Leveraging Your Microsoft Assets in this Remote Access World

The COVID-19 pandemic has led to an enormous increase in remote work. Organizations without remote access capabilities have adapted and implemented new solutions, while organizations with existing solutions have been forced to evaluate new capacity requirements and scale their solutions accordingly. You may be surprised to learn that your existing Microsoft assets include functionalities for remote access, and you can get rid of redundant or more costly solutions. Your Microsoft subscription, license, operating system, software, service, etc. should all be reviewed in some capacity at this time.

“In recent years, Microsoft has made a multitude of investments and changes to its portfolio and offerings,” says Scott Riser, Director of Microsoft and Data Management Services at Plan B Technologies, Inc. (PBT). “Some of these changes are quickly noticed during renewals or annual reviews, such as Microsoft Server Operating Systems licensing. However, many changes have happened ‘in the background’ and could easily be missed by organizations,” Riser says. “Make sure you’re taking advantage of your existing Microsoft assets, and know your entitlements – especially now.”

Most of these changes go beyond the typical Microsoft portfolio of Office products and Operating Systems. Microsoft has placed significant focus in the areas of security, video and audio conferencing, VOIP, virtual desktop, artificial intelligence, and cloud computing. Many of these Microsoft assets, which are likely already in your organization, are gaining additional functionality for your remote workforce. This can be done with minimal management overhead and reduced implementation costs over competitive third parties. So how do you ensure that your organization is properly leveraging its current Microsoft assets?

Know What You Have

Leveraging Microsoft assets to the fullest starts with knowing what your organization has purchased, and to what it is entitled. This goes beyond Microsoft assets alone and a full inventory of software, services, and features within your environment should be performed sooner rather than later. This full evaluation serves three purposes. First is that of an internal audit to ensure your organization has the proper number of licenses for each product and to correct licensing infractions before you incur hefty true-up costs or additional licensing fees. The second purpose is educational, as it provides technical staff and administration an understanding of the entitlements each software or service provides. This is particularly valuable since Microsoft 365 cloud subscriptions now include licenses for some on-premise systems. The third purpose of this evaluation is to identify overlaps in features and functionality among products to lower costs, simplify management of the environment, and promote productivity.

Failure to perform a review of current entitlements can result in a significant overspend and an overly complicated environment that is more difficult to manage. For example, your organization could be using a third-party Multi-Factor Authentication (MFA) provider when an already purchased Microsoft subscription has MFA built in, or you may have purchased an MDM solution that overlaps with an existing entitlement to System Center and Windows Intune.

With information from these internal audits, organizations are better suited to make impactful decisions while controlling cost. Once your organization understands what it is entitled to within your existing environment, you must then determine situational awareness for future planning and sustainability. Items that should be included in planning for the future include (but are not limited to) security, management, user workflow and communication.

Secure the Environment

If your workforce is now remote, has your organizational data gone remote as well? Now that most organizations have been required to provide users with remote access, either through Virtual Desktop infrastructure (VDI), cloud-based applications or internet portals, the attack surface for exploitation by bad actors has never been larger. This puts organizations at greater risk of a security breach. Knowing this, Microsoft has invested billions of dollars to protect their product offerings and combat cyber criminals.

Microsoft now has a full portfolio of security offerings, and buildings full of teams dedicated to securing their services and platforms as well as assisting criminal investigations. User identity has become the new perimeter for data as organizations move to cloud-based technologies and a remote workforce. This has been the case for years as VPNs and firewalls have limited preventive impact when a bad actor has credentials to access them. Microsoft has been active in making user identity more secure with easily implemented tools and access policies while also integrating artificial intelligence and improved reporting. These products and features include Windows Hello, Azure Multifactor Authentication, Conditional Access, Credential Guard, and User Sign-in Risk Reporting/Alerting amongst others.

Identity of course is only one attack vector that can be exploited. Therefore, it is essential to secure end user devices and the infrastructure where data is located. Microsoft Defender and Advanced Threat Protection (ATP) is ideally suited to protect servers and end user devices when implemented properly. Plus, it’s included in many Microsoft 365 subscriptions.

“In the past, Defender has received a stigma of being unreliable and faulty,” says Scott Riser, “but Defender has since become one of the most reliable pieces of security software available today. Why? According to Microsoft, over 1 billion devices are currently running the Windows 10 operating system, providing trillions of telemetry data points to continuously improve all Microsoft security services. And as a result, Microsoft has the largest security footprint in the world.”

The data provided by Defender from these devices is reported to artificial intelligence algorithms as well as Microsoft security teams to patch security flaws and update anti-virus definitions at unparalleled levels in the industry. It is also important to note that Microsoft Server Operating systems utilize Defender and the Defender platform can be upgraded to Defender ATP software to enhance built-in capabilities and provide additional security for on-premise data.

With an increasingly remote workforce, many organizations have moved their data to Exchange Online, SharePoint Online, and OneDrive for Business. Microsoft has built-in security solutions for these platforms as well. Depending on the Microsoft subscription that you’ve purchased, Exchange Online Protection, Azure Information Protection, Microsoft Advanced Threat Protection and Azure Advanced Threat Protection, can all be utilized to secure data stored in these locations. Furthermore, Microsoft understands that some organizations require more control over their data and systems in Infrastructure as a Service solutions such as Azure and AWS. For this, a combination of Defender ATP and Azure Sentinel can provide real time analytics and automated responses for detected breaches based on custom workbooks in a pay-as-you-go model.

All these security measures protect against bad actors attempting to breach an organization’s data. This of course does not protect an organization from internal threats, such as disgruntled employees or the inevitable human error. Organizations must now secure data from exfiltration which is not as simple as preventing all data from leaving the organization. The problem is more nuanced. A full lockdown, though simpler, would prevent your organization from essential collaboration with its staff and clients. Failing to protect data internally may result in proprietary data inadvertently shared with a client, or competitor, or being lost entirely. In healthcare and financial services, it can result in a loss of personal identifiable data, or banking information, which carry hefty fines from regulatory bodies.

Microsoft Data Loss Prevention (DLP) is the solution to this issue. With DLP, custom policies can be defined by an organization to determine data that should not leave the organization. It can also remind a user to review data being sent as it could possibly be confidential. DLP continues to gain traction in Microsoft 365 settings as the need to protect cloud-based collaboration platforms such as Teams and OneDrive grows. DLP can also be implemented in some areas of on-premise infrastructure. Exchange has built-in DLP features that often go overlooked. Organizations tend to use Mimecast, Proofpoint, and other third-party vendors for these solutions while the built-in functionality remains unconfigured.

Device Management and Compliance

Another challenge of a remote workforce is the ability to maintain and manage devices, both corporate-owned and user-owned. Multiple organizations have made significant investments in System Center Configuration Manager (SCCM), only to find that policies and updates have not applied to end user devices unless they are on the network or connected via a VPN. Organizations can expand their SCCM environment to include cloud distribution and management points for devices that are not on-premise.  But this is not always an ideal solution as it requires additional infrastructure and configuration with SCCM. This has led to a rise in the use of Mobile Device Management and Mobile Application Management solutions such as Microsoft Intune. Through co-management, organizations can continue to utilize SCCM in conjunction with Intune for management of all devices regardless of corporate connectivity. This was further emphasized by the recent integration of the license offerings to provide Intune subscriptions for those with SCCM Client licensing and vice versa.

