How to Set a Simple Social Media Strategy for Your Law Firm

With the proliferation of new social media networks and seemingly constant changes to existing ones, attorneys aren’t the only ones confused about how to tackle social media for marketing.

Add to that the fact that most attorneys don’t have much time to devote to social media — nor do they have a department of experts at their beck and call — and you understand the need for setting a strategy that is as simple and sensible as possible for busy lawyers.

I used to recommend that attorneys be somewhat active on all social networks. That was when there were two or three of them. Now it would be silly to make that recommendation. Instead, you need to narrow your focus to the networks that your clients frequent. And how do you know what those are? You begin by defining the key demographics of your target audience.

Those key demographics include gender, age, income, occupation, industry and education level. These will guide you to which social networks you are likely to find your ideal clients. You can find demographic information for most social networking platforms on the Pew Research Center website.

This social media checklist from the Whole Brain Group will provide you with a how-to guide for completing the important exercise of setting a simple social media strategy that will work for your law firm:

How to Set a Simple Social Media Strategy for Your Law Firm

Article By Stephen Fairley of The Rainmaker Institute

© The Rainmaker Institute, All Rights Reserved

Take Note: Social Security and Medicare Benefits Changing in 2016

Claiming Social Security Twice is Eliminated

Prior to 2016, some married individuals who were 62 or older had claimed Social Security retirement benefits twice. Previously, a person whose spouse was at full retirement age and was herself or himself at an early retirement age, age 62 to 65, could claim spousal payments and then switch to payments based on their own work, which would then be higher because they were claiming it at an older age.

As of this year, however, workers who turn 62 in 2016 or later will not be able to claim both types of payments, but instead one or the other. However, the younger spouse can still claim spousal benefits when he or she turns 66, and those individuals will continue to contribute to their own Social Security Retirement benefit until age 70, thereby receiving a higher benefit when they begin to receive their full retirement benefits 4 years later.

Stricter Rules for Suspended Payment of Benefits

In May 2016, the rules have changed for suspending your Social Security Retirement benefits until a later date when they would be higher, and this process will no longer be permitted. Previously, spouses and dependent children could claim payments based on your work record while your benefits were suspended and continued to grow.

This option is no longer available, however, as of May 2016. You will no longer be allowed to “file and suspend.” If the retired worker’s benefits are suspended, spousal and dependent benefits will not be paid.

Higher Medicare Part B Premiums for some Social Security Recipients

Most Social Security recipients will pay the same Medicare Part B premium in 2016, as they did in 2015. That amount is $104.90 per month. Increases in Medicare Part B premiums are tied to increases in Social Security benefits due to cost-of-living adjustments which did not occur this year. However, those individuals who are enrolling for the first time in Medicare Part B this year will pay a higher premium of $121.80 per month.

Article By Leslie A. Mitnick of Stark & Stark

COPYRIGHT © 2016, STARK & STARK

 

Lady Murderface and Protected Activity Under NLRA

national labor relations boardHave you seen the story about “Talia Jane”?  I am not sure what qualifies as “going viral” (although I bet my kids do), but since I heard about it, this story may indeed be “viral.”  See, e.g., Here and here.

In a nutshell, Talia used to be a customer-service agent at Yelp.  On February 19, she published a very lengthy “open letter” to Yelp’s CEO on a blog. In her blog post, Talia Jane complains about how she and her fellow low-level employees are struggling to make ends meet.

So here I am, 25-years old, balancing all sorts of debt and trying to pave a life for myself that doesn’t involve crying in the bathtub every week. Every single one of my coworkers is struggling. They’re taking side jobs, they’re living at home. One of them started a GoFundMe because she couldn’t pay her rent. She ended up leaving the company and moving east, somewhere the minimum wage could double as a living wage.

The post is as much a commentary about the inadequate minimum wage in San Francisco (and its high cost of living) as it is a complaint about her (perceived inadequate) pay at Yelp.  Her post is full of snark. (For example, Talia Jane writes:  “According to this website, you’ve got a pretty nice house in the east bay. Have you ever been stranded inside a CVS because you can’t afford to get to work? How much do you pay your gardeners to keep that lawn and lovely backyard looking so neat?”)

