Category: Uncategorized

Year End 2015 Update – gTLD Sunrise Periods Now Open

New generic top-level domains (gTLDs, the group of letters after the “dot” in a domain name) have launched their “Sunrise” registration periods. As of the date of this newsletter, Sunrise periods are open for the following new gTLDs:

.OFFICE

.feedback

.family

.auto

.cars

.car

.lasalle

.cloud

.wine

.vin

.theatre

.SECURITY

.PROTECTION

.xn--tckwe (.コム – Japanese for “com”)

.YACHTS

.BOATS

.HOTELES

ICANN maintains an up-to-date list of all open Sunrise periods here. This list also provides the closing date of the Sunrise period. We will endeavor to provide information regarding new gTLD launches via this monthly newsletter, but please refer to the list on ICANN’s website for the most up-to-date information, as the list of approved/launched domains can change daily.

Because new gTLD options will be coming on the market over the next year, brand owners should review the list of new gTLDs to identify those that are of interest.

Article By Monica Riva TalleyTracy-Gene G. Durkin & Shana L. Olson of
Sterne, Kessler, Goldstein & Fox P.L.L.C.

© 2015 Sterne Kessler

Extension of 2015 Affordable Care Act Reporting Deadlines

On December 28, 2015, the Internal Revenue Service issued Notice 2016-4 extending the deadline for information reporting requirements under the Patient Protection and Affordable Care Act (the “ACA”). The reporting requirements are intended to assist the IRS in application of ACA penalties and were two-fold: an initial disclosure to the employee and a final report to the IRS. These requirements were to be satisfied by the filing of Form 1095 (with different filings under Form 1095-B or 1095-C dependent on the type of insurance arrangement sponsored by the employer). The deadline for furnishing the form to the employee had been set for February 1, 2016. The deadline for filing Form 1095 with the IRS was to be February 29 for non-electronic filers and March 31 for all employers who are “electronic filers” (filing greater than 250 single 1095 forms).

Notice 2016-4 has now extended those deadlines as follows:

New deadline for furnishing Form 1095 to employees: March 31, 2016.

New deadline for filing Form 1095 with the Service:

Non-electronic filers: May 31, 2016.

Electronic filers: June 30, 2016.

Article By Nicole M. Hanna of Dinsmore & Shohl LLP

© 2015 Dinsmore & Shohl LLP. All rights reserved.

Center for Devices and Radiological Health (CDRH) Schedules January 2016 Cybersecurity Workshop

Center for Devices and Radiological Health, CDRH has scheduled a cybersecurity workshop entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity,” on January 20-21, 2016 (see here for the Federal Register announcement).

Background and Workshop Context

As we discussed in a previous post, cybersecurity vulnerability is an increasing concern as medical devices are becoming more connected to the Internet, hospital networks, and other medical devices. Cybersecurity vulnerabilities may result in device malfunction, interruption of healthcare services including treatment interventions, inappropriate access to patient information, and breached electronic health record data integrity.

In the Federal Register announcement for the workshop, FDA states protecting the Healthcare and Public Health (HPH) critical infrastructure from attack by strengthening cybersecurity is a “high priority” of the Federal Government. For example, two recent Executive Orders (here and here) address enhancing cybersecurity infrastructure and increasing cybersecurity information sharing. Additionally, Presidential Policy Directive 21 states that the Federal Government shall work with the private sector to manage risk and strengthen the security and resilience of critical infrastructure against cyber threats.

Given this context, FDA, other governmental agencies, and public/private partnerships have sought to address cybersecurity vulnerability in recent years. For example, last year, CDRH finalized its guidance for industry entitled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” Also in 2014, the National Institute of Standards and Technology (NIST) published a voluntary, risk-based framework focusing on enhanced cybersecurity. According to FDA, the HPH sector has utilized the framework to help manage and limit cybersecurity risks.