Collaboration and Communication

Securing and managing a remote work environment is important but ensuring users can communicate and collaborate on work that was previously performed in the office is one of, if not the biggest, challenges. Daily interactions between corporate users should be considered since the ability for face to face interaction through office meetings, business lunches, and other personal touches has significantly declined. These interactions are now being held through chat programs and conference calls. External communication is one of the primary reasons that Microsoft is still considered the industry leader for collaboration software with many companies utilizing the Microsoft Office suite.

A frequently overlooked solution included in your Microsoft 365 subscription is Microsoft Teams which provides instant messaging, document collaboration and audio/video teleconferencing. Furthermore, Microsoft Teams is integrated with and supported by other Microsoft products. It’s also governed by Advanced Threat Protection and Data Loss Prevention services to provide a more secure platform than its competitors with minimal (if any) additional investment. Microsoft Office can be customized based on the needs of the user and can easily be secured and managed when used in combination with other Microsoft offerings.

Getting the Results

Challenges continue to present themselves as users work remotely and organizations refine how they operate. With a vast majority of organizations utilizing Microsoft products in some way, it is important that entitlements are understood to reduce costs and complexities. Organizations can improve their return on investment (ROI) or make new investments once this is understood. Leveraging Microsoft service offerings can be optimized beyond the traditional use of Office products and Operating Systems, to provide a secure, managed, agile, and accessible environment for users regardless of their location. The result will be a streamlined, cost effective, collaborative environment that strengthens your organization’s bottom line.


© 2020 Plan B Technologies, Inc. All Rights Reserved.

For more on technological solutions for law firms and other industries, see the National Law Review Law Office Management section.

To Reverify or Not: Form I-9 and Lawful Permanent Residents

On Friday, May 15, the U.S. Department of Homeland Security (DHS) issued a notice clarifying to employers that they cannot reverify Lawful Permanent Residents (LPRs) who presented evidence of permanent residence status that was unexpired at the time of the employee’s initial Form I-9, Employment Eligibility Verification, regardless of later expiration. While employers were never required to reverify LPRs, there has long lacked specific instruction on this, leading many involved in human resources across Pennsylvania and New Jersey to conduct reverifications of LPRs in violation of federal law.

What is Form I-9?

Form I-9, Employment Eligibility Verification (“Form I-9”), is used to:

verify the identity and employment authorization of individuals hired for employment in the United States.” All employers in the United States must are required to implement procedures for the use of Form I-9 that ensure its proper completion for each individual that is hired for employment in the United States—citizens and noncitizens alike.

Federal law requires employers to “allow employees to choose which document(s) they will present from the Lists of Acceptable Documents” that is included with Form I-9. As the DHS M-274, Handbook for Employers, notes, in “Section 1, an LPR may choose to present a List A document (such as Form I-551, Permanent Resident Card, commonly referred to as a Green Card) or a List B and C document combination (such as a state-issued driver’s license and unrestricted Social Security card).”

LPRs are issued a Form I-551, Permanent Resident Card (LPR Card) as evidence of permanent resident status. If an individual is an LPR and presents a valid LPR Card when completing Form I-9, the LPR Card is deemed a sufficient “List A” document, thereby rendering successful the employer’s verification of the individual’s identity and ability to work in the United States. An employee need not present any further evidence. Acceptable LPR Cards include:

  • Those issued from January 1977 to August 1989 that have no expiration date;
  • Currently unexpired, but with 10-year expiration dates; and
  • Currently unexpired, but with 2-year expiration dates.

To Reverify or Not to Reverify?

The DHS notice informs that employers who successfully complete the Form I-9 verification process with an LPR Card that either did not have an expiration date or was a 10- or 2-year LPR Card that was unexpired at the time of verification must not seek to reverify the employee in the future even if the LPR Card later expires.

However, when an individual that is an LPR presents the following to an employer during the Form I-9 verification process, it is necessary to reverify:

  • Expired LPR Card and Form I-797, Notice of Action (which is issued when an individual applies to renew an LPR Card), that indicates the LPR Card’s validity has been extended. Employers should consider these documents as acceptable “List C” evidence, requiring reverification at the end of the extension period. Note that the employee must still present a valid, unexpired “List B” document to satisfy the initial Form I-9 verification.
  • Form I-94 or Form I-94A, Arrival-Departure Record, containing an unexpired temporary I-551 stamp and a photograph of the individual. When presented, these documents are acceptable “List A” evidence. Employers must conduct a reverification no later than when the I-551 stamp expires, or one year after the issuance of Form I-94 or Form I-94A, Arrival-Departure Record, should the record not indicate an expiration date.
  • Current foreign passport with a photograph and either a temporary I-551 stamp or I-551 printed notation on a Machine-Readable Immigrant Visa. Additionally, if the current, foreign passport is, in the rare instance, endorsed with “CR-1,” rather than an I-551 stamp, the employer is reminded that the “CR-1” endorsement is the equivalent of an I-551 stamp. Employers must conduct a reverification when the I-551 stamp or I-551 printed notation on the Machine-Readable Immigrant Visa expires. If there is no expiration date listed, the reverification must occur no later than one year from the date that the I-551 was stamped or “CR-1” was endorsed in the foreign passport.

©2020 Norris McLaughlin P.A., All Rights Reserved

For more on employment verification, see the National Law Review Labor & Employment law section.

Department of Banking and Insurance Mandates Insurance Premium Refunds

On May 12, 2020, the New Jersey Department of Banking and Insurance issued Bulletin No. 20-22.  As a result of the COVID-19 pandemic and the resulting reduction in loss exposure for insurers, the Department has ordered insurers to make an initial premium refund or other adjustment for certain specified lines of insurance.  Premium refunds are required for the following types of insurance: (1) medical malpractice insurance; (2) commercial liability insurance; (3) commercial multiple-peril insurance; (4) workers compensation insurance; (5) commercial automobile insurance; (6) private passenger automobile insurance; and (7) any other line of coverage where the measures of risk have become substantially overstated as a result of the COVID-19 pandemic.

The premium refund may be provided as a premium credit, a reduction in premium, a return of premium, dividend, or other appropriate premium adjustment.  The premium refunds must be implemented “as quickly as practicable,” but in no event later than June 15, 2020.

Insurers may also provide additional premium relief to individual policyholders on a case-by-case basis for recent, current, and upcoming policy periods or any portion thereof.  Examples of reclassifications set forth in the Bulletin include, but are not limited to: (1) reclassifying a personal automobile exposure from “commute use” to “pleasure use”; (2) reclassifying a physician practice to part-time status; or (3) excluding payroll for employees who are being paid but not actively working.

Insurers are required to notify each affected policyholder no later than June 15, 2020 regarding the amount of the refund or adjustment.  In addition, insurers are required to provide an explanation of the basis for the adjustment, including a description of the policy period that was the basis of the premium refund and any changes to the classification or exposure basis of the affected policyholder.

While the across the board initial premium refunds referenced above will not require any action by individual policyholders, businesses and individuals should review their current and projected activities and reach out to their insurer to see if there is an opportunity for an additional “case-by-case” premium reduction.  For example, if a physician practice has reduced hours for its physicians so that all physicians are working part-time, this may provide the opportunity for a further reduction in medical malpractice premiums.

The text of the bulletin can be found here.

