Category: Uncategorized

Boof!: Pro-Kavanaugh “Robo-Texts” Trigger Potentially Massive TCPA Class Action against Faith and Freedom Coalition, Inc. in Florida

Apparently the Faith and Freedom Coalition (“FFC”)–allegedly some sort of Conservative-leaning PAC– blasted Florida residents with texts urging Senator Bill Nelson to support the Kavanaugh confirmation. The text (allegedly) read as follows:

This is Ralph Reed. A good man is under attack & needs your help. Call Sen Bill Nelson TODAY & tell him to confirm Brett Kavanaugh.

Subtle.

Similar texts were allegedly blasted to a bunch of folks in the area, none of whom–according to the lawsuit–consented to receive those texts.

The complaint–filed Monday in the Southern District of Florida by an agitated citizen named Shehan Wijesinha and found here Wijensinha v FFC—  alleges a class of all persons within the United States that were sent a text message by the Defendant without prior express consent. It is brought by noted TCPA class action attorney Manuel Hiraldo of Hiraldo, P.A.

The TCPA prevents text messages–including political texts–to cellular phones without consent. If the Defendant is found liable for sending the texts under the TCPA it may face exposure as high as $1,500.00 per text. Given the number of texts allegedly at issue in the suit this may cost the FFC many millions of dollars to resolve, a fact that may prompt the FFC to need a Devil’s Triangle this afternoon to unwind. (What? Its a drinking game!)

A recent Wyoming lawsuit found a state corollary law similar to the TCPA unconstitutional as applied to political messages–and you can bet your bottom dollar that the folks at FFC will assert a First Amendment challenge here.

We’ll keep a close eye on this one for you.

 

Copyright © 2018 Womble Bond Dickinson (US) LLP All Rights Reserved.
This post was written by Eric Troutman of Womble Bond Dickinson (US) LLP.

Celebrating the Promise of Mental Health Parity and the Path Forward

This October 3rd marked the 10-year anniversary of the passage of the Mental Health Parity and Addiction Equity Act (MHPAEA). Thinking back to 2008, there had already been several failed attempts to pass a more substantive parity bill. New rounds of negotiations began and were difficult. Substance use disorders (SUD) were still considered a step-child to mental health and labeled a human failing rather than a treatable disease with disabling consequences. If these conditions were not recognized and addressed, it would become a national crisis. However, value change is hard to legislate.

MHPAEA was intended to be more than insurance reform, it was intended to be civil rights legislation that brought mental health (and, for the first time SUD) to a level playing field with physical health. It was a long road to passage because it required a change in health care philosophy and value related to mental health and SUD— not just a change in coverage and payment protocols.

Now, 10 years later, the question is whether the law has changed the playing field to ensure greater access to care and more equitable financial parameters. Close to 100 million people now have parity protections and lives have been saved. Through enforcement of the law more restrictive financial requirements have been removed for patients, additional coverage has been added to insurance plans for mental health/SUD, and overly stringent precertification requirements have been eliminated.

Although the passage of this legislation created a pathway for change, there are still challenges to address.  Discrimination related to SUD remains a challenge, as evidenced by the exclusion of ADA protections for those with SUD.  Advocates continue to call for more transparency, established certifications, expanded provider network capacity, and more guidance on non-quantitative treatment limitations.  The ongoing silos in which mental health/SUD and physical health conditions are treated as separate benefits with their own eligibility, fee schedules for services, credentialing, and poor provider network adequacy continue as areas to be addressed.

A couple of examples in which mental health/SUD services are treated differently: Providers have not been eligible for incentive payments to move to electronic medical records; payers have struggled in designing alternative payment models and value-based payments for providers that move beyond simple process measures;  payment restriction on same-day care are problematic in integrated settings where a person may be seen by both a mental health professional and a non-psychiatric physician; and physicians (non-psychiatrists) providing services in a specialty clinic creates credentialing and payment challenges.

New bipartisan legislation enacted to address the opioid crisis will be an important step to improving access to and the quality of substance use treatment, particularly in the Medicaid and Medicare programs — but doesn’t address the health system transformation that is needed to promote sustainable recovery. That is the challenge we face.

Hopefully our path forward will continue address these issues of implementation, so we approach the day when those living with mental health and substance use disorders will be seen as having a condition or disease that deserves prevention strategies, supports and treatment services, and civil rights protections similar to all other medical conditions.

 

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.
ARTICLE BY: Health Law Practice

The New Jersey Supreme Court’s Latest Decision Affecting Pharmaceutical Multicounty Litigation

On October 3, 2018, the New Jersey Supreme Court made its long-awaited decision in the Accutane Multicounty Litigation. Developed by the New Jersey-based pharmaceutical giant Hoffman-La Roche, Accutane is a prescription acne treatment that has been found to be linked to inflammatory bowel disease.

Numerous plaintiffs filed lawsuits in New Jersey, essentially claiming that, based upon the drug maker’s own internal documents, Accutane’s warnings should have been stronger in stating that Accutane has been found to directly cause inflammatory bowel disease. A Multicounty Litigation was formed, which encompassed 532 plaintiffs – of which 18 were New Jersey residents, and 514 were residents of 44 different jurisdictions other than New Jersey.

