Category: Communication Media & Internet

Former Uber Security Chief Found Guilty in Criminal Trial for Failure to Disclose Breach to FTC

On October 5, 2022, former Uber security chief Joe Sullivan was found guilty by a jury in U.S. federal court for his alleged failure to disclose a breach of Uber customer and driver data to the FTC in the midst of an ongoing FTC investigation into the company. Sullivan was charged with one count of obstructing an FTC investigation and one count of misprision, the act of concealing a felony from authorities.

The government alleged that in 2016, in the midst of an ongoing FTC investigation into Uber for a 2014 data breach, Sullivan learned of a new breach that affected the personal information of more than 57 million Uber customers and drivers. The hackers allegedly demanded a ransom of at least $100,000 from Uber. Instead of reporting the new breach to the FTC, Sullivan and his team allegedly paid the ransom and had the hackers sign a nondisclosure agreement. Sullivan also allegedly did not report the breach to Uber’s General Counsel.  Uber did not publicly disclose the incident or inform the FTC of the incident until 2017, when Uber’s new chief executive, Dara Khosrowshahi, joined the company.

This case is significant because it represents the first time a company executive has faced criminal prosecution related to the handling of a data breach.

For more Privacy Law news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Twelve Tips for Effective In-Person Networking in the Post-Pandemic World

I recently got on my first flight since the pandemic. I had been avoiding travel and conferences for many reasons, but it’s time to stop hiding at home and behind my computer screen.

Over the next few weeks I am speaking at several lawyer retreats and industry conferences – I’m excited but nervous.

I feel like a fish out of water (I accidentally let my TSA pre-check expire as well as my passport during Covid). It’s also the first time I’m leaving my pandemic puppies (I think it’s more traumatic for me than them).

I’m looking forward to seeing familiar faces and meeting new ones, and getting to know my clients in a setting other than Zoom because human connections are important and powerful.

In-person networking is essential – it is the secret sauce to building long-term and meaningful relationships. Those relationships can lead to opportunities of all kinds.

Even as an extroverted extrovert, I’m a bit rusty on networking.

I have been doing countless presentations to a computer screen since March 2020 and so being able to see and interact with real people is a much welcome change. A return to “normalcy.”

But after years of being an “expert” network, I’m not actually sure what to do when I actually see people again in a profesional group setting.

Do I hug? (I’m Italian, we like to hug) Shake hands? Fist bump? Just smile and nod? So glad we aren’t bathing in hand sanitizer anymore or cloroxing everything with which we come in touch.

Many of us are in the same position after the past few years, and we don’t feel like the same person we used to be. But that’s okay. Let’s collectively give ourselves a break (and some grace). We are all in the same boat – together.

Here are 12 tips for effective in-person networking I plan to use:

  1. Ask people about themselves more then I talk about myself.
  2. Practice active listening.
  3. Say their names a few times when talking to them – it helps me remember them and makes people like you more.
  4. Write notes after each meaningful conversation.
  5. Exit conversations gracefully.
  6. Follow up and connect on LinkedIn with new and renewed contacts.
  7. Put my LinkedIn QR code on my iPhone home screen to facilitate easy networking. Here’s how.
  8. Add new contacts to my CRM.
  9. Immerse myself in the programming. I am not going to check my email every second or do unnecessary work.
  10. Write a key takeaways blog and LinkedIn post from the sessions I enjoyed and tag the speakers.
  11. Create an email OOO message that supports my brand and business (see example from Paula Edgar).
  12. Have an intimate dinner with my clients/colleagues to get to know them better.

Do you have any tips for in-person networking in the post-pandemic environment?

Article By Stefanie M. Marrone of Stefanie Marrone Consulting

For more legal marketing and business of law news, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.

Cyber Incident Reporting for Critical Infrastructure Act

On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (“CISA”) released a Request for Information (“RFI”) seeking public input regarding the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). The public comment period will close on November 14th, 2022. The RFI provides a “non-exhaustive” list of topics on which CISA seeks public input, including:

  • Definitions and criteria of various terms, such as “covered entity,” “covered cyber incident,” “substantial cyber incident,” “ransom payment,” “ransom attack,” “supply chain compromise” and “reasonable belief;”
  • Content of reports on covered cyber incidents and the submission process (e.g., how entities should submit reports, report timing requirements, and which federal entities should receive reports;
  • Any conflict with existing or proposed federal or state cyber incident reporting requirements;
  • The expected time and costs associated with reporting requirements; and
  • Common best practices governing the sharing of information related to security vulnerabilities in the U.S. and internationally.

In March 2022, President Biden signed CIRCIA into law. CIRCIA creates legal protections and provides guidance to companies that operate in critical infrastructure sectors, including a requirement to report cyber incidents within 72 hours, and report ransom payments within 24 hours. The CISA website features more information about the law, the RFI, and a list of public listening sessions with CISA to provide input.

