Sex and the (Nursing) Facility

Intervening When Nursing Home Residents with Dementia Engage in Sexual Activity

If Carrie Bradshaw finds herself in a nursing home one day, what obligations will the nursing home have to oversee her sex life? The federal court of appeals in Chicago addressed that question recently, holding that skilled nursing facilities have an obligation to intervene when residents with dementia or Alzheimer’s disease engage in sexual activity.

In Neighbors Rehabilitation Center, LLC v. United States Department of Health and Human Services, three residents who suffered from dementia and/or Alzheimer’s disease engaged in what the facility viewed as consensual sexual activities. One 80-year-old resident suffered from dementia but functioned at a relatively high level. His care plan required staff to assess whether his behavior endangered other residents and to intervene as necessary. Another 65-year-old male resident with Alzheimer’s and dementia had significant cognitive impairments and had exhibited socially inappropriate behaviors, including asking staff to perform sex acts and inappropriately touching staff. The third resident, a 77-year-old female who suffered from Alzheimer’s, had low cognitive functioning and severe hearing impairment.

At various times, the nursing facility staff found two of these residents engaged in sexual activities but failed to intervene because staff viewed the acts as consensual. A survey by the Illinois Department of Public Health, acting for itself and for the Centers for Medicare & Medicaid Services (CMS), cited the nursing facility with an immediate jeopardy violation for failing to adequately supervise the residents and a level J violation of the federal nursing home standards. The surveyors alleged that the nursing facility allowed residents to have consensual sexual interactions and that supervisors told staff they should not intervene or report sexual interactions unless a participant showed outward signs of non-consent.

The nursing facility argued that even residents with cognitive impairments have the right to engage in consensual intimate relationships and that staff monitored the relationships in question as necessary.
The CMS administrative law judge upheld the survey findings after a hearing. In response, the CMS Appeals Board and the nursing facility appealed those decisions to the federal court.

The federal appeals court began its analysis by noting that the facility did not dispute that the sexual interactions had occurred. Rather, the facility only disputed whether its handling of the interactions was inadequate or hazardous under the applicable regulations.

The facility alleged that it had sufficiently monitored the residents’ interactions in a way that properly balanced the residents’ need for privacy against their right to safety and that the staff knew to look for signs that any interaction was not consensual. The court noted, however, that when nursing home residents have cognitive or physical impairments, a facility must ensure that such intimate relationships are, in fact, consensual and that the nursing facility had failed to exercise that level of care.

The court also noted that the facility records showed no evidence that it had undertaken any investigation into whether the interactions at issue were consensual or whether the residents had the capacity to consent.

The federal appeals court, therefore, upheld the finding by the CMS Appeals Board.  Because the facility failed to 1) talk to the residents about their feelings regarding these relationships, 2) document the residents’ capacity for consent and 3) obtain medical assessments of how the residents’ cognitive deficits affected their capacity to consent, the level J violation and the immediate jeopardy findings were correct.

Skilled nursing homes often have to balance residents’ right to privacy against their ability to consent to sexual activity. As with many other concerns faced by nursing facilities, the failure to document residents’ capacity to consent, consult with residents’ physicians and discuss the issue with the residents themselves is a recipe for disaster.

Carrie’s sex life will continue to be overanalyzed, even in her old age.

© 2019 Much Shelist, P.C.
This post was written by Robert K. Neiman of Much Shelist, P.C.

FTC Settlement with Video Social Networking App Largest Civil Penalty in a Children’s Privacy Case

The Federal Trade Commission (FTC) announced a settlement with Musical.ly, a Cayman Islands corporation with its principal place of business in Shanghai, China, resolving allegations that the defendants violated the Children’s Online Privacy Protection Act (COPPA) Rule.

Musical.ly operates a video social networking app with 200 million users worldwide and 65 million in the United States. The app provides a platform for users to create short videos of themselves or others lip-syncing to music and share those videos with other users. The app also provides a platform for users to connect and interact with other users, and until October 2016 had a feature that allowed a user to tap on the “my city” tab and receive a list of other users within a 50-mile radius.

According to the complaint the defendants (1) were aware that a significant percentage of users were younger than 13 years of age and (2) had received thousands of complaints from parents that their children under 13 had created Muscial.ly accounts.

The FTC’s COPPA Rule prohibits the unauthorized or unnecessary collection of children’s personal information online by internet website operators and online services, and requires that verifiable parental consent be obtained prior to the collecting, using, and/or disclosing personal information of children under the age of 13.

In addition to requiring the payment of the largest civil penalty ever imposed for a COPPA case ($5.7 million), the consent decree prohibits the defendants from violating the COPPA Rule and requires that they delete and destroy all of the personal information of children in their possession, custody, or control unless verifiable parental consent has been obtained.

FTC Commissioners Chopra and Slaughter issued a joint statement noting their belief that the FTC should prioritize uncovering the role of corporate officers and directors and hold accountable everyone who broke the law.

 

©2019 Drinker Biddle & Reath LLP. All Rights Reserved

Supreme Court Clarifies Copyright Law: “Application” v. “Registration” Finally Resolved

On Monday, March 4, 2019, the United States Supreme Court issued an opinion that clarified the long-standing issue of whether a plaintiff bringing a copyright infringement action has to have an issued registration or just a pending application. Justice Ginsburg, writing for a unanimous court, sided with the “registration approach,” which requires a litigant to have an issued registration, or a rejected application, subject to certain limited exceptions. For decades, copyright owners and their attorneys faced a patch-work of circuit and district court decisions that required either (i) an issued registration to institute an infringement action or (ii) merely have made an application to register the work(s) at issue. This decision provides certainty going forward.

