Tag: California

Uber Argues That Its Drivers Are Not Employees

In a case pending in California federal court, Uber is arguing that its drivers are not employeesO’Connor et al. v. Uber Technologies, Inc. et al., No. 3:13-cv-03826 (N.D. Cal. filed Aug. 16, 2013). Uber drivers have sued the company in a putative class action that alleges that they were short-changed because they received only a portion of the 20 percent gratuity paid by passengers.

In response, Uber recently filed a motion for summary judgment that argued that its drivers are not employees because they do not provide services to Uber. Rather, Uber provides a service to its drivers, because drivers pay for access to “leads,” or potential passengers, through the Uber application, and therefore, like passengers, drivers are customers who receive a service from the company. Uber also argued that even if drivers are deemed to provide services to Uber, they do so as independent contractors, not employees. This is because, Uber contends, the company provides drivers with a lead generation service but does not control the manner or means of how they work, and therefore, Uber is in a commercial rather than an employment relationship with its drivers.

This is not the first and likely not the last of Uber’s legal troubles in California. Passengers have also filed a proposed class action over the 20 percent gratuity, and last week, San Francisco and Los Angeles District Attorneys have hit Uber with a consumer safety suit over how it screens its drivers. There will surely be more to come as we watch what happens with Uber in California.

ARTICLE BY

Rachel T. Segal
OF
Barnes & Thornburg LLP

Data Breach Developments in California (Part 2)

Morgan Lewis

Last week, we discussed three important changes to California’s data breach law that become effective January 1, 2015. Part two of this series looks at the data breach report recently released by the California Attorney General.

California Data Breach Report

In October, the California Attorney General’s data breach report presented key findings on breaches occurring in California and recommendations for lawmakers and affected industries. Notable findings and recommendations from the report are summarized below.

  • Data breaches are on the rise. Among other findings, the report found that the number of data breaches in California increased by 28% from 2012 to 2013, with “intentional unauthorized intrusions into computer systems” showing the biggest increase among breach categories and accounting for 53% of reported incidents.

  • Breaches of payment card data in the retail industry are most likely to result in fraud. The report found that from 2012 to 2013, the retail industry experienced 77 breaches, or 26% of all breaches, representing the largest share among industry sectors. Almost all (90%) of these breaches involved payment card data, which, according to the report, is the most likely data breach category to result in fraud.

  • Offers of mitigation services are on the rise and can be helpful to affected individuals. The report notes that after experiencing a data breach, entities are commonly offering mitigation services, such as free credit monitoring or other identity theft protection services, which can be helpful by providing advanced notice to individuals whose information is used fraudulently. However, the report found that no offers were made in 28% of incidents where the services would have been helpful. As discussed in part one, the new California law requires breach notices to include offers of mitigation services in certain circumstances.

  • Retailers should take action to “devalue payment card data.” Based on the finding that retail breaches involving payment card data are most likely to result in fraud, the report recommends that retailers take advantage of “promising” new technology, such as chip cards and tokenization, to enhance their security measures and “devalue payment card data.” The report also encourages retailers to implement tokenization technology for online and mobile transactions.

  • Lawmakers should clarify the roles of data owners and data maintainers in providing notices. Interestingly, the report recommends that the California legislature should clarify the notice obligations of owners and maintainers under the law. Specifically, the report explains that the law appears to require data maintainers to notify data owners of breaches, while the data owners must notify the affected individuals. Given this difference in responsibility, important breach notices may be delayed because the owners and maintainers may not agree on their respective obligations.

