Category: Administrative & Regulatory

Multistate Coalition Supports EPA’s Proposed Revisions to the Safer Choice Standard

As reported in our December 5, 2023, memorandum, the U.S. Environmental Protection Agency (EPA) proposed updates to the Safer Choice Standard on November 14, 2023, that include a name change to the Safer Choice and Design for the Environment (DfE) Standard (Standard), an update to the packaging criteria, the addition of a Safer Choice certification for cleaning service providers, a provision allowing for preterm partnership termination under exceptional circumstances, and the addition of several product and functional use class requirements. 88 Fed. Reg. 78017. On January 16, 2024, California Attorney General Rob Bonta announced that, alongside a coalition of 12 attorneys general, he submitted a comment letter that:

  • Supports EPA’s proposed revisions to its Safer Choice Standard;
  • Recommends that EPA not allow products with plastic primary packaging to use the Safer Choice label or DfE logo;
  • Recommends that if EPA does allow products with plastic primary packaging to use the label and logo, EPA should prohibit the use of chemical recycling in meeting the proposed standard’s plastic packaging recycled content requirements; and
  • Calls on EPA to exclude any products or packaging that contain any per- and polyfluoroalkyl substances (PFAS), “whether intentionally introduced or not.”
©2024 Bergeson & Campbell, P.C.
For more news on EPA’s Safer Choice Standard, visit the NLR Environmental, Energy & Resources section.

2023 Cybersecurity Year In Review

2023 was another busy year in the realm of data event and cybersecurity litigations, with several noteworthy developments in the realm of disputes and regulator activity. Privacy World has been tracking these developments throughout the year. Read on for key trends and what to expect going into the 2024.

Growth in Data Events Leads to Accompanying Increase in Claims

The number of reportable data events in the U.S. in 2023 reached an all-time high, surpassing the prior record set in 2021. At bottom, threat actors continued to target entities across industries, with litigation frequently following disclosure of data events. On the dispute front, 2023 saw several notable cybersecurity consumer class actions concerning the alleged unauthorized disclosure of sensitive personal information, including healthcare, genetic, and banking information. Large putative class actions in these areas included, among others, lawsuits against the hospital system HCA Healthcare (estimated 11 million individuals involved in the underlying data event), DNA testing provider 23andMe (estimated 6.9 million individuals involved in the underlying data event), and mortgage business Mr. Cooper (estimated 14.6 million individuals involved in the underlying data event).

JPML Creates Several Notable Cybersecurity MDLs

In 2023 the Judicial Panel on Multidistrict Litigation (“JPML”) transferred and centralized several data event and cybersecurity putative class actions. This was a departure from prior years in which the JPML often declined requests to consolidate and coordinate pretrial proceedings in the wake of a data event. By way of example, following the largest data breach of 2023—the MOVEit hack affecting at least 55 million people—the JPML ordered that dozens of class actions regarding MOVEit software be consolidated for pretrial proceedings in the District of Massachusetts. Other data event litigations similarly received the MDL treatment in 2023, including litigations against SamsungOverby-Seawell Company, and T‑Mobile.

Significant Class Certification Rulings

Speaking of the development of precedent, 2023 had two notable decisions addressing class certification. While they arose in the cybersecurity context, these cases have broader applicability in other putative class actions. Following a remand from the Fourth Circuit, a judge in Maryland (in a MDL) re-ordered the certification of eight classes of consumers affected by a data breach suffered by Mariott. See In Re: Marriott International, Inc., Customer Data Security Breach Litigation,No. 8:19-md-02879, 2023 WL 8247865 (D. Md. Nov. 29, 2023). As explained here on PW, the court held that a class action waiver provision in consumers’ contracts did not require decertification because (1) Marriott waived the provision by requesting consolidation of cases in an MDL outside of the contract’s chosen venue, (2) the class action waiver was unconscionable and unenforceable, and (3) contractual provisions cannot override a court’s authority to certify a class under Rule 23.

The second notable decision came out of the Eleventh Circuit, where the Court of Appeals vacated a district court’s certification of a nationwide class of restaurant customers in a data event litigation. See Green-Cooper v. Brinker Int’l, Inc., No. 21-13146, 73 F. 4th 883 (11th Cir. July 11, 2023). In a 2-1 decision, a majority of the Court held that only one of the three named plaintiffs had standing under Article III of the U.S. Constitution, and remanded to the district court to reassess whether the putative class satisfied procedural requirements for a class. The two plaintiffs without standing dined at one of the defendant’s restaurants either before or after the time period that the restaurant was impacted by the data event, which the Fourth Circuit held to mean that any injury the plaintiffs suffered could not be traced back to defendant.