In Fourth Estate Public Benefit Corp. v. Wall-Street.com, LLC, No. 17-571, the copyright owner Fourth Estate sued Wall-Street for use of news articles after a licensing agreement between the parties was terminated. Fourth Estate sued Wall-Street and its owner after it applied to register for copyright registrations for the news articles at issue but before any registrations issued. The District Court dismissed the action on defendants’ motion, the Eleventh Circuit affirmed, and the Supreme Court affirmed.

Under the Copyright Act of 1976, as amended, copyright protection attaches to “original works of authorship”— prominent among them, literary, musical, and dramatic works—“fixed in any tangible medium of expression.” 17 U.S.C. § 102(a). Before pursuing a claim for infringement, a copyright owner must comply with § 411(a)’s requirement that “registration of the copyright claim has been made.” Although rights exist before registration, the registration is a requirement that must be administratively exhausted before filing suit. An owner therefore must have an issued registration or a refusal to register from the Copyright Office. The Supreme Court referred to this as “an administrative exhaustion requirement.”

Limited exceptions apply. For example, for works that are particularly vulnerable to predistribution infringement, such as movies or musical compositions, an owner may apply for “preregistration” in which the Copyright Office conducts a limit review. Once a work is “preregistered” the owner may bring suit. However, the owner must also go on and fully register the work thereafter to maintain the action. Another exception covers live broadcasts. Suit may be brought before registration but must be made within three months of the first transmission.

For owners of copyright protected works, the take-away lesson from this decision is to register more of the works that could be subject to infringement. Strategies for protecting works, such as furniture, apparel, and musical works, have become more nuanced and strategic in recent years.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
Read More IP news on the National Law Review’s IP Type of law page.

The Digital Revolution Takes on New Meaning: Among Calls for Heightened U.S. Data Privacy Measures, California is King

California’s ambitious new data privacy law, the California Consumer Privacy Act of 2018 (“CCPA”),[1] will go into effect on January 1, 2020, and promises to bring a new era of digital regulation to America’s shores. Financial institutions that just navigated their way through implementing the European Union’s General Data Protection Regulation (“GDPR”),[2] which became effective in May 2018,[3] may be uneasy about the prospect of complying with yet another new data privacy compliance regime. They will find some comfort in the fact that many of the systems and processes designed for GDPR compliance will serve their needs under the CCPA as well. However, between now and the go-live date of the CCPA, U.S. federal and state laws and regulations are likely to continue to evolve and expand, and financial institutions will need to prepare for CCPA implementation while staying abreast of other fast-moving developments. In this article, we provide some key takeaways for how firms can be as prepared as possible for the continuing evolution of U.S. data privacy law.

  1. The New California Data Privacy Law Will Apply Broadly to Financial Institutions with Customers in California

Financial institutions with customers who are California residents almost certainly fit within the types of businesses to which the CCPA will apply. A “business” subject to the CCPA includes for-profit sole proprietorships, partnerships, limited liability companies, corporations, associations, or any other legal entities that collect consumers’ personal information and that satisfy one or more of the following criteria:

  • has annual gross revenues in excess of $25 million;

  • alone or in combination annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices; or

  • derives 50% or more of its annual revenue from selling consumers’ personal information.[4]

The CCPA also applies to legal entities that control or are controlled by a CCPA-covered business, and where the two legal entities share common branding (such as a shared name, servicemark, or trademark).[5]

For U.S. businesses seeking to remain outside the purview of the CCPA, the available carve-out is extremely narrow. Businesses that collect or sell the personal information of a California resident are exempt from the CCPA only if “every aspect of that commercial conduct takes place wholly outside of California.” This requires that (a) the personal information must have been collected when the consumer was outside of California, (b) no part of the sale of the consumer’s personal information occurred in California, and (c) no personal information collected while the consumer was in California was sold. In practice, this means that any firm with a website or other digital presence visited by California residents will likely be ensnared by the CCPA even if they lack employees or a physical presence in the state.[6]

Businesses that fail to comply with the CCPA are subject to the possibility of a state enforcement action and consumer lawsuits (available only after providing notice to the business and the business fails to cure the violation within 30 days).[7] However, unlike the GDPR which can impose fines calculated as a factor of global revenue, the CCPA assesses penalties of up to $2,500 per violation and up to $7,500 per intentional violation.[8]

  1. California’s Expansive Concept of “Personal Information” Is Similar to the GDPR

When determining what consumer data will constitute personal information under the CCPA, firms can look to certain similarities with the GDPR.

Under the CCPA, “personal information” means “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes, but is not limited to, names, addresses, identification number (such as social security, driver’s license, or passport), email address, and Internet Protocol (IP) address. It also includes biometric information, internet activity information (such as web browser or search history, or information regarding a consumer’s interaction with a website), geolocation data, and employment-related or education information.[9] This definition is largely consistent with how the GDPR broadly defines “personal data” for residents of the EU.[10]

The CCPA does not apply to data that has been “deidentified,” which means personal information that cannot reasonably identify, relate to, describe, or be linked to a particular consumer.[11] This is akin to the GDPR’s exclusion for “anonymized” data which cannot be used to identify a data subject. In addition, the CCPA does not apply to “aggregate consumer information,” which is information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household or device.[12]

One difference between the two regimes, however, is that the CCPA’s definition of personal information excludes “publicly available” information, which is information that is lawfully made available from federal, state, or local government records.[13] The GDPR does not have a similar exception and instead provides the same protections to personal data regardless of its source.

