Celebrating the Promise of Mental Health Parity and the Path Forward

This October 3rd marked the 10-year anniversary of the passage of the Mental Health Parity and Addiction Equity Act (MHPAEA). Thinking back to 2008, there had already been several failed attempts to pass a more substantive parity bill. New rounds of negotiations began and were difficult. Substance use disorders (SUD) were still considered a step-child to mental health and labeled a human failing rather than a treatable disease with disabling consequences. If these conditions were not recognized and addressed, it would become a national crisis. However, value change is hard to legislate.

MHPAEA was intended to be more than insurance reform, it was intended to be civil rights legislation that brought mental health (and, for the first time SUD) to a level playing field with physical health. It was a long road to passage because it required a change in health care philosophy and value related to mental health and SUD— not just a change in coverage and payment protocols.

Now, 10 years later, the question is whether the law has changed the playing field to ensure greater access to care and more equitable financial parameters. Close to 100 million people now have parity protections and lives have been saved. Through enforcement of the law more restrictive financial requirements have been removed for patients, additional coverage has been added to insurance plans for mental health/SUD, and overly stringent precertification requirements have been eliminated.

Although the passage of this legislation created a pathway for change, there are still challenges to address.  Discrimination related to SUD remains a challenge, as evidenced by the exclusion of ADA protections for those with SUD.  Advocates continue to call for more transparency, established certifications, expanded provider network capacity, and more guidance on non-quantitative treatment limitations.  The ongoing silos in which mental health/SUD and physical health conditions are treated as separate benefits with their own eligibility, fee schedules for services, credentialing, and poor provider network adequacy continue as areas to be addressed.

A couple of examples in which mental health/SUD services are treated differently: Providers have not been eligible for incentive payments to move to electronic medical records; payers have struggled in designing alternative payment models and value-based payments for providers that move beyond simple process measures;  payment restriction on same-day care are problematic in integrated settings where a person may be seen by both a mental health professional and a non-psychiatric physician; and physicians (non-psychiatrists) providing services in a specialty clinic creates credentialing and payment challenges.

New bipartisan legislation enacted to address the opioid crisis will be an important step to improving access to and the quality of substance use treatment, particularly in the Medicaid and Medicare programs — but doesn’t address the health system transformation that is needed to promote sustainable recovery. That is the challenge we face.

Hopefully our path forward will continue address these issues of implementation, so we approach the day when those living with mental health and substance use disorders will be seen as having a condition or disease that deserves prevention strategies, supports and treatment services, and civil rights protections similar to all other medical conditions.

 

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.
ARTICLE BY: Health Law Practice

The New Jersey Supreme Court’s Latest Decision Affecting Pharmaceutical Multicounty Litigation

On October 3, 2018, the New Jersey Supreme Court made its long-awaited decision in the Accutane Multicounty Litigation. Developed by the New Jersey-based pharmaceutical giant Hoffman-La Roche, Accutane is a prescription acne treatment that has been found to be linked to inflammatory bowel disease.

Numerous plaintiffs filed lawsuits in New Jersey, essentially claiming that, based upon the drug maker’s own internal documents, Accutane’s warnings should have been stronger in stating that Accutane has been found to directly cause inflammatory bowel disease. A Multicounty Litigation was formed, which encompassed 532 plaintiffs – of which 18 were New Jersey residents, and 514 were residents of 44 different jurisdictions other than New Jersey.

In 2015, the trial court basically ruled that NJ’s Product Liability Act governed all of the cases in the Multicounty Litigation. Unlike the law in most other states, New Jersey’s Product Liability Act contains a rebuttable presumption that basically holds that a drug maker’s warning is adequate if it was approved by the United States Food and Drug Administration. The presumption can only be overcome if the plaintiffs show deliberate nondisclosure to the Food and Drug Administration, economically driven manipulation of the regulatory process, or clear and convincing evidence that the drug maker knew or should have known of the inadequacy of the warnings in light of the relevant federal regulations. Having found that the presumption applies to all of the cases, the trial court then held that the plaintiffs could not overcome the presumption and dismissed the cases.

That decision was appealed and the Appellate Division found that New Jersey’s Product Liability Act did not govern all of the cases, and that each case was governed by the respective laws of the jurisdictions where the plaintiff used Accutane. The Appellate Division analyzed the many different legal standards and found that the cases from the vast majority of the jurisdictions involved (including New Jersey), should not be summarily dismissed based on the federal approval presumption.

The matter was then taken up by the Supreme Court, which held that New Jersey has an interest in consistent, fair, and reliable outcomes in its consolidated Multicounty Litigation cases that cannot be achieved by applying a “diverse quilt of laws.” Having found that all of cases in the Multicounty Litigation were governed by New Jersey’s Product Liability Act, the Supreme Court went on to hold that the plaintiffs had not overcome Act’s rebuttable presumption and that the drug maker’s approved warnings were adequate as a matter of law. Accordingly, the Supreme Court dismissed all 532 cases.

The ramifications of the Supreme Court’s holding are still unclear. A recent, palpable lull in New Jersey Multicounty Litigation applications and filings was followed by changes on the bench through judicial retirements and promotions. Thereafter, there was a relative flurry of designations of Multicounty Litigations for Abilify, Taxotere, Zostavax and Physiomesh, all in the late spring and summer of 2018. No doubt, this Supreme Court ruling will serve to shape the procedural structure and legal strategy of the parties in all pending and contemplated pharmaceutical Multicounty Litigations in New Jersey.

 

COPYRIGHT © 2018, Stark & Stark.

The Importance of Information Security Plans

In the first installation of our weekly series during National Cybersecurity Awareness Month, we examine information security plans (ISP) as part of an overall cybersecurity strategy.  Regardless of the size or function of an organization, having an ISP is a critical planning and risk management tool and, depending on the business, it may be required by law.  An ISP details the categories of data collected, the ways that data is processed or used, and the measures in place to protect it.  An ISP should address different categories of data maintained by the organization, including employee data and customer data as well as sensitive business information like trade secrets.

