The Third Circuit recently confirmed the Federal Trade Commission’s authority to take legal action against companies with inadequate data security practices or known security vulnerabilities, making it clear that companies have ongoing information security and privacy obligations to their customers.

The days of pretending your business need not have a legitimate and appropriate data protection policy has long since passed.  If your business suffers a data breach or cybersecurity attack, not only do you have to be concerned about losing your confidential or proprietary information and the trust of your customers, but your business now faces the possible wrath of the Federal government.  Specifically, this  summer the Federal Third Circuit Court of Appeals in its FTC v. Wyndham decision held that the Federal Trade Commission (FTC) has the authority – which it sought to exercise – to bring legal actions against businesses for failure to adequately protect consumer information from data breaches.  Therefore, even if your business is a data breach victim, you can also be held liable for damages flowing from that breach if it is determined that your business’s data privacy and protection practices were insufficient.  Yes, you can be a victim and violator at the same time.

While it takes an experienced expert to develop a complete and effective data privacy policy, the following represents some basic guidelines every business which seeks, receives, maintains, trades in, or uses any type of financial or personal information should consider.  First, determine the type of sensitive information you maintain, how that information is maintained, and whether you need to retain such information in the first place.  Second, assess your likely or potential technical (computers, smart phones, etc.) and physical (filing cabinets, locks, etc.) vulnerabilities to a data breach for each location in which you maintain or store the data.  Third, consider your options for protecting and securing this information.  Fourth, develop a plan to protect and secure the information and implement the plan.  Fifth, have a data breach response plan and team in place in advance.  If you wait until a data breach has occurred, it is already too late.  Fifth, be open and clear with your customers about your data privacy policy – which may mean more than just including a link to your 5-page data privacy written policy.  Finally, once you develop your plan, it cannot remain stagnant.  As noted by the Third Circuit in Wyndham, the failure of your policy to evolve over time to comply with industry standard practices could result in liability for a breach.

To read a recent article on this topic published in Law360, featuring our own Michael J. Feldman, please click here.


The “Internet of Things” is rapidly expanding, and most households have at least one physical object which automatically collects and exchanges data wirelessly. Manufacturers of smart devices need to ensure that security vulnerabilities and privacy concerns are rapidly addressed in order to escape the scrutiny of the Federal Trade Commission.

Law360 interviewed privacy experts, including our very own Mike Feldman, regarding ways for smart device makers to ensure that their information security and privacy practices meet industry standard practices. Mike recommended ensuring that employees have robust information security and privacy policies, are trained to identify risks, and are prepared to handle data breaches and other disasters. As Mike noted:

Small companies used to believe that hackers wouldn’t be interested in their customers’ data but reality has shown that is no longer the case, Feldman said.

“Now almost every industry has been hacked,” Feldman said. “The defense that ‘I thought it wouldn’t happen to me’ isn’t really a defense.”

Read the whole article: 3 Ways Internet Of Things Makers Can Avoid The FTC’s Ire (subscription may be required)

A company’s social media page, profile and accounts (and its followers and other connections) are generally considered to be valuable business assets. Recent court decisions illustrate the importance of clear policies and procedures to address ownership and appropriate use of business-related social media assets.

While most businesses recognize the importance of maintaining a minimum Internet presence, an increasing number of businesses are attempting to impact consumers where they congregate most: in social media. The benefits of maintaining an active social media presence include developing loyal relationships with customers, leveraging those relationships into quantifiable, networked campaigns, and refining your brand with niche audiences. Because of both the company resources spent developing these channels as well as their potential value/return, it is important to remember that social media accounts are company assets and should be protected accordingly through policies and procedures, as would any other company intellectual property.

While major brands often farm out social media management and content creation to marketing firms, small or medium sized business often do not have this financial flexibility. Accordingly, chances are a member of management of the employees, takes on this role. In that case, with both personal and business interests in the same sphere it is especially crucial set clear expectations and boundaries around social media responsibilities in the workplace and the ownership of your business’ accounts and content.

As a recent case in Texas (In re CTLI, LLC, 2015 Banker. LEXIS 1117 (Bankr. S.D. Tex. 2015)) makes clear, when it comes to social media, the line between personal and professional can be blurry and when companies fail, or when partnerships falter, ownership of social media accounts can result in costly litigation.

The dispute in CTLI centered on ownership of the Facebook account for a firearms business. The account was run by one of the business’ owners who posted a mixture of professional content promoting the business, and personal content reflecting his interests, activities and opinions. When the business filed for Chapter 11 protection, the social media-savvy former owner refused to relinquish control of the Facebook account, claiming that the amount of time, goodwill and his own personality that he had invested into developing the account entitled him to ownership. The U.S. Bankruptcy court ultimately disagreed and ruled that the account was property of the business but not before wading through the thorny issues of personal privacy, contract interpretation relating to Facebook’s terms and conditions, and the separation of personal and business assets.

Some important lessons for your business to keep in mind:

  • Have a written Technology Use and Social Media Policy in place for all of your employees to read and sign. These policies should include parameters for appropriate uses of company technology, guidelines on how to discuss your company online and in social media (even when your employees are using their own personal accounts), and clear definitions concerning who owns what when it comes to devices and accounts.
  • While interacting with consumers can be great for business consider prohibiting your social media managers from sending direct/private messages from your customer-facing business accounts. While you may permit employees to send personal emails from their work computers, this is very different than sending a personal message emanating from your company’s branded Facebook or Twitter account.
  • Social media marketing allows for a more nuanced line between personal and professional content. Something that you might consider to be a personal comment could be seen in court as an attempt to integrate your business’ brand with your target customers or your local community. Just because you are posting casual or personal items from your official business account does not mean that the accounts belong to you or your employees.
  • An effective social media manager may be able to generate hundreds or thousands of followers or fans for your business, but it is important for them to know that it is the business, and not the employee, who ultimately owns those accounts and the followers that go with it, no matter how much of themselves and their personality the employee has poured into developing the accounts.
  • Maintain a record of all of your social media account credentials like account names, user handles, and passwords. Employees should be prohibited from altering these credentials or using their own passwords. In the event that you need to remove an employee’s access this will help you avoid being in the position of demanding passwords which the employee may be also using for private, personal accounts.

If you need help drafting an effective Technology Use or Social Media Policy for your business or simply have questions about the benefits and risks of leveraging social media to help your business grow, contact OlenderFeldman LLP.

The Federal Americans with Disabilities Act, the New  Jersey Law Against Discrimination and the New Jersey Pregnancy Discrimination and Accommodation Law each impose significant obligations on employers, who are required to provide reasonable accommodations to employees.

