.S. Department of Justice Antitrust Division and the U.S. Patent and Trademark Office argued that the ITC and the courts generally should not grant injunctive relief for infringement of SEPs.  The Federal Trade Commission argued the point even more forcefully in a statement submitted last year in ITC investigation 337-TA-752, In re Certain Gaming and Entertainment Consoles, Related Software, and Components Thereof, asserting that on the basis of its mandate to consider the public interest, the ITC should not issue exclusion orders related to FRAND-encumbered SEPs.  In support of their position, these agencies have advanced two principal arguments.  First, they assert that the fact that the patentee voluntarily agreed to license the patent on FRAND terms implies that money damages are a sufficient form of relief.  They therefore argue that if the patentee’s first priority was excluding others from using the patent, it would not have bound itself to FRAND terms or tried to secure the patent’s incorporation into a standard.

Second, the agencies argue that injunctive relief may enable patent “hold-ups” by SEP holders.  At the time a standard setting organization is deciding what technology to adopt, patentees often compete with one another as to whose technology will be adopted.  But once a standard is adopted and large investments are made based on that standard, sunk costs often make switching to a different technology or innovating around the patent prohibitively expensive.  Thus, a company wishing to have its patent incorporated into the standard typically must agree to license that patent on FRAND terms.  The antitrust agencies fear that SEP owners can use the threat of injunctive relief to extract above-FRAND royalties from rivals, and that these additional costs are likely to be passed on to consumers.  The agencies therefore argue that the public interest, which the ITC is charged with taking into account, counsels against exclusion orders in these circumstances.

On the other side of the ledger, SEP holders point out that when a patent holder agrees to license its patent on FRAND terms, it is only making a commitment about the terms on which it will grant a license, not surrendering any remedy afforded by the patent laws.  They go on to argue that the position staked out by the agencies places them in an untenable position because prospective licensees may not accept a proposed license on FRAND terms or may disagree with the SEP holder about whether the terms are, in fact, FRAND.  When a dispute arises over the terms on which a SEP will be licensed, patent holders have a legitimate interest in wanting to ensure their ability to pursue all remedies authorized under the patent laws.  These remedies afford patent holders the ability to protect their intellectual property rights and thereby promote innovation.  Making it more difficult to obtain injunctive relief on SEPs would diminish their incentive to invest in innovation, which is one of the fundamental objectives of the patent laws.

The recent ITC decision represents a clear win for SEP holders, but as noted above, it is subject to further review and possible appeal.  And in all events, the underlying policy debate will most assuredly continue.  As a consequence, it is incumbent both upon patent holders and potential defendants to continue to carefully monitor developments in evaluating the availability of injunctive relief in the context of SEPs.

Article By:

 of

I-94 Automation and the I-9 Process: Making the Immigration Form I-9 More Complicated

Sheppard Mullin 2012

This spring U.S. Customs and Border Protection (CBP) began implementation of a phased in Form I-94, Arrival/Departure Record, automation process. The Form I-94 is issued to all visitors entering the U.S. and assists CBP in tracking temporary non-immigrants, visa overstays, and other relevant information concerning foreign nationals entering the U.S. The new program created a paperless admission process with the ultimate goal of eliminating the paper I-94 card for foreign travelers. The automation enables CBP to organize admission data for sea and air entries easily and accessibly, saving an estimated $15.5 million per year in related costs (not from a reduction in paper). While the effort to move to an electronic system should be commended, the new system may make life a bit more complicated for employers sponsoring foreign workers due to the requirements of the Form I-9, Employment Eligibility Verification Form process. Travelers, with the exception of asylees and refugees who will continue to receive paper Form I-94 cards, will now receive an admission stamp together with a tear sheet providing instructions on how they may access and print their electronic Form I-94 by visiting www.cbp.gov/I94.

How will I-94 automation impact the Form I-9 Employment Eligibility Verification process?

