Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the login-customizer domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131

Deprecated: Function WP_Dependencies->add_data() was called with an argument that is deprecated since version 6.9.0! IE conditional comments are ignored by all supported browsers. in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131

Deprecated: Function WP_Dependencies->add_data() was called with an argument that is deprecated since version 6.9.0! IE conditional comments are ignored by all supported browsers. in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131
The National Law Forum - Page 503 of 753 - Legal Updates. Legislative Analysis. Litigation News.

Employer Liability for Employees’ Privacy Violations: What Your Organization Should Learn from Walgreens’ Expensive Lesson (Hint: It Has Little To Do with HIPAA)

Poyner Spruill Law firm

You may already have read the scintillating facts surrounding a jury award of $1.44 million (recently challenged unsuccessfully on appeal) against Walgreen Co. following its pharmacist’s alleged inappropriate review and disclosure of patient records. What caught our attention was not so much the lurid details (the pharmacist was alleged to have looked up her boyfriend’s ex in Walgreens’ patient records, apparently to determine whether the ex might have passed an STD to her boyfriend). The more notable development was an employer footing the bill for a large jury verdict even though the employee violated the company’s policies as well as the law. This alert describes how Walgreens was put on the hook for its employees’ misdeeds, and examines whether a similar rationale could be applied in other privacy contexts (not just HIPAA) to create a new trend in employer liability for employee privacy violations. The implications are significant given the relative lack of success plaintiffs have encountered to-date when attempting to prosecute perceived privacy violations in court.

Employer Liability

Against the pharmacist, the patient pursued state-law claims of negligence/professional malpractice, invasion of privacy/public disclosure of private facts, and invasion of privacy/intrusion. She sought to hold Walgreens liable through respondeat superior (vicarious liability), and also included direct claims for negligent training, negligent supervision, negligent retention, and negligence/professional malpractice. While the trial judge dismissed the negligent training claim against Walgreens and the invasion of privacy by intrusion claim against the pharmacist, he allowed the other claims to proceed. The jury returned a general verdict for the patient, finding the pharmacist and Walgreens jointly liable for $1.44 million in damages.

The linchpin of respondeat superior is that an employer can only be held vicariously liable for damage caused by an employee if the employee was acting “within the scope of employment” when the injury occurred. When it appealed the jury verdict, Walgreens seized on this factor and argued that the pharmacist’s actions were outside the scope of employment because she clearly violated Walgreens policy. The appellate court disagreed, citing case law holding an employee’s actions are within the scope of employment if those actions are of the same “general nature” as the actions authorized by the employer, even when the employee’s specific actions are against company policy. The court reasoned that the pharmacist’s improper access of  the patient’s records was of the same “general nature” as the actions authorized by Walgreens because  the pharmacist took the same steps to access  the patient’s records as she would have in properly accessing records of other patients. The pharmacist was authorized to use the Walgreens computer system and printer, handle prescriptions for Walgreens customers, look up customer information on the Walgreens computer system, review patient prescription histories, and make prescription-related printouts. The court found that the pharmacist’s conduct in accessing  this patient’s records for personal reasons, while against company policy, was of the same “general nature” as the conduct authorized by Walgreens, and therefore at least some of her actions were within the scope of her employment. Since the pharmacist was acting within the scope of employment, the court affirmed that Walgreens could be held liable under respondeat superior.

Acknowledging Walgreens could not be held vicariously liable unless the pharmacist was also liable, the court turned next to the issue of the jury’s verdict concerning the pharmacist. As the jury returned only a general verdict (which does not indicate the specific grounds on which it made its decision), the court speculated on the theory of liability for the pharmacist, and held that the jury could have properly found the pharmacist liable under a general negligence theory. The key factors in a negligence claim are a duty owed to the plaintiff by the defendant, a breach of that duty by the defendant, causation, and damages. To establish the pharmacist owed a duty to the patient, the court looked to a state law requiring pharmacists to hold patient records and information in the strictest of confidences. Finding this statute to clearly establish that the pharmacist owed a duty of confidentiality the patient, the court found it unquestionable that the pharmacist’s actions breached that duty, and that the patient sustained at least some damages as a result. Therefore, the court concluded the jury could properly have found the pharmacist directly liable for the breach of confidentiality, and Walgreens vicariously liable for the breach.

Potential Impact

Commentary on this case has largely focused on HIPAA implications, and sometimes the more specific prospect of employer liability for employee HIPAA violations. Importantly, HIPAA was not a factor in the appellate court’s reasoning. Rather, the court looked primarily to state law for privacy expectations and a duty of confidentiality. That distinction creates broader implications for employer liability beyond HIPAA or health care generally.

