USDA Announces $15.1 Million In Grants For Bioenergy and Bioproducts

On July 20, 2017, the U.S. Department of Agriculture’s (USDA) National Institute of Food and Agriculture (NIFA) awarded 34 grants totaling $15.1 million for research on renewable energy, biobased products, and agroecosystems.  The grants, which are funded through the agency’s Agriculture and Food Research Initiative (AFRI), are expected to help develop the next generation of renewable energy, bioproducts, and biomaterials; protect the ecosystems that support agriculture; and improve the agricultural systems and processes that help feed the nation.

The following institutions were awarded grants for projects focused on cover crop systems for biofuel production:

  • USDA Agricultural Research Service (ARS) received $494,000 for the development of lupin, cereal rye, and carinata winter cover crops for biomass in the southern coastal plain;
  • Purdue University received $498,000 for the development of cover cropping for the development of sustainable co-production of bioenergy, food, feed (BFF) and ecosystem services (ES);
  • Iowa State University of Science and Technology received $498,378 for the development of perennial cover crop systems for maize grain and biomass production;
  • Louisiana State University Agricultural Center received $387,000 to study the feedstock production potential of energy cane-sweet sorghum rotation with a winter cover crop system; and
  • University of Nebraska received $500,000 to assess innovative strategies to maximize cover crop yields for biofuel across a precipitation gradient.​​​

The following institutions were awarded grants for projects focused on the socioeconomic implications and public policy challenges of bioenergy and bioproducts market development and expansion:

  • Auburn University received $499,886 to identify the economic barriers to biomass production, to evaluate the effectiveness of the Biomass Crop Assistance Program (BCAP) in stimulating biomass market expansion, and to explore the economic and ecosystem service implications of biomass production;
  • Colorado State University received $499,000 to produce a unified atlas of marginal lands in the U.S., and provide insight on the costs, potential environmental benefits, and overall practical likelihood of using those lands for biomass feedstock production;
  • Purdue University received $492,099 to develop a dynamic theoretical model on rejuvenating coal-power plants with biomass;
  • Iowa State University of Science and Technology received $499,622 to provide an integrated model-based assessment of the socioeconomic, policy, and market implications of sustainable bioenergy derived from cellulosic biomass; and
  • University of Missouri received $498,441 to evaluate impacts on forest resources surrounding power plants using woody biomass, assess economic impacts of wood biopower systems, and quantify tradeoffs between cost, carbon reductions, and renewable energy generation obtained by the increased use of wood biopower.

More information on the grants is available at the NIFA website.

This post was written by Lauren M. Graham, Ph.D. of Bergeson & Campbell, P.C.

Read more legal analysis at the National Law Review.

Effectiveness of Foreign Remedies to Obtaining Internet Information and Enjoining Illegal Conduct

The Internet has become the common form of commerce. As such, illegal activity has migrated there. The Internet is frequently used to engage in illegal activity cloaked in anonymity. Claimants have few if any direct means of enforcing their rights and court orders against the offenders. The power to make orders against Internet companies is essential to preserving the effectiveness of law online. Obtaining a remedy is often the practical solution to enforcing rights. Moreover, illegal online conduct crosses multiple jurisdictions often time simultaneously. As courts with personal jurisdiction have the power to adjudicate claims, it is essential that remedies have extraterritorial effect so to make it easier and less expensive for proceedings having to be brought in every country where the illegality occurs and the internet company operates.

For instance, Norwich Pharmacal orders are used to compel non-parties to disclose information or documents in their possession to assist in the discovery of wrongdoers. Norwich orders have increasingly been used in the online context by plaintiffs wo allege that they are being anonymously defamed or defrauded and seek orders against the Internet service providers to disclose the identity of the perpetrator. York University v. Bell Canada Enterprises  (2009), 311 D.L.R. (4th) 755 (Ont. S.C.J.); Cartier International AG v. British Sky Broadcasting LTD., (2017), 1 All E.R. 700 (C.A.). However, in Muwema v. Facebook Ireland LTD (2017) IEHC 69, the Irish High Court refused to grant a Norwich Pharmacal order against Facebook, requiring disclosure of the identity and location of an anonymous third party operating a Facebook page containing defamatory conduct. The court found that if Facebook disclosed such information it would endanger the life of the third party. But, Facebook was ordered to notify the third party that he should remove the offending postings within a certain period of time and if not, the plaintiff could renew its request for Norwich Pharmacal relief.

In addition, worldwide injunctions are available in English common law countries to cease conduct by a wrongdoer over which the court has jurisdiction. In Cartier,  Internet service providers were ordered to block the ability of their customers to access certain websites in order to avoid facilitating infringements of trademarks.  In Google Inc. v. Equustek Solutions Inc.  2017 SCC 34, the court ordered Google to block websites that were selling goods that violated the trade secrets of plaintiff. The court further held that this was a worldwide order and not confined to google.ca..

Although the law is evolving, claimants must use existing legal remedies to protect and enforce their rights. Courts are becoming much more receptive to helping the claimant.

This post was written byEric (Rick) S. Rein of Horwood Marcus & Berk Chartered.
Read more legal analysis at The National Law Review.

Employees Celebrate Chip Party: Embedding RFID Chips – Would You Agree to This?

On 1 August 2017, employees of a Wisconsin-based technology company enjoyed a “Chip Party” – but not the salty kind.  21 of Three Square Market’s 85 employees agreed to allow their employer to embed radio frequency identification chips in their bodies. We are familiar with the Internet of Things, is this the Internet of People?

Three Square Market (known as 32M) highlighted the convenience of microchipping their employees, reporting that they will be able to use the RFID chip to make purchases in the company break room, open doors, access copy machines and log in to their computers.

While the “chipped” employees reported that they felt only a brief sting when the chips were inserted, chipping employees draws deeper cuts through ethical and privacy issues.

One such issue is the potential for the technology to gradually encroach with further applications not contemplated by its original purpose. RFID technology has the potential to be used for surveillance and location-tracking purposes, similar to GPS technology. It also has potential to be used as a password or authentication tool, to store health information, access public transport or even as a passport.