She was fired later that day, although Yelp is not publicly saying why. Assuming the reason for her termination was the blog post, does Talia Jane have a claim that under the National Labor Relations Act (NLRA) she was engaging in protected activity?

As the National Labor Relations Board (NLRB) states on its website, the NLRA “gives employees the right to act together to try to improve their pay and working conditions, with or without a union. If employees are fired, suspended, or otherwise penalized for taking part in protected group activity, the National Labor Relations Board will fight to restore what was unlawfully taken away.”

Again, from the NLRB website, the inquiry will involve three questions:

Is the activity concerted?

Generally, this requires two or more employees acting together to improve wages or working conditions, but the action of a single employee may be considered concerted if he or she involves co-workers before acting, or acts on behalf of others.

Does it seek to benefit other employees?

Will the improvements sought – whether in pay, hours, safety, workload, or other terms of employment – benefit more than just the employee taking action?  Or is the action more along the lines of a personal gripe, which is not protected?

Is it carried out in a way that causes it to lose protection?

Reckless or malicious behavior, such as sabotaging equipment, threatening violence, spreading lies about a product, or revealing trade secrets, may cause concerted activity to lose its protection.

Since 2011, the NLRB has dedicated much time to addressing companies’ social media policies in the non-union context.  For the most part, it has expanded the definition of concerted activity in social media.  See, e.g., Hispanics United of Buffalo, Inc. v Carlos Ortiz, NLRB No. 3-CA-27872 (Sept. 2, 2011), aff’d 359 NLRB No. 37 (Dec. 14, 2012) (holding that five employees engaged in protected concerted activity by posting Facebook comments that responded to a co-worker’s criticism of their job performance); Costco Wholesale Corp., 358 NLRB No. 106 (Sept. 7, 2012) (invalidating a company’s electronic posting policy that prohibited employees from making statements that “damage the Company…or damage any person’s reputation,” because it could chill employees’ willingness to engage in their right of concerted activity); Three D, LLC v. N.L.R.B., No. 14-3284 (2d Cir. Oct. 21, 2015) (holding that employees’ endorsement of former employee’s claim on social networking website that employer had erred in tax withholding was concerted activity protected by NLRA).  Still, employers may discipline or even terminate employees for personal rants and insults on social media that do not engage other employees.

Talia Jane knew that her post might cost her job.  (After she tweeted her blog post to the world – from her “Lady Murderface” twitter handle – she followed up with this tweet:  “might lose my job for this so it’d be cool if u shared so i could go out in a blaze of…..people knowing why i got fired?”)  In fact, given Lady Murderface’s expressed desire to work in media, I think it is a safe bet she wanted to get fired.

But back to the question at hand: what happens if Talia Jane makes a claim against Yelp?  Although we don’t know all the facts, it could be a close call.

Is the activity concerted? On the one hand, there was no “concerted activity.”  Talia Jane was acting alone.  On the other hand, Talia Jane arguably was acting not only on her own behalf but other low-level Yelp workers struggling to make ends meet.

Does it seek to benefit other employees? To the extent she is advocating for higher pay generally, yes.

Is it carried out in a way that causes it to lose protection? If the answer to the first question does not doom her, Talia Jane could run into problems here.  While ranting about the lack of training, poor retention, and inadequate pay, Talia Jane writes:

Speaking of that whole training thing, do you know what the average retention rate of your lowest employees (like myself) are? Because I haven’t been here very long, but it seems like every week the faces change. …  Do you know how many cash coupons I used to give out before I was properly trained? In one month, I gave out over $600 to customers for a variety of issues. Now, since getting more training, I’ve given out about $15 in the past three months because I’ve been able to de-escalate messed up situations using just my customer service skills. Do you think that’s coincidence? Or is the goal to have these free bleeders who throw money at angry customers to calm them down set the standard for the whole company?