For those employees entering the United States to work for a sponsoring employer, current Form I-9 instructions state that the individual must present his/her foreign passport and I-94 card for recording List A document information. With the new system, however, workers will need to go online to retrieve their I-94 numbers and present employers with their foreign passport and I-94 printout from the CBP Website. Based on our conversations with U.S. Citizenship and Immigration Services (USCIS), it appears that the Service will accept either the paper I-94 card or the printout of the I-94 for Form I-9 purposes in combination with the employee’s foreign passport. Employers collecting an I-94 printout should record it as an “I-94” for Form I-9 purposes, with the issuing authority as “CBP” and the document number and expiration date taken from the printout itself.

In addition, CBP will issue Form I-94 cards to refugees, asylees, and parolees with preprinted numbers on the documents that have been crossed out. CBP officials will hand write the valid admission number on the I-94 card. When completing a Form I-9 for an employee with a paper Form I-94 with a crossed out number, be sure to record the handwritten admission number in Section 2 of the Form I-9 if that employee presents his or her I-94.

Making the process more confusing, the new Form I-9 requires employees to know which government agency issued the I-94 number: USCIS or CBP. If CBP issued the employee’s I-94 number, the employee must complete Section 1 of the Form I-9 with an I-94 number instead of an Alien Registration/USCIS Number and must complete the Form I-9 with their admission number, foreign passport number and country of issuance. Generally, CBP will issue the Form for visitors entering through a land or sea port of entry. However, if USCIS is the government entity that issued the I-94 admission number “N/A” should be entered by the employee for the foreign passport number and country of issuance and the employee should record his/her Form I-94 admission number in Section 1 of the Form I-9. USCIS will issue the Form when there is a change, amendment, or extension of an employee’s status in the United States.

Issues with the Automated System

Some employers have already encountered issues with this new system, as not all new hires have been able to access their I-94 information from the online system. After speaking with CBP officials, it appears that this mainly is occurring when employees enter the country and then begin work almost immediately after entry. CBP is working to correct the problem. In the meantime, employers processing Form I-9 paperwork for new foreign national hires with electronic I-94 documents should use caution when completing the Form and should document the reason for any delays in processing if they are due to errors with the new government system. Completing the Form I-9 paperwork should not be delayed under any circumstance, as late completion could expose a company to liability. In addition, employees with issues accessing their I-94 information should call CBP at 1-877-221-5511 and inquire into their case status and the reason for the delay. Calls to USCIS inquiring into what employers should do in this situation were met with the same response.

If CBP is unable to provide the information for a new hire, the employee may want to consider adding a note to the Form I-9 in Section 1, explaining “No I-94 number available due to a government system issue.” The employee should be reminded to call CBP and continue to check the I-94 website. After the employee’s information is loaded to the system and the employee receives the I-94 number, Section 1 should be amended to include the I-94 number with the appropriate initial and dating. In Section 2 of the Form I-9, the employer should record the foreign passport information and the I-94 stamp information. In the “document number” field, the employer should indicate “I-94 number pending.” Upon receipt of the I-94 printout, the Form should be amended to include the appropriate I-94 number and should be initialed/dated by the employer.

Hopefully the issue of lag time between the entry of data and employee’s first day of work will be remedied by CBP in the coming weeks, but until then be sure that your company has a policy for addressing the situation and that the policy is applied consistently to all foreign national workers.Jennifer Biloshmi also contributed to this article.

Jennifer Biloshmi also contributed to this article.

Article By:

 of

Does A Securities and Exchange Commission (SEC) Attorney Commit An Ethical Violation By Encouraging Whistleblowing Lawyers?

AM logo with tagline

The Harvard Law School Forum on Corporate Governance and Financial Regulation included a comprehensive post by Lawrence A. West which tackles the question of whether attorneys can be award seeking whistleblowers.  I want to approach the topic from the other direction.  May an SEC attorney actively solicit disclosure of client confidences from an member of the California State Bar?