While these potential applications will offer convenience to employers and consumers, the value of the information generated by each transaction is arguably greater for the marketers, data brokers and law enforcement entities that use it for their own purposes. Once data like this exists it can be accessed in all manner of circumstances.  Can you ever provide sufficient advice and counselling to employees to create informed consent free from the power imbalance of the employment relationship?

All keen on tech here at K&L Gates, but no one was putting their hand up for a similar program here, we’ll all just use our pass card to open the door, thanks.  We were left brainstorming films that use implants to see where this technology could take us as it is all too common in Sci-Fi films.  Have a look at The Final Cut, 2004 (warning 37% Rotten Tomato rating), where implants took centre stage by storing people’s experiences.  We are not there yet, but we have taken the first wobbly step on the path.

Read more about 32M’s use of RFID chips here.

See here to find out more about tracking employees with other technologies.

Read more legal analysis on the National Law Review.

Olivia Coburn and Cameron Abbott of K&L Gates contributed this article.

Brewers & Blades: Avoiding Exhaustion in Products with Consumable Parts

A product with consumable or replaceable parts can be complicated to patent. These kinds of products have a reusable base component and replaceable widgets that work with it. Think razor handles with disposable razor blades, coffee brewers with coffee pods, or table saws with replaceable blades. Sales of the widgets may create a substantial revenue stream, but what’s to stop an interloper from copying the widgets and undercutting these continuing sales? Patents! Right? Maybe; as long as you’ve been careful to patent the right aspects of your products and to avoid running afoul of the patent exhaustion doctrine. This doctrine “exhausts” a patentee’s patent rights in a product after it has been sold. The exhaustion is expansive. Courts have held a method claim automatically exhausted by the exhaustion of an apparatus claim in the same patent.[1] Very recently, the Supreme Court may have expanded the doctrine about as far as it can go: now all patent rights are exhausted regardless of any attempt at post-sale restriction, and regardless of the location of the sale.[2] In other words any sale, anywhere, exhausts all patent rights in the sold product.

Suppose you run a prolific company that makes coffee brewers that use single-serve disposable pods and also makes table saws with replaceable blades. For each product your business model might depend on controlling the pods or blades used with your product. For instance, if you take a loss on your coffee brewer intending to make up for it in sales of coffee pods, a patent covering the pods may be more valuable than one covering the brewer. If you intend to develop a licensing program for third-party saw blades, a patent covering a saw blade’s interface with your table saw may be crucial. So how might one breathe more easily despite the patent exhaustion doctrine to keep infringement claims viable? Here are some suggestions.

Patent your widgets separately. If patented together with the base component you may not be able to escape exhaustion of your patent claim, since your sale of the base component may “exhaust” your rights in the claim with respect to that sale. By patenting the widget separately—and in a separate patent—there is less chance of its claims being exhausted by sale of the base component. Keeping your widgets separate also minimizes your exposure to other pitfalls, such as being limited to contributory infringement claims.

Patent with your design strategy in mind. A robust design patent strategy can be a great tool to prevent knock-off widgets from cutting into market share. Strategic claim drafting in a design patent can in many cases provide claim scope broad enough to cover unauthorized widgets of varying configurations that may work with the base component. This is accomplished through the creative use of solid and broken lines in the drawings to claim particular aspects of the widget design, so long as the design of these aspects is not dictated by their function. This strategy can be especially helpful where it may be difficult or time-consuming to get a utility patent claim broad enough to stop knockoff widgets. And because your design patents will be directed to the widgets themselves, they are unlikely to fall victim to exhaustion due to sale of the base component.

Design with your patent strategy in mind. Designers may find it useful to over-design the parts of the base component and the widget that interact, with two additional goals in mind: (1) at least the widget side of the interaction should include a standalone novel feature, whether functional, ornamental, or both; (2) the interaction should only properly work with a widget including the novel feature. This may provide the opportunity for strong and specific utility or design patent claims directed to the widget that can be used to prevent unauthorized knockoff widgets.

Make your widgets disappear. Now that the Supreme Court has in some ways sanctioned unauthorized re-use of spent widgets, patents may not stop a competitor from re-filling and re-selling them. But what if there’s nothing left to re-fill? If possible, consider making your entire widget consumable by the base component or making it only survive a single use intact, so that it is not re-fillable and a customer will be left to simply recycle the remainder.

These suggestions can augment a careful patenting strategy to help combat crafty interlopers and circumvent courts’ hostile stance toward downstream control of products after their sale. A strategic combination of product design and intellectual property law can be a key tool in protecting investments in developing such products. A bold, full-bodied patent prosecution strategy can help cut through the unique difficulties in protecting investment in products that use consumable parts. Involving your patent counsel in the early stages of product design can be the difference between a sale that exhausts your patent rights, and one that leaves the company buzzing with viable patent protection that rips through the competition.

[1] See Keurig Inc. v. Sturm Foods, Inc., 732 F.3d 1370 (Fed. Cir. 2013).

[2] See Impression Products, Inc. v. Lexmark International, Inc., 15-1189 (May 30, 2017).

This post was written by Daniel A. Gajewski and Mark W. Rygiel of Sterne, Kessler, Goldstein & Fox P.L.L.C.

More legal analysis is available at The National Law Review.

Privacy Hat Trick: Three New State Laws to Juggle

Nevada, Oregon and New Jersey recently passed laws focusing on the collection of consumer information, serving as a reminder for advertisers, retailers, publishers and data collectors to keep up-to-date, accurate and compliant privacy and information collection policies.

Nevada: A Website Privacy Notice is Required

Nevada joined California and Delaware in explicitly requiring websites and online services to post an accessible privacy notice. The Nevada law, effective October 1, 2017, requires disclosure of the following:

  • The categories of “covered information” collected about consumers who visit the website or online service;

  • The categories of third parties with whom the operator may share such information;

  • A description of the process, if any, through which consumers may review and request changes to their information;

  • A description of the process by which operators will notify consumers of material changes to the notice;

  • Whether a third party may collect covered information about the consumer’s online activities over time and across different Internet websites or online services; and

  • The effective date of the notice.

“Covered Information” is defined to include a consumer’s name, address, email address, telephone number, social security number, an identifier that allows a specific person to be contacted physically or online, and any other information concerning a person maintained by the operator in combination with an identifier.