 


© 2020 Giordano, Halleran & Ciesla, P.C. All Rights Reserved
For more on COVID-19s effects on Insurance, see the Insurance Reinsurance and Surety section of the National Law Review

Immigration and Compliance Briefing: COVID-19 Summary of Government Relief and Potential “Public Charge Rule” Impact on Nonimmigrant and Immigrant Visa Applications

Public Charge Rule

The “Public Charge Rule” implemented by the Department of Homeland Security (“DHS”) on February 24, 2020 mandates that certain individuals applying for U.S. immigration status are generally inadmissible into the U.S. if they are found likely to become a public charge at any time. Individuals inside or outside the U.S. who seek to either obtain Lawful Permanent Resident status (apply for immigrant visas and “green cards”) or to extend or change nonimmigrant status (temporary visas) must now demonstrate that they have not received public benefits, or have received limited public benefits, with some exceptions. This requires individuals to provide with their applications for immigration status additional detailed information regarding finances (such as income, assets, credit scores, bank accounts, taxes, debts, etc.). Public benefits received prior to February 24, 2020 will not weigh heavily against these individuals. Immigration case impact and processing trends are still being determined given the fairly recent implementation of the Public Charge Rule.

Available guidance notes that public benefits considered for a public charge determination include, but are not limited to, the following: any federal, state, local, or tribal cash assistance for income maintenance. Examples include Supplemental Security Income (SSI) and Cash Temporary Assistance for Needy Families (TANF), Supplemental Nutrition Assistance Program (SNAP), Section 8 Housing Assistance & Project-Based Rental Assistance, Public Housing; and Medicaid. In contrast, the following are not considered for a public charge determination: tax credits; unemployment benefits; disaster relief assistance; certain forms of nutritional support, including Special Supplemental Nutrition for Women Infants and Children (WIC) and school breakfast and lunch; and certain Medicaid benefits, including emergency medical care, school-based services and benefits, and Medicaid for individuals under 21 years of age.

As a reminder, many non-immigrants (temporary visa holders) are not eligible to receive public benefits. Eligibility for public benefits depends on immigration status, age, and other factors. Use of public benefits to which an individual is not entitled may have adverse immigration consequences beyond the public charge determination. All individuals should carefully review eligibility criteria prior to applying for and/or using public benefits.

COVID-19 Relief Measures

In response to COVID-19, the federal government has enacted broad economic relief policies. These measures include direct financial aid to families through tax credit rebates, expanded unemployment benefits and new relief programs as well as indirect aid through increased federal funding for businesses and healthcare providers. Generally, the use of disaster relief assistance will not impact a public charge determination for individuals seeking immigration benefits. However, the use of public benefits during COVID-19 can still be considered in the public charge analysis.

Healthcare Measures

Federal legislation passed in response to COVID-19 provides additional federal funding for COVID-related testing and treatment, including increased funding for Community Health Centers and for testing and treatment of uninsured and underinsured individuals. USCIS is encouraging anyone experiencing COVID-19 symptoms to seek medical treatment and/or preventative care. Seeking testing, prevention, or treatment of COVID-19 will not factor into a public charge determination for purposes of seeking an immigration benefit, even if the testing/prevention/treatment is federally funded. However, eligibility for Medicaid has not changed, and enrollment in Medicaid during COVID-19 may still be used as a factor for determining an immigration benefit under the Public Charge Rule.

Stimulus Bill Rebate Payments

The CARES Act authorized the federal government to issue one-time tax credit rebate payments to certain taxpaying individuals and households, including certain temporary nonimmigrants. Depending on income, eligible individuals can receive up to $1,200 while eligible households can receive up to $2,400. In addition, eligible individuals with children can receive $500 per dependent child under 17 years of age.

The rebate payments authorized by the CARES Act are considered tax credit payments, which will not factor into a public charge determination.  However, note the following:

  • Eligibility for tax-credit rebate payments depends on filing 2018 and/or 2019 taxes and tax residency status and requires all recipients to possess a valid social security number with limited exceptions for certain military households and adopted dependent children. This means that many mixed-status families (families with individuals in different immigration statuses) may not be eligible for the stimulus check.
  • Receiving tax credit payments in error may lead to an individual or household owing taxes, which could be used in a public charge determination for purposes of seeking an immigration benefit. It is very important that any individual receiving a tax credit rebate check ensure that they are in fact eligible to receive it.

Food and Nutritional Assistance

The Families First Act authorizes states to provide supplemental SNAP benefits to SNAP households and creates a new program, Pandemic EBT (“P-EBT”), authorizing states to provide meal assistance to children who are out of school due to COVID-19 and who would otherwise receive free or reduced school lunches. P-EBT is considered disaster relief assistance and will not factor into a Public Charge determination. However, eligibility for SNAP has not changed and enrollment in SNAP may still be used as a factor for determining an immigration benefit under the Public Charge Rule.

Unemployment Benefits

When individuals become unemployed through no fault of their own, they may qualify for relief through unemployment benefits. Unemployment benefits pay out a portion of an individual’s prior income while the individual is unemployed, and are administered by states with oversight from the Department of Labor (DOL). The benefits program is funded through taxes paid by employers. Although the federal government has set a few eligibility requirements, states are largely able to determine their own individual eligibility criteria and benefit levels for basic unemployment benefits.

While eligibility requirements for unemployment benefits vary by state, generally someone must be considered “able and available to work” before s/he is eligible to collect unemployment benefits. Since many temporary nonimmigrant work visas (such as H-1Bs and L-1s) require employer sponsorship prior to employment authorization, most people with these types of visas are not considered to be able and available to work. Individuals with other types of work authorization, such as an unrestricted EAD (Employment Authorization Document), may be eligible for unemployment benefits.

The CARES Act expands on basic unemployment benefits through three programs: Pandemic Unemployment Compensation (PUC), Pandemic Emergency Unemployment Compensation (PEUC), and Pandemic Unemployment Assistance (PUA). These programs increase coverage and availability, but eligibility criteria are still determined by individual states.   Some states have temporarily waived eligibility requirements due to COVID-19, including the able and available requirement. This waiver may expand the types of non-U.S. workers who qualify for unemployment benefits in those states. Additionally, some states have waived waiting periods and increased payments.

Unemployment benefits are considered earned benefits and will not factor into a public charge determination.

SBA Loans

COVID-19 relief packages provide funding for small businesses in the form of loans, interest relief for certain loans, and waivers of certain fees.  Certain non-U.S. citizens who own or share ownership in qualifying businesses may apply for an SBA (Small Business Administration) loan.

SBA loans are unlikely to impact a public charge determination because generally disaster relief programs are not considered in the analysis. Also, an SBA loan is granted to a company rather than to an individual, while a public charge determination focuses on an individual

Given that this is a rapidly changing situation, please also refer to the following online resources, and be sure to review the “last updated” date:


© 1998-2020 Wiggin and Dana LLP

For more on the public charge rule, see the National Law Review Immigration law section.

Sellers Beware – The COVID-19 Pandemic Has Opened the “Price-Gouging” Pandora’s Box

As the Covid-19 emergency goes on, both federal and New Jersey authorities have begun to enforce anti-price gouging and anti-hoarding provisions of federal and state law. A wide range of businesses, including but going beyond the sellers of medical equipment, should be aware of the limits imposed by these statutes and the dangers posed by enforcement.

A.        The New Jersey Consumer Fraud Act

As has been widely reported in the media, the State of New Jersey is aggressively enforcing the anti-price gouging provisions of the Consumer Fraud Act, N.J.S.A. 56:8-107 through 109, during the current coronavirus emergency. Enforcement of the statute by the Division of Consumer Affairs or by private civil action under the Consumer Fraud Act poses a risk to the sellers of a broad variety of goods. However, it also poses a potential remedy for business purchasers for end use whose ordinary supply chain has been disrupted by the emergency.