California lawyers are governed by the State Bar Act (Cal. Bus. & Prof. Code §§ 6000 et seq.) and the California Rules of Professional Conduct adopted by the Board of Governors of the State Bar of California and approved by the Supreme Court of California pursuant to Sections 6076 and 6077 of the Business and Professions Code.  The federal District Courts located in California have adopted California’s statutes, rules and decisions governing attorney conduct.  Central District Local Rule 83-3.1.2, Eastern District Local Rule 180(e), Northern District Local Rule 11-4, and Southern District Local Rule 83.4(b).

Section 6068(e) provides that members of the California bar must “maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client”.   The only statutory exception permits, but does not require, an attorney to ”reveal confidential information relating to the representation of a client to the extent that the attorney reasonably believes the disclosure is necessary to prevent a criminal act that the attorney reasonably believes is likely to result in death of, or substantial bodily harm to, an individual”.

Rule 1-120 of the California Rules of Professional Conduct provides that a member “shall not knowingly assist in, solicit, or induce any violation of these rules or the State Bar Act,” including Section 6068(e).   Thus, an SEC attorney who is a member of the California State Bar (or subject to the local rules of the U.S. District Court) could be found to violate Rule 1-120 if she actively induces an attorney to violate of Section 6068(e).

Of course, the SEC has taken the position that its attorney conduct rules (aka “Part 205 Rules”) preempt conflicting state law.  However, there is a real question of whether the SEC acted in excess of its authority in purporting to immunize lawyers.  More importantly, it is questionable whether the SEC can preempt state law in this regard.  In 2004, I co-wrote a law review article for the Corporations Committee of the Business Law Section of the State Bar that considered these questions in detail, Conflicting Currents: The Obligation to Maintain Inviolate Client Confidences and the New SEC Attorney Conduct Rules32 Pepp. L. Rev. 89 (2004).  The other authors were James F. Fotenos, Steven K. Hazen, James R. Walther, and Nancy H. Wojtas.

If you think it is ok to violate your client’s confidences, you may want to reflect on the case of Dimitrious P. Biller.  In 2011, an arbitrator order Mr. Biller to pay his former employer $2.6 million in damages and $100,000 in punitive damages.   According to the arbitrator,Hon. Gary L. Taylor (Ret.), Mr. Biller “did the professionally unthinkable: he betrayed the confidences of his client.”  The arbitration award was confirmed by the trial court and upheld by the Ninth Circuit Court of Appeals, Biller v. Toyota Motor Corp., 668 F.3d 655 (9th Cir. 2012).  You may also want to consider what Justice Shinn had to say about an attorney who disclosed confidential client information after being ordered to do so by a trial court:

Defendant’s attorney should have chosen to go to jail and take his chances of release by a higher court

People v. Kor, 277 P.2d 94, 101 (Cal. Ct. App. 1954) (emphasis added).

Finally, you may want to put yourself in the position of a client.  How effectively represented would you feel if you knew that your lawyer could be rewarded for violating your confidences?  How would you feel about a government agency that believes it is permissible to encourage lawyers to do the “professionally unthinkable”?

Article By:

 of

FTC v. Actavis, Inc.: Supreme Court Rules That Reverse Patent Settlements May Violate Antitrust Laws

Womble Carlyle

On April 29, 2013, the Supreme Court declined to review a decision that had created uncertainty as to when a manufacturer’s customer loyalty program may violate antitrust laws. Most circuits considering the issue have found that companies can use loyalty programs or long-term agreements, as long as the rebates do not price the product below cost. The Third Circuit, however, found that a manufacturer’s customer loyalty program amounted to an unlawful “de facto exclusive dealing contract,” despite the above-cost price of the product. The Supreme Court’s decision to allow the Third Circuit opinion to stand raises many questions as to when manufacturers may use incentive programs and which legal standard will be used to analyze these agreements. Regardless of where a company is located, if the company’s products are sold within the Third Circuit (Pennsylvania, New Jersey, Delaware and the U.S. Virgin Islands), then that company may be impacted by this decision.