Takeaway: Website and online service operators (including Ad Techs and other data collectors) should review their privacy policies to ensure they are disclosing all collection of information that identifies, can be used to contact, or that is combined with information that identifies consumers. Website operators should also be sure that they are aware of, and are properly disclosing, any information that is shared with or collected by their third-party service providers and how that information is used.

Oregon: Misrepresentation of Privacy Practices = Unlawful Trade Practice.

Oregon expanded its definition of an “unlawful trade practice”, effective January 1, 2018, to expressly include using, disclosing, collecting, maintaining, deleting or disposing of information in a manner materially inconsistent with any statement or representation published on a business’s website or in a consumer agreement related to a consumer transaction.The new Oregon law is broader than other similar state laws, which limit their application to “personal information”. Oregon’s law, which does not define “information”, could apply to misrepresentations about any information collection practices, even if not related to consumer personal information.

Takeaway: Businesses should be mindful when drafting privacy policies, terms of use, sweepstakes and contest rules and other consumer-facing policies and statements not to misrepresent their practices with respect to any information collected, not just personal information.

New Jersey: ID Cards Can Only be Scanned for Limited Purposes (not Advertising)

New Jersey’s new Personal Information and Privacy Protection Act, effective October 1, 2017, limits the purposes for which a retail establishment may scan a person’s identification card to the following:

  • To verify the authenticity of the card or the identity of the person paying for goods or services with a method other than cash, returning an item or requesting a refund or exchange;

  • To verify the person’s age when providing age-restricted goods or services to the person;

  • To prevent fraud or other criminal activity using a fraud prevention service company or system if the person returns an item or requests a refund or exchange;

  • To prevent fraud or other criminal activity related to a credit transaction to open or manage a credit account;

  • To establish or maintain a contractual relationship;

  • To record, retain, or transmit information required by State or federal law;

  • To transmit information to a consumer reporting agency, financial institution, or debt collector to be used as permitted by the Fair Credit Reporting Act and the Fair Debt Collection Practices Act; or

  • To record, retain, or transmit information governed by the medical privacy and security rules of the Health Insurance Portability and Accountability Act.

The law also prohibits the retention of information scanned from an identification card for verification purposes and specifically prohibits the sharing of information scanned from an identification card with a third party for marketing, advertising or promotional activities, or any other purpose not specified above. The law does make an exception to permit a retailer’s automated return fraud system to share ID information with a third party for purposes of issuing a reward coupon to a loyal customer.

Takeaway: Retail establishments with locations in New Jersey should review their point-of-sale practices to ensure they are not scanning ID cards for marketing, advertising, promotional or any other purposes not permitted by the New Jersey law.

Read more legal analysis at the National Law Review.

This post was written byJulie Erin Rubash of  Sheppard Mullin Richter & Hampton LLP.

Are There Alternatives to Traditional Divorce?

Traditional fault divorce is generally viewed as a time consuming, expensive, and very public way to end a marriage. Couples who once shared homes, finances, and families suddenly find themselves as adversaries, fighting to divide the life they built together. Finances, and families, are often shattered by divorce. Divorce arbitration has been used for many years to resolve various legal issues.

Divorce attorneys are increasingly viewing arbitration as a viable alternative to a court divorce trial. Divorce arbitration can help couples avoid a time-consuming, expensive, public trial in return for the efficiency, privacy, cost-effectiveness, and informality of arbitration.

Divorce arbitration helps couples retain control over life decisions, limit expenses, and prioritize their children’s well-being.

Divorce arbitration is a structured process that in some ways is similar to a court room divorce but with more control retained by the parties themselves. Divorcing couples are powerless to alter the structure of a court room proceeding. Nor can they choose the judge who will hear the case. However, parties to a divorce arbitration can set up the structure, timing, and location of the arbitration from the outset, and can choose the arbitrator. The parties agree in advance as to which issues will be arbitrated, whether and how the rules of evidence will apply, and the manner that the proceedings will be recorded.

The arbitration itself involves testimony of witnesses and the submission of documents into evidence. At the conclusion of an arbitration hearing, the arbitrator will usually render a decision within 30 days. A typical court room divorce often continues for several weeks or months.

Divorce arbitration is recognized by the New Jersey Supreme Court as an effective method of dispute resolution that provides an alternative to conventional divorce litigation. Unlike a court schedule, the parties to a divorce arbitration schedule the dates of the arbitration sessions. Instead of court dates scheduled in different weeks over a period of weeks or months, scheduling arbitration sessions results in more convenience, fewer lost work days, and a speedier resolution.

Read more legal analysis at the National Law Review.

This post was written byJohn S. Eory of  Stark & Stark.

The Malta Pension Plan – A Supercharged, Cross-Border Roth IRA

Relevant US Tax Principles

In the cross border setting, two of the principal goals in international tax planning are (i) deferral of income earned offshore and (ii) the tax efficient repatriation of foreign profits at low or zero tax rates in the United States. For U.S. taxpayers investing through foreign corporations, planning around the controlled foreign corporation (CFC) rules typically achieves the first goal of deferral, and utilizing holding companies resident in treaty jurisdictions generally accomplishes the second goal of minimizing U.S. federal income tax on the eventual repatriation of profits (for U.S. corporate taxpayers, the use of foreign tax credits may be used to achieve this latter goal).

In a purely domestic setting, limited opportunities exist to defer paying U.S. federal income tax on income or gain realized through any type of entity, and fewer opportunities, if any, exist for the beneficial owners of such entities to receive tax-free distributions of the accumulated profits earned by these entities. A Roth IRA may be the best vehicle available to achieve these goals.

Roth IRA (hereafter, “Roth”) is a type of tax-favored retirement account, under which contributions to the Roth are not tax deductible (like contributions to a traditional IRA would be), but all earnings of the Roth accumulate free of U.S. tax. In addition, qualified distributions from a Roth are not subject to U.S. federal income tax. In other words, once after-tax funds are placed in a Roth, those funds generally are not taxed again. As with traditional IRAs, however, the tax benefits of Roth IRAs are restricted to certain taxpayers who fall below certain modified adjusted gross income thresholds, and even then, such persons are limited in the amounts that can be contributed each year. Additionally, those who are eligible to contribute to such Roth accounts are limited to a maximum contribution of $5,500 per year ($6,500 for taxpayers age 50+). Any “excess contributions” beyond the stated limitations trigger an annual 6 percent excise tax until the excess contributions are eliminated. Finally, because of the “prohibited transaction” provisions, it is not possible for U.S. taxpayers to transfer property (whether appreciated or not) to a Roth without triggering certain taxes (i.e., excise tax as well as income tax on any built-in gain). Therefore, while the benefits of Roths are significant, they are not widely available, particularly to high-income taxpayers.