During a state of emergency declared by the Governor, N.J.S.A. 56:8-109 declares it to be an “unlawful commercial practice” for any person to sell or offer for sale “any merchandise which is consumed or used as a direct result of an emergency or which is consumed or used to preserve, protect, or sustain the life, health, safety or comfort of persons or their property for a price that constitutes an excessive price increase.”  In turn N.J.S.A. 56:8-108 defines an “excessive price increase” as more than 10 percent greater than the seller’s price in the usual course of business immediately before the declaration of emergency, unless the price increase is attributable either to the seller passing through increased prices from its supplier or costs imposed by the emergency. In that case, the statute defines an excess price increase as an increase of more than 10 percent beyond the seller’s customary pre-emergency markup.

The statutory language sweeps broadly and may be applied to price increases of almost any product where demand has increased or the supply chain has been disrupted by the coronavirus emergency. A recent news story reports that more than 3,600 complaints of alleged price-gouging have been made to the Attorney General’s Division of Consumer Affairs, against more than 2,100 business, involving not only medical supplies but food and commodities in short supply like toilet paper and disinfectants. The Division is urging the public to remain “vigilant” and is actively soliciting complaints on its website. As it investigates complaints, the Division is issuing subpoenas for the seller’s pre-emergency and current cost, price and markup information. The defense of passing through increased costs requires the seller to document both higher charges from suppliers and other costs, such as hazard pay for employees, imposed by the emergency.

Penalties for violation of the Consumer Fraud Act include civil penalties of up to $10,000 for a first offense. There are additional penalties if the violation was directed against senior citizens or persons with disabilities. In addition, the Attorney General may obtain an injunction against future violations. The courts may order restitution to consumers of money obtained in violation of the Act, and twice the amount obtained in the case of senior citizens. Failure to make restitution as ordered is punishable as contempt of court.

In addition to the enforcement powers of the Attorney General, N.J.S.A. 56:8-19 gives any person who has suffered an “ascertainable loss of moneys or property . . . as a result of any practice declared unlawful” under the Consumer Fraud Act as amended or supplemented a private right of action to recover treble damages and attorneys’ fees, either directly or as a counterclaim in a suit by the seller. No reported decision decides whether this private right of action would apply to a violation of the Act’s anti-price gouging provisions, but it is reasonable to anticipate that creative counsel are contemplating private class actions on behalf of retail purchasers.

The private right of action under the Consumer Fraud Act extends not only to individual consumers but to businesses that purchase supplies or equipment for use in the business. Hospitals, medical practices and other large scale purchasers of supplies and equipment affected by the coronavirus emergency may wish to explore that possibility.

B.        The Federal Defense Production Act

The Korean War vintage Defense Production Act (“DPA”) gives the President broad powers to direct the production of essential goods and to prioritize their distribution during periods of declared national emergency. Section 101 of the DPA, 50 U.S.C. § 4511, authorizes the President or his delegate to designate goods as scarce materials critical to the national defense. Section 102 of the Act, 50 U.S.C.§ 4512, the anti-hoarding provision, prohibits any person from accumulating “1) in excess of the reasonable demands of business, personal, or home consumption, or (2) for the purpose of resale at prices in excess of prevailing market prices, materials which have been designated by the President as scarce materials or materials the supply of which would be threatened by such accumulation.”  Designations are required to be published in the Federal Register. Section 103 of the DPA, 50 U.S.C. § 4513 makes the violation of § 102 a federal crime subject to a $10,000 fine and one year imprisonment. In addition § 706, 50 U.S.C. § 4556, authorizes the federal courts to enjoin violations of the DPA at the suit of the government. Other provisions, not relevant here, authorize the government to provide incentives and subsidies to increase production of essential goods.

The DPA is based on the War Powers Acts of World War II. It is designed to authorize the kind of command economy in place during that war, in which the armed forces were the sole end user, the government controlled production by placing contracts, fixing priorities and allocating raw materials, and the government directly controlled prices in the civilian market. It empowers the federal government to become the sole buyer and allocator of materials critical to the national defense. However, the President has chosen not to take the responsibility for centralized purchasing and allocation of critical medical supplies. Instead, the federal government has decided to allow states and other end users to compete for limited resources while using the DPA’s criminal provisions to try to curb the more egregious examples of exploitation.

On March 23, 2020, the President issued Executive Orders 13909 and 13910, which invoke his authority under DPA § 101 to declare ventilators and medical personal protective equipment as scarce materials critical to the national defense. Under authority designated by the Executive Orders, on March 25, 2020 the Secretary of Health and Human Services designated a variety of masks, gloves, gowns, face shields and other personal protective equipment, as well as respirators, sterilization materials, and ventilators as scarce materials subject to the anti-hoarding section of the DPA.  The designation was published in the Federal Register at 85 FR 17592 (Mar. 30, 2020). It enumerates the types of short-supply equipment but does not provide guidance as to what constitutes accumulation in excess of reasonable demand for consumption or what prices are considered in excess of the prevailing market price.

The Department of Justice has created a joint federal-state anti-hoarding task force under the leadership of the United States Attorney for the District of New Jersey, and several criminal prosecutions of alleged hoarders have been instituted. However, the prohibitions in DPA § 102 of accumulation “in excess of reasonable demands” for the holder’s consumption or for resale at a price “in excess of prevailing market prices” appear to impose a rather vague standard of criminal liability, and there do not appear to be any reported decisions interpreting them. Unlike the New Jersey statute, there is no definite markup that would be allowed.

DPA § 104, 50 U.S.C. §4514, prohibits the President from imposing wage or price controls without Congressional authorization. Perhaps for that reason, the government has not set permissible prices for short-supply equipment at any time since the HHS designation. Instead, the government is taking the position that prevailing prices are either prices in effect in January and February of 2020, before the coronavirus crisis began in the United States, or that they are “benchmark” prices of a major private manufacturer. Whether either of those standards provides fair advance notice sufficient to support criminal liability is, to say the least, contestable.

In addition, the government’s position appears to criminalize what may be entirely legitimate economic activity. Experience has shown that there were large amounts of masks and other designated short-supply medical equipment scattered in pockets of inventory around the United States and abroad. Middlemen perform the valuable service of finding these supplies, marshaling them and making them available to end users. That takes effort, which will not be undertaken without the prospect of compensation. Unlike the New Jersey statute, the DPA does not on its face recognize the costs incurred by accumulators to obtain otherwise unavailable goods, either those passed through from upstream sellers, the expenses of search, or reasonable compensation for the effort involved.

In conclusion, the government has not used the Defense Production Act to set prices directly. Its criminal anti-hoarding provisions  are a very blunt instrument for regulating economic activity in a time of shortage, especially because the federal government is not acting as the sole buyer or allocator of goods or fixing prices but is instead requiring end users of short-supply equipment to compete against each other. These criminal provisions have never been tested in court, and they leave open the possibility of vigorous defense based on the lack of a clear standard of criminal liability, on the need to attract scarce goods into the market, and on the pass-through of legitimate costs incurred to do so, including a reasonable profit.


© Copyright 2020 Sills Cummis & Gross P.C.

For more on COVID-19 related price issues, see the National Law Review Coronavirus News legal section.

Temperature Screening: New Guidance From the CDC, FAQs, and Best Practices

With states beginning to ease stay-at-home orders, employers are formulating plans to return employees to the workplace. As part of this process, many employers are considering implementing regular employee temperature checks in an effort to keep employees safe. While this measure may have seemed unthinkable and fraught with risks even just a couple of months ago, we expect that health screenings, including temperature checks, will become increasingly prevalent in the workplace. In fact, just last week, the Centers for Disease Control and Prevention (“CDC”) issued guidance on how employers and businesses can safely conduct temperature checks. Key portions of that guidance are summarized below, along with a list of common questions and best practices employers should consider before requiring employees to undergo regular temperature checks.