The case of ZF Meritor, LLC v. Eaton Corp., 696 F.3d 254 (3d Cir. 2012) cert. denied, ___ U.S. __, 2013 WL 673880 (U.S. Apr. 29, 2013), involved two manufacturers of heavy-duty truck transmissions. The defendant, a leading supplier of these transmissions in North America, signed long-term agreements with its customers. Those agreements provided incentives to its customers, offering rebates to those who purchased a specified percentage of their parts from the defendant manufacturer. The plaintiff, a competitor in the heavy-duty transmission market, brought suit, claiming that the defendant’s long-term agreements constituted illegal exclusive dealing contracts. After trial, a jury found that the agreements stifled competition and violated antitrust laws. The defendant sought to overturn the jury verdict, arguing that its agreements were lawful, because it priced its transmissions above cost. The U.S. District Court for the District of Delaware upheld the jury verdict, however, finding that there was sufficient evidence to conclude that defendant’s conduct unlawfully foreclosed competition. Defendant appealed to the Third Circuit.

On appeal, the defendant urged the Third Circuit to follow the First, Second, Sixth, Eighth, and Ninth Circuits, which apply a “price-cost test” when analyzing long-term agreements which offer above-cost rebates. Under the “price-cost test,” a company is not engaging in anticompetitive conduct if it prices its products above cost. Instead, the Third Circuit applied the “rule of reason” test and found that the customer loyalty program constituted a “de facto exclusive dealing arrangement.” Under the rule of reason, “exclusive dealing arrangements can exclude equally efficient (or potentially equally efficient) rivals, and thereby harm competition, irrespective of below-cost pricing.” Therefore, the Third Circuit upheld the District Court jury verdict, stating that defendant’s  “conduct unlawfully foreclosed a substantial share of the HD transmission market, which would otherwise have been available for rivals.” The defendant then appealed to the Supreme Court, which declined to hear the case, allowing the Third Circuit’s decision to stand.

In refusing to consider the Third Circuit’s decision, the Supreme Court has failed to resolve a conflict in the circuits as to how long-term agreements containing rebates or other incentives will be analyzed by the courts. This conflict removes the predictability of a single “price-cost” standard applied across all circuits and creates uncertainty for manufacturers who wish to offer loyalty programs to their customers. In the future, manufacturers hoping to offer such programs may want to ensure that their agreements can withstand both the price-cost test and rule of reason analysis.

Comprehensive Immigration Reform Proceeds to Senate Floor, Heated Debate Expected to Follow

GT Law

On June 11th, the U.S. Senate voted to move the “Border Security, Economic Opportunity, and Immigration Modernization Act” (S. 744), the comprehensive immigration reform bill drafted by the “Gang of Eight,” to the floor for debate, where it is expected to face dozens of amendments in the coming weeks. The final vote to begin debate on the landmark legislation was 84 in favor and 15 against. Below are some of the key issues that this bill faces on its way to a final vote in the Senate:

Border Security: Senator John Cornyn (R-TX) has signaled support for implementing border security triggers – including a 90% apprehension rate of illegal border crossings – before putting undocumented immigrants on the path to permanent residency. Senator Cornyn’s amendment would also introduce a biometric exit system as well as a nationwide electronic employment eligibility verification program. The measure has already stirred opposition from Democratic senators and immigration advocates, who liken it to a “poison pill” that will indefinitely delay the citizenship prospects of the estimated 11 million undocumented immigrants already in the United States.

Senator Marco Rubio (R-FL), a member of the “Gang of Eight,” has also indicated that he may not be able to support the legislation in its current form without strengthened border security measures. To this end, Senator Rubio and his colleague, Senator Tom Coburn (R-OH) may propose an amendment that would transfer the responsibility for drafting, but not enforcing, a border security plan from the U.S. Department of Homeland Security (DHS) to Congress. Several other drafters of the bill, including Senator Charles Schumer (D-NY), expressed a willingness to include border security triggers so long as they are “both achievable and specific.”