Standing Challenges Persist for Plaintiffs in Data Event and Cybersecurity Litigations

Since the Supreme Court’s TransUnion decision in 2021, plaintiffs in data breach cases have continued to face challenges getting into or staying in federal court, and opinions like Brinker reiterate that Article III standing issues are relevant at every stage in litigation, including class certification. See, also, e.g.Holmes v. Elephant Ins. Co., No. 3:22-cv-00487, 2023 WL 4183380 (E.D. Va. June 26, 2023) (dismissing class action complaint alleging injuries from data breach for lack of standing). Looking ahead to 2024, it is possible that more data litigation plays out in state court rather than federal court—particularly in the Eleventh Circuit but also elsewhere—as a result.

Cases Continue to Reach Efficient Pre-Trial Resolution

Finally in the dispute realm, several large cybersecurity litigations reached pre-trial resolutions in 2023. The second-largest data event settlement ever—T-Mobile’s $350 million settlement fund with $150 million in data spend—received final approval from the trial court. And software company Blackbaud settled claims relating to a 2020 ransomware incident with 49 states Attorneys General and the District of Columbia to the tune of $49.5 million. Before the settlement, Blackbaud was hit earlier in the year with a $3 million fine from the Securities and Exchange Commission. The twin payouts by Blackbaud are cautionary reminders that litigation and regulatory enforcement on cyber incidents often go-hand-in-hand, with multifaceted risks in the wake of a data event.

FTC and Cybersecurity

Regulators were active on the cybersecurity front in 2023, as well. Following shortly after a policy statement by the Health and Human Resources Office of Civil Rights policy Bulletin on use of trackers in compliance with HIPAA, the FTC announced settlement of enforcement actions against GoodRxPremom, and BetterHelp for sharing health data via tracking technologies with third parties resulting in a breach of Personal Health Records under the Health Breach Notification Rule. The FTC also settled enforcement actions against Chegg and Drizly for inadequate cybersecurity practices which led to data breaches. In both cases, the FTC faulted the companies for failure to implement appropriate cybersecurity policies and procedures, access controls, and securely store access credentials for company databases (among other issues).

Notably, in Drizly matter, the FTC continued ta trend of holding corporate executives responsible individually for his failure to implement “or properly delegate responsibility to implement, reasonable information security practices.” Under the consent decree, Drizly’s CEO must implement a security program (either at Drizly or any company to which he might move that processes personal information of 25,000 or more individuals and where he is a majority owner, CEO, or other senior officer with information security responsibilities).

SEC’s Focus on Cyber Continues

The SEC was also active in cybersecurity. In addition to the regulatory enforcement action against Blackbaud mentioned above, the SEC initiated an enforcement action against a software company for a cybersecurity incident disclosed in 2020. In its complaint, the SEC alleged that the company “defrauded…investors and customers through misstatements, omissions, and schemes that concealed both the Company’s poor cybersecurity practices and its heightened—and increasing—cybersecurity risks” through its public statements regarding its cybersecurity practices and risks. Like the Drizly matter, the SEC charged a senior company executive individually—in this case, the company’s CISO—for concealing the cybersecurity deficiencies from investors. The matter is currently pending. These cases reinforce that regulators will continue to hold senior executives responsible for oversight and implementation of appropriate cybersecurity programs.

Notable Federal Regulatory Developments

Regulators were also active in issuing new regulations on the cybersecurity front in 2023. In addition to its cybersecurity regulatory enforcement actions, the FTC amended the GLBA Safeguards Rule. Under the amended Rule, non-bank financial institutions must provide notice to notify the FTC as soon as possible, and no later than 30 days after discovery, of any security breach involving the unencrypted information of 500 or more consumers.

Additionally, in March 2024, the SEC proposed revisions to Regulation S-P, Rule 10 and form SCIR, and Regulation SCI aimed at imposing new incident reporting and cybersecurity program requirements for various covered entities. You can read PW’s coverage of the proposed amendments here. In July, the SEC also finalized its long-awaited Cybersecurity Risk Management and Incident Disclosure Regulations. Under the final Regulations, public companies are obligated to report regarding material cybersecurity risks, cybersecurity risk management and governance, and board of directors’ oversight of cybersecurity risks in their annual 10-K reports. Additionally, covered entities are required to report material cybersecurity incidents within four business days of determining materiality. PW’s analysis of the final Regulations are here.