Relevant Maltese Principles Relating to Malta Pensions

Since 2002, Maltese legislation has been in existence which allows for the creation of cross-border pension funds (although these pension funds have become more relevant to U.S. taxpayers since the effective date of the U.S.-Malta income tax treaty (the “Treaty”) in November of 2010). In contrast to the stringent limitations imposed on contributions to Roths under U.S. law, unlimited contributions may be made to a Malta pension plan. This is true also for U.S. citizens and tax residents, regardless of whether such persons are resident in or have any connection at all to Malta (though no U.S. deduction is permitted for contributions to such Maltese plans). A Maltese pension plan generally is classified as a foreign grantor trust from a U.S. federal income tax perspective because of the retained interest of the grantor/member in the pension fund. Thus, contributions to such a pension fund (including contributions of appreciated property) generally are ignored from the U.S. income tax perspective and should not trigger any adverse U.S. tax consequences.[1]

There also appears to be almost no limitation on what types of assets can be contributed tax-free to a Malta pension, including, for example, stock in private or publicly-traded companies (including PFICs), partnership and LLC interests (including so-called “carried interests”), and interests in U.S. or non-U.S. real estate. While the specific terms of each pension plan vary, Malta law generally permits distributions to be made from such plans beginning at age 50.

The relevant Maltese pension rules allow an initial lump sum payment of up to 30% of the value of the member’s pension fund to be made free of Maltese tax. This initial payment must be made within the first year of the retirement date chosen by that member. Additional periodic payments generally must then be made from the pension at least annually thereafter, and while such payments may be taxable to the recipient, they are usually significantly limited in amount (generally being tied to applicable minimum wage standards in the recipient’s home jurisdiction). Beyond those minimum wage amounts, excess lump sum distributions of up to 50 percent of the balance of the plan generally can be made free of Malta tax.

U.S.-Malta Income Tax Treaty Provisions

As noted above, when the Treaty became effective in late 2010, Maltese pension plans became more attractive to U.S. taxpayers. The Treaty contains very favorable provisions that can result in significant tax benefits to U.S. members of a Maltese pension. In order for such U.S. members to take advantage of these benefits, the pension must qualify as a resident of Malta under the Treaty and also satisfy the limitation on benefits (LOB) article of the Treaty.

Article 4, paragraph 2 of the Treaty provides that a pension fund established in either the United States or Malta is a “resident” for purposes of the Treaty, despite that all or part of the income or gains of such a pension may be exempt from tax under the domestic laws of the relevant country. Under Article 22(2)(e) of the Treaty, a pension plan that is resident in one of the treaty countries satisfies the LOB provision as long as more than 75% of the beneficiaries, members, or participants of the pension fund are individuals who are residents of either the Unites States or Malta.[2]

Thus, as long as a Maltese pension is formed pursuant to relevant Maltese law and more than 75% of its members are U.S. and/or Maltese residents, the pension plan should be eligible for Treaty benefits.

Pursuant to Article 18 of the Treaty, income earned by a Maltese pension fund cannot be taxed by the United States until a distribution is made from that fund to a U.S. resident. This article of the Treaty contains no restrictions on the types of income that are covered, and thus is generally believed to apply broadly to all income (including, for example, income arising in connection with interests in U.S. real estate, PFIC stock, and assets connected to a U.S. trade or business).[3]

Article 17(1)(b) of the Treaty further provides that distributions from a pension arising in one country, and which would be exempt from tax in that country if paid to a resident of that country, must also be exempt from tax in the other country when paid to a  resident of the latter country.  The U.S. Treasury’s Technical Explanation to the Treaty further clarifies that, for example, “a distribution from a U.S. Roth IRA to a resident of Malta would be exempt from tax in Malta to the same extent the distribution would be exempt from tax in the United States if it were distributed to a U.S. resident.”[4]

As mentioned above, pursuant to Maltese law, the initial lump sum payment from a Maltese pension (up to 30% of the value of the relevant pension fund) generally is not taxable in Malta. Thus, based on Article 17(1)(b) of the Treaty, such amounts likewise must not be taxed in the United States when made to a U.S. resident beneficiary. Additionally, this same Maltese exemption generally applies to further lump sum payments received by Maltese resident beneficiaries in certain subsequent years (generally, such distributions may be made tax-free beginning three years after the initial lump sum distribution is received). Notably, any required annual (or more frequent) periodic payments would be taxable in Malta if made to a Maltese resident, and therefore also are taxable in the United States under Section 72 when received by a U.S. resident member of the pension fund.[5]

Finally, while under the so-called “savings clause” the United States generally reserves the right under its income tax treaties to tax its citizens and “residents” as though the treaty did not exist, this savings clause contains certain exceptions. Under the Treaty, Article 1(5) provides that Articles 17(1)(b) and 18 are excepted from the savings clause (found at Article 1(4)). Consequently, the savings clause of the Treaty should not prevent a U.S. citizen or resident member of a Maltese pension from qualifying for Treaty benefits under relevant provisions of Articles 17 and 18.

Example

Assume a U.S. resident individual 49-years of age owns both highly-appreciated U.S. real estate and founders’ shares of a technology start-up that is about to go public. In combination, the interests are worth approximately $100 million, and the aggregate tax basis of the assets is $10 million. As part of her retirement planning, this U.S. individual decides to contribute these assets to a Maltese pension fund.[6] During this same tax year, the real estate is sold for fair market value and the technology company goes public, though she is required to hold the shares for at least six months before disposing of them.  During the following tax year, after her lockup period expires, she sells her shares for fair market value, leaving her portion of the pension plan holding proceeds of $100 million. Since at this time she is at least 50 years of age, assuming the terms of the pension plan permit her to begin withdrawing assets at age 50, the U.S. individual can cause the pension plan to distribute to her during that tax year $30 million of the pension plan funds without the imposition of any tax, either in Malta or the United States.