  • California Consumers Will Enjoy a New Bill of Rights Protecting their Personal Information

Another similarity between the CCPA and the GDPR is the recognition of several fundamental rights that consumers will soon enjoy relating to the collection, use, and sale of their personal information. Under the CCPA, these can effectively be described as:

  • Right of Disclosure. A business that collects a consumer’s personal information will be required, at or before the point of collection, to inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information will be used.[14] A consumer, e., a “natural person who is a California resident,” will also have the right to request such a business disclose to that consumer the categories and specific pieces of personal information the business has collected.[15] Such a request must be complied with promptly, by mail or electronically, and free of charge to the consumer; however, businesses will not be required to provide such information per consumer request more than twice in a 12-month period.[16] Together with this right, consumers will also have the ability to request the business or commercial purpose for collecting or selling personal information, and the categories of third parties with whom the business shares personal information.[17] Finally, consumers will have the right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose what personal information was collected and the categories of third parties to whom it was sold.[18]

  • Right of Deletion. A consumer will have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.[19] If a business has received such a request, it will be required not only to delete the consumer’s personal information from its records, but also to direct any service providers to do the same.[20] This obligation to delete personal information at consumer request is subject to several exceptions, including for the completion of a financial transaction, to detect security incidents or debug errors, and to comply with legal obligations.[21]

  • Right to “Opt Out.” A consumer will have the right to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information going forward.[22] Once a business has received such an instruction from a consumer, it may not resume selling that consumer’s personal information unless express authorized to do so.[23] This right of a consumer to “opt out” must be clearly communicated to consumers on a business’ website under a banner titled “Do Not Sell My Personal Information,” with an accompanying link that enables a customer to opt out of the sale of the consumer’s personal information.[24]

  • Right to Non-Discrimination. Businesses will be prohibited from discriminating against consumers who exercise their various rights under the CCPA by denying them goods or services, charging different prices, or providing a different level or quality of goods or services.[25]

  1. Financial Institutions Should Not Expect a Complete Carve-Out Under Federal Law

The CCPA will not apply to personal information that is collected, processed, sold, or disclosed under certain federal laws.[26] One such law is the Gramm-Leach-Bliley Act (“GLBA”),[27] which covers financial institutions that offer consumers financial products, like banks, and contains its own consumer privacy-related protections.[28] However, this is not a complete exception because the CCPA defines personal information far more broadly than the financial-transaction-related data contemplated by the GLBA, and includes such data as browser history and IP address. As a result, firms will need to contemplate what personal information they collect in addition to what is captured under the GLBA and be prepared to protect it accordingly under the CCPA.

  1. Conclusion

California may be the next big word on U.S. data privacy legislation, but it is unlikely to be the last. In recent years, Congress and other states have faced increased pressure to explore new cybersecurity and data privacy legislation due to a multitude of factors including a growing awareness of how businesses collect and use personal information as seen with Cambridge Analytica’s use of Facebook data, and public frustration with companies’ perceived lackluster responses to major customer data breaches.[29] A recent report from the U.S. Government Accountability Office further highlights America’s growing appetite for GDPR-like legislation, calling it an “appropriate time for Congress to consider comprehensive Internet privacy legislation.”[30]  And while the last Congress failed to enact any new national data privacy legislation into law, both the House and Senate have held hearings recently to receive testimony on guiding principles for a potential federal data privacy law, with a key question being whether any such law should preempt state laws like the CCPA.[31] So while a full-blown U.S. equivalent of the GDPR may not yet be in the cards, the current mood among the public and among lawmakers points in the direction of more rather than less intensive data privacy rules to come.

1  SB-1121 California Consumer Privacy Act of 2018 (Sept. 24, 2018), 

2 European Commission, General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament.

3  See Joseph Moreno et al., The EU’s New Data Protection Regulation – Are Your Cybersecurity and Data Protection Measures up to Scratch?, Cadwalader, Wickersham & Taft LLP (Mar. 6, 2017), .

4   Cal. Civ. Code § 1798.140(c)(1).

5   § 1798.140(c)(2).

6   § 1798.145(a)(6).

7   § 1798.150(b).

8   § 1798.155(b).

9   § 1798.140(o)(1).

10  Article 4 of the GDPR defines “personal data” as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

11  § 1798.140(h).

12  § 1798.140(a).

13  § 1798.140(o)(2). Under the CCPA, personal information loses its “publically available” designation if that data is “used for a purpose that is not compatible with the purpose for which the data is maintained and made available in the government records or for which it is publicly maintained.” Id.

14  § 1798.100(b).

15  § 1798.100(a).

16  § 1798.100(d).

17  § 1798.110(a).

18  § 1798.115(a).

19  § 1798.105(a).

20  § 1798.105(c).

21  § 1798.105(d).

22  § 1798.120(a).

23  § 1798.120(c).

24  § 1798.135(a)(1).

25  § 1798.125(a)(1).

26  § 1798.145(e).

27  15 U.S.C. §§ 6801-6809, 6821-6827.

28  Federal Financial Institutions Examination Council, Gramm-Leach-Bliley Summary of Provisions.

29  See Joseph Moreno, States Respond to Equifax Cyber Breach with Enforcement Actions and Calls for Enhanced Regulatory Powers, Cadwalader, Wickersham & Taft LLP (Oct. 13, 2017).

30  United States Government Accountability Office, Internet Privacy Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility (Jan. 2019), https://www.gao.gov/assets/700/696437.pdf.

31  U.S. House Committee on Energy & Commerce Subcommittee on Consumer Protection & Commerce, Hearing on “Protecting Consumer Privacy in the Era of Big Data(Feb. 26, 2019), ; U.S. Senate Committee on Commerce, Science, and Transportation, Policy Principles for a Federal Data Privacy Framework in the United States (Feb. 27, 2019), ; Alfred Ng, At Hearing on Federal Data-Privacy Law, Debate Flares Over State Rules, CNET (Feb. 26, 2019), ; Daniel R. Stoller, New FTC Powers Weighed in Senate Data Privacy Hearing (1), Bloomberg Law (Feb. 27, 2019), .