Taking a more expansive approach, Senator Rand Paul (R-KY) plans to offer an amendment that would require Congress to draft and enforce a border security plan, as well as to vote on border security every year for the first five years after the bill takes effect. Democratic senators and immigration advocates oppose this measure, citing unpredictability and partisanship as future hurdles to implementing a path to citizenship.

Taxes: Senator Jeff Sessions (R-AL) plans to re-introduce two amendments that would require families to provide a valid Social Security number to receive a child tax credit and deny the earned-income tax credit to immigrants with temporary legal status, respectively. Both measures previously failed in committee on a party-line vote.

Senator Orrin Hatch (R-UT) is also expected to offer an amendment that would require immigrants to demonstrate that they have paid back taxes and remained current on present obligations as they progress toward citizenship. Senator Hatch may also introduce a measure that would ban immigrants who are legal permanent residents from receiving Affordable Care Act subsidies for five years.

Guns: Senator Richard Blumenthal (D-CT) may offer two amendments restricting access to guns for undocumented immigrants. One of the provisions would eliminate the loophole that allows certain immigrants to purchase firearms, while another would require the Attorney General to alert the Secretary of Homeland Security when an undocumented immigrant or temporary visitor to the U.S. attempts to buy a firearm. Currently, both categories of individuals are legally barred from purchasing firearms.

Same-Sex Benefits: Senator Patrick Leahy (D-VT) is weighing whether to revive an amendment that he reluctantly declined to introduce in committee due to the opposition of his Republican colleagues. The measure would permit U.S. citizens in state-recognized same-sex marriages to apply for permanent residency on behalf of a same-sex spouse, a benefit that is currently afforded to heterosexual couples only.

Article By:

 of

Big Box Retailers and Major Fast Food Chains Targeted by Unions and National Labor Relations Board (NLRB)

Michael Best Logo

The NLRB Rules Against Target

There are more than 1,750 Target stores nationwide, and none have been organized by a union. This fact was not lost on the National Labor Relations Board (the Board) when, on April 26, 2013, it affirmed the decision of an Administrative Law Judge that Target Corporation (Target)’s no-solicitation/no-distribution policy violated the National Labor Relations Act (the Act) and ordered Target to amend its policies nationwide. The consolidated cases, known as Target Corporation and United Food & Commercial Workers (UFCW) Local 1500, 359 NLRB No. 103 (2013), originated when the UFCW filed charges with the Board following an unsuccessful organizing campaign at a Target store in Valley Stream, New York.

The key issue addressed by the Board was whether Target maintained a no-solicitation/no-distribution policy that violated employees’ Section 7 rights under the Act. Target’s policy prohibited solicitation on the store’s premises at all times if it was for “personal profit,” “commercial purposes,” or “a charitable organization that isn’t part of the Target Community Relations program and isn’t designed to enhance the company’s goodwill and business.” The Board focused on the ban on solicitation “for commercial purposes,” finding that Target failed to define the phrase or provide illustrative examples to clarify what it meant. Because the phrase was undefined, the Board found that Target employees could have interpreted the phrase to ban solicitation and distribution on behalf of unions, which would violate the Act.[1]  

Ultimately, the Board ordered Target to rescind nationwide its no-solicitation/no-distribution rule and to:

[f]urnish all current employees nationwide with inserts for their current employee handbooks that (1) advise that the unlawful rules listed above have been rescinded, or (2) provide lawfully-worded rules on adhesive backing that will cover the unlawful rules; or publish and distribute to all current employees nationwide revised employee handbooks that (1) do not contain the unlawful rules, or (2) provide lawfully-worded rules.

The Board also set aside the union’s unsuccessful election attempt and ordered a new election to take place under the direction and supervision of the Regional Director.

Is Walmart The Next Target?

Walmart has more than 4,500 retail locations in the United States, and like Target, none are unionized. In recent months, the UFCW-backed group OUR Walmart has been advocating for strikes in several locations. On May 28, 2013, several media outlets reported a new round of strikes coordinated by OUR Walmart in advance of Walmart’s June 7, 2013 annual shareholder meeting.