I have never called Yelp to complain, but if I ever do, I guess I should look for a cash coupon.  Who knew Yelp’s customer-service team was full of “free bleeders [who] throw money at angry customers”?

My hunch is that Talia Jane won’t make a claim — I doubt she wants her job restored — and instead will ride this wave of publicity to a job she finds more satisfying.  Nevertheless, this case serves as an important reminder regarding the potential landmines that social media presents to employers.  Employers and their counsel should approach disciplinary decisions involving social media with caution, and should make sure that any decisions focus on activity that is not protected under the NLRA.

Article By Scott McConchie of Sherin and Lodgen LLP
© 2016 SHERIN AND LODGEN LLP

New Rulemaking Committee Could Expand Drone Uses for Utilities and Other Industries

On February 24, 2016, the Federal Aviation Administration announced the establishment of a new Aviation Rulemaking Committee (ARC) to develop performance-based recommended standards and requirements for the operation of micro unmanned aircraft systems (UAS) in the National Airspace System.  As previously defined in the Notice of Proposed Rulemaking (NPRM) for the Operation and Certification of Small Unmanned Aircraft Systems, a micro UAS is an unmanned aircraft that weighs no more than 4.4 pounds (2 kg) and is constructed of frangible materials “that break, distort, or yield on impact so as to present a minimal hazard to any person or object.”  The micro UAS ARC is to include members representing a diverse set of aviation stakeholders with emphasis on individuals with knowledge of small UAS design, manufacturing, and operations, data collection, safety, sensors, and testing.  The micro UAS ARC is to develop and submit its recommendations to the FAA by April 1, 2016, which recommendations will then be considered in the possible development of a future NPRM focused on micro UAS classification and operations.

New Rulemaking Committee Could Expand Drone Uses for Utilities and Other IndustriesWhy is the development of interest to utilities?  First, the defining characteristics of micro UAS could include many inexpensive but capable small drones presently available on the retail market.  This could enable utilities to more readily deploy UAS technology and begin gaining experience with it in a variety of applications.  Second, one of the key issues the ARC will focus on is the development of standards and operating parameters that could allow micro UAS to be operated over people who are not directly involved in the UAS operation.  Most utilities currently operating small UAS do so pursuant to Section 333 Exemptions that require operations be conducted at least 500 feet from all nonparticipating persons, vessels, vehicles, and structures unless certain precautions are taken.  This restriction can limit utilities’ ability to operate small UAS in some areas, such as over residential neighborhoods for post-storm damage assessments or for routine inspections of utility infrastructure located in densely developed areas.  A utility will still need to confine its UAS operations to above private or controlled access property where it has permission from the property owner, another typical Section 333 Exemption requirement; however, the ARC’s recommendations could allow utilities to deploy micro UAS along transmission and distribution line easements and fly within 500 feet of persons not involved in the operation.

These potential improvements resulting from the work of the micro UAS ARC do not address the operation of larger UAS that would be required for long distance utility applications, or the current restriction prohibiting beyond visual line of sight operations.  Furthermore, the initial list of invited members of the micro UAS ARC does not include any representatives from the utility or energy sectors, but does include other small UAS users such as Google and various agriculture, real estate, and news media interests which could also benefit from these changes.  Nevertheless, while the interests of the utility and energy sectors are not directly represented on the ARC, there is reason for optimism that the micro UAS ARC’s recommendations and potential future rule changes will open the door for an expanded number of beneficial, short range drones uses by utility and energy companies.

Article By Thomas J. Dougherty of Lewis Roca Rothgerber LLP

©2016 All Rights Reserved. Lewis Roca Rothgerber LLP

Antitrust Law Post Antonin Scalia

gavel scales of justice blueWith the untimely passing of Supreme Court Justice Antonin Scalia, perhaps the best known and most controversial Justice on the Court, commentators, including this one, have been called upon to assess his legacy – both immediate and long term – in various areas of the law.

