Road to Victory Just Got a Little Easier for Whistleblowers

In 2017, a federal jury found whistleblower Trevor Murray was wrongfully terminated after he refused “to change his research on commercial mortgage-backed securities.” He won over $900,000. On appeal in 2022, the U.S. Court of Appeals for the Second Circuit overturned Murray’s award, finding whistleblowers who bring a retaliation claim against their employer under the Sarbanes-Oxley Act (SOX) must prove their employer acted with “retaliatory intent.”

Earlier this month, the U.S. Supreme Court weighed in, issuing a unanimous decision in Trevor Murray v. UBS Securities LLC, et al. The justices found that the Second Circuit was wrong. That is, “when it comes to a plaintiff’s burden of proof on intent under SOX, they only need to show that their protected activity contributed to an unfavorable personnel action, such as a firing.” Once the plaintiff does this, the Supreme Court found the burden of proof shifts to the employer to prove that “it would have taken the same adverse action regardless of the employee’s protected activity.” The justices found the law is intended ”to be plaintiff-friendly.”

In light of this development, employers should continue to be diligent in documenting the reasons that lead to an employee’s termination. This is especially true if that employee may be found to have engaged in a protected activity, cloaking them with certain whistleblower protections.

In siding with whistleblower Trevor Murray, the justices rejected UBS’ position that a separate finding of retaliatory intent is required for whistleblower protection under the Sarbanes-Oxley Act, or SOX, which governs corporate financial reporting and recordkeeping.

Year in Review: Criminal Enforcement by the DOJ Antitrust Division in 2023

Introduction

When it comes to antitrust criminal enforcement, 2023 will be remembered as the year when the US Department of Justice’s (DOJ) Antitrust Division redefined and tested the outer boundaries of its authority. Here is a look back at the key events that defined the DOJ’s year in criminal antitrust enforcement.

Losses in Labor Markets

The DOJ continued its focus on labor markets in 2023 by pursuing per se no-poach and wage-fixing prosecutions despite resounding resistance by fact finders. In these cases, the DOJ alleged that companies and executives restrained trade in labor markets in violation of Section 1 of the Sherman Act through agreements that restricted movement and suppressed the wages of workers.

Courts have allowed these per se no-poach and wage-fixing cases to survive the motion to dismiss stage of litigation, but the DOJ’s success has routinely ended there. In 2022, the DOJ tried its first criminal no-poach case in US v. DaVita, which was successfully defended by McDermott and resulted in a complete acquittal of both corporate and individual defendants. In 2023, the DOJ fared no better:

  • In US v. Manahe (D. Maine), the DOJ charged four business managers in an alleged conspiracy to fix the wages and restrict the hiring of personal support specialist workers for two months during the pandemic. The government presented evidence such as text messages discussing hourly wages and recordings of meetings between the defendants, while the defendants countered by showing that the discussed prices were not implemented, and a draft agreement went unsigned. The jury acquitted all four defendants following a two-week trial in March 2023.
  • As we previously reported, the DOJ suffered a blow in US v. Patel (D. Connecticut) in April 2023. During a four-week trial, the government alleged that defendants conspired to restrict the hiring and recruiting of skilled workers and engineers in the aerospace industry. The defense moved for a judgment of acquittal under Rule 29 of the Federal Rules of Criminal Procedure, an extreme lever that judges rarely pull to end a trial before it reaches the jury. Judge Victor A. Bolden granted the motion and acquitted all the defendants. He found that the engineers’ freedom to switch companies and the number of exceptions to the agreements could not support finding market allocation as a matter of law.
  • In November 2023, the DOJ stunningly moved to dismiss its own case alleging a conspiracy by outpatient medical care competitors not to solicit senior-level employees. The case was three years into litigation; in its motion, the DOJ simply stated that dismissal would conserve court time and resources. This was the DOJ’s last pending no-poach case against a corporation.

If the DOJ’s labor markets cases have a theme, it is this: If at first you don’t succeed, try, try again. Despite four straight losses and a voluntary dismissal, the DOJ remains undeterred in bringing additional criminal wage-fixing and no-poach suits. The Biden administration’s “whole of government” approach to enforcement means that shared resources and collaboration among agencies, including the DOJ and the National Labor Relations Board, will continue into 2024. Assistant Attorney General Jonathan Kanter left no doubt that the DOJ is doubling down on its executive authority despite a losing track record in court: “Let me confirm: We are just as committed as ever to, when appropriate, using our congressionally given authority to prosecute criminal violations of the Sherman Act in labor markets.” Addressing the Women’s White Collar Defense Association in December 2023, Deputy Assistant Attorney General Doha Mekki echoed, “We look forward to charging more no-poach and wage-fixing cases.”

Per Se Problems

The DOJ stumbled in a different per se setting in December 2023, when a three-judge panel on the US Court of Appeals for the Fourth Circuit affirmed fraud charges but reversed the per se bid-rigging conviction of a steel and aluminum manufacturing sales manager turned executive. In US v. Brewbaker, the appellate panel found that “caselaw and economics show that the indictment failed to state a per se antitrust offense as it purported to do.”

In its 2020 indictment, the DOJ alleged that Brent Brewbaker of Contech Engineered Solutions conspired with a North Carolina distributor and exclusive dealer, Pomona Pipe Products, to share total bid pricing information on North Carolina Department of Transportation (NCDOT) aluminum projects and use that information to purposefully submit losing bids. This allegedly appeased Pomona and maintained Contech’s status on NCDOT’s “emergency bid list.” Contech pled guilty, but Brewbaker continued to trial. A jury found him guilty of bid rigging and other fraud charges; he appealed.

The Fourth Circuit held that the DOJ’s indictment implicated Contech and Pomona as horizontal competitors in NCDOT aluminum projects and as vertical competitors through their manufacturer-dealer relationship, resulting in a “hybrid” restraint. The DOJ sought to isolate Contech’s role as a manufacturer and competing bidder for NCDOT aluminum projects, focusing solely on the horizontal nature of the restraint and subsequently arguing for per se treatment.

The panel did not accept the DOJ’s argument that the conspiracy itself involved only horizontal conduct and instead considered the parties’ competitive relationship, which involved both horizontal and vertical aspects. The panel found that “agreements that look otherwise identical in form produce different economic effects based on how the parties relate to one another,” and stated that the DOJ’s theory would “force . . . arbitrary and likely impossible line-drawing” to determine which “part” of the entity to consider. The court continued, “The Sherman Act doesn’t ignore reality; it treats the entire business entity as the single party it is. . . . Antitrust law does not turn on such artificial mental gymnastics.”

Under this premise, the court moved through an analysis of case law and economic rationale to determine appropriate scrutiny. Although there is no direct guidance on hybrid restraints in the bid rigging context, the panel contrasted the present case with Leegin Creative Leather Products, 551 U.S. 877 (2007), where the Supreme Court of the United States applied per se scrutiny to a price fixing case despite both horizontal and vertical elements. In Brewbaker, the court found instead that the restraint in the indictment should not have been subject to the per se standard based on precedent, nor would it invariably lead to anticompetitive effects upon economic analysis—all making per se scrutiny inappropriate. As a result, and in a blow to the DOJ, the court reversed Brewbaker’s Sherman Act conviction.

In Full (Strike) Force

The DOJ’s Procurement Collusion Strike Force (PCSF) succeeded in securing several guilty pleas and stiff penalties in 2023. The PCSF is tasked with training government personnel and enforcing antitrust and fraud laws related to government contract bidding, grants and program funding.

PCSF Director Daniel Glad spoke to the National Association of State Procurement Officials in November 2023, highlighting the state and agency partnerships that comprise the PCSF. He pushed for even greater collaboration with state officials in 2024 and coming years, noting the recent influx of funds from the Infrastructure Investment and Jobs Act, which authorized billions of dollars in transportation and infrastructure programs. Later that month, the PCSF held its first summit to discuss strategies, priorities and resources. As reported by the DOJ, attendees included 11 “law enforcement partners” from across the country and 22 US Attorneys’ Offices.

These partnerships have surely strengthened the PCSF, and it has an extensive track record of successful convictions and guilty pleas. Among them are the following:

  • In January 2023, military contractor Aaron Stephens pleaded guilty to rigging bids related to the maintenance and repair of military tactical vehicles, following his alleged co-conspirator Mark Leveritt’s guilty plea July 2022. In August 2023, Stephens received an 18-month prison sentence and a $50,000 criminal fine. Leveritt received a six-month sentence and a $300,000 fine.
  • Also in January 2023, a construction company owner received a 27-month sentence and was ordered to pay a $1.75 million fine for fraudulently securing government contracts meant for service-disabled veteran-owned small businesses.
  • A Metropolitan Transportation Authority (MTA) employee out of New York pleaded guilty to engaging in wire fraud related to MTA excess vehicle auctions. Assistant Attorney General Jonathan Kanter described the conduct as “stealing from the public” and promised that the DOJ would continue to “detect and punish” those who abuse the public trust. Two additional guilty pleas by fellow MTA employees followed.
  • An insulation contractor out of Connecticut was the seventh person sentenced in a bid rigging and contract fraud investigation, resulting in a 15-month prison sentence and a restitution fine of more than $1 million. The alleged scheme related to insulation contracting at both public and private institutions, including universities and hospitals.
  • In March 2023, a Georgia jury found three military contractors guilty of conspiring to defraud the United States and two counts of major fraud related to two years of conduct.
  • A construction company owner faced a 78-month prison sentence and an almost $1 million restitution fine for bid rigging and bribery involving the California Department of Transportation (Caltrans). Defendant Bill Miller previously pled guilty to recruiting others to submit sham bids and to paying almost $1 million in cash bribes to a Caltrans contract manager. The manager himself received a 49-month prison sentence and a similar restitution fine, and a co-conspirator who submitted false bids received 45 months in jail and a $797,940 restitution fine.
  • A Texas judge ordered corporate defendant J&J Korea to pay almost $9 million for wire fraud and conspiracy to restrain trade related to subcontract work for US military hospitals in South Korea. A grand jury indicted two corporate officers for the same conduct in 2022.
  • Three military contractors received their sentences in December 2023 following a jury trial related to their alleged procurement fraud scheme. The defendants’ sentences included prison, supervised release and fines ranging from $50,000 to $250,000.