ARTICLE BY

Barbara Murphy Melby
Christopher C Archer
OF
Morgan, Lewis & Bockius LLP

California To Expand Its Data Breach Notification Rules

Sheppard Mullin Law Firm

California has broadened its data breach notification statutes in response to the increasing number of large data breaches of customer information.  AB 1710, which Governor Jerry Brown signed into law, amends California’s Data Breach Notification Law to (1) ban the sale, advertising for sale or offering for sale of social security numbers, (2) extend the existing data-security law and obligations applicable to entities that own or license customer information to entities that “maintain” the information, and (3) require that if the person or business providing notification of a breach under the statute was the source of the breach then the notice must include an offer to provide appropriate identity theft prevention and mitigation services, if any, at no cost for 12 months along with any information necessary to take advantage of the offer.  The last of these amendments has spurned some debate over whether the statute actually mandates an offer of credit monitoring or other services given its use of the phrase “if any.”  It is also unclear what exactly is intended by or who qualifies as “the source of the breach.”

The use and placement of the phrase “if any” in the statute does create some ambiguity.  The statute, however, speaks in mandatory terms when it states the notification “shall include” an offer of these services.  Its plain language also suggests the phrase “if any” is directed to the question of whether appropriate identity theft or mitigation services exist and are available – not whether or not they must be offered.  A review of the measure’s legislative history confirms this.  The Committee analyses all discuss this element of the statute as “requiring” an offer of services.  Indeed, the legislative analysis immediately following the addition of the phrase “if any” defined the problem under existing law to be that it does not require any prevention or mitigation steps and states that this measure (AB 1710) addresses this issue by requiring an offer of appropriate “identity theft prevention and mitigation services, if any are available,…”  This interpretation is also consistent with the fact that an offer is only required when the breach involves disclosure of highly sensitive information that tends to lead to identity theft or credit card fraud, i.e., the customer’s social security, driver’s license or California identification number.

The standard of whether or not such services would, to some degree, be appropriate will not likely be the primary conversation that this amendment sparks.  The more lively topic will likely be who is the “source of the breach” (and even then the offer is only required when you are both the source of the breach and the party giving notice under the statute) and what standards apply for determining “appropriate” services.  The legislative history is not as equally helpful on these questions.  Thus, until the scope of this new requirement becomes more clear, businesses involved in a breach under the statute need to carefully think through the risks of offering certain services when providing notice.

These new rules take effect on January 1, 2015.  To review the amended statute or its legislative history click here.

ARTICLE BY

Brian R. Blackman
OF
Sheppard, Mullin, Richter & Hampton LLP

California Class Action Suit Alleges LinkedIn Violated Fair Credit Reporting Act (FCRA) By Providing Employers With Reference Reports

Allen Matkins Law Firm

Another interesting case filed in California recently highlights the myriad risks employers face when using social media as part of their hiring process.

A class action lawsuit was filed in the Central District of California against LinkedIn based on allegations that thereference reports LinkedIn generates for premium subscribers, including many employers, violate the Fair Credit Reporting Act(“FCRA”). According to the plaintiffs in Sweet, et. al. v. LinkedIn Corporation, an employer who is a premium subscriber can generate a report containing the names, locations, employment areas, current employers, and current positions of all persons in a user’s network who may have worked with a job applicant and also contact the applicant’s “references.” An employer, according to the allegations, can run such a “reference report” on a job applicant without the applicant receiving any notification whatsoever. Thus, as the complaint alleges, “any potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained.” The complaint claims this activity potentially violates both the FCRA’s purposes, which include safeguards as to the accuracy, fairness, and privacy of the information that a potential employer obtains, and the FCRA’s customer notification requirements.

This latest lawsuit against LinkedIn serves as another example of the complex legal issues and risks that an employer faces when using social media to make recruiting and hiring decisions.

© 2010-2014 Allen Matkins Leck Gamble Mallory & Natsis LLP
ARTICLE BY

Alexander Nestor
Nisha Verma
OF
Allen Matkins Leck Gamble Mallory & Natsis LLP

California Law Protects Unpaid Interns and Volunteers from Harassment and Discrimination

Jackson Lewis Law firm

California has become the third state in the country, after New York and Oregon, to ban sexual harassment and discrimination in the workplace directed toward unpaid interns.

The new law (AB 1443) extends workplace harassment and discrimination protections under the California Fair Employment and Housing Act (“FEHA”) to unpaid interns, volunteers, and individuals in apprenticeship training programs. It will go into effect January 1, 2015.

