Tag: COVID-19

Avoid Losing Money: Achieve Full Remote Access with Speed, Security & Scalability

Are your employees fully capable of accomplishing the same work that they could have done while in the office? Ideally, their in-office PC experience can be duplicated (securely) at home without any latency issues. If that’s not the case, your organization could be losing money with lost billable hours, or underutilization of existing solutions, etc. It’s paramount for the bottom line that your remote access capabilities are allowing your employees to achieve maximum efficiency to conduct business in a remote capacity.

There are three key areas of focus that need attention when planning a cost-effective and capable remote access strategy: speed, security, and scalability. “Putting effective security measures in place today along with mitigating remote access performance issues and ensuring the ability to adjust user access and scale will undoubtedly put you at a competitive advantage and positively affect your organization’s bottom line,” says Donnie W. Downs, President & CEO of Plan B Technologies, Inc.

First and foremost, the reliance on your employee’s end user device (or lack thereof) has a significant impact on what must be considered. There are two paths an organization can take to provide remote access to end users. The first is to allow end user devices to join the network as though they were plugged into a network jack in the office. The most common way to achieve this type of direct access is through a Virtual Private Network or VPN. The second approach is to present desktops and applications in a virtual session. This allows applications to be run on server horsepower in the organization’s datacenter and be used remotely from an end user device. Several products provide this capability, usually referred to as VDI or Terminal Services.

These options result in significantly different architectures. The primary difference is the level of dependency on the end user’s device. The VPN style solution relies heavily on the device’s capability and configuration. It’s required to provide all of the applications and computing power required by each end user. The VDI/Terminal services style solution requires much less from the end users devices. It is simply an interface to the remote session. The tradeoff is that a much more robust infrastructure is required in the organization’s data center or cloud.

Regardless of which way your organization is providing remote access today (VPN or virtual session), the speed, security and scalability (or lack thereof) will directly impact your cost.

SPEED

“To remain productive while working remotely, users need the same capabilities and performance they have when in the office,” says Downs. This translates to several things. They should be able to access all of the software and data they need. They should be able to access these resources using familiar workflows that don’t require separate remote access training. However, the most commonly missed requirement is that the remote access platform needs to provide adequate performance, so the remote access experience feels just like being in the office. Any latency will no doubt cause frustration and could ultimately affect your billable hours.

For direct access platforms this is a simple, yet potentially expensive formula. The remote access system needs to provide enough bandwidth so that the client device can access application servers, file servers, and other resources without slowing down. On the datacenter side, this means designing sufficient connectivity to the on-prem or cloud environments. Connectivity on the client-side, however, will always be more unpredictable. Slow residential connections, unreliable WIFI, and inconsistent cellular coverage are all challenges that will need to be addressed on this type of solution.

Performance within VDI/Terminal Services platforms is much more complex. Similar to direct access, we need to provide adequate bandwidth from the client to the remote access systems. However, this type of system typically has less demanding network requirements than a direct access system.  Advanced VDI/Terminal Services platforms also offer a wide variety of protocol optimizations that can accommodate high latency or low bandwidth connections. That’s only half of the puzzle though. Because the user is accessing a virtual session running in the datacenter, that session needs to provide adequate performance. At a basic level, this means that the CPU and memory must be sized correctly to accommodate the number of users. But the platform also needs to match in-office capabilities such as multiple monitors, 3D acceleration, printing, and video capability. Full-featured VDI/Terminal Services platforms provide these capabilities, but they must be properly designed and deployed to realize their full potential.

SECURITY

“Remote access can expose your business to many risks – but it doesn’t have to be this way,” says Downs. “Whether your organization is supporting 10 remote users or 1,000, you need to provide the necessary access while guarding your organization against outside threats.” For successful and secure remote access, it’s necessary to manage the risks and eliminate your blind spots to prevent data loss, phishing, or ransomware attacks.

On the surface, securing remote access environments requires many of the same basic considerations as any other public-facing infrastructure. These include mandatory multifactor authentication, application-aware firewalls, and properly configured encryption to guard your organization against security risks and protect corporate data. Remote access security is unique due to the risk introduced by the devices used by your employees. These devices can include IT managed devices that are allowed to leave the office or employee-owned unmanaged devices. If your remote access end users are logging in with their own devices, over the internet, there is room for a security breach without conducting these three protocols:

1/ Conduct Endpoint Posture Assessments

For direct access remote connectivity, security is especially relevant since the end user device is being provided a conduit into the organization network. Ideally, devices connecting to a direct access solution should be IT managed devices. This ensures that IT has the capability to control the endpoint configuration and security. However, there are many environments where direct access is required by employee-owned devices. In either case, the remote access solution should have the capability to do endpoint posture assessment. This allows an end user device to be scanned for compliance with security policies. These policies should include up to date operating system updates, valid and updated endpoint protection/antivirus, and enabled device encryption. The results of the scan (or assessment) can then be used to ensure only properly secured devices are able to connect to the network.