In December 2023, the PCSF also secured a seven-count indictment using wiretap evidence to charge two forest firefighting services executives with bid rigging, allocating markets and fraud. Wiretap evidence is rarely used in cartel investigations and marks a meaningful step in PCSF’s investigative approach. PCSF likely has already begun obtaining wiretap evidence in other cases and, based on its success in 2023, will continue pursuing aggressive investigative and litigation strategies moving forward.

Partnerships and Collaboration

Taking the PCSF to the global stage, the DOJ announced a joint initiative with Mexico’s Federal Economic Competition Commission and the Canadian Competition Bureau to collaborate on “outreach to the public and business community about anti-competitive conduct, as well as on investigations, using intelligence sharing and existing international cooperation tools” in the run-up to the 2026 FIFA World Cup to be hosted across the three countries.

In addition to its international partnerships for the World Cup, the DOJ is tackling technology with global efforts. In November 2023, DOJ leaders met with G7 competition authorities in Tokyo to discuss competition in digital markets and enforcement priorities. This was one in a series of meetings among authorities that have taken place since 2019 with a goal of setting and issuing guidance on shared priorities for regulating competition in tech. Following the summit, the group published a “communique” grounded in concern around emerging technologies, including risks in the criminal realm. The leaders noted, “As firms increasingly rely on AI to set prices to consumers, there is risk that such tools could facilitate collusion or unfairly raise prices.”

This sentiment is consistent with statements made earlier in the year by DOJ leadership. For example, Principal Deputy Assistant Attorney General Doha Mekki highlighted the role of technology in information exchanges. She described the current “inflection point” of algorithms, data and cloud computing as creating new market realties. Assistant Attorney General Jonathan Kanter stated that artificial intelligence’s “boundless potential” comes with “risks [that] transcend borders.” The consistency of rhetoric and global dedication to tackling the risks of emerging technology signals a potentially busy 2024 in this space.

The DOJ also continued its practice of partnering with fellow domestic law enforcement agencies. For example, the DOJ secured three guilty pleas in August 2023 for bid rigging asphalt paving services contracts in Michigan from 2013 to 2021. The DOJ worked with the Offices of Inspector General for the US Department of Transportation and the US Postal Service, and highlighted the partnership in public statements on the pleas. Deputy Assistant Attorney General Manish Kumar said, “Along with our law enforcement partners, the division will continue to seek justice when corporations and their leaders deprive customers of fair and open competition.” Cross-agency collaboration is a hallmark of the DOJ’s criminal enforcement and there is no reason to believe this practice will change in 2024.

Anything but Generic Remedies

In August 2023, the DOJ announced that it had entered into two unprecedented deferred prosecution agreements (DPAs) to resolve price fixing charges in the generic drug industry against Teva Pharmaceuticals USA, Inc., and Glenmark Pharmaceuticals, Inc. Teva and Glenmark agreed to pay $250 million and $30 million, respectively, in criminal penalties and compliance monitoring, with Teva also obligated to donate $50 million worth of drugs to aid organizations. These agreements included divestitures of the companies’ product lines for the cholesterol drug pravastatin, alleged as central to the alleged price fixing conspiracy underlying the agreements. These arrangements are unusual for two reasons.

DPAs

First, DPAs are typically unfavored by the government and used as incentives for cooperation early in investigations. It is striking that the DOJ entered into these agreements in such an advanced stage of litigation, where five other corporations and three individuals had already admitted to the implicated conspiracy. DPAs are agreements between the government and defendants in which the defendants accept certain penalties in exchange for prosecutors stopping their pursuit of the underlying charges. Prosecutions are “deferred” indefinitely while defendants fulfill their end of the bargain. Although both DPAs and plea agreements involve admitting wrongdoing, DPAs allow defendants resolution without admission of legal guilt. In the event defendants fail to meet the terms of the agreement, the government resumes its prosecution and seeks convictions.

“Extraordinary” Remedial Measures

Second, both DPAs involved unheard of divestitures of product interests in the cholesterol drug pravastatin, with Teva’s DPA requiring an additional measure of $50 million in donated clotrimazole and tobramycin to humanitarian organizations. All three generic drugs were impacted by the charged conspiracy. This remedy is first of its kind—criminal antitrust enforcers historically have sought monetary and prison sentences only. However, DOJ criminal enforcers driving outside of their historic lane is not necessarily inconsistent or surprising. The current administration has repeatedly committed to “using the whole legislative toolbox” in litigation.

Deputy Assistant Attorney General Manish Kumar stated in October 2023 that these divestitures were appropriate in the “heavily regulated” context of generic pharmaceuticals, where a corporate conviction could have precluded Teva and Glenmark’s participation in federal drug programs to such an extent that the companies would have gone out of business. Of course, these are not the first defendants to face corporate convictions in heavily regulated industries, and they are not even the first to do so in this specific alleged conspiracy.

Whether this specific tool will build or break down competition, whether criminal enforcers are equipped to evaluate the impact of divestiture, and whether it is appropriate to test this novel approach in an industry with an alleged prolific conspiracy among major players and thus among potential buyers remains to be seen. For better or worse there will be more data points to answer these and other uncertainties: Kumar noted that the DOJ hopes to implement divestitures as criminal remedies “in other contexts” moving forward.

Investigation Nearing Its End

On November 16, 2023, in a surprising turn of events shortly after the DOJ announced the resolutions with Teva and Glenmark, the DOJ moved to dismiss a February 2020 indictment against Ara Aprahamian, a former senior executive of Taro Pharmaceutical Industries charged with fixing prices, rigging bids and allocating markets for generic drugs. The district court granted the motion to dismiss the indictment with prejudice. Prior to filing the motion, the DOJ had been preparing for a February 2024 criminal trial against Aprahamian. As a result of these recent actions, the DOJ has no remaining public proceedings in connection with its investigation of pricing in the generic drug industry. And, in December 2023, a district court overseeing the multidistrict civil litigation against generic drug manufacturers for the same alleged conduct terminated the DOJ’s intervenor status in the case. Thus, the DOJ’s nearly decade-long investigation of the generic drug industry appears to be ending.

Monaco on Mergers and Corporate Compliance 

In a speech at the Society of Corporate Compliance and Ethics’ Annual Compliance & Ethics Institute, Deputy Attorney General Lisa Monaco emphasized the importance of compliance programs and announced a safe harbor policy for voluntary self-disclosures of antitrust wrongdoing by companies engaged in mergers and acquisitions.

Compliance

Deputy Attorney General Monaco focused her remarks on the increased importance of, and scrutiny on, corporate compliance programs. She noted that under a new initiative, every resolution by the Criminal Division requires companies to add compliance-promoting criteria to compensation systems. She also shared that the Division is enacting “clawback credits” to incentivize tying executive compensation to compliance. Remaining focused on bottom lines, she warned: “Invest in compliance now or your company may pay the price—a significant price—later.” These sharp words are consistent with the DOJ’s increased rhetoric on and policy prioritization of compliance programs throughout 2023.

Mergers & Acquisitions Safe Harbor Policy

Deputy Attorney General Monaco also commented on the recently unveiled DOJ-wide safe harbor allowing companies to report misconduct by the companies they seek to acquire or merge with. The covered conduct must be discovered through the M&A process. Conduct that should have otherwise been disclosed or which could have been publicly known does not count. Conduct already known to the DOJ is not entitled to safe harbor protection either.

Monaco stated, “Going forward, acquiring companies that promptly and voluntarily disclose criminal misconduct within the Safe Harbor period [six months from date of closing], and that cooperate with the ensuing investigation, and engage in requisite, timely and appropriate remediation, restitution, and disgorgement [within one year of closing]—they will receive the presumption of a declination.” In line with remarks by enforcers earlier in the year, Monaco specifically highlighted cybersecurity, tech and national security as areas of heightened risk and thus heightened scrutiny. Corporations in these markets should take heed of the DOJ’s emphasis on corporate compliance in 2024.

Looking Ahead

In 2023, criminal antitrust authorities used novel approaches at every stage of enforcement—from charging decisions to partnerships, to litigation, to remedies— and they show no sign of slowing down in 2024. The emergence of new technologies and a policy promise to forego old guideposts takes the DOJ further from the familiar, and perhaps further from its expertise.