Workshop Objectives

At the public workshop, CDRH hopes to address vulnerability management throughout the medical device total product lifecycle. According to the Federal Register announcement, vulnerability management includes: analyzing how a vulnerability may affect device functionality, evaluating the vulnerability effect across product types, and selecting temporary solutions that may be employed until a permanent fix can be implemented. Vulnerabilities can be identified by the device manufacturer or external entities, including healthcare facilities, researchers, and other sectors of critical infrastructure.

The Agency believes an important component of vulnerability management is coordinated vulnerability disclosure (also known as responsible disclosure). Under coordinated vulnerability disclosure, all stakeholders agree to delay publicizing vulnerability details for a certain period of time, while the affected manufacturer works to rectify the vulnerability.

Further, CDRH states that one of the tools medical device manufacturers or healthcare facilities may use to evaluate and manage vulnerability is the Common Vulnerability Scoring System (CVSS). CVSS is a risk assessment tool that “provides an open and standardized method for rating information technology vulnerabilities.” CDRH notes, however, that CVSS does not directly incorporate patient risk and public health impact factors.

Workshop Themes

CDRH states that it hopes to address the following general themes during the workshop:

  • Envisioning a roadmap for coordinated vulnerability disclosure and vulnerability management as part of the broader effect to create a trusted environment for information sharing.

  • Sharing FDA’s current thinking on the implementation of the NIST framework in the medical device total product lifecycle.

  • Adapting cybersecurity and/or risk assessment tools such as CVSS for the medical device operational environment.

  • Adapting and/or implementing existing cybersecurity standards for medical devices.

  • Understanding the challenges that manufacturers face as they increase collaboration with external third parties (cybersecurity researchers, Information Sharing and Analysis Organizations (ISAOs), and end users), to resolve cybersecurity vulnerabilities that impact their devices.

  • Gaining situational awareness of the current activities of the HPH sector to enhance medical device cybersecurity.

  • Identifying cybersecurity gaps and challenges that persist in the medical device ecosystem and begin crafting action plans to address them.

Persons interested in attending the workshop must register online by January 13, 2016. Public comments concerning the workshop’s objectives or general themes can be submitted online or by mail.

Article By Christopher Hanson of Covington & Burling LLP

© 2015 Covington & Burling LLP

FAA and OSHA Enter into Agreement to Strengthen Enforcement of AIR21 Whistleblower Protection Law

The FAA and OSHA have entered into a Memorandum of Understanding to facilitate coordination and cooperation concerning enforcement of the AIR21 whistleblower protection law.

The DOL and FAA both play a critical role in enforcing the whistleblower protection provision of AIR21. FAA has responsibility to investigate complaints related to air carrier safety and has authority under the FAA’s statute to enforce air safety regulations and issue sanctions to airmen and air carriers for noncompliance with these regulations. FAA enforcement action may include air carrier and/or airman certificate suspension and/or revocation and/or the imposition of civil penalties. Additionally, FAA may issue civil penalties for violations of 49 U.S.C. § 42121. OSHA has the responsibility to investigate employee complaints of discrimination and may order a violator to take affirmative action to abate the violation, reinstate the complainant to his or her former position with back pay, and award compensatory damages, including attorney fees.

Under the MOU, OSHA will promptly notify FAA of any AIR21 whistleblower retaliation complaints and will provide the FAA with all investigative findings and preliminary orders, investigation reports, and orders associated with any hearing or administrative appeal related to the complaint. And when a whistleblower notifies the FAA of retaliation involving air carrier safety, the FAA will promptly provide OSHA with a copy of the complaint and will advise the whistleblower that an AIR21 complaint must be filed with OSHA within 90 days of the retaliation. And the FAA will provide OSHA with the general results of any investigation conducted, to include whether or not FAA concluded there was a violation of a federal regulation, order, or standard relating to air carrier safety.

ARTICLE BY Jason Zuckerman of Zuckerman Law

© 2015 Zuckerman Law

Four New Year’s Resolutions to Avoid the Damaging Loss of Trade Secrets

On December 21, 2015, an Illinois jury awarded Miller UK Ltd. $73.6 million against Caterpillar Inc.  Miller supplied couplers for Caterpillar’s equipment, and the jury concluded that Caterpillar used its leverage as Miller’s largest customer to demand access to information that Caterpillar then used to manufacturer its own version of the coupler.  As a result of the alleged theft, Miller claimed it had to terminate roughly seventy-five percent of its workforce, close an office, and scale back a new business venture.  This lawsuit was not between an employer and an employee, but it holds important lessons for employers that operate in industries and environments with valuable trade secrets.