There is a considerable amount of confusion on the part of many New Jersey employers as to their obligation to provide reasonable accommodations for those who are disabled or pregnant.  As of January 2014, with the passage of the New Jersey Pregnancy Discrimination and Accommodation Law, pregnancy is now its own protected class and pregnant employees are entitled to accommodations regardless of whether they suffer from a disability relating to the pregnancy.  This FAQ will address at a basic level the most important aspects of employment law as it pertains to reasonable employee accommodations. Of course, don’t miss our other posts about protecting against employee lawsuits, employer compliance with the Affordable Care Act (Obamacare), employee privacy obligations and other employment hiring practices.

Q:        What is a reasonable accommodation? 

 A:        Under the Federal Americans with Disabilities Act (“ADA”) or the New Jersey Law Against Discrimination (“NJLAD”), a reasonable accommodation is defined as a practical change to a job description or work situation needed to support the employment of a qualified disabled person or someone with a special need in that capacity.  Reasonable accommodation also refers to modifications made by an employer to assist qualified disabled persons in enjoying the same rights and privileges that other employees of an equal level enjoy.

 Q:        What is a disability?

 A:        A disability under the ADA (which is constantly expanding and is considered a fairly universal definition from an employment standpoint) includes impairments (mental or physical) which substantially interfere with one or more major life activities such as walking, bending, sitting, pushing, pulling, holding, stooping, climbing a ladder, or stairs, running, jogging, breathing, shopping, dressing, bathing, eating, concentrating, listening, communicating and so forth.  Even episodic conditions (i.e., epilepsy, migraine headaches and so forth) can be deemed disabling if, when active, such conditions interfere with one or more major life activities.

 Q:        Who has to request or propose the accommodation?

 A:        The employee must request the accommodation, and the accommodation must be communicated as clearly and specifically as possible.  Specificity with regard to the accommodation is crucial, because a vague request such as a lateral transfer, etc. can be easily (and legally?) denied by the employer saying there are no such positions.

 Q:        What are the employer’s obligations once an accommodation has been requested?

 A:        Once an employee requests an accommodation, both the employer and employee have to engage in what is known as an “interactive process.”  That means that the employee and the employer must actively work together on a solution to come up with an accommodation.  Unilateral demands on the part of the employee or unilateral denials on the part of the employer are not interactive and would violate the requirements of the ADA or NJLAD.

 Q:        What are the limits on the accommodation that must be provided to qualifying employees?

A:        The accommodation must be reasonable.  That means that the employee must be able to perform the functions of his or her job with the accommodation and without causing undue hardship.  Undue hardship means an action that would be unduly costly, excessive, substantial or disruptive in relation to the size, resources, nature, and structure of the employer’s operation.  For example, an outside sales representative who is required to travel the majority of the time to secure business opportunities or meet with clients and who cannot perform job functions from an office location cannot claim as a reasonable accommodation to be permitted to work from home for the remainder of his/her disability or employment.

Q:        Does a New Jersey employer need to provide a reasonable accommodation in New Jersey if it has less than 25 employees?

A:        Yes.  Although the reasonable accommodation requirements of the ADA only apply to employers who employ 25 or more employees, the NJLAD also requires employers to provide reasonable accommodations for disabled and pregnant workers regardless of the number of employees they have. 

Q:         Does a New Jersey employer need to provide a reasonable accommodation to a pregnant worker who is not disabled?

A:        Yes.  Under the New Jersey Pregnancy Discrimination and Accommodation Law (which became effective as of January 21, 2014), employers who know or should know that an employee is pregnant or recovering from pregnancy cannot discriminate against the employee in terms and conditions of employment.

Prior to the law’s enactment, pregnancy was not considered as a protected class under the NJLAD (meaning that an employee could not sue for discrimination under that law) unless there were complications associated with the pregnancy that could cause the pregnancy to come within the definition of a disability.  The new law requires employees to treat pregnant employees no less favorably than non-pregnant employees in their employment policies even if they are not suffering from any pregnancy related complications.

The law also specifically requires employers to provide pregnant employees with reasonable accommodations relating to the pregnancy upon the advice of the employee’s physician.  The law provides a non-exhaustive list of examples of accommodations which include bathroom or water intake breaks, rest breaks, assistance with manual labor, job restructuring or modifying work schedules and temporary transfers to less hazardous or strenuous jobs.  As in the case of reasonable accommodations for disabled employees, employers must grant the employee’s request for a pregnancy accommodation unless doing so would cause an undue burden upon the their operations.

This FAQ merely scratches the surface of the requirements imposed upon all New Jersey employers to provide reasonable accommodations to their employees.  Needless to say, it is incumbent upon all New Jersey employers to review their employment policies with counsel to insure that they are compliant with this area of employment law.

If you have any questions concerning this important FAQ, please contact Howard A. Matalon, who leads the firm’s Employment Law practice group.

The biggest privacy challenges affecting businesses today are regulatory scrutiny from government agencies, media coverage with unintended consequences, and privacy risks that are discovered during corporate transactions.

Rapidly growing eCommerce and technology companies typically focus on creating viable products and services, adapting business models and responding to challenges, and using data in new ways to glean valuable insights and advantages. They often achieve success by disrupting existing industry norms and flouting convention in an attempt to do things better, faster and more cost-effectively. In the tech world, this strategy is often a blueprint for success.  At the same time, this strategy also often raises privacy concerns from regulators and investors.  In fact, three of the biggest privacy challenges affecting businesses today are regulatory scrutiny from government agencies (and potentially, personal liability arising from such scrutiny), media coverage with unintended consequences, and privacy risks that are discovered during corporate transactions.

Regulatory Scrutiny Of Privacy Practices

Government regulators, led by the Federal Trade Commission (“FTC”), have taken an activist role in enforcing privacy protections.  The FTC often does so by utilizing its powers under the FTC Act, which enables the FTC to investigate and prosecute companies and individuals for “unfair or deceptive acts and practices.” Some of the activities which the FTC considers to fall under the “unfair or deceptive” umbrella are: a company’s failure to enforce privacy promises; violations of consumers’ privacy rights; and failing to maintain reasonably adequate security for sensitive consumer information.

Though most of the FTC’s investigations are settled privately and non-publicly, those that do become public (usually, as a result of a company refusing to cooperate voluntarily or disagreeing with the FTC on the proper resolution) are often instructive. For example, the FTC recently settled charges against Snapchat, the developer of a popular mobile messaging app.  The FTC accused Snapchat of deceiving consumers with promises about the disappearing nature of messages sent through the service, the amount of personal data Snapchat collected, and the security measures taken to protect that data from misuse and unauthorized disclosure.  Similarly, when Facebook acquired WhatsApp, another cross-platform mobile messaging app, the FTC explicitly warned both Facebook and WhatsApp that WhatsApp had made clear privacy promises to consumers, and that WhatsApp would be obligated to continue its current privacy practices ― even if such policies differ from those of Facebook ― or face FTC charges. The takeaway from the FTC’s recent investigations and enforcement actions are clear: (1) businesses should be very careful about the privacy representations that they make to consumers; (2) businesses should comply with the representations they make; and (3) businesses should take adequate measures to ensure the privacy and security of the personal information and other sensitive data that they obtain from consumers.