 

© Copyright 2019 Cadwalader, Wickersham & Taft LLP

Lactation Law Update: New York and Illinois

Recent developments require employers to reevaluate their lactation and nursing policies and practices to ensure that they are in compliance with newly enacted local laws in New York City and Illinois.

Changes to New York City Lactation Laws: Effective March 17, 2019

Since 2007, New York City employers with four or more employees have been required to provide reasonable unpaid break time (or to allow an employee to use paid break/meal time) to express breast milk in the workplace, for up to three years following the birth of a child, and to make reasonable efforts to provide a room, other than a restroom, to express milk in private.

Additional lactation-related obligations for New York City employers with four or more employees go into effect on March 17, 2019. For example, by that date, a covered employer must provide lactating employees with a sanitary “lactation room,” which is not a restroom, and which has, at minimum, an electrical outlet, a chair, a surface on which to place a breast pump and other personal items, and nearby access to running water. The lactation room must be made available to the employee for lactation purposes only when it is needed (and notice to other employees regarding the same is required), and a refrigerator and the room itself must be in “reasonable proximity” to the employee’s work area.

Notably, the required lactation room must be provided unless the employer can establish an “undue hardship,” in which case the employer must engage in a cooperative dialogue with the employee to determine alternative accommodations and issue a final written determination to the employee that identifies any accommodation(s) that were granted or denied.

In addition, by March 17, 2019, a covered employer in New York City must implement a written lactation room accommodation policy, which states that employees have the right to request a lactation room and identifies the process (as outlined in the Administrative Code) by which an employee may request a lactation room. All new employees must receive the lactation room policy upon hire.

Changes to Illinois’s Lactation Law: Effective August 2018

Like many employers in New York, Illinois employers with five or more employees have been required, since 2001, to provide employees with reasonable unpaid break time to express breast milk, in an appropriate room that is not a toilet stall.

Effective August 2018, the Illinois Nursing Mothers in the Workplace Act was amended. Now, Illinois employers with at least five employees must provide “reasonable break time” each time an employee needs to express breast milk, for up to one year following the child’s birth. While the break time “may” run concurrently with any other break time, the employee’s pay cannot be reduced due to the time spent expressing milk or nursing a baby – meaning, in effect, that any additional break time needed to express milk or nurse must be paid. Further, covered employers in Illinois who do not provide the requisite break time must show, if challenged, that providing the breaks is an “undue hardship” – a heightened burden than that previously imposed under the Act.

Employers should act quickly to ensure full compliance with all of the requirements of the new lactation laws.

 

© 2019 Vedder Price.
This post was written by Elizabeth N. Hall and Grace L. Urban

Update to Price Gouging Prohibitions in Disaster Zones in California

California’s 2017 wildfire season – which caused at least 47 deaths, and destroyed approximately 1.4 million acres of land and 11 thousand structures – was unprecedented at the time, both in scope and destruction. Following the 2017 wildfire season, the pricing of consumer goods and services – which is normally best left to the marketplace under ordinary conditions – experienced abnormal market disruptions, both at the state and local-levels. This led to increased complaints of unlawful “price gouging” for goods and services offered in markets affected by wildfires, including rental housing.

As a result, in January, 2018, the California Committee on Public Safety introduced Assembly Bill (AB) 1919, which amends §396 of the CA Penal Code (California’s price gouging statute).

AB 1919 went into effect on January 1, 2019, and applies to owners/landlords of residential homes, as well as owners of multifamily and hotel properties. Following is a summary of a number of significant restrictions on residential landlords’ ability to increase rents following a disaster under the new law.

PRIOR LAW DID NOT COVER NEW RENTAL UNITS

Under prior law, following a declared state of emergency (either at the State or local level), an owner/landlord could not increase an existing tenant’s rent by more than 10% for a period of 30 days following the declared state of emergency. The prior law did not, however, cover new rental units coming on line during or immediately following a declared state of emergency, nor did it address when (i) a declared state of emergency was extended, or (ii) the Governor or another local authority extended the prohibition on price gouging during a declared state of emergency (both of which happened in each of the past two California wildfire seasons).

Following the 2017 wildfires, these “loopholes” resulted in numerous complaints of unlawful price gouging, with owners of residential housing exploiting the marketplace/displaced residents by increasing existing tenants’ rents by up to 35% following the expiration of the initial 30-day period, or relocating from their homes and offering the same as rental housing at well-above market rent prices. AB 1919 seeks to close such loopholes.

NEW LAW LIMITS THE INCREASE OF RENT ON NEW AND EXISTING UNITS

Under the new law, following a declared state of emergency, an owner/landlord cannot (i) increase an existing tenant’s “rental price” by more than 10% of the then-current rent, or (ii) increase the “rental price” advertised or offered to prospective tenants by more than 10% of the “rental price” advertised or offered to prospective tenants prior to the declared state of emergency, in each case for a period of 30 days following the declared state of emergency or for any period of time that such declaration is extended.

The statutory definition of “Rental Price”, which provides guidance on the various caps on rent increases, is as follows:

  1. For housing rented within one year prior to the declaration of emergency, the “Rental Price” is the actual rent paid by the existing or prior tenant.
  2. For housing not rented at the time of the declaration, but rented, or offered for rent, within one year prior to the declaration, the “Rental Price” is the most recent rent offered before the declaration.
  3. For housing rented at the time of the declaration but which (i) becomes vacant during the declaration, and (ii) is subject to any local ordinance/rule that establishes a maximum amount that a landlord may charge a tenant [e.g., rent control], the “Rental Price” is the greater of (A) the actual rent paid by the prior tenant, or (B) 160% of the “Fair Market Rents” (FMRs) established by the U.S. Department of Housing and Urban Development (FMRs for all counties are posted on the HUD website).
  4. For housing not rented and not offered for rent within one year prior to the declaration, the “Rental Price” is 160% of fair market rent per HUD.