A multitude of state laws now impose confidentiality, privacy and security obligations. Some are limited to certain professional occupations (e.g., pharmacists, physicians, even <<gasp>> lawyers), but many are more general. For example, many states have enacted requirements to maintain general or specific security measures without regard to industry. In fact, states increasingly read privacy and security obligations into their application of unfair and deceptive trade practices statutes, imposing a duty to maintain privacy and security across sectors and without regard to types of personal information affected.

The Indiana appellate court’s reasoning in the Walgreens’ case clearly suggests that employees owing a statutory duty of confidentiality under state law could be liable for a breach of such duties, and their employers may be vicariously liable for the reasons noted. While some state laws specifically enumerate such duties at the employee level (particularly where a license is held by the individual), it is not clear that distinction made a difference to the court’s rationale, meaning courts applying general privacy or security laws may consider following suit, even if the law does not create duties specifically aimed at employees.

Further, the Indiana appellate court’s broad characterization of what constitutes actions “within the scope of employment” could leave many employers on the hook for large damage awards, even if the underlying employee violation is indisputably against company policy.

While the Walgreens outcome alone may not establish a trend toward more frequent employer liability, it is important to recognize the case may be novel only in the size of the verdict awarded. For example, in 2006, the North Carolina Court of Appeals used similar reasoning to overturn the dismissal of a plaintiff’s negligent infliction of emotional distress claim against a doctor who allegedly allowed his office manager to improperly access the plaintiff’s medical records (Acosta v. Byrum).

What Should You Do?

The Walgreens outcome makes clear that policies, training and other compliance efforts may not indemnify employers against an employee’s breach of confidentiality or privacy. In addition to keeping an eye on further developments that either support or erode this potential liability trend, employers should consider whether broad technical access to systems is necessary and justified. Flat access rights can be necessary, particularly in health care settings where care often trumps privacy as a consideration. However, technical access limitations are the most effective way to demonstrate that employee misdeeds, when orchestrated in violation of systems-based (rather than merely policy-based) access controls, should not be held against the employer because they are clearly outside the scope of employment. Interestingly, the same approach can strengthen employer’s Computer Fraud and Abuse Act claims and can reduce the risk of HIPAA enforcement that may arise from similar facts.

ARTICLE BY

Jacob A. Lopes
Elizabeth H. Johnson
OF
Poyner Spruill LLP

New State Privacy Laws Go Into Effect on Jan. 1, 2015 (California and Delaware)

State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.

Amendments to California’s Data Security and Breach Notification Law

In October 2014, California Governor Jerry Brown signed into law California bill AB 1710, an amendment to California’s existing data security and breach notification law. As a result, the following changes to California’s law will go into effect on Jan. 1:

1. Companies that maintain personal information about Californians will need to implement and maintain reasonable security procedures and practices.

California’s current data security and breach law requires companies that own or license personal information about Californians to “implement and maintain reasonable security procedures and practices appropriate to the nature of the information.”  For purposes of this data security requirement, California defines “personal information” as an individual’s first name (or first initial) and her last name in combination with her social security number, driver’s license or California ID number, any medical information, or a financial account number (such as a credit or debit card number) and the associated access code.

Under existing law, the terms “own” and “license” include personal information retained as a part of a business’s internal customer accounts or for the purpose of using the information in transactions.

As of Jan. 1, California law will require companies that merely “maintain” personal information about Californians (such as cloud providers), but do not own or license the information, also implement and maintain reasonable security procedures and practices appropriate to the nature of the information.

2. Companies that maintain personal information about Californians will be required to immediately notify the owner or licensee of the personal information in the event of a breach.

California currently requires companies that own or license personal information to disclose a data breach where it is reasonably believed that unencrypted personal information about a Californian was acquired without authorization. Current law also provides that such disclosure be made “in the most expedient time possible and without unreasonable delay.”

As of Jan. 1, companies that maintain personal information will be required to notify the owner or licensee of the personal information “immediately” after discovery of a breach if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

For purposes of data breach disclosure, “personal information” includes login credentials (“[a] user name or email address, in combination with a password or security question and answer that would permit access to an online account,”) as well as an individual’s first name (or first initial) and her last name in combination with her social security number, driver’s license or California ID number, any medical information, or a financial account number (such as a credit or debit card number) and the associated access code.

As a reminder, other than for user name and password breaches (discussed below), current California law requires that a breach notification must be written in plain language and must include specific types of information about the breach.

Where the security breach involves the breach of online account information and no other personal information, then California law requires a business to provide the security breach notification in electronic or other form, directing the person whose personal information has been breached to promptly change her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with that business as well as all other online accounts for which the person uses the same name or email address and password or security question or answer.

However, where the security breach involves the breach of login credentials of an email account provided by a business, the business must not send the security breach notification to that email address. Instead, the business may comply with California law by providing notice by hard copy written notice or by clear and conspicuous notice delivered to the individual online when the individual is connected to the online account from an IP address or online location from which the business knows the resident customarily accesses the account.

