Category: Politics

DNC, Bernie Sanders’ Data Breach – Breaches Are Not Just About Social Security Numbers or Payment Cards

Are pundits discussing the personal information allegedly accessed by a campaign staffer for Bernie Sanders? No, not really, and that is the point.

In Saturday’s debate at St. Anselm College in Manchester, New Hampshire, Democratic presidential candidates Bernie Sanders and Hillary Clinton jousted over an alleged intrusion into Clinton’s voter data by a Sanders campaign staffer. According to reports, the staffer accessed confidential voter data maintained by a vendor, NGP VAN, while the firewall protecting that data had been removed. (hmmm…a third party vendor) In response, the Democratic National Committee (DNC) terminated the Sanders campaign’s access to all voter data, including the campaign’s own data. Litigation followed, a deal was reached, but reverberations continue. Turn to your favorite cable news channel.

One hears “data breach” and immediately Social Security numbers, credit card data, or medical information come to mind. In this case, the personal information reported to be involved included names, addresses, ethnicity, and voting history, hardly considered to be sensitive personal information in the United States. In fact, none of the state data breach notification laws would require notification based solely on these data elements. (But see, e.g., FTC settlement involving email addresses). But, some of the information, particularly analytical data concerning voter preferences, can be tremendously helpful to a campaign. So it is easy to see why it is causing such a stir, particularly for the Sanders campaign.

Why is this important beyond presidential politics?

Organizations are beginning to recognize the need for data breach preparedness. This is good – we are seeing more internal teams being assembled and comprised of key stakeholders within organizations. They are meeting, learning and developing data breach response plans including sample investigation checklists and policies, template notification letters, vendor relationships and engaging in tabletop exercises.

Their initial focus, however, is often exclusively on breaches involving personal information that would trigger notification obligations under federal (e.g., HIPAA) and state laws. The Sanders breach and others before it should make clear that these teams need to look beyond Social Security numbers and payment cards and account for data breaches that could initiate an entirely different set of concerns, exposures, considerations and mitigation steps.

If breached, an organization’s proprietary data, internal email communications among executives and management, customer or client data, sales information, and as we are seeing even voter data can have catastrophic consequences for an organization. A breach exposing insensitive email correspondence in the c-suite about customers, or suggesting systemic discriminatory employment practices, or outlining detailed labor management strategies can have significant implications for a company’s market position and workforce management. It can also trigger unwanted litigation and adversely impact the organization’s reputation. Putting data belonging to others at risk also could result in the loss of access to critical business information help by others, as in the Sanders breach. These are only a handful of examples and one need only think about some of the sensitive business information maintained or accessed by their own organizations that is not personal information to understand the effects of a breach of that information.

Organizations cannot prevent all unflattering emails that are sent and received by members of their workforce, they cannot avoid collecting or accessing sensitive business information entirely, nor can they prevent all data breaches from occurring. But they can take steps to be prepared in the event of a breach and in doing so, should consider the broad range of breaches they could encounter. Organizations engaged in data breach response planning, therefore, need to consider a wide range of data breaches that could affect their organizations – those affecting personal information and those affecting other sensitive and critical business information.

Article By Joseph J. Lazzarotti of Jackson Lewis P.C.

Jackson Lewis P.C. © 2015

Marijuana-Legalization Efforts and Their Impact on the Presidential Race

With the race for the White House heating up, the “politics of marijuana” is looming as a possibly significant factor.

marijuana-leaf white background

Twenty-four state ballot initiatives on marijuana legalization in 16 states have been filed already and will be voted on in November 2016, including in the “swing states” of Arizona, Colorado, Florida, Michigan, Missouri, Nevada, and New Mexico.

This is important because marijuana-legalization ballot initiatives are widely acknowledged to “turn out the vote” of single-issue, first-time, and younger voters – all of whom disproportionately vote Democratic. In close races and swing states, they may make the difference. Insiders have reported that these voters have determined the outcome in several contested races and states in the last two election cycles (e.g., in Barack Obama’s defeat of Mitt Romney in Colorado in 2012).

Moreover, the marijuana-legalization issue is increasingly a focus in U.S. Senate and House races and in pro- and anti-marijuana bills. Recently, the House Republican leadership successfully stripped out pro-marijuana-legalization amendments to two pending bills.

Away from Capitol Hill, twenty-four states and Washington, D.C., already allow for “medical”-marijuana use – at least under some circumstances. Four states (Alaska, Colorado, Oregon, and Washington) and the District of Columbia allow adults to smoke marijuana “recreationally.”

However, proponents’ efforts to introduce marijuana into the legal and cultural mainstream have met with opposition in the workplace and the courts. Even as many states allow “medical” or “recreational” use of marijuana to some extent, the courts have upheld employers’ interests in maintaining drug-free workplaces against challenges by job applicants or employees who were not hired or have been terminated because of marijuana-related substance-abuse-prevention policy violations. Employers have prevailed in every court case brought by employees claiming a “medical”-marijuana justification for their positive drug tests after the company’s adverse employment action – including many decisions in California, Colorado, Michigan, Montana, Oregon, and Washington.