2/ Protect Against Key Logging and Other Malware

VDI/Terminal Services remote access systems rely on the end user device only as an interface to the virtual session. As a result, these solutions provide the ability to insulate the organization’s network from the end user device more than a direct access connection. Administrators can and should limit the ability for end user devices to pass file, print, and clipboard data, effectively preventing a compromise of the end user device from affecting the infrastructure. However, there is a gap in this insulation that is almost always overlooked. Malware on the end user device with key logging, screen recording, or remote-control capability can still allow the VDI/Terminal Services session to be compromised. Advanced VDI/Terminal Services platforms have protection for these types of attacks built in. This should be a mandatory requirement when selecting and implementing a VDI/Terminal Services solution.

3/ Deploy Robust Endpoint Protection

Regardless of the overall remote access strategy, both IT managed and employee-owned end user devices should have robust endpoint protection. Traditional definition-based antivirus products no longer provide sufficient protection. These should be combined with, or replaced by, solutions that perform both behavior analytics and advanced persistent thread (APT) protection.

SCALABILITY

Capacity planning for remote access can be very challenging. It is often one of the most varied or “bursty” workloads in an organization. Under normal operations it is used for dedicated remote workers or employees traveling. But when circumstances require large numbers of employees to be remote, as they do today, demand for these capabilities will spike. Proper planning can allow remote access systems to deal with this and keep the entire organization productive, regardless of where they are working.

There are three key elements that affect the scalability of direct access and VDI/Terminal Services solutions: software licensing, network bandwidth, and hardware capacity. It’s important to remember that these three pieces are interconnected. Upgrading any one of them will likely also require an upgrade to the others.

1/ Software Licensing

Licensing for remote access solutions is generally straight forward. There are variables in choosing the correct license type such as feature set and concurrent vs named users. But, in terms of sizing, direct access, and VDI/Terminal Services solutions are usually licensed based on the number of users they can service. Proper scalability relies on having a license pool large enough to support the entire user base. Purchasing licensing for an entire user base can be prohibitively expensive, so some vendors offer more flexible licensing. Two common flexible license models are subscription and burst licenses. Subscription licensing can often be increased or decreased as needed. Burst licensing allows for the purchase of a break-glass pool of licensing that allows for an increased user count for a short period of time. Both of these models allow remote access systems to rapidly expand to accommodate emergency remote workers. This type of flexibility should be considered when selecting a remote access platform to help save your organization from unnecessary costs.

2/ Network Bandwidth

Bandwidth and hardware flexibility are much more difficult to plan for. Indirect access and VDI/Terminal Services scenarios, each additional user requires more WAN bandwidth and more hardware resources. WAN circuits for on-prem datacenters can require significant lead time to provision and resize. There are solutions such as SD-WAN or burstable circuits that can allow flexibility and agility in these circuits. But this must be carefully preplanned and not left as a to-do item when the expanded capacity is actually needed.

3/ Hardware Capacity

Hardware scaling has similar limitations. Adding remote access capacity can require hardware resources ranging from larger firewalls to additional servers depending on the specific remote access platform. Expanding physical firewall and server platforms requires the procurement of additional hardware. During widespread emergencies, unpredictable availability of hardware can lead to significant delays in getting this done. Fortunately, most remote access platforms allow the integration of on-prem and public cloud-based deployments. A common strategy is to deploy systems into the public cloud as an extension of the normal production environment. These systems can then be spun up when needed to provide the additional capacity. This is a complex architecture that requires diligent design and planning, but it can provide a vast amount of scalability at reasonable cost.

Positioning your organization with a remote access strategy that can scale will save you time and money in the future. It’s unknown how long the effects of the coronavirus pandemic will impact the landscape of remote work for organizations. Planning and preparing to continue to conduct business with a secure and robust remote access strategy in place will put you ahead of your competition.

© 2020 Plan B Technologies, Inc. All Rights Reserved.

For more on remote working see the Labor & Employment section of the National Law Review.

The Return of Balance and Proportionality

Oscar Wilde was known for saying “Everything in moderation, including moderation.” For a period of time, we were only confronted with the scary aspects of “Big Data.” Think The Great Hack and the testy congressional hearings that we watched.

But the viral pandemic has thrown privacy absolutism into deeper question, as we are suddenly faced with a problem that in order to be solved must involve finding and tracking people for extended periods of time. We need to decide how to balance the societal need for virus control with the societal good of personal privacy.

Contact tracing is often used as an epidemic control measure. Lawmakers have discussed using the tool in the U.S. as Apple and Google work together to develop an effective contract tracing system. It has been deployed against illnesses such as measles, SARs, typhoid, meningococcal disease, and Ebola. It is currently being implemented in South Korea and China to combat COVID-19.

The Israeli government approved tracking cell phone data of people suspected of having coronavirus, to make sure they self-isolated. This emergency power lasted for 30 days. Israel’s Supreme Court, concerned with the privacy implications of using a military technology to track its own citizens’ daily movements, decided that the government would be required to halt this surveillance technology until or unless the government can pass an extension of that use. Then an oversight group in Israel’s parliament blocked an attempt to extend the emergency measures beyond this week, also due to privacy concerns. A committee member said the harm done to privacy outweighed the benefits.