The new law amends current law (Government Code section 12940(c) and (j)) to make it an unlawful employment practice to discriminate against or to harass an unpaid intern or volunteer on the basis of any legally protected classification unless an exception applies, such as a bona fide occupational qualification.

The following classifications are protected in California: race, religious creed, religious observance, color, age, sex, sexual orientation, gender identity, gender expression, national origin, ancestry, marital status, medical condition as defined by applicable state law, disability, genetic information, military service, military and veteran status, pregnancy, childbirth and related medical conditions. Employers should consider reviewing their policies for compliance with the recent changes in California law.

ARTICLE BY

Jonathan A. Siegel
OF
Jackson Lewis P.C.

New Ridesharing Legislation in California and Oregon Highlights Insurance Uncertainty in Emerging Industries

Proskauer Law firm

Managing a company’s exposure to new types of risks is often a complicated endeavor.  We’ve previously reported on the uncertainty that can arise when existing coverage models are applied to a new risk—such as losses arising from data breaches and other cyber-attacks.  Applying existing coverage models to emerging industries presents similar challenges.  These challenges were highlighted recently in the years-long dispute over insurance of ridesharing companies, like Lyft and Uber, which recently reached some degree of closure in California with the enactment of new insurance legislation for these companies.

Ridesharing companies have arisen in the past few years as an alternative to traditional forms of transportation, such as taxis.  These companies neither employ the drivers nor own the cars used for transportation; they essentially serve as an online “middleman” connecting passengers with freelance drivers for hire and expressly disavow that they provide any sort of “transportation services.”  This new business model—blurring the lines between traditional services and social media—presented many questions as to liability and, consequently, risk management.  These questions were brought to the fore earlier this year, when the family of a six year old girl killed by a ridesharing driver sued the ridesharing company.  The company disclaimed liability on the basis that it is not responsible for the acts of its drivers, especially when the drivers do not have ridesharing passengers or are not en route to pick up one.

Many ridesharing drivers have relied primarily on their personal automobile policies, eschewing business coverage altogether, reportedlyat the recommendation of the ridesharing companies themselves.  While ridesharing companies have carried excess insurance policies to cover ridesharing accidents, the insurance industry took the position that these policies did not cover such accidents because there was no primary coverage.  In other words, because the only “primary” insurance policies were personal use automobile policies that did not cover commercial livery use, the excess insurance could not be triggered.

On September 17, 2014, California AB-2293 was enacted to address this uncertainty of coverage.  The statute was the result of discussions between legislators, ridesharing companies, insurers, and traditional taxi companies.  It requires ridesharing companies in the state to provide $100,000 in coverage for their drivers that takes effect the moment a driver connects to the ridesharing company’s dispatch software and increases to $1 million once the driver agrees to pick up a passenger.  It also states that a personal automobile insurer does not have the duty to defend or indemnify claims arising out of ridesharing, unless the policy expressly provides such coverage, and it requires ridesharing companies to disclose this fact to their drivers.

Whether other states will follow California’s lead remains to be seen.  Legislation addressing ridesharing has been introduced across the country, and as one Pennsylvania state legislator observed, “By far the biggest issue is insurance.”  In other states, regulators are addressing the possible insurance gap.  Just days after California’s new statute was enacted, Oregon’s State Insurance Division issued a consumer advisory, warning of the potential unavailability of insurance coverage under personal insurance policies for ridesharing and other services provided in the peer-to-peer marketplace.

As Oregon Insurance Commissioner Laura Cali observed in connection with ridesharing, “When a new industry emerges, it often creates unique insurance situations.”  New industries may exist under insurance uncertainty for years or decades before legislation, regulation, or litigation clarifies the issue.  It is therefore critical when expanding into a nascent industry to consider how the risks of that industry may be managed, under either new or existing types of insurance coverage.