In 2015, the trial court basically ruled that NJ’s Product Liability Act governed all of the cases in the Multicounty Litigation. Unlike the law in most other states, New Jersey’s Product Liability Act contains a rebuttable presumption that basically holds that a drug maker’s warning is adequate if it was approved by the United States Food and Drug Administration. The presumption can only be overcome if the plaintiffs show deliberate nondisclosure to the Food and Drug Administration, economically driven manipulation of the regulatory process, or clear and convincing evidence that the drug maker knew or should have known of the inadequacy of the warnings in light of the relevant federal regulations. Having found that the presumption applies to all of the cases, the trial court then held that the plaintiffs could not overcome the presumption and dismissed the cases.

That decision was appealed and the Appellate Division found that New Jersey’s Product Liability Act did not govern all of the cases, and that each case was governed by the respective laws of the jurisdictions where the plaintiff used Accutane. The Appellate Division analyzed the many different legal standards and found that the cases from the vast majority of the jurisdictions involved (including New Jersey), should not be summarily dismissed based on the federal approval presumption.

The matter was then taken up by the Supreme Court, which held that New Jersey has an interest in consistent, fair, and reliable outcomes in its consolidated Multicounty Litigation cases that cannot be achieved by applying a “diverse quilt of laws.” Having found that all of cases in the Multicounty Litigation were governed by New Jersey’s Product Liability Act, the Supreme Court went on to hold that the plaintiffs had not overcome Act’s rebuttable presumption and that the drug maker’s approved warnings were adequate as a matter of law. Accordingly, the Supreme Court dismissed all 532 cases.

The ramifications of the Supreme Court’s holding are still unclear. A recent, palpable lull in New Jersey Multicounty Litigation applications and filings was followed by changes on the bench through judicial retirements and promotions. Thereafter, there was a relative flurry of designations of Multicounty Litigations for Abilify, Taxotere, Zostavax and Physiomesh, all in the late spring and summer of 2018. No doubt, this Supreme Court ruling will serve to shape the procedural structure and legal strategy of the parties in all pending and contemplated pharmaceutical Multicounty Litigations in New Jersey.

 

COPYRIGHT © 2018, Stark & Stark.

The Importance of Information Security Plans

In the first installation of our weekly series during National Cybersecurity Awareness Month, we examine information security plans (ISP) as part of an overall cybersecurity strategy.  Regardless of the size or function of an organization, having an ISP is a critical planning and risk management tool and, depending on the business, it may be required by law.  An ISP details the categories of data collected, the ways that data is processed or used, and the measures in place to protect it.  An ISP should address different categories of data maintained by the organization, including employee data and customer data as well as sensitive business information like trade secrets.

Having an ISP is beneficial for many reasons but there are two primary benefits.  First, once an organization identifies the data it owns and processes, it can more effectively assess risks and protect the data.  Second, in the event of a cyber attack or breach, an organization’s thorough understanding of the types of data it holds and the location of that data will expedite response efforts and reduce financial and reputational damage.

While it is a tedious task to determine the data that an organization collects and create a data inventory from that information, it is well worth the effort.  Once an organization assembles a data inventory, it can assess whether it needs all the data it collects before it invests time, effort and money into protecting it.  From a risk management perspective, it is always best to collect the least amount of information necessary to carry out business functions.  By eliminating unnecessary data, there is less information to protect and, therefore, less information at risk in the event of a cyber attack or breach.

Some state, federal and international laws require an ISP (or something like it).  For example, in Massachusetts, all businesses (regardless of location) that collect personal information of Massachusetts residents, which includes an organization’s own employees, “shall develop, implement, and maintain a comprehensive information security program that is written . . . and contains administrative, technical, and physical safeguards” based on the size, operations and sophistication of the organization.  The MA Office of Consumer Affairs and Business Regulation created a guide for small businesses to assist with compliance.

In Connecticut, while there is no requirement for an ISP, unless you contract with the state or are a health insurer, the state data breach law pertaining to electronically stored information offers a presumption of compliance when there is a breach if the organization timely notifies and reports under the statute and follows its own ISP.  Practically speaking, this means that the state Attorney General’s office is far less likely to launch an investigation into the breach.

On the federal level, by way of example, the Gramm Leach Bliley Act (GLBA) requires financial institutions to have an ISP and the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to perform a risk analysis, which includes an assessment of the types of data collected and how that data is maintained and protected.  Internationally, the EU General Data Privacy Regulation (GDPR), which took effect on May 25, 2018 and applies to many US-based organizations, requires a “record of processing activities.”  While this requirement is more extensive than the ISP requirements noted above, the concept is similar.