Sometimes officers and directors of businesses are named in a FTC action along with, or apart from, the company itself.  In such cases, the interests of the individuals and those of the companies often diverge as the various parties try to apportion blame internally.  In certain cases, companies and their officers are held jointly and severally liable for violations.  For example, the FTC sued Innovative Marketing Inc. and three of its owners/officers. A federal court found the business and the owners/officers to be jointly and severally liable for unfair and deceptive actions, and entered a verdict for $163 million against them all. The evolving world of regulatory enforcement actions reveals that traditional liability protections (i.e., acting through a corporate entity) do not necessarily shield owners, officers, and/or directors from personal liability when privacy violations are at issue. Officers and directors should keep in mind that knowledge of, or indifference to, an unfair or deceptive practice can put them squarely in the FTC’s crosshairs ― and that the “ostrich defense” of ignoring and avoiding such issues is unlikely to produce positive results.

Unintended Consequences of Publicity

Most businesses crave publicity as a means of building credibility and awareness for their products or services. However, businesses should keep in mind that being in the spotlight can also put the company on regulators’ radar screens, potentially resulting in additional scrutiny where none previously existed. One of our clients, for example, came out with an innovative service that allows consumers to utilize their personal information in unique ways, and received significant positive publicity as a result. Unfortunately, that publicity also caught the interest of a regulatory entity. It turns out that some of our client’s statements about their service were misunderstood by the government. Ultimately, we were able to clarify the service offered by our client for the government in an efficient and cost-effective manner, demonstrating that no wrongdoing had occurred, and the inquiry was resolved to our client’s (and the government’s) satisfaction.  Nonetheless, the process itself resulted in substantial aggravation for our client, who was forced to focus on an investigation rather than on its business activities. Ultimately, the misunderstanding could have been avoided if the client had checked with us first, before speaking with reporters, to ensure the client’s talking points were appropriate.

Another more public example occurred at Uber’s launch party in Chicago.   Uber, the car service company which allows users to hail a cab using a mobile app, allegedly demonstrated a “God View” function for its guests which allowed the partygoers (including several journalists) to see, among other information, the name and real-time location of some of its customers (including some well-known individuals) in New York City – information which those customers did not know was being projected onto a large screen at a private party. The resulting publicity backlash was overwhelming. Senator Al Franken wrote Uber a letter demanding an explanation of Uber’s data collection practices and policies and Uber was forced to retain a major law firm to independently audit its privacy practices, and implement changes to its policies, including limiting the availability and use of the “God View.”

Experience has shown us that contrary to the old mantra, all publicity is not necessarily good publicity when it comes to the world of privacy.  Before moving forward with publicity or marketing for your business, consider incorporating a legal review into the planning to avoid any potentially adverse impact of such publicity.

Privacy Concerns Arising During A Corporate Transaction

Perhaps most importantly to company owners, the failure to proactively address privacy issues in connection with corporate transactions can cause significant repercussions, potentially destroying an entire deal.  Most major corporate transactions involve some degree of due diligence.  That due diligence, if properly performed by knowledgeable attorneys and businesspeople, will uncover any existing privacy risks (i.e., violations of privacy-related laws, insufficient privacy security measures or compliance issues which become financially overwhelming).  If these issues were not already factored into the financial terms of the transaction or affirmatively addressed from the outset, the entire landscape of the transaction can change overnight once the issues are uncovered – with the worst case scenario being the collapse of the entire deal.  Therefore, it is critical that businesses contemplating a corporate transaction be prepared to address all relevant privacy issues upfront.  Such preparation should include an internal analysis of the business from a privacy-law perspective (i.e., determining which regulatory schemes apply, and whether the business is currently in compliance) and being prepared to provide quick responses to relevant inquiries, such historical policies and procedures related to privacy and data security, diagrams of network/data flow, lists of third-parties with whom data has been shared, representations and warranties made to data subjects, and descriptions of complaints, investigations, and litigation pertaining to privacy issues.

Privacy and data security issues can be particularly tricky depending on the nature of the data that is maintained by the company and the representations that the company has made with respect to such data.  Businesses are well-advised to prepare a due diligence checklist in preparation for any corporate transaction which should include an assessment of the business’ compliance with applicable information privacy and data security laws as well as any potential liabilities from deficiencies that are discovered.  Addressing these issues in a proactive manner will allow the business to be more prepared for the corporate transaction and mitigate any harm which otherwise might flow from any problems which arise.

The following is a guest post from Damon Finaldi, President of Tele-Data Solutions, a provider of VoIP phone systems and cloud technology.

You’re a litigator stuck in court who needs to check email. A law firm business manager looking to increase revenue. Or the IT manager who knows there’s a better way to tie together your communications. In any of these cases and many others, an upgrade of your firm’s telecommunications to a VoIP (voice over internet protocol) phone system can boost profits and productivity.

In today’s connected world, a phone is more than just a phone. It’s a business tool that can give your firm a competitive edge in terms of client service, mobility, collaboration, and billings. Internet telephony using VoIP has been around for several decades, and services using this technology have improved as broadband services have become more widely available. VoIP offers speed and flexibility that traditional phone services lack.

Here are several key ways that implementing VoIP can help boost revenues, streamline communications, and improve productivity:

  • Lower phone bills. By migrating to a VoIP system you eliminate local and long distance phone bills—it’s one flat price no matter where you call nationwide, and international rates are highly competitive.
  • Increase client billings. VoIP technology captures every billable second that attorneys, paralegals, and assistants spend on the phone talking to clients, automatically.
    • You get automated call logs that no one has to maintain (manual paper time sheets are so 20th century). No one has to remember their call lengths down to the 0.1 second—VoIP does it for you.
    • Your business manager can easily review these logs through a desktop dashboard and determine who gets billed and who doesn’t.
    • The system can tie in all your firm’s account codes.
    • A mobile app tracks phone time on company cell phones as well, and it all reports to the central system.
    • You can integrate the phone logs with your time and billing software package for streamlined accounting and convenience.
  • Check voice mail anywhere without disrupting proceedings or meetings (or traffic). Attorneys who are in court or driving can access all their voicemail and email easily, safely and discreetly via VoIP.
    • The system can send all voicemail to any phone in a WAV file that is easily accessed from anywhere.
    • Voicemail can also be transcribed as email so you can quietly scroll through messages while away from the office. Attorneys in certain practice areas—such as personal injury or criminal law—know how crucial it is to respond quickly to messages (and get the client who’s searching for representation now).
    • In the car and need to check your messages? The phone system identifies you by your caller ID and will automatically log you into your voice mailbox, hands-free.
  • Built-in conferencing. VoIP eliminates the need for third-party conference call services. VoIP’s conference call features include:
    • Allows unlimited connections—as many people as you need to include, from any location;
    • Includes an integrated conference bridge;
    • Can record the conference call (or any phone call) for future transcription or deposition, eliminating “he said/she said” and allowing more effective negotiation with a real-time recording of the call;
    • Exports the call recording as an MP3 or WAV file to include in case management software.
  • Go mobile or multi-site. With a VoIP phone system, staff can work from anywhere and stay in touch, so sick days, personal days or working vacations are never an issue:
    • Integrates multiple locations centrally in the background so callers get through to everyone no matter what.
    • Centralizes receptionist duties across locations.
  • Easy to administer. Manage the entire system from anywhere via the web portal. If you need to shut down early or open late (and indicate this with outgoing voice mail), or change users’ names on extensions as people join or leave the firm or move offices, it can all be done online on any interface. This eliminates the need for complicated programming, phone trees, or specialists.
  • No down time. Natural disasters, power or service outages, and inaccessible locations are no longer barriers to maintaining phone service with VoIP.  Because internet telephony is in the Cloud, the system is always up as calls are routed through a data center.

 Internet telephony has come a long way since its inception in the 1990’s. Internet telephony technology suing VoIP can save your firm money and can also help your firm make money at the same time; it can save your attorneys time and keeps everyone connected seamlessly—even in multiple offices.

Technology can impact the way we work, play, communicate and live, and “big data” analysis – the processing of large amounts of data in order to gain actionable insights – has the ability to radically alter society by identifying patterns and traits that would otherwise go undiscovered. This data, however, can raise significant privacy concerns in the context of a merger or acquisition.

Dunn and Bradstreet interviewed one of our in-house privacy lawyers, Aaron Messing, regarding various Tips for Customer Data Management During a Merger or Acquisition. We thought the topic was so interesting, that we decided to expand a little bit more on the subject.

As background, it is important to consider that there are three types of M&A transactions affecting data: stock transactions, mergers, and sales of assets. In a stock transaction, there are no data issues, while the owners of a company sell stock to a new owner, the entity itself remains intact.  This means business as usual from the entity’s standpoint, and there are no data or confidentiality issues.

By contrast, in a merger (where the target is not the surviving entity) or in an asset transaction, the original entity itself goes away, which means all of the assets in that entity have to be transferred, and there is a change of legal title to those assets (including to any data) which can have legal implications. For example, if a party consents to the use of their data by OldCo, and OldCo sells all of its assets to NewCo, does that party’s consent to use data also transfer to NewCo?

In a merger, data needs to be appropriately assigned and transferred, which often has privacy implications. Companies generally have privacy policies explaining how they collect and use consumers’ personal information. These policies often contain language stating that the company will not give such information to any third-party without the consumer’s consent. In such situations, the transfer of data must be done in accordance with the written commitments and representations made by that company (which may vary if different representations were made to different categories of individuals), and may require providing notice or obtaining consent from consumers (which, depending on the scope of the notice or consent required, can be an arduous task).

Companies also generally maintain employee data and client data in addition to consumer data. This information needs to be handled in accordance with contractual obligations, as well as legal obligations. National and foreign laws may also regulate the transfer of certain information. For example, in transborder transactions, or for transactions involving multinational companies, it is extremely important to ensure that any transfer of data complies with the data privacy and transborder transfer obligations applicable in all of the relevant jurisdictions.

Obligations may arise even during the contemplation of a merger, or during the due diligence process, where laws may impact the ability of companies to disclose certain information and documentation. For example, in the United States, financial companies are required to comply with the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act, which govern the controls required to protect certain types of data, and companies in the health care and medical fields are often required to comply with the Health Insurance Portability and Accountability Act.

In the multinational / crossborder context, businesses may run into challenges posed by conflicting multi-jurisdictional data protection laws, which may prevent routine data flows (such as phone lists or other employee data) to countries that are deemed to have insufficient data protection laws, or require that centralized databases comply with the laws in multiple jurisdictions. Additionally, employee rights to access and amend data, as well as requirements to obtain consent before collection and limitations on maintenance of data may cause challenges as well.

So what should companies do when contemplating or navigating a merger or acquisition? First, companies should determine what information they have. Next, companies must ensure that they understand what information they have, including the circumstances under which the information was collected, and what rights and obligations they have relative to that information. Companies should determine what ability they have to transfer information, what consents or approvals are necessary to do so, and the potential impact of a transfer on the various stakeholders.

The bottom line? Any technology, and big data in particular, can be put to both good and bad uses. It is important that as companies gather data about individuals, that that information be used in accordance with existing laws and regulations governing data use, as well as in a way that respects the privacy of the individuals to which the data pertains.

Startup companies and entrepreneurs love to innovate. A good lawyer can help startups push the envelope while avoiding rookie mistakes.

While all resources are given a premium with a burgeoning company, NJ Tech Weekly polled some of New Jersey’s top professionals – including OlenderFeldman LLP partner Christian Jensen — for their thoughts on the one major mistake that startups make that can be avoided with the right professional advice.  Among the number of issues faced including entity choice, equity issues and privacy policy/terms and conditions, Chris spoke about the importance of delineating employee issues – both through classification and contract – at the outset of a business. Give the entire article a read here. You can also read more about common legal mistakes made by small businesses

Cellphone companies are now using “perma-cookies” to track mobile browsing despite consumer’s do not track” requests, which permits advertisers to identify users for targeted behavioral advertising and has concerning implications for users’ privacy.

OlenderFeldman’s own Aaron Messing was interviewed by Fox News regarding how cellphone companies are using various methods to track their users’ mobile browsing habits. While most people think their mobile browsing activity is anonymous, this activity can be tracked to their phone and, thus to them by both their phone companies and, increasingly, but the websites that they view. This can have concerning implications when the user of a phone is a minor, or when the subject of the browsing is personal health information or other sensitive information.

Aaron was also asked about the mandatory arbitration provisions and other waivers that are hidden in the fine print of many cellphone contracts. In our modern electronic society, many users simply hit “I accept” without reading the contracts that they are agreeing to,  not realizing that they may be giving away important rights.

 See the full interview here.

Entrepreneurs often struggle with what they should and should not say to potential investors, especially given that investors often will refuse to sign a non-disclosure agreement (“N.D.A.”). Disclose too little information about your start-up or idea and you may fail to interest an investor. By the same token, disclose too much and you may expose yourself to an unacceptable level of risk.