ARTICLE BY

Shawn Ledingham
OF
Proskauer Rose LLP

Real Estate “Change in Ownership” Can Trigger Documentary Transfer Tax

Sheppard Mullin Law Firm

926 North Ardmore Avenue, LLC v. County of Los Angeles, (9/22/14, B248536)

The California Court of Appeals has recently held that, as a general rule, the Documentary Transfer Tax (“DTT”) applies whenever there is a “change in ownership” of real property under the California Revenue & Taxation Code. In the case, 926 North Ardmore Avenue, LLC v. County of Los Angeles, the court held that the phrase “realty sold” under the DTT Act includes a “change in ownership” (subject to the limited exceptions expressly included in the DTT Act).  San Francisco and Santa Clara Counties have already enacted amendments to their DTT ordinances to provide for this result, and there are several other counties (most notably Los Angeles and San Diego) that have taken this position without any change to their ordinances.

ARTICLE BY

D. Matthew Richardson
OF
Sheppard, Mullin, Richter & Hampton LLP

California’s New Kill-Switch Law Targets Smartphone Thieves

Morgan Lewis

California legislators recently signed Senate Bill 962 into law, which requires manufacturers to install kill-switches on smartphones sold in California that are made on or after July 1, 2015. A kill-switch allows a smartphone owner to remotely disable the device via a wireless command, which renders the device inoperable to unauthorized users. This new law was passed on August 25 to deter smartphone theft in California.

Although manufacturers must include the kill-switch on smartphones, consumers will have the option to disable it as long as the consumer is informed that the function is designed to protect him or her from unauthorized use of the phone.

ARTICLE BY

Vito Petretti
James R. Sherwood
 
OF 
Morgan, Lewis & Bockius LLP

In This “Unreliable” Opinion, California Court Requires Privity For Action Against Unlicensed Broker-Dealer

AllenM logo with tagline

Since California Corporations Code Section 25501.5 was enacted ten years ago, I’ve been repeatedly asked “What do it mean?“.  The statute provides that a person who purchases a security from, or sells a security to, an unlicensed broker-dealer may bring an action for rescission of the sale or purchase or, if the plaintiff or the defendant no longer owns the security, for damages.  The question has always been whether the statute requires privity of contract.

Now, there is a judicial answer; just not one that can be relied upon (more about that below).  In Alpinieri v. Tgg Mgmt. Co., 2014 Cal. App. Unpub. LEXIS 3177 (Cal. App. 4th Dist. May 5, 2014), the Fourth District Court of Appeal concluded:

The Legislature’s use of the commonplace phrases “purchases a security from” and “sells a security to” demonstrates it intended a civil action for rescission or damages under section 25501.5 be available only to a person who transacts directly with an unlicensed broker-dealer, that is, who is in privity with that unlicensed broker-dealer.  We see no indication in section 25501.5′s language any intent other than to restrict a claim for rescission or damages against one who is directly responsible for violating the statute by virtue of selling the security.  Because no contrary legislative intent appears in the statute, there is no basis to disregard literal construction.

(citation omitted).  The Court distinguished two other decisions involving the privity requirement under the Corporate Securities Law of 1968, Moss v. Kroner, 197 Cal. App. 4th 860 (2011) and Viterbi v. Wasserman, 191 Cal. App. 4th 927 (2011), on the basis that those cases did not involve Section 25501.5.

Why is this an “unreliable” holding?  The opinion, which was penned by Associate Justice Terry B. O’Rourke, was not certified for publication.  Under Rule 8.115(a) of the California Rules of Court, an unpublished opinion, with certain exceptions ”must not be cited or relied on by a court or a party in any other action”.

Article By:

Keith Paul Bishop
Of: 
Allen Matkins Leck Gamble Mallory & Natsis LLP

California Proposes Enhanced Prop. 65 Warnings and Possible Online Disclosures – Dietary Supplements and Foods Specially Targeted

GT Law

The California Office of Environmental Health Hazard Assessment (OEHHA)announced on March 7, 2014, that it is considering implementation of the most significant changes to Prop. 65 regulations in more than two decades.  OEHHA has posted the draft regulation and Initial Statement of Reasons on its website.