This litigation results from a clash between a culture that increasingly accepts marijuana and companies that prohibit illicit drug abuse because of legitimate safety and productivity concerns. The conflict ultimately will be resolved by Congress or the courts (four lawsuits currently are pending to invalidate Colorado’s legalization of marijuana). Meanwhile, the current Administration, through the U.S. Justice Department, has acquiesced in states legalizing marijuana, essentially by refusing to enforce the federal Controlled Substances Act in those states – an unprecedented policy. This policy could change on January 20, 2017, when a new president is inaugurated.

Thus far, most presidential contenders have shied away from the issue. However, former Texas Governor Rick Perry (R) has endorsed decriminalization. Kentucky Senator Rand Paul, a Libertarian, has consistently supported states’ rights to establish their own marijuana policies and supports decriminalizing marijuana possession. Former Secretary of State Hillary Clinton (D) has hinted that she is comfortable letting the states continue to experiment.

Conversely, New Jersey Governor Chris Christie (R) and Texas Senator Ted Cruz (R) have strongly opposed marijuana legalization, and Florida Senator Marco Rubio (R) also is on record as opposing marijuana legalization.

What the Congress does between now and mid-2016 may be critical. Supporters of marijuana legalization are gearing up. The marijuana industry has hired well-positioned lobbying firms. One of their top issues is to fix the rules that bar marijuana businesses from using banks. The well-funded National Cannabis Industry Association (NCIA) is supporting legislation that would change federal law to recognize the rights of local jurisdictions, including Washington, D.C., to create and regulate their own marijuana laws.

Finally, the U.S. Senate Appropriations Committee voted in support of opening banking services to state legal marijuana business. Senate Bill 683, the CARERS Act of 2015, introduced by New Jersey Senator Cory Booker (D), seeks to amend the federal Controlled Substances Act (21 U.S.C. § 801 et seq.) to ensure that CSA would not apply to anyone acting in compliance with state law relating to the production, possession, and distribution of medical marijuana. The proposal transfers marijuana from Schedule I to Schedule II of the CSA and prohibits federal banking officials from discouraging depository institutions from providing financial services to a marijuana-related, state-permitted legal business. A similar amendment was passed by the full House of Representatives in 2014. The House has not yet taken up the issue in 2015. House Republicans, however, supported a budget plan that would prevent legal sales of marijuana in the District until at least 2017.

Estimates indicate that the value of the legalized marijuana industry currently approaches $3 billion nationwide and is growing. Obviously, a lot is at stake.

The resolution of the marijuana-legalization issue, at both the federal and state levels, could play a significant role in determining the outcome of the upcoming presidential election.

Article By Mark A. de Bernardo & Robert Horn of Jackson Lewis P.C.
Jackson Lewis P.C. © 2015

Pay-to-Play Law on Gov. Christie’s Desk Poses Potential Threat to National Parties

Covington & Burling LLP

A little-noticed sentence in a bill sitting on New Jersey Governor Chris Christie’s desk could, if it becomes law, threaten to curtail the ability of national party committees to raise money from Wall Street and financial industry executives.  The Republican and Democratic Governors Associations, the Republican National Committee, the Democratic National Committee, and the federal congressional party committees could all be impacted.

New Jersey State Investment Council rules prevent the state pension fund from hiring an investment management firm if, within the two years prior, certain executives and professionals at the investment firm made a covered “political contribution or payment to a political party.”  The term “political party” means “any political party or political committee organized in the State” but does not include “a Federal or national campaign committee or a non-State political committee.”

The bill recently passed by the state legislature, however, would change that.  The bill—which we  flagged when it was making its way through the legislature—provides: “Regulations adopted by the council that address political contributions shall apply equally to contributions to any federal or national committee or a non-State political committee as to any other committee covered thereby.”

This poorly drafted provision could be read to apply only to political parties “organized in the State” such as the federal account of a New Jersey political party.  But it could also be read to apply to all federal or national party committees such as the RGA and the DNC.  Indeed, on passage, a sponsor statethat “the legislation would require the investment council to put in place a rule prohibiting firms it selects to invest pension funds from making contributions to any national political organization.”

The statute could therefore restrict federal and national political contributions in ways that reach further than any other pay-to-play law in the country.  Moreover the State Investment Council chairman suggested that the state would have to liquidate existing investments if executives from those investment firms made contributions to national party organizations, even if the contributions were permissible at the time.

Governor Christie has not said whether he plans to sign the bill.  If the law passes, the State Investment Council may promulgate regulations interpreting the law more narrowly.  And even if the law is interpreted to bar contributions to federal party committees and groups like the RGA and DGA, it seems highly vulnerable to challenge on First Amendment and federal preemption grounds.  But in the meantime, as we approach a Presidential election, the political contributions of many on Wall Street and in the financial industry could be chilled and fundraising for national party committees may take a hit.

ARTICLE BY

Zachary G. Parks
Covington & Burling LLP