3. After a breach, companies might be required to provide free identity theft prevention and mitigation services for 12 months.

AB 1710’s co-author stated in a press release that the bill “[r]equires the source of the breach to offer identity theft prevention and mitigation services for 12 months at no cost to individuals affected by a data breach. However, it is not clear whether this position is supported by the text of the bill, which only states that “if any” identity theft prevention and mitigation services are to be provided, then such services must be provided for 12 months at no cost.  An earlier version of the bill had stated that identity theft and mitigation services “shall beprovided” to individuals affected by a data breach.

Given the ambiguity of the requirement to provide free identity theft prevention and mitigation services, whether and how this provision will be enforced in 2015 is something to watch.

4. Companies may not sell, advertise for sale, or offer to sell an individual’s social security number.

The amendment also includes a new prohibition on social security numbers. As of Jan. 1, California law will prohibit the sale, the advertisement for sale, and the offer to sell an individual’s social security number. Businesses that own, license, or maintain information on an individual’s social security number will want to keep this new prohibition in mind when contemplating data transfer or broker agreements, or other transactions involving the personal information of Californians.

California’s New Minor Privacy Marketing and Privacy Law

California’s “Privacy Rights for California Minors in the Digital World Law”, SB 568, (1) bars some online operators from marketing certain products and services to minors, and (2) allows minors under 18 to request deletion of certain content from websites on which they have registered (known informally as the “eraser law.”)

1. Restrictions on Marketing to Minors

Operators of websites, online services, online applications, and mobile applications that are directed to minors are prohibited from marketing or advertising the following products and services:

  • Alcoholic beverages

  • Tobacco, cigarette, or cigarette papers, or blunt wraps, or any other preparation of tobacco, or any other instrument or paraphernalia that is designed for the smoking or ingestion of tobacco, products prepared from tobacco, or any controlled substance

  • Electronic cigarettes

  • Salvia divinorum or Salvinorin A, or any substance or material containing Salvia divinorum or Salvinorin A

  • Drug paraphernalia

  • Firearms or handguns, ammunition or reloaded ammunition, handgun safety certificates, BB device

  • Less lethal weapons

  • Dangerous fireworks

  • Aerosol containers of paint capable of defacing property

  • Etching cream capable of defacing property

  • Tanning in an ultraviolet tanning device

  • Dietary supplement products containing ephedrine group alkaloids

  • Tickets or shares in a lottery game

  • Body branding or permanent tattoos

  • Obscene matter

These operators also are prohibited from: (1) knowingly using, disclosing, or compiling a minor’s personal information for the purposes of marketing or advertising any of those prohibited products or services, and (2) knowingly allowing a third party to use, disclose, or compile the minor’s personal information to market or advertise these products or services.

If an operator has actual knowledge that a minor is using the services, the operator may not target marketing or advertising to that minor based on the minor’s personal information.  The operator also may not use, disclose, or compile the minor’s personal information to market or advertise the prohibited products or services, nor may the operator allow a third party to use, disclose, or compile the minor’s personal information for the prohibited products and services.

2. Deletion Requirement

If a minor is a registered user of a website, online service, online application, or mobile application, the operator must allow the minor to remove content and information that the minor had publicly posted on the website, service, or app.  Operators also are required to provide notice of this right to registered minors.

Operators are not required to delete content or information if:

  • Any federal or state law requires the operator to maintain the content or information;

  • The content or information was provided by an individual other than the minor;

  • The content or information is anonymized;

  • The minor did not properly follow the instructions for requesting deletion; or

  • The minor received compensation or consideration for providing the content.

Amendments to California’s Invasion of Privacy Law

California’s Invasion of Privacy law will also receive an update on January 1, 2015. The California Invasion of Privacy law currently prohibits the attempt to capture, in a manner that is offensive to a reasonable person, any type of visual image, sound recording, or other physical impression, when the person is engaged in a personal or familial activity under circumstances where they had a reasonable expectation of privacy. Current California law prohibits the activities described where the attempt to capture is done through a visual or auditory enhancing device. As of January 1, 2015, the above activities will be prohibited when done using any device.

New Delaware Data Destruction Law

Companies conducting business in Delaware will be required to take all reasonable steps to destroy or arrange for the destruction of a consumer’s personal identifying information when those records are no longer retained. Destruction may occur by shredding, erasing, or otherwise destroying or modifying the personal identifying information so as to render the information unreadable or indecipherable.

The Delaware law defines personal identifying information as a consumer’s first name or first initial and last name in combination with one of the following: signature; date of birth; social security number; passport number; driver’s license or state identification card number; insurance policy number; financial services account number, bank account number, credit card number, or other financial information; or confidential health care information.