In a high-stakes election year and with an influx of federal funds in infrastructure and defense spaces, the DOJ will likely hit the accelerator sooner than it hits the breaks. Markets that impact maximum voters, including employment, tax-funded government contracts, national security and healthcare, are likely focuses. All considered, it is more important than ever for businesses and individuals to stay up to date on policy priorities, revamp and champion internal compliance programs, and seek agile counsel in the ever-changing landscape of criminal enforcement to avoid costly investigations.

Texas Supreme Court Rules to Foreclose Attorney’s Fees in First Party Appraisal Context

The Supreme Court of Texas has issued its much-anticipated opinion on an open attorney’s fees question in the area of First Party Property appraisals.

The issue came to the Texas Supreme Court on a certified question from the 5th Circuit and considers the practical effect of the Texas Legislature’s 2017 amendments to the Texas Prompt Payment of Claims Act, Chapter 542, Insurance Code. In short, Texas Insurance Code Chapter 542A, among other reforms, sets forth a statutory formula to determine the amount of an attorney’s fees awarded for a prevailing insured in a weather-related first party property case against an insurer. Under the statute, the amount of reasonable and necessary attorney’s fees a prevailing insured can recover is reduced when the “amount to be awarded in the judgment” is less than the amount the insured claims is owed. In the appraisal context, insurers have paid the appraisal award, along with an amount sufficient to cover any potential statutory interest under Chapter 542A, then made the argument there can be no “amount to be awarded in the judgment” such that there is no liability for attorney’s fees.

In the recent ruling, the Texas Supreme Court agreed with this argument, noting that when a carrier pays the appraisal amount plus any possible statutory interest, it has “complied with its obligations under the policy.” In doing so, there is no remaining “amount to be awarded in the judgment,” and attorney’s fees are not available.

Going forward, this ruling should return the appraisal process to its intended function – an inexpensive and prompt resolution of claims, without the need for litigation – and avoid late invocation of appraisal as gamesmanship.

For more news on Attorneys’ Fees in Texas, visit the NLR Litigation / Trial Practice section.

PFAS MDL Settlements: Red Herrings For Downstream Companies

Leading up to the aqueous film-forming foam (AFFF) MDL litigation bellwether trial in June 2023, questions circulated regularly about the end game for the water utilities that had filed lawsuits alleging PFAS contamination to drinking water. With several hundred utilities with pending lawsuits seeking the costs for technology needed to filter PFAS from drinking water, monitoring wells, testing equipment, disposal costs, etc., and potentially thousands of other water utilities with similar potential lawsuits, the damages seemed astronomical. So, too, did the amount of time it would take to litigate each case to get the water utilities monetary relief. These two competing forces, plus the pressure of an actual trial date looming, led Dupont and 3M to announce PFAS MDL settlements in June 2023. At $1.185 billion by Dupont and between $10.3 billion and $12.5 billion by 3M, with the intention of both settlement funds to resolve all pending and potential water utility claims in the United States, it seemed to many that a resolution had been achieved that would address PFAS in drinking water systems without burdening utility customers or the utilities themselves.

The issue, though, is that over 9,000 water utilities were estimated to be in need of treatment technology to meet the EPA’s newly proposed drinking water standards. The American Water Works Association (AMWA) reminded everyone that their own estimates of the costs of compliance to the EPA’s level would cost utilities over $3.2 billion annually. Even buying into the old joke that lawyers are horrible at math, it does not take long for one to realize the significant gap in the proposed settlement amounts and AMWA’s estimates. Water utilities accepting money under the Dupont and 3M settlement funds are not all going to receive 100% of the necessary funding for remediation. How then will this deficit be resolved?

Water utilities will be reluctant to pass on all of the costs to customers, although pricing increases could provide a stopgap measure for water utilities on top of the MDL settlement funds. State or even federal funding may be available under grant, loan or other programs that can also assist. However, when the dust settles, it is likely that water utilities are going to look to a particular group of parties to pursue damages from – companies that discharged PFAS into waterways that fed into the water utility facilities. Lawsuits already abound nationally filed by private citizens against such companies for property damage, bodily injury and medical monitoring. Why then would water utilities finding themselves in need of significant money to properly treat drinking water not take similar legal action? Couple this with pressure water utilities are starting to receive in the form of finding themselves sued in class action lawsuits by private citizens, and the legal notion of contribution begins to ring very true for water utilities looking to minimize their own damages in such lawsuits and find sources of funding for remediation technology.

Companies that have historically discharged effluent into waterways that feed drinking water supplies must therefore keep all of the above in mind and not be lulled into a false sense of complacency that the Dupont and 3M settlements in the MDL are going to mean the end of PFAS drinking water litigation. I predict quite the opposite.

It is of the utmost importance that businesses along the whole commerce chain that have or believe that they might have used PFAS in certain processes take steps now to understand their PFAS risk. Public health and environmental groups urge legislators to regulate PFAS at an ever-increasing pace. Similarly, state level EPA enforcement action is increasing at a several-fold rate every year. Companies that did not manufacture PFAS, but merely utilized PFAS in their manufacturing processes, are becoming targets of costly enforcement actions at rates that continue to multiply year over year. Lawsuits are also filed monthly by citizens or municipalities against companies that are increasingly not PFAS chemical manufacturers. The only way to manage future risk is to fully understand what that risk picture looks like, and companies would be well-advised to invest in proper diligence for the PFAS risk question.

2023 Cybersecurity Year In Review

2023 was another busy year in the realm of data event and cybersecurity litigations, with several noteworthy developments in the realm of disputes and regulator activity. Privacy World has been tracking these developments throughout the year. Read on for key trends and what to expect going into the 2024.

Growth in Data Events Leads to Accompanying Increase in Claims

The number of reportable data events in the U.S. in 2023 reached an all-time high, surpassing the prior record set in 2021. At bottom, threat actors continued to target entities across industries, with litigation frequently following disclosure of data events. On the dispute front, 2023 saw several notable cybersecurity consumer class actions concerning the alleged unauthorized disclosure of sensitive personal information, including healthcare, genetic, and banking information. Large putative class actions in these areas included, among others, lawsuits against the hospital system HCA Healthcare (estimated 11 million individuals involved in the underlying data event), DNA testing provider 23andMe (estimated 6.9 million individuals involved in the underlying data event), and mortgage business Mr. Cooper (estimated 14.6 million individuals involved in the underlying data event).

JPML Creates Several Notable Cybersecurity MDLs

In 2023 the Judicial Panel on Multidistrict Litigation (“JPML”) transferred and centralized several data event and cybersecurity putative class actions. This was a departure from prior years in which the JPML often declined requests to consolidate and coordinate pretrial proceedings in the wake of a data event. By way of example, following the largest data breach of 2023—the MOVEit hack affecting at least 55 million people—the JPML ordered that dozens of class actions regarding MOVEit software be consolidated for pretrial proceedings in the District of Massachusetts. Other data event litigations similarly received the MDL treatment in 2023, including litigations against SamsungOverby-Seawell Company, and T‑Mobile.

Significant Class Certification Rulings

Speaking of the development of precedent, 2023 had two notable decisions addressing class certification. While they arose in the cybersecurity context, these cases have broader applicability in other putative class actions. Following a remand from the Fourth Circuit, a judge in Maryland (in a MDL) re-ordered the certification of eight classes of consumers affected by a data breach suffered by Mariott. See In Re: Marriott International, Inc., Customer Data Security Breach Litigation,No. 8:19-md-02879, 2023 WL 8247865 (D. Md. Nov. 29, 2023). As explained here on PW, the court held that a class action waiver provision in consumers’ contracts did not require decertification because (1) Marriott waived the provision by requesting consolidation of cases in an MDL outside of the contract’s chosen venue, (2) the class action waiver was unconscionable and unenforceable, and (3) contractual provisions cannot override a court’s authority to certify a class under Rule 23.

The second notable decision came out of the Eleventh Circuit, where the Court of Appeals vacated a district court’s certification of a nationwide class of restaurant customers in a data event litigation. See Green-Cooper v. Brinker Int’l, Inc., No. 21-13146, 73 F. 4th 883 (11th Cir. July 11, 2023). In a 2-1 decision, a majority of the Court held that only one of the three named plaintiffs had standing under Article III of the U.S. Constitution, and remanded to the district court to reassess whether the putative class satisfied procedural requirements for a class. The two plaintiffs without standing dined at one of the defendant’s restaurants either before or after the time period that the restaurant was impacted by the data event, which the Fourth Circuit held to mean that any injury the plaintiffs suffered could not be traced back to defendant.

Standing Challenges Persist for Plaintiffs in Data Event and Cybersecurity Litigations

Since the Supreme Court’s TransUnion decision in 2021, plaintiffs in data breach cases have continued to face challenges getting into or staying in federal court, and opinions like Brinker reiterate that Article III standing issues are relevant at every stage in litigation, including class certification. See, also, e.g.Holmes v. Elephant Ins. Co., No. 3:22-cv-00487, 2023 WL 4183380 (E.D. Va. June 26, 2023) (dismissing class action complaint alleging injuries from data breach for lack of standing). Looking ahead to 2024, it is possible that more data litigation plays out in state court rather than federal court—particularly in the Eleventh Circuit but also elsewhere—as a result.