In addition to the strike efforts, the UFCW, OUR Walmart, and Walmart have filed dozens of NLRB charges against each other in 2013. In May, the labor-backed group filed a new round of charges with the NLRB. Meanwhile, Walmart has filed lawsuits against the UFCW and OUR Walmart in Florida and California state courts in recent months alleging trespass and unlawful organizing activity on Walmart property.

Though the Board is currently under scrutiny based on recent court decisions invalidating the President’s recess appointments, the charges against Walmart provide it with another opportunity to make a nationwide statement against a non-union employer. Given the Board’s recent penchant for union activism, do not be surprised if it takes a close look at Walmart’s policies and practices in the coming months.

The Fast Food Industry

On May 15, 2013 hundreds of Milwaukee fast food workers walked off their jobs and launched a one-day strike demanding a raise to $15 per hour and the right to unionize without intimidation or retaliation. This was the fifth such strike in six weeks, following strikes in St. Louis and Detroit the week before, and in New York and Chicago in April. In each of those strikes, local groups organized fast food workers with support from the Service Employees International Union (SEIU), one of the nation’s largest unions. All of these strikes were preceded or followed by the filing of a slew of NLRB charges against the employers, alleging myriad unfair labor practices.

These strikes share several common characteristics. Each was a one-day strike by fast food workers, backed by ad hoc coalitions of unions and community groups. In the case of the Milwaukee strike, the organizing group was called “Wisconsin Citizen Action,” and the campaign was called “Raise Up, MKE.” The St. Louis campaign was called “STL Can’t Survive on $7.35,” and Detroit’s was called “D15.” These strikes have all been part of “minority unionism” campaigns, where the focus is on staging actions by a minority of the workforce designed to inspire their co-workers, rather than waiting until they have gained support from a majority of the workers. The short duration of the strike is calculated to minimize the risk that striking workers will be replaced by their employers after walking off.

The spread of these fast food strikes, as well as strikes by non-union workers in retailers like Walmart, comes amid a long-term decline in strikes in the U.S. Both the fast food and retail industries are overwhelmingly not unionized. The strategy pursued by the groups organizing these strikes is thus one of spectacle or demonstration, calling attention to the wages and working conditions of the employees in these industries.

[1] Oddly, the Board overruled a second finding by the Administrative Law Judge that a policy instructing employees to report unknown persons seen loitering the parking lot also violated Section 7 of the Act. The Board noted it would not conclude that a reasonable employee would read a rule to violate Section 7 simply because the rule could be interpreted that way.

Article By:

New Cybersecurity Guidance Released by the National Institute of Standards and Technology: What You Need to Know for Your Business

Mintz Logo

The National Institute of Standards and Technology (“NIST”)1 has released the fourth revision of its standard-setting computer security guide, Special Publication 800-53 titled Security and Privacy Controls for Federal Information Systems and Organizations2 (“SP 800-53 Revision 4”), and this marks a very important release in the world of data privacy controls and standards. First published in 2005, SP 800-53 is the catalog of security controls used by federal agencies and federal contractors in their cybersecurity and information risk management programs. Developed by NIST, the Department of Defense, the Intelligence Community, the Committee on National Security Systems as part of the Joint Task Force Transformation Initiative Interagency Working Group3over a period of several years with input collected from industry, Revision 4 “is the most comprehensive update to the security controls catalog since the document’s inception in 2005.”4

Taking “a more holistic approach to information security and risk management,5” the new revision of SP 800-53 also includes, for the first time, a catalog of privacy controls (the “Privacy Controls”) and offers guidance in the selection, implementation, assessment, and ongoing monitoring of the privacy controls for federal information systems, programs, and organizations (the “Privacy Appendix”).6 The Privacy Controls are a structured set of standardized administrative, technical, and physical safeguards, based on best practices, for the protection of the privacy of personally identifiable information (“PII”)7 in both paper and electronic form during the entire life cycle8of the PII, in accordance with federal privacy legislation, policies, directives, regulations, guidelines, and best practices.9 The Privacy Controls can also be used by organizations that do not collect and use PII, but otherwise engage in activities that raise privacy risk, to analyze and, if necessary, mitigate such risk.