At this point, the pensioner would need to wait until year 4 to be able to extract additional profits tax-free (pursuant to Maltese law, three years must pass after the initial lump sum distribution before additional lump sum distributions could be made to a resident of Malta tax-free). Thus, in year 4, additional assets can be distributed to the member without triggering tax liability. To calculate how much can be distributed free of tax, it is necessary to first determine the pension holds “sufficient retirement income.” This amount in turn is based, pursuant to Maltese law, on the “annual national minimum wage” in the jurisdiction where the member is resident. To the extent the pension plan balance exceeds the member’s “sufficient retirement income” (on a lifetime basis), 50% of the excess can be withdrawn tax-free each year. Assuming the $70 million remaining assets (after accounting for the initial lump sum distribution) had increased in value to $85 million by year 4, and further assuming it was determined that the individual needed $1 million as her sufficient retirement income, 50% of the $84 million excess, or $42 million, could be distributed to her that year free of tax. Such calculations could likewise be performed in each succeeding tax year, with 50% of the excess being available for tax-free receipt by the beneficiary each year. Consequently, while it is not possible to distribute 100% of the proceeds of such a pension tax-free, a substantial portion of any income generated in the pension (including gains realized with respect to appreciation accrued prior to contribution of assets to the pension fund) may be distributed without any Maltese or U.S. tax liability.

Conclusion

Some commentators have suggested that the purported benefits of Maltese pensions in this context were not intended by Treasury in negotiating the Treaty and that therefore the use of such pensions in this manner is “too good to be true.” The underlying legal principles, however, are not so different from those that apply to Roths in the United States. Like participants in Roths, participants in Maltese pensions can contribute after-tax dollars to the plan and never pay future tax on profits realized with respect to assets held in the plan. Admittedly, the biggest differences relate to the unlimited amounts that may be contributed to Maltese pensions and the fact that prior appreciation in assets that are contributed to the plan also may avoid being subjected to any U.S. tax. Regardless, these distinctions result from features of domestic Maltese law (not U.S. law), and make the use of such pension plans by U.S. residents so potentially attractive.

[1] Note, however, that U.S. information filing obligations may be triggered to the U.S. transferor member pursuant to Section 6048. Unless otherwise noted, all Section references are to the Internal Revenue Code of 1986, as amended (the “Code”), and the Treasury regulations promulgated under the Code.

[2] For this purpose, the term resident includes a U.S. citizen.  Article 4(1) of the Treaty.

[3] It should be noted that the FIRPTA provisions of Section 897 and Section 1445 should not be applicable because the pension plan is treated as a foreign grantor trust for U.S. federal income tax purposes.

[4] Treasury Technical Explanation of the U.S.-Malta Income Tax Treaty, signed 8/8/2008, Article 17, paragraph 1.

[5] Under Section 72, a portion of each payment represents tax-free return of basis.

[6] Note that, as discussed above, there should be no U.S. tax implications on contribution of the assets (for example, under Section 684), as the pension plan should be classified as a grantor trust for U.S. federal income tax purposes.

This post was written by  Jeffrey L. Rubinger and Summer Ayers LePree of  Bilzin Sumberg Baena Price & Axelrod LLP.
Read more on the National Law Review.

Wave of the Future or a Step Too Far? Wisconsin Company Offers Employees Microchip Implants, Employment Issues Abound

When wireless is perfectly applied the whole earth will be converted into a huge brain, which in fact it is, all things being particles of a real and rhythmic whole. We shall be able to communicate with one another instantly, irrespective of distance. . . . and the instruments through which we shall be able to do his will be amazingly simple compared with our present telephone. A man will be able to carry one in his vest pocket.

–Nikola Tesla, 1926

While we may now take Tesla’s connected world for granted, one cannot help but wonder what readers thought of his predictions in 1926 when he made the above statements in a magazine interview. It remains to be seen whether a similar pattern of skepticism, realization, and acceptance will eventually emerge regarding news that a vending machine company is offering its employees the opportunity to have microchips embedded in their hands to allow more convenient access to facilities, computers, and financial accounts.

The Wisconsin-based employer is reportedly the first in the United States to offer microchips (at a cost to the employer of $300 each) to employees on a voluntary basis. The microchip, roughly the size of a grain of rice, would be inserted into an employee’s hand between the thumb and forefinger, and could be used instead of a key to access buildings, log onto computers or printers, and even pay for goods in the company’s break room. It is not unlike fingerprint or other biometric technology that is becoming more widely used. In this case, however, the pertinent information is stored on the embedded microchip.

The company noted that in the future, the chip may also be able to store medical information or be used for transactions outside of the company. The chip’s technology is not, however, currently able to use GPS to track employees’ whereabouts.

Employers considering whether to implement such emerging technology may want to carefully assess whether the convenience outweighs the risks. Among the legal issues are the following:

Personal Privacy

While the company making headlines has stated that it will not use the technology to track its employees’ whereabouts (and the technology cannot currently support GPS monitoring), embedded microchips like this could create an electronic trail of the employee’s whereabouts whenever the employee is scanned to access secured locations.

Depending on where access points are installed, an employer could gain useful information, such as how long an employee spent in the break room, in the same vicinity as another employee who was allegedly harassed, or where material went missing. Further, having a record of frequent “check-ins” throughout the day as the employee accesses buildings, printers, computers, vehicles, etc. might aid in verifying time records for payroll purposes or compliance with delivery schedules and other customer expectations. This technology is already available to employers through access cards, login PINs, and other devices. The embedded chip would be another technology to use for that purpose, and it would be more difficult to trick the system with “buddy punches” and other surreptitious behavior with microchip technology. On the other hand, an employer could also theoretically confirm how long an employee spent in the restroom, at a union meeting, or complaining to human resources.