Cases Continue to Reach Efficient Pre-Trial Resolution

Finally in the dispute realm, several large cybersecurity litigations reached pre-trial resolutions in 2023. The second-largest data event settlement ever—T-Mobile’s $350 million settlement fund with $150 million in data spend—received final approval from the trial court. And software company Blackbaud settled claims relating to a 2020 ransomware incident with 49 states Attorneys General and the District of Columbia to the tune of $49.5 million. Before the settlement, Blackbaud was hit earlier in the year with a $3 million fine from the Securities and Exchange Commission. The twin payouts by Blackbaud are cautionary reminders that litigation and regulatory enforcement on cyber incidents often go-hand-in-hand, with multifaceted risks in the wake of a data event.

FTC and Cybersecurity

Regulators were active on the cybersecurity front in 2023, as well. Following shortly after a policy statement by the Health and Human Resources Office of Civil Rights policy Bulletin on use of trackers in compliance with HIPAA, the FTC announced settlement of enforcement actions against GoodRxPremom, and BetterHelp for sharing health data via tracking technologies with third parties resulting in a breach of Personal Health Records under the Health Breach Notification Rule. The FTC also settled enforcement actions against Chegg and Drizly for inadequate cybersecurity practices which led to data breaches. In both cases, the FTC faulted the companies for failure to implement appropriate cybersecurity policies and procedures, access controls, and securely store access credentials for company databases (among other issues).

Notably, in Drizly matter, the FTC continued ta trend of holding corporate executives responsible individually for his failure to implement “or properly delegate responsibility to implement, reasonable information security practices.” Under the consent decree, Drizly’s CEO must implement a security program (either at Drizly or any company to which he might move that processes personal information of 25,000 or more individuals and where he is a majority owner, CEO, or other senior officer with information security responsibilities).

SEC’s Focus on Cyber Continues

The SEC was also active in cybersecurity. In addition to the regulatory enforcement action against Blackbaud mentioned above, the SEC initiated an enforcement action against a software company for a cybersecurity incident disclosed in 2020. In its complaint, the SEC alleged that the company “defrauded…investors and customers through misstatements, omissions, and schemes that concealed both the Company’s poor cybersecurity practices and its heightened—and increasing—cybersecurity risks” through its public statements regarding its cybersecurity practices and risks. Like the Drizly matter, the SEC charged a senior company executive individually—in this case, the company’s CISO—for concealing the cybersecurity deficiencies from investors. The matter is currently pending. These cases reinforce that regulators will continue to hold senior executives responsible for oversight and implementation of appropriate cybersecurity programs.

Notable Federal Regulatory Developments

Regulators were also active in issuing new regulations on the cybersecurity front in 2023. In addition to its cybersecurity regulatory enforcement actions, the FTC amended the GLBA Safeguards Rule. Under the amended Rule, non-bank financial institutions must provide notice to notify the FTC as soon as possible, and no later than 30 days after discovery, of any security breach involving the unencrypted information of 500 or more consumers.

Additionally, in March 2024, the SEC proposed revisions to Regulation S-P, Rule 10 and form SCIR, and Regulation SCI aimed at imposing new incident reporting and cybersecurity program requirements for various covered entities. You can read PW’s coverage of the proposed amendments here. In July, the SEC also finalized its long-awaited Cybersecurity Risk Management and Incident Disclosure Regulations. Under the final Regulations, public companies are obligated to report regarding material cybersecurity risks, cybersecurity risk management and governance, and board of directors’ oversight of cybersecurity risks in their annual 10-K reports. Additionally, covered entities are required to report material cybersecurity incidents within four business days of determining materiality. PW’s analysis of the final Regulations are here.

New State Cybersecurity Regulations

The New York Department of Financial Services also finalized amendments to its landmark Cybersecurity Regulations in 2023. In the amended Regulations, NYDFS creates a new category of companies subject to heightened cybersecurity standards: Class A Companies. These heightened cybersecurity standards would apply only to the largest financial institutions (i.e., entities with at least $20 million in gross annual revenues over the last 2 fiscal years, and either (1) more than 2,000 employees; or (2) over $1 billion in gross annual revenue over the last 2 fiscal years). The enhanced requirements include independent cybersecurity audits, enhanced privileged access management controls, and endpoint detection and response with centralized logging (unless otherwise approved in writing by the CISO). New cybersecurity requirements for other covered entities include annual review and approval of company cybersecurity policy by a senior officer or the senior governing body (i.e., board of directors), CISO reporting to the senior governing body, senior governing body oversight, and access controls and privilege management, among others. PW’s analysis of the amended NYDFS Cybersecurity Regulations is here.

On the state front, California Privacy Protection Agency issued draft cybersecurity assessment regulations as required by the CCPA. Under the draft regulations, if a business’s “processing of consumers’ personal information presents significant risk to consumers’ security”, that business must conduct a cybersecurity audit. If adopted as proposed, companies that process a (yet undetermined) threshold number of items of personal information, sensitive personal information, or information regarding consumers under 16, as well as companies that exceed a gross revenue threshold will be considered “high risk.” The draft regulations outline detailed criteria for evaluating businesses’ cybersecurity program and documenting the audit. The draft regulations anticipate that the audit results will be reported to the business’s board of directors or governing body and that a representative of that body will certify that the signatory has reviewed and understands the findings of the audit. If adopted, businesses will be obligated to certify compliance with the audit regulations to the CPPA. You can read PW’s analysis of the implications of the proposed regulations here.

Consistent with 2023 enforcement priorities, new regulations issued this year make clear that state and federal regulators are increasingly holding senior executives and boards of directors responsible for oversight of cybersecurity programs. With regulations explicitly requiring oversight of cybersecurity risk management, the trend toward holding individual executives responsible for egregious cybersecurity lapses is likely to continue into 2024 and beyond.

Looking Forward

2023 demonstrated “the more things change, the more they stay the same.” Cybersecurity litigation trends were a continuation the prior two years. Something to keep an eye on in 2024 remains the potential for threatened individual officer and director liability in the wake of a widespread cyberattack. While the majority of cybersecurity litigations filed continue to be brought on behalf of plaintiffs whose personal information was purportedly disclosed, shareholders and regulators will increasingly look to hold executives responsible for failing to adopt reasonable security measures to prevent cyberattacks in the first instance.

Needless to say, 2024 should be another interesting year on the cybersecurity front. This is particularly so for data event litigations and for data developments more broadly.

For more news on Data Event and Cybersecurity Litigations in 2023, visit the NLR Communications, Media & Internet section.

Year in Review: The Most Popular IP Posts of 2023

As 2024 begins and intellectual property (IP) strategies are being developed for the new year, it is a good time to reflect on what IP issues were prominent in 2023. According to many readers, hot IP topics included patent litigation strategies, artificial intelligence (AI), and pharmaceutical-related patent applications.

  1. An Overview of Shotgun Pleadings in the Federal Courts– This article explores types of shotgun pleadings identified by courts and outlines potential responses to a shotgun pleading.
  2. Lensa: Are AI Art Generators Copyright Infringers?– The ability of an AI tool, such as Lensa, to create near-replicas of other artists’ works leads to the question of whether AI-generated art can be considered derivative of other artworks. This article explores the answer to this question.
  3. Supreme Court Unanimously Affirms Amgen Repatha® Antibody Patents Invalid for Lack of Enablement– In their May 2023 decision in Amgen v. Sanofi, the U.S. Supreme Court held claims of patents, directed to a genus of potentially millions of antibodies, to be invalid because the patents failed to sufficiently enable one skilled in the art to make and use the full scope of the claimed inventions as required by 35 U.S.C. §112(a). This article explains the decision and its possible effect going forward.
  4. Why Pharma Companies Should File Patents Later In The R&D Process – This article discusses clinical trial related patent applications and best practices for maximizing patent term while minimizing risk of invalidation by public use.
  5. Federal Circuit Resolves District Court Split, Holds Foreign Defendant Cannot Defeat Rule 4(k)(2) Personal Jurisdiction by Unilateral Post-suit Consent to Jurisdiction in Alternative Forum – This article provides provide additional context regarding the Federal Circuit’s January 2023 decision in In re Stingray IP Solutions, LLC.

2023 Key Developments In The False Claims Act

2023 was another active year for the False Claims Act (FCA), marked by notable appellate decisions, emerging enforcement trends, and statutory amendments to state FCAs. We summarize the year’s most important developments for practitioners and government-facing businesses.