New State Cybersecurity Regulations

The New York Department of Financial Services also finalized amendments to its landmark Cybersecurity Regulations in 2023. In the amended Regulations, NYDFS creates a new category of companies subject to heightened cybersecurity standards: Class A Companies. These heightened cybersecurity standards would apply only to the largest financial institutions (i.e., entities with at least $20 million in gross annual revenues over the last 2 fiscal years, and either (1) more than 2,000 employees; or (2) over $1 billion in gross annual revenue over the last 2 fiscal years). The enhanced requirements include independent cybersecurity audits, enhanced privileged access management controls, and endpoint detection and response with centralized logging (unless otherwise approved in writing by the CISO). New cybersecurity requirements for other covered entities include annual review and approval of company cybersecurity policy by a senior officer or the senior governing body (i.e., board of directors), CISO reporting to the senior governing body, senior governing body oversight, and access controls and privilege management, among others. PW’s analysis of the amended NYDFS Cybersecurity Regulations is here.

On the state front, California Privacy Protection Agency issued draft cybersecurity assessment regulations as required by the CCPA. Under the draft regulations, if a business’s “processing of consumers’ personal information presents significant risk to consumers’ security”, that business must conduct a cybersecurity audit. If adopted as proposed, companies that process a (yet undetermined) threshold number of items of personal information, sensitive personal information, or information regarding consumers under 16, as well as companies that exceed a gross revenue threshold will be considered “high risk.” The draft regulations outline detailed criteria for evaluating businesses’ cybersecurity program and documenting the audit. The draft regulations anticipate that the audit results will be reported to the business’s board of directors or governing body and that a representative of that body will certify that the signatory has reviewed and understands the findings of the audit. If adopted, businesses will be obligated to certify compliance with the audit regulations to the CPPA. You can read PW’s analysis of the implications of the proposed regulations here.

Consistent with 2023 enforcement priorities, new regulations issued this year make clear that state and federal regulators are increasingly holding senior executives and boards of directors responsible for oversight of cybersecurity programs. With regulations explicitly requiring oversight of cybersecurity risk management, the trend toward holding individual executives responsible for egregious cybersecurity lapses is likely to continue into 2024 and beyond.

Looking Forward

2023 demonstrated “the more things change, the more they stay the same.” Cybersecurity litigation trends were a continuation the prior two years. Something to keep an eye on in 2024 remains the potential for threatened individual officer and director liability in the wake of a widespread cyberattack. While the majority of cybersecurity litigations filed continue to be brought on behalf of plaintiffs whose personal information was purportedly disclosed, shareholders and regulators will increasingly look to hold executives responsible for failing to adopt reasonable security measures to prevent cyberattacks in the first instance.

Needless to say, 2024 should be another interesting year on the cybersecurity front. This is particularly so for data event litigations and for data developments more broadly.

© Copyright 2024 Squire Patton Boggs (US) LLP
by: Kristin L. Bryan , Shea Leitch , James Brennan of Squire Patton Boggs (US) LLP
For more news on Data Event and Cybersecurity Litigations in 2023, visit the NLR Communications, Media & Internet section.

Corporate Transparency Act Requires Disclosure of Information Regarding Beneficial Owners to FinCEN

The new year brings the most expansive disclosure requirements for U.S. business entities since the Depression. Starting January 1, 2024, U.S. companies and foreign companies operating in the United States will be required to report their beneficial owners and principal officers to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) pursuant to the Corporate Transparency Act (CTA) adopted as part of the 2021 National Defense Authorization Act, unless subject to specific exemptions.

Who Is Required to Report?
The CTA’s filing requirements (31 CFR 1010.380(c)(1)) apply to both domestic reporting companies and foreign reporting companies.

  • Domestic reporting companies are corporations, limited liability companies and any other entity registered to do business in any state or tribal jurisdiction by the filing of a document with the secretary of state or similar official.
  • Foreign reporting companies are business entities formed under the law of a foreign country that are registered to do business in any state or tribal jurisdiction by the filing of a document with the secretary of state or similar official

The CTA provides 23 categories of exemption. The following types of entities are not required to file reports with FinCEN:

  • Large Operating Companies
    This exemption applies to entities that (1) have 20 people or more full time employees in the United States, (2) have gross revenue (or sales) in excess of $5 million on their prior year’s tax return and (3) have a physical office in the United States.
  • Securities Reporting Issuers
  • Governmental Authorities
  • Banks
  • Credit Unions
  • Depository Institution Holding Companies
  • Money Services Businesses
  • Brokers and Dealers in Securities
  • Securities Exchanges and Clearing Agencies
  • Other Exchange Act Registered Entities
  • Investment Companies and Investment Advisers
  • Venture Capital Fund Advisers
  • Insurance Companies
  • State-Licensed Insurance Producers
  • Commodity Exchange Act Registered Entities
  • Accounting Firms
  • Public Utilities
  • Financial Market Utilities
  • Pooled Investment Vehicles
  • Tax-Exempt Entities
  • Entities Assisting a Tax-Exempt Entity
  • Subsidiaries of Certain Exempt Entities
  • Inactive Entities

It is worth noting that the definition of reporting companies is not limited to corporations and limited liability companies. Limited partnerships, professional service entities and other entities may qualify as reporting companies and, if so, are required to comply with the CTA’s reporting requirements.