As I recently wrote, this crisis may be testing sensibilities about privacy. Perhaps I was wrong. Sentiments do not seem to be moving aggressively towards greater data collection, or a sacrifice of consumer rights. Instead there appears to be a return towards measuring the weight of data against the potential for abuse, or grand commodification of personal information. In Israel more than 200 people, some identified through phone location information, had been arrested for violating quarantine. Thirty days of these extreme measures were tolerable. Then the Israelis had second thoughts.

Ulrich Kelber, Germany’s federal data protection commissioner, who recently claimed that the lack of GDPR enforcement was a result of enforcement agencies not receiving enough resources, backed a plan for Germany’s disease prevention agency to use Deutsche Telekom metadata. Considering just a week earlier he deemed tracking individual smartphones to monitor quarantine “totally inappropriate and encroaching measure,” it is apparent that Germany is balancing the harsh reality of the crisis and the immediate need for certain information with this encroachment.

Canada’s Privacy Commissioner released a “Framework for the Government of Canada to Assess Privacy-Impactful Initiatives in Response to COVID-19.” The Commissioner’s Office acknowledged that COVID-19 raised “exceptionally difficult challenges to both privacy and public health.” However, the framework reiterated that “the principles of necessity and proportionality, whether in applying existing measures or in deciding on new actions to address the current crisis,” will govern. Canada too is weighing the need of the information collected against the nature and sensitivity of the information collected.

The European Data Protection Board (EDPB) provided multiple guidance documents regarding COVID-19. Much like its Canadian counterpart, guidance provides that the “general principles of effectiveness, necessity, and proportionality must guide any measures adopted by Member States or EU institutions that involve processing of personal data to fight COVID-19.” These guidelines clarify the conditions and principles for the proportionate use of location data and contact tracing tools. But the EDPB also stressed that the “data protection legal framework was designed to be flexible and as such, is able to achieve both an efficient response in limiting the pandemic and protecting fundamental human rights and freedoms.”

Here in the United States, all eyes have been on the California Attorney General regarding enforcement of the California Consumer Privacy Act, which is set to begin on July 1, 2020. Unlike our neighbors to the North and Europe, there is no significant sentiment of the need for balance or proportionality. Just a reminder that as “the health emergency leads more people to look online to work, shop, connect with family and friends, and be entertained, it is more important than ever for consumers to know their rights under the California Consumer Privacy Act.”

For many sovereigns, this crisis has led enforcement agencies and legislatures to return to the roots of data privacy, which is balance and proportionality. Many privacy laws require a balancing test for entities collecting data. COVID-19 has made these principles re-emerge into the limelight.

Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.

Chinese Rail System for Restaurant Meal Delivery Patent Infringed

Perhaps showing the future of restaurants in times of social distancing, defendant Xuansu Company (炫速公司) implemented a restaurant meal delivery system to deliver food to customers using rails from kitchen to customers’ tables thereby avoiding the need for any interaction between customers and restaurant staff.  However, unfortunately for Xuansu, according to the Shanghai Intellectual Property Court , the installed system infringed Chinese patent no. 101282669B and therefore awarded the exclusive licensee, Yunxiao Company (云霄公司), 1 million RMB.

Xuansu’s meal delivery system in operation

The plaintiff argued that the spiral track system installed in the SpaceLab Weightless Restaurant (Space lab失重餐厅) infringed its licensed patent and requested an injunction as well as 8 million RMB.  The defendant countered it was not infringing and used existing technology.

The Court held “Claims 1, 8, 20, 27, 58, and 59 of the patent in question include “the conveyor system transports meals and / or beverages from the back kitchen work area to the customer dining area”, auxiliary transportation devices, rail lines and customer dining areas. The infringing system has all the limitations of the claims including at least one connected dining table, a circular track, and an ordering system,  and therefore falls within the scope of protection of the plaintiff ’s patent rights.”

With respect to the defendant’s existing technology defense, the defendant claimed  US Patent No. 2216357 was prior art. The Shanghai Intellectual Property Court held that the patent publication date was October 1, 1940, which was earlier than the filing date of the patent in question, and it was prior art relative to the patent in question. After comparing the accused infringing technical solution with the prior patent, the Court found that the prior patent does not disclose the technical structure of the parallel track in the accused infringing technical solution, the circular carousel for transferring food to the table, and the guide assembly of the auxiliary conveying device. There are certain differences in the technical structure of the defendant’s system, so the defendant’s defense based on the existing technology cannot be established.

 

A static view of the restaurant meal rail system.
A static view of the restaurant meal rail system in the dining area.
Fig. 35 of the patent at issue owned by HeineMack GmbH and licensed to Yunxiao.

© 2020 Schwegman, Lundberg & Woessner, P.A. All Rights Reserved.

For more Chinese and other nations patent laws, see the National Law Review Intellectual Property law section.