Developments in Caselaw

Supreme Court Holds That FCA Scienter Incorporates A Subjective Standard

The Supreme Court issued two consequential decisions on the False Claims Act this term. In the first, United States ex rel. Schutte v. SuperValu Co., 1 the Court held that objectively reasonable interpretations of ambiguous laws and regulations only provide a defense to the FCA’s scienter requirement if the defendant in fact interpreted the law or regulation that way during the relevant period. The Court held that the proper scienter inquiry is whether the defendant was “conscious of a substantial and unjustifiable risk” that their conduct was unlawful. 2 Previously, some courts (including the courts below in Schutte) had dismissed FCA claims based on an ambiguity in relevant statutory or regulatory provisions identified by a party’s attorneys, even if the party never actually believed that interpretation. Schutte precludes such a defense. That said, Schutte does require relators or the Government to allege facts to support an inference of actual knowledge of falsity, and some courts have granted motions to dismiss on that basis post-Schutte. 3

High Court Reaffirms Government’s Authority To Intervene And Dismiss Declined Actions, While Some Justices Raise Constitutional Questions

The Court also decided United States ex rel. Polansky v. Executive Health Resources, Inc., 4 which held that the Government may intervene in a declined action—i.e., where the Government declines to litigate the case at the outset under 31 U.S.C. § 3730(b)(4)(B)—for the purpose of dismissing it over the relator’s objection. The case essentially preserves the status quo, as courts widely recognized the authority of the Government to dismiss declined qui tams before PolanskyPolansky places two minor restrictions on the Government’s ability to dismiss declined actions. First, the Government has to intervene. 5 Second, the Government needs to articulate some rationale for dismissal to meet the standard of Rule 41(a), which the Court remarked that it will be able to do in “all but the most exceptional cases.” 6 More notably, however, three of the nine Justices (Justice Thomas in dissent and Justices Kavanaugh and Barrett in concurrence) signaled that they would entertain a challenge to the constitutionality of the qui tam mechanism under Article II. 7 Though the one court that has considered such arguments on the merits post-Polansky rejected them, 8 it remains likely that additional, similar challenges will be made.

Split In Authority Deepens On Causation In Kickback Cases

In FCA cases where the relator alleges a violation of the Anti-Kickback Statute (AKS), the payment of a kickback needs—at least in part—to have caused a submission of a false claim. That requirement flows from the statutory text of the AKS, which provides that claims “resulting from” AKS violations are “false or fraudulent claim[s]” for the purpose of the FCA. 9 But courts have not coalesced around a single standard for what it means for a false claim to “result from” a kickback. Before this year, the Third Circuit in United States ex rel. Greenfield v. Medco Health held that there needs to be “some link” between kickback and referral beyond temporal proximity. 10 On the other hand, the Eighth Circuit in United States ex rel. Cairns v. D.S. Medical, LLC, held that the kickback needs to be a but-for cause of the referral. 11 Earlier this year, the Sixth Circuit endorsed the Eighth Circuit’s interpretation of causation. The court reasoned that but-for causation is the “ordinary meaning” of “resulting from” and no other statutory language in the AKS or FCA justifies departure from a but-for standard. 12 But not every court has adopted the Sixth Circuit’s straightforward analysis.

In the District of Massachusetts, for example, two decisions issued this summer came out on opposite sides of the split. In both cases, United States v. Teva Pharmaceuticals USA, Inc., 13 and United States v. Regeneron Pharmaceuticals, Inc., 14 the Government alleged that the pharmaceutical companies were improperly paying copayment subsidies to patients for their drugs. Yet Teva adopted Greenfield’s “some link” standard, while Regeneron adopted the “but-for” standard of the Sixth and Eighth Circuits. The Teva court also certified an interlocutory appeal to the First Circuit to resolve the issue prior to trial, which remains pending. 15 FCA defendants in cases arising out of the AKS thus continue to face substantial uncertainty as to the applicable standard outside the Third, Sixth, and Eighth Circuits. That said, there is mounting skepticism of the Greenfield analysis, 16 and those defendants retain good arguments that the standard adopted by the Sixth and Eighth Circuits should apply.

Enforcement Trends

The also Government remained active in investigating and, in many cases, settling False Claims Act allegations. That enforcement activity included several large settlements, including a $377 million settlement with Booz Allen Hamilton arising out of its failure to comply with Federal Acquisition Regulation cost accounting standards. 17 Our review of this year’s activity revealed significant trends in both civil and criminal enforcement, which we briefly describe below.

Focus On Unsupported Coding In Medicare Advantage (Part C) Claims

Medicare recipients are increasingly turning to private insurers to manage the administration of their Medicare benefits: over half of Medicare enrollees now opt for managed care plans. 18 The Government announced several important enforcement actions focused on submissions to and the administration of Medicare Advantage plans.

On September 30, DOJ announced a $172 million settlement with Cigna due to an alleged scheme to submit unsupported Medicare coding to increase reimbursement rates. According to the press release, Cigna operated a “chart review” team that reviewed providers’ submitted materials and identified additional applicable diagnosis coding to include on requests for payment. The Government alleges that some of the coding Cigna added was not substantiated by the chart review. 19

Similarly, in October, the Government declined to prosecute insurer HealthSun for submitting diagnosis coding to CMS that increased applicable reimbursement rate of treatment without an actual underlying diagnosis by the treating physician. The declination was based on HealthSun’s voluntary self-disclosure of the conduct through the Criminal Division’s recently updated Corporate Enforcement and Voluntary Self-Disclosure Policy. 20 DOJ did, however, indict the company’s former Director of Medicare Risk Adjustment Analytics for conspiracy to commit healthcare fraud and several counts of wire fraud and major fraud against the Government in the Southern District of Florida. 21

In May, the United States Attorney’s Office for the Eastern District of Pennsylvania announced a settlement against a Philadelphia primary care practice based on the submission of allegedly unsupported Medicare diagnosis coding in Part C submissions. The press release asserts that the practice coded numerous claims with morbid obesity diagnoses when the patients lacked the required body-mass index for the diagnosis and diagnosed chronic obstructive pulmonary disease without appropriate substantiation. 22

Both managed care organizations and providers that submit claims to Medicare Advantage should review their claim coding practices to ensure that their claims accurately reflect the medical diagnoses of the treating physician, as well as the treatment provided.

DOJ Follows Through On Civil Cyber-Fraud Initiative

In 2021, DOJ announced the launch of its Civil Cyber-Fraud Initiative, 23 which was aimed at policing government contractors’ failures to adequately protect government information by meeting prescribed cybersecurity requirements. This year, the enforcement of that policy led the Government to alleged FCA violations based on implied or explicit certifications of compliance with cybersecurity regulations:

In September, the Government declined to intervene in a qui tam action against Pennsylvania State University alleging that Penn State falsely certified compliance with Defense Federal Acquisition Regulation Supplement 252.204-7012, which specifies controls required to safeguard defense-related information, during the length of its contract with the Defense Department. 24 However, the parties subsequently sought a 180 day stay of proceedings due to an ongoing government investigation, which was granted. 25 The application for the stay hinted that the Government may yet intervene in the action and file a superseding complaint. 26

DOJ also announced in September a $4 million settlement with Verizon Business Network Services LLC arising out of Verizon’s provision of internet services to federal agencies that was required to meet specific security standards. The Government’s press release, which specifically noted Verizon’s cooperation with the investigation, alleged that Verizon failed to implement “three required cybersecurity controls” in its provision of internet service, which were not individually specified. 27

Entities doing business with the Government should ensure that they are aware of all applicable cybersecurity laws and regulations governing that relationship and that they are meeting all such requirements.

Continued Crackdown On Telemedicine Fraud Schemes

Following OIG-HHS’s July 2022 Special Fraud Alert 28 regarding the recruitment of practitioners to prescribe treatment based on little to no patient interaction over telemedicine, DOJ announced several significant settlements involving that exact conduct. In many circumstances, the Government pursued criminal charges rather than civil FCA penalties alone.

In September, the United States Attorney’s Office for the District of Massachusetts announced a guilty plea to a conspiracy to commit health care fraud charge. The Government alleged that the defendant partnered with telemarketing companies to pay Medicare beneficiaries “on a per-order basis to generate orders for [durable medical equipment] and genetic testing,” and then found doctors willing to sign “prepopulated orders” based on telemedicine appointments that the doctors did not actually attend. 29

In June, as part of a “strategically coordinated” national enforcement action, DOJ announced action against several officers of a south Florida telemedicine company for an alleged $2 billion fraud involving the prescription of orthotic braces and other items to targeted Medicare recipients through cursory telemarketing appointments that were presented as in-person examinations. 30

Although enforcement in the telemedicine space to date has largely focused on obviously fraudulent conduct, practitioners should be aware that the Government may view overly short telemedicine appointments as insufficient to support diagnoses leading to claims for payment from the Government.

State False Claims Acts

Both Connecticut and New York made notable alterations to the scope of conduct covered by their state FCAs. Companies doing business with state governments should be aware that 32 states have their own FCAs, not all of which mirror the federal FCA.

Connecticut Expands FCA To Mirror Scope Of Federal Statute

Prior to this year, Connecticut’s False Claims Act covered only payments sought or received from a “stateadministered health or human services program” In June, however, Connecticut enacted a substantial revision to its state FCA, which seeks to mirror the scope and extent of the Federal FCA. 31 Those doing business with the state of Connecticut should conduct an FCA-focused compliance review of that business to avoid potential liability arising out of state law, and should also understand federal FCA jurisprudence, which is likely to have a significant influence on the new law’s interpretation.