Note that the new law allows owners/landlords to increase the cap on rent increases from 10% to 15% under certain circumstances, including if such owners/ landlords incur costs for furnishing previously un-furnished rental units.

Note also that the new law prohibits vendors or suppliers of building materials (i.e., lumber, construction tools, windows, and anything else used in the building or rebuilding of property) from increasing the cost of such materials by more than 10% for a period of 30 days following a declared state of emergency (with certain exceptions for actually-incurred costs).

In addition, the new law prohibits contractors working on residential or commercial projects from increasing prices for any repair or reconstruction services (i.e., any services performed by a licensed contractor for repairs to residential or commercial property of any type that is damaged as a result of a disaster) by more than 10% for a period of 180 days following a declared state of emergency (again, with certain exceptions for actually-incurred costs).

PENALTIES

Failure to comply with §396 of the Penal Code is a misdemeanor offense and can result in various penalties, including fines of up to $10,000 and up to one year’s imprisonment, in addition to injunctive relief and civil penalties.

CONCLUSION

Given the recent increase in wildfires throughout the state, commercial landlords and investors/developers of multifamily or hotel properties that are active and/or interested in becoming active in wildfire-prone California markets (e.g., Napa, Sonoma, Butte, Lake, Mendocino, Nevada and Yuba Counties, based off of prior declared states of emergency), should be cognizant of the new limits imposed on rent increases by AB 1919.

© 2010-2019 Allen Matkins Leck Gamble Mallory & Natsis LLP
Read more legal news from California on our California Jurisdiction page.

Using Prior FCC Rulings and Focusing on Human Intervention, Court Finds Texting Platform Is Not An ATDS

In today’s world of ever-conflicting TCPA rulings, it is important to remember that, where courts are asked to determine the TCPA’s ATDS definition, their inquiry will revolve around the question of whether that definition includes only devices that actually generate random or sequential numbers or also devices with a broader range of functionalities.  However, it is also important to remember that, when courts are trying to determine whether a calling/text messaging system meets the ATDS definition, focusing on the level of human intervention used in making a call or sending a text message is a separate decisive inquiry that also must be made.

As we’ve previously mentioned, this latter inquiry is important in all types of TCPA cases, but recently the issue has been given special attention in cases regarding text messages and text messaging platforms.  Indeed, this happened again yesterday when the court in Duran v. La Boom Disco determined a nightclub’s use of text messaging did not violate the TCPA because of the level of human involvement exhibited by the nightclub in operating the software and scheduling the sending of messages.

Background

In Duran v. La Boom Disco, the United States District Court for the Eastern District of New York was tasked with analyzing the ExpressText and EZ Texting platforms, which are text messaging software platforms offered to businesses and franchises, whereby the business can write, program, and schedule text messages to be sent to a curated list of consumer mobile phone numbers.

At first glance, the facts in Duran appear to signal a slam dunk case for the plaintiff.  The defendant nightclub had used the ExpressText and EZ Texting platforms to send marketing text messages to the plaintiff after he replied to a call-to-action advertisement by texting the keyword “TROPICAL” to obtain free admission to the nightclub for a Saturday night event.  Importantly, though, after the plaintiff texted this keyword, he never received a second text messaging asking whether he consented to receive recurring automated text messages (commonly referred to as a “double opt-in” message).  He did, however, receive approximately 100 text messages advertising other events at the nightclub and encouraging him to buy tickets, which ultimately led him to bring a TCPA action against the club.

Accordingly, the initial issue that the Duran court was tasked with deciding was whether the defendant nightclub had texted the plaintiff without his prior express written consent.  The court quickly dispensed with it, determining that the nightclub had not properly obtained written consent from the plaintiff, as it had failed to use a double opt-in process to ensure the plaintiff explicitly agreed to receive recurring automated marketing text message and could not otherwise prove that the plaintiff explicitly consented to receiving recurring messages or a marketing nature (which, under the TCPA, the nightclub had the burden to prove).

At this stage, then, things were looking bad for the nightclub.  However, this was not the end of the court’s analysis, as the nightclub could only be liable for sending these non-consented-to messages if they had been sent using an ATDS.  Thus, the court turned to its second – and much more important – line of inquiry: whether the ExpressText and EZ Texting software, as used by the nightclub to text the plaintiff, qualified as an ATDS.

Defining the ATDS Term in the Aftermath of ACA International

In order to determine whether the ExpressText and EZ Texting platforms met the TCPA’s ATDS definition, the court performed an analysis that has become all too common since the FCC’s 2015 Declaratory Order was struck down in ACA International: determining what the appropriate definition of ATDS actually is.  With respect to this issue, the litigants took the same positions that we typically see advanced.  The plaintiff argued that the ExpressText and EZ Texting platforms were the equivalent of “predictive dialers” that could “dial numbers from a stored list,” which were included within the TCPA’s ATDS definition.  The Nightclub countered that predictive dialers and devices that dialed from a database fell outside of the ATDS definition, meaning the nightclub’s use of the ExpressText and EZ Texting platforms should not result in TCPA liability.