Article By Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Metaverse Casinos: A Regulatory Wild West

A New World of Gaming

The metaverse is an immersive online universe on the blockchain where users interact with a multitude of digital worlds and with each other. As in the real world, the metaverse offers a wide variety of activities and entertainment options. The metaverse has become a haven for gaming. Users can explore casino “districts,” offering slots, poker, roulette, blackjack and more, go to shows and nightclubs, and even purchase real estate, including an entire casino. Some platforms within the metaverse are more developed than others, with their own parcels of land, decentralized governmental structures and native tokens. As this space continues to expand into various aspects of daily life, participants in the metaverse ecosystem, and in particular, gaming operators, should proceed with caution as the line between fantasy and reality continues to blur.

The metaverse provides an alternative virtual reality for those who visit, seemingly outside of the legal and regulatory structure of the real world. Now, due to the development of digital assets1 including cryptocurrencies and non-fungible tokens (“NFTs”), visitors can add real-world economic value to some in-game activities. Players can buy, sell, or gamble items in the metaverse for digital assets that can convert to fiat currency, further blurring the lines between a virtual game experience and reality. What seems to some like a game will increasingly have real-world economic consequences for users, and the businesses with which they engage in the metaverse, resulting in more regulatory scrutiny and legal disputes.

Metaverse Gaming vs. Traditional Online Gaming

It is helpful to distinguish metaverse gaming from traditional online gaming. Gaming in the metaverse and online gaming both allow users to play casino games with their friends and social network virtually without the burdens and restrictions of physical travel. Unlike traditional online casinos, the metaverse attempts to replicate the full casino experience, allowing users to explore a digital representation of a casino using a unique avatar and virtual reality technology. Through advancements in technology, users can control their avatar’s behavior in a similar manner to controlling their own conduct in the real world. Essentially, avatars are digital representation of users – they physically walk around and engage with other avatars, including making observations of other avatars’ tells and contributing to an authentic casino experience, all from the comfort of home.

Metaverse casinos generally do not accept traditional fiat currency. A metaverse casino requires a participant to convert their fiat into one of the crypto currencies accepted in the metaverse and deposit funds using a crypto wallet. Users exchange the NFTs and cryptocurrency that they win in the metaverse for fiat currency in the real world, however.

The use of crypto in metaverse gaming has some clear benefits. In addition to providing an immersive interaction compared to fiat-based online gambling platforms, metaverse casinos offer higher levels of security, transparency, and privacy for users. For example, the history of the entire transaction history is accessible on a blockchain. Although the transaction is visible on a blockchain, users may remain anonymous without having to disclose certain personal information, thereby protecting privacy. Deposits and withdrawals are processed virtually instantaneously because there is no third party verifying the transaction.

Regulatory Considerations for Metaverse Gaming

Casino and sports gaming is one of the most heavily regulated industries in the United States. The regulation is primarily at the state level. Some mistakenly believe the metaverse is insulated from real life legal restrictions. To the contrary, any gaming and wagering activity, which constitutes a game of chance involving the risk of something of value and a prize,2 that is being offered to U.S. citizens in the metaverse (on an unregulated basis) is likely to draw the attention of regulators.

Despite the popularity of metaverse gaming, the top U.S. operators have largely stayed on the sidelines while offshore and smaller companies dominate the space. This is unsurprising for three reasons:

  1. The fact that metaverse gaming lacks a dedicated regulatory framework and online gaming is legal in only a handful of states;

  2. As we wrote previously, the reluctance of regulated gaming companies operating in the U.S. to pursue the legal use of cryptocurrency given its volatility, lack of acceptance, and regulatory and/or legislative hurdles; and

  3. General legal uncertainty.

An operator that wishes to offer a gaming platform to U.S. citizens in the metaverse would need to do so with the express permission and under the oversight of each state’s gaming commission whose residents they serve. This may also require new legislation and regulatory schemes. For example, Wyoming, an early adopter of cryptocurrency, passed legislation in 2021 that allows sportsbooks to accept “digital, crypto and virtual currencies.”3 Generally, however, regulators and legislators are not known for their speed in adopting new and emerging technologies and the industry as a whole is still working toward more immediate and attainable goals, such as expanding legal online gaming. Currently, fewer than 10 states offer online casinos and/or poker.

There is significant regulatory and legal uncertainty surrounding metaverse casinos. For example, which oversight bodies have authority to regulate metaverse casinos? Can users face consequences in the real world for the actions of their avatar in metaverse casinos? How are players protected from unlawful conduct in metaverse casinos? Can operators be held responsible for that misconduct? State gaming regulators would have jurisdiction over gaming activity being offered to their residents in the metaverse alongside other regulators including the SEC, the U.S. Commodity Futures Trading Commission, and the Financial Crimes Enforcement Network, given the use of cryptocurrency and NFTs.4 At this early stage, there are more questions than answers. The history of the real-world gaming industry suggests it is highly probable that metaverse casinos will be subject to direct regulation.