Justice Scalia was not known primarily as an antitrust judge and scholar. Indeed, in his confirmation hearing for the Court, he joked about what he saw as the incoherent nature of much of antitrust analysis. What he was best known for, of course, is his method of analysis of statutes and the Constitution: a literal textualism with respect to statutes and a reliance on “originalism” with respect to the Constitution.

Probably his most influential antitrust opinion was the 2004 decision in Verizon Communications Inc. v. Law Offices of Curtis V. Trinko LLP which limited antitrust plaintiffs’ ability to hold a company with monopoly power liable for failing to cooperate with rivals.

Taking a literalist view of the Sherman Act, Justice Scalia wrote that there was a good reason why Section 2 claims required a showing of anti-competitive conduct, not just a monopoly.

The mere possession of monopoly power, and the concomitant charging of monopoly prices, is not only not unlawful; it is an important element of the free-market system,” he wrote. “The opportunity to charge monopoly prices — at least for a short period — is what attracts ‘business acumen’ in the first place; it induces risk-taking that produces innovation and economic growth.

Thus, Justice Scalia fashioned a majority in holding that the competitive conduct of a monopolist that had earned its hegemony was not inherently suspect. This has come to be a dominant view generally in the antitrust field, but critics have argued that the decision entrenches power and judicial liberals who might succeed Justice Scalia could take a more restrictive, less literal view of the law.

In 1991, Justice Scalia led a majority in Columbia v. Omni Outdoor Advertising Inc., a case in which a competitor had claimed that an advertising rival and a municipality had conspired in passing an ordinance favoring the incumbent. In ruling against the plaintiff, Justice Scalia wrote that there was no “conspiracy exception” to Parker v. Brown, the 1943 Supreme Court case that established antitrust immunity for anti-competitive restraints imposed by state governments. On the other hand, in the recent North Carolina Dentists litigation with the FTC, Justice Scalia joined a majority that held the state action exemption did not apply to certain guild behavior where there was no active supervision by the state – again, a literalist approach.

Justice Scalia was influential in limiting class actions, enforcing arbitration agreements and requiring strict rules of pleading plausible causes of action. Cases like the antitrust actions in AT&T v. Concepcion and American Express v. Italian Colors, backing enforcement of arbitration agreements that blocked class treatment of claims, and the now often-cited cases of Twombley and Iqbal with respect to pleading currently rule the entry gate for large-case litigation, particularly antitrust.

For all of his conservative rulings, Justice Scalia was not a results-oriented judge determined to put antitrust plaintiffs in their place, I think that he would have argued that he was strictly neutral on the merits and didn’t care whether business prevailed or whether the class action plaintiffs prevailed. Whether, the conservative majority that adopted his methods will continue to hold, or whether some of these methods will be superseded by a more-elastic interpretive mode of judging will be at the forefront of the confirmation hearing of the next Justice.

Article By Stuart M. Gerson of Epstein Becker & Green, P.C.

©2016 Epstein Becker & Green, P.C. All rights reserved.

Rosa Parks Name and Likeness Free for Use?

Rosa and Raymond Parks Institute for Self Development v. Target Corp.

Addressing the balance between privacy rights and matters of public interest, the U.S. Court of Appeals for the Eleventh Circuit affirmed the district court’s dismissal of the plaintiff’s complaint, holding that the defendant was shielded by the First Amendment from a lawsuit claiming the retailer violated the publicity rights of civil rights icon Rosa Parks by selling various products that included the plaintiff’s picture.Rosa and Raymond Parks Institute for Self Development v. Target Corp., Case No. 15-10880 (11th Cir., Jan. 4, 2016) (Rosenbaum, J.).