How Does a Company Comply?
FinCEN requires affected companies to file beneficial ownership information reports (BOI Reports) using an electronic filing system. See the BOI E-Filing System.

What Information Should Be Reported?
Reporting companies must identify beneficial owners in their BOI Reports.

Beneficial owners are defined as individuals who directly or indirectly (1) exercise substantial control over a reporting company or (2) own or control at least 25 percent of ownership interests of a reporting company. Ownership interests covered by the CTA may include profits interests, convertible instruments, options and contractual arrangements as well as equity securities. In addition, owners who hold their ownership interests jointly or through a trust, agent or other intermediary are also required to be identified – although minors are generally exempted from reporting obligations.

Senior officers (typically, the president, CEO, CFO, COO and officers who perform similar functions); individuals with the ability to appoint senior officers or a majority of the board of directors or a similar body; and anyone else who directs, determines or has substantial input to other important decisions of a reporting company also need to be identified in BOI Reports as individuals exercising substantial control over reporting companies.

Reporting companies created on or after January 1, 2024, also must identify “company applicants” in their BOI Reports. Company applicants are the individuals who filed the documents creating the reporting company and individuals primarily responsible for directing or controlling the filing of documents creating a reporting company.

BOI Reports must contain the following information regarding the reporting company:

  • Legal name
  • Any trade name or d/b/a name
  • Address of the company’s principal place of business in the United States
  • Jurisdiction of formation
  • Taxpayer Identification Number.

BOI Reports must contain the following information regarding each beneficial owner and company applicant:

  • Full legal name
  • Date of birth
  • Current address
  • Copy of a passport, driver’s license or other identification document.

Every person who files a BOI Report must certify the information contained is true, correct and complete.

Information contained in BOI Reports will not be available to the public. However, FinCEN is authorized to disclose such information to:

  • U.S. federal agencies engaged in national security, intelligence or law enforcement activity
  • With court approval, to certain other state or local law enforcement agencies
  • Non-U.S. law enforcement agencies at the request of a U.S. federal law enforcement agency, prosecutor or judge
  • With the consent of the reporting company, financial institutions and their regulators
  • Federal regulators in assessing financial institutions compliance with customer due diligence requirements
  • The U.S. Department of the Treasury for purposes including tax administration.

Is There a Fee?
No fee is required in connection with filing of BOI Reports.

When Do Companies Need to File?
U.S. and foreign reporting companies that were formed or registered to do business in the United States prior to January 1, 2024, must file their initial BOI Reports no later than January 1, 2025. U.S. and foreign reporting companies formed on or after January 1, 2024, must file their initial BOI Reports within 90 days of receipt of notice of formation.

Reporting companies are required to file updated reports with FinCEN within 30 days of occurrence of a change in any of the information contained in their BOI Reports.

What If There Are Changes or Inaccuracies in the Reported Information?
Inaccuracies in BOI Reports must be corrected within 30 days of the date a reporting company becomes aware of or had reason to know of such inaccuracy. FinCEN has indicated that there will be no penalties for filing inaccurate BOI Reports if such reports are corrected within 90 days of their filing.

What If a Company Fails to File?
The willful failure to report the information required by the CTA or filing fraudulent information under the CTA may result in civil or criminal penalties, including penalties of up to $500 per day as long as a violation continues, imprisonment for up to two years and a fine of up to $10,000. Senior officers of an entity that fails to file a required report may be held accountable for such failure.

If you have questions regarding the provisions of the CTA or its applicability to your company, you may go to the FinCEN website.

© 2024 Wilson Elser
For more on the Corporate Transparency Act, visit the NLR Corporate & Business Organizations section.

Updated Merger Guidelines Finalized

On December 18, 2023, the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) jointly issued a significantly revised version of the Merger Guidelines that describes the frameworks the enforcement agencies use when evaluating potential mergers.

The newly finalized Merger Guidelines are the result of a nearly two-year effort that involved both agencies soliciting public input via listening sessions, written comments, and workshops.

The agencies describe the new Merger Guidelines as necessary to address the modern economy and how firms now do business. The Merger Guidelines are broken into multiple sections: Guidelines 1–6 describe the frameworks the agencies use when attempting to identify a merger that the agencies believe raises a prima facie concern, while Guidelines 7–11 explain how to apply those frameworks in specific settings. The guidelines also identify evidence the agencies will consider to potentially rebut an inference of competitive harm. Finally, these guidelines include a discussion of the tools the agencies use when evaluating the relevant facts, the potential harm to competition, and how to define the relevant markets.