Description of the Eight Families of Privacy Controls

The Privacy Appendix catalogs eight privacy control families, based on the widely accepted Fair Information Practice Principles (FIPPs)10 embodied in the Privacy Act of 1974, Section 208 of the E-Government Act of 2002, and policies of the Office of Management and Budget (OMB). Each of the following eight privacy control families aligns with one of the eight FIPPs:

  1. Authority and Purpose. This family of controls ensures that an organization (i) identifies the legal authority for its collection of PII or for engaging in other activities that impact privacy, and (ii) describes the purpose of PII collection in its privacy notice(s).
  2. Accountability, Audit, and Risk Management. This family of controls ensures that an organization (i) develops and implements a comprehensive governance and privacy program; (ii) documents and implements a privacy risk management process that assesses privacy risk to individuals resulting from collection of PII and/or other activities that involve such PII; (iii) conducts Privacy Impact Assessments (“PIAs”) for information systems, programs, or other activities that pose a privacy risk; (iv) establishes privacy requirements for contractors and service providers and includes such requirements in the agreements with such third parties; (v) monitors and audits privacy controls and internal privacy policy to ensure effective implementation; (vi) develops, implements, and updates a comprehensive awareness and training program for personnel; (vii) engages in internal and external privacy reporting; (viii) designs information systems to support privacy by automating privacy controls, and (ix) maintains an accurate accounting of disclosures of records in accordance with the applicable requirements and, upon request, provides such accounting of disclosures to the persons named in the record.
  3. Data Quality and Integrity. This family of controls ensures that an organization takes reasonable steps to validate that the PII collected and maintained by the organization is accurate, relevant, timely, and complete.
  4. Data Minimization and Retention. This family of controls addresses (i) the implementation of data minimization requirements to collect, use, and retain only PII that is relevant and necessary for the original, legally authorized purpose of collection, and (ii) the implementation of data retention and disposal requirements.
  5. Individual Participation and Redress. This family of controls addresses implementation of processes (i) to obtain consent from individuals for the collection of their PII, (ii) to provide such individuals with access to the PII, (iii) to correct or amend collected PII, as appropriate, and (iv) to manage complaints from individuals.
  6. Security. This family of controls supplements the security controls in Appendix F and are implemented in coordinating with information security personnel to ensure that the appropriate administrative, technical, and physical safeguards are in place to (i) protect the confidentiality, integrity, and availability of PII, and (ii) to ensure compliance with applicable federal policies and guidance.
  7. Transparency. This family of controls ensures that organizations (i) provide clear and comprehensive notices to the public and to individuals regarding their information practices and activities that impact privacy, and (ii) generally keep the public informed of their privacy practices.
  8. Use Limitation. This family of controls addresses the implementation of mechanisms that ensure that an organization’s scope of use of PII is limited to the scope specified in their privacy notice or as otherwise permitted by law.

Some of the Privacy Controls, such as Data Quality and Integrity, Data Minimization and Retention, Individual Participation and Redress, and Transparency also contain control enhancements, and while these enhancements reflect best practices which organizations should strive to achieve, they are not mandatory.11 The Office of Management and Budget (“OMB”), tasked with enforcement of the Privacy Controls, expects all federal agencies and third-party contractors to implement the mandatory Privacy Controls by April 30, 2014.

The privacy families must be analyzed and selected based on the specific operational needs and privacy requirements of each organization and can be implemented at various operational levels (e.g., organization level, mission/business process level, and/or information system level12). The Privacy Controls and the roadmap provided in the Privacy Appendix will be primarily used by Chief Privacy Officers (“CPO”) or Senior Agency Officials for Privacy (“SAOP”) to develop enterprise-wide privacy programs or to improve an existing privacy programs in order to meet an organization’s privacy requirements and demonstrate compliance with such requirements. The Privacy Controls supplement and complement the security control families set forth in Appendix F (Security Control Catalog) and Appendix G (Information Security Programs) and together these controls can be used by an organization’s privacy, information security, and other risk management offices to develop and maintain a robust and effective enterprise-wide program for management of information security and privacy risk.