Here is a strategy for creating an ISP for your organization:

  1. Identify the departments that collect, store or process data.
  2. Ask each department to identify: (a) the categories of data they collect (e.g., business data and personal data such as name, email address, date of birth, social security number, credit card or financial account number, government ID number, etc.); (b) how and why they collect it; (c) how they use the data; (d) where it is stored; (e) format of the data (paper or electronic); and (f) who has access to it.
  3. Examine the above information and determine whether it needs to continue to be collected or maintained.
  4. Perform a security assessment, including physical and technological safeguards that are in place to protect the data.
  5. Devise additional measures, as necessary, to protect the information identified.  Such measures may include limiting electronic access to certain employees, file encryption, IT security solutions to protect the information from outside intruders or locked file cabinets for paper documents.  Training should always be an identified measure for protecting information and we will explore that topic thoroughly later this month.
© Copyright 2018 Murtha Cullina

“Hey Alexa – Tell Me About Your Security Measures”

California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”).  Governor Brown recently signed into law two nearly identical bills, Assembly Bill No. 1906 and Senate Bill No. 327 (the “Legislation”) each of which required the signing of the other to become law, on September 28th, 2018.   Thus, California becomes the first country in the nation to regulate “connected devices” – the Internet of Things (IoT). The Legislation will go into effect January 2020.

  1. CA IoT Bills Apply to Manufacturers of Connected Devices

This Legislation applies to manufacturers of connected devices sold or offered for sale in California.  A connected device is defined as any device with an Internet Protocol (IP) or Bluetooth address, and capable of connecting directly or indirectly to the Internet.  Beyond examples such as cell phones and laptops, numerous household devices, from appliances such as refrigerators and washing machines, televisions, and children’s toys, could all meet the definition of connected device.

  1. What Must Manufacturers of Connected Devices Must Do

Manufacturers equip the connected device with reasonable security feature(s) that are “appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, [and] designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”

The Legislation provide some guidance as to what will be considered a reasonable security measure.  Devices that provide authentication with either a programmed password unique to the manufactured device, or provide a security feature that forces the user to generate a new means of authentication before access is granted will be deemed to have implemented a reasonable security feature.  The use of a generic, default password will not suffice.

Other than following this guidance, the Legislation does not provide specific methods of providing for reasonable security features.

  1. What Is Not Covered

a. Unaffiliated Third Party Software:  Many connected devices use multiple pieces of software to function.  The Legislation specifically states that “This title shall not be construed to impose any duty upon the manufacturer of a connected device related to unaffiliated third-party software or applications that a user chooses to add to a connected device.”

b. Companies That Provide Mechanisms To Sell Or Distribute Software: Application store owners, and others that provide a means of purchasing or downloading software or applications are not required to enforce compliance.

c. Devices or Functionality Already Regulated by Federal Authority: Connected Devices whose functionality is already covered by federal law, regulations or guidance of a federal agency need not comply.

d. Manufacturers Are Not Required To Lock Down Devices: Manufacturers are not required to prevent users from gaining full control of the device, including being able to load their own software at their own discretion.

  1. No Private Right of Action

No private right of action is provided, instead the “Attorney General, a city attorney, a county counsel, or a district attorney shall have the exclusive authority to enforce this title.”

  1. Not Limited To Personal Information

Previously, other California legislation had required data security measures be implemented.  For example, California’s overarching data security law (Cal. Civ. Code § 1798.71.5), requires reasonable data security measures to protect certain types of personal information.  This current approach is not tied to personal information, but rather applies to any connected device that meets the definition provided.

  1. Likely Consequences After The Legislation Comes Into Effect in January 2020

a. Impact Will Be National: Most all manufacturers will want to sell their devices in California  As such they will need to comply with this California Legislation, as unless they somehow segment which devices are offered for sale in the California market, they will have to effectively comply nationally.

b. While Physical Device Manufacturers Bear Initial Burden, Software Companies Will Be Affected: The Legislation applies to “any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”  While this puts the burden foremost on physical device manufacturers, software companies that provide software to device manufacturers for inclusion on the device before the device is offered for sale will need to support compliance with the Legislation.

c. Merger And Acquisition Events Will Serve As Private Enforcement Mechanisms: While there may not be a private right of action provided, whenever entities or portions of entities that are subject to the Legislation are bought and sold, the buyer will want to ensure compliance by the seller with the Legislation or otherwise ensure that the seller bears the risk or has compensated the buyer.  Effectively, this will mean that companies that want to be acquired will need to come into compliance or face a reduced sales price or a similar mechanism of risk shifting.

 

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

New Wave of Employment Bills Signed into Law by California Governor

On Sunday, September 30, 2018, Governor Jerry Brown signed into law a number of bills that will have a significant impact on litigation and legal counseling in the employment context. Many of the new laws are a response to the traction gained by the “me-too” movement and are summarized herein.

NEW LAWS

AB 3109 – Banning Waiver of Rights to Testify

This new law nullifies any term in a contract or settlement agreement that waives a party’s right to testify in an administrative, legislative or judicial proceeding concerning alleged criminal conduct or sexual harassment. This would apply where the party has been required or requested to attend a proceeding pursuant to a court order, subpoena, or written request from an administrative agency or the legislature.

SB 820 – Settlement Agreements: Confidentiality

The passage of SB 820 prohibits and makes void any provision that prevents the disclosure of information related to civil or administrative complaints of sexual assault, sexual harassment, and workplace harassment or discrimination based on sex. SB 820 authorizes settlement agreement provisions that (1) preclude the disclosure of the amount paid in settlement, and (2) protect the claimant’s identity and any fact that could reveal the identity, so long as the claimant has requested anonymity and the opposing party is not a government agency or public official. SB 820 only impacts settlement agreements entered into after January 1, 2019.