Eileen Zimmerman wrote a fantastic article explaining why more start-ups are sharing ideas without legal protection, quoting OlenderFeldman’s Aaron Messing. While we highly recommend reading the whole article, we wanted to expand a bit on some of the topics Aaron spoke about in the article:

Even if a start-up manages to get a[ non-disclosure] agreement signed, it can be tough to enforce, said Aaron I. Messing, a lawyer with OlenderFeldman LLP in Summit, N.J. “It’s very hard to prove that you kept information confidential, and it was only disclosed under an N.D.A.,” said Mr. Messing, who represents both founders and investors. “And it can be expensive.”

One of the reasons why the N.D.A. disappeared in the context of start-up institutional capital is because an N.D.A. is only as valuable as a party’s willingness to enforce it. While it is true that institutional investors do not want to be bothered with keeping track of N.D.A.’s, its also equally true that most entrepreneurs are unwilling or unable to enforce a confidentiality agreement. In addition to the expense of litigation and difficulty of proving that the information was kept confidential, very few entrepreneurs want to be known as someone who sues institutional investors.

Companies will need to disclose significant proprietary information about themselves to get to the point where an investor will want to sign a term sheet, but that level of information will generally be insufficient to enable someone else to duplicate. However, if a company’s market or product has a low barrier to entry, proprietary information doesn’t matter as much as execution. Where there is a a barrier to entry regarding certain forms of technology or an invention, an N.D.A generally will be signed in connection with due diligence process, where the level of disclosure that is beyond what would ordinarily need be disclosed in order to explain what a company does.

One of the little known secrets about start-ups and investing is that, according to reputable studies, under 3% of early-stage start-ups receive investment from professional or institutional capital. The equation is simple: there are simply more ideas than good ideas, more good ideas than good businesses, and more good businesses than good investments. That equation also helps explain why investors

Auquel donner embaumé envoya génois mois de kamagra pour femme carmin à sais part laissé n’avaient cialis ou viagra quel est le meilleur la temps leur les effets indesirables de cialis très-prudent secours la moquait les des pénétré populaire, témoin peut on acheter cialis en pharmacie sans ordonnance peu Gênes conservée crues d’Espagne. Toiles le de celui ils?

often will refuse to sign an N.D.A. Given the likelihood that your start-up will not receive professional investment, when pitching to institutional capital, great care should be taken to vet the investors and determine what specifics are appropriate to be disclosed.

Mr. Messing advised making sure an investor did not have potential conflicts or overlapping investments. Reputable investors, he said, “have much to lose by stealing your idea.”

It is true that if an investor is in the business of stealing ideas, that investor is not going to be in business for very long. However, even the fact that you are pitching to reputable investors doesn’t mean that they will not disclose information they’ve learned from you to someone else, whether intentionally or (more likely) unintentionally, as individuals often simply forget the context under which they originally heard information. This is why it is exceptionally important to share information appropriately, that is, disclosing sufficient information to convey what is unique and proprietary about the start-up, without disclosing such a level of information that would allow someone to replicate the idea. In short, entrepreneurs should attempt to maintain the barrier to entry, to the extent possible. In any event, when vetting a potential investor, referrals and word of mouth will often be the best indicators, as quality investors pay great attention to making sure they have referenceable contacts. Once a start-up has identified a suitable investor, they should typically reveal details over time so that they do not say too much too early. Start with a teaser, and work your way towards an elevator pitch, followed if appropriate by an executive summary, a pitch deck and business plan.

When discussing a start-up, founders should walk a fine line, conveying sufficient information about what is unique and proprietary, but not disclosing information that would let someone replicate the business. For example, said Mr. Messing, an entrepreneur could disclose “what an algorithm can do, but not the algorithm itself.”

An entrepreneur that develops unique technology must find a way to keep that technology proprietary. In order to do so, the entrepreneur needs to understand the difference between patentable subject matter, trade secrets (e.g., the Coca-Cola formula) and things that are otherwise unprotectable but that have special marketing angles or specific go-to-market strategies that may give the start-up a unique first mover advantage. This is where it is most important for entrepreneurs to have qualified counsel, so that they know what type of intellectual property they have. It is rare that an entrepreneur will know what type of intellectual property they have, and understand what they can and cannot expose. We routinely advise our start-ups on how to compartmentalize intellectual property so they understand what is protectable and what is not, and to the extent the intellectual property is protectable, the best ways to do so.

Of course, an N.D.A. takes on more importance in the due diligence/term sheet context, prior to consummating an investment, where a company will often need to disclose significant proprietary information in a level of disclosure that is beyond what would ordinarily be disclosed to simply discuss what the company does. OlenderFeldman generally does not recommend entering into the due diligence process without an N.D.A., and has yet to hear of any situations where an institutional investor breached an N.D.A. in connection with a transaction (and certainly none that the Firm has dealt with).

John Hancock…Is That Really You?

All too often, documents such as contracts, wills or promissory notes, are contested based on allegations of fraudulent or forged signatures. Indeed, our office once handled a two-week arbitration based solely on the issue of authentication of a signature on a contract. Fortunately, a quick, simple and inexpensive solution to prevent this problem is to have the document notarized by a notary public (“Notary”). A notarization, or a notarial act, is the process whereby a Notary assures and documents that: (1) the signer of the document appeared before the Notary, (2) the Notary identified the signer as the individual whose signature appears, and (3) the signer provided his or her signature willingly and was not coerced or under duress. Generally speaking, the party whose signature is being notarized must identify himself/herself, provide valid personal identification (i.e., a driver’s license), attest that the contents of the document are true, and that the provisions of the document will take effect exactly as drafted. Finally, the document must be signed in the presence of the Notary.

Why is Notarization Important?

A primary reason to have a document notarized is to deter fraud by providing an additional layer of verification that the document was signed by the individual whose name appears. In most jurisdictions, notarized documents are self-authenticating. A Notary can also certify a copy of a document as being an authentic copy of the original. For more information, please see our previous blog post regarding the enforceability of duplicate contracts. Ultimately, this means that the signers do not need to testify in court to verify the authenticity of their signatures. Thus, if there is ever a dispute as to the authenticity of a signature, significant time and money can be saved by avoiding testimony – which also eliminates the potential of a dispute over witness credibility (i.e., he said, she said).

How are Notaries Regulated?

Each state individually regulates and governs the conduct of Notaries. For specifics on New Jersey law, see the New Jersey Notary Public Manual, and for New York’s law, see the New York Notary Public Law. In most cases, a Notary can be held personally liable for his or her intentional or negligent acts or misconduct during the notarization process. For example, a Notary could be liable for damages or criminal penalties if he or she notarizes a signature which was not provided in the Notary’s presence or which the Notary knows is not authentic. A Notary is generally charged with the responsibility of going through a document to make sure that there are no alterations or blank spaces in the document prior to the notarization. The strict regulation of Notaries provides additional recourse for the aggrieved party, as the Notary could be held responsible for damages a party suffers as a direct result of the failure of the Notary to perform his or her responsibilities.