Target Corporation (the defendant), a national retail chain, sold books, a movie and a plaque that included pictures of Rosa Parks, an icon of the civil rights movement who, in 1955, refused to surrender her seat to a white passenger on a racially segregated Montgomery, Alabama bus. The Rosa and Raymond Parks Institute for Self Development (the plaintiff) owns the right and likeness of Rosa Parks. The plaintiff filed a complaint against the defendant, alleging unjust enrichment, right of publicity and misappropriation under Michigan common law for the defendant’s sales of all items using the name and likeness of Rosa Parks. The plaintiff complained that by selling the products, the defendant had unfairly and without the plaintiff’s prior knowledge, or consent, used Rosa Parks’ name, likeness and image as used on the products. The plaintiff further argued that the defendant promoted and sold the products using Rosa Parks’ name, likeness and image for the defendant’s own commercial advantage. After the defendant filed a motion for summary judgment, the district court dismissed the complaint. The plaintiff appealed.

On appeal, the 11th Circuit, sitting in diversity, applied Alabama’s choice-of-law rules, which holds that the procedural law of the forum state should be applied, while the law of the state in which the injury occurred governs the substantive rights of the case. Accordingly, the 11th Circuit applied the procedural rules of Alabama and the substantive law of Michigan.

In Michigan, the common-law right of privacy protects against four types of invasions of privacy: intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs; public disclosure of embarrassing private facts about the plaintiff; publicity which places the plaintiff in a false light in the public eye; and appropriation for the defendant’s advantage, of the plaintiff’s name or likeness. The right of privacy is not absolute, and Michigan courts have long recognized that individual rights must yield to the qualified privilege to communicate on matters of public interest.

Applying Michigan law, the Court affirmed the district court’s dismissal of the plaintiff’s complaint, concluding that “the use of Rosa Parks’ name and likeness in the books, movie, and plaque is necessary to chronicling and discussing the history of the Civil Rights Movement” and that these matters therefore are protected by Michigan’s qualified privilege. As the 11th Circuit noted, “it is difficult to conceive if a discussion of the Civil Rights Movement without reference to Rosa Parks and her role in it.”

Article By Ulrika E. Mattsson of McDermott Will & Emery

© 2016 McDermott Will & Emery

Homeland Security Releases Cybersecurity Information Sharing Act Guidelines

The US Department of Homeland Security (DHS) issued guidance this week to assist nonfederal entities to share cyber threat indicators and defensive measures with federal entities under the Cybersecurity Information Sharing Act of 2015 (CISA). CISA was passed as part of the Cybersecurity Act of 2015 and directs the Attorney General and the Secretary of DHS to develop guidance that promotes sharing cyber threat indicators with federal entities. CISA also helps nonfederal entities identify defensive measures and share them with federal entities and describes the protections that nonfederal entities receive for sharing, including targeted liability protection.

Highlights of the guidance for nonfederal entities under CISA include the following:

  • Identifying information that qualifies as a cyber threat indicator but is likely to include personally identifiable information not directly related to a cybersecurity threat.

  • Identifying information that is unlikely to be directly related to a cybersecurity threat but is protected under otherwise applicable privacy laws.

  • Providing methods for sharing defensive measures.

  • Allowing nonfederal entities to share cyber threat indicators and defensive measures with any other entity—private, federal, state, local, territorial, or tribal—for a “cybersecurity purpose.”

    • “Cyber threat indicator” means information that is necessary to describe or identify

      • malicious reconnaissance or anomalous patterns of communications for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;

      • a method of defeating a security control or exploitation of a security vulnerability (or causing a user with legitimate access to do so) ;

      • a security vulnerability;

      •  malicious cyber command and control;

      • the actual or potential harm caused, including a description of the information exfiltrated as a result of a particular cybersecurity threat;

      • any other attribute of a cybersecurity threat, if such disclosure is not otherwise prohibited by law; and

      • any combination of the above.

    • “Defensive measure” means

      • an action, device, procedure, signature, technique, or other measure applied to an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability, and

      • the term does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information system not owned by the private entity operating the measure (or another entity that has given consent).

    • “Cybersecurity purpose” means the purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity threat or security vulnerability.

  • Allowing for the sharing of such information, “notwithstanding any other provision of law.” Nonfederal entities are required to remove any information from a cyber threat indicator or defensive measure known at the time of sharing to be personal identifiable information not directly related to a cybersecurity threat before sharing it with a federal entity. Such review may be conducted through either a manual or technical process.