Entities subject to the Gramm-Leach-Bliley Act, covered entities subject to HIPAA, and consumer reporting agencies subject to the FCRA are exempt from the new law. Other entities, however, may be subject to private enforcement actions, which allow for the recovery of treble damages. These have the potential to add up quickly, as each record unreasonably disposed of constitutes a violation under the statute. In addition, the Delaware Attorney General and Division of Consumer Protection of the Department of Justice may bring suit in certain circumstances.

ARTICLE BY

David N. Fagan
Kurt Wimmer
Jeff Kosseff
Katherine R. H. Gasztonyi
OF
Covington & Burling LLP

Currency Conversion Concerns: New York Issues Guidance on Virtual Currencies

Mcdermott Will Emery Law Firm

On December 5, 2014, the New York Department of Taxation and Finance (Department) released TSB-M-14(5)C, (7)I, (17)S.  This (relatively short) bulletin sets forth the treatment of convertible virtual currency for sales, corporation and personal income tax purposes.  The bulletin follows on a notice released by the Internal Revenue Service (IRS) in March of this year, Notice 2014-21.

The IRS Notice indicates that, for federal tax purposes, the IRS will treat virtual currency as property, and will not treat it as currency for purposes of foreign currency gains or losses.  Taxpayers must convert virtual currency into U.S. dollars when determining whether there has been a gain or loss on transactions involving the currency.  When receiving virtual currency as payment, either for goods and services or as compensation, the virtual currency is converted into U.S. dollars (based on the fair market value of the virtual currency at the time of receipt) to determine the value of the payment.

The IRS Notice only relates to “convertible virtual currency.”  Virtual currency is defined as a “digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value.”  Convertible virtual currency is virtual currency that “has an equivalent value in real currency, or that acts as a substitute for real currency.”

The Department’s bulletin also addresses only convertible virtual currency, and uses a definition identical to the IRS definition.  The Department indicates that it will follow the federal treatment of virtual currency for purposes of the corporation tax and personal income tax.

For sales and use tax purposes, the bulletin states that convertible virtual currency is intangible property and therefore not subject to tax.  Thus, the transfer of virtual currency itself is not subject to tax.  However, the exchange of virtual currency for products and services will be treated as a barter transaction, and the amount of tax due is calculated based on the fair market value of the virtual currency at the time of the exchange.

The Department should be applauded for issuing guidance on virtual currency.  It appears that these types of currencies will be used more and more in the future, and may present difficult tax issues.

However, the Department’s guidance is incomplete.  There are a couple of unanswered questions that taxpayers will still need to ponder.

First, the definition of convertible virtual currency is somewhat broad and unclear.  The Department and the IRS define “convertible” virtual currency as currency that has an “equivalent” value in real currency, but equivalent is not defined in either the IRS Notice or the bulletin.  Many digital products and services use virtual currency or points that cannot be legally exchanged for currency to reward users, and the IRS and the Department should be clearer about the tax treatment of those currencies.

Second, although the Department will follow the federal treatment for characterization and income recognition purposes, the bulletin does not discuss apportionment.  This is likely a very small issue at this point in time, but the Department will, some day, need to address how receipts from gains in the exchange of virtual convertible currencies are apportioned.

Virtual currencies will create issues not only in the tax world, but also in the unclaimed property world.  The Uniform Law Commission has begun its efforts to rewrite the Uniform Unclaimed Property Act, and the treatment of virtual currency will be an issue discussed during the rewrite.  Companies that use virtual currencies, convertible or not, should follow the rewriting process to make sure the drafters are informed of all of the issues these companies will face.

ARTICLE BY

Mark Yopp
OF
McDermott Will & Emery

Nation’s Highest Court Schedules Oral Arguments in King v. Burwell re: Affordable Care Act

Sheppard Mullin Law Firm

A Supreme Court of the United States (SCOTUS) spokesperson announced on December 22, 2014, that the Court will hear oral arguments in King v. Burwell on March 4, 2015. This means that not only could the highest court soon resolve the circuit split on the case’s key issue, but that the future course of the landmark Affordable Care Act (ACA) could be decided as soon as June 2015.

At issue in King is whether a May 2012 IRS rule should be upheld or stricken.[1] The rule provides that health insurance premium tax credits are available to all U.S. taxpayers, irrespective of whether they obtain coverage through a state or federal exchange. Challengers to the IRS rule contend that the plain language of the ACA restricts the availability of the tax credits to health insurance policies purchased through state exchanges and not through the federal exchange. Reading the ACA statutory language strictly, challengers note that there is no alternative interpretation to the words noting that premium tax credits are available for plans obtained “through an Exchange established by the State under section 1311” of the Act.[2] (italics added).

The government has countered that other provisions of the ACA support the legislative intent of Congress—that the premium tax credits are meant to be made available for all taxpayers nationwide, including those who purchase plans on the federal exchange. It has noted that the IRS rule should not be invalidated because of a simple drafting error.