The court began the inquiry with what is now the all-too-familiar analysis of the extent to which the D.C. Circuit’s opinion in ACA International invalidated the FCC’s prior 2003 and 2008 predictive dialer rulings.  After examining the opinion, the court found that those prior rulings still remained intact because “the logic behind invalidating the 2015 Order does not apply to the prior FCC orders.”  The court then concluded that, because the 2003 and 2008 ATDS rulings remained valid, it could use the FCC’s 2003 and 2008 orders to define the ATDS term, and that, based on these rulings, the TCPA also prohibited defendants from sending automated text messages using predictive dialers and/or any dialing system that “dial numbers from a stored list.”

However, the fact that the ExpressText and EZ Texting platforms dialed numbers from a stored list did not end the inquiry since, under the 2003 and 2008 orders, “equipment can only meet the definition of an autodialer if it pulls from a list of numbers, [and] also has the capacity to dial those numbers without human intervention.”  And it was here where the plaintiff’s case fell apart, for while the ExpressText and EX Texting platforms dialed from stored lists and saved databases, these platforms could not dial the stored numbers without a human’s assistance.  As the court explained:

When the FCC expanded the definition of an autodialer to include predictive dialers, the FCC emphasized that ‘[t]he principal feature of predictive dialing software is a timing function.’  Thus, the human-intervention test turns not on whether the user must send each individual message, but rather on whether the user (not the software) determines the time at which the numbers are dialed….  There is no dispute that for the [ExpressText and EZ Texting] programs to function, ‘a human agent must determine the time to send the message, the content of the messages, and upload the numbers to be texted into the system.’

In sum, because a user determines the time at which the ExpressText and EZ Texting programs send messages to recipients, they operate with too much human involvement to meet the definition of an autodialer.

Human Intervention Saves the Day (Again)

In Duran, the district court made multiple findings that would ordinarily signal doom for a defendant: it broadly defined the ATDS term to include predictive dialers and devices that dialed numbers from a stored list/database and it found the nightclub’s text messages to have been sent without appropriately obtaining the plaintiff’s express written consent.  However, despite these holdings, the nightclub was still able to come out victorious because of the district court’s inquiry into the human intervention issue and because the ExpressText and EZ Texting platforms the nightclub used required just enough human involvement to move the systems into a zone of protection.  In many ways, this holding – and the analysis employed – is unique; however, with respect to the focus on the human intervention requirement, the district court’s decision can be seen as another step down a path that has been favorable to web-based text messaging platforms.

Indeed, over the course of the last two years, several courts have made it a point to note that the human intervention analysis is a separate, but equally important, determination that the court must analyze before concluding that a device is or is not an ATDS.  With respect to the text-messaging line of cases, this has especially been the case, with numerous courts noting that, no matter whether the ATDS definition is or is not limited to devices that randomly or sequentially generate numbers, the numbers must also be dialed without human intervention.  What is interesting, though, is that the courts that have interpreted this line of cases have focused on different actions as being the key source of human intervention.

As we already discussed, the court in Duran noted that the key inflection point for determining whether human intervention exists is based off of the timing of the message and whether a human or the device itself gets to determine when the text message is sent out.  And in Jenkins v. mGage, LLC, the District Court for the Northern District of Georgia reached a similar conclusion, finding that the defendant’s use of a text messaging platform involved enough human intervention to bring the device outside of the ATDS definition because “direct human intervention [was] required to send each text message immediately or to select the time and date when, in the future, the text message will be sent.”  The District Court for the Middle District of Florida also employed this line of thinking in Gaza v. Auto Glass America, LLC, awarding summary judgment to the defendant because the text messaging system the company employed could not send messages randomly, but rather required a human agent to input the numbers to be contacted and designate the time at which the messages were to be sent.

In the case of Ramos v. Hopele of Fort Lauderdale, however, the District Court for the Southern District of Florida found a separate human action to be critical, focusing instead on the fact that “the program can only be used to send messages to specific identified numbers that have been inputted into the system by the customer.”  And another court in the Northern District of Illinois echoed this finding in Blow v. Bijora, Inc., determining that, because “every single phone number entered into the [text] messaging system was keyed via human involvement … [and because] the user must manually draft the message that the platform will sent” the text messaging platform did not meet the TCPA’s ATDS requirements.

Indeed, with the entire industry still awaiting a new ATDS definition from the FCC, there is still much confusion as to how the ATDS term will be interpreted and applied to both users of calling platforms and users of texting platforms.  Fortunately, though, there appears to be a trend developing for text message platforms, with multiple courts finding that human intervention is a crucial issue that can protect companies from TCPA liability.  Granted, these courts have not yet been able to agree on what human action actually removes the platform from the ATDS definition, and, as we’ve noted previously, even if human intervention remains the guiding standard, determining precisely what qualifies as sufficient intervention and when in the process of transmitting a message the relevant intervention must occur remains much more an art than a science.  However, the cases mentioned above are still useful in pointing marketers everywhere in the right direction and present guidelines for ensuring they send text messages in compliance with the TCPA.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
Read more news on the TCPA Litigation on the National Law Review Communication type of law page.

Wyoming Cements Position as Leading U.S. Jurisdiction for Blockchain with Sweeping New Legislation

In its most recent legislative sessions, Wyoming has undertaken substantial efforts to build on the momentum created by its 2018 enactment of legislation friendly to the blockchain and digital assets industries. In the months that followed that enactment, industry participants and legislators alike ascertained that further reforms and legislation were needed to cement Wyoming’s position as the leading jurisdiction in the sector. Through the public comment and legislative meeting protocols unique to Wyoming, eight blockchain-related bills made it to the floor of the legislature for a vote, all of which were passed and are now poised to become law.

Wyoming’s latest wave of blockchain legislation is, in sum, intended to facilitate the creation of blockchain ventures within the state and to further cement Wyoming’s status as the leading corporate jurisdiction in the United States for blockchain-related ventures.