1. Are employers required to screen employees’ temperatures before they enter the workplace?

The answer depends on the state(s) in which the employer operates.  Some states are now requiring employers to conduct regular temperature checks on employees.  For example, Colorado requires certain critical and noncritical businesses to conduct daily temperature checks and monitor employees’ symptoms, and employers with 50 or more employees at one location must implement stations for symptom screenings and temperature checks.  Other states such as Indiana require all employers to implement a COVID-19 response plan, which includes implementing a health screening process for employees that may include regular temperature checks.  Additionally, employers may be subject to different temperature check requirements based on industry.  For example, Washington requires construction contractors to screen all workers at the beginning of their shift by taking their temperature and asking them if they have symptoms.  Any worker found to have a temperature of 100.4 degrees or higher must be sent home.  That said, many states currently have no temperature check mandate, including–for now–Illinois (with limited exceptions such as certain health care and long-term care employees), giving many employers some flexibility to determine how best to screen employees for symptoms, if at all.  Employers should consult and keep a close eye on ever-changing state and local guidelines to determine if and when temperature checks are required.

2. Even if there is no state or local mandate, can employers still require employees to submit to routine on-site temperature checks as a condition of employment?

Yes, provided that temperature checks are administered safely, consistently and in a non-discriminatory manner.  The Equal Employment Opportunity Commission (“EEOC”) has issued guidance confirming that temperature checks are a permissible screening mechanism to use during the COVID-19 pandemic. However, to avoid discrimination claims, employers generally should not pick and choose who is subject to temperature screening unless it is part of a nondiscriminatory plan (e.g., screening only that portion of the workforce where social distancing measures may not be feasible, such as warehouses or manufacturing plants).  Note that if employers choose to screen every employee entering a facility, employers may need to conduct such checks on anyone entering the workplace–not just employees–to minimize the risk of discrimination claims and to reduce the risk of transmission.

3. What are the key CDC guidelines for conducting on-site temperature screenings?

The CDC outlines two options for on-site screenings. The first approach relies on barrier/partition controls and personal protective equipment (“PPE”) and the second approach relies exclusively on PPE.

Under the first approach, the screener stands behind a physical barrier, such as a glass or plastic window or partition.  Using disposable gloves, the screener checks the employee’s temperature by reaching around the partition or through the window.  It is critical that the screener’s face remain behind the barrier at all times during the screening.

Under the second approach, the screener uses a face mask, eye protection (goggles or disposable face shield that fully covers the front and sides of the face), disposable gloves and a gown (if physical contact with an employee is anticipated) when taking employees’ temperatures.

When conducting temperature checks on multiple employees, the screener should use a clean pair of gloves for each employee and ensure that the thermometer is thoroughly cleaned after each use.  If the screener is using a disposable or non-contact thermometer (i.e., non-contact infrared thermometers, tympanic thermometers, and thermal scanners) and he or she does not make physical contact with the employee, then the CDC states that the screener need not change his or her gloves after each check.

Under either approach, the CDC confirms that employees found to have a temperature of 100.4 degrees or higher should be sent home immediately and instructed to promptly contact their doctor.  Employers should follow up with employees who are sent home with additional information about any available benefits and return-to-work protocol.  The CDC further recommends that employees maintain social distancing when waiting for their turn to be screened, and to the extent possible, screening should take place before an employee enters the physical workplace.

The CDC guidance can be found here:  https://www.cdc.gov/coronavirus/2019-ncov/community/general-business-faq.html

4. How should the temperature screeners be selected and trained?

An obvious first choice for a screener is often a medical officer or nurse, if such an employee is available and on staff.  If not, employers should carefully select an appropriate screener, ensure that the individual is comfortable with the role, and consider providing such individual with additional compensation or hazard pay.  Alternatively, there are third-party vendors who now offer these types of services, though such vendors should be carefully vetted.  Finally, employers are even turning to robots or robotic arms to conduct screens in order to reduce the risk of exposure during the screening process.

No matter who is selected, screeners should be trained on how to safely complete temperature screens, the proper use and disposal of PPE, and maintaining employee privacy.  As a best practice, we recommend that employers retain a medical professional to train screeners on how to safely and effectively conduct a temperature check, or at a minimum, employers should consult a medical professional to provide and confirm such information.  We also recommend that screeners sign a document establishing the protocol, requiring confidentiality of employee medical information, and confirming that the individual has been informed of and consents to the risks of serving as a screener.

5. What kind of thermometer should be used?

As a practical matter, we strongly advise that employers use a disposable or no-contact thermometer to prevent the spread of the virus. In fact, without a disposable or contactless device, employers may want to consider abandoning temperature checks altogether (if doing so will not run afoul of state or local law) and instead rely on other screening measures.  The risk of inadvertently using a contaminated device may outweigh any potential benefits gained from implementing a screening protocol in the first place.

However, if an employer uses a sophisticated device, including robots, to screen employees’ temperatures, Illinois employers should be aware of yet another potential legal pitfall.  Some devices and robots rely on artificial intelligence, including in some cases, facial recognition capabilities.  Such equipment could implicate the Illinois Biometric Information Privacy Act (“BIPA”), which has strict notice, disclosure and consent requirements.  Employers should discuss these risks with counsel before using any such devices.

6. If employees are required to undergo a temperature screening before clocking into work, must the employer compensate them for that time?

In most cases, yes.  While the answer to this question may depend, in part, on state law, we generally recommend that employers compensate employees for any time spent waiting to be screened and participating in the screening process in order to comply with the Fair Labor Standards Act (“FLSA”) and state wage and hour laws.  Running afoul of these laws by not paying employees for otherwise compensable pre-shift activities can be much more costly in the long run than paying employees for the time spent in the screening process itself.

7. What are the privacy concerns related to temperature checks?

The Americans with Disabilities Act (“ADA”) requires employers to maintain the confidentiality of all information obtained through disability-related inquiries and medical examinations.  Temperature screening is a medical examination under the ADA. Accordingly, any information collected as part of the screening process must be treated as a confidential medical record and maintained separately from the employee’s personnel file.  It may be disclosed only in limited circumstances. Employers should also consider how to best protect the privacy of those employees who are found to have an elevated temperature and need to be sent home (e.g., allowing for an inconspicuous exit, private screening, drive-through screening, etc.).

8. What if an employee refuses to participate in on-site temperature checks?

As a general matter, employees can be required to undergo temperature checks as a condition of employment, and those who refuse to do so should be sent home.  Employers should communicate the requirements for temperature checks and the consequences for failing to cooperate in a clearly written notice or policy that is distributed to all employees in advance of the implementation of the screening protocol.  Employees who refuse to adhere to those requirements may be disciplined, provided that any such discipline is administered in a consistent and nondiscriminatory manner.  However, for a variety of reasons (including employee morale), employers should consider whether discipline is truly necessary.  The better option may be to simply send the employee home or deny them access to the workplace.  When in doubt, employers should consult counsel before implementing discipline.

9. Is fever alone a reliable indicator of COVID-19?

According to the medical community, no.  Unfortunately, an elevated temperature is not a definitive indicator of the illness, and an employee may be contagious even without a fever. For that reason, and as discussed further below, employers should consider implementing other screening mechanisms either in lieu of on-site temperature screening (if allowed under applicable law) or in addition to temperature screening.