Having an ISP is beneficial for many reasons but there are two primary benefits.  First, once an organization identifies the data it owns and processes, it can more effectively assess risks and protect the data.  Second, in the event of a cyber attack or breach, an organization’s thorough understanding of the types of data it holds and the location of that data will expedite response efforts and reduce financial and reputational damage.

While it is a tedious task to determine the data that an organization collects and create a data inventory from that information, it is well worth the effort.  Once an organization assembles a data inventory, it can assess whether it needs all the data it collects before it invests time, effort and money into protecting it.  From a risk management perspective, it is always best to collect the least amount of information necessary to carry out business functions.  By eliminating unnecessary data, there is less information to protect and, therefore, less information at risk in the event of a cyber attack or breach.

Some state, federal and international laws require an ISP (or something like it).  For example, in Massachusetts, all businesses (regardless of location) that collect personal information of Massachusetts residents, which includes an organization’s own employees, “shall develop, implement, and maintain a comprehensive information security program that is written . . . and contains administrative, technical, and physical safeguards” based on the size, operations and sophistication of the organization.  The MA Office of Consumer Affairs and Business Regulation created a guide for small businesses to assist with compliance.

In Connecticut, while there is no requirement for an ISP, unless you contract with the state or are a health insurer, the state data breach law pertaining to electronically stored information offers a presumption of compliance when there is a breach if the organization timely notifies and reports under the statute and follows its own ISP.  Practically speaking, this means that the state Attorney General’s office is far less likely to launch an investigation into the breach.

On the federal level, by way of example, the Gramm Leach Bliley Act (GLBA) requires financial institutions to have an ISP and the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to perform a risk analysis, which includes an assessment of the types of data collected and how that data is maintained and protected.  Internationally, the EU General Data Privacy Regulation (GDPR), which took effect on May 25, 2018 and applies to many US-based organizations, requires a “record of processing activities.”  While this requirement is more extensive than the ISP requirements noted above, the concept is similar.

Here is a strategy for creating an ISP for your organization:

  1. Identify the departments that collect, store or process data.
  2. Ask each department to identify: (a) the categories of data they collect (e.g., business data and personal data such as name, email address, date of birth, social security number, credit card or financial account number, government ID number, etc.); (b) how and why they collect it; (c) how they use the data; (d) where it is stored; (e) format of the data (paper or electronic); and (f) who has access to it.
  3. Examine the above information and determine whether it needs to continue to be collected or maintained.
  4. Perform a security assessment, including physical and technological safeguards that are in place to protect the data.
  5. Devise additional measures, as necessary, to protect the information identified.  Such measures may include limiting electronic access to certain employees, file encryption, IT security solutions to protect the information from outside intruders or locked file cabinets for paper documents.  Training should always be an identified measure for protecting information and we will explore that topic thoroughly later this month.
© Copyright 2018 Murtha Cullina

“Hey Alexa – Tell Me About Your Security Measures”

California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”).  Governor Brown recently signed into law two nearly identical bills, Assembly Bill No. 1906 and Senate Bill No. 327 (the “Legislation”) each of which required the signing of the other to become law, on September 28th, 2018.   Thus, California becomes the first country in the nation to regulate “connected devices” – the Internet of Things (IoT). The Legislation will go into effect January 2020.

  1. CA IoT Bills Apply to Manufacturers of Connected Devices

This Legislation applies to manufacturers of connected devices sold or offered for sale in California.  A connected device is defined as any device with an Internet Protocol (IP) or Bluetooth address, and capable of connecting directly or indirectly to the Internet.  Beyond examples such as cell phones and laptops, numerous household devices, from appliances such as refrigerators and washing machines, televisions, and children’s toys, could all meet the definition of connected device.

  1. What Must Manufacturers of Connected Devices Must Do

Manufacturers equip the connected device with reasonable security feature(s) that are “appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, [and] designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”

The Legislation provide some guidance as to what will be considered a reasonable security measure.  Devices that provide authentication with either a programmed password unique to the manufactured device, or provide a security feature that forces the user to generate a new means of authentication before access is granted will be deemed to have implemented a reasonable security feature.  The use of a generic, default password will not suffice.

Other than following this guidance, the Legislation does not provide specific methods of providing for reasonable security features.

  1. What Is Not Covered

a. Unaffiliated Third Party Software:  Many connected devices use multiple pieces of software to function.  The Legislation specifically states that “This title shall not be construed to impose any duty upon the manufacturer of a connected device related to unaffiliated third-party software or applications that a user chooses to add to a connected device.”

b. Companies That Provide Mechanisms To Sell Or Distribute Software: Application store owners, and others that provide a means of purchasing or downloading software or applications are not required to enforce compliance.

c. Devices or Functionality Already Regulated by Federal Authority: Connected Devices whose functionality is already covered by federal law, regulations or guidance of a federal agency need not comply.

d. Manufacturers Are Not Required To Lock Down Devices: Manufacturers are not required to prevent users from gaining full control of the device, including being able to load their own software at their own discretion.

  1. No Private Right of Action

No private right of action is provided, instead the “Attorney General, a city attorney, a county counsel, or a district attorney shall have the exclusive authority to enforce this title.”

  1. Not Limited To Personal Information

Previously, other California legislation had required data security measures be implemented.  For example, California’s overarching data security law (Cal. Civ. Code § 1798.71.5), requires reasonable data security measures to protect certain types of personal information.  This current approach is not tied to personal information, but rather applies to any connected device that meets the definition provided.

  1. Likely Consequences After The Legislation Comes Into Effect in January 2020

a. Impact Will Be National: Most all manufacturers will want to sell their devices in California  As such they will need to comply with this California Legislation, as unless they somehow segment which devices are offered for sale in the California market, they will have to effectively comply nationally.

b. While Physical Device Manufacturers Bear Initial Burden, Software Companies Will Be Affected: The Legislation applies to “any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”  While this puts the burden foremost on physical device manufacturers, software companies that provide software to device manufacturers for inclusion on the device before the device is offered for sale will need to support compliance with the Legislation.

c. Merger And Acquisition Events Will Serve As Private Enforcement Mechanisms: While there may not be a private right of action provided, whenever entities or portions of entities that are subject to the Legislation are bought and sold, the buyer will want to ensure compliance by the seller with the Legislation or otherwise ensure that the seller bears the risk or has compensated the buyer.  Effectively, this will mean that companies that want to be acquired will need to come into compliance or face a reduced sales price or a similar mechanism of risk shifting.