SB 1300 – Unlawful Employment Practices: Discrimination and Harassment

SB 1300 makes it unlawful “for an employer, in exchange for a raise or bonus, or as a condition of employment or continued employment” to “require an employee to sign a release of claim or right.”

The bill also prohibits non-disparagements or other agreements that would “deny the employee the right to disclose information about unlawful acts in the workplace, including, but not limited to, sexual harassment.”

Notably, under this bill, these restrictions would not apply to “a negotiated settlement agreement to resolve an underlying claim . . . that has been filed by an employee in court, before an administrative agency, alternative dispute resolution forum, or through an employer’s internal complaint process,” so long as such agreement is voluntary and involves valuable consideration.

The bill also provides that a prevailing defendant is prohibited from being awarded fees and costs unless the court finds the action was frivolous, unreasonable, or groundless when brought or that the plaintiff continued to litigate after it clearly became so.

Significantly, this new law also expressly affirms or rejects specified judicial decisions, with the impact of making it increasingly difficult for employers to defeat harassment claims on summary judgment. The new law addresses the following judicial decisions:

  • Harris v. Forklift Systems, 510 U.S. 17 (1993): The Legislature affirms of the holding in Harris, which found that in a workplace harassment suit “the plaintiff need not prove that his or her tangible productivity has declined as a result of the harassment. It suffices to prove that a reasonable person subjected to the discriminatory conduct would find, as the plaintiff did, that the harassment so altered working conditions as to make it more difficult to do the job.”

  • Brooks v. City of San Mateo, 229 F.3d 917 (2000): The Legislature prohibits reliance on this opinion to determine what conduct is sufficiently severe or pervasive to constitute actionable harassment under the FEHA.

  • Reid v. Google, Inc., 50 Cal.4th 512 (2010): The Legislature affirmed reliance on the “stray remarks” standard articulated in Reid. Specifically, the California Supreme Court held that the existence of a hostile work environment depends upon the totality of the circumstances and a discriminatory remark, even if not made directly in the context of an employment decision or uttered by a nondecisionmaker, may be relevant, circumstantial evidence of discrimination.

  • Kelley v. Conco Cos., 196 Cal.App.4th 191 (2011): The Legislature explained that the legal standard for sexual harassment should not vary by type of workplace. Further, the Legislature found that it is irrelevant that an occupation may have been characterized by a greater frequency of sexually related commentary or conduct in the past. In determining whether or not a hostile environment existed, the Legislature holds that courts should only consider the nature of the workplace when engaging in or witnessing prurient conduct and commentary is integral to the performance of the job duties.  To that end, the Legislature prohibits reliance on any language in Kelley, which conflicts with these principles.

  • Nazir v. United Airlines, Inc., 178 Cal.App.4th 243 (2009): The Legislature affirmed the decision in Nazir, which observed that hostile working environment cases involve issues “not determinable on paper.” Specifically, SB 1300 states that “Harassment cases are rarely appropriate for disposition on summary judgment.”

SB 1412 – Applicants for Employment: Criminal History

Under existing law, employers, whether a public agency or private individual or corporation, are prohibited from (1) asking an applicant for employment to disclose, (2) seeking from any source, or (3) utilizing as a factor in determining employment, information concerning an applicant’s participation in a pretrial or posttrial diversion program or concerning a conviction that has been judicially dismissed or ordered sealed. It is a crime to intentionally violate these provisions. However, under existing laws, employers are not prohibited from asking an applicant about a criminal conviction or performing a background check regarding a criminal conviction to be considered in determining any condition of employment, so long as (1) the employer is required to obtain information regarding a conviction of an applicant, (2) the applicant would be required to possess or use a firearm in the course of his or her employment, (3) an individual who has been convicted of a crime is prohibited by law from holding the position sought, regardless of whether the conviction has been expunged, judicially ordered sealed, statutorily eradicated, or judicially dismissed following probation, or (4) the employer is prohibited by law from hiring an applicant who has been convicted of a crime.

Under the new law, employers can conduct background checks for employees under certain narrow exceptions. Specifically, under the new law, an employer, whether a public agency or private individual or corporation, cannot seek information regarding an applicant’s arrest or detention that did not result in conviction or occurred while the applicant was subject to the jurisdiction of the juvenile court. Nor can an employer seek information concerning a referral to, and participation in, any pretrial or posttrial diversion program, or concerning a conviction that has been judicially dismissed or ordered sealed pursuant to law. An employer may not consider such information when determining any condition of employment. However, under the new law, an employer may conduct a background check under narrow circumstances where: (1) the employer is a health facility as defined under Section 1250 of the Health and Safety Code; (2) an applicant’s juvenile arrest or detention resulted in a felony or misdemeanor conviction that occurred within five years preceding the application for employment; (3) the employer is required to obtain information regarding a conviction of an applicant; (4) the applicant would be required to possess or use a firearm in the course of his or her employment; (5) an individual who has been convicted of a crime is prohibited by law from holding the position sought, regardless of whether the conviction has been expunged, judicially ordered sealed, statutorily eradicated, or judicially dismissed following probation; or (6) the employer is prohibited by law from hiring an applicant who has been convicted of a crime.