1.   Audit Non-Disclosure Agreements

Trade secrets laws across the country provide a layer of protection for misappropriated trade secrets.  Non-disclosure and confidentiality agreements can often provide additional protection, by catching disclosures that would not be covered by trade secrets laws.

In the New Year, audit company records to confirm that any company or person who has access to the company’s trade secrets and proprietary information has signed a non-disclosure or confidentiality agreement.  If any of these parties did not sign an agreement during the contracting process, get an agreement in place immediately.

2.  Review Materials

In the New Year, review the company’s handbooks, policies, offer letters, and employment agreements to ensure that they prohibit theft and misappropriation of trade secrets and proprietary information from third parties (and not just the company).

Not only will this hopefully prevent employees from engaging in misconduct for which the company could be held liable (i.e. engaging in misappropriation), it could help the company avoid being held liable for any misconduct that does occur.

3.  Audit Restrictive Covenants

To the extent that your company has trade secrets and proprietary information that can be protected through restrictive covenants under applicable law, in the New Year, audit the company’s agreements with employees to ensure that all employees who have access to that information have signed the required restrictive covenants.  If an employee has not signed an agreement, identify what legal consideration will be required to obtain enforceable restrictive covenants. For those employees who have signed restrictive covenants, confirm that the company has signed (if required) and that the company records consist of both the employee’s signature and the body of the agreement that the employee signed.  Finally, review the company’s form restrictive covenants to ensure that they have kept up with the growth and development of the company (i.e. that they protect all of the company’s trade secrets and proprietary information) and with the latest developments in the law.

4.  Resolve

In the New Year, resolve to follow the three steps above at least once per year.  As the verdict demonstrates, an ounce of prevention is worth a pound of cure.  Following a regular maintenance schedule is the best way for a company to minimize the risks associated with trade secrets and proprietary information.

Article By Gillian McKean Bidgood of Polsinelli PC

© Polsinelli PC, Polsinelli LLP in California

Hillshire Brands Company Pays $4 Million to Settle Race Discrimination Suit

EEOCSealAfrican American Bakery Workers Subjected to Racist Comments and Graffiti in the Worksite, Federal Agency Charged

DALLAS – Hillshire Brands Company (formerly known as the Sara Lee Corporation) will pay $4 million to a group of 74 African-American former employees and provide other significant relief to settle a lawsuit where they were subjected to a racially hostile work environment at a former Sara Lee facility in Paris, Texas, the agency announced today.

EEOC claimed African-American employees were subjected to racist graffiti on the walls of the bathrooms and locker room. The former bakery employees also alleged that during work hours, they were berated with racial slurs by supervisors and other white co-workers, and complaints by the plant workers went unaddressed by management.

Race discrimination in the workplace, including race harassment, violates Title VII of the Civil Rights Act of 1964.  The EEOC filed suit (Case No. 2:15-cv-1347) in U.S. District Court for the Eastern District of Texas, Marshall Division, after first attempting to reach a pre-litigation settlement through its conciliation process.

“The Commission completed an extensive investigation at the Sara Lee plant, which included conducting interviews with the former bakery workers,” said Meaghan L. Shepard, trial attorney for the Dallas District of EEOC. “EEOC determined racial slurs and graffiti continued at the facility in Paris for years, until the doors finally closed in November 2011.”

“EEOC strongly believes it is critically important for companies to set policies and provide effective avenues for complaints to address racial harassment in the workplace,” said EEOC Supervisory Trial Attorney Suzanne Anderson. “African-American workers on the Sara Lee bakery production lines in Paris felt embarrassed and intimidated by the graffiti in the bathroom and the racial slurs on the production floor. Strong corporate policies and quick remedial action protects against this type of workplace discrimination.”