If embedded chips ever advance to the point of supporting GPS, a current body of case law regarding non-embedded GPS devices (like phones and devices installed on company vehicles) offers insights into potential legal risks. Companies use these technologies to track the whereabouts of employees, but that also gives companies information that could form the basis of a discrimination claim. For example, a company may learn that an employee is regularly at a medical clinic, which the employee might use to claim disability discrimination. Or, in Wisconsin where state law protects against discrimination based on the use or non-use of lawful products, the employer might learn that the employee spends a lot of off-duty time at the neighborhood bar, which could lead to a claim that the employee was discriminated against for using legal products while not on duty.

In addition, requiring GPS tracking of employees’ whereabouts is a mandatory subject of bargaining for unionized employees. Even for non-union employees, courts have found that employers go too far if they track employees’ whereabouts in places where employees would have a reasonable expectation of privacy (like their homes). Public employers face even greater risks in using GPS technology because courts have found that GPS technology may qualify as a search under the Fourth Amendment.

Data Privacy

Information from the chip (e.g., banking information and medical information) has value and could be the target of theft. Just as personal information could be hacked from other company databases and infrastructure, hacking may be a possibility with this new technology. Because the chip is provided by the employer, would the employer be liable for damages resulting from the misappropriation of stolen information? If an employer were negligent in implementing security protocols on the microchips, there could be litigation over the employer’s liability.

Workers’ Compensation

If an employee has a medical reaction from the implant or the procedure of implanting the chip (for example, developing an infection), there is a possibility that the medical reaction could give rise to a workers’ compensation claim because the chip was provided by the employer for work-related reasons.

Medical and Religious Accommodation

The employer in question here is not requiring employees to embed the chips, but requiring employees to do so would be difficult. Employees would likely have a right to opt out of the requirement based on medical or religious objections. It is not unlike requiring employees to get an annual flu vaccine. Some employees are medically unable and must be granted a medical accommodation under the Americans with Disabilities Act and applicable state laws (absent an undue hardship to the employer). Others may object on religious grounds and therefore qualify for accommodations on that basis.  At least one court has supported an employee’s right to decline on religious grounds far less invasive biometric access technology.

A Look Into the Future

While the microchips currently in use appear to serve limited purposes, it is not farfetched that the technology will continue to develop and allow new uses. Employees may be comfortable with the current use, but not with future uses. Clear communication with employees as to the capabilities and uses of the chip would be essential to minimizing legal risk.

Even more practically, the technology of the chip itself may become outdated or employees might leave their employment with the company and the company would need to determine what to do with the chip already embedded into the employee. This could create medical challenges in removing the chip or controversies with the employee over who has rights to the chip itself or is obligated to pay for its removal.

While the company at issue here has not made implanting a microchip a condition of employment, social, economic, and practical influences could leave employees with little alternative. Just like the convenience of direct deposit has made paper payroll checks virtually obsolete, so too the convenience of chip technology may render physical keys, identification badges, and similar access control measures a thing of the past. Why risk losing or forgetting your identification badge when you can guarantee the necessary data is with you at all times? Financially, it seems likely that an employer could offer an incentive to employees who make use of the chip technology much like auto insurance companies offer premium reductions to those who permit tracking of their driving habits. Many employers already offer shift premiums, are chip premiums on the horizon?

Ultimately, while this developing technology may certainly provide some added convenience and may not be all that significant a departure from our society’s current reliance on mobile devices, embedding a microchip into an employee’s body takes the invasiveness of the technology and the legal ramifications one step further and requires a thoughtful weighing of the risks versus the benefits.

More legal analysis is added daily at The National Law Review.

This post was written by Keith E. Kopplin  and Sarah J. Platt of Ogletree, Deakins, Nash, Smoak & Stewart, P.C..

Using “Finders” to Find Capital: Avoiding Problems for Your Company

Raising money for your startup can be hard. Not every entrepreneur can walk into Silicon Valley with a business idea and walk out with multiple VC term sheets in hand. Sometimes the only path to financing your startup is through the hard work of pitching and cobbling together a group of angels and other individual investors. But that path takes time and can be frustrating. Potential investors may hesitate to commit or, even worse, give you the dreaded “you’re-too-early-for-us” response. The offer from a “finder” to introduce you to investors with cash sounds attractive. Why not, right? What’s the downside?

You can use a finder if their role is limited and their compensation is structured properly. But you can cause major problems for yourself and the finder if they’re too involved and paid commissions on the money raised. These are activities that only registered broker-dealers (persons or firms engaged in the business of buying and selling securities for themselves or others) can engage in. If your company uses a finder acting as a broker-dealer, you might find your fundraising round unraveling, and your finder might find themselves in trouble with the Securities and Exchange Commission (SEC).

A “true” finder

A “true” finder can be OK if they limit their role to making introductions, receive a flat or hourly consulting fee that is not contingent on the success of the offering, and avoid any active role in negotiating and completing the investment. Finders acting in this very limited capacity are not considered broker-dealers. As a result, true finders are largely unregulated under the securities laws and need not be registered with the state or federal government as broker-dealers. This area is murky, however, because there are not clear regulations and the rules of the road have been developed in court cases and case-by-case “no-action” letters from the SEC.

The real problem is that many finders do not limit their activities to mere introductions. These finders end up assisting in structuring and negotiating the offering, providing advice regarding the offering and investment, and even encouraging and inducing investors to invest. These activities make them a “broker” under the securities laws, and federal and state governments require that brokers be registered. Often the finder is not registered as a broker.

Finders also prefer success-based compensation, calculated as a percentage of the funds raised by the company, and companies prefer to pay finders only if and when they’re successful in helping to raise capital. Both courts and the SEC, however, take the position that such success-based compensation (also referred to as transaction-based compensation) is the telltale factor indicating whether a finder is acting as an unregistered broker-dealer.

So, what’s the risk?

For the company, using an unregistered broker-dealer to assist with an offering could create a rescission right in favor of the investors. If investors succeed in rescinding their investments, the company must return their money. For the finder acting as an unregistered broker-dealer, they could be subject to severe SEC sanctions and the company could void the finder’s engagement agreement, requiring return of the finder’s compensation. Moreover, even if a finder’s activities and compensation are perfectly legal, the relationship alone can still give rise to problems for the company. Any financial relationship with a finder must be disclosed to investors and listed on the company’s Form D filed with the SEC and state securities departments. Disclosure of such a relationship, again, even if perfectly legal, may nevertheless prompt some states to initiate an investigation.