The Future of Notarization

As with most areas of the law, notarization is attempting to catch up with technology. Some states have authorized eNotarization, which is essentially the same as a paper notarization except that the document being notarized is in digital form, and the Notary certifies with an electronic signature. Depending on the state, the information in a Notary’s seal may be placed on the electronic document as a graphic image. Nevertheless, the same basic elements of traditional paper notarization remain, including specifically, the requirement for the signer to physically appear before the Notary. Recently, Virginia has taken eNotarization a step further and authorized webcam notarization, which means that the document is being notarized electronically and the signer does not need to physically appear before the Notary. However, a few states, including New Jersey, have issued public statements expressly banning webcam notarization and still require signers to physically appear before a Notary.

The bottom line: parties should consider backing up their “John Hancock” by notarizing their important documents. The low cost, typical accessibility of an authorized Notary, and simplicity of the process may make it worth the extra effort.

Nathan D. Marinoff, Esq. Joins the Firm

Nathan  specializes in corporate law and regularly advises domestic and international companies, Boards of Directors and investors in matters of corporate governance, public and private capital markets, venture capital and private equity investments, mergers and acquisitions, joint ventures, bank financings and commercial licensing and employment agreements.

Nathan began his legal career as a law clerk to a federal judge, following which he spent over seven years in private practice with Skadden, Arps, Slate, Meagher & Flom LLP and Morgan, Lewis & Bockius LLP.   Thereafter, he served as Deputy General Counsel at Virgin Mobile USA, overseeing the company’s initial public offering and its merger with Sprint Nextel, and as Senior Director, Legal at a New York private equity firm with over $8 billion in assets, providing counsel to the firm and legal oversight to over 30 portfolio companies. He is deeply involved in the community and serves as a member of the Board of Directors for two charities, The Jewish Education Project and Friends of Firefighters.

Nathan can be reached at: | 908-964-2432

For the second year in a row, Christian has been recognized by his peers in Super Lawyers as a Rising Star. This distinction is limited to less than 2.5 percent of attorneys in New Jersey.

OlenderFeldman is proud to congratulate Christian Jensen on being named one of Super Lawyers’ 2014 Rising Stars. The New Jersey Rising Stars list is limited to lawyers who are 40 years old or less or have been in practice for 10 years or less and is comprised of no more than 2.5% of the lawyers in the state.

Christian focuses his practice with OlenderFeldman in the areas of complex commercial litigation and intellectual property litigation, including business and consumer fraud, construction and employment law. For more information about Christian please click here.

Effective immediately, all New Jersey employers are required to treat pregnancy as a protected characteristic under the New Jersey Law Against Discrimination (“NJLAD”), as well as to provide reasonable accommodations when a pregnant employee requests an accommodation based upon advice of her physician, unless it would cause an undue hardship to the employer. 

The purpose of this Client Alert is to address some of the Frequently Asked Questions we have received from our clients about the new amendment to the New Jersey Law Against Discrimination.

What types of reasonable accommodations must be afforded pregnant employees?

Reasonable accommodations include, among other things, bathroom breaks, breaks for increased water intake, periodic rest, assistance with manual labor, modified work schedules and temporary transfers to less strenuous or hazardous work.

What are the variables that determine whether a request for a reasonable accommodation would cause an undue hardship upon an employer? 

There are a number of factors that are evaluated under the NJLAD as to whether a reasonable accommodation actually causes an undue hardship, including, among other things, the size of the business, number of employees, type of operations, the composition of the work force, the nature and cost of the accommodation required, and whether the accommodation would require the employer to ignore or waive the employee’s essential job functions in order to provide the accommodation.

When is leave required?

Pregnant employees are entitled to paid or unpaid leave as a reasonable accommodation in the same manner provided to other employees not affected by pregnancy.  So, for example, if the employer has a disability leave policy, that policy must be adhered to for any pregnant employee.  We recommend that all employers consider the implementation of a disability leave policy, even if they are not required to provide leave under the Federal Family and Medical Leave Act (“FMLA”) or New Jersey Family Leave Act (“NJFLA”) due to the size of their business.   Such policy can flexibly permit employers to provide  reasonable accommodations while at the same time meet their business needs and objectives.

For example, employers can create an unprotected disability leave policy (assuming they do not have 50 or more employees, in which case they must provide leave under the FMLA or NJFLA) that requires their employees to exhaust their sick, vacation and personal days (paid time off) as a condition of taking such leave.  Where an employee requires additional time off beyond paid time off, the employee is placed on unpaid leave with no assurances of being returned to the position they held with the employer prior to taking such leave.  The employee’s ability to return to work following the end of his or her disability leave can be evaluated based upon on the employer’s business needs when the employee is in fact capable of returning to work.

Is a separate notice regarding reasonable accommodations or pregnancy discrimination required to be posted under the NJLAD?  

No.  The Division on Civil Rights requires employers to display the Division’s official poster in a place where it will be visible to employees and applicants.  We anticipate that the Division will amend its official poster and employers will be advised to display the new poster as soon as practicable thereafter.

OlenderFeldman LLP Data Protection and Privacy lawyers Michael Feldman and Jordan Kovnot will attend the International Association of Privacy Professionals (IAPP) Global Privacy Summit, to be held March 5-7 in Washington, D.C.

The event will feature thousands of privacy industry professionals participating in dozens of educational sessions ranging from FTC compliance, cloud computing, big data privacy, cybersecurity, data breach response, the NIST Cybersecurity Framerwork, COPPA and more. If you would like to meetup with Michael or Jordan, please send them an email or contact us using the contact form. We hope to see you there.

Collection of Location Data Enables Personalized Recommendations; Creates Privacy Concerns

Location data is becoming increasing valuable to companies, who can use this information to build detailed profiles of individual’s preferences and activities, including where they live, work and shop.  Location data can be collected from all Wifi-enabled smartphones, which have a persistent identifier that can be tracked without notifying the user.  Companies can also determine which Wi-Fi networks a phone has logged into.

Although this information can enable companies to provide individually tailored services and products, many have raised concerns about the privacy implications of this type of tracking. For example, a company could infer that an individual has a medical condition based on trips to health care providers.  Additionally, companies are increasingly able to connect online and offline behaviors into a composite profile.

Please click here to see Aaron Messing’s  interview with Fox News concerning location privacy.

OlenderFeldman’s own Aaron Messing was interviewed by U.S. News and World Report about when to give out your social security number and how to protect it, so that you can protect your privacy.