New York Expands FCA To Cover Allow Tax-Related FCA Claims Against Non-Filers

New York is among the few states whose state FCAs cover tax-related claims. Prior to this year, though, the state and its municipalities could only assert tax-related claims against those who actually filed and whose filings contained false statements of fact. In May, New York amended its FCA to allow a cause of action against those who knowingly fail to file a New York tax return and pay New York taxes. 32 Companies doing business in New York should be aware that not filing required taxes in New York may potentially subject them to, among other things, the treble damages for which the FCA provides.

1 143 S. Ct. 1391 (2023).
Schutte, 143 S. Ct. at 1400-01.
See, e.g., United States ex rel. McSherry v. SLSCO, L.P., No. 18-CV-5981, 2023 WL 6050202,
at *4 (E.D.N.Y. Sept. 15, 2023).
4 143 S. Ct. 1720 (2023).
5 Id. at 1730.
6 Id. at 1734.
7 Id. at 1737 (Kavanaugh, J., concurring); id. at 1741-42 (Thomas, J., dissenting).
8 See United States ex rel. Wallace v. Exactech, Inc., No. 7:18-cv-01010, 2023 WL 8027309, at
*4-6 (N.D. Ala. Nov. 20, 2023).
9 See 42 U.S.C. § 1320a-7b(g).
10 United States ex rel. Greenfield v. Medco Health Sol’ns, 880 F.3d 89, 98-100 (3d Cir. 2018).
11 United States ex rel. Cairns v. D.S. Med., LLC, 42 F. 4th 828, 834-36 (8th Cir. 2022).
12 United States ex rel. Martin v. Hathaway, 63 F. 4th 1043, 1052-53 (6th Cir. 2023).
13 Civ. A. No. 20-11548, 2023 WL 4565105 (D. Mass. July 14, 2023).
14 Civ. A. No. 20-11217, 2023 WL 7016900 (D. Mass. Oct. 25, 2023)
15 See United States v. Teva Pharma USA, Inc., No. 23-1958 (1st Cir. 2023).
16 See, e.g., Regeneron, 2023 WL 7016900, at *11 (remarking that the Greenfield analysis is
“fraught with problems” and “disconnected from long-standing common-law principles of
causation”).
17 https://www.justice.gov/opa/pr/booz-allen-agrees-pay-37745-million-settle-false-claims-act-
allegations.
18 https://www.kff.org/policy-watch/half-of-all-eligible-medicare-beneficiaries-are-now-enrolled-
in-private-medicare-advantage-plans/.
19 https://www.justice.gov/opa/pr/cigna-group-pay-172-million-resolve-false-claims-act-
allegations.
20 See https://www.justice.gov/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-
remarks-georgetown-university-law.
21 https://www.justice.gov/opa/pr/former-executive-medicare-advantage-organization-charged-
multimillion-dollar-medicare-fraud.
22 https://www.justice.gov/usao-edpa/pr/primary-care-physicians-pay-15-million-resolve-false-
claims-act-liability-submitting.
23 See https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-
civil-cyber-fraud-initiative.
24 See United States ex rel. Decker v. Penn. State Univ., Civ. A. No. 22-3895 (E.D. Pa. 2023).
25 Id. at ECF Nos. 24, 37.
26 Id. at ECF No. 24.

27 See https://www.justice.gov/opa/pr/cooperating-federal-contractor-resolves-liability-alleged-
false-claims-caused-failure-fully.
28 https://oig.hhs.gov/documents/root/1045/sfa-telefraud.pdf.
29 https://www.justice.gov/usao-ma/pr/owner-telemedicine-companies-pleads-guilty-44-million-
medicare-fraud-scheme.
30 https://www.justice.gov/opa/pr/national-enforcement-action-results-78-individuals-charged-
25b-health-care-fraud.
31 See Conn. Gen. Stat. §§ 4-274–4-289.
32 See N.Y. State Fin. Law § 189(4)(a).

New Year, New Changes for California Employers in 2024

As 2024 quickly approaches, so, too, do many new obligations and restrictions for employers with California employees.

Below, we summarize significant changes to hiring and workforce management, litigation, wage and hour, and other California employment laws taking effect in the new year.

Unless otherwise noted, all new laws discussed below will be effective as of January 1, 2024.

HIRING & WORKFORCE MANAGEMENT

Restrictive Covenants

California has long been the nation’s leader in limiting employers’ use of restrictive covenants. SB 699 and AB 1076 make the California Business and Professions Code (the “B&P Code”), which generally voids restrictive covenants in California, even stricter.

As we previously reported, SB 699 broadens the B&P Code by adding a new Section 16600.5 that:

  • provides that any agreement void thereunder is also unenforceable in California regardless of where and when the agreement was signed;
  • makes it explicitly unlawful for employers to attempt to enforce or enter into a noncompete agreement (rather than simply voiding such agreements); and
  • grants current, former, and prospective employees a private right of action against employers that attempt to enforce or enter into a noncompete agreement.

AB 1076 further builds on these prohibitions by creating a new Section 16600.1, which makes it unlawful for employers to include noncompete clauses in employment agreements or to require an employee to enter into a noncompete. In addition, as we detailed here. As noted above, prior to these amendments, the B&P Code only voided such restrictive covenants.

AB 1076 also establishes a new notice obligation with which employers must comply by February 14, 2024. Specifically, employers must notify current and former employees who were employed after January 1, 2022, and are subject to an unlawful noncompete, that such agreement or clause is void. This notice requirement also extends to remote employees (current or former) who reside in California, even if the employer has no physical presence in California, as well as former employees who did not work in California during their employment but have since moved there.

Discrimination Protections for Off-Duty Cannabis Use

For the second year in a row, California enacted new employment protections for cannabis users under the state’s Fair Employment and Housing Act (FEHA). As we outlined here, last year’s AB 2188 amended FEHA to prohibit discrimination on the basis of off-duty, off-site use of cannabis, as well as on the basis of testing positive for the presence of non-psychoactive cannabis metabolites in an employee’s or applicant’s hair, blood, or bodily fluids.

SB 700 builds on these protections by further amending FEHA to prohibit employers from inquiring about applicants’ past cannabis use. Importantly, the law exempts from coverage situations in which an employer is permitted under state or federal law to obtain information about an applicant’s prior cannabis use from the person’s criminal history. Moreover, the law does not preempt state or federal laws requiring employers to test applicants or employees for controlled substances. Both SB 700 and AB 2188 will take effect at the start of the new year.

Anti-Retaliation Protections

California law provides applicants and employees who engage in certain protected activities with a variety of anti-retaliation protections. SB 497 further expands these protections by creating a rebuttable presumption of retaliation if an employer disciplines or takes adverse action against an employee or applicant within 90 days of the employee or applicant engaging in conduct protected by California Labor Code §§ 98.6, 1102.5, and 1197.5. This protected conduct includes, but is not limited to:

  • complaining about unpaid wages;
  • complaining about unequal pay violations, including being paid at wage rates less than the rates paid to an employee of the “opposite sex”;
  • disclosing the employee’s own wages;
  • discussing the wages of others;
  • inquiring about another employee’s wages;
  • aiding and encouraging another employee to exercise their rights under the law; and
  • whistleblowing.

Employers may rebut this presumption by establishing that there was a legitimate, non-retaliatory reason for the adverse action.

Paid Sick Leave

As we previously reported, this fall, the California Legislature amended and expanded employers’ paid sick time obligations under the Healthy Workplaces, Healthy Families Act (HWHFA). The overall structure of the HWHFA remains the same, but as of January 1, 2024, SB 616 increases the amount of paid sick time that employers must provide— from three days or 24 hours to five days or 40 hours. Importantly, employers may still choose either to front-load and offer a block grant of paid sick time at the beginning of each year or to use an accrual-based method. As before, with an accrual-based policy, all unused time carries over from year to year.

For accrual-based policies, SB 616 also does the following:

  • increases the cap of paid sick leave that employees can use each year from three days or 24 hours to five days or 40 hours;
  • increases the cap of the total amount of paid leave an employee may accrue from six days or 48 hours to 10 days or 80 hours; and
  • requires that employees accrue paid sick leave at either (1) no less than one hour for every 30 hours worked or (2) an alternative rate under which employees accrue (and are allowed to use) no less than three days or 24 hours of paid sick leave by the employee’s 120th calendar day of employment and no less than the greater of five days or 40 hours of paid sick leave by the employee’s 200th calendar day of employment.

To help employers comply with their new obligations under SB 616, the California Labor Commissioner’s office recently updated its “California Paid Sick Leave: Frequently Asked Questions” guidance and published an updated Paid Sick Leave poster and employee notice.

Leave for a Reproductive Loss

SB 848 creates protected leave for eligible employees who experience a “reproductive loss.” The new law applies to employers with five or more employees, and eligible employees are those who have been employed for at least 30 days prior to the leave. Employers must grant eligible employees up to five days of leave following a reproductive loss. The law broadly defines “reproductive loss” and includes failed adoption, failed surrogacy, miscarriage, stillbirth, and unsuccessful assisted reproduction. Similar to bereavement leave, which the California Legislature enacted in 2023, reproductive leave days must be taken within three months of the loss but do not have to be taken consecutively. Reproductive loss leave is not required to be paid, but it can be paid under the employer’s existing applicable paid time off policies, such as vacation, personal leave, or sick leave.

