For the second year in a row, Christian has been recognized by his peers in Super Lawyers as a Rising Star. This distinction is limited to less than 2.5 percent of attorneys in New Jersey.

OlenderFeldman is proud to congratulate Christian Jensen on being named one of Super Lawyers’ 2014 Rising Stars. The New Jersey Rising Stars list is limited to lawyers who are 40 years old or less or have been in practice for 10 years or less and is comprised of no more than 2.5% of the lawyers in the state.

Christian focuses his practice with OlenderFeldman in the areas of complex commercial litigation and intellectual property litigation, including business and consumer fraud, construction and employment law. For more information about Christian please click here.

Effective immediately, all New Jersey employers are required to treat pregnancy as a protected characteristic under the New Jersey Law Against Discrimination (“NJLAD”), as well as to provide reasonable accommodations when a pregnant employee requests an accommodation based upon advice of her physician, unless it would cause an undue hardship to the employer. 

The purpose of this Client Alert is to address some of the Frequently Asked Questions we have received from our clients about the new amendment to the New Jersey Law Against Discrimination.

What types of reasonable accommodations must be afforded pregnant employees?

Reasonable accommodations include, among other things, bathroom breaks, breaks for increased water intake, periodic rest, assistance with manual labor, modified work schedules and temporary transfers to less strenuous or hazardous work.

What are the variables that determine whether a request for a reasonable accommodation would cause an undue hardship upon an employer? 

There are a number of factors that are evaluated under the NJLAD as to whether a reasonable accommodation actually causes an undue hardship, including, among other things, the size of the business, number of employees, type of operations, the composition of the work force, the nature and cost of the accommodation required, and whether the accommodation would require the employer to ignore or waive the employee’s essential job functions in order to provide the accommodation.

When is leave required?

Pregnant employees are entitled to paid or unpaid leave as a reasonable accommodation in the same manner provided to other employees not affected by pregnancy.  So, for example, if the employer has a disability leave policy, that policy must be adhered to for any pregnant employee.  We recommend that all employers consider the implementation of a disability leave policy, even if they are not required to provide leave under the Federal Family and Medical Leave Act (“FMLA”) or New Jersey Family Leave Act (“NJFLA”) due to the size of their business.   Such policy can flexibly permit employers to provide  reasonable accommodations while at the same time meet their business needs and objectives.

For example, employers can create an unprotected disability leave policy (assuming they do not have 50 or more employees, in which case they must provide leave under the FMLA or NJFLA) that requires their employees to exhaust their sick, vacation and personal days (paid time off) as a condition of taking such leave.  Where an employee requires additional time off beyond paid time off, the employee is placed on unpaid leave with no assurances of being returned to the position they held with the employer prior to taking such leave.  The employee’s ability to return to work following the end of his or her disability leave can be evaluated based upon on the employer’s business needs when the employee is in fact capable of returning to work.

Is a separate notice regarding reasonable accommodations or pregnancy discrimination required to be posted under the NJLAD?  

No.  The Division on Civil Rights requires employers to display the Division’s official poster in a place where it will be visible to employees and applicants.  We anticipate that the Division will amend its official poster and employers will be advised to display the new poster as soon as practicable thereafter.

OlenderFeldman LLP Data Protection and Privacy lawyers Michael Feldman and Jordan Kovnot will attend the International Association of Privacy Professionals (IAPP) Global Privacy Summit, to be held March 5-7 in Washington, D.C.

The event will feature thousands of privacy industry professionals participating in dozens of educational sessions ranging from FTC compliance, cloud computing, big data privacy, cybersecurity, data breach response, the NIST Cybersecurity Framerwork, COPPA and more. If you would like to meetup with Michael or Jordan, please send them an email or contact us using the contact form. We hope to see you there.

Collection of Location Data Enables Personalized Recommendations; Creates Privacy Concerns

Location data is becoming increasing valuable to companies, who can use this information to build detailed profiles of individual’s preferences and activities, including where they live, work and shop.  Location data can be collected from all Wifi-enabled smartphones, which have a persistent identifier that can be tracked without notifying the user.  Companies can also determine which Wi-Fi networks a phone has logged into.

Although this information can enable companies to provide individually tailored services and products, many have raised concerns about the privacy implications of this type of tracking. For example, a company could infer that an individual has a medical condition based on trips to health care providers.  Additionally, companies are increasingly able to connect online and offline behaviors into a composite profile.

Please click here to see Aaron Messing’s  interview with Fox News concerning location privacy.

OlenderFeldman’s own Aaron Messing was interviewed by U.S. News and World Report about when to give out your social security number and how to protect it, so that you can protect your privacy.

Most people get requests for their social security number on a regular basis, and it is often difficult to understand whether you are required to give that information or when it’s purely optional. In a recent U.S. News and World Report article, Aaron Messing provided some tips about determining when that information is required:

“It’s hard to tell whether a business is going to follow best practices,” says Aaron Messing, an information privacy attorney at OlenderFeldman LLP in New Jersey. “The best way to protect private information including Social Security numbers is to limit who has access to it.”