Chicago City Council Introduces COVID-19 Anti-Retaliation Ordinance, Reflecting Growing Trend

On April 22, 2020, Chicago Mayor Lori Lightfoot, with the backing of several Aldermen, introduced the COVID-19 Anti-Retaliation Ordinance (the “Ordinance”), which, if enacted, would prohibit Chicago employers from retaliating against employees for obeying a public health order requiring an employee to remain at home as a consequence of COVID-19.  This reflects a growing trend among states and local governments in enacting protections against retaliation amid the COVID-19 pandemic.

The Ordinance would prohibit employers from demoting or terminating a “Covered Employee”[1] for obeying an order issued by the Mayor, the Governor of Illinois or the Chicago Department of Public Health requiring the Covered Employee to:

(1) Stay at home to minimize the transmission of COVID-19;

(2) Remain at home while experiencing COVID-19 symptoms or sick with COVID-19;

(3) Obey a quarantine order issued to the Covered Employee;

(4) Obey an isolation order issued to the Covered Employee; or

(5) Obey an order issued by the Commissioner of Health regarding the duties of hospitals and other congregate facilities.

An employer would also be prohibited from retaliating against a Covered Employee for obeying an order issued by the employees’ treating healthcare provider relating to subsections (2), (3) and (4) above.

Finally, the anti-retaliation protections would extend to Covered Employees who are caring for an individual who is subject to subsections (1)-(3) above, and would apply even if workers have exhausted any earned sick-leave time available pursuant to Chicago’s Paid Sick Leave Ordinance.

Affirmative Defense

The Ordinance would allow an employer to assert an affirmative defense if it relied upon a reasonable interpretation of the public health order at-issue and, upon learning of the violation of the Ordinance, cured the violation within 30 days.

Penalties/Damages

The Ordinance has teeth:  violations can lead to fines of up to $1,000 per offense per day, and Covered Employees who have been retaliated against may pursue the following recovery in a civil action: (i) reinstatement; (ii) damages equal to three times the full amount of wages that would have been owed had the retaliatory action not taken place; (iii) actual damages caused directly by the retaliatory action; and (iv) costs and reasonable attorneys’ fees.

Next Steps

The Ordinance has been referred to the Chicago Committee on Workforce Development for further deliberation.

A Growing Trend

The protections the Ordinance would afford to employees are consistent with a growing trend among state and local governments in response to the COVID-19 crisis.  Similar protections have been established through emergency orders or rules in New JerseyMichigan and Washington which prohibit employers from disciplining or terminating employees for requesting or taking time off after contracting or, in some circumstances, being exposed to COVID-19.  Other states, such as New York and California, have issued guidance applying existing federal, state, and local anti-discrimination and anti-retaliation laws to prohibit employers from discriminating against or refusing to provide reasonable accommodations for employees who contract or are otherwise impacted by the virus. As state legislative and executive responses continue to rapidly evolve, employers should ensure that they are familiar with the latest guidance in each state where their employees are located.

[1] “Covered Employee” generally means any employee who, in any particular two-week period, performs at least two hours of work for an employer while physically present within the geographic boundaries of the City of Chicago.  Chicago, Ill., Mun. Code § 1-24-010.

© 2020 Proskauer Rose LLP.
For more on COVID-19 related employment ordinances, see the National Law Review Coronavirus News section.

COVID-19 Update: Don’t Be a Target: What Business Should Know about State Attorney General Reactions to COVID-19

In any time of crisis, there is heightened risk for fraud and scams. While United States Attorney General Barr has warned of scams and other illegal acts on the federal level,1 it is with the state Attorneys General (“AGs”) where the rubber hits the road in enforcing social distancing orders, investigating companies for alleged price gouging, continuing ongoing investigations, and overseeing lending relief efforts. As the economy begins to reopen on a state-by-state and sector-by-sector basis, companies must be vigilant in protecting themselves from the next wave of scrutiny by state AGs.

During normal times, state AGs rely upon their state’s Consumer Protection Act and Unfair or Deceptive Acts or Practices (UDAP) statutes to fight against perceived fraud. During the COVID-19 crisis, state AGs have taken the additional step of issuing Civil Investigative Demands, mostly focused on the issue of price gouging, or an instance in which a company allegedly inflates prices above a perceived acceptable level based not solely on supply and demand, but also on leveraging, in this case, the COVID-19 pandemic to the detriment of the consumer. Allegations of price gouging often appear during or immediately following natural disasters, an example of which would be heightened prices for essential products such as generators and flashlights in historically hard-hit areas such as Florida or New Orleans during the Atlantic hurricane season. In the current environment, state AGs across the country are each receiving literally hundreds of consumer complaints alleging that companies are similarly raising prices on necessities.2 Online platforms for third-party sellers are particularly vulnerable to state AGs in this environment, with most people sheltering in place and fulfilling the majority of their purchasing needs through online retail. In fact, 33 state AGs sent a letter to Amazon.com, Inc., Facebook, Inc., Craigslist, Inc. and eBay Inc. to request enhanced procedures to protect against price gouging on their respective platforms.3 Ironically, companies such as Facebook, Google, Navient, and others that have been targeted by state AGs, often on extremely flimsy legal grounds, are now being asked by those same regulators to continue their efforts to step up to assist in this pandemic. And those companies, and so many others, are doing just that.