Workplace Violence Prevention Plans

Current California Division of Occupational Safety and Health (“Cal/OSHA”) regulations require employers to adopt an Injury and Illness Prevention Program (IIPP). SB 553 requires virtually all California employers to have in place by July 1, 2024, a written Workplace Violence Prevention Plan as a stand-alone section in their IIPP or as a separate document. Importantly, employers already covered by Cal/OSHA’s Violence Prevention in Health Care standard (the “Cal/OSHA Health Care Standard”) are excepted from SB 553’s scope, given that the Cal/OSHA Health Care Standard already requires such employers to establish, implement, and maintain workplace violence prevention plans.

SB 553 outlines several specific requirements for the Workplace Violence Prevention Plan, including detailing how the employer responds to any threat or act of violence that occurs in the workplace, procedures to identify and evaluate workplace hazards, and procedures for employees to report violent incidents or threats of violence. Employers must also provide specific training on the Workplace Violence Prevention Plan to employees, including an initial training when the Workplace Violence Prevention Plan is first established and then annually thereafter. Moreover, employers are also required under SB 553 to maintain training records and a violent incident log, which identifies, among other things, where and when a violent incident occurs, the type of violence that occurred, and a description of the incident.

Along with SB 428, beginning January 1, 2025, SB 553 also adds several new protections to the process through which employers may seek temporary restraining orders (TROs) and injunctions on behalf of an employee, including:

  • allowing TROs and injunctions to be sought not only when an employee is subjected to violence or threats of violence but harassment as well, and
  • authorizing collective bargaining representatives to seek TROs and injunctions on behalf of employees.

LITIGATION

No More Automatic Stay During Appeal of Motion to Compel Arbitration

SB 365 amends the California Code of Civil Procedure to state that trial court proceedings will no longer be automatically stayed when a party appeals an order denying a petition to compel arbitration. Under SB 365, beginning in the new year, courts are permitted to exercise discretion as to whether to stay trial court proceedings while an appeal is heard. This is significant because should a court determine that a stay is not warranted, an employer may be forced to continue defending itself in court from claims that may yet ultimately be subject to arbitration if the employer’s appeal is successful.

Privileged Communications Regarding Sexual Assault, Harassment, or Discrimination

Current California law makes certain publications and communications privileged, meaning that individuals who make the communications may be protected from liability for libel and slander. Included among these privileged communications are those related to sexual harassment. As such, if an employee makes a complaint of sexual harassment, without malice, to an employer, California law provides that the employee may not be liable for making such complaints.

AB 933 expands the types of communications that are privileged from liability to include communications regarding:

  • sexual assault;
  • sexual harassment;
  • an act of workplace harassment or discrimination, failure to prevent an act of workplace harassment or discrimination or an act of retaliation against a person for reporting workplace harassment or discrimination; and
  • an act of cybersexual bullying.

Individuals who have made such a communication may assert the privilege to bar liability if they are sued for making defamatory statements based on their own experience as victims of such incidents. In addition, such individuals may recover attorneys’ fees and costs, treble damages, and punitive damages if they prevail in a suit for defamation.

WAGE & HOUR

Wage Theft & Misclassification

AB 594 temporarily authorizes prosecutors through January 1, 2029, to pursue civil or criminal actions against employers that violate California Labor Code provisions related to wage theft and misclassification. Courts can grant prosecutors, including city, county, and state prosecutors, the Attorney General, and district attorneys, money damages (which must first be applied to employee payments), injunctive relief, and reasonable attorneys’ fees and costs that the Labor Commissioner would be entitled to seek. In addition, AB 594 clarifies that with respect to prosecutorial actions, any agreement between an employee and employer that purports to limit representative actions or to mandate private arbitration will not apply.

Minimum Wage

California’s minimum wage rate will increase to $16.00 per hour for all employers, regardless of size. This increase from $15.50 per hour is a result of an inflation adjustment made pursuant to Labor Code § 1182.12, which requires the California Director of Finance to calculate and increase the minimum wage depending upon the U.S. Consumer Price Index for Urban Wage Earners and Clerical Workers.

This increase also affects wage and hour exemptions that are based upon a salary floor that is two times the state minimum wage, such as the administrative, professional, and executive exemptions. As such, beginning January 1, 2024, the minimum salary threshold for these exemptions will increase to $66,560 per year.

Additionally, the minimum compensation threshold for the computer software exemption, which is not tied to the minimum wage rate like the administrative, professional, and executive exemptions, will also increase in 2024. For salaried employees, this threshold will be $115,763.35 per year. For hourly employees, this threshold will be $55.58 per hour. Employees must also continue to meet the applicable duties test to qualify for an exemption.

As a reminder, municipalities also continue to set local minimum wages that are higher than the state requirement.

Wage Notices

AB 636 amends the notice requirements for the Wage Theft Prevention Notices that employers must provide to nonexempt employees in California. In addition to the previously required information, such as rate of pay, regular payday, and right to paid sick leave, AB 636 requires that wage notices also contain information about the existence of a federal or state-declared emergency in the county where the employee is to be employed if it was issued within 30 days before the employee’s first day of work and may affect the employee’s health and safety during employment. The California Department of Industrial Relations has published a template that reflects this newly required information, as well as the amended paid sick leave requirements under SB 616.

In addition, AB 636 adds information required in notices for employees in California under an H-2A agricultural visa. This includes information describing employees’ rights and protections, including the right to meal and rest periods, transportation travel time, and employee housing rights. This new information for agricultural visa workers must be included in the wage notice starting March 15, 2024.

INDUSTRY-SPECIFIC AND OTHER BILLS

Health Care

SB 525 establishes new minimum wage rates for covered health care employees at covered health care facilities as of June 1, 2024. The law defines these terms as follows:

  • “Covered health care facilities” include, but are not limited to, facilities part of an integrated health care delivery system, acute care hospitals, acute psychiatric hospitals, special hospitals, licensed skilled nursing facilities (if owned, operated, or controlled by a hospital, integrated health care delivery system, or health care system), licensed home health agencies, outpatient clinics of hospitals, community clinics, urgent care clinics, physician groups, county correctional facilities that provide health care services, and ambulatory surgical centers certified to participate in Medicare.
  • “Covered health care employees” are those who provide patient care, health care services, or services supporting the provision of health care. They include contracted or subcontracted employees under certain circumstances.

The relevant minimum wage rate varies under the law depending on which of four tiers the covered health care facility falls within. For example, covered health care facilities with at least 10,000 full-time employees fall within the first tier of SB 525, so the minimum wage for these facilities’ covered health care employees is as follows:

  • From June 1, 2024, to May 31, 2025, inclusive, $23 per hour;
  • From June 1, 2025, to May 31, 2026, inclusive, $24 per hour; and
  • From June 1, 2026, and until adjusted below, $25 per hour.

Additional information regarding the four tiers, including which covered health care facilities are included therein and the minimum wage schedule applicable thereto, is available here.

Fast Food

Last year, California revolutionized the fast food industry when it adopted AB 257, also known as the Fast Food Accountability and Standards Recovery Act (the “FAST Recovery Act”). As of January 1, 2023, the FAST Recovery Act was supposed to create, among other things, a Fast Food Council responsible for establishing and implementing binding minimum standards for wages, hours, training, and working conditions. However, a court order stayed the law from taking effect late last year pending the outcome of a voter referendum scheduled for November 2024 (the “Referendum”).

This year, legislators worked with fast food industry and labor union representatives to reach a compromise in the form of AB 1228, which raises the minimum wage for fast food workers and significantly modifies the FAST Recovery Act. Provided that its supporters withdraw the Referendum by January 1, 2024, AB 1288, until January 1, 2029, repeals the FAST Recovery Act and establishes a Fast Food Council with more limited authority to recommend employment regulations. AB 1228 also eliminates provisions in the prior law regarding joint liability for fast food franchisors for their franchisees’ civil liability for employment law violations.

In addition, beginning April 1, 2024, AB 1228 raises the minimum wage rate for fast food workers in the state to $20 per hour. Beginning January 1, 2025, AB 1228 authorizes the Fast Food Council to establish annual minimum wage increases through January 1, 2029, up to 3.5 percent or the rate of change in the U.S. Consumer Price Index for Urban Wage Earners and Clerical Workers, whichever is lower. The law also preempts local municipalities from establishing higher minimum wage rates for fast food restaurant employees specifically; however, local municipalities are still permitted under the law to establish a higher minimum wage that is generally applicable to all industries.

Importantly, AB 1228 applies to “national fast food chains,” which the law defines as limited-service restaurants that share a common brand or are characterized by standard options for décor, marketing, packaging, products, etc., and are primarily engaged in providing food and beverages for immediate or off-premises consumption.

Hospitality and Business Service Providers

In the spring of 2021, California enacted legislation (SB 93) requiring covered employers in the hospitality and business services industry to notify and offer to rehire qualified former employees who were laid off during the COVID-19 pandemic. “Covered employers” include hotels or private clubs with 50 or more guest rooms, airports, airport service providers, event centers, and, in certain situations, retail and commercial buildings. Under SB 93, eligible employees are only entitled to these recall rights through December 31, 2024.