 

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

New Wave of Employment Bills Signed into Law by California Governor

On Sunday, September 30, 2018, Governor Jerry Brown signed into law a number of bills that will have a significant impact on litigation and legal counseling in the employment context. Many of the new laws are a response to the traction gained by the “me-too” movement and are summarized herein.

NEW LAWS

AB 3109 – Banning Waiver of Rights to Testify

This new law nullifies any term in a contract or settlement agreement that waives a party’s right to testify in an administrative, legislative or judicial proceeding concerning alleged criminal conduct or sexual harassment. This would apply where the party has been required or requested to attend a proceeding pursuant to a court order, subpoena, or written request from an administrative agency or the legislature.

SB 820 – Settlement Agreements: Confidentiality

The passage of SB 820 prohibits and makes void any provision that prevents the disclosure of information related to civil or administrative complaints of sexual assault, sexual harassment, and workplace harassment or discrimination based on sex. SB 820 authorizes settlement agreement provisions that (1) preclude the disclosure of the amount paid in settlement, and (2) protect the claimant’s identity and any fact that could reveal the identity, so long as the claimant has requested anonymity and the opposing party is not a government agency or public official. SB 820 only impacts settlement agreements entered into after January 1, 2019.

SB 1300 – Unlawful Employment Practices: Discrimination and Harassment

SB 1300 makes it unlawful “for an employer, in exchange for a raise or bonus, or as a condition of employment or continued employment” to “require an employee to sign a release of claim or right.”

The bill also prohibits non-disparagements or other agreements that would “deny the employee the right to disclose information about unlawful acts in the workplace, including, but not limited to, sexual harassment.”

Notably, under this bill, these restrictions would not apply to “a negotiated settlement agreement to resolve an underlying claim . . . that has been filed by an employee in court, before an administrative agency, alternative dispute resolution forum, or through an employer’s internal complaint process,” so long as such agreement is voluntary and involves valuable consideration.

The bill also provides that a prevailing defendant is prohibited from being awarded fees and costs unless the court finds the action was frivolous, unreasonable, or groundless when brought or that the plaintiff continued to litigate after it clearly became so.

Significantly, this new law also expressly affirms or rejects specified judicial decisions, with the impact of making it increasingly difficult for employers to defeat harassment claims on summary judgment. The new law addresses the following judicial decisions:

  • Harris v. Forklift Systems, 510 U.S. 17 (1993): The Legislature affirms of the holding in Harris, which found that in a workplace harassment suit “the plaintiff need not prove that his or her tangible productivity has declined as a result of the harassment. It suffices to prove that a reasonable person subjected to the discriminatory conduct would find, as the plaintiff did, that the harassment so altered working conditions as to make it more difficult to do the job.”

  • Brooks v. City of San Mateo, 229 F.3d 917 (2000): The Legislature prohibits reliance on this opinion to determine what conduct is sufficiently severe or pervasive to constitute actionable harassment under the FEHA.

  • Reid v. Google, Inc., 50 Cal.4th 512 (2010): The Legislature affirmed reliance on the “stray remarks” standard articulated in Reid. Specifically, the California Supreme Court held that the existence of a hostile work environment depends upon the totality of the circumstances and a discriminatory remark, even if not made directly in the context of an employment decision or uttered by a nondecisionmaker, may be relevant, circumstantial evidence of discrimination.

  • Kelley v. Conco Cos., 196 Cal.App.4th 191 (2011): The Legislature explained that the legal standard for sexual harassment should not vary by type of workplace. Further, the Legislature found that it is irrelevant that an occupation may have been characterized by a greater frequency of sexually related commentary or conduct in the past. In determining whether or not a hostile environment existed, the Legislature holds that courts should only consider the nature of the workplace when engaging in or witnessing prurient conduct and commentary is integral to the performance of the job duties.  To that end, the Legislature prohibits reliance on any language in Kelley, which conflicts with these principles.

  • Nazir v. United Airlines, Inc., 178 Cal.App.4th 243 (2009): The Legislature affirmed the decision in Nazir, which observed that hostile working environment cases involve issues “not determinable on paper.” Specifically, SB 1300 states that “Harassment cases are rarely appropriate for disposition on summary judgment.”

SB 1412 – Applicants for Employment: Criminal History

Under existing law, employers, whether a public agency or private individual or corporation, are prohibited from (1) asking an applicant for employment to disclose, (2) seeking from any source, or (3) utilizing as a factor in determining employment, information concerning an applicant’s participation in a pretrial or posttrial diversion program or concerning a conviction that has been judicially dismissed or ordered sealed. It is a crime to intentionally violate these provisions. However, under existing laws, employers are not prohibited from asking an applicant about a criminal conviction or performing a background check regarding a criminal conviction to be considered in determining any condition of employment, so long as (1) the employer is required to obtain information regarding a conviction of an applicant, (2) the applicant would be required to possess or use a firearm in the course of his or her employment, (3) an individual who has been convicted of a crime is prohibited by law from holding the position sought, regardless of whether the conviction has been expunged, judicially ordered sealed, statutorily eradicated, or judicially dismissed following probation, or (4) the employer is prohibited by law from hiring an applicant who has been convicted of a crime.

Under the new law, employers can conduct background checks for employees under certain narrow exceptions. Specifically, under the new law, an employer, whether a public agency or private individual or corporation, cannot seek information regarding an applicant’s arrest or detention that did not result in conviction or occurred while the applicant was subject to the jurisdiction of the juvenile court. Nor can an employer seek information concerning a referral to, and participation in, any pretrial or posttrial diversion program, or concerning a conviction that has been judicially dismissed or ordered sealed pursuant to law. An employer may not consider such information when determining any condition of employment. However, under the new law, an employer may conduct a background check under narrow circumstances where: (1) the employer is a health facility as defined under Section 1250 of the Health and Safety Code; (2) an applicant’s juvenile arrest or detention resulted in a felony or misdemeanor conviction that occurred within five years preceding the application for employment; (3) the employer is required to obtain information regarding a conviction of an applicant; (4) the applicant would be required to possess or use a firearm in the course of his or her employment; (5) an individual who has been convicted of a crime is prohibited by law from holding the position sought, regardless of whether the conviction has been expunged, judicially ordered sealed, statutorily eradicated, or judicially dismissed following probation; or (6) the employer is prohibited by law from hiring an applicant who has been convicted of a crime.