The Merger Guidelines are notable for signaling the FTC’s and DOJ’s desire to pursue a more aggressive enforcement agenda, specifically, by lowering the threshold at which proposed mergers will be deemed presumptively anticompetitive by those enforcement agencies. The new guidelines also seek to address relatively new concerns the agencies have identified, such as cross-market transactions and sequences of smaller transactions.

©2024 Epstein Becker & Green, P.C. All rights reserved.
For more on Merger Guidelines, visit the NLR Antitrust & Trade Regulation section.

DOL Announces New Independent Contractor Rule

On January 9, 2024, the United States Department of Labor (“DOL”) announced a new rule, effective March 11, 2024, that could impact countless businesses that use independent contractors. The new rule establishes a six-factor analysis to determine whether independent contractors are deemed to be “employees” of those businesses, and thus imposes obligations on those businesses relating to those workers including:  maintaining detailed records of their compensation and hours worked; paying them regular and overtime wages; and addressing payroll withholdings and payments, such as those mandated by the Federal Insurance Contributions Act (“FICA” for Social Security and Medicare), the Federal Unemployment Tax Act (“FUTA”), and federal income tax laws. Further, workers claiming employee status under this rule may claim entitlement to coverage under the businesses’ group health insurance, 401(k), and other benefits programs.

The DOL’s new rule applies to the federal Fair Labor Standards Act (“FLSA”) which sets forth federally established standards for the protection of workers with respect to minimum wage, overtime pay, recordkeeping, and child labor. In its prefatory statement that accompanied the new rule’s publication in the Federal Register, the DOL noted that because the FLSA applies only to “employees” and not to “independent contractors,” employees misclassified as independent contractors are denied the FLSA’s “basic protections.”

Accordingly, when the new rule goes into effect on March 11, 2024, the DOL will use its new, multi-factor test to determine whether, as a matter of “economic reality,” a worker is truly in business for themself (and is, therefore, an independent contractor), or whether the worker is economically dependent on the employer for work (and is, therefore, an employee).

While the DOL advises that additional factors may be considered under appropriate circumstances, it states that the rule’s six, primary factors are: (1) whether the work performed provides the worker with an opportunity to earn profits or suffer losses depending on the worker’s managerial skill; (2) the relative investments made by the worker and the potential employer and whether those made by the worker are to grow and expand their own business; (3) the degree of permanence of the work relationship between the worker and the potential employer; (4) the nature and degree of control by the potential employer; (5) the extent to which the work performed is an integral part of the potential employer’s business; and (6) whether the worker uses specialized skills and initiative to perform the work.

In its announcement, the DOL emphasized that, unlike its earlier independent contractor test which accorded extra weight to certain factors, the new rule’s six primary factors are to be assessed equally. Nevertheless, the breadth and impreciseness of the factors’ wording, along with the fact that each factor is itself assessed through numerous sub-factors, make the rule’s application very fact-specific. For example, through a Fact Sheet the DOL recently issued for the new rule, it explains that the first factor – opportunity for profit or loss depending on managerial skill – primarily looks at whether a worker can earn profits or suffer losses through their own independent effort and decision making, which will be influenced by the presence of such factors as whether the worker: (i) determines or meaningfully negotiates their compensation; (ii) decides whether to accept or decline work or has power over work scheduling; (iii) advertises their business, or engages in other efforts to expand business or secure more work; and (iv) makes decisions as to hiring their own workers, purchasing materials, or renting space. Similar sub-factors exist with respect to the rule’s other primary factors and are explained in the DOL’s Fact Sheet.

The rule will likely face legal challenges by business groups. Further, according to the online newsletter of the U.S. Senate Health, Education, Labor and Pensions Committee, its ranking member, Senator Bill Cassidy, has indicated that he will seek to repeal the rule. Also, in the coming months, the United States Supreme Court is expected to decide two cases that could significantly weaken the regulations issued by federal agencies like the DOL’s new independent contractor rule, Loper Bright Enterprises v. Raimondo and Relentless Inc. v. U.S. Dept. of Commerce. We will continue to monitor these developments.1

In the meantime, we recommend that businesses engaging or about to engage independent contractors take heed. Incorrect worker classification exposes employers to the FLSA’s significant statutory liabilities, including back pay, liquidated damages, attorneys’ fees to prevailing plaintiffs, and in some case, fines and criminal penalties. Moreover, a finding that an independent contractor has “employee” status under the FLSA may be considered persuasive evidence of employee status under other laws, such as discrimination laws. Additionally, existing state law tests for determining employee versus independent contractor status must also be considered.

1 The DOL’s independent contractor rule is not the only new federal agency rule being challenged. On January 12, 2024, the U.S. House of Representatives voted to repeal the NLRB’s recently announced joint-employer rule, which we discussed in our Client Alert of November 10, 2023.

Eric Moreno contributed to this article.