HB 74- Special purpose depository institutions

In what is perhaps the most groundbreaking legislation among the bills passed, the Wyoming legislature recognized that blockchain businesses in general have difficulty opening and maintaining traditional banking relationships due to FDIC and OCC inclusion of blockchain ventures in the same buckets as firearms and cannabis. Wyoming now will permit corporate entities to charter “special purpose depository institutions,” which will perform all traditional bank functions except for lending. With the lending exclusion, these institutions will be under the primary supervision of the Wyoming Banking Commission and not the federal government. These banks will be required to maintain at least 100 percent of reserves against deposits as well as (a) $5 million of capital, (b) three years of operating expenses and (c) private insurance against theft, cybercrime and other wrongful acts.

SF 125- Digital assets (UCC & Custody)

Custody of digital assets has been a global challenge for investors and industry participants. Wyoming has addressed this concern by specifically authorizing banks (including special purpose ones under HB 74) to hold digital assets in custody under their charter trust powers and in accordance with Rule 206-4(2) of the Investment Advisers Act of 1940. In addition, Wyoming amended its provisions of the Uniform Commercial Code to facilitate the custody of these assets along with the means by which security interests may be perfected. Wyoming is now the only U.S. state with comprehensive UCC provisions to address digital assets, which makes it a favorable jurisdiction for those lending or securing funds through digital assets.

HB 57- Financial technology sandbox (includes reciprocity for overseas regulators)

Those entrepreneurs in the blockchain industry who may require special treatment or waivers of unclear regulation in Wyoming may now seek to avail themselves of a “regulatory sandbox” much akin to the one enacted in Arizona last year. Use of the “sandbox” will require applications to state agencies that may have interests in the requested waiver, including the Wyoming Banking Commission and the Wyoming Securities Commission. The “sandbox” will provide a two-year period of relief from legislation for those ventures, all of which must be domiciled and operating within Wyoming.

HB 62- Utility token amendments

Wyoming broke ground in 2018 with its widely reported utility token “exemption” for digital assets having a pure utility function and were not created for investment purposes or for trading on exchanges. Amendments to this legislation were made to further clarify the definition of “utility token” and define when parties may properly seek a token utility designation from Wyoming authorities.

HB 70- Commercial filing system

Wyoming has legislatively determined that records maintained by the Wyoming Secretary of State, including corporate formation records, are to be implemented on blockchain media. In combination with the Series LLC legislation enacted in Wyoming last year, this provision will provide the basis for the swift formation of corporate entities and other related corporate records through blockchain.

HB 185- Tokenized corporate stock

In recognition of the migration of the blockchain industry from “initial coin offerings” to “security tokens,” Wyoming enacted legislation authorizing and permitting the creation of digital assets that represent certificated shares of stock. A “certificate token” under this legislation has been defined as “a representation of shares” that is (a) entered into a blockchain or other secure, auditable database, (b) linked to or associated with the certificate token and (c) electronically transmittable to the issuing corporation, the person to whom the certificate token was issued and any transferee.

HB 113- Special electric utility agreements

Given that Wyoming utilities produce some of the cheapest and most abundant electricity in the United States, Wyoming has through HB 113 enabled those utilities to negotiate power rates with blockchain companies (including miners) and others without approval from Wyoming’s Public Utility Commission.

SF 28- Electronic bank records

This legislation enables banking institutions to issue securities and maintain corporate records on blockchain to an extent not permitted by other provisions of Wyoming law. In particular, this provision allows for the creation of non-voting shares of Wyoming banking institutions in tokenized form.

Summary

In short, Wyoming has further honed its regulatory ecosystem to become the most blockchain-friendly jurisdiction in the United States. While all legislation will be effective as of July 1, 2019, it should be noted that many blockchain industry participants are already undertaking significant efforts to take advantage of the opportunities this legislation presents. Blockchain companies in United States and abroad should carefully examine Wyoming’s new blockchain legislation with counsel to ascertain suitable business opportunities.

 

© 2019 Wilson Elser
This post was written by Robert V. Cornish Jr. of Wilson Elser.
Read more news about Blockchain on the National Law Review’s Finance Type of Law Page.

California AG Announces Amendment to the CCPA

On February 25, 2019, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced Senate Bill 561, legislation intended to strengthen and clarify the California Consumer Privacy Act (CCPA), which was enacted in June of 2018. If enacted, this would be the second amendment to the CCPA, following an earlier amendment in September of 2018 that Governor Jerry Brown signed into law Senate Bill 1121, which also clarified and strengthened the original version of the law.

As we reported previously, the CCPA will apply to any entity that does business in the State of California and satisfies one or more of the following: (i) annual gross revenue in excess of $25 million, (ii) alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices, or (iii) derives 50 percent or more of its annual revenues from selling consumers’ personal information. Under the CCPA, key consumer rights will include:

  • A consumer’s right to request deletion of personal information which would require the business to delete information upon receipt of a verified request;
  • A consumer’s right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and 3rd parties to which the information was sold or disclosed;
  • A consumer’s right to opt-out of the sale of personal information by a business and prohibiting the business from discriminating against the consumer for exercising this right, including a prohibition on charging the consumer who opts-out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.

SB 561’s amendments include:

  • Expands a consumer’s right to bring a private cause of action. Currently, the CCPA provides consumer a private right of action if their nonencrypted or nonredacted personal information is subject to an unauthorized access and exfiltration, theft, or disclosure because the covered business did not meet its duty to implement and maintain reasonable safeguards to protect that information. The amendment broadens this provision to grant consumers a private right of action if their rights under the CCPA are violated.
  • Removes language that allows businesses the opportunity to cure an alleged violation within 30-days after being notified of alleged noncompliance.
  • Removes language allowing a business or third party to seek the opinion of the Attorney General for guidance on how to comply with the law. Instead, the amendment specifies that the Attorney General may publish materials that provide businesses and others with general guidance on how to comply with the law.