AB 1976 – Lactation Accommodation

Existing law requires employers to provide a reasonable amount of break time to accommodate employees who are breastfeeding and requires an employer to make reasonable efforts to provide the employee with the use of a room or other location, other than a toilet stall, in close proximity to the employee’s work area, for the employee to breastfeed privately.

This new law clarifies what it means to make reasonable efforts to provide the employee with the use of a room or other location, other than a bathroom, in close proximity to the employee’s work area, for the employee to breastfeed privately. An employer is deemed to have complied with the law if it makes a temporary lactation location available to an employee, so long as: (1) the employer is unable to provide a permanent lactation location because of operational, financial, or space limitations; (2) the temporary lactation location is private and free from intrusion while an employee expresses milk; (3) the temporary lactation location is used only for lactation purposes while an employee expresses milk; (4) the temporary lactation location otherwise meets the requirements of state law concerning lactation accommodation. If the employer can demonstrate to the Department of Industrial Relations that this requirement would impose an undue hardship, the new law requires the employer to make reasonable efforts to provide a room or location for expressing milk that is not a toilet stall.

SB 1343 – Employers: Sexual Harassment Training Requirements

The new law requires employers with five or more employees, including temporary or seasonable employees, to provide at least 2 hours of sexual harassment training to all supervisors and at least one hour of sexual harassment training to all nonsupervisory employees by January 1, 2020, and one every 2 years thereafter.

AB 2079 – Janitorial Workers: Sexual Violence and Harassment Prevention Training

Introduced as the bill to empower janitors to prevent rape on the night shift, this new law bolsters existing sexual harassment and violence prevention training and prevention measures. The new law establishes the following requirements:

  • Effective January 1, 2020, all employers applying for new or renewed registration must demonstrate completion of sexual harassment violence prevention requirements and provide an attestation to the Labor Commissioner.

  • The Department of Industrial Relations (“DIR”) must convene an advisory committee by July 1, 2019 to develop requirements for qualified organizations and peer-trainers for employers to use in providing training. The DIR must maintain a list of qualified organizations and qualified peer-trainers.

  • Employers, upon request, must provide an employee a copy of all training materials.

AB 2079 would also prohibit the Labor Commissioner from approving a janitorial service employer’s request for registration or for renewal if the employer has not fully satisfied a final judgment to a current or former employee for a violation of the FEHA.

AB 3082 – Training for In-Home Supportive Services

The new law requires the In-Home Supportive Services (“IHSS”) program, administered by the State Department of Social Services and counties, to develop or otherwise identify standard educational material about sexual harassment and the prevention thereof to be made available to IHSS providers and recipients and a proposed method for uniform data collection to identify the prevalence of sexual harassment in the IHSS program. The bill requires the IHSS, on or before September 30, 2019, to provide a copy of the educational material and a description of the proposed method for uniform data collection to the relevant budget and policy committees of the Legislature.

AB 2338 – Talent Agencies: Education and Training

The law requires a talent agency to provide educational materials on sexual harassment prevention, retaliation, and reporting resources and nutrition and eating disorders to its artists. This law would require those educational materials to be in a language the artist understands, and would require the licensee, as part of the application for license renewal, to confirm with the commissioner that it has and will continue to provide the relevant educational materials.

Further, the new law requires that, prior to the issuance of a permit to employ a minor in the entertainment industry, that an age-eligible minor and the minor’s parent or legal guardian receive and complete training in sexual harassment prevention, retaliation, and reporting resources. The bill would further require a talent agency to request and retain a copy of the minor’s entertainment work permit prior to representing or sending a minor artist on an audition, meeting, or interview for engagement of the minor’s services.

To the extent these laws are violated, the commissioner is authorized to assess civil penalties of $100 for each violation, as prescribed.

SB 224 – Person Rights: Civil Liability and Enforcement

The new law provides additional examples of professional relationships where liability for claims of sexual harassment may arise.

VETOED BILLS

Several bills, which Governor Brown vetoed, are also notable because of the major impact they would have had on the employment context, had they been signed into law.

AB 1870 – Employment Discrimination: Limitation of Actions

Currently, under the existing laws, individuals have one year to file an administrative complaint with the Department of Fair Employment and Housing to enforce a FEHA claim. AB 1870 would have amended this deadline, extending it to three years to file a FEHA complaint from the date of the unlawful conduct. The bill would also add a 90-day extension to the filing deadline, which would apply if the aggrieved individual “first obtained knowledge of the facts of the alleged unlawful practice during the 90 days following the expiration of the applicable filing deadline.”

By vetoing this bill, the Governor has curbed the potential for frivolous FEHA lawsuits and the risk of lawsuits where memories of the circumstances giving rise to the claims have faded.

AB 3080 – Employment Discrimination: Enforcement

Governor Brown vetoed AB 3080, which would have prohibited employers from entering into arbitration agreements with employees. The passage of this bill would have directly conflicted with the U.S. Supreme Court’s May 2018 ruling in Epic Systems Corp., v. Lewis, 148 S. Ct. 1612 (2018), which affirmed employment arbitration agreements and class action waivers.

AB 3080 included four key provisions, including: (1) prohibiting arbitration agreements for wage and hour claims and discrimination, harassment and retaliation claims under the Fair Employment and Housing Act; (2) prohibiting employers from taking any employment action against employees who refuse to enter into arbitration agreements; (3) barring confidential agreements regarding harassment (possibly in the context of a settlement as well although the proposed text was not clear as to the scope of the prohibition); and (4) opening the possibility for individual liability for anyone that violates the provisions of the bill.