SB 723 broadens the scope of employees’ recall rights under SB 93 in three important ways. First, SB 723 expands the definition of “laid-off employees” who are entitled to recall rights. Under SB 93, “laid-off employees” are those workers: (1) who were employed by their employer for at least six months during the 12-month period before January 1, 2020, and (2) whose most recent separation from active service was due to the pandemic. Under SB 723, “laid-off employees” are those workers: (1) who were employed by their employer for at least six months; (2) whose most recent separation from active employment occurred on or after March 4, 2020; and (3) whose most recent separation from active employment was due to the pandemic.

Second, SB 723 establishes a presumption for determining whether a separation from active employment is “due to the pandemic.” Under the new law, separations due to a lack of business, a reduction in force, or other economic/non-disciplinary reasons will be presumed to be a result of the pandemic.

Finally, SB 723 extends the law’s sunset from December 31, 2024, to December 31, 2025.

WHAT EMPLOYERS SHOULD DO NOW

  • Consult with counsel regarding agreements with current and former employees to determine whether any contain any unlawful restrictive covenants. Revise any such agreements, as necessary, to comply with SB 699 and AB 1076.
  • Identify any current employees or former employees who were employed after January 1, 2022, who may be subject to an unlawful noncompete provision, and send them a compliant notice under AB 1076 by February 14, 2024.
  • Seek advice from counsel before attempting to enforce restrictive covenants against current, former, or prospective employees in California.
  • Review drug-screening policies and practices to ensure that you do not screen for non-psychoactive cannabis metabolites except as explicitly permitted under AB 2188.
  • Review interview, onboarding, and hiring policies and practices to ensure that you do not inquire about an applicant’s past cannabis use unless specifically permitted under SB 700.
  • If not already in place, adopt a compliant Workplace Violence Prevention Plan or update your IIPP to include the same.
  • Train employees regarding the Workplace Violence Prevention Plan and implement a process for maintaining relevant training and compliance records and a violent incident log.
  • Ensure there is a robust system for documenting any disciplinary or other adverse action taken against employees in light of the rebuttable presumption established under SB 497.
  • Review and revise leave of absence policies and practices to add protected time off for reproductive loss, and train managers and human resources personnel to appropriately respond to and track this leave.
  • Update paid sick leave policies to comply with SB 616, post the Labor Commissioner’s updated paid sick leave poster, and distribute the Labor Commissioner’s updated employee notice.
  • Review hourly wage rates for nonexempt employees and salary levels for employees who are exempt under the professional, administrative, and executive exemptions to ensure they continue to meet new wage requirements.
  • Prepare to use the updated Wage Theft Prevention Notice template (or revise your current notice if not using the template) for nonexempt employees hired on or after January 1, 2024.
  • If you are an employer in the health care sector, fast food, or hospitality/business services, review your policies and practices to ensure that they comply with the new industry-specific laws.

An Early Christmas Present from Three Fifth Circuit Judges Who Concluded a Louisiana Property Is Not Subject to Federal Clean Water Act Jurisdiction

Garry Lewis owns 2000 acres in Livingston Parish, Louisiana and he has been fighting with the Army Corps of Engineers over whether any of those 2000 acres are wetlands subject to Federal Clean Water Act jurisdiction for over a decade. On two separate occasions the Army Corps of Engineers has said the answer to that question is “yes”. The first time the Corps made this determination, a District Court Judge disagreed. The second time was before the Supreme Court’s definition of “Waters of the United States”, including jurisdictional wetlands, in Sackett v. EPA and it is that second determination that is the subject of a Fifth Circuit Court of Appeals decision earlier this week.

The Sacketts had been fighting with EPA and the Corps about whether their much smaller property was subject to Clean Water Act jurisdiction for twice as long as Mr. Lewis until the Supreme Court found in the Sacketts’ favor earlier this year. The day the Supreme Court decided Sackett I wrote that “[f]or my entire adult life, the Courts have deferred to EPA’s interpretation of statutes it has been charged by Congress to implement. That era is most certainly over . . .”

This week three Judges of the Fifth Circuit proved my point. Over the Corps’ objection, the Judges took it upon themselves to apply the Supreme Court’s Sackett holding to determine that “based on photographs of [Mr. Lewis’s] property” there is “no ‘continuous surface connection’ between any plausible wetlands on the Lewis tracts and a ‘relatively permanent body of water connected to traditional interstate navigable waters.’”

The Corps had argued unsuccessfully that it should be given the opportunity to apply Sackett for itself before Judges weighed in.

The Fifth Circuit Judges were probably right to conclude that, given the chance, the Corps “could create an ‘endless loop’ of financially onerous regulatory activity” for Mr. Lewis. But the Judges fail to mention that conclusion could be based on the fact that EPA’s and the Corps’ tenth, post Sackett, attempt to determine the reach of the Clean Water Act continues to extend Clean Water Act jurisdiction to “tributaries,” “impoundments,” and “wetlands” that have a “continuous surface connection” to waters that are not “traditional navigable waters, the territorial seas, [or] interstate waters.” That’s a different standard than the Justice Alito-supplied standard the three Fifth Circuit Judges applied in holding that the Lewis property was not subject to Clean Water Act jurisdiction even though a culvert on the Lewis property connects to a “relatively permanent water” which connects to another “relatively permanent water” which connects to a “traditional navigable water.”

Now EPA’s and the Corps’ most recent Waters of the United States regulation is currently being challenged in two Federal District Courts, including on the basis that the regulation is broader than allowed by the Supreme Court in Sackett. But that regulation hasn’t been struck down yet. That apparently didn’t matter at all to these three Judges of the Fifth Circuit. And it may be worth mentioning that one of those challenges to EPA’s and the Corps’ regulation is in Federal District Court in Texas which is in, you guessed it, the Fifth Circuit.

What does this all mean? Well, I think it means we’re going to continue to see some Judges applying the Supreme Court’s Sackett holding to determine the extent of Clean Water Act jurisdiction, ignoring EPA’s and the Corps’ subsequent regulation, unless and until Congress decides to get involved in the longest running controversy in environmental law.

Parody of Iconic Sneaker Isn’t Entitled to Heightened First Amendment Protection

The US Court of Appeals for the Second Circuit upheld a temporary restraining order and preliminary injunction enjoining use of a trademark and trade dress associated with an iconic sneaker design over a First Amendment artistic expression defense. Vans, Inc. v. MSCHF Product Studio, Inc., Case No. 22-1006 (2d Cir. Dec. 5, 2023) (per curiam). This case is the first time a federal appeals court has applied the Supreme Court of the United States’ recent decision in Jack Daniel’s v. VIP Products, which clarified when heightened First Amendment protections apply to expressive uses of another’s trademark and trade dress.

MSCHF Product Studio is a Brooklyn-based art collective known for provocative works that critique consumer culture. It sells its works in limited releases during prescribed sales periods called “drops.” It promoted and sold a shoe called the “Wavy Baby,” which is a distorted, corrugated version of the iconic black-and-white Vans Old Skool sneaker. MSCHF claimed that the product was a commentary on consumerism in sneakerhead culture and that the Wavy Baby shoes were not meant to be worn but were instead “collectible work[s] of art.”

MSCHF promoted the shoes using the musician Tyga. Vans sent MSCHF a cease-and-desist letter and a week later filed a six-count complaint in federal court, including a claim for trademark infringement under the Lanham Act. The following day, Vans filed a motion for a temporary restraining order, seeking to have the court enjoin the sale of the Wavy Baby shoes. Nevertheless, MSCHF proceeded with its pre-planned drop of the Wavy Baby sneakers and sold 4,306 pairs of the Wavy Baby in one hour.

About a week later, after oral argument on the temporary restraining order (TRO) motion, the district court granted Vans’s motion. The district court concluded that Vans would likely prevail in showing a likelihood of consumer confusion and rejected MSCHF’s contention that the Wavy Baby was entitled to special First Amendment protections because it was an artistic parody. MSCHF appealed.

The Second Circuit held the appeal in abeyance pending the Supreme Court’s Jack Daniel’s decision. In that case, Jack Daniel’s sued the maker of a squeaky dog toy that resembled the iconic whiskey bottle and used puns involving dog excrement in place of the actual language of the Jack Daniel’s label. In a unanimous decision, the Court clarified that special First Amendment protections (as used in the Rogers test for expressive works that incorporate another’s trademark) do not apply when a trademark is used as a source indicator—that is, “as a mark.”

The Second Circuit concluded that the Jack Daniel’s case “forecloses MSCHF’s argument that Wavy Baby’s parodic message merits higher First Amendment scrutiny” because, even though the product is a parody, the Rogers test does not apply if the mark is also used as a source identifier. The Second Circuit drew a direct parallel between Wavy Baby and the punning dog toy in the Jack Daniel’s case, noting that in both cases the infringing product evoked the protected trademark and trade dress of the target to benefit from the “good will” developed by the source brand. Hence, the Court held that the district court did not err in applying the traditional likelihood-of-confusion analysis rather than the speech-protective Rogers test.

Practice Note: An alleged infringer of a trademark may claim that its product is artistic expression to trigger the heightened First Amendment protections offered by filters such as the Rogers test. However, after Jack Daniel’s, courts are more likely to regard such defenses with skepticism unless the allegedly infringing work falls into a more canonical category of artistic expression such as a film, television show, song or video game.

This article was authored by Karen Gover.