10. If fever is not a reliable indicator of COVID-19, why are employers implementing temperature screening?

Employers are looking for concrete steps they can take to reduce the risk of exposure in the workplace.  Unlike most COVID-19 symptoms, body temperature can be objectively screened and verified.  While temperature screening will not effectively identify asymptomatic cases, it still has the ability to catch positive cases and help prevent a potential outbreak in the workplace.  In many instances, employers are implementing temperature screening in an attempt to alleviate employee anxiety.  Some employers are reporting that employees actually want to have temperature checks in place to know that their employer is taking meaningful, proactive steps to keep them safe.  In other words, temperature screening may be as much of an employee relations (and public relations) tool as it is a prevention mechanism. In weighing the decision to implement on-site screening, employers should consider whether employees will be comforted by the process of temperature checks or if it will instead stoke fear and panic.

11. How should employees be notified of on-site screening measures?

We recommend that employers provide employees with advance, written notice of temperature checks and any other screening measures.  The notice or policy statement should explain the basis and method for conducting the screening, the steps the employer is taking to protect employee safety and privacy, and the consequences for failing to comply.  To avoid a false sense of security, the notice should also make clear that just because someone does not have a fever does not necessarily mean that the person does not have the virus.  The notice should explain that many people who test positive for COVID-19 are asymptomatic, and that employees should continue to take appropriate precautions and self-monitor and report to the employer the presence of any other symptoms.

12. What are the alternatives to on-site temperature screening?

As discussed above, on-site temperature screening presents potential logistical and legal issues that may steer some employers away from taking such measures.  As an alternative to on-site temperature screening, many employers are instead considering and implementing some type of employee self-assessment or self-monitoring protocol.  This can be accomplished through completion of daily self-assessment and/or certification forms in which the employee is asked to self-report temperature, other symptoms, or potential exposure events.  Other employers are relying on a one-time policy document whereby employees acknowledge and agree that by reporting to work each day, they are certifying that they have no symptoms.  Some employers are even incorporating the daily certification into timekeeping software (without disclosing medical information).

According to the CDC, it is reasonable to ask employees to take their own temperature before arriving to work.  This helps reduce the risk that those who are experiencing symptoms of COVID-19 will expose others to the virus by traveling to or reporting to work.  Therefore, some employers may opt to have employees conduct their own temperature checks before arriving at work, which alleviates some of the logistical and legal concerns.  However, note that employers in some states, like California and Illinois, may need to foot the bill for supplying employees with thermometers needed to complete any such self-assessment.

Regardless of the approach taken, we believe that employers should implement some type of symptom screening mechanism, even if it is not an on-site temperature check. And if an employer does decide to conduct on-site temperature screening (or is required to do so by law), we believe temperature checks should be used in conjunction with other screening efforts such as requiring employees to identify other symptoms or potential exposure incidents.  In other words, temperature screening should be just one of many potential tools in the employer’s arsenal to combat COVID-19 in the workplace.


© 2020 Vedder Price

For more on the return to work after COVID-19 process, see the National Law Review Coronavirus News legal section.

3 Cyberattacks and 3 Practical Measures Lawyers Can Take to Protect Themselves

Hackers are targeting lawyers with cyberattacks, and coronavirus is making things worse. With the recent Covid-19 pandemic and the resultant remote work, hackers are exploiting lawyers with even greater intensity. The ABA Journal recently reported that “scams multiply during the COVID crisis.”

The Top 3 Cyber Attacks Targeting Law Firms

You’re probably displaced from your usual working space and feeling out of whack. That sets the stage for hackers to advantage of the confusion — and your home computer setup. You need to know the traits of the most common cyberthreats so you can identify a scam.

1. Phishing Email Scams

Hackers send phishing emails that impersonate a legit sender and fool the recipient into giving up information. Most phishing scams trick their victims into clicking on malicious URLs. These phishing links redirect the victim to fake sites — most commonly, the spoofed login pages to Office 365 and online baking — and capture their username and password. Now that the hacker has these credentials, they can legitimately access confidential data or withdraw funds.

In 2018, nearly 80% of law firms experienced phishing attacks, according to security research firm Osterman Research. As COVID-19 increases anxiety and the amount of emails in your inbox, hackers have taken advantage. In mid-March 2020, right as COVID-19 ramped up in the United States, hackers purported to be the World Health Organization (WHO). The phishing email asked the victim to open an attachment containing official information on protecting yourself from the coronavirus. Little did they know that opening this attachment downloaded a keystroke logger that records what’s being typed. Keystroke logging is typically used to capture even more login credentials so the hacker can access as many sites and services as possible.

For further details, learn how viral coronavirus scams are attacking computers and smartphones.

2. Ransomware

Ransomeware is one of four of the biggest cybersecurity risks law firms face according to Law Technology Today. This cyberattack is a type of malware that, once installed, denies access to a computer system or data. Typically, email attachments, “malvertising”, or drive-by downloads install ransomware onto devices. To regain access to the compromised device, the victim must wire funds to the hacker. Even if the ransom is paid, it’s not guaranteed that the hackers will restore system access.

3. Data Breaches

Data breaches result in the loss of confidential data or the unauthorized access of that data. They occur after hackers execute a successful phishing or ransomware attack, which are common entry point of a data breach. The loss of this data could have devastating consequences on a law firm. If clients feel that their privacy was violated in the breach, they might sue.

3 Practical Cyberthreat Solutions Law Firms

Law firms can take several practical measures to protect their systems and data. Safeguarding identity and access, encrypting data, and investing in cybersecurity software (if possible) for anti-phishing and anti-malware will lower the risk of a successful cyberattack.

1. Encrypt Data

Lawyers rely on email and document sharing to run their firm. As these documents and communications travel across the internet, they can be intercepted. But when data is encrypted, it is substantially harder for a hacker to intercept. A VPN (Virtual Private Network) encrypts data in a cost-effective, non-intrusive, and reliable way. Creating a secure “tunnel” between your computer and the internet, VPNs protect data using 256-bit encryption. This protocol is so secure that banks and the U.S. government use it to protect classified data.

2. Use Two-Factor Authentication (2FA)

If you’re in the 50% of people who use the same passwords for personal and work accounts, then take note. Weak and reused passwords increase your chances of experiencing a cyberattack. 2FA adds protection to your username and password, making it much harder to compromise your credentials. Think of 2FA as a dynamic, time-sensitive, secondary password.

2FA uses a password alongside a second one-time passcode that is sent to the employee’s device. Unless this code is submitted on the follow-up login screen in a timely manner, it will expire. If codes are not used, then biometric authentication such as a retina or fingerprint scan provide the second factor.

3. Investing in Intelligent IT systems

When dealing with high volumes of very confidential data, you can never be too confident of your online security. The odds are not in your favor: one in four organizations in the US will be breached. And recovering from a breach is pricy. Law firms lose, on average, $4.62 million dollars every data breach. If you worry about the expense of cybersecurity solutions, remember that other number.

You can spend money on anti-phishing, anti-malware, and data loss prevention tools. Or you can not spend the money and risk having to pay a ransom, deal with legal fees, reputational damage, and more. Although it’s a tough pill to swallow in the current economic landscape, preventative security is cheaper than dealing with a breach.

If you cannot afford a cybersecurity system at this time, just update your software whenever you receive a notification. This is the easiest and quickest way to secure your systems. Software updates come with security fixes that will patch any vulnerabilities in your system. Hackers are known to exploit old/known vulnerabilities. Take the time to vet your network or cloud service providers to see what precautions they have to protect your firm from cybercriminals.