AB 3081 – Employment: Sexual Harassment

Governor Brown vetoed AB 3081, which broadly attempted to address workplace harassment by issuing three major prohibitions:

  • First, employers and labor contractors would be jointly liable for all civil liability for sexual harassment, including harassment on the basis of pregnancy, childbirth or related conditions. They would be forbidden from retaliating against employees who file claims.

  • Second, AB 3081 would have amended the California Labor Code to prohibit employers from discriminating or retaliating against an employee because of his/her status as a victim of sexual harassment.

  • Third, the bill would create a rebuttable presumption of unlawful retaliation if an employer “discharges, threatens to discharge, demotes, suspends, or in any manner discriminates against” an employee within 30 days after the employer has acquired actual knowledge of the employee’s status as a sexual harassment victim.

The fact that Governor Brown vetoed this bill is not particularly surprising given that he has expressed reluctance to expand concepts of joint liability in the past. However, this decision is still notable given the momentum of the #me-too movement.

TAKEAWAYS

California employers should consider these new laws when negotiating settlement agreements and engaging in litigation.  These laws serve as reminder of how important it is for all employers to review and revise where necessary their anti-harassment, discrimination, and retaliation policies on a more frequent and consistent basis. Importantly, employers may continue using arbitration agreements with class action waivers.

 

Copyright © 2018, Sheppard Mullin Richter & Hampton LLP.

Founder’s Stock – a Legal Fiction

In common usage, a founder is an individual who creates or helps create a company, but in legal terms, there is no such thing as a “founder” or “founder’s stock,” only early participants in a company’s organization and ownership of its initial equity capital. Why is this so? Because, for all practical purposes (from a startup’s point of view), there are two types of stock – common stock and preferred stock – and “founders” are just the initial holders of the company’s common stock, usually before any financing, in-licensing, or contribution of assets. It should be noted that common stock and preferred stock can be divided further into subclasses or series (e.g., Class A common stock, or Series B preferred stock) that further differentiate the rights and privileges of the holders, and additional side agreements can be put into place to further restrict or grant rights to a particular holder of equity, but those topics are beyond the scope of this post.

As background, to create a corporation an individual (the incorporator) needs to file a certificate of incorporation with the Secretary of State of the state of organization (e.g., Massachusetts, Delaware, California, New York). Immediately thereafter, the incorporator will execute an organizational action where they will appoint the initial director(s) of the corporation and resign from their position as the incorporator. The director(s) will then have an organizational meeting where the director(s), among other things, will adopt by-laws, appoint officers, and issue stock to the initial stockholders, typically common stock. The price of that stock initially issued is very low and is normally equal to the par value per share (e.g., $0.0001/share) because the company has just been created and does not have any real value at this point in time.  This initial equity is what is referred to as “founder’s stock”.  And founder’s stock can be issued outright or can be subject to a vesting schedule with unvested shares forfeited back to the company in certain circumstances, usually related to termination of employment.

Why does any of this matter? From an organizational standpoint, it doesn’t matter – up until the point that the company contemplates issuing stock to employees, investors, or other individuals or acquiring or licensing assets.  Often the early employees and individuals will either (i) want to receive common stock at the same price that the founder(s) paid or (ii) want to ensure their interests are protected. For more information on the latter, please read A Balanced Approach to Founder’s Equity.

If an individual wants to receive common stock at the same price paid by the founder(s) and the individual is a service provider, the individual will be deemed to have received compensation equal to the difference between the (i) fair market value of the stock received and (ii) the amount paid by the recipient; this amount can become significant depending on the then current value of the company. Note, the founders did not have to deal with this “compensation” issue because when the founders purchased their shares of the company at the organizational meeting, the fair market value of the company’s shares at such time was almost nothing (as the company had yet to conduct any business). To avoid this recognition of income, service providers will typically accept options with a purchase price per share equal to the current fair market value. Options provide the service provider with the ability to receive equity in the future without the initial upfront cost of the equity and the income tax issue does not present itself here because the exercise price of the option equals the current exercise price of the share. It should be noted that options do not provide the option holder with any rights as a stockholder. There are advantages and disadvantages of owning options in comparison to stock, and a discussion of those issues is beyond the scope of this post.  But it’s also worth noting that, if six months or so after the issuance of founder’s stock there have been no activities that have created value (financing, assets, activities, etc.), it may be possible to still fairly conclude that the company is still nearly worthless, and thus still have an opportunity to issue “founder’s stock” to a new key member joining the team.  You should consult your attorney when such matters arise.

 

©1994-2018 Mintz. All Rights Reserved.
This post was written by Michael Bill of Mintz.

Employment-Based Petitions Exempt (at Least for Now) Under New NTA Policy

Beginning October 1, 2018, U.S. Citizenship and Immigration Service (USCIS) will begin a staggered rollout of a new notice to appear (NTA) policy. The first phase of the rollout does not include employment-based petitions.

The NTA policy authorizes immigration officers to issue NTAs and thus initiate the first step in removal (deportation) proceedings for those deemed to be removable from the United States after the denial of an immigration benefit. USCIS deployed the NTA policy in July 2018 but then later put it on hold while it developed additional guidance for the policy’s application.

In a recent announcement and during a September 27, 2018, stakeholder teleconference, USCIS offered additional details about the policy’s implementation and highlighted the following information:

  • The initial focus is on applications (as opposed to petitions) and the policy affects adjustments of status (Form I-485), applications for naturalization (Form N-400), and applications to extend or change nonimmigrant status (Form I-539), among others.
  • Employment-based petitions (including those based on Forms I-129 and I-140) are not included in the initial rollout, nor are humanitarian applications and petitions.
  • Generally speaking, USCIS will not immediately issue an NTA upon the denial of an immigration benefit. It will wait for the expiration of the motion or appeal period before issuing an NTA—though it is worth noting that USCIS reserves the right to issue an NTA at any point during the adjudication period, where appropriate.
  • The NTA policy does not affect motions to reconsider or reopen, or appeals. If USCIS ultimately approves an application after an NTA has been issued, it will coordinate with U.S. Immigration and Customs Enforcement (ICE) to make sure that ICE is aware of the favorable outcome. USCIS cannot cancel or withdraw an NTA that it has issued.
  • The NTA policy does not include initial requests for deferred action for arrivals (DACA), renewals, or requests for DACA-related benefits.
  • USCIS may, in its discretion, issue an NTA at the request of a removable foreign national so that he or she may seek lawful status or other relief during removal proceedings.
  • As USCIS begins implementing the NTA policy, it will create a public-facing web page that will provide additional guidance on the policy and examples of scenarios that may trigger the issuance of NTAs.