However, there are indeed some bad actors. In one well-publicized example, two Tennessee men hoarded over 17,000 bottles of hand sanitizer with the intent to sell them for up to $70 per bottle and was immediately met by an expedited investigation by Tennessee AG Herbert Slatery.4 Other examples have abounded: Massachusetts AG Maura Healey unilaterally expanded her state’s price gouging regulations, which had previously been limited to gasoline and petroleum products, to include “all goods or services necessary for the health, safety or welfare of the public”;5 New York AG Letitia James sent cease and desist letters to merchants that were allegedly engaging in price gouging related to the sale of hand sanitizer and disinfectant;6 New Jersey AG Gurbir Grewal has sent over 80 cease and desist letters after receiving more than 600 complaints of COVID-19-related price gouging and other related consumer protection violations;7 Florida AG Ashley Moody activated a “Price gouging Hotline” and opened an investigation into third-party sellers accused of price gouging on essential goods through accounts on Amazon;8 and finally, 20 state AGs have implored 3M Company to create a database and accounting of the distribution and pricing of 3M’s N95 respirator masks, including urging 3M to publish its policies prohibiting price gouging.

Businesses that remain open should be mindful of the additional steps taken to ensure compliance with social distancing regulations. For example, Vermont AG T.J. Donovan issued a directive for law enforcement outlining guidance for the enforcement of the state’s COVID-19 Executive Order that, among other things, extended authority to the state Department of Public Safety to inspect the premises and records of any employer to ensure compliance with the Executive Order.9 Other state AGs are enforcing their states’ Executive Orders with similar diligence: New York AG James ordered over 70 medical transportation companies to stop providing group rides;10 Michigan AG Dana Nessel sent a letter to home improvement store Menards in the wake of reports that the retailer had engaged in business practices that would endanger consumers and employees contrary to the Executive Order issued by Michigan Governor Gretchen Whitmer;11 and Delaware law enforcement officials even issued cease and desist orders to a barber shop and a tobacco shop.12

As the economy begins to incrementally ‘reopen’ in the weeks and months to come, companies should document every step taken to protect their customers and employees as well as the rationale underlying those measures. The far-reaching effects of the COVID-19 pandemic are unlikely to subside until a vaccine becomes publicly available. Thus, state AGs are likely to continue to probe companies aggressively about safety measures taken to protect their customers and employees; adherence to government policies and interpretative guidance; their definition of essential employees; and whether the company contributed to the spread of the virus.

State AGs are the top law enforcement officers in their states and will continue to act to protect their citizens during, and long after, the COVID-19 crisis is over. Industry should be on the lookout for measures taken by state AGs to identify and prosecute fraud and perceived price gouging during the COVID-19 pandemic, and should comply with laws and Executive Orders as diligently as possible. What constitutes the requisite compliance with social distancing – both now and as the economy begins to reopen – and what constitutes an essential service are often somewhat subjective and may require the consult of counsel. Cadwalader’s state AG practice is regularly in close communication with state AG offices and is well-positioned to provide guidance to clients that may be in receipt of an inquiry from a state AG, and we stand ready to continue to assist clients as they navigate the implications of the COVID-19 pandemic.

1   https://www.justice.gov/opa/pr/attorney-general-william-p-barr-urges-american-public-report-covid-19-fraud

https://www.cadwalader.com/state-attorney-general-insider/index.php?nid=6&eid=34

3  https://www.attorneygeneral.gov/wp-content/uploads/2020/03/03_25_2020_Multistate-letter.pdf

4   On April 21, 2020, Tennessee AG Slatery announced that a settlement had been reached with the two men to resolve allegations of price gouging; all supplies were surrendered to a nonprofit organization in Tennessee and a portion of the supplies were distributed to officials in Kentucky, and the two men were prohibited from selling emergency or medical supplies grossly in excess of the price generally charged during any declared state of abnormal economic disruption related to the COVID-19 pandemic.

5  https://www.mass.gov/news/ag-healey-issues-emergency-regulation-prohibiting-price gouging-of-critical-goods-and-services

6  https://ag.ny.gov/press-release/2020/ag-james-price gouging-will-not-be-tolerated

7  https://www.njconsumeraffairs.gov/News/Pages/03172020.aspx

8   http://www.myfloridalegal.com/newsrel.nsf/newsreleases/A32615BF3942B33E8525854300514289?Open&

9  https://www.attorneygeneral.gov/wp-content/uploads/2020/03/03_25_2020_Multistate-letter.pdf

10  https://ag.ny.gov/press-release/2020/attorney-general-james-orders-78-transport-providers-immediately-stop-endangering

11  https://www.michigan.gov/coronavirus/0,9753,7-406-98158-523976–,00.html

12 https://www.delawarepublic.org/post/delaware-flagging-non-essential-businesses-open-during-shutdown

© Copyright 2020 Cadwalader, Wickersham & Taft LLP

For more on AG’s Enforcement Activities around COVID-19 Fraud see the National Law Review Coronavirus News section.