In addition to asking why your social security number is necessary and how it will be used, Aaron recommends offering an alternate identifier, such as a driver license number, being skeptical of emails and incoming phone calls and not oversharing online:

Don’t over-share online. Until 2011, the Social Security Administration assigned Social Security numbers in a predictable way. “If you share your birthday, age and place of birth, for example, on Facebook, studies have shown that Social Security numbers can be predicted based on publicly available information,” Messing says. “The Social Security Administration started randomly assigning Social Security numbers in June 2011 for that reason.” He recommends never publicly sharing your year of birth and choosing a different year when asked for online forms. “Add or subtract some years, as long as it’s a number you’ll remember,” he says.

 Read the whole article here. Aaron was previously quoted regarding privacy and protection of social security numbers for State Farm’s Good Neighbor magazine.

Affordable Care Act (ACA or "Obamacare") Legal Questions

In response to questions from concerned business owners, we’ve compiled answers to some of the frequently asked legal questions regarding complying with the Affordable Care Act, or “Obamacare”.

The Affordable Care Act: FAQ For Business Owners

Many businesses are still unaware that they must assess this year whether they are required under the Patient Protection and Affordable Care Act (“ACA”) — otherwise commonly referred to as “Obamacare” — to provide affordable healthcare to their Full Time employees when the health care plan mandate goes into effect on January 1, 2014.

Because of the complex nature of the ACA’s provisions and their nationwide impact, we have prepared this FAQ Sheet to explain in basic terms how the ACA works and to address the most common misunderstandings about the law itself by the business community. Remember: simple mistakes can often be costly to fix.

1. Do the ACA’s Health Care Plan Requirements apply to every business?   No. The ACA only applies to businesses having “Large Employer Status”, which is defined under the ACA as having 50 or more Full Time or Full Time Equivalent (“FTE”) employees.  

A Full Time employee under the ACA is someone who works an average of 30 hours per week (or 130 hours per month) as measured over a period of six (6) consecutive months in the 2013 calendar year.  Hours include both time worked and time paid but not worked (such as holidays, paid time off, and so forth).  But this is not the end of the assessment process because FTE employees also must be taken into account.

To protect against businesses trying to get around the 50 Full Time employee threshold by simply reducing the hours of a few employees below 30 hours per week, the ACA requires that an employer add together the total number of Full Time employees and FTEs for purposes of evaluating “Large Employer Status”.  The number of FTEs is determined by combining the number of hours of service in a given month for all employees averaging less than 30 hours of service per week and dividing that number by 120.  That calculation will yield the number of FTEs that must be added to the total number of Full Time employees to determine whether an employer meets the “Larger Employer Status” threshold.

Example: Business X has 42 Full Time employees and 20 employees who each work on average 80 hours per month.  Using the calculation set forth above, those 20 employees would translate into 13 FTEs  (20 x 80/120).  The total of Full Time employees and FTEs at Business X would therefore be 55 and trigger “Large Employer Status.”  Business X must therefore provide an ACA-compliant health care plan for its Full Time employees in 2014.

2. If a business qualifies as a “Large Employer” under the ACA, does it need to provide healthcare plans for all company employees?  No.

Businesses that are required to have an ACA-compliant plan only need to provide health care benefits to Full Time employees (i.e., those working 30 hours or more per week). 

3. What does a business need to include in its health care plan to become “ACA-compliant”? ACA-compliant Plans must: (A) be “Affordable”; (B) Provide “Essential Benefits”; and (C) Cover 60% of the Plan Cost (otherwise known as “Minimum Value”). 

The Affordability Test.

In order to meet ACA’s definition of an “Affordable” health care plan, the lowest cost option for a Full Time employee’s individual coverage must be less than 9.5% of the employee’s modified adjusted gross household income.  Businesses can evaluate whether they satisfy the 9.5% threshold of an individual employee’s AGI by looking to Box 1 of an employee’s Form W-2 Wages.

Example: Employee X has W-2 Wages of $30,000.  The health care plan requires the employee to contribute $200 per month for individual coverage (or $2,400 per year).  The coverage would therefore meet ACA’s definition of Affordable.  If the plan were to require the employee to contribute $250 per month (or $3,000 per year) it would exceed the 9.5% threshold and therefore the plan would not satisfy the affordability standard.

The “Essential Benefits” Requirements.

An ACA-compliant Plan must also contain “Essential Benefits” unless the plan is grandfathered under the ACA (and most existing plans do not qualify for grandfathered status for reasons not addressed here – consult your healthcare consultant or provider for details).

Such Essential Benefits must include at a minimum:

  • Ambulatory patient services, such as doctor’s visits and outpatient services;
  • Emergency services;
  • Hospitalization;
  • Maternity and newborn care;
  • Mental health and substance use disorder services, including behavioral health treatment;
  • Prescription drugs;
  • Rehabilitative and habilitative services and devices;
  • Laboratory services;
  • Preventive and wellness services and chronic disease management; and
  • Pediatric services, including oral and vision care.