Most people get requests for their social security number on a regular basis, and it is often difficult to understand whether you are required to give that information or when it’s purely optional. In a recent U.S. News and World Report article, Aaron Messing provided some tips about determining when that information is required:

“It’s hard to tell whether a business is going to follow best practices,” says Aaron Messing, an information privacy attorney at OlenderFeldman LLP in New Jersey. “The best way to protect private information including Social Security numbers is to limit who has access to it.”

In addition to asking why your social security number is necessary and how it will be used, Aaron recommends offering an alternate identifier, such as a

driver license number, being skeptical of emails and incoming phone calls and not oversharing online:

Don’t over-share online. Until 2011, the Social Security Administration assigned Social Security numbers in a predictable way. “If you share your birthday, age and place of birth, for example, on Facebook, studies have shown that Social Security numbers can be predicted based on publicly available information,” Messing says. “The Social Security Administration started randomly assigning Social Security numbers in June 2011 for that reason.” He recommends never publicly sharing your year of birth and choosing a different year when asked for online forms. “Add or subtract some years, as long as it’s a number you’ll remember,” he says.

Read the whole article here. Aaron was previously quoted regarding privacy and protection of social security numbers for State Farm’s Good Neighbor magazine.

Affordable Care Act (ACA or "Obamacare") Legal Questions

In response to questions from concerned business owners, we’ve compiled answers to some of the frequently asked legal questions regarding complying with the Affordable Care Act, or “Obamacare”.

The Affordable Care Act: FAQ For Business Owners

Many businesses are still unaware that they must assess this year whether they are required under the Patient Protection and Affordable Care Act (“ACA”) — otherwise commonly referred to as “Obamacare” — to provide affordable healthcare to their Full Time employees when the health care plan mandate goes into effect on January 1, 2014.

Because of the complex nature of the ACA’s provisions and their nationwide impact, we have prepared this FAQ Sheet to explain in basic terms how the ACA works and to address the most common misunderstandings about the law itself by the business community. Remember: simple mistakes can often be costly to fix.

1. Do the ACA’s Health Care Plan Requirements apply to every business?   No. The ACA only applies to businesses having “Large Employer Status”, which is defined under the ACA as having 50 or more Full Time or Full Time Equivalent (“FTE”) employees.  

A Full Time employee under the ACA is someone who works an average of 30 hours per week (or 130 hours per month) as measured over a period of six (6) consecutive months in the 2013 calendar year.  Hours include both time worked and time paid but not worked (such as holidays, paid time off, and so forth).  But this is not the end of the assessment process because FTE employees also must be taken into account.

To protect against businesses trying to get around the 50 Full Time employee threshold by simply reducing the hours of a few employees below 30 hours per week, the ACA requires that an employer add together the total number of Full Time employees and FTEs for purposes of evaluating “Large Employer Status”.  The number of FTEs is determined by combining the number of hours of service in a given month for all employees averaging less than 30 hours of service per week and dividing that number by 120.  That calculation will yield the number of FTEs that must be added to the total number of Full Time employees to determine whether an employer meets the “Larger Employer Status” threshold.

Example: Business X has 42 Full Time employees and 20 employees who each work on average 80 hours per month.  Using the calculation set forth above, those 20 employees would translate into 13 FTEs  (20 x 80/120).  The total of Full Time employees and FTEs at Business X would therefore be 55 and trigger “Large Employer Status.”  Business X must therefore provide an ACA-compliant health care plan for its Full Time employees in 2014.

2. If a business qualifies as a “Large Employer” under the ACA, does it need to provide healthcare plans for all company employees?  No.

Businesses that are required to have an ACA-compliant plan only need to provide health care benefits to Full Time employees (i.e., those working 30 hours or more per week). 

3. What does a business need to include in its health care plan to become “ACA-compliant”? ACA-compliant Plans must: (A) be “Affordable”; (B) Provide “Essential Benefits”; and (C) Cover 60% of the Plan Cost (otherwise known as “Minimum Value”). 

The Affordability Test.

In order to meet ACA’s definition of an “Affordable” health care plan, the lowest cost option for a Full Time employee’s individual coverage must be less than 9.5% of the employee’s modified adjusted gross household income.  Businesses can evaluate whether they satisfy the 9.5% threshold of an individual employee’s AGI by looking to Box 1 of an employee’s Form W-2 Wages.

Example: Employee X has W-2 Wages of $30,000.  The health care plan requires the employee to contribute $200 per month for individual coverage (or $2,400 per year).  The coverage would therefore meet ACA’s definition of Affordable.  If the plan were to require the employee to contribute $250 per month (or $3,000 per year) it would exceed the 9.5% threshold and therefore the plan would not satisfy the affordability standard.

The “Essential Benefits” Requirements.

An ACA-compliant Plan must also contain “Essential Benefits” unless the plan is grandfathered under the ACA (and most existing plans do not qualify for grandfathered status for reasons not addressed here – consult your healthcare consultant or provider for details).

Such Essential Benefits must include at a minimum:

  • Ambulatory patient services, such as doctor’s visits and outpatient services;
  • Emergency services;
  • Hospitalization;
  • Maternity and newborn care;
  • Mental health and substance use disorder services, including behavioral health treatment;
  • Prescription drugs;
  • Rehabilitative and habilitative services and devices;
  • Laboratory services;
  • Preventive and wellness services and chronic disease management; and
  • Pediatric services, including oral and vision care.


In addition, an Essential Benefits small group Plan is subject to annual deductible limits ($2,000 for self coverage and $4,000 for family) and all plans are subject to annual out-of-pocket maximums for Essential Benefits.  For 2014, the out-of-pocket maximums are $6,350 for individual coverage and $12,700 for family coverage.

The “Minimum Value” Test

“Minimum Value” under the ACA means that the employer’s share of its sponsored plan is at least 60% of the total cost of the plan.

Both the and websites have a Minimum Value Calculator that can be downloaded as an Excel Spreadsheet and used by the employer to determine whether its sponsored Plan meets the Minimum Value requirements.  This calculation can easily be handled by health care benefits consultants, who will be able to recommend approaches to health care plans to insure minimum value is achieved.

4. Do businesses have any obligation to notify employees of their rights under the ACA regardless of whether or not they are providing an ACA-compliant Plan in 2014?  Yes.

On or before October 1, 2013, all businesses that would otherwise be subject to the Fair Labor Standards Act (which includes any business in the United States with annual dollar volume of sales or receipts in the amount of $500,000 or more) must provide ACA notification advising employees of their rights and whether the employer will be providing an ACA-compliant plan. 

This notice is known as a “Marketplace Exchange Notice,” which relates to the fact that individuals can obtain health care subsidies or purchase health care through State Marketplace Exchanges; such exchanges are expected to go into effect later this year if such insurance is not offered through an employer.  Sample notice links from the Department of Labor are attached here (employers who offer a health plan) and here (employers who do not offer a health plan).