What Should You Do About D&I Efforts During a Pandemic? Exactly What You Were Doing Before

The tremendous economic uncertainty emerging in the wake of COVID-19 is forcing law firm leaders to contend with challenges they’ve never faced before. People are scared, and for good reason. Given the enormous financial pressure firms feel, it’s understandable that leaders may opt to push diversity and inclusion efforts to the back burner for a while — or is it?

Let’s review what we know about the business case for creating more diverse firms.

In other words, improving law firm diversity is an imperative for any firm hoping to compete in the marketplace. That was true before the pandemic, and it’s still true today, despite how much more difficult it may be to achieve this goal.

Here’s the good news: expensive, outward-facing diversity and inclusion initiatives that are more about marketing than substance probably are not the best use of constrained law firm resources. Instead, firm leaders should consider simple, effective interventions that will protect the progress they have made in elevating more women and minority attorneys to power, and make it possible for that work to continue:

Help women and minority partners build their profiles remotely. Now that all in-person avenues to developing business are closed, firms are thinking strategically about how their attorneys should move those efforts online. But top-down orders to “leverage LinkedIn” or “keep up with your contacts virtually” are not useful to attorneys who didn’t have robust “old boy” networks to begin with. Online networking is a skill, just like other business development techniques. If your firm was providing coaching support to high-potential attorneys to help them with business development in the real world, that same support is needed now for new kinds of marketing efforts. Attorneys are going to need tutorials that walk them through best practices and provide support by phone or email. Marketing departments can create these resources or contract outside support to do this training work. Then they must oversee the execution to ensure attorneys stay part of the online conversation in their target industries. Is it possible to assign marketing department staff to this task, particular those who typically staff events and may have extra capacity?

Keep the content coming. Social media profiles are only as strong as the content attorneys have to share there. We know that implicit bias can make it more difficult for women and minority attorneys to demonstrate their subject-matter expertise and be considered for the same opportunities as less experienced white men. This makes thought leadership articles and opportunities to be featured as an “expert source” in key media outlets all the more important for building these attorneys’ reputation with prospects. When putting your firm’s experts forward on webinars, thought leadership articles and media pitches, consider who’s being included — and who’s not. If the faces of your firm’s most important expertise are all white men, you’re sending the message that your other attorneys are somehow less qualified to lead in a crisis.

Bear equity in mind when handling award nominations. The earliest and most chaotic weeks of the COVID crisis happened to coincide with an already busy time on many legal marketers’ calendars: award season. Nominations for “rising star” and other programs are typically due in spring, and gathering client testimonials, case examples and other supporting materials can be time consuming and logistically challenging under normal circumstances. And we know that the required effort (which of course comes on top of keeping up with billable work), combined with the often-gendered tendency to be more reticent about self-promotion, means that award nominees can be less than representative of a firm’s diversity anyway. This year, women bearing the brunt of new childcare and homeschooling responsibilities, along with those who care for extended family members, had even less bandwidth and energy to put themselves forward for industry honors. What can your team do to ensure that your award nominees reflect the true diversity of your emerging lawyers, rather than an oversampling of those privileged enough to have more spare time on their hands?

Make evaluations more transparent and consider what “fairness” means right now. In addition to thinking about the intersection of inclusion and business development, firm leaders will need to consider how to evaluate the work attorneys do under these extraordinary circumstances. Obviously it would not be fair to hold attorneys to the standards for billable hours that they would during a normal year, but what should revised standards look like? As noted, women are taking on a greater share of the childcare, homeschooling and household duties under lockdown, which makes it more difficult for them to bill the same number of hours or develop as much new business as men. How can you make sure they won’t be penalized for this when it comes time to make decisions about compensation and promotion? Questions about how to fairly and holistically evaluate attorneys’ work long predate the current crisis, and they are going to become more urgent in the months to come. The current system continues to reward white men above other demographic groups. It’s time for reform.

No question this is a frightening time for firm leaders, and they will want to focus their limited attention on what matters most for the survival of the firm. That shortlist should include a continued commitment to diversity and inclusion. The business case is clear, and hard-won gains for women and minorities are hanging in the balance.

© 2020 Page2 Communications. All rights reserved.

ARTICLE BY Debra Pickett of Page 2 Communications.
For more on continuing normal business operations amid COVID-19, see the National Law Review Coronavirus News section.

CARES Act Provider Relief Fund – Acceptance of Funds Comes with Conditions

Healthcare providers are among those financially adversely affected by the COVID-19 pandemic.

survey conducted by the Medical Group Managers Association (“MGMA”) on April 7 and 8, 2020, found that 97% of medical practices have experienced a negative financial impact directly or indirectly related to COVID-19.  MGMA also indicates that, on average, practices report a 55% decrease in revenue and a 60% decrease in patient volume since the beginning of the COVID-19 crisis.