AB 1976 – Lactation Accommodation

Existing law requires employers to provide a reasonable amount of break time to accommodate employees who are breastfeeding and requires an employer to make reasonable efforts to provide the employee with the use of a room or other location, other than a toilet stall, in close proximity to the employee’s work area, for the employee to breastfeed privately.

This new law clarifies what it means to make reasonable efforts to provide the employee with the use of a room or other location, other than a bathroom, in close proximity to the employee’s work area, for the employee to breastfeed privately. An employer is deemed to have complied with the law if it makes a temporary lactation location available to an employee, so long as: (1) the employer is unable to provide a permanent lactation location because of operational, financial, or space limitations; (2) the temporary lactation location is private and free from intrusion while an employee expresses milk; (3) the temporary lactation location is used only for lactation purposes while an employee expresses milk; (4) the temporary lactation location otherwise meets the requirements of state law concerning lactation accommodation. If the employer can demonstrate to the Department of Industrial Relations that this requirement would impose an undue hardship, the new law requires the employer to make reasonable efforts to provide a room or location for expressing milk that is not a toilet stall.

SB 1343 – Employers: Sexual Harassment Training Requirements

The new law requires employers with five or more employees, including temporary or seasonable employees, to provide at least 2 hours of sexual harassment training to all supervisors and at least one hour of sexual harassment training to all nonsupervisory employees by January 1, 2020, and one every 2 years thereafter.

AB 2079 – Janitorial Workers: Sexual Violence and Harassment Prevention Training

Introduced as the bill to empower janitors to prevent rape on the night shift, this new law bolsters existing sexual harassment and violence prevention training and prevention measures. The new law establishes the following requirements:

  • Effective January 1, 2020, all employers applying for new or renewed registration must demonstrate completion of sexual harassment violence prevention requirements and provide an attestation to the Labor Commissioner.

  • The Department of Industrial Relations (“DIR”) must convene an advisory committee by July 1, 2019 to develop requirements for qualified organizations and peer-trainers for employers to use in providing training. The DIR must maintain a list of qualified organizations and qualified peer-trainers.

  • Employers, upon request, must provide an employee a copy of all training materials.

AB 2079 would also prohibit the Labor Commissioner from approving a janitorial service employer’s request for registration or for renewal if the employer has not fully satisfied a final judgment to a current or former employee for a violation of the FEHA.

AB 3082 – Training for In-Home Supportive Services

The new law requires the In-Home Supportive Services (“IHSS”) program, administered by the State Department of Social Services and counties, to develop or otherwise identify standard educational material about sexual harassment and the prevention thereof to be made available to IHSS providers and recipients and a proposed method for uniform data collection to identify the prevalence of sexual harassment in the IHSS program. The bill requires the IHSS, on or before September 30, 2019, to provide a copy of the educational material and a description of the proposed method for uniform data collection to the relevant budget and policy committees of the Legislature.

AB 2338 – Talent Agencies: Education and Training

The law requires a talent agency to provide educational materials on sexual harassment prevention, retaliation, and reporting resources and nutrition and eating disorders to its artists. This law would require those educational materials to be in a language the artist understands, and would require the licensee, as part of the application for license renewal, to confirm with the commissioner that it has and will continue to provide the relevant educational materials.

Further, the new law requires that, prior to the issuance of a permit to employ a minor in the entertainment industry, that an age-eligible minor and the minor’s parent or legal guardian receive and complete training in sexual harassment prevention, retaliation, and reporting resources. The bill would further require a talent agency to request and retain a copy of the minor’s entertainment work permit prior to representing or sending a minor artist on an audition, meeting, or interview for engagement of the minor’s services.

To the extent these laws are violated, the commissioner is authorized to assess civil penalties of $100 for each violation, as prescribed.

SB 224 – Person Rights: Civil Liability and Enforcement

The new law provides additional examples of professional relationships where liability for claims of sexual harassment may arise.

VETOED BILLS

Several bills, which Governor Brown vetoed, are also notable because of the major impact they would have had on the employment context, had they been signed into law.

AB 1870 – Employment Discrimination: Limitation of Actions

Currently, under the existing laws, individuals have one year to file an administrative complaint with the Department of Fair Employment and Housing to enforce a FEHA claim. AB 1870 would have amended this deadline, extending it to three years to file a FEHA complaint from the date of the unlawful conduct. The bill would also add a 90-day extension to the filing deadline, which would apply if the aggrieved individual “first obtained knowledge of the facts of the alleged unlawful practice during the 90 days following the expiration of the applicable filing deadline.”

By vetoing this bill, the Governor has curbed the potential for frivolous FEHA lawsuits and the risk of lawsuits where memories of the circumstances giving rise to the claims have faded.