You Must Anticipate Cyberattacks on Your Firm 

Law firms possess sensitive data that hackers would love to leverage. Using intelligent IT systems, updating software, encrypting data, and setting up two-factor authentication are the most effective ways that lawyers can protect their data while working remotely during the COVID-19 lockdown.


© Copyright 2020 PracticePanther

ARTICLE BY PracticePanther.
For more legal tech considerations, see the National Law Review Law Office Management section.

TransUnion to Seek Supreme Court Review After Ninth Circuit Finds Class Members Had Standing and Partially Upholds Punitive Damages Award

A hotly contested ruling in a Fair Credit Reporting Act (“FCRA”) class action case will soon be appealed to the Supreme Court of the United States.  The Ninth Circuit in Ramirez v. TransUnion LLC, Case No. 17-17244, recently granted the parties’ Joint Motion to Stay the Mandate, seeking to stay the Ninth Circuit’s mandate pending TransUnion’s filing of a petition for writ of certiorari in the Supreme Court.  The Motion to Stay comes soon after the court denied TransUnion’s Petition for Rehearing or Rehearing En Banc regarding the Ninth Circuit’s decision in Ramirez v. TransUnion LLC, 951 F.3d 1008 (9th Cir. 2020).

In Ramirez, the Ninth Circuit held for the first time that every class member in a class action lawsuit needs “standing” to recover damages at the final judgment stage.  The 8,185 member class alleged that TransUnion, knowing that its practice was unlawful, violated the FCRA by incorrectly placing terrorist alerts on the front page of consumers’ credit reports and later sending the consumers misleading and incomplete disclosures about the alerts and how to remove them.  The court held that each class member was required to, and did, have standing, even though the credit reports of over 75% of the class were not actually disclosed to a third party because TransUnion’s alleged violation of the consumers’ statutory rights under the FCRA, by itself, constituted a concrete injury.  The Ninth Circuit also found that the jury’s punitive damages award of 6.45 times the statutory damages award was unconstitutional, and reduced it to 4 times the statutory damages award.  The Ramirez decision is discussed in more detail here.

In its Petition for Rehearing, TransUnion claimed that the dissent had the correct view, and the majority’s decision “not only conflicts with Supreme Court teachings, but puts the Ninth Circuit on the wrong side of a lopsided circuit split.”  TransUnion argued that the class of consumers did not have standing for their FCRA claims unless their credit reports were disclosed to a third party.  TransUnion further alleged that the class should have been decertified because Ramirez, the named plaintiff, “was radically atypical of the class he purported to represent” since there was no evidence that any other class member’s credit report was disseminated.  Finally, TransUnion disputed the court’s punitive damages award because a reduction to 4 times the statutory damages award was not enough.  According to TransUnion, the Supreme Court requires, at a maximum, a punitive damages award “equal to compensatory damages . . . when compensatory damages are substantial.”

TransUnion concluded its Petition for Rehearing by stating:

It is no exaggeration to say that, for many class members, the first indication that they were injured at all will be when they receive a $4,925.10 check in the mail. That absurd result is the product of ignoring basic requirements of Article III, Rule 23, and due process.

As of the date this article is published, TransUnion has not yet filed its petition for writ of certiorari in the Supreme Court, but we will continue to monitor the case for updates.


Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.

For more on the Fair Credit Reporting Act, see the National Law Review Financial Institutions & Banking law page.

Israeli Bank to Pay $30 Million for FIFA Money Laundering Violations

In 2015, the world was shocked by well-documented revelations of widespread corruption and bribery within the Fédération Internationale de Football Association (“FIFA”). At the time, the full extent of the FIFA money laundering scandal was unknown. This month, that 2015 revelation and the subsequent investigation has led to Bank Hapoalim (“BHBM”), an Israeli subsidiary of Swiss bank Hapoalim Ltd. (“HBS”), to pay $30 million of forfeiture and criminal fines.

In an April 30, 2020 press release, Assistant Director in Charge William F. Sweeney of the FBI’s New York Field Office described the difficulty in interrupting and identifying large scale sophisticated financial crimes. “This announcement illustrates another aspect in the spider web of bribery, corruption and backroom deals going on behind the scenes as soccer games were played on the field,” Sweeney said. He further explained that “Bank Hapoalim admits executives looked the other way and allowed illicit activity to continue even when employees discovered the scheme and reported it.”

Chuck Blazer, an “insider” and a former top FIFA official, provided vital evidence relied upon by the United States in securing the indictments that served as a basis for allegations against BHBM. The key to unlocking the FIFA money laundering scandal is the long reach of U.S. anti-bribery and corruption laws, which allow any person, whether a U.S. person or not, to report international financial misconduct. Yesterday, the Department of Justice reported that Bank Hapoalim would forfeit over $20 million and pay nearly $10 million in fines as a penalty for almost five years of financial misconduct.

In 2015, the full extent of the fraud within the inner workings and financial institutions like BHBM and BHS that knowingly enabled these corrupt activities within FIFA remained undisclosed. BHBM’s admission that it conspired to launder money and did facilitate bribes to corrupt FIFA officials, and the resulting $30 million to be paid as a consequence, reinforces the value of whistleblower contributions in concrete terms. This case serves as ample evidence that backroom dealings around the world can be brought to light by brave individuals who are willing to share what they know with authorities.

Whistleblower laws are potent tools available to individuals regardless of nationality or citizenship. They also provide substantial monetary rewards. When information leads to a recovery, the whistleblower is entitled to a financial award of 10%-30% of the total recovery. Another critical component of the U.S. anti-fraud program is that whistleblowers can anonymously provide information and still recover the reward. In this case, a whistleblower could have a claim for almost $10 million of the funds paid by BHBM. Due to the strict rules regarding anonymity, the world may never know whether such a claim is paid. However, the possibility of such a significant award serves as an effective incentive to other potential insiders contemplating blowing the whistle on misconduct.


Copyright Kohn, Kohn & Colapinto, LLP 2020. All Rights Reserved.

For more on similar topics, see the National Law Review Criminal Law & Business Crimes section.

Patentablity of COVID19 Software Inventions: Artificial Intelligence (AI), Data Storage & Blockchain

The  Coronavirus pandemic revved up previously scarce funding for scientific research.  Part one of this series addressed the patentability of COVID-19 related Biotech, Pharma & Personal Protective Equipment (PPE) Inventions and whether inventions related to fighting COVID-19  should be patentable.  Both economists and lawmakers are critical of the exclusivity period granted by patents, especially in the case of vaccines and drugs.  Recently, several members of Congress requested “no exclusivity” for any “COVID-19 vaccine, drug, or other therapeutic.”[i]

In this segment, the unique issues related to the intellectual property rights of Coronavirus related software inventions, specifically, Artificial Intelligence (AI), Data Storage & Blockchain are addressed.

Digital Innovations

Historically, Americans have adhered to personalized healthcare and lacked the incentive to set up a digital infrastructure similar to Taiwan’s which has fared far better in combating the spread of a fast-moving virus.[ii]  But as hospitals continue to operate at maximum capacity and with prolonged social distancing, the software sector is teeming with digital solutions for increasing the virtual supply of healthcare to a wider network of patients,[iii] particularly as HHS scales back HIPAA regulations.[iv]  COVID-19 has also spurred other types of digital innovation, such as using AI to predict the next outbreak and electronic hospital bed management, etc.[v]

One area of particular interest is the use of blockchain and data storage in a COVID/post-COVID world.  Blockchains can serve as secure ledgers for the global supply of medical equipment, including respirators, ventilators, dialysis machines, and oxygen masks.[vi]  The Department of Homeland Security has also deemed blockchain managers in food and agricultural distribution as “critical infrastructure workers”.[vii]

Patentability

Many of these digital inventions will have a hard time with respect to patentability, especially those related to data storage such as blockchains.  In 2014, the Supreme Court found computer-related inventions were “abstract ideas” ineligible for patent protection in Alice v. CLS Bank.[viii]  Because computer-implemented programs execute steps that can theoretically be performed by a human being but are only automated by a machine, the Supreme Court concluded that patenting software would be patenting human activity.  This type of patent protection has long been considered by the Court to be too broad and dangerous.