Passed by voters in 1986, Prop. 65 requires warnings prior to exposures to chemicals listed by OEHHA as “known to the State” to cause cancer or reproductive harm.  The law, which carries the potential penalty of $2,500 for each violation, may be and routinely is enforced by entrepreneurial private plaintiffs who are permitted to bring legal actions against alleged violators with minimal evidence.  OEHHA’s proposed regulations will affect almost every industry subject to Prop. 65 and nearly every aspect of compliance.  In all but a few cases, OEHHA’s changes have the capacity to make compliance with Prop. 65 costlier, riskier, and more disruptive to companies doing business in California.

Four Important Provisions Affecting Food and Dietary Supplements

In its far-reaching proposal, OEHHA aims a number of significant changes directly at food and dietary supplement manufacturers, distributors, and retailers.  Four specific proposals stand out as impactful for the industry:

  1. Chemical Identification: Under OEHHA’s proposal, warning labels would have to specifically identify the chemical in question if it is on a proposed list of 12 “common” substances.  One substance on OEHHA’s list, lead, is sometimes naturally occurring in the ingredients used to produce dietary supplements and has been the source of considerable litigation and expense for the industry.  In OEHHA’s draft regulation, products requiring a warning for lead would have to “conspicuously” state its presence in the product.
  2. Display Requirements: For foods not already subject to a consent judgment, the “safe-harbor” warning language must also be enhanced with specific information about the chemical in question, specific text sizing, and the phrase “Cancer [and/or] Reproductive Hazard.” Even where a food supplier has data showing that the chemical poses no actual health threat, a private plaintiff may still litigate knowing that the costly burden of showing no significant risk is borne by defendants.  Unless modified or declared preempted by federal law, OEHHA’s regulation would virtually ensure that this language will be required for food and supplement packaging in California.
  3. Online Reporting: OEHHA would also mandate reporting of exposure data to the agency for its website if a new Prop. 65 warning does not contain 10 details specified by OEHHA.  The details include, among others, the name of the chemical at issue, anticipated exposure routes, exposure levels, and options for minimizing exposure.  Businesses that fail to provide the required detail, no matter how misleading it might be to the consumer, must disclose the additional information to OEHHA and will likely see such data published online.
  4. More Litigation: Despite statements from the agency to the contrary, OEHHA’s complex rules would encourage even more litigation from an already active community of plaintiffs.  OEHHA’s draft litigation reform, a “cure” or fix-it period for retailers with fewer than 25 employees, would do little to stem the current tide of lawsuits, the vast majority of which are ultimately directed at and defended by suppliers.  Additionally, by replacing the generic safe-harbor warning with specific requirements, a regulatory safe-harbor warning would no longer provide a safe harbor from liability or deter plaintiffs from alleging violations for exposures to unspecified or newly listed chemicals.

What You Can Do

Businesses which stand to be affected by OEHHA’s plans, including those operated out of state, have an opportunity to voice their concerns to the agency.

OEHHA will hold a public workshop on April 14, 2014 to discuss the proposed regulations.  In addition, OEHHA is accepting written comments from the public until May 14, 2014.  Unless OEHHA is convinced to delay or withdraw its plans, formal regulations will likely be proposed in the summer of 2014.

Because OEHHA’s proposals are currently in the preliminary stages, interested parties have a time critical opportunity to engage the agency and encourage it to address specific concerns.  Companies that manufacture distribute, or retail dietary supplements in California should consider retaining experienced counsel to analyze the impact of the proposals on their business and to participate in the public comment period on their behalf.   Given the potentially far-reaching consequences of the proposed changes on the individual companies and the industry at large, interested parties should be diligent in bringing their concerns to OEHHA as early and as persuasively as possible.

Article By:

James Mattesich
Justin J. Prochnow
Anthony J. Cortez
Greg Sperla
Of:
Greenberg Traurig, LLP