Earlier this year in July, the U.S. Court of Appeals for the Fourth Circuit had unanimously concluded in King that the ACA was ambiguous on the question of whether the tax credits applied to plans purchased through the federal exchange. Because of this, it allowed for the government to have a “reasonable interpretation” of the ACA via the IRS rule.[3]This decision directly conflicted with the July 2014 U.S. Court of Appeals (District of Columbia) decision in Halbig v. Burwellon the same issue.

The D.C. Court sided with the plain language interpretation and restricted the tax credits to plans purchased through the state exchanges. The Court subsequently vacated the decision and is not expected to render its opinion until Spring 2015.

If SCOTUS resolves the circuit split in favor of the challengers, there are several potential implications that could leave millions of Americans without health insurance:

  • Coverage would be less affordable for those on the federal exchange;

  • Without the tax credit, individuals would be exempt from the individual mandate;[4] and

  • The ACA employer “pay-or-play” provision would not apply to as many employers.

The latter implication is likely due to the fact that pay-or-play penalties are triggered only if a covered employer fails to offer health insurance coverage and an employee takes advantage of a tax subsidy by purchasing an exchange plan.  Without premium tax credits or subsidies available through the federal exchange, fewer employers would be penalized for failure to provide coverage in the first place.

The Supreme Court’s decision in the summer of 2015 may set the tone for the longevity of the ACA in light of the most recent mid-term elections.

ARTICLE BY

Florence T. Wang
OF
Sheppard, Mullin, Richter & Hampton LLP

[1] See 26 C.F.R. § 1.36B–1(k); Health Insurance Premium Tax 7 Credit, 77 Fed.Reg. 30,377, 30,378 (May 23, 2012) (collectively the “IRS Rule”).

[2] See ACA § 1401(a), codified at 26 U.S.C. § 26B(c)(2)(A)(i).

[3] The Fourth Circuit U.S. Court of Appeals opinion can be found here.

[4] As a matter of law, health insurance would be “unaffordable” and the individual mandate would be waived. See 26 U.S.C. § 5000A.

“Is this the airport, Clark?”: Home Owner's Associations and Holiday Decorations

McBrayer NEW logo 1-10-13

Your guests have arrived and you’ve just spent that last ten hours Griswolding your home and now you and your company are standing in the front yard ready to bask in the warm glow of a million tiny lights, when your neighbor strolls over and says, “I wouldn’t do that. The homeowner’s association won’t allow it. Oh, and you can’t park there.” What? But you nearly died placing those reindeer on the roof! And where are all these people supposed to park??

Holiday Lights

Beloved by some, and loathed by others, homeowners associations or HOAs seem to be misunderstood and ubiquitous these days. If you live in a community subject to a homeowners association or are thinking of moving into one that does, it’s a good idea to get a lay of the land before you make your move…or try to clamber up on the roof with those reindeer.

Some things to think about are:

  1. Have you read a copy of the rules and restrictions?

  2. Does the homeowners association require advance notice or written approval for certain activities?

  3. Are there parking restrictions that could lead to trouble for you or your guests?

  4. Are there any limitations about the type of signage or decorations you may display in your yard? Must signs or decorations be approved by the HOA in advance?

  5. Are there any provisions prohibiting special activities in or around your home (i.e., no burning the yule log out back)?

  6. Are you subject to possible fines for non-compliance?

By understanding in advance what sort of things may and may not be allowed, homeowners or potential homeowners can reduce the possibility of misunderstandings and disputes that can arise from some of the activities we are often accustomed to doing without a thought. You can’t always control whether you live next to the Chesters, or the Griswolds for that matter, but you can at least understand your rights.

ARTICLE BY

Christopher A. Richardson
OF
McBrayer, McGinnis, Leslie and Kirkland, PLLC

Background Checks Headline in 2014

Proskauer Law firm

In 2014, background checks were a hot topic in state and local legislatures.  Before this year, only 8 jurisdictions in the country had passed laws preventing private employers from asking job candidates about their criminal histories on an employment application (i.e., “banning the box”).  This year alone, however, 9 jurisdictions enacted ban-the-box laws covering private employers—Baltimore, Columbia (MO), Illinois, Montgomery County (MD), New Jersey, Prince George’s County (MD), Rochester (NY), San Francisco, and Washington D.C.  Louisville, Indianapolis, and Syracuse also banned the box for private employers with city contracts, while Delaware and Madison (WI) “encouraged” the same.

Man Sitting Alone in a Row of Empty Chairs

Several of these so-called “ban the box” laws also restricted the types of arrests or convictions about which employers may inquire or consider when hiring.  For example, the new San Francisco law bans inquiries about convictions that are more than seven (7) years old; the new Washington D.C. law prohibits questions about arrests and criminal accusations that are not pending or did not result in conviction; and New Jersey’s new law bars queries about expunged records.  Some of the new laws, such as those in San Francisco, Washington D.C., and Montgomery and Prince George’s Counties also imposed certain notice obligations on employers.