© Copyright 2024 Sills Cummis & Gross P.C.
For more on the Independent Contractor Rule, visit the NLR Labor & Employment section.

OSHA and NLRB Set Forth MOU to Strengthen Protections for the Health and Safety of Workers: A 2024 Outlook

On October 31, 2023, the National Labor Relations Board (NLRB) and Occupational Safety and Health Administration (OSHA) entered into a Memorandum of Understanding (MOU) to strengthen their interagency partnership. The purpose of this partnership is to establish a process for information sharing, referrals, training, and outreach between the agencies. Additionally, the agencies wish to address certain anti-retaliation and whistleblowing issues through this collaboration.

Since 1975, the NLRB and OSHA have engaged in cooperative efforts during investigations. According to NLRB General Counsel Jennifer Abruzzo and OSHA Assistant Secretary Doug Parker, the MOU seeks to strengthen this interoffice coordination in an effort to provide greater protection for workers to speak out on unsafe working conditions without fear of punishment or termination.

Exchange of Information

According to the MOU, the NLRB and OSHA “may share, either upon request or upon the respective agency’s own initiative, any information or data that supports each agency’s enforcement mandates, whether obtained during an investigation or through any other sources.” This information may include complaint referrals and information in complaint or investigative files. The MOU notes that this information will be shared only if it is relevant or necessary to the recipient agency’s enforcement responsibilities and ensures that the sharing of information is compatible with the purposes of the agency that is collecting the records.

For example, if OSHA learns during an investigation that there are potential victims of unfair labor practices who have not filed a complaint with the NLRB, OSHA will explain the employees’ rights and provide them with the NLRB’s phone number and web address. Additionally, if an employee files with OSHA an untimely complaint of retaliation, OSHA may then advise the employee to file a complaint with the NLRB, because the NLRB has a six-month time limit for filing such complaints whereas OSHA’s time limit is only 30 days. As a result, employers may be facing both agencies during an investigation.

Coordinated Investigations and Enforcement

The NLRB and OSHA will determine whether to conduct coordinated investigations and inspections in order to facilitate appropriate enforcement actions. If coordinated investigations occur and there are overlapping statutory violations, each agency may take relevant enforcement actions. In practice, employers should assume that if either agency is conducting an investigation into alleged retaliation, that agency will consider involving the other.

Takeaways for Employers

Heading into 2024, employers can expect to see more interagency coordination between the NLRB and OSHA during investigations. While the two agencies remain separate, there is a clear entanglement of enforcement action as the NLRB seeks to increase federal agency collaboration. As such, employers may presume that information collected by one agency will be provided to the other. As the agencies seek to increase worker protection across the board, employers will want to ensure that their management personnel are trained and up-to-date on the anti-retaliation and whistleblowing provisions of the Occupational Safety and Health Act and the National Labor Relations Act.

© 2023 Jones Walker LLP
For more news on the Partnership between OSHA and NLRB, visit the NLR Labor & Employment section.

United States | Roundup: Immigration Policies Update in Final Weeks of 2023

Federal agencies announced several important changes to immigration programs in the last two weeks of 2023, including the details of a new domestic visa renewal program, the extension of interview waiver authorities and premium processing fee hikes. For those who missed any of the announcements, here’s a roundup of key developments:

  • Domestic visa renewal: The State Department will allow a limited number of H-1B holders to renew their visas in the United States under a new pilot program, the details of which were published Dec. 21, 2023. The pilot will begin Jan. 29 and will be open to 20,000 H-1B visa holders whose previous visas were approved in certain time frames by U.S. visa processing posts in Canada and India. Read BAL’s full news alert here.
  • Interview waiver authorities: On Dec. 21, 2023, the State Department announced that it would extend interview waiver authorities for certain nonimmigrant visa applicants. Under the updated policy, which took effect Jan. 1, consular officers will have the authority to waive interviews for (1) first-time H-2 visa applicants and (2) other nonimmigrant visa applicants who were previously issued a nonimmigrant visa in any classification (other than a B visa) and are applying within 48 months of their most recent nonimmigrant visa’s expiration date. Applicants renewing a nonimmigrant visa in the same classification within 48 months of the prior visa’s expiration date continue to be eligible for an interview waiver as well. Read BAL’s full news alert here.
  • Premium processing fees: U.S. Citizenship and Immigration Services will increase premium processing fees on Feb. 26. Under a regulation published Dec. 28, 2023, premium processing fees will increase by about 12% to account for inflation. Read BAL’s full news alert here.
  • Schedule A input: On Dec. 20, 2023, the Department of Labor asked for public input on whether to revise its list of Schedule A job classifications that do not require permanent labor certification. Read BAL’s news alert here.
  • F and M student nonimmigrant classifications: USCIS issued policy guidance Dec. 20, 2023, regarding the F and M student nonimmigrant classifications, including the agency’s role in adjudicating applications for employment authorization, change of status, extension of stay and reinstatement of status for these students and their dependents in the United States. Find USCIS’ updated policy guidance here. Read BAL’s news alert here.