New Legal Parameters Around Metaverse Gaming Are Expected

The competitive nature of the U.S. gaming market, the vast lobbying power of licensed gaming operators, and the substantial fees for licensure indicate that it is not a matter of if, but when regulators will intervene in metaverse gaming. While the concept of metaverse casinos is exciting and creates the opportunity for significant growth in the gaming industry, like many innovations, it brings additional challenges and risks for operators.

In fact, earlier this year securities regulators in Texas and Arizona demanded that a metaverse casino developer cease its funding for the development of its metaverse casino (and expansion of its metaverse casinos to all other relevant metaverses) through NFTs for failing to register the NFTs as securities and on the grounds that it was conducting an illegal fraudulent securities scheme.5

About a month later, securities regulators in Texas, Wisconsin, Kentucky, New Jersey, and Alabama filed an action against another metaverse casino due to its alleged ties to Russia and a fraudulent investment scheme it was running in violation of securities laws.6 The Texas State Securities Board stated its concerns about scammers being able to hide their identities (also referred to as “going dark”), as they alleged occurred here, in metaverse casinos.

In addition, just a few months ago, 28 members of Congress urged the Department of Justice to work with the industry, and other stakeholders to prosecute offshore sports betting companies operating illegally in the U.S.7 Similarly, absent a known regulatory scheme, even “successful” operation of a metaverse casino at present does not foreclose adverse action or shutdowns in the future due to increasing regulatory scrutiny.

While it is unclear how, if, and to what extent, existing regulations apply to metaverse gaming, the actions referenced above demonstrate that some state regulators are taking the position that the same rules that apply to investments in the real world also apply to investments in the metaverse. The risk is not limited to the virtual world, but also exposes investors to the potential loss of real money. The above matters also highlight the broad range of risks government authorities could be motivated to address, from international policy implications to financial fraud scams.

Pioneering the Metaverse

Although there are significant barriers to operating gaming platforms in the metaverse, forward-thinking gaming companies have wisely been preparing to enter this new world when it is safe to do so. If the metaverse becomes as integrated into daily life as it is expected to be, those pioneers will reap the rewards. We recommend gaming operators in the metaverse proceed with caution and retain highly qualified counsel to help them navigate the developing regulatory landscape.

For more internet and cybersecurity legal news, click here to visit the National Law Review

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

FOOTNOTES

  1. Regulators in the United States including the Securities and Exchange Commission (“SEC”) use the term “digital asset” to refer to “an asset that is issued and transferred using distributed ledger or blockchain technology.” Statement on Digital Asset Securities Issuance and Trading, Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets, SEC (Nov. 16, 2018), available here. As the SEC has noted, digital assets include, but are not limited to, virtual currencies, coins, and tokens. Id. A digital asset may in certain instances be deemed a security under the federal securities laws. While not defined in the securities laws, the SEC often refers to digital assets that are securities as a “digital asset securities.” Id.

  2. The issue of what is a “thing of value” within the meaning of state anti-gambling law has been the subject of recent litigation. See, e.g., Kater v. Churchill Downs, Inc., 886 F.3d 784 (9th Cir. 2018) (virtual chips in online game held to be a “thing of value” for purposes of Washington’s illegal gambling law); Coffee v. Google, LLC, No. 20-CV-03901-BLF, 2022 WL 94986, at *13 (N.D. Cal. Jan. 10, 2022) (“loot box” prizes limited to use in in-app game not “things of value” under California illegal gambling law).

  3. Pat Evans, Cryptocurrency In Legal Sports Betting: What’s Next?, (June 9, 2022), available here.

  4. We will discuss the potential role of these Federal regulators in future articles.

  5. Dorothy N. Giobbe, et. al, Texas and Alabama Securities Regulators File Enforcement Actions Against Online Casino Developer Selling NFTs to Operate Casinos in a Metaverse, (April 29, 2022), available here.

  6. Five States File Enforcement Actions to Stop Russian Scammers Perpetrating Metaverse Investment Fraud, (May 11, 2022), available here.

  7. Chris Altruda, Congressional Group Calls on DOJ to Help Fight Illegal Offshore Sportsbooks, (Jun. 30, 2022), available here.