In addition to this state and local legislative activity, the U.S. Equal Employment Opportunity Commission (“EEOC”) continued to scrutinize employer background check procedures, though without much success.  In EEOC v. Kaplan Higher Education Corp., 748 F.3d 749 (6th Cir. 2014), the Sixth Circuit affirmed an award of summary judgment against the EEOC in its suit alleging that Kaplan’s use of credit checks disparately impacted African-American applicants in violation of Title VII of the Civil Rights Act of 1964.

Despite setbacks in litigation, the agency issued guidance on the use of background checks in hiring and personnel decisions. The brochure—Background Checks: What Employers Need to Know—advises employers on their existing legal obligations under federal nondiscrimination laws and the Fair Credit Reporting Act (“FCRA”) when obtaining, using, and disposing of background information.  The Federal Trade Commission also issued two brochures—Background Checks: What Job Applicants and Employees Should Know & Tips for Job Applicants and Employees—that walk applicants and employees through their rights under FCRA.

Though the primary focus on background checks this year concerned credit and criminal history, there were other noteworthy developments. The governors of California and New Jersey vetoed bills that would have greatly limited employers from considering an applicant’s unemployment status in hiring decisions.  And, Louisiana, New Hampshire, Oklahoma, Rhode Island, Tennessee, and Wisconsin prohibited employers from requesting or requiring prospective and current employees to provide their passwords to their personal social media accounts.

If trends are any guide, we expect more developments in 2015.  Stay tuned.

ARTICLE BY

Katharine H Parker
Daniel L. Saperstein
OF
Proskauer Rose LLP

The Affordable Care Act—Countdown to Compliance for Employers, Week 1: Going Live with the Affordable Care Act’s Employer Shared Responsibility Rules on January 1, 2015

Mintz Levin Law Firm

Regulations implementing the Affordable Care Act’s (ACA) employer shared responsibility rules including the substantive “pay-or-play” rules and the accompanying reporting rules were adopted in February.  Regulations implementing the reporting rules in newly added Internal Revenue Code Sections 6055 and 6056 came along in March. And draft reporting forms (IRS Forms 1094-B, 1094-C, 1095-B and 1095-C) and accompanying instructions followed in August.

With these regulations and forms, and a handful of other, related guidance items (e.g., a final rule governing waiting periods), the government has assembled a basic—but by no means complete—compliance infrastructure for employer shared responsibility. But challenges nevertheless remain. Set out below is a partial list of items that are unresolved, would benefit from additional guidance, or simply invite trouble.

1.  Variable Hour Status

The ability to determine an employee’s status as full-time is a key regulatory innovation. It represents a frank recognition that the statute’s month-by-month determination of full-time employee status does not work well in instances where an employee’s work schedule is by its nature erratic or unpredictable. We examined issues relating to variable hour status in previous posts dated April 14July 20, and August 10.

An employee is a “variable hour employee” if—

Based on the facts and circumstances at the employee’s start date, the employer cannot determine whether the employee is reasonably expected to be employed on average at least 30 hours of service per week during the initial measurement period because the employee’s hours are variable or otherwise uncertain.

The final regulations prescribe a series of factors to be applied in making this call. But employers are having a good deal of difficulty applying these factors, particularly to short-tenure, high turnover positions. While there are no safe, general rules that can be applied in these cases, it is pretty easy to identify what will not work: classification based on employee-type (as opposed to position) does not satisfy the rule. Thus, it is unlikely that a restaurant that classifies all of its hourly employees, or a staffing firm that classifies all of its contract and temporary workers, as variable hour without any further analysis would be deemed to comply. But if a business applies the factors to, and applies the factors by, positions,  it stands a far greater chance of getting it right.

2.  Common Law Employees

We addressed this issue in our post of September 3, and since then, the confusion seems to have gotten worse. Clients of staffing firms have generally sought to take advantage of a special rule governing offers of group health plan coverage by unrelated employers without first analyzing whether the rule is required.

While staffing firms and clients have generally been able to reach accommodation on contractual language, there have been a series of instances where clients have sought to hire only contract and temporary workers who decline coverage in an effort to contain costs. One suspects that, should this gel into a trend, it will take the plaintiff’s class action bar little time to respond, most likely attempting to base their claims in ERISA.

3.  Penalties for “legacy” HRA and health FSA violations

A handful of promoters have, since the ACA’s enactment, offered arrangements under which employers simply provided lump sum amounts to employees for the purpose of enabling the purchase of individual market coverage. These schemes ranged from the odd to the truly bizarre. (For example, one variant claimed that the employer could offer pre-tax amounts to employees to enroll in subsidized public exchange coverage.) In a 2013 notice, the IRS made clear that these arrangements, which it referred to as “employer payment plans,” ran afoul of certain ACA insurance market requirements. (The issues and penalties are explained in our June 2 post.) Despite what seemed to us as a clear, unambiguous message, many of these schemes continued into 2014.