Additional Information: The Biden administration’s top regulatory priorities on employment-based immigration in 2024 include H-1B and H-2 modernization, fee hikes and changes to the green card process, according to the Department of Homeland Security’s regulatory agenda published in December.

©2023 Berry Appleman & Leiden. All Rights Reserved.
For more news on Immigration Policies Updated in 2023, visit the NLR Immigration section.

State-Side H-1B Visa Renewal to Begin Jan. 29, 2024

The Department of State (“DOS”)’s pilot program for domestic H-1B visa renewals will begin on January 29, 2024, and run through April 1, 2024. As H-1B visa applicants accepted into the pilot program will no longer need to incur the time and expense of applying to renew their visas through a U.S. Consulate abroad, this is a much anticipated and welcomed advancement. This is the first time since 2004 that the DOS is revisiting stateside visa renewal, as the domestic visa renewal process was discontinued, forcing applicants to apply for visa renewals abroad.

The new pilot program is limited to individuals who have previously submitted fingerprints in connection with a prior visa application, and who are eligible for a waiver of the in-person visa interview. Applicants who want to participate in the pilot program will be subject to the eligibility requirements, timeline for implementation, and procedural requirements outlined below.

Eligibility requirements:

  1. The applicant must be seeking to renew an H-1B visa. The DOS will not process applications for other visa classifications including H-4 visas for spouses and dependent children.
  2. The applicant’s prior H-1B visa must have been issued either by a U.S. Consulate in Canada between January 1, 2020, and April 1, 2023, or by a U.S. Consulate in Indiabetween February 1, 2021, and September 3, 2021.
  3. The applicant must not be subject to a non-immigrant visa issuance fee (i.e., a reciprocity fee).
  4. The applicant must be eligible for a waiver of the in-person interview.
  5. The applicant must have been previously ten-fingerprinted by the DOS in connection with a prior visa application.
  6. Any prior visa issued to the applicant must not have a “clearance received” annotation.
  7. The applicant must not be subject to any grounds for a visa ineligibility that would require a waiver prior to visa issuance.
  8. The applicant must have an approved and unexpired H-1B petition from U.S. Citizenship and Immigration Services (“USCIS”).
  9. The applicant must have been recently admitted to the United States in H-1B status with an admission period that has not expired at the time of application, and be currently maintaining H-1B status in the United States; and
  10. The applicant must intend to re-enter the United States in H-1B status after any temporary travel outside the United States.

Timeline for Implementation:

The pilot program will accept applications from January 29, 2024, through April 1, 2024, subject to the following timelines:

  1. Approximately 2,000 slots for applicants whose H-1B visas were issued by a U.S. Consulate in Canada, and approximately 2,000 slots for those whose H-1B visas were issued by a U.S. Consulate in India, will be released on a weekly basis.
  2. Visa slots will be released on January 29, 2024February 5, 2024February 12, 2024February 19, 2024, and February 26, 2024.
  3. Once all slots are filled in a given week, the DOS will not accept additional applications until the next release date.

Applicants who apply, but are determined to be ineligible, will have their applications returned unadjudicated, but will not be refunded the visa application fee.

Application Procedures and Processing Times:

Applicants must follow the procedures below to apply under the pilot program:

  1. Online application required. Instructions will include directions on where to mail a passport and supporting documents.
  2. Estimated processing times of six to eight weeks. Expedite requests will not be considered.

It is important to note that an H-1B visa issued domestically under this program does NOT provide lawful H-1B status and employment authorization in the United States or an extension of H-1B status. An H-1B visa issued under this program only serves as a “ticket” to apply for admission to the United States in H-1B status the next time the applicant travels internationally and does not govern the H-1B visa holder’s authorized period of stay and employment in the United States.

While the DOS’ pilot program is preliminary and limited in time, the program does present an encouraging step toward more efficient visa issuance and may help tackle the lengthy processing times experienced by many visa applicants at U.S. Consulates worldwide. However, the eligibility requirements for this program are very specific, limited to only H-1B visa applicants who meet a long-list of requirements.

© 2023 Miller, Canfield, Paddock and Stone PLC
For more news on H-1B Visa Renewal, visit the NLR Immigration section.

10 Market Predictions for 2024 from a Healthcare Lawyer

As a healthcare lawyer, 2023 was a pretty unusual year with the sudden entrance of a number of new players into the healthcare marketplace and a rapid retrenchment of others. With innovation showing no signs of slowing down in the year ahead, healthcare providers should consider how to adapt to improve the patient experience, increase their bottom line, and remain competitive in an evolving industry. Here are 10 personal observations of the past year that may help you plan for the year ahead.