The situation in Michigan, however, is even murkier. In the recent case Pransky v. Falcon Group, the Michigan Court of Appeals held that a “finder” as defined in the Michigan Uniform Securities Act, was not required to be registered with and regulated by the State of Michigan, even where the company agreed to pay success-based compensation. Michigan companies and finders, however, should not take the opinion as a green light to engage in a finder relationship, structured with success-based compensation, without fear of regulatory oversight. The trial court initially dismissed the case on summary judgment, and as a result there was no evidence in the record of whether or not the finder’s activities went beyond mere introductions. In addition, some commentators have criticized the court’s decision. Perhaps sensing such impending criticism, the Court of Appeals, in a footnote, cautioned that the “better course of action would be for finders acting pursuant to similar contracts to protect themselves by registering, at the very least, as broker-dealers; the line between a finder’s activities and that of a broker-dealer…is a thin one and persons acting under such contracts without being registered are inviting litigation.”

The bottom line

Using finders for raising capital is not the easy solution it appears to be at first glance. Worse yet, it can lead to significant problems. As the saying goes, nothing worth having is easy. If you don’t have a VC-backable business, you may have an even harder time raising capital than most. Regardless, when it comes to raising money for your startup, be your own “finder”. Network, hustle, and tell your story. No one is more effective than you at explaining your business and the investment opportunity.

For more legal analysis check out the National Law Review.

This post was written by Matthew W. Bower of  Varnum LLP.

Third-Party Aspects of Cybersecurity Protections: Beyond your reach but within your control

Data privacy and cybersecurity issues are ongoing concerns for companies in today’s world.  It is nothing new to hear.  By now, every company is aware of the existence of cybersecurity threats and the need to try to protect itself.  There are almost daily reports of data breaches and/or ransomware attacks.  Companies spend substantial resources to try to ensure the security of their confidential information, as well as the personal and confidential information of their customers, employees and business partners.  As part of those efforts, companies are faced with managing and understanding their various legal and regulatory obligations governing the protection, disclosure and/or sharing of data – depending on their specific industry and the type of data they handle – as well as meeting the expectations of their customers to avoid reputational harm.

Despite the many steps involved in developing wide-ranging cybersecurity protocols – such as establishing a security incident response plan, designating someone to be responsible for cybersecurity and data privacy, training and retraining employees, and requiring passwords to be changed regularly – it is not enough merely to manage risks internal to the company.  Companies are subject to third-party factors not within their immediate control, in particular vendors and employee BYOD (Bring Your Own Device).  If those cybersecurity challenges are not afforded sufficient oversight, they will expose a company to significant risks that will undo all of the company’s hard work trying to secure and defend its data from unauthorized disclosures or cyberattacks.  Although companies may afford some consideration to vendor management and BYOD policies, absent rigorous follow up, a company may too easily leave a gaping hole in its cybersecurity protections.

VENDORS

To accomplish business functions and objectives and to improve services, companies regularly rely on third-party service providers and vendors.  To that end, vendors may get access to and get control over confidential or personal information to perform the contracted services.  That information may belong to the company, employees of the company, the clients of the company and/or business partners of the company.

When information is placed into the hands of a vendor and/or onto its computer systems, stored in its facilities, or handled by its employees or business partners, the information is subject to unknown risks based on what could happen to the information while with the third-party.  The possibility of a security breach or the unauthorized use or access to the information still exists but a company cannot be sure what the vendor will do to protect against or address those dangers if they arise.  A company cannot rely on its vendors to maintain necessary security protocols and instead must be vigilant by exercising reasonable due diligence over its vendors and instituting appropriate protections.  To achieve this task, a company needs to consider the type of information involved, the level of protection required, the risks at issue and how those risks can be managed and mitigated.

Due Diligence

A company must perform due diligence over the vendor and the services to be provided and should consider, among other things, supplying a questionnaire to the vendor to answer a host of cybersecurity related questions including:

> What services will the vendor provide?  Gain an understanding of the services being provided by the vendor, including whether the vendor only gains access to, or actually takes possession of, any information.  There is an important difference between a vendor (i) having access to a company’s network to implement a third-party solution or provide a thirdparty service and (ii) taking possession of and/or storing information on its network or even the network of its own third-party vendors.

> Who will have access to the information?  A company should know who at the vendor will have access to the information.  Which employees?  Will the vendor need assistance from other third-parties to provide the contracted-for services?  Does the vendor perform background checks of its employees?  Do protocols exist to prevent employees who are not authorized from having access to the information?

> What security controls does the vendor have in place?  A company should review the vendor’s controls and procedures to make sure they comply not only with applicable legal and regulatory requirements but also with the company’s own standards.  Does the vendor have the financial wherewithal to manage cybersecurity risks?  Does the vendor have cybersecurity insurance?  Does the vendor have a security incident response plan?  To what extent has the vendor trained with or used the plan?  Has the vendor suffered a cyberattack?  If so, it actually may be a good thing depending on how the vendor responded to the attack and what, if anything, it did to improve its security following the attack.  What training is in place for the vendor’s employees?  How is the vendor monitoring itself to ensure compliance with its own procedures?

The Contract

A company should seek to include strong contractual language to obligate the vendor to exercise its own cybersecurity management and to cooperate with the company to ensure protection of the company’s data.  There are multiple provisions to consider when engaging vendors and drafting or updating contracts to afford the company appropriate protections.  A one-size-fits-all approach for vendors will not work and clauses will need to be modified to take account of, among other things:

 > The sensitivity of the information at issue – Does the information include only strictly confidential information, such as trade secrets or news of a potential merger?  Does the information include personal information, such as names, signatures, addresses, email addresses, or telephone numbers?  Does the information include what is considered more highly sensitive personal information, such as SSNs, financial account information, credit card information, tax information, or medical data?