Employers that offered non-compliant employer-payment arrangements in 2014 are subject to penalties, which must be self-reported. For an explanation of how penalties might be abated, see our post of April 21.

4.  Mergers & Acquisitions

While the final employer shared responsibility regulations are comprehensive, they fail to address mergers, acquisitions, and other corporate transactions. There are some questions, such as the determination of an employer’s status as an applicable large employer, that don’t require separate rules. Here, one simply looks at the previous calendar year. But there are other questions, the answers to which are more difficult to discern. For example, in an asset deal where both the buyer and seller elect the look-back measurement method, are employees hired by the buyer “new” employees or must their prior service be tacked? The IRS invited comments on the issue in its Notice 2014-49.

Taking a page from the COBRA rules, the IRS could require employers to treat sales of substantial assets in a manner similar to stock sales, in which case buyers would need to carry over or reconstruct prior service. While such a result might be defensible, it would also impose costly administrative burdens. Currently, this question is being handled deal-by-deal, with the “answers” varying in direct proportion to the buyer’s appetite for risk.

5.  Reporting

That the ACA employer reporting rules are in place, and that the final forms and instructions are imminent should give employers little comfort. These rules are ghastly in their complexity. They require the collection, processing and integration of data from multiple sources—payroll, benefits admiration, and H.R., among others. What is needed are expert systems to track compliance with the ACA employer shared responsibility rules, populate and deliver employee reports, and ensure proper and timely delivery of employee notices and compliance with the employer’s transmittal obligations. These systems are under development from three principal sources: commercial payroll providers, national and regional consulting firms, and venture-based and other start-ups that see a business opportunity. Despite the credentials of the product sponsors, however—many of which are truly impressive—it is not yet clear in the absence of actual experience that any of their products will work. It is not too early for employers to contact their vendors and seek assurances about product delivery, reliability, and performance.

Former JPMorgan Chase Insider Blows the Whistle

Bilzin_logo300 dpi

Matt Taibbi of Rolling Stone recently profiled the woman JPMorgan Chase paid one of the largest fines in American history to keep from talking in his article, The $9 Billion Witness: Meet JPMorgan Chase’s Worst Nightmare. Alayne Fleischmann, a former Chase manager, revealed the true reason why JPMorganChase settled the claims brought by the DOJ for such a seemingly staggering amount — cash in exchange for secrecy.

Magnifying Glass Investigation

On the eve of a civil complaint being filed against Chase, Jamie Dimon called federal prosecutors and negotiated a quiet resolution, keeping many details regarding Chase’s misconduct hidden from the public. Expecting to be called as a key witness in a criminal prosecution against Chase executive officers, Fleischmann says that she was stood up by the government, despite her ability to present ample evidence with time remaining before the statute of limitations expired on a claim for wire fraud. By coming forward now, Fleischman seeks to prevent the “biggest financial cover-up in history.”

No longer muzzled by the fear of retribution, Fleischman tells the story of what she calls a “massive criminal securities fraud” that Chase’s stipulated Statement of Facts (part of its public settlement with the DOJ) only hints at. As a transaction manager, Fleischmann functioned as a quality-control officer ensuring that lower quality “scratch and dent” loan products were not cleared to be re-sold and securitized into mortgage pools marketed as being above subprime. However, Fleischman contends that is exactly what occurred despite her numerous attempts to alert and dissuade her supervisors. Fleishmann was then laid off in February 2008.

Fleischmann states that despite initial reports by her colleagues advising superiors that the loans being re-sold contained a high incidence of “material misrepresentations” due to overstated income, diligence managers pressured the team until loans began to clear. Perhaps most indicative of the fact that Chase knew what it was doing and intended on keeping its misdeeds secret was what Fleischmann referred to as a “no e-mail” policy. After speaking with the DOJ, Fleishmann realized that the government intended on using the new evidence that she could provide as leverage in negotiations to extract a larger settlement from Chase in order to keep her testimony concealed.

Significance of Chase’s Misconduct for Correspondent Lenders

Despite its lack of specifics in some respects, Chase’s 10-and-a-half-page Statement of Facts to its settlement with the DOJ can be cited by correspondent lenders in defending mortgage put-back cases brought by Chase. Contrary to the position it takes in many ongoing buyback cases, Chase acknowledged its widespread practice of conducting pre-purchase quality control reviews prior to acquiring loans from originators and re-selling or securitizing its loan products. Moreover, Chase often deliberately purchased loans it knew or suspected were non-compliant with its own guidelines without regard for the ability of correspondent lenders to bear the burden of repurchasing defaulted loans, and without regard for its obligation to timely notify correspondent lenders of defects.  These facts have numerous potentially favorable implications for parties fighting repurchase and make-whole claims made by Chase.