The two-year consent decree settling the case provides for an injunction where Hillshire Brands will implement various preventative approaches regarding discrimination or harassment against any employee on the basis of race and will periodically report incidents or investigations to EEOC. Hillshire Brands also agreed to engage in remedial measures such as anti-discrimination training and implementation of procedures to prevent and promptly address graffiti issues.

Belinda McCallister, acting director of EEOC’s Dallas District Office, said, “We are pleased with the approach taken by the employer to acknowledge the hostile environment that once existed and for taking positive steps toward ensuring a healthy workplace in the future.”

EEOC enforces federal laws prohibiting employment discrimination. Further information about EEOC is available on its web site at www.eeoc.gov.

See original news release here: http://www1.eeoc.gov/eeoc/newsroom/release/12-22-15.cfm

© Copyright U.S. Equal Employment Opportunity Commission

Happy Holidays from the National Law Review

This holiday season, we at the National Law Review find ourselves grateful to our clients, publishers, and readers. Thanks for reading and we hope you have a happy holiday season!

Christmas tree

  • Jennifer, Lane, Nicole, Eilene, Karolina, Colleen & Marlene

Government Forces Awaken: Rise of Cyber Regulators in 2016

As the sun sets on 2015, but before it rises again in the New Year, we predict that, in the realm of cyber and data security, 2016 will become known as the “Rise of the Regulators.” Regulators across numerous industries and virtually all levels of government will be brandishing their cyber enforcement and regulatory badges and announcing: “We’re from the Government and we’re here to help.”

The Federal Trade Commission will continue to lead the charge in 2016 as it has for the last several years. Pursuing its mission to protect consumers from unfair trade practices, including from unauthorized disclosures of personal information, and with more than 55 administrative consent decrees and other actions booked so far, the FTC (for now) remains the most experienced cop on the beat.   As we described earlier this year, the FTC arrives with bolstered judicial-enforcement authority following the Third Circuit’s decision in the Wyndham Hotel case.  Notwithstanding the relatively long list of administrative actions and its published guidance – businesses that are hacked and that lose consumer data, are at risk of attracting the attention of FTC cops and of proving that their cyber-related systems, acts and practices were “reasonable.”

But the FTC is not alone. In electronic communications, the Federal Communications Commission (FCC) in 2015 meted out $30 million in fines to telecom and cable providers, including to AT&T ($25 million) and Cox Communications ($595K). And this agency, increasingly known for its enforcement activism, may have just begun.  Reading its regulatory authority broadly, the FCC has asserted a mandate to take “such actions as are necessary to prevent unauthorized access” to customers’ personally identifiable information. This proclamation, combined with the enlistment of the FCC’s new cyber lawyer/computer scientist wunderkind to lead that agency’s cyber efforts, places another burly cop on the cyber beat.

The Securities and Exchange Commission (SEC) will be patrolling the securities and financial services industries. Through its Office of Compliance Inspections and Examinations (OCIE), the SEC is assessing cyber preparedness in the securities industry, including investment firms’ ability to protect broker-dealer and investment adviser customer information. It has commenced at least one enforcement action based on the agency’s “Safeguards Rule” (Rule 30(a) of Regulation S‑P), which applies the privacy provisions in Title V of the Gramm-Leach-Bliley Act (GLBA) to all registered broker-dealers, investment advisers, and investment companies. With criminals hacking into networks and stealing customer and other information from financial services and other companies, expect more SEC investigations and enforcement actions in 2016.

Moving to the Department of Defense (DoD), new rules, DFARS clauses, and regulations (e.g., DFARS subpart 204.73, 252.204–7012, and  32 CFR § 236) are likely to prompt the DoD Inspector General and, perhaps, the Defense Contracting Auditing Agency (DCAA) to examine whether certain defense contractors have the required security controls in place.  Neither the DoD nor its auditors have taken action to date.  But don’t mistake a lack of overt action for a lack interest (or planning).  It would come as no surprise if, by this time next year, the DoD has launched its first cyber-regulation mission, be it by the False Claims Act, suspension and debarment proceedings, or through terminations for default.