  • Providing for the sharing of cyber threat indicators and defensive measures with the federal government, which requires the Secretary of DHS to develop a capability and process within DHS to accept cyber threat indicators and defensive measures in real time from any nonfederal entity, including private entities. DHS will in turn relay that information to federal entities in an automated manner, consistent with the operational and privacy and civil liberties policies including through submission via: Automated Indicator Sharing (AIS), web form, email, and Information Sharing and Analysis Centers or Information Sharing and Analysis Organizations.

  • Providing for the following protections in addition to liability protection:

    • Antitrust exemption

    • Exemption from federal and state disclosure laws

    • Exemption from certain state and federal regulatory uses

    • No waiver of privilege for shared material

    • Treatment of commercial, financial, and proprietary information (to offer protection from the expected further sharing)

    • Ex parte communications waiver (the sharing shall not be subject to the rules of any federal agency, department, or judicial doctrine regarding ex parte communications with a decision making official)

Guidance was also released for Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government, Interim Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government, and Privacy and Civil Liberties Interim Guidelines.

ARTICLE BY Emily R. Lowe & Susan Milyavsky of Morgan, Lewis & Bockius LLP
Copyright © 2016 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

USCIS Releases Processing Information for March 2016 Visa Bulletin

USCIS has released another updated Visa Bulletin chart listing the dates to file adjustment of status applications. As we previously reported, USCIS and the DOS revised the procedures for determining visa availability for individuals looking to file adjustment of status applications.  The DOS Visa Bulletin now has two categories of cut-off dates:

  • Application Final Action Dates (dates when visas may finally be issued); and

  • Dates for Filing Applications (earliest dates when applicants are eligible to apply).

Under USCIS’s recent guidance, prospective adjustment of status applicants should use the Application Final Action Dates chart to determine whether they are eligible to file their applications.  Therefore, contrary to previously-issued DOS guidance, EB-2 Chinese nationals whose priority dates fall after June 1, 2013, currently are not eligible for file their adjustment of status applications with USCIS.

APPLICATION FINAL ACTION DATES FOR EMPLOYMENT-BASED PREFERENCE CASES

March Visa Bulletin

The DOS and USCIS websites should be monitored each month to determine adjustment of status filing dates, as we expect to see similar discrepancies between DOS and USCIS policy arise in the future.

Article By Kristin Aquino-Pham of Greenberg Traurig, LLP

©2016 Greenberg Traurig, LLP. All rights reserved.

Ransomware Strikes California Hospital – Could You Be Next?

digitallife03-111715In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack that locked access to the medical center’s electronic medical record (“EMR”) system and blocked the electronic exchange of patient information. Earlier reports indicated that the hackers had originally demanded $3,400,000.Such “ransomware” attacks are caused by computer viruses that wall off or encrypt data to prevent user access. Hackers hold the data ransom, demanding payment for the decryption key necessary to unlock the data. The attacks are often caused by email phishing scams. The scams may be random or target particular businesses or entities. In the case of HPMC, the medical center’s president and CEO indicated to media outlets that the attack was random, though Brian Barrett, writing for Wiredquestioned that assertion. The medical center’s announcement of the resolution of the incident indicates that there is no evidence that patient or employee information was accessed by the hackers as part of the attack. Even if the data was not compromised, the attack led to enormous hassles at the hospital, returning it to a pre-electronic record-keeping system.

We have seen many variations of the ransomware attacks on the increase lately.   Cryptolocker and Cryptowall are the two most prevalent threats, but a Forbes article about the HPMC attack revealed that HPMC was victimized by a variant called “Locky,” which, according to the Forbes article, is infecting about 90,000 machines a day.