 

How to Use Images and Blogs to Boost Your Google My Business Profile

Whether you are wondering if you should create a listing for your business or searching for the most effective ways to boost your local presence, Google My Business is a wise investment of time. Not convinced yet? Consider the following statistics:

  • 97 percent of people learn more about a local company online than through any other source
  • Over 90 percent of the search engine market share belongs to Google
  • According to Google, 46 percent of all searches have local intent
  • 64 percent of consumers have used Google My Business to find contact details for a local business

Listing your law firm on Google is a significant step towards a complete online presence, but it doesn’t stop there. For instance, you should update your Google My Business Profile every month or so. While this profile isn’t a social media profile, it still requires the same amount of cultivation.

The Benefit of Adding Pictures

There are a few more ways you can leverage your profile to your advantage.  One of these ways is to use images to help boost your profile. For example, using photos on your Google Business Profile is beneficial not just for aesthetics but also to provide your law firm with an SEO advantage.

According to Google, businesses that use pictures on their Business Profiles see 42 percent more direction requests on Google Maps and 35 percent more clicks through to their websites than those who don’t use them. In fact, after a 2020 experiment, DigitalMaas came to the same conclusions. There’s no denying that law firms and attorneys who regularly upload photos on their listings will get more clicks and appear more on search results than their competitors who don’t.

When adding pictures, ensure you:

  • Add photos promptly. Without pictures, Google will default to showing street views which can make potential clients doubt if you are still in business.
  • Add photos regularly, including different shots and angles, taken at various times of the day.
  • Use quality photos without over-editing them. You want them to be clear but not filtered.
  • Use categories when adding pictures. Having a minimum of three relevant photos for each category is recommended.
  • Stay relevant to your location—avoid using screenshots, stock photos, GIFs, and other manually created images.

The Benefit of Blogs

Blogs are an essential piece of SEO marketing. If your firm doesn’t already publish one, now is the time. In addition to publishing your blog on your website, make sure you take its URL along with the picture and create a post from your Google My Business Account. Google will recognize your blog under your profile, and you will start to rank higher in SEO. When you add your blog to your Google Business Profile, you essentially double the benefit of having a blog without doubling the work. Linking a blog to your profile shows your authority in the legal realm and that you remain active online.

Don’t Forget Reviews!

Another key piece of optimizing your Google My Business profile is adding reviews. Google knows that reviews are the primary influence on consumer behavior, so they are a crucial ranking factor in the algorithm. However, you can’t add reviews if you don’t have any. Getting more reviews can be simple if you follow these tips:

  • Start with your long-time, loyal clients.
  • Make leaving a review as simple as possible by creating a review shortcut link or using a shortcut link generator.
  • Add a “Reviews” page on your website with a call to action to leave one.
  • Don’t forget to ask for reviews by email, text, social media, and in-person conversations.
  • Let clients know that reviews help others in similar situations to find a solution and make informed decisions.
  • Respond to reviews as this will incentivize clients to leave theirs and improves your local SEO.

Article By Meranda M. Vieyra of Denver Legal Marketing

For more business of law legal news, click here to visit the National Law Review.
© 2022 Denver Legal Marketing LLC

OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights (“HHS”) announced that it had settled a case involving the disposal of physical protected health information (“PHI”).

OCR alleged that, on March 31, 2021, a specimen containing PHI was found by a third-party security guard in the parking lot of the New England Dermatology and Laser Center (“NEDLC”). The PHI included patient name, patient date of birth, date of sample collection, and the name of the provider who took the specimen, in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

As part of the settlement, NEDLC agreed to pay HHS $300,640. According to NEDLC’s Resolution Agreement and the Corrective Action Plan, there were two potential violations by NEDLC. First, NEDLC allegedly failed to maintain appropriate safeguards to protect the privacy of PHI,” as required by 45 C.F.R. § 164.530(c). Second, NEDLC allegedly permitted the impermissible disclosure of PHI, in violation of Rule 45 C.F.R. § 164.502(a). The Corrective Action Plan requires NEDLC to develop, maintain and appropriately revise written policies and procedures in accordance with HIPAA.

Several highlights of the settlement include:

  1. Changes to Policies and Procedures. NEDLC must develop, maintain and revise, as necessary, its written HIPAA policies and procedures, and provide such policies and procedures to HHS for review and approval. NEDLC also must assess, update and revise, as necessary, such policies and procedures at least annually, or as needed, and seek HHS’s approval of the revised policies and procedures.
  2. Designation of Privacy Official. NEDLC must designate a privacy official who is responsible for the development and implementation of NEDLC’s HIPAA policies and procedures, and a contact person or office who is responsible for receiving relevant complaints.
  3. Training Requirements. NEDLC must provide HHS with training materials for its workforce members and seek HHS’s approval of such training materials. NEDLC must also distribute the HIPAA policies and procedures to its workforce members and relevant business associates, and obtain a written compliance certification from all such individuals. NEDLC must provide HIPAA training for new workforce members, and all workforce members at least every 12 months. Each workforce member must certify, in electronic or written form, that they received training. NEDLC must review the training at least annually, and update the training where appropriate. NEDLC must promptly investigate, review, report to HHS, and sanction any workforce member that does not comply with its HIPAA policies and procedures.
  4. Implementation Report and Annual Report.  NEDLC is required to submit to HHS a written report summarizing the status of its implementation of the requirements provided set forth in the settlement, and annual compliance reports.