  1. Health tech will continue to boom. Without a doubt, in my practice, health tech exploded, and understandably. In the face of tight margins, healthcare technology may offer the promise of immediate returns (think revenue cycle). But it is also important to understand the context. Health tech offers the promise of quick implementation relative to construction of clinical space, and it can be accomplished without additional clinical staff or regulatory oversight, potentially resulting in a prompt return on investment. Advancing technologies and AI will enable real-time, data driven surgical algorithms and patient-specific instruments to improve outcomes in a variety of specialties.
  2. Value-based care is here to stay. Everyone is interested in value-based care. In the past, value-based care was simply aspirational. Now, there are significant attempts to implement it on a sustained basis. It is not a coincidence that there has also been significant turnover in healthcare leadership in the past few years, and that has likely led to more receptivity.
  3. Expansion of value-based care models. There has been considerable activity around advanced primary care and single-condition chronic disease management. We are now starting to see broader efforts to manage care up and down the continuum of care, involving multi-specialty care and the gamut of care locations. Increased pressure to lower costs will result in increased volumes in lower cost, ambulatory settings.
  4. Regulatory scrutiny will continue to increase. For most, this is a given. In 2023, we saw increased scrutiny up and down the continuum, whether related to pharmaceutical costs, regulation of pharmacy benefit managers, healthcare transaction laws, or innovations in thinking around healthcare from the Federal Trade Commission. With the impending election, it is likely healthcare will receive considerable attention and scrutiny.
  5. Private equity (“PE”) will resume the march – with discipline. In my practice, PE entities rethought their growth strategies to focus on how to bring acquisitions to profitability quickly, from a “growth at all costs” mind set. Now there appears to be an increasing focus on operations and an emphasis on making realistic assumptions to underly growth. This has led to a more realistic pricing discipline and investment in management teams with operational experience.
  6. Partnerships. There is an increasing trend towards partnerships between PE entities and health systems. Health systems are under considerable financial stress, and while they do not universally welcome PE with open arms, some systems do appear open to targeted partnerships. By the same token, PE entities are beginning to realize that they require clinical assets that are most readily available at health systems. This will continue in 2024.
  7. The rise of independent physician groups. There is increasing activity among freestanding physician groups. Some doctors are leery of PE because they believe it is solely focused on profits. Similarly, many physicians are reluctant to be employed by health systems because they believe they will simply become a referral source. While we are not likely to see a return to 2002, where many PE and health system physician deals were unwound, we will see increasing growth by independent physician groups.
  8. Continued consolidation. The trend towards consolidation in healthcare is nowhere near ending. To assume risk (the ultimate goal of value-based care), providers require scale, both vertically and horizontally. While segments of healthcare slowed in 2023, a resumption of growth is inevitable.
  9. Increased insolvencies. Most healthcare providers have very high fixed costs and low margins. Small swings in accounts receivable collections, wages, and managed care payments can have a large impact on entities that are just squeezing by.
  10. New entrants. Last year saw several new entrants to the healthcare marketplace nationally. Who in 2023 would have thought Best Buy would enter the healthcare marketplace? There is still plenty of room for new models of care, which we will see in 2024.

2024 promises to be an interesting year in the healthcare industry.

© 2023 Blank Rome LLP
For more news on 2024 Healthcare Industry Laws, visit the NLR Health Law & Managed Care section.

FDA Announces Draft Supplemental Guidance on Menu Labeling

  • Today FDA announced an update to its Menu Labeling Supplemental Guidance which addresses implementation of menu nutrition labeling requirements. The menu labeling rules only apply to standard menu items offered by “covered establishments,” which are defined as restaurants and similar retail food establishments with 20 or more locations doing business under the same name and offering for sale substantially the same menu items, as well as restaurants and similar retail establishments that register to voluntarily subject themselves to the menu labeling requirements. (21 CFR 101.11).
  • The menu labeling regulations require disclosure of calories on menu and menu boards, and require that other nutrition information (e.g., fat, sugar, protein) be available in written form on the premises and provided to the customer upon request. Notably, the menu labeling regulations do not require disclosure of “added sugars” as is now required on packaged foods.
  • The draft update includes two new Q&As which (1) clarify that nutrition information can be provided on third party platforms (TPPs) through which food is ordered and delivered and (2) that added sugars may voluntarily be declared.
  • Although FDA accepts comments on any guidance at any time, comments on the draft new Q&As are due by February 12, 2024, to ensure they are considered before FDA begins work on final versions.
© 2023 Keller and Heckman LLP
For more news on FDA Menu Labeling Regulations, visit the NLR Biotech, Food, Drug section.