In addition to these cyber guardians, other federal agencies suiting up for cyber enforcement include:

  • The Consumer Financial Protection Board’s (CFPB) growing Cybersecurity Program Management Office;

  • The Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability, examining the security surrounding critical infrastructure systems;

  • The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services, addressing healthcare providers and health insurers’ compliance with health information privacy and security safeguard requirements; and

  • The Food and Drug Administration, examining the cybersecurity for networked medical devices containing off-the-shelf (OTS) software.

But these are just some of the federal agencies poised for action.   State regulators are imposing their own sector-specific cyber security regimes as well.   For example, the State of California’s Cybersecurity Task Force, New York’s Department of Financial Services, and Connecticut’s Public Utility Regulatory Agency are turning their attention toward cyber regulation. We believe that other states will join the fray in 2016.

At this relatively early stage of standards and practices development, the National Institute of Standards and Technology (NIST) 2014 Cyber Security Framework lays much of the foundation for current and future systems, conduct, and practices. The NIST framework is a “must read.” NIST, moreover, has provided additional guidance earlier this year in its June 2015 NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.  While addressing security standards for nonfederal information systems (i.e., government contractors’ information systems), it also provides important guidance for companies who do not operate within the government contracts sphere.  Ultimately, this 2015 NIST publication may serve as an additional general standard against which regulators (and others) may assess institutional cybersecurity environments in 2016 – and beyond.

But for now, the bottom line is that in 2016 companies now must add to its list of actual or potential cyber risks and liability, the hydra-headed specter of multi-sector, multi-tiered government regulation – and regulators.

Article By Dave ThomasAlexander W. Major & Melinda R. Biancuzzo
Copyright © 2015, Sheppard Mullin Richter & Hampton LLP.

New Federal Rules of Civil Procedure: 3 Must Read Changes

Although the Supreme Court will say they’re simply more “proportional,” it seems they were trying to find a new phrase that would lead to less abuse of the relevancy standard.  This, however, is only one of the significant changes recently doled out in the December 1, 2015 amendments to the Federal Rules of Civil Procedure (FRCP).  It will be interesting to see how these new standards evolve.  With respect to IP litigation and expert discovery, we see three major changes:

Faster

Andale!  The new rules are speeding things up.  Remember when you used to have 120 days to serve the defendant in federal court?  You could file your complaint, sit back, enjoy a cup of java and relax a little. The Supreme Court says, “No longer.”  The previous Rule 4(m) deadline has been shaved down to a mere 90 days ─ a period that can fly by when you’re trying to locate or track down a difficult defendant.  Once the defendant is served, the court must issue a Rule 16(b)Scheduling Order within 90 days, as opposed to the previous 120.  Everything has been expedited. This is significant because the Rule 26(f) (known by many as the “meet and confer”) requirement is tied to this date as well as the commencement of discovery.  Meaning, the new rules have accelerated the first few stepping stones of the litigation process by as much as one to two months. Ultimately, litigants will be required to disclose experts and respond to expert discovery sooner.  For plaintiffs and defendants alike, case strategy, themes and expert opinions will need to be formulated and forged much sooner. If you’re working under a ticking expert clock, we’re here to help.

Stronger

Do you believe the previous “reasonably calculated to lead to the discovery of admissible evidence” was a weak standard?  It appears the Supreme Court did, or at least they believe the standard was too often used to expand the permissible scope of relevant evidence, which was not the intent. The new Rule 26(b) defines discoverable evidence as that which is: a) relevant (simple as that ─ it must be relevant) and b) “proportional to the needs of the case.”  While the latter may seem a little loose, it likely will create a stronger resistance to outlandish, burdensome, disproportional discovery requests, such as “all emails sent within your entire corporate infrastructure since 2004.”  Interestingly ─ while we’re on this topic ─ in the ESI (electronically-stored information) department, the new Rule 37(e) also provides a stronger, more uniform standard for sanctions available if a party fails to properly preserve ESI.  The Committee notes suggest excessive effort was being exerted to preserve ESI once litigation commenced and too much litigation time was spent fighting over arguably-applicable sanctions for failure to preserve ESI.  The new rule allows the court to award curative measures only upon a finding of 1) failure to preserve ESI and 2) prejudice. In addition, the sanctions must be “no greater than necessary to cure the prejudice.”  This is definitely a cleaner, stronger standard that will hopefully lead to less costly and less frequent ESI disputes.