With an effective date of January 1, 2020 (and regulations not yet proposed), it is expected that additional amendments will be negotiated, drafted, and published. Last month, the California Attorney General’s Office began the CCPA rulemaking process with a six-part series of public forums, allowing all interested persons the opportunity to provide their comments on the new law.

SB 561 comes just days after the AG Becerra together with Assemblymember Mark Levine announced Assembly Bill 1130 to strengthen California’s existing data breach notification law. No doubt, California is leading the way in U.S. data privacy and security law.

Jackson Lewis P.C. © 2019.

This post was written by  Joseph J. Lazzarotti   Jason C. Gavejian and Maya Atrakchi

One-Two Punch for NJ Employers: State Enacts Minimum Wage Rate Increases and Expands Paid Family Leave Insurance Benefits

New Jersey’s minimum wage rates will steadily climb to $15 per hour, and both the duration and amount of the state’s paid family leave insurance benefits will significantly increase, under two recently enacted laws.

New Minimum Wage Rates

On February 4, 2019, Governor Murphy signed a bill that substantially increases the state’s minimum wage rate for non-exempt hourly workers.

Prior to the bill’s enactment, the state’s minimum hourly wage, as of January 1, 2019, was $8.85. With a few exceptions for seasonal workers (who work between May 1 and September 30), employees employed by a “small business” with fewer than six employees, and agricultural laborers, the minimum hourly wage will rise to $15.00 by January 1, 2024, in accordance with the following schedule:

7/1/19 $10.00
1/1/20 11.00
1/1/21 12.00
1/1/22 13.00
1/1/23 14.00
1/1/24 15.00

For seasonal workers and employees of small businesses, the minimum hourly wage rate increases will be more gradual and will not reach the $15.00 rate until January 1, 2026, based on the following schedule:

1/1/20 $10.30
1/1/21 11.10
1/1/22 11.90
1/1/23 12.70
1/1/24 13.50
1/1/25 14.30
1/1/26 15.00

It will take an even longer period of time for farm laborers to reach a minimum hourly wage rate of $15, given the following schedule:

1/1/20 $10.30
1/1/22 10.90
1/1/23 11.70
1/1/24 12.50

Any further minimum rate increases for farm laborers would be tied to the Consumer Price Index for Urban Wage Earners and Clerical Workers (“CPI-W”).

New Jersey now joins three other states – California, New York and Massachusetts – as well as the District of Columbia in committing to minimum hourly wage rates that significantly exceed the current federal minimum hourly wage rate of $7.25.

Business groups in New Jersey have voiced two principal objections to the new minimum rates. First, the numbers threshold for meeting the “small employer” exception is relatively low – employers with six or more employees do not satisfy it. Second, the New Jersey statute, unlike the California and New York laws, makes no provision for suspending scheduled minimum hourly rate increases in the event of deteriorating economic conditions in the state.

Family Leave Enhancements

On February 19, 2019, Governor Murphy signed into law a bill that substantially expands the job-protected family leave requirements applicable to smaller employers under the New Jersey Family Leave Act (“FLA”), as well as expands the monetary benefits available under the paid family leave insurance (“FLI”) and temporary disability insurance (“TDI”) programs for employees employed in New Jersey.

Under the state’s leave and benefit programs (which must be coordinated with applicable federal requirements), an eligible employee may take time off from work and receive family insurance benefits during such leave to, among other things, care for a newborn child or a covered family member who is suffering from a serious health condition.

Effective immediately,

  • There no longer is a one-week waiting period before FLI benefits may be received.

  • Covered family members under the new law now include siblings, grandparents, grandchildren, and parents-in-law, as well as others related to the employee by blood or who have a “close association with the employee” which is equivalent to a family relationship (though evidence of same must be provided by the employee).

  • FLI benefits may also be taken by a covered employee while taking time off from work pursuant to the NJ Security and Financial Empowerment Act (“SAFE Act”), to assist a covered family member who is a victim of domestic or sexual violence.

  • An employer may not retaliate against an employee with respect to compensation, terms, conditions or privileges of employment because the employee took or requested any TDI or FLI benefits.

Effective June 30, 2019, NJ businesses employing at least 30 employees will be covered by the FLA and may not retaliate against employees returning from family leave by refusing to reinstate them, down from a 50 employee threshold.

Commencing July 1, 2020, the maximum duration of FLI leave benefits will increase from 6 to 12 weeks during any 12-month period; in cases of intermittent leave, the maximum FLI leave will increase from 42 days to 56 days. Further, the dollar amount of weekly FLI benefits will increase from two-thirds of a claimant’s average weekly wage to 85% of an employee’s average weekly wage, capped at $859 per week.

Although FLI benefits are funded entirely by employee contributions, NJ-based businesses have raised concerns that the broader eligibility for FLI leave, and the longer duration of such leaves, will increase business costs due to the need to pay more overtime wages to assure adequate staff coverage, or employ more temporary replacement workers, while eligible employees are out on leave. These increases may also lead to greater work load demands placed on regular employees who must cover while co-workers are out on such leave.

Employer Tips

NJ employers should assure that the wage rates they pay their employees meet the new NJ minimum wage rate thresholds.

Further, NJ employers should review and update their family leave policies to ensure that they comply with the requirements of the new law, which is complicated and substantially amends multiple existing laws.

 

© Copyright 2019 Sills Cummis & Gross P.C.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by