AB 3080 – Employment Discrimination: Enforcement

Governor Brown vetoed AB 3080, which would have prohibited employers from entering into arbitration agreements with employees. The passage of this bill would have directly conflicted with the U.S. Supreme Court’s May 2018 ruling in Epic Systems Corp., v. Lewis, 148 S. Ct. 1612 (2018), which affirmed employment arbitration agreements and class action waivers.

AB 3080 included four key provisions, including: (1) prohibiting arbitration agreements for wage and hour claims and discrimination, harassment and retaliation claims under the Fair Employment and Housing Act; (2) prohibiting employers from taking any employment action against employees who refuse to enter into arbitration agreements; (3) barring confidential agreements regarding harassment (possibly in the context of a settlement as well although the proposed text was not clear as to the scope of the prohibition); and (4) opening the possibility for individual liability for anyone that violates the provisions of the bill.

AB 3081 – Employment: Sexual Harassment

Governor Brown vetoed AB 3081, which broadly attempted to address workplace harassment by issuing three major prohibitions:

  • First, employers and labor contractors would be jointly liable for all civil liability for sexual harassment, including harassment on the basis of pregnancy, childbirth or related conditions. They would be forbidden from retaliating against employees who file claims.

  • Second, AB 3081 would have amended the California Labor Code to prohibit employers from discriminating or retaliating against an employee because of his/her status as a victim of sexual harassment.

  • Third, the bill would create a rebuttable presumption of unlawful retaliation if an employer “discharges, threatens to discharge, demotes, suspends, or in any manner discriminates against” an employee within 30 days after the employer has acquired actual knowledge of the employee’s status as a sexual harassment victim.

The fact that Governor Brown vetoed this bill is not particularly surprising given that he has expressed reluctance to expand concepts of joint liability in the past. However, this decision is still notable given the momentum of the #me-too movement.

TAKEAWAYS

California employers should consider these new laws when negotiating settlement agreements and engaging in litigation.  These laws serve as reminder of how important it is for all employers to review and revise where necessary their anti-harassment, discrimination, and retaliation policies on a more frequent and consistent basis. Importantly, employers may continue using arbitration agreements with class action waivers.

 

Copyright © 2018, Sheppard Mullin Richter & Hampton LLP.

Founder’s Stock – a Legal Fiction

In common usage, a founder is an individual who creates or helps create a company, but in legal terms, there is no such thing as a “founder” or “founder’s stock,” only early participants in a company’s organization and ownership of its initial equity capital. Why is this so? Because, for all practical purposes (from a startup’s point of view), there are two types of stock – common stock and preferred stock – and “founders” are just the initial holders of the company’s common stock, usually before any financing, in-licensing, or contribution of assets. It should be noted that common stock and preferred stock can be divided further into subclasses or series (e.g., Class A common stock, or Series B preferred stock) that further differentiate the rights and privileges of the holders, and additional side agreements can be put into place to further restrict or grant rights to a particular holder of equity, but those topics are beyond the scope of this post.

As background, to create a corporation an individual (the incorporator) needs to file a certificate of incorporation with the Secretary of State of the state of organization (e.g., Massachusetts, Delaware, California, New York). Immediately thereafter, the incorporator will execute an organizational action where they will appoint the initial director(s) of the corporation and resign from their position as the incorporator. The director(s) will then have an organizational meeting where the director(s), among other things, will adopt by-laws, appoint officers, and issue stock to the initial stockholders, typically common stock. The price of that stock initially issued is very low and is normally equal to the par value per share (e.g., $0.0001/share) because the company has just been created and does not have any real value at this point in time.  This initial equity is what is referred to as “founder’s stock”.  And founder’s stock can be issued outright or can be subject to a vesting schedule with unvested shares forfeited back to the company in certain circumstances, usually related to termination of employment.

Why does any of this matter? From an organizational standpoint, it doesn’t matter – up until the point that the company contemplates issuing stock to employees, investors, or other individuals or acquiring or licensing assets.  Often the early employees and individuals will either (i) want to receive common stock at the same price that the founder(s) paid or (ii) want to ensure their interests are protected. For more information on the latter, please read A Balanced Approach to Founder’s Equity.

If an individual wants to receive common stock at the same price paid by the founder(s) and the individual is a service provider, the individual will be deemed to have received compensation equal to the difference between the (i) fair market value of the stock received and (ii) the amount paid by the recipient; this amount can become significant depending on the then current value of the company. Note, the founders did not have to deal with this “compensation” issue because when the founders purchased their shares of the company at the organizational meeting, the fair market value of the company’s shares at such time was almost nothing (as the company had yet to conduct any business). To avoid this recognition of income, service providers will typically accept options with a purchase price per share equal to the current fair market value. Options provide the service provider with the ability to receive equity in the future without the initial upfront cost of the equity and the income tax issue does not present itself here because the exercise price of the option equals the current exercise price of the share. It should be noted that options do not provide the option holder with any rights as a stockholder. There are advantages and disadvantages of owning options in comparison to stock, and a discussion of those issues is beyond the scope of this post.  But it’s also worth noting that, if six months or so after the issuance of founder’s stock there have been no activities that have created value (financing, assets, activities, etc.), it may be possible to still fairly conclude that the company is still nearly worthless, and thus still have an opportunity to issue “founder’s stock” to a new key member joining the team.  You should consult your attorney when such matters arise.