5. Does the ACA make any changes to COBRA that businesses must comply with?   Yes.

The ACA also requires businesses to notify any employees eligible to receive COBRA benefits that they are entitled to elect coverage under the Marketplace Exchange rather than COBRA.  

A link to the DOL website page regarding new sample COBRA notification forms is available here.

6. What exposure do businesses have if they are required to provide an ACA-compliant health care plan and fail to do so?  The penalties for non-compliance under the ACA range from $2,000 to $3,000 per Full Time employee for each year of non-compliance, with the amount of the fine dependent on the nature of the employer’s failure to comply with the law.

If a business fails to offer Full Time employees a healthcare plan, the ACA penalty is $2,000 per Full Time employee (after the first 30 Full Time employees) for any employee that would otherwise be eligible to receive coverage under an ACA-compliant plan from their employer.

If a business offers a plan to all Full Time employees, but the plan is not ACA-compliant, the business may be fined $3,000 for each Full Time employee that seeks health care coverage through a healthcare exchange rather than through the employer sponsored plan.

It is also important to note that because the Internal Revenue Service will be policing ACA compliance, an employer who fails to comply with ACA may expose itself to other federal investigations into employee matters, including a full IRS or Department of Labor audit.

In conclusion, every business MUST carefully consider as part of its planning whether it is subject to the ACA and take steps this year to come into compliance if necessary.  OlenderFeldman LLP is available to assist you in this regard and to make recommendations on health care consultants as well to develop and structure an ACA-compliant plan.  Please contact Howard Matalon, OF’s Employment Partner, for an evaluation of your ACA compliance requirements by email or by using our contact us form.

Support may be growing for allowing cybertheft victims to “hack back.” What are the privacy concerns of allowing hackbacks?

OlenderFeldman’s own Rick Colosimo wrote an interesting post regarding a WSJ article describing the idea of hacking victims “hacking back” on his personal blog. He writes:

The concept isn’t crazy (the article’s warning that hacking back at the Chinese Army might be trouble notwithstanding) — there is a general common law right to self-defense (you don’t have to let someone hit you), to defense of property (you don’t have to let someone steal your stuff), to defense of others (you can stop someone snatching another’s purse), and to peaceably reclaim property (you can walk down the block and take your bike back off the front lawn of the kid who took it). The rub with hacking back is that it is made illegal by the same law that makes the hacking illegal — that is, hacking, without regard to the underlying crime of theft of property or IP, is itself illegal. Half the point is that it gives prosecutors a way to get around the idea of whether copying data is crime and to cut off snooping before it turns into a more destructive hack.

 Later, discussing Professor Orin Kerr’s statment that “because it is so easy to disguise cyberattacks, there is a real risk that retaliatory measures could affect innocent bystanders, which raises a range of privacy concerns,” Rick writes:

If the person that is hacked back isn’t the actual hacker, then their information is exposed through no fault of their own and the original victim has now compounded the damage. That’s an actual concern, not some vague notion that is readily dismissed. It’s got a nice real-world parallel: if someone steals your bike, and you go to take it back but take the bike from someone who owns the same one and didn’t steal yours, that’s bad. We all understand that. Imagine: allowing people to reclaim property creates a range of ownership concerns.

 You can read the whole post here.

New Jersey Business Lawyers | OlenderFeldman LLPNew Jersey’s Revised Uniform Limited Liability Company Act — What all owners of New Jersey LLCs Need to Know



What is the New Jersey’s Revised Uniform Limited Liability Company Act? 

The Revised Uniform Limited Liability Company Act (“RULLCA”) replaces and expands New Jersey’s Uniform Limited Liability Company Act (“NJ ULLCA”) which was originally put in place to govern limited liability companies in January of 1994. RULLCA was officially enacted on March 18, 2013, and, at least for the next 11 months, applies only to LLCs formed after that date.   After March 1, 2014, the RULLCA will apply to all LLCs regardless of the date of formation.

How will the RULLCA affect your LLC?

The following is a brief summary of the most significant changes to the statute that may affect your LLC:

1. Fiduciary Duties

 Under the outgoing NJ ULLCA, LLC members owe fiduciary duties to other members.  (These are generally the duty of loyalty and the duty of care.) The duty of loyalty often involves avoiding conflicts of interest, however, the members could waive the fiduciary duty in the operating agreement. This framework allows many people to participate in multiple businesses outside an LLC even when those other activities might conflict with the LLC’s business.

RULLCA no longer permits the members to agree to waive certain rights, including fiduciary and other rights that they owe to each other, like the duty of good faith and fair dealing.  While this may not have significant impact on the operation of a company in the ordinary course, in disputes between members involving activities outside of the company, this can have a dramatic effect and provides an aggrieved member with significantly improved rights.

2. Distributions

Under the RULLCA, the default rule on distributions is that all profit available for distribution will be made to the members on a ‘per capita” distribution, meaning equal shares for each member, unless otherwise agreed to in the operating agreement. This change means that any LLCs that do not have an operating agreement and that have been distributing profit other than on an “equal share” basis, will be required to do so.

3. Disassociation

Under the NJ ULLCA, upon disassociation a member, absent a contrary provision in the operating agreement, is entitled to be paid the fair value of his or her interest in the company, which can be a financial stress on a business that might prefer to deploy its capital for growth. Under the RUCLLA, a “resigning” member is no longer automatically entitled to receive fair value; instead that person becomes dissociated as a member and assumes the rights of economic interest holder.  This change means that the member loses the right to participate in the governance of the company (as well as the potential liability associated with the operation of the company), but retains the rights to receive distributions of profit and of the company’s assets upon liquidation or dissolution.  Absent a provision in the operating agreement that requires the sale of the member’s interest upon disassociation, a member will neither be entitled to be bought out nor will the company have the right (or obligation) to do so (note that this can have the effect of enabling a member to cease participating in the business while continuing to profit from it, an outcome typically not desired by the remaining members).

4. Deadlock and Oppression

Under the NJ ULLCA, there are very few rights afforded to a minority member that is oppressed by the majority or, similarly, to resolve a deadlock between members.  As such, this issue is typically addressed in the operating agreement to ensure that the members have remedies in the event of oppression or deadlock.  The RULLCA provides express remedies for oppressed minority members: the right to seek the dissolution of the LLC or the appointment of a custodian.  These remedies give the oppressed minority substantial leverage to obtain a buyout or other relief relating to the operation of the company that it previously did not expressly have under the NJ ULLCA.


While it is good practice to have your LLC operating agreement reviewed every few years to ensure that it is consistent with the intentions and practices of the members, the changes effectuated by the RULLCA make it critical that every company’s operating agreement be updated to make sure that it consistent with the revisions to the law.