What You Need to Know

The Privacy Appendix is based upon best practices developed under current law, regulations, policies, and guidance applicable to federal information systems, programs, and organizations, and by implication, to their third-party contractors. If you provide services to the federal government, work on government contracts, or are the recipient of certain grants that may require compliance with federal information system security practices, you should already be sitting up and paying attention. This revision puts privacy up front with security.

Like other NIST publications, this revision will be looked at as an industry standard for best practices, even for commercial entities that are not doing business with the federal government. In fact, over the last few years, we have seen increasing references to compliance with NIST 800-53 as setting a contractual baseline for security. We expect that this will continue, and now will include both the Security Controls and the Privacy Controls. As such, general counsel, business executives and IT professionals should become familiar with and conversant in the Privacy Controls set forth in the new revision to SP 800-53. At a minimum, businesses should undertake a gap analysis of the privacy controls at their organization against these Privacy Controls to determine if they are up to par or if they have to enhance their current privacy programs. And, if NIST 800-53 appears in contract language as the “minimum standard” to which your company’s policies and procedures must comply, the gap analysis will at least inform you of what needs to be done to bring both your privacy and security programs up to speed.

1 The National Institute of Standards and Technology is a non-regulatory agency within the U.S. Department of Commerce, which, among other things, develops information security standards and guidelines, including minimum requirements for federal information systems to assist federal agencies in implementing the Federal Information Security Management Act of 2002.

2 See Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publ. (SP) 800-53,
Rev. 4 (April 30, 2013), http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.

3 The Joint Task Force Transformation Initiative Interagency Working Group is an interagency partnership formed in 2009 to produce a unified security framework for the federal government. It includes representatives from the Civil, Defense, and Intelligence Communities of the federal government.

4 See NIST Press Release for SP 800-53 Revision 4 at http://www.nist.gov/itl/csd/201304_sp80053.cfm. Revision 4 of
SP 800-53 adds a substantial number of security controls to the catalog, including controls that address new technology such as digital and mobile technologies and cloud computing. With the exception of the controls that address evolving technologies, the majority of the cataloged security controls are policy and technology neutral, focusing on the fundamental safeguards and countermeasures required to protect information during processing, while in storage, and during transmission.

5 See NIST Press Release for SP 800-53 Revision 4 at http://www.nist.gov/itl/csd/201304_sp80053.cfm.

6 See Appendix J, Privacy Control Catalog to Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publ. (SP) 800-53, Rev. 4 (April 30, 2013),http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. Appendix J was developed by NIST and the Privacy Committee of the Federal Chief Information Officer (CIO) Council.

7 Personally Identifiable Information is defined broadly in the Glossary to SP 800-53 Revision 4 as “Information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linked or likable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.). See page B-16 of Appendix B, Privacy Control Catalog to Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publ. (SP) 800-53, Rev. 4 (April 30, 2013),http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. However, as stated in footnote 119 in Appendix J, “the privacy controls in this appendix apply regardless of the definition of PII by organizations.”

8 Collection, use, retention, disclosure, and disposal of PII.

9 See page J-4 of Appendix J, Privacy Control Catalog to Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publ. (SP) 800-53, Rev. 4 (April 30, 2013),http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.

10 See NIST description and overview of Fair Information Practice Principles at http://www.nist.gov/nstic/NSTIC-FIPPs.pdf.

11 See pages J-4 of Appendix J, Privacy Control Catalog to Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publ. (SP) 800-53, Rev. 4 (April 30, 2013),http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.

12 See page J-2 of Appendix J, Privacy Control Catalog to Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publ. (SP) 800-53, Rev. 4 (April 30, 2013),http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.