USCIS has not provided a timeline for any additional implementation measures.

 

© 2018, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
Read more on Immigration on the National Law Review’s Immigration Type of law page.

Apple Imposes Privacy Policy Requirement for All Apps Operating on its Platform

As Apple recently reminded developers, starting on October 3, 2018 it will require all apps being submitted for distribution through its app store, or for testing by its TestFlight service, to have a publicly posted privacy policy. This requirement was incorporated into Apple’s App Store Review Guidelines and will apply to all new apps, as well as all updated versions of existing apps. Previously only those apps that collected user information had to have a privacy policy.

Apple’s previous requirements were consistent with a 2012 Joint Statement of Principles agreement that Apple and other app store platforms made with the California Attorney General. In that statement, the platforms agreed to require apps that collect information to conspicuously post a privacy policy telling consumers how their personal data was being collected, used, and shared. To encourage transparency of apps’ privacy practices, the platforms also agreed to allow app developers to link to their privacy policy directly from the store. Finally, the platforms agreed to create ways for consumers to notify them if an app was not living up to its policies, and to respond to such complaints.

The new Guidelines build on the principles established in 2012 and expand the privacy policy requirement to all apps, even utility apps that do not collect user information and apps still in the testing phase. Per the Guidelines, the policy will need to be included in the App Store Connect metadata field and as a link in the app itself. Without the policy, the app will not be reviewed and will not be made available on Apple’s platform.

Under the new Guidelines, an app’s privacy policy must still have a description of what data the app collects, how that data is collected, and how it is used. The policy must also notify users how long the app developer will keep the information it collects and how it will be deleted. The Guidelines also require the policy to inform users how they can revoke their consent (if applicable) for data collection and how to make a request to have their data be deleted. Finally, the policy will have to confirm that the app will follow Apple’s guidelines about sharing information with third parties, and that any third party that the information is sent to will be held to Apple’s data security guidelines. If the app’s privacy policy sets higher standards for data protection than Apple’s guidelines, the third party will have to also meet that benchmark.

Putting it Into Practice: This announcement is a reminder for companies to look at how they are sharing privacy practices with consumers across a variety of platforms, including mobile apps.

 

Copyright © 2018, Sheppard Mullin Richter & Hampton LLP.

Trump Administration Moves to Address Cybersecurity Concerns, Congress Funds Cyber Programs

On September 21, 2018, the Trump Administration released a National Cybersecurity Strategy (“Strategy”), to define its national cybersecurity policy and implement efforts to streamline responsibilities for mitigation and responses to cybersecurity events across federal agencies.  This Strategy also addresses working with the private sector to protect assets, train the workforce and mitigate any future cyber-attacks. 

The National Cybersecurity Strategy, a statement of Administration policy rather than a Presidential directive, builds on prior efforts by the Obama Administration to develop a comprehensive and coherent nationwide strategy to promote cybersecurity across multiple levels of government and among myriad industries.  While other agencies—notably the Departments of Defense and Homeland Security—have issued more narrowly-tailored plans and policies, this is the first major cybersecurity document to apply to the entire federal government.   The Strategy provides an important glimpse into the current Administration’s plan to address the ever-increasing cyber threats to national security imposed by malicious nation-state, non-state, and independent actors.

Specifically, the Strategy identifies four major areas of focus that may be of interest to stakeholders:

  • Supply Chain Risk Management.  Through this Strategy, the Administration directs federal agencies to integrate supply chain risk management practices into agency procurement and traditional risk management processes, including the creation of a supply chain risk assessment shared service to reduce duplicative supply chain activities across federal agencies.  The Strategy also mandates federal investment in more secure supply chain technologies. There are several bills pending before the Congress that would mandate requirements for supply chain risk management for federal agencies into law, including S. 3085, the “Federal Acquisition Supply Chain Security Act of 2018”.   This bill was reported favorably by the Senate Homeland Security and Governmental Affairs Committee on September 26th.  (More information on S. 3085 is available here.)
  • Strengthening Information Sharing Efforts.  The Strategy commits to strengthen information sharing efforts in order to protect critical infrastructure assets and allow information and communications technology (ICT) providers to respond to malicious cyber activity in a more timely and effective manner.  These actions include sharing threat and vulnerability information with cleared ICT operators, declassifying information as much as possible, and promoting an adaptable, sustainable and secure technology supply chain.
  • Building a Robust Cybersecurity Workforce.  The Strategy outlines actions the Administration will take to recruit and maintain a highly skilled cybersecurity workforce through the expansion of Federal recruitment and training efforts, while also re-skilling employees into cybersecurity careers.  It also will explore the capability of maintaining distributed cybersecurity personnel at the Department of Homeland Security that can be deployed across Federal agencies. There are several bills pending before the Congress that would create an employee rotation for government workers focused on cybersecurity.  Among them, S. 3437 the “Federal Rotational Cyber Workforce Program Act of 2018” was reported favorably by the Senate Homeland Security and Governmental Affairs Committee on September 26th.  (More information on S. 3437 is available here.)
  • Deterrence and Offensive Capabilities.  The Strategy authorizes federal agencies to conduct counter-offensive or “hack back” operations against malicious actors.  This continues the Administration’s departure from policies of previous Administrations, including its August decision to rescind Presidential Policy Directive 20, which governed the federal agency approval process for offensive cyber operations.