Confusion

The aftermath of Alice is widespread confusion amongst members of the patent bar as well as the USPTO as to how computer-related software patents were to be treated henceforth.[ix]   The USPTO attempted to clarify some of this confusion by a series of Guidelines in 2019.[x]  Although well-received by the IP community, the USPTO’s Guidelines are not binding outside of the agency, meaning they are have little dispositive effect when parties must bring their cases to the Federal Circuit and other courts.[xi]  Indeed, the Federal Circuit has made clear that they are not bound by the USPTO’s guidance.[xii]  The Supreme Court will not provide further clarification and denied cert on all patent eligibility petitions in January of this year.[xiii]

The Future

Before the coronavirus outbreak, Congress was working on patent reform.[xiv]  But the long-awaited legislation was set aside further still as legislators focused on needed measures to address the pandemic.  On top of that, both Senator Tillis and Senator Coons who have spearheaded the efforts for patent reform are now facing reelection battles, making the future congressional leadership on patent reform uncertain.

Conclusion

Patents receive a lot of flak for being company assets, and like many assets, patents are subject to abuse.[xv]  But patents are necessary for innovation, particularly for small and medium-sized companies by carving out a safe haven in the marketplace from the encroachment of larger companies.[xvi]  American leadership in medical innovations had been declining for some time prior to the pandemic[xvii] due to the cumbersome US regulatory and legal environments, particularly for tech start-ups seeking private funding.[xviii]

Not all data storage systems should receive a patent and no vaccine should receive a patent so broad that it snuffs out public access to alternatives.  The USPTO considers novelty, obviousness and breadth when dispensing patent exclusivity, and they revisit the issue of patent validity downstream with inter partes review.  There are measures in place for ensuring good patents so let that system take its course.  A sweeping prohibition of patents is not the right answer.

The opinions stated herein are the sole opinions of the author and do not reflect the views or opinions of the National Law Review or any of its affiliates


[i] Congressional Progressive Leaders Announce Principles On COVID-19 Drug Pricing for Next Coronavirus Response Package, (2020), https://schakowsky.house.gov/media/press-releases/congressional-progressive-leaders-announce-principles-COVID-19-drug-pricing (last visited May 10, 2020).

[ii] Christina Farr, Why telemedicine has been such a bust so far, CNBC (June 30, 2018), https://www.cnbc.com/2018/06/29/why-telemedicine-is-a-bust.html and Nick Aspinwall, Taiwan Is Exporting Its Coronavirus Successes to the World, Foreign Policy (April 9, 2020), https://foreignpolicy.com/2020/04/09/taiwan-is-exporting-its-coronavirus-successes-to-the-world/.

[iii] Joe Harpaz, 5 Reasons Why Telehealth Is Here To Stay (COVID-19 And Beyond), Forbes (May 4, 2020), https://www.forbes.com/sites/joeharpaz/2020/05/04/5-reasons-why-telehealth-here-to-stay-COVID19/#7c4d941753fb.

[iv] Jessica Davis, OCR Lifts HIPAA Penalties for Telehealth Use During COVID-19, Health IT Security (March 18, 2020), https://healthitsecurity.com/news/ocr-lifts-hipaa-penalties-for-telehealth-use-during-COVID-19.

[v] Charles Alessi, The effect of the COVID-19 epidemic on health and care – is this a portent of the ‘new normal’?, HealthcareITNews (March 31, 2020), https://www.healthcareitnews.com/blog/europe/effect-COVID-19-epidemic-health-and-care-portent-new-normal and COVID-19 and AI: Tracking a Virus, Finding a Treatment, Wall Street Journal (April 17, 2020), https://www.wsj.com/podcasts/wsj-the-future-of-everything/COVID-19-and-ai-tracking-a-virus-finding-a-treatment/f064ac83-c202-40f9-8259-426780b36f2c.

[vi] Sara Castellenos, A Cryptocurrency Technology Finds New Use Tackling Coronavirus, Wall Street Journal (April 23, 2020), https://www.wsj.com/articles/a-cryptocurrency-technology-finds-new-use-tackling-coronavirus-11587675966?mod=article_inline.

[vii] Christopher C. Krebs, MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE, Cybersecurity and Infrastructure Security Agency (March 19, 2020), available at https://www.cisa.gov/sites/default/files/publications/CISA-Guidance-on-Essential-Critical-Infrastructure-Workers-1-20-508c.pdf.

[viii] Alice v. CLS Bank, 573 U.S. 208 (2014), available at https://www.supremecourt.gov/opinions/13pdf/13-298_7lh8.pdf.

[ix] David O. Taylor, Confusing Patent Eligibility, 84 Tenn. L. Rev. 157 (2016), available at https://scholar.smu.edu/cgi/viewcontent.cgi?article=1221&context=law_faculty.

[x] 2019 Revised Patent Subject Matter Eligibility Guidance, United States Patent Office (January 7, 2019), available at https://www.federalregister.gov/documents/2019/01/07/2018-28282/2019-revised-patent-subject-matter-eligibility-guidance.

[xi] Steve Brachmann, Latest CAFC Ruling in Cleveland Clinic Case Confirms That USPTO’s 101 Guidance Holds Little Weight, IPWatchDog (April 7, 2019), https://www.ipwatchdog.com/2019/04/07/latest-cafc-ruling-cleveland-clinic-confirms-uspto-101-guidance-holds-little-weight/id=107998/.

[xii] Id.

[xiii] U.S. Supreme Court Denies Pending Patent Eligibility Petitions, Holland and Knight LLP (January 14, 2020), https://www.jdsupra.com/legalnews/u-s-supreme-court-denies-pending-patent-55501/.

[xiv] Tillis and Coons: What We Learned At Patent Reform Hearings, (June 24, 2019), available at https://www.tillis.senate.gov/2019/6/tillis-and-coons-what-we-learned-at-patent-reform-hearings.

[xv] Gene Quinn, Twisting Facts to Capitalize on COVID-19 Tragedy: Fortress v. bioMerieux, IPWatchDog (March 18, 2020), https://www.ipwatchdog.com/2020/03/18/twisting-facts-capitalize-COVID-19-tragedy-fortress-v-biomerieux/id=119941/.

[xvi] Paul R. Michel, To prepare for the next pandemic, Congress should restore patent protections for diagnostic tests, Roll Call (April 28, 2020), https://www.rollcall.com/2020/04/28/to-prepare-for-the-next-pandemic-congress-should-restore-patent-protections-for-diagnostic-tests/.

[xvii] Medical Technology Innovation Scorecard_The race for global leadership, PwC (January 2011), https://www.pwc.com/il/en/pharmaceuticals/assets/innovation-scorecard.pdf.

[xviii] Elizabeth Snell, How Health Privacy Regulations Hinder Telehealth Adoption, HealthITSecurity (May 5, 2015),https://healthitsecurity.com/news/how-health-privacy-regulations-hinder-telehealth-adoption.


Copyright (C) GLOBAL IP Counselors, LLP

For more on patentability, see the National Law Review Intellectual Property law section.