In response to the financial impact on healthcare providers, the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act, signed into law on March 27, 2020, appropriated $100 billion in relief funds to hospitals and other healthcare providers under the Public Health and Social Services Emergency Fund, also called the “CARES Act Provider Relief Fund.” On April 10, 2020, the United States Department of Health and Human Services (“HHS”) released the initial terms and conditions related to the distribution of the initial $30 billion of the $100 billion.  Rather than await the submission of applications by healthcare providers, HHS has begun a rapid delivery of relief funding to healthcare providers and suppliers that are enrolled in Medicare and received Medicare fee-for-service reimbursement in 2019.  These eligible healthcare providers are being allotted a portion of the initial $30 billion distribution based upon their proportionate share of the approximately $484 billion of Medicare fee-for-service reimbursements made in 2019.

Healthcare providers identified as eligible to receive funds from this first distribution should have received an email to that effect.  Eligible healthcare providers have begun receiving payments via the Automated Clearing House account information on file used for reimbursements from The Centers for Medicare and Medicaid Services (“CMS”).  Healthcare providers that normally receive a paper check for reimbursement from CMS will receive a paper check in the mail.

These payments are not loans and, if used consistent with the applicable terms and conditions, will not need to be repaid.  Healthcare providers must sign an attestation confirming receipt of the funds and agreeing to the terms and conditions of payment within 30 days via the online payment portal.  Should a healthcare provider choose to reject the funds, the healthcare provider within 30 days of receipt of payment must complete the attestation to indicate this and remit the full payment to HHS.  The portal will guide the healthcare provider through the attestation process to accept or reject the funds.

The healthcare provider is required to certify, among other things, that it provides or provided after January 31, 2020 diagnoses, testing, or care for individuals with possible or actual cases of COVID-19.  In a recent update, HHS clarified that to meet this requirement, care does not have to be specific to treating COVID-19, as “HHS broadly views every patient as a possible case of COVID-19.” HHS also clarified that a healthcare provider’s eligibility is not adversely affected if it ceased operations as a result of the COVID-19 pandemic, so long as the healthcare provider provided diagnoses, testing, or care for individuals with possible or actual cases of COVID-19.

In addition to imposing use restrictions for the funds and recordkeeping requirements, the CARES Act authorizes the HHS Office of Inspector General (“OIG”) to audit both interim and final payments made under the program.  Healthcare providers that elect to accept the funds must be prepared to submit to these OIG audits.  Because the funds are limited to necessary expenses or lost revenues due to the pandemic not otherwise reimbursable from other sources, there may be differences in OIG’s interpretation of whether the funds were used for an appropriate purpose.  At a minimum, this may necessitate returning certain disallowed funds following an audit.

Failure to abide by the terms and conditions could result in False Claims Act liability for healthcare providers that do not make proper use of the funds.  Thus, recipients of the funds should carefully consider their ability to comply with the terms and conditions and should ensure that proper controls are in place for proper use of the funds.

© 2020 Ward and Smith, P.A.. All Rights Reserved.

For more on CARES Act funding, see the Coronavirus News section of the National Law Review.

Practical Tips for Tribal Organization Access to the SBA Paycheck Protection Program

Even with news that the initial appropriation for the Paycheck Protection Program (“PPP”), an extension of the Small Business Administration’s 7(a) loan program, has been fully allocated, there are many strategies tribal organizations need to put in place to ensure that the full benefits of the program are realized.  Putting these few practical tips to work – even midway through the PPP process – will give tribal business a better chance of having pending applications accepted and funded, the maximum amount of loan forgiveness achieved later this year, and any new applications accepted with the next Congressional appropriation are quickly funded.

Initial applications for these loans – up to $10 million in debt that may be largely forgivable – have been heavy, and banks are reporting overwhelming demand and challenging delays in pushing out loan funding.  With the promise of more funding (perhaps more than another $200 billion) for this program looming first on Congress’ agenda over the next few weeks – even tribal organizations that have not fully explored the PPP program should consider these practical business insider tips to prepare for success:

  • Understand that there is minimal bank underwriting. The model loan application, the interim program rule, and other SBA guidance documents make abundantly clear that banks are “held harmless” for the vast majority of decisions on PPP loans.  Information requested on the application is minimal and the list of items that must be submitted as supporting documentation is modest (and limited to relevant payroll, benefit, rent, and utility cost information).  This was a policy choice by legislators and rule makers to facilitate the fast deployment of funds under the program.  The implication of light underwriting, however, is that the normal “give and take” process with loan officers to ensure the application is well-balanced and complete is not really happening.  The burden on the banks right now is to loan money fast.
  • Be aware of the heavy borrower burden to “certify” data and key eligibility criteria. The burden of accurate information and fulsome disclosures is entirely on tribal organizations.  Tribal officials or business leaders signing the loan application should personally review the certifications required before submitting the loan (they are on the application) and should not be afraid to question staff or legal counsel on implications in detail.  In a time of crisis, there is not much emphasis on the future oversight, investigation, and enforcement matters that can arise when agencies do an after-the-fact “government accountability” examination of the program.  Given that many tribal organizations and Alaska Native Corporations depend on health relationships with the SBA, great care should be exercised that your application does not subject you to unwanted future scrutiny.
  • Engage early with key contacts at your primary bank.  Banks are under water with demand for funds under the PPP right now.  There are numerous reports that banks are sending small business clients with multiple banking relationships (accounts and/or bank branded credit cards in more than one place) away, claiming another institution is their “primary bank” for application purposes.  A key to any tribal organization’s success in a PPP application is to have person-to-person contact with your banking relationship manager or the designated PPP coordinator. The application is online and completed through a bank portal.  Getting questions resolved and placing your organization on the radar of the PPP loan staff can ensure fewer delays and a smoother application process.
  • Accurate record keeping of use of funds is critical.  One of the most attractive features of the PPP program is that the loan can be largely, if not entirely, forgiven. The banks will be backstopped by funds appropriated to the SBA and by a facility recently approved the Federal Reserve.  Whether your loan is fully forgiven depends on your accurate record keeping and timely submission to the bank later this summer.  The burdens of weathering this pandemic are significant enough that achieving maximum loan forgiveness could be make-or-break for some tribal organization budgets.
  • Public disclosure implications.  Please be aware that submissions made to any government program under the CARES Act may be discoverable by third parties through the Freedom of Information Act (“FOIA”).  While it is unlikely that any proprietary data on payroll or employees (with privacy concerns) would be released, information about the officers of the business, what it does, and how much its loan was will likely be released from SBA files if a proper FOIA request is submitted in the future.
  • Traditional SBA eligible business rules apply.  With the exception of non-profit businesses (which are now eligible), all of the businesses listed in the SBA rules (at 13 CFR 120.110) are still ineligible for SBA business loans.  Please consult these rules and your legal counsel to assess whether you are eligible for a PPP loan under these rules.

© 2020 Van Ness Feldman LLP

For more on the SBA Paycheck Protection Program, see the National Law Review Coronavirus News Section.

New Revenue Ruling 2020-8 Helps Taxpayers Seek COVID-19 Tax Refund Claims

Recently, in Revenue Ruling 2020-8, the Internal Revenue Service (IRS) announced that it was suspending Revenue Ruling 71-533, which had addressed the interaction of two Internal Revenue Code (IRC) provisions regarding limitations periods on refund claims, pending reconsideration of the holding of the earlier Revenue Ruling.

Under IRC section 6511(d)(2)(A), a taxpayer generally must make a refund claim relating to an overpayment attributable to a net operating loss (NOL) carryback no later than three years after the taxable year in which the NOL was generated. Under IRC section 6511(d)(3)(A), a taxpayer generally must make a refund claim relating to an overpayment attributable to a foreign tax credit carryback no later than ten years after the taxable year in which the foreign taxes were paid.

Revenue Ruling 71-533 had addressed a situation that implicated both of these provisions. Specifically, the taxpayer at issue in the ruling had incurred a NOL in 1969, which it carried back to 1966. After application of the NOL, the taxpayer had excess foreign tax credits available for 1966, which it then carried back to 1964. The ruling held that the ten-year limitations period in IRC section 6511(d)(3)(A) applied to claims for refund with respect to the 1964 overpayment.

In Revenue Ruling 2020-8, the IRS noted that, even though the fact pattern in Revenue Ruling 71-533 involved both a NOL carryback and a foreign tax credit carryback, the ruling did not consider whether IRC section 6511(d)(2)(A) should apply in lieu of IRC section 6511(d)(3)(A). Therefore, the IRS stated that it was suspending Revenue Ruling 71-533 pending reconsideration of its ruling. However, the IRS also stated that this suspension would not be applied adversely to refund claims properly filed within the IRC section 6511(d)(3)(A) limitations period in accordance with Revenue Ruling 71-533 during the period in which the ruling’s holding is being reconsidered.

Practice Point: Revenue Ruling 2020-8 is particularly important to taxpayers seeking refunds under the special COVID-19 rules. We discussed those refunds here. The IRS is trying to do everything it can to facilitate getting relief to taxpayers.

© 2020 McDermott Will & Emery

For more on IRS COVID-19 Guidance, see the National Law Review Tax Law section.

Connecticut Further Revises “Safe Workplace Rules for Essential Employers,” Requiring All Employees to Wear Face Masks or Face Coverings At All Times

On April 17, 2020, the Connecticut Department of Economic and Community Development materially revised its previously issued “Safe Workplace Rules for Essential Employers.” Now, all employees working at every workplace that remains open during the COVID-19 pandemic must wear a face mask or face cloth covering at all times.

Employers are required to provide masks or face coverings to employees and, if infeasible because of supply-chain shortages, employers must provide materials for employees to make their own masks or face coverings. Employers must provide these materials, along with the Centers for Disease Control tutorial showing how to make masks and face coverings or, alternatively, compensate employees for reasonable and necessary costs to make their own masks and face coverings.

The new requirements do not apply to employees whose health or safety would be negatively impacted by wearing a mask or face covering due to a medical condition.  And employees are not required to produce medical documentation to verify the stated condition.

© 1998-2020 Wiggin and Dana LLP

For more on states’ COVID-19 legislation, see the Coronavirus News section of the National Law Review.