Recent Congressional Actions on Cybersecurity

In addition to the initiatives specifically outlined above, both chambers of Congress have taken additional steps to address cybersecurity across critical infrastructure sectors.  Importantly, Congress agreed to provide funding and direction for the newly-created Office of Cybersecurity, Energy Security, and Emergency Response (CESER) within the Department of Energy.  The recently enacted FY 2019 Energy and Water, Development and Related Agencies Appropriations bill, which was part of a broader funding package signed into law by the President on September 21, 2018, included $120 million for the CESER office and specific direction that funding be applied to research and development focusing on supply chain risks.  This research may tackle how IT systems, software, and networks pose legitimate cyber risks to the broader infrastructure they serve, including through malware and unknown software vulnerabilities.  The summary and text of the Appropriations bill is available here.

Additionally, this week, the House Energy and Commerce Subcommittee on Energy will hear testimony from Karen Evans, Assistant Secretary for CESER, as a part of its “DOE Modernization” hearing series. Committee members are likely to question Ms. Evans on CESER’s role in the implementation of the Strategy, as well as issues including securing energy infrastructure from cybersecurity threats, public-private partnerships, and electricity grid resilience. Additional information on this hearing is available here.

Outlook

The Strategy is the first step for the Administration to define broader cybersecurity threats and begin to develop a cohesive plan to combat cyber-attacks.  The document itself does not contain many specific imminent actions that the Administration will take and questions remain over who within the Trump Administration is personally responsible for coordinating these and other cybersecurity efforts.

The Strategy does, however, identify areas in which the Administration will seek to work with Congress on legislative solutions to promote these goals.  For example, the document specifically references efforts to work with Congress to “update electronic surveillance and computer crime statutes” to better enable law enforcement to deter criminal activity.  Further, the Administration indicates it will work with the Congress to promote education and training opportunities to develop a robust cybersecurity workforce.  Congress has been innately focused on cyber workforce issues already, with a slate of existing bills introduced by members of both parties to strengthen education and training programs in this area as noted above.

With midterm elections looming in 41 days, both Democrats and Republicans in Congress are preparing their legislative agendas for the 116th Congress set to convene in January.  Democrats and Republicans alike have indicated that cybersecurity will be at the top of the legislative agenda.  Whether  it is through action on election security, autonomous vehicles, electric utility stabilization policies, or other critical infrastructure areas, cybersecurity will continue be a major topic of discussion through 2019.

This post was written by Tracy A. Nagelbush and Michael Weiner of Van Ness Feldman LLP.

 

© 2018 Van Ness Feldman LLP

What Start-ups Need to Know About Intellectual Property

As any entrepreneur is well aware, the early stages of a new business venture are an incredibly busy time. Entrepreneurs must focus on building the core team, structuring the company, attracting investors, developing the product/service, and developing key partnerships, sales channels and marketing plans. These tasks are typically all-consuming for the founders, taxing both their financial and time resources.

During this time, it may be a challenge to simultaneously focus on intellectual property issues.  However, this early time period is also a critical time for ensuring that a business takes steps to protect its core intellectual property and avoids the risk of third party intellectual property issues. Today, more than ever, having a solid understanding of intellectual property and developing an IP strategy that aligns with the business is a crucial part of building a new venture on a solid foundation.

This article includes an overview of the different types of intellectual property and provides advice to start-up companies on how to secure their own intellectual property as well as protect against intellectual property risks from others.

The three basic types of intellectual property that startups should understand are:

  • Patents
  • Trademarks
  • Copyrights

Patents

Not every startup business will be best-served by investing its resources in building a patent portfolio, but the question of whether to pursue patent protection warrants a hard and early look. Knowledge of the role of patents is critical for two reasons:

  • To protect your own business and inventions from your competitors
  • To avoid the risk of being exposed to assertions of patent infringement by competitors and other third parties

It is important for startups to understand the different kinds of patent protection and how they fit into their business.

Utility patents can be obtained for processes, machines, articles of manufacture, or compositions of matter that are deemed new, useful and non-obvious. The traditional subject matter of such utility patents covers tangible, technical inventions, such as improvements to client-server systems, motors, radios, computer chips and various technical product features. For example, Boeing’s US Patent No. 6,227,447 is a patent that covers methods of remotely controlling a vehicle. Patents can also be directed at new product features and functions. As another example, Facebook’s US Patent No. 8,171,128, titled “Communicating a newsfeed of media content based on a member’s interactions in a social network environment,” protects its News Feed feature.

A separate category of patent, the design patent, may be sought to protect ornamental (non-functional) designs. Some examples of notable design patents include Apple’s D 604,305 covering the design of its iPhone interface and Lululemon’s design patent covering its yoga pants.

The role of patents

Although patents are the most expensive and time-consuming type of intellectual property to obtain, they also provide the best scope of protection. A patent provides its holder with the exclusive right to make, use or sell an invention.  This means that it can exclude a competitor from making or selling the patented invention, irrespective of whether or not the competitor copied the invention or even previously knew of the patent.  For this reason, a patent that covers an important feature that drives consumer demand and/or distinguishes one’s product or service from that of competitors, can be very valuable.

Benefits of patents for a young business

Patents may provide a number of benefits to young businesses. For example, a robust patent portfolio or a key patent can help attract investors, since it may serve as barrier to entry by competitors. Furthermore, the filing of a patent application will enable the company to advertise “patent pending” along with its product or service.  In addition to potentially attracting investors, the “patented” or “patent pending” labels may deter would-be competitors, or force those competitors to adopt different designs and technologies.

As indicated above, once a patent issues it may be used to stop competitors from entering the field and allows for recovery of damages for infringement. Patents can also help the finances of a business by providing an opportunity to generate revenue from licensing.

How to obtain a patent

A patent is obtained by filing an application with the United States Patent and Trademark Office. The application includes a description of the invention accompanied by drawings, followed by a list of the elements that form the invention, called the patent claims. The patent claims set out the metes and bounds of the invention.  Third-party products or services that practice the elements of a claim infringe the patent.

When a patent application is first filed, an examiner is assigned to it. The examiner will reject or allow claims based on an assessment of their patentability, and the patent applicant will have an opportunity to respond to the examiner’s decisions. This back-and-forth with the Patent Office, known as prosecution, can take a number of years and is best done by an experienced patent attorney who understands the procedures, the legal requirements and the art of drafting strong patent claims.