For more Health Care legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

911 Network Reliability Deadline Approaching

Earlier this monththe FCC announced that its 2022 911 Reliability Certification System is now open for Covered 911 Service Providers to file annual reliability certifications.  The filings are due on October 17, 2022.  Failure to submit the certification may result in FCC enforcement action.

Background

In 2013, the FCC adopted rules aimed at improving the reliability and redundancy of the nation’s 911 network.  Those rules require Covered 911 Service Providers (“C9SP”) to take steps that promote reliable 911 service with respect to three network elements: circuit auditing, central-office backup power, and diverse network monitoring.  The Commission identified these three network elements as vulnerabilities following a derecho storm in 2012 that significantly impacted 911 service along the eastern seaboard.

Applicability. The rules apply to all C9SPs, which are defined as any entity that provides 911, E911, or NG911 capabilities such as call routing, automatic location information (ALI), automatic number identification (ANI), or the functional equivalent of those capabilities, directly to a public safety answering point (PSAP).

Certification. The rules require C9SPs to certify annually that they have met the FCC’s safe harbor provisions for each of these elements or have taken reasonable alternative measures in lieu of those safe harbor protections.  The certification must be made under penalty of perjury by a corporate officer with supervisory and budgetary authority over network operations.

In 2018 and 2020, the FCC sought comment on changes to the 911 reliability certification rules, but the rules have not yet been updated as a result of those proceedings.

Enforcement Against Noncompliant Providers

Last year, the FCC entered into eight consent decrees with Covered 911 Service Providers that failed to submit their reliability certifications in 2019, 2020, or both.  A Consent Decree typically requires the recipient to admit it violated an FCC rule, pay a fine to the federal government, and implement a Compliance Plan to guard against future rule violations.  These Compliance Plans required the C9SPs to designate a compliance officer, establish new operating procedures, and develop and distribute a compliance manual to all employees.

Additionally, the providers were required to establish and implement a compliance training program, file periodic compliance reports with the FCC detailing the steps the provider has taken to comply with the 911 rules, and report any noncompliance with 911 rules within 15 days of discovering such noncompliance.

Looking Forward

C9SPs have about one month to confirm compliance with the reliability rules and submit a required certification.  Based on the FCC’s enforcement efforts last year, C9SPs would be well-advised to work diligently to meet this upcoming deadline.

Article By Wesley K. Wright and Liam Fulling of Keller and Heckman LLP.

For more communications and telecom legal news, click here to visit the National Law Review.

© 2022 Keller and Heckman LLP

OFAC Offers Guidance in the Wake of Tornado Cash Sanctions

The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) updated its “frequently asked questions” (FAQs) Tuesday, providing guidance relating to the sanctions against Tornado Cash, the Ethereum “mixer” it blacklisted in August, following allegations that North Korea used Tornado Cash to launder stolen digital assets. The updated information from OFAC comes as a welcome snippet of communication, allowing for clarity on the scope of the action taken against Tornado Cash, as well as providing guidance for U.S. persons affected by the blacklisting who, through no fault of their own, were caught up in federal action.

The updated FAQs provide guidance on four points: (1) the ability to withdraw funds from wallets associated with the Tornado Cash blacklist; (2) whether the OFAC reporting obligations apply to “dusting” transactions; (3) whether U.S. persons can engage in transactions involving addresses implicated in the blacklist without a license; and (4) what, more generally, is prohibited in the wake of the OFAC blacklisting of Tornado Cash.

(1)        Withdrawing Funds

If a U.S. person sent virtual currency to Tornado Cash, but did not complete the mixing transaction or otherwise withdraw such virtual currency prior to August 8, 2022 (the effective date of the OFAC blacklist), such person can request a specific license from OFAC to engage in transactions involving that virtual currency (assuming such person conducts the contemplated transactions within U.S. jurisdiction).

In order to obtain this license, such persons will need to provide, “at a minimum, all relevant information regarding these transactions with Tornado Cash, including the wallet addresses for the remitter and beneficiary, transaction hashes, the date and time of the transaction(s), as well as the amount(s) of virtual currency.”

OFAC indicates that they will embrace a favorable licensing policy towards such applications, so long as the contemplated transactions did not involve conduct that it deems to be otherwise sanctionable, and that licensing requests can be submitted by visiting the following link: https://home.treasury.gov/policy-issues/financial-sanctions/ofac-license-application-page.