> The standard of care and obligations for the treatment of information – A company should want its vendors to meet the same standards the company demands of itself.  Vendors should be required to acknowledge that they will have access to or will take possession of information and that they will use reasonable care to perform their services, including the collection, access, use, storage, disposal, transmission and disclosure of information, as applicable.  This can, and often should, include: limiting access to only necessary employees; securing business facilities, data centers, paper files, servers and back-up systems; implementing database security protocols, including authentication and access controls; encrypting highly sensitive personal information; and providing privacy security training to employees.  Contracts also should provide that vendors are responsible for any unauthorized receipt, transmission, storage, disposal, use, or disclosure of information, including the actions and/or omissions of their employees and/or relevant third-parties who the vendors retain.

> Expectations in the event of a security breach at the company – A company should include a provision requiring a vendor’s reasonable cooperation if the company experiences a breach.  A company should have a contact at each of its vendors, who is available 24/7 to help resolve a security breach.  Compliance with a company’s own obligations to deal with a breach (including notification or remediation) could be delayed if a vendor refuses to timely provide necessary information or copies of relevant documents.  A company also can negotiate to include an indemnification provision requiring a vendor to reimburse the company for reasonable costs incurred in responding to and mitigating damages caused by any security breach related to the work performed by the vendor.

> Expectations in the event of a security breach at the vendor – A company should demand reasonable notification if the vendor experiences a security breach and require the vendor to take reasonable steps and use best efforts to remediate the breach and to try to prevent future breaches.  A company should negotiate for a provision permitting the company to audit the vendor’s security procedures and perhaps even to physically inspect the vendor’s servers and data storage facilities if the data at issue is particularly sensitive.

Monitoring

Due diligence and contractual provisions are necessary steps in managing the cybersecurity risks that a vendor presents, but absent consistent and proactive monitoring of the vendor relationship, including periodic audits and updates to vendor contracts, all prior efforts to protect the company in this respect will be undermined.  Determining who within the company is responsible for the relationship  – HR? Procurement? Legal? – is critical to help manage the vendor relationship.

> Schedule annual or semi-annual reviews of the vendor relationship –  A company not only should confirm that the vendor is following its cybersecurity protocols but also should inquire if any material changes to those protocols have been instituted that impact the manner in which the vendor handles the company’s data.  Depending on the level of sensitivity of the data being handled by the vendor, a company may consider retaining a third-party reviewer to evaluate the vendor.

> Update the vendor contract, as necessary – A company employee should be responsible to review vendor contracts annually to determine if any changes are necessary in view of cybersecurity concerns.

BYOD

Ransomware – where a hacker demands a ransom to unencrypt a company’s data caused by malicious software that the hacker deposited onto the company’s network to hold it hostage – certainly is a heightened concern for all companies.  It is the fastest growing malware targeting all industries, with more than 50% growth in recent years.  Every company is wary of ransomware and is trying to do as much as possible to protect itself from hackers.  The best practices against ransomware are to (i) periodically train and retrain your employees to be on the lookout for ransomware; (ii) constantly backup you data systems; and (iii) split up the locations where data is maintained to limit the damage in the event some servers fall victim to ransomware.  One thing that easily is overlooked, however, or is afforded more limited consideration, is a company’s BYOD policy and enforcement of that policy.

Permitting a company’s employees to use their own personal electronic devices to work remotely will lower overhead costs and improve efficiency but will bring a host of security and compliance concerns.  The cybersecurity and privacy protocols that the company established and vigorously pursues inside the company must also be followed by its employees when using their personal devices – home computers, tablets, smartphones – outside the company.  Employees likely are more interested, however, in the ease of access to work remotely than in ensuring that proper cybersecurity measures are followed with respect to their personal devices.  Are the employees using sophisticated passwords on their personal devices or any passwords at all?  Do the employees’ personal devices have automatic locks?  Are the employees using the most current software and installing security updates?

These concerns are real.  In May of 2017, the Wannacry ransomware attack infected more than 200,000 computers in over 100 countries, incapacitating companies and hospitals.  Hackers took advantage of the failure to install a patch to Microsoft Windows, which Microsoft had issued weeks earlier.  Even worse, it was discovered that some infected computers were using outdated versions of Microsoft Windows for which the patch would not have worked regardless.  Companies cannot risk pouring significant resources into establishing a comprehensive security program only to suffer a ransomware attack or otherwise to have its efforts undercut by an employee working remotely who failed to install appropriate security protocols on his/her personal devices.

The dangers to be wary of include, among others: > Personal devices may not automatically lock or have a timeout function. > Employees may not use sophisticated passwords to protect their personal devices. > Employees may use unsecured Wi-Fi hotspots to access the company’s systems, subjecting the company to heightened risk. > Employees may access the company’s systems using outdated software that is vulnerable to cyberattacks.

Combatting the Dangers

To address the added risks that accompany allowing BYOD, a company must develop, disseminate and institute a comprehensive BYOD policy.  That policy should identify the necessary security protocols that the employee must follow to use a personal device to work remotely, including, among other things:

 > Sophisticated passwords

> Automatic locks

> Encryption of data

> Installation of updated software and security apps

> Remote access from secure WiFi only

> Reporting procedures for lost/stolen devices

A company also should use mobile device management technology to permit the company to remotely access the personal devices of its employees to install any necessary software updates or to limit access to company systems.  Of course, the employee must be given notice that the company may use such technology and the capabilities of that technology.  Among other things, mobile device management technology can:

> Create a virtual partition separating work data and personal data

> Limit an employee’s access to work data

> Allow a company to push security updates onto an employee’s personal device

Enforcement

Similar to vendor management, the cybersecurity efforts undertaken by having a robust BYOD policy in place, or even using mobile management technology, are significantly weakened unless a company enforces the policy it has instituted.

> A BYOD policy should be a prominent part of any employee cybersecurity training.

> The company should inform the employee of the company’s right to access/monitor/delete information from an employee’s personal device in the event of, among other things, litigation and e-discovery requests, internal investigations, or the employee’s termination.

CONCLUSION

Implementing the above recommendations will not guarantee a company will not suffer a breach but will stem the threats created by third-party aspects of its cybersecurity program.  Even if a company ultimately suffers a breach, having had these protections in place to administer the risks associated with vendor management and BYOD certainly will help safeguard the company from the scrutiny of regulators or the criticism of their customers, which would be worse!

This post was written byJoseph B. Shumofsky of  Sills Cummis & Gross P.C.
More legal analysis at The National Law Review.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by