Details of the HPMC Incident

On February 2, 2016, three days before the HPMC attack, the Department of Health & Human Services Office for Civil Rights (“OCR”) announced the launch of its new Cyber-Awareness Initiative. That announcement included information on ransomware attacks and prevention strategies. Suggested prevention strategies from OCR included:

  1. Backing up data onto segmented networks or external devices and making sure backups are current.  That protects you from data loss of any kind, whether caused by ransomware, flood, fire, loss, etc.  If your system is adequately backed up, you may not need to pay ransom to get your data unlocked.

  2. Don’t be the low-hanging fruit:  Ensuring software patches and anti-virus are current and updated will certainly help.   Many attacks rely on exploiting security bugs that already have available fixes.

  3. Installing pop-up blockers and ad-blocking software.

  4. Implementing browser filters and smart email practices.

Most of these prevention strategies are HIPAA security and overall general business security measures that ought to be in place for companies across the board. As OCR and the FBI (see below) both indicate, smart email practices and training the workforce on them are key elements to preventing phishing scams.

FBI on Ransomware

One of the big questions arising out of the HPMC and other ransomware cases is:  do we pay?   If your business is about to grind to a halt, you likely have no choice.    However, the incident should first be reported to the FBI and discussed with forensics and legal experts who have experience with ransomware in particular. The FBI’s Ransomware information page provides some tips.  Ransomware attacks should be part of your incident response plan and the “what do we do” should be discussed at the highest levels of the company.

When in Doubt, Don’t Be a Click Monkey!

Before clicking on a link in an email or opening an attachment, consider contextual clues in the email. The following types of messages should be considered suspicious:

  • A shipping confirmation that does not appear to be related to a package you have actually sent or expect to receive.

  • A message about a sensitive topic (e.g., taxes, bank accounts, other websites with log-in information) that has multiple parties in the To: or cc: line.

  • A bank with whom you do not do business asking you to reset your password.CodeMonkey-68762_960x3601

  • A message with an attachment but no text in the body.

All businesses in any sector need to take notice of the HPMC attack and take steps to ensure that they are not the next hostages in a ransomware scheme.

Article By Cynthia J. Larose & Kate F. Stewart of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

The UK Psychoactive Substances Act 2016: An Example of Poor Drafting and Unintended Consequences for Food?

The UK has enacted new legislation to address the issue of so-called ‘legal highs’ following a number of cases of paranoia, seizures, hospitalisation and even death after consumption of certain psychoactive substances.  The Psychoactive Substances Act 2016 (the “Act”) was granted Royal Assent on 28 January 2016.  It is expected to come into force on 6 April 2016.  The Act makes it an offence to produce, supply, offer to supply, possess with intent to supply, possess in a custodial institution, import or export psychoactive substances.

A psychoactive substance is defined very broadly to cover “any substance which is capable of producing a psychoactive effect in a person who consumes it”.  A substance produces a psychoactive effect in a person if it affects the person’s mental functioning or emotional state  by stimulating or depressing the person’s central nervous system.  There are a number of specific exemptions, including controlled drugs, medicinal products, alcohol, nicotine and tobacco products, caffeine and food.  However, the definition of food has left a number of questions since it does not align with the legal definition of food set out in EU Regulation 178/2002.  Rather, the Act defines food as:

Any substance which—

            (a) is ordinarily consumed as food, and

            (b) does not contain a prohibited ingredient (emphasis added).

In this paragraph—

  • “food” includes drink;

  • “prohibited ingredient”, in relation to a substance, means any

psychoactive substance—

            (a) which is not naturally occurring in the substance, and

            (b) the use of which in or on food is not authorised by an EU instrument.

The authorities have stated that the Act is not intended to capture foods with a “negligible” psychoactive effect, such as chocolate and nutmeg, but concerns were raised during the legislative debates that the Act could capture inadvertently a much broader range of food substances, including energy drinks and certain botanical ingredients used in foods and dietary supplements.  It is hoped that guidance from the enforcement authorities will make clear exactly which foods and drinks are exempted.

Article By Brian Kelly of Covington & Burling LLP

Lucie Klabackova, paralegal, also contributed to this article.

© 2016 Covington & Burling LLP

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by