(2)        “Dusting” Transactions

Dusting is the act of sending unsolicited and nominal amounts of virtual currency or other digital assets to third parties. This can be done in order to cause consternation on the part of the recipient, particularly in a situation where there is confusion as to the legality of receiving such funds or actions.

OFAC indicates that it has been made aware of Dusting involving virtual currency or other virtual assets from Tornado Cash, and indicates that while, technically, OFAC’s regulations would apply to these transactions, to the extent that these Dusting transactions have no other sanctions associated with them other than Tornado Cash, “OFAC will not prioritize enforcement against the delayed receipt of initial blocking reports and subsequent annual reports of blocked property from such U.S. persons.”

In short, while not a desirable transaction to take place, OFAC does not intend to pursue action against persons simply because they are the target of Dusting.

(3)        Engaging in Transactions With Tornado Cash

OFAC clarified that, without explicit license from OFAC, U.S. persons are prohibited from engaging in any transaction involving Tornado Cash, including any transaction done via currency wallet addresses OFAC has identified as part of the blacklist.

Specifically, “[i]f U.S. persons were to initiate or otherwise engage in a transaction with Tornado Cash, including or through one of its wallet addresses, such a transaction would violate U.S. sanctions prohibitions, unless exempt or authorized by OFAC.”

(4)        Further Tornado Cash Guidance

Referencing FAQs 561 and 562, OFAC reemphasized their authority to include as identifiers on the Specially Designated Nationals and Blocked Persons List (SDN List) specific virtual currency wallet addresses associated with blocked persons, and that such SDN List entry for Tornado Cash included as identifiers certain virtual currency wallet addresses associated with Tornado Cash, as well as the URL address for Tornado Cash’s website.

While the Tornado Cash website has been deleted, it remains available through certain Internet archives, and accordingly OFAC emphasized that engaging in any transaction with Tornado Cash or its blocked property or interests in property is prohibited for U.S. persons.

Interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited. By way of example, “U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts.  Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.”

While this update to FAQs come as a welcome bit of clarity, Web3 investors, entrepreneurs, and users should continue to tread carefully when engaging with opportunities and technologies on the periphery of Tornado Cash and the accompanying OFAC action. When questions arise, it is important to seek out informed counsel, to discuss the risks of proposed actions and how best to mitigate that risk while working to pioneer new and emerging technologies.

Article By David A. Lopez-Kurtz of Dinsmore & Shohl LLP

For more finance and cryptocurrency legal news, click here to visit the National Law Review.

© 2022 Dinsmore & Shohl LLP. All rights reserved.

It’s Time To Review Your Online Patient-User Interface: DOJ Issues New Federal Guidance on Telemedicine and Civil Rights Protections

As online digital health services continue to enjoy broader use and appeal, federal regulators are concerned some telemedicine online patient-user interfaces fail to accommodate persons with disabilities and limited English proficiency. Such failures in “product design” can violate federal civil rights laws and the Americans with Disabilities Act (ADA), according to new policy guidance jointly issued by the U.S. Department of Health and Human Services (HHS) and Department of Justice (DOJ).

The document, Nondiscrimination in Telehealth, is specifically directed to companies offering telemedicine services and instructs such covered entities to immediately take specific steps to comply with the various “accessibility duties” under federal civil rights laws. The guidance focuses on ensuring accessibility for two populations of users: 1) people with disabilities and 2) people with Limited English Proficiency (LEP).

Who is Subject to these Rules?

The guidance refers to “covered entities” subject to these rules. Under the rules, “covered entities” are any health programs and activities receiving federal financial assistance (in addition to programs and activities administered by either a federal executive agency or an entity created by Title I of the Affordable Care Act). While the guidance does not define what constitutes “receiving federal financial assistance”, HHS has historically held that providers who receive federal dollars solely under traditional Medicare Part B were not covered entities. However, a recently-proposed rule suggests HHS will significantly expand the scope of covered entities, and soon. Telemedicine providers should be prepared to comply with these federal laws.

People with Disabilities

The guidance explains that no person with a disability shall – because of the disability – be excluded from participation in or be denied the benefits of the services, programs, or activities of a covered entity, or otherwise be subjected to discrimination by a covered entity. The requirements in the guidance is supported by several federal laws, including the Americans With Disabilities Act, the Affordable Care Act Section 1557, and the Rehabilitation Act Section 504.

Applying these federal civil rights protections to telemedicine services, the guidance states companies must make reasonable changes to their policies, practices, or procedures in order to provide “additional support to patients when needed before, during, and after a virtual visit.”

DOJ and HHS provided the following as examples of such “additional support” obligations:

  • A dermatology practice that typically limits telehealth appointments to 30 minutes may need to schedule a longer appointment for a patient who needs additional time to communicate because of their disability.