More Stringent

“I have a patent and you infringed it.”  Previously, under Form 18 ─ “Complaint for Infringement” ─ in the FRCP Appendix of Forms, this bare-bones allegation was all you needed to file a complaint for patent infringement.  However, the new rules amendment to Rule 84 has abdicated the Appendix of Forms and while the Committee has clearly stated its intent that this abdication “does not alter existing pleading standards,” it seems many IP attorneys can see the writing on the walls.  If there is no longer a sanctioned form that permits such bare-bones allegations, many believe IP complaints will now need to meet the “plausibility” requirements of the Supreme Court’s long-standing Iqbal and Twombly precedent.  Only time will tell, but IP attorneys should anticipate more motions to dismiss under the plausibility standard and the need to file more detailed complaints for patent infringement.

© Copyright 2002-2015 IMS ExpertServices, All Rights Reserved.
  • See more at: http://www.natlawreview.com/article/new-federal-rules-civil-procedure-3-must-read-changes#sthash.ZGTZHxxb.dpuf

EEOC Sues McDonald’s for Disability Discrimination

mcdonalds logoFast Food Giant Denied Sign Language Interpreter for Deaf Applicant

KANSAS CITY, Mo. — McDonald’s Corporation and McDonald’s Restaurants of Missouri violated federal law by refusing to accommodate and hire a deaf applicant, the U.S. Equal Employment Opportunity Commission (EEOC) charged in a lawsuit filed today.

According to the suit, Ricky Washington, who is deaf, applied online for a job at a McDonald’s restaurant in Belton, Mo. in June 2012. Washington indicated on his application that he attended Kansas School for the Deaf. Washington also said he had previous job experience working as a cook and clean-up team member at a McDonald’s restaurant in Louisiana in 2009. When the Belton restaurant manager learned Washington needed a sign language interpreter for his job interview, she canceled the interview and never rescheduled it, despite Washington’s sister volunteering to act as the interpreter. Restaurant management continued to interview and hire new workers after Washington made several attempts to schedule an interview.

Such alleged conduct violates the Americans with Disabilities Act of 1990 (ADA), which prohibits discrimination against people with disabilities in employment and requires employers to make reasonable accommodations for job applicants so they will have equal opportunities during the application process. EEOC filed its lawsuit (EEOC v. McDonald’s Corporation, et al, 4:15-cv-01004-FJG) in U.S. District Court for the Western District of Missouri after first attempting to reach a pre-litigation settlement through its conciliation process. EEOC seeks back pay, compensatory and punitive damages, and injunctive relief, including training for all McDonald’s managers on accommodations for applicants with disabilities, particularly those who are deaf.

EEOC St. Louis District Director James R. Neely, Jr. said, “Removing obstacles in the hiring process for people with disabilities is a national priority for EEOC. All employers, but especially large ones, should join with the agency to make sure everyone has equal access to the employment process.”

“People with disabilities have one of the highest unemployment rates in the country,” added EEOC Regional Attorney Andrea G. Baran. “Providing equal employment opportunities to all job applicants – including those with disabilities – is not just the law, it is good for our economy and our workplaces.”

According to company information, McDonald’s is a global fast food provider that serves over sixty-nine million customers per day in 100 different countries.  The Belton, Mo. restaurant is owned and operated by the corporation’s world-wide headquarters in Oak Brook, Illinois.

Eliminating barriers in recruitment and hiring is one of six national priorities identified by EEOC’s Strategic Enforcement Plan (SEP).

The St. Louis District Office oversees Missouri, Kansas, Nebraska, Oklahoma and a portion of southern Illinois.

EEOC is responsible for enforcing federal laws prohibiting employment discrimination.

The original content can be viewed here.

© Copyright U.S. Equal Employment Opportunity Commission