 

©1994-2018 Mintz. All Rights Reserved.
This post was written by Michael Bill of Mintz.

Employment-Based Petitions Exempt (at Least for Now) Under New NTA Policy

Beginning October 1, 2018, U.S. Citizenship and Immigration Service (USCIS) will begin a staggered rollout of a new notice to appear (NTA) policy. The first phase of the rollout does not include employment-based petitions.

The NTA policy authorizes immigration officers to issue NTAs and thus initiate the first step in removal (deportation) proceedings for those deemed to be removable from the United States after the denial of an immigration benefit. USCIS deployed the NTA policy in July 2018 but then later put it on hold while it developed additional guidance for the policy’s application.

In a recent announcement and during a September 27, 2018, stakeholder teleconference, USCIS offered additional details about the policy’s implementation and highlighted the following information:

  • The initial focus is on applications (as opposed to petitions) and the policy affects adjustments of status (Form I-485), applications for naturalization (Form N-400), and applications to extend or change nonimmigrant status (Form I-539), among others.
  • Employment-based petitions (including those based on Forms I-129 and I-140) are not included in the initial rollout, nor are humanitarian applications and petitions.
  • Generally speaking, USCIS will not immediately issue an NTA upon the denial of an immigration benefit. It will wait for the expiration of the motion or appeal period before issuing an NTA—though it is worth noting that USCIS reserves the right to issue an NTA at any point during the adjudication period, where appropriate.
  • The NTA policy does not affect motions to reconsider or reopen, or appeals. If USCIS ultimately approves an application after an NTA has been issued, it will coordinate with U.S. Immigration and Customs Enforcement (ICE) to make sure that ICE is aware of the favorable outcome. USCIS cannot cancel or withdraw an NTA that it has issued.
  • The NTA policy does not include initial requests for deferred action for arrivals (DACA), renewals, or requests for DACA-related benefits.
  • USCIS may, in its discretion, issue an NTA at the request of a removable foreign national so that he or she may seek lawful status or other relief during removal proceedings.
  • As USCIS begins implementing the NTA policy, it will create a public-facing web page that will provide additional guidance on the policy and examples of scenarios that may trigger the issuance of NTAs.

USCIS has not provided a timeline for any additional implementation measures.

 

© 2018, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
Read more on Immigration on the National Law Review’s Immigration Type of law page.

Apple Imposes Privacy Policy Requirement for All Apps Operating on its Platform

As Apple recently reminded developers, starting on October 3, 2018 it will require all apps being submitted for distribution through its app store, or for testing by its TestFlight service, to have a publicly posted privacy policy. This requirement was incorporated into Apple’s App Store Review Guidelines and will apply to all new apps, as well as all updated versions of existing apps. Previously only those apps that collected user information had to have a privacy policy.

Apple’s previous requirements were consistent with a 2012 Joint Statement of Principles agreement that Apple and other app store platforms made with the California Attorney General. In that statement, the platforms agreed to require apps that collect information to conspicuously post a privacy policy telling consumers how their personal data was being collected, used, and shared. To encourage transparency of apps’ privacy practices, the platforms also agreed to allow app developers to link to their privacy policy directly from the store. Finally, the platforms agreed to create ways for consumers to notify them if an app was not living up to its policies, and to respond to such complaints.

The new Guidelines build on the principles established in 2012 and expand the privacy policy requirement to all apps, even utility apps that do not collect user information and apps still in the testing phase. Per the Guidelines, the policy will need to be included in the App Store Connect metadata field and as a link in the app itself. Without the policy, the app will not be reviewed and will not be made available on Apple’s platform.

Under the new Guidelines, an app’s privacy policy must still have a description of what data the app collects, how that data is collected, and how it is used. The policy must also notify users how long the app developer will keep the information it collects and how it will be deleted. The Guidelines also require the policy to inform users how they can revoke their consent (if applicable) for data collection and how to make a request to have their data be deleted. Finally, the policy will have to confirm that the app will follow Apple’s guidelines about sharing information with third parties, and that any third party that the information is sent to will be held to Apple’s data security guidelines. If the app’s privacy policy sets higher standards for data protection than Apple’s guidelines, the third party will have to also meet that benchmark.

Putting it Into Practice: This announcement is a reminder for companies to look at how they are sharing privacy practices with consumers across a variety of platforms, including mobile apps.

 

Copyright © 2018, Sheppard Mullin Richter & Hampton LLP.

Trump Administration Moves to Address Cybersecurity Concerns, Congress Funds Cyber Programs

On September 21, 2018, the Trump Administration released a National Cybersecurity Strategy (“Strategy”), to define its national cybersecurity policy and implement efforts to streamline responsibilities for mitigation and responses to cybersecurity events across federal agencies.  This Strategy also addresses working with the private sector to protect assets, train the workforce and mitigate any future cyber-attacks. 