  • A doctor’s office that does not allow anyone but the patient to attend telehealth appointments would have to make reasonable changes to that policy to allow a person with a disability to bring a support person and/or family member to the appointment where needed to meaningfully access the health care appointment.

  • A mental health provider who uses telehealth to provide remote counseling to individuals may need to ensure that the telehealth platform it uses can support effective real-time captioning for a patient who is hard of hearing. The provider may not require patients to bring their own real-time captioner.

  • A sports medicine practice that uses videos to show patients how to do physical therapy exercises may need to make sure that the videos have audio descriptions for patients with visual disabilities.

People with LEP

The second area of the guidance is protections for LEP individuals under Title VI of the Civil Rights Act of 1964 (Title VI). Under Title VI, no person shall be discriminated against or excluded from participation in or be denied the benefits of services, programs, or activities receiving federal financial assistance on the basis of race, color, or national origin.

For telemedicine services, the guidance states that the prohibition against national origin discrimination extends to LEP persons. Namely, telemedicine companies must take reasonable steps to ensure meaningful access for LEP persons. Such “meaningful access” includes providing information about the availability of telehealth services, the process for scheduling telehealth appointments, and the appointment itself. In many instances, HHS states, language assistance services are necessary to provide meaningful access and comply with federal law.

These language assistance services can include such measures as oral language assistance performed by a qualified interpreter; in-language communication with a bilingual employee; or written translation of documents performed by a qualified translator

DOJ and HHS provided the following as examples of such “meaningful access” obligations:

  • In emails to patients or social media postings about the opportunity to schedule telehealth appointments, a federally assisted health care provider includes a short non-English statement that explains to LEP persons how to obtain, in a language they understand, the information contained in the email or social media posting.

  • An OBGYN who receives federal financial assistance and legally provides reproductive health services, using telehealth to provide remote appointments to patients, provides a qualified language interpreter for an LEP patient. The provider makes sure that their telehealth platform allows the interpreter to join the session. Due to issues of confidentiality and potential conflicts of interest (such as in matters involving domestic violence) providers should avoid relying on patients to bring their own interpreter.

What if Making These Changes is Expensive?

While not directly addressed in the guidance, the cost for implementing accessibility measures generally falls on the company itself. Federal ADA regulations prohibit charging patients extra for the cost of providing American Sign Language (ASL) interpreters or similar accommodations. In fact, a covered entity may be required to provide an ASL interpreter even if the cost of the interpreter is greater than the fee received for the telemedicine service itself. With respect to LEP interpreters, HHS issued separate guidance stating it is not sufficient to use “low-quality video remote interpreting services” or “rely on unqualified staff” as translators.

However, companies are not required to offer an aid or service that results in either an undue burden on the company or requires a fundamental alteration in the nature of the services offered by the company. This is an important counterbalance in the law. Yet, the threshold for what constitutes an “undue burden” on a company or a “fundamental alteration” to the nature of the services is not bright line and requires a fact-specific assessment under the legal requirements.

Conclusion

Telemedicine companies subject to the guidance should heed the government’s warning and look inward on patient-facing elements. The first step is to simply have the website and app platform reviewed (most particularly the patient online user interface) by a qualified third party to determine if its design and features are sufficiently accessible for people with disabilities, as well as LEP persons. That time is also a prudent opportunity to review the user interface to confirm it complies with state telemedicine practice standards, e-commerce rules, electronic signatures or click-sign laws, and privacy/security requirements. Because these laws have undergone rapid and extensive changes during the Public Health Emergency, it is recommended to conduct these assessments on a periodic/annual basis.

If a company believes the expense of making these product design changes to ensure accessibility would be prohibitively expensive, it should check with experienced advisors to determine if the changes would constitute an “undue burden” or “fundamental alteration.” Otherwise, federal guidance is clear that refusing to make reasonable changes can be a violation of federal civil rights laws.

Article By Kate L. Pamperin, Larry S. Perlman, and Nathaniel M. Lacktman of Foley & Lardner LLP

For more health and telemedicine legal news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

A Paralegal’s Guide to Legal Calendar Management

Law firms of all sizes are increasingly relying on legal technology to address their day-to-day responsibilities. From family law to criminal law to personal injury law, law practice management software can help law firms run smoothly and efficiently.

The benefits of this legal technology aren’t limited to lawyers — it extends to the paralegals they work closely with.

The demand for paralegals is growing at an average of 12% each year, and paralegal technology can be used to support their efficiency and workflows. Many of the manual tasks that paralegals do, such as creating, organizing, and filing court documents, can be automated to free time to focus on more critical tasks.

What Do Paralegals Do?