Impact of the America Invents Act

Changes in the patent law implemented by the America Invents Act (AIA) half a decade ago have impacted the leading practices for businesses looking to file for patent protection. First, the U.S. is a “first inventor to file” system. This incentivizes early disclosure of inventions and early filing of patent applications.

When two people independently come up with the same invention, the first inventor to file for a patent on his or her invention is awarded the patent, regardless of which actually invented first. For this reason, it is important for businesses to streamline operations to reduce the time from invention to filing of patent applications.

Early and cost-effective filing can be achieved through provisional applications, which are essentially invention disclosures that can be converted to full patent applications within one year.

In addition, the AIA also provides for a prioritized examination procedure, which expedites the patent examination process. While the use of prioritized examination is more costly up-front, it may reduce overall legal expenses, since a patent can be obtained within one year.

Avoiding infringement of other patents

A second important aspect that startups should consider with respect to patents is a defensive one, i.e., avoiding infringement of the patents held by others. As a matter of practice, startups should conduct a patent search to verify that their business is free of patents that could be asserted against their product or service. The up-front cost of performing this search and related analysis is relatively minor and is offset by the potential for huge savings, both in terms of litigation costs and wasted investment in an infringing idea. The cautionary tale of Vlingo underscores this point.

Vlingo spent years developing voice recognition technology that led to talk of partnerships with Google and Apple. However, another voice recognition company, Nuance, which held a patent on voice recognition, sued Vlingo for patent infringement. Although Vlingo ultimately won the lawsuit, by then the company had already lost its potential partnerships, and the cost of defending the suit forced Vlingo to sell its business to Nuance. An early patent search could have revealed the Nuance patent and may have allowed Vlingo to take appropriate strategic steps to address the issue. For example, they might have been able to adopt a different design to avoid a run-in with Nuance.

Trademarks

Trademarks take us into the world of branding.  Trademarks serve to build brand awareness and business goodwill. They can impart consumer confidence in a product by its association with a brand the consumer recognizes and trusts. A trademark can be words, symbols, logos, slogans or product packaging and design that identify the source of goods or services. The Coca-Cola logo is one of the more famous trademarks.

Unlike patents, trademark rights are only acquired through use. Even without registration, the symbols “TM” or “SM” may be used to accompany trademarks or service marks to designate products or services. However, only registered marks may be accompanied by the “®” symbol.

Although registration with the US Patent and Trademark Office is not required to gain trademark rights, registration provides certain important benefits to the trademark holder. For example, without a registration, the trademark rights are limited to the geographic area in which the product or service is marketed and sold, and protection begins only after the product or service is available for sale on the market.

In contrast, federally registered marks provide nationwide rights. Registration also creates a prima facie case of validity of the ownership as well as an exclusive right to use the mark for specified goods or services. Once registered, the owner of a mark can stop importation of infringing products through U.S. Customs.

Clearing and registering key trademarks

Just as with patents, when seeking trademarks, businesses should be aware of whether their desired name, logo or domain name is already in use by others. Searching for existing uses is known as trademark clearance, with the goal being to “clear” a desired mark for use. Clearing the name and brand early on will reduce the likelihood of problems down the road.

Startups should look to protect their brand early by clearing and registering key trademarks. Registration is relatively quick and inexpensive, generally a few thousand dollars for a clearance search and subsequent filing for registration. A trademark application must specify the type of mark — i.e., whether the mark consists of just words or includes a stylized design or even an identifying color or sound. The application must also specify the particular goods or services to which the mark will apply.

As the company grows, it will become increasingly important to police infringing uses of its marks. Such efforts will help ensure that the business is not losing customers due to confusion with knock-offs.

Copyrights

Copyright is a form of intellectual property that protects the expression of ideas. Books, music, art, photographs, architecture and even computer software can be protected by copyright.

However, while copyrights protect the expression of ideas, they do not protect ideas or concepts themselves. For example, a copyright can protect a particular photograph of a bird, but others may still create their own photographs of the same type of bird.

Another requirement for copyright eligibility is that the work must be “an original work of authorship.” Facts, titles, phrases, and forms per se cannot be copyrighted.

Exclusive rights to copyright owners

Like trademarks, copyright registration is optional. As soon as a work is written or recorded or otherwise made “tangible”, it is considered to be copyrighted. US law provides various exclusive rights to copyright owners, including the rights to reproduce the work, prepare derivative works and distribute copies, irrespective of registration.

However, registration provides significant procedural benefits. Critically, registration is necessary in order to file a lawsuit for copyright infringement. It is also necessary to receive certain remedies, such as statutory damages and attorney fees. Registration also provides a presumption of originality and ownership, and it allows US Customs to stop the importation of infringing or counterfeit works.

Businesses should include the “©” symbol or the word “Copyright” on all distributed materials. They should also include the year of first publication, the name of the owner, and the language “All rights reserved.”

Businesses should consider registering any important materials so that the option of filing lawsuits is available to address infringement. Registration can be filed online with the US Copyright Office for a nominal fee.

Startups should also be careful to avoid using third-party photos, music, or writings on their website, marketing materials or products. Such use could lead to a potentially costly infringement dispute with the copyright holder.

Finally, because the author is the copyright owner by default, startups should take steps to ensure that they receive the rights to any copyrightable work created by employees or third-party contractors. The Copyright Act lists specific requirements for works for hire, and employment and third-party contractor agreements should include specific language to address ownership of any copyrightable works.

Conclusion

While intellectual property issues may sometimes get brushed aside during the early stages of a business, developing a diligent and intelligent IP strategy early on is important.

Startups should evaluate the types of intellectual property that can impact their business and strategically consider pursuing patent, trademark and copyright protection as appropriate.

Defensively, startups should also assess the intellectual property landscape of their business. That awareness should include clearance efforts to ensure that the company will not infringe the intellectual property of others, as it develops its products and services.

Learn more about Legal Issues for High-Growth Technology Companies. 

© 1998-2018 Wiggin and Dana LLP

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by