The National Cybersecurity Strategy, a statement of Administration policy rather than a Presidential directive, builds on prior efforts by the Obama Administration to develop a comprehensive and coherent nationwide strategy to promote cybersecurity across multiple levels of government and among myriad industries.  While other agencies—notably the Departments of Defense and Homeland Security—have issued more narrowly-tailored plans and policies, this is the first major cybersecurity document to apply to the entire federal government.   The Strategy provides an important glimpse into the current Administration’s plan to address the ever-increasing cyber threats to national security imposed by malicious nation-state, non-state, and independent actors.

Specifically, the Strategy identifies four major areas of focus that may be of interest to stakeholders:

  • Supply Chain Risk Management.  Through this Strategy, the Administration directs federal agencies to integrate supply chain risk management practices into agency procurement and traditional risk management processes, including the creation of a supply chain risk assessment shared service to reduce duplicative supply chain activities across federal agencies.  The Strategy also mandates federal investment in more secure supply chain technologies. There are several bills pending before the Congress that would mandate requirements for supply chain risk management for federal agencies into law, including S. 3085, the “Federal Acquisition Supply Chain Security Act of 2018”.   This bill was reported favorably by the Senate Homeland Security and Governmental Affairs Committee on September 26th.  (More information on S. 3085 is available here.)
  • Strengthening Information Sharing Efforts.  The Strategy commits to strengthen information sharing efforts in order to protect critical infrastructure assets and allow information and communications technology (ICT) providers to respond to malicious cyber activity in a more timely and effective manner.  These actions include sharing threat and vulnerability information with cleared ICT operators, declassifying information as much as possible, and promoting an adaptable, sustainable and secure technology supply chain.
  • Building a Robust Cybersecurity Workforce.  The Strategy outlines actions the Administration will take to recruit and maintain a highly skilled cybersecurity workforce through the expansion of Federal recruitment and training efforts, while also re-skilling employees into cybersecurity careers.  It also will explore the capability of maintaining distributed cybersecurity personnel at the Department of Homeland Security that can be deployed across Federal agencies. There are several bills pending before the Congress that would create an employee rotation for government workers focused on cybersecurity.  Among them, S. 3437 the “Federal Rotational Cyber Workforce Program Act of 2018” was reported favorably by the Senate Homeland Security and Governmental Affairs Committee on September 26th.  (More information on S. 3437 is available here.)
  • Deterrence and Offensive Capabilities.  The Strategy authorizes federal agencies to conduct counter-offensive or “hack back” operations against malicious actors.  This continues the Administration’s departure from policies of previous Administrations, including its August decision to rescind Presidential Policy Directive 20, which governed the federal agency approval process for offensive cyber operations.

Recent Congressional Actions on Cybersecurity

In addition to the initiatives specifically outlined above, both chambers of Congress have taken additional steps to address cybersecurity across critical infrastructure sectors.  Importantly, Congress agreed to provide funding and direction for the newly-created Office of Cybersecurity, Energy Security, and Emergency Response (CESER) within the Department of Energy.  The recently enacted FY 2019 Energy and Water, Development and Related Agencies Appropriations bill, which was part of a broader funding package signed into law by the President on September 21, 2018, included $120 million for the CESER office and specific direction that funding be applied to research and development focusing on supply chain risks.  This research may tackle how IT systems, software, and networks pose legitimate cyber risks to the broader infrastructure they serve, including through malware and unknown software vulnerabilities.  The summary and text of the Appropriations bill is available here.

Additionally, this week, the House Energy and Commerce Subcommittee on Energy will hear testimony from Karen Evans, Assistant Secretary for CESER, as a part of its “DOE Modernization” hearing series. Committee members are likely to question Ms. Evans on CESER’s role in the implementation of the Strategy, as well as issues including securing energy infrastructure from cybersecurity threats, public-private partnerships, and electricity grid resilience. Additional information on this hearing is available here.

Outlook

The Strategy is the first step for the Administration to define broader cybersecurity threats and begin to develop a cohesive plan to combat cyber-attacks.  The document itself does not contain many specific imminent actions that the Administration will take and questions remain over who within the Trump Administration is personally responsible for coordinating these and other cybersecurity efforts.

The Strategy does, however, identify areas in which the Administration will seek to work with Congress on legislative solutions to promote these goals.  For example, the document specifically references efforts to work with Congress to “update electronic surveillance and computer crime statutes” to better enable law enforcement to deter criminal activity.  Further, the Administration indicates it will work with the Congress to promote education and training opportunities to develop a robust cybersecurity workforce.  Congress has been innately focused on cyber workforce issues already, with a slate of existing bills introduced by members of both parties to strengthen education and training programs in this area as noted above.

With midterm elections looming in 41 days, both Democrats and Republicans in Congress are preparing their legislative agendas for the 116th Congress set to convene in January.  Democrats and Republicans alike have indicated that cybersecurity will be at the top of the legislative agenda.  Whether  it is through action on election security, autonomous vehicles, electric utility stabilization policies, or other critical infrastructure areas, cybersecurity will continue be a major topic of discussion through 2019.

This post was written by Tracy A. Nagelbush and Michael Weiner of Van Ness Feldman LLP.

 

© 2018 Van Ness Feldman LLP