Working under the supervision of an attorney, a paralegal’s work is merged with and used as part of the attorney’s work for the client. Paralegals cannot give legal advice or perform any legal duties that fall under the scope of the licensed attorney, and they must be clear in their non-lawyer status with clients and the public.

The typical duties of a paralegal may include:

  • Conducting client interviews and maintaining client contact

  • Locating and interviewing witnesses

  • Conducting investigations and statistical and documentary research

  • Performing legal research

  • Drafting legal documents, correspondence, and pleadings

  • Summarizing depositions, interrogatories, and testimony

  • Attending executions of wills, real estate closings, depositions, court or administrative hearings, and trials with the attorney

  • Authoring and signing correspondence, as long as the paralegal status is clearly indicated and does not contain independent legal advice or opinions.

In a law firm, a paralegal’s time for legal work — not clerical or administrative work — may be billed to clients the same way as an attorney’s time, but at a lower hourly rate.

The paralegal profession originated in law firms, but now, paralegals may be employed by government organizations, banks, insurance companies, and healthcare providers.

Aside from basic technology tools for sending emails, making calls, or creating documents, there are resources specifically designed for paralegal work. Some of these include:

  • Case management software: One of the responsibilities of a paralegal is helping firms track client case information. Case management software supports paralegals and other staff to collaborate on cases in real time.

  • Billing software: Client billing is a time-consuming process at the end of the billing period. Paralegals may use billing software to help automate bill generation, collection, and review. Online billing allows clients to receive bills directly and gets the firm paid faster.

  • Client intake software: With manual client intake, clients fill out paperwork and the information must be transcribed digitally. This process is inefficient and error-prone, even with a fillable PDF. Automated client intake technology captures vital details for paralegals, and forms can be shared with a link. The information can be synced with other technologies to avoid duplicate data entry.

  • eSignature software: Signatures are required for most legal documents. Instead of hand-signing and scanning documents, e-signature technology allows paralegals to collect, sign, and store documents with a click of a button.

Paralegals may use some or all of these legal technologies, depending on the size of the firm and its practice areas.

Calendar management is the systematic process of organizing tasks, meetings, and events with the goal of maximizing the return on investment for the time put in. The work can be time-consuming, but it’s essential to the function of the firm.

A well-managed calendar should support attorneys to ensure success. Calendar management has the power to make or break the attorney’s daily workflow and long-term success, which is why it’s one of the most important skills for a paralegal to perform effectively.

Legal calendar management is a resource that manages deadlines, meetings, and events in a centralized location. Paralegals, attorneys, and other staff can have shared access and individual alerts or notifications to ensure that crucial tasks never fall through the cracks.

Prior to digital legal calendar management, attorneys had to calculate deadlines manually — a time-consuming and error-prone process. Legal calendar management automatically calculates deadlines to expedite the process and ensure accuracy.

With automated workflows, legal calendar management allows legal professionals to build workflows for each type of case or practice area of the firm.

For busy professionals juggling multiple responsibilities and clients, this ensures that important deadlines are not missed.

Just like you would schedule a meeting or task, paralegals should block focus time to manage and organize their calendars. Use these best practices to simplify how you manage your calendar.

Use a Coding System

Color coding creates an organizational schematic for the calendar. For example, using colors for different categories like client, internal, recurring, reminder, and travel helps everyone quickly identify the tasks that are relevant.

Implement a Centralized, Firm-Wide Calendar

Law firms should have a centralized calendar that’s used throughout the firm and managed by an experienced paralegal. This ensures that the firm staff has access to crucial information and deadlines from anywhere.

The calendar should be flexible and allow for different departments to toggle their view of desired information.

Legal calendars have a lot of moving parts that may involve multiple parties. This is why it’s important to create guidelines or rules for everyone in the firm when updating the calendar. For example, who submits case information? Who verifies the deadlines and completes follow-ups?

Incorporating this information in your firm’s workflows will ensure all staff members understand what they’re responsible for, and when. This process should be standardized, to alleviate bottlenecks or help with onboarding and training new staff.

Get The Entire Firm On Board

A new process takes time to implement and may come with learning curves. However, an efficient, organized legal calendar can’t be accomplished without buy-in across the firm.

There can be friction among staff when implementing new technology, especially if the firm has been more traditional. Take a top-down approach that begins with senior partners and managers. They can take the lead to bring everyone on board and get them excited about the capabilities of the new technology. No one likes change, but preparing the team can reduce friction and make the implementation process more efficient.

But remember, the best technology in the world is still just technology. It’s up to your firm and staff to use it to its fullest. Establishing clear roles and responsibilities for leaders and staff, providing training, and both giving and receiving feedback ensure that the legal calendar management software’s features and tools are used appropriately for your firm’s needs.

Article By Kamron Sanders of PracticePanther

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2022 PracticePanther