Uber Argues That Its Drivers Are Not Employees

In a case pending in California federal court, Uber is arguing that its drivers are not employeesO’Connor et al. v. Uber Technologies, Inc. et al., No. 3:13-cv-03826 (N.D. Cal. filed Aug. 16, 2013). Uber drivers have sued the company in a putative class action that alleges that they were short-changed because they received only a portion of the 20 percent gratuity paid by passengers.

In response, Uber recently filed a motion for summary judgment that argued that its drivers are not employees because they do not provide services to Uber. Rather, Uber provides a service to its drivers, because drivers pay for access to “leads,” or potential passengers, through the Uber application, and therefore, like passengers, drivers are customers who receive a service from the company. Uber also argued that even if drivers are deemed to provide services to Uber, they do so as independent contractors, not employees. This is because, Uber contends, the company provides drivers with a lead generation service but does not control the manner or means of how they work, and therefore, Uber is in a commercial rather than an employment relationship with its drivers.

This is not the first and likely not the last of Uber’s legal troubles in California. Passengers have also filed a proposed class action over the 20 percent gratuity, and last week, San Francisco and Los Angeles District Attorneys have hit Uber with a consumer safety suit over how it screens its drivers. There will surely be more to come as we watch what happens with Uber in California.

ARTICLE BY

Rachel T. Segal
OF
Barnes & Thornburg LLP

5 Serious (& 1 Lighthearted) Legal Web Marketing Predictions for 2015

Consultsweb Logo

Where is legal web marketing headed in 2015? Do we need to prep for any upcoming roadblocks? What about exciting changes to anticipate? Are there any new technologies that will help the industry?

If these are questions you’ve been asking, I’m right there with you. When I have legal marketing questions, I turn to the expertise of my teammates at Consultwebs.com. I asked their predictions as to where legal web marketing is headed in 2015.

Here’s what they said.

Ashley Krohn, Outreach Specialist, @tweetinash

Ashley Krohn
Outreach Specialist
@tweetinash

  • Mobile will continue to grow. Your site MUST be optimized for mobile in 2015.
  • There will be a great focus on the user: understanding who they are, what content they consume, and how they view it.
  • We will see more personalized, targeted content marketing. Content will be optimized towards the purchase funnel, or the journey a visitor will take on your site, in whatever format works best for your audience.
  • Watch Reddit. If your audience is there, then you would be wise to start putting resources there.

Mike Dayton, J.D., Manager of Content Services, @senorpibb

Mike Dayton, J.D.
Manager of Content Services
@senorpibb

The message for content is moving toward: “Go deep!” Google is rewarding longer, substantive articles and website sections. Our Content Team will continue its emphasis on resource sections that signal our clients’ authority and expertise in their practice area niches.

John Damron, Senior Marketing Strategist, @consultwebs

John Damron
Senior Marketing Strategist
@consultwebs

My prediction is that mobile technology will become even more of an important tool that law firms (and all businesses) will use to connect with their clientele. Not just for lead generation and online search, but also case management, client payments, and communication.

Jennifer Frame, Local SEO Specialist, @jmframe

Jennifer Frame
Local SEO Specialist
@jmframe

I think we’ll see even more importance placed on mobile friendly sites. Google launched a mobile friendly checker last month, google.com/webmasters/tools/mobile-friendly, and results that get a passing grade will have a mobile friendly badge next to their name in results. This is yet another hint to site owners that mobile is of critical importance and that Google is rewarding the sites that are mobile friendly.

Derek Seymour, Senior Web Engineer, @derekseymour

Derek Seymour
Senior Web Engineer
@derekseymour

As far as web technological shifts in 2015, I predict we’ll see a trend towards statically-generated websites (as opposed to dynamically-generated, such as WordPress).  Much of the power and functionality given to dynamically-generated sites today is being outweighed by slow performance, security risks, and a barrage of product updates.  Static sites, however, tend to be much cleaner, respond extremely quickly, and help minimize the amount of vulnerabilities available to hackers.  In addition, tools for static sites have come a long way in recent months and many of the common features found in sites can now be implemented using HTML/CSS/JavaScript libraries and frameworks in conjunction with the method of generating static sites known as ‘compiling.’  While some limitations remain, the barriers to building static sites are quickly going away with the plethora of resources available and we’re likely to see an increasing number of businesses and professionals taking advantage of this in the coming year.

Michael Wice, Online Marketing Consultant, @consultwebs

Michael Wice
Online Marketing Consultant
@consultwebs

Matt Cutts will move to Alaska and build a cabin like Dick Proenneke, never to return to Google. He will grow a mountain man beard and catch salmon from streams with his teeth.

Seriously, it’s worth noting that Cutts’ leave from Google was extended into 2015. His future with the search engine is something to track in 2015.