 

In addition, an Essential Benefits small group Plan is subject to annual deductible limits ($2,000 for self coverage and $4,000 for family) and all plans are subject to annual out-of-pocket maximums for Essential Benefits.  For 2014, the out-of-pocket maximums are $6,350 for individual coverage and $12,700 for family coverage.

The “Minimum Value” Test

“Minimum Value” under the ACA means that the employer’s share of its sponsored plan is at least 60% of the total cost of the plan.

Both the CMS.gov and IRS.gov websites have a Minimum Value Calculator that can be downloaded as an Excel Spreadsheet and used by the employer to determine whether its sponsored Plan meets the Minimum Value requirements.  This calculation can easily be handled by health care benefits consultants, who will be able to recommend approaches to health care plans to insure minimum value is achieved.

4. Do businesses have any obligation to notify employees of their rights under the ACA regardless of whether or not they are providing an ACA-compliant Plan in 2014?  Yes.

On or before October 1, 2013, all businesses that would otherwise be subject to the Fair Labor Standards Act (which includes any business in the United States with annual dollar volume of sales or receipts in the amount of $500,000 or more) must provide ACA notification advising employees of their rights and whether the employer will be providing an ACA-compliant plan. 

This notice is known as a “Marketplace Exchange Notice,” which relates to the fact that individuals can obtain health care subsidies or purchase health care through State Marketplace Exchanges; such exchanges are expected to go into effect later this year if such insurance is not offered through an employer.  Sample notice links from the Department of Labor are attached here (employers who offer a health plan) and here (employers who do not offer a health plan).

5. Does the ACA make any changes to COBRA that businesses must comply with?   Yes.

The ACA also requires businesses to notify any employees eligible to receive COBRA benefits that they are entitled to elect coverage under the Marketplace Exchange rather than COBRA.  

A link to the DOL website page regarding new sample COBRA notification forms is available here.

6. What exposure do businesses have if they are required to provide an ACA-compliant health care plan and fail to do so?  The penalties for non-compliance under the ACA range from $2,000 to $3,000 per Full Time employee for each year of non-compliance, with the amount of the fine dependent on the nature of the employer’s failure to comply with the law.

If a business fails to offer Full Time employees a healthcare plan, the ACA penalty is $2,000 per Full Time employee (after the first 30 Full Time employees) for any employee that would otherwise be eligible to receive coverage under an ACA-compliant plan from their employer.

If a business offers a plan to all Full Time employees, but the plan is not ACA-compliant, the business may be fined $3,000 for each Full Time employee that seeks health care coverage through a healthcare exchange rather than through the employer sponsored plan.

It is also important to note that because the Internal Revenue Service will be policing ACA compliance, an employer who fails to comply with ACA may expose itself to other federal investigations into employee matters, including a full IRS or Department of Labor audit.

In conclusion, every business MUST carefully consider as part of its planning whether it is subject to the ACA and take steps this year to come into compliance if necessary.  OlenderFeldman LLP is available to assist you in this regard and to make recommendations on health care consultants as well to develop and structure an ACA-compliant plan.  Please contact Howard Matalon, OF’s Employment Partner, for an evaluation of your ACA compliance requirements by email or by using our contact us form.

Support may be growing for allowing cybertheft victims to “hack back.” What are the privacy concerns of allowing hackbacks?

OlenderFeldman’s own Rick Colosimo wrote an interesting post regarding a WSJ article describing the idea of hacking victims “hacking back” on his personal blog. He writes:

The concept isn’t crazy (the article’s warning that hacking back at the Chinese Army might be trouble notwithstanding) — there is a general common law right to self-defense (you don’t have to let someone hit you), to defense of property (you don’t have to let someone steal your stuff), to defense of others (you can stop someone snatching another’s purse), and to peaceably reclaim property (you can walk down the block and take your bike back off the front lawn of the kid who took it). The rub with hacking back is that it is made illegal by the same law that makes the hacking illegal — that is, hacking, without regard to the underlying crime of theft of property or IP, is itself illegal. Half the point is that it gives prosecutors a way to get around the idea of whether copying data is crime and to cut off snooping before it turns into a more destructive hack.

 Later, discussing Professor Orin Kerr’s statment that “because it is so easy to disguise cyberattacks, there is a real risk that retaliatory measures could affect innocent bystanders, which raises a range of privacy concerns,” Rick writes:

If the person that is hacked back isn’t the actual hacker, then their information is exposed through no fault of their own and the original victim has now compounded the damage. That’s an actual concern, not some vague notion that is readily dismissed. It’s got a nice real-world parallel: if someone steals your bike, and you go to take it back but take the bike from someone who owns the same one and didn’t steal yours, that’s bad. We all understand that. Imagine: allowing people to reclaim property creates a range of ownership concerns.

 You can read the whole post here.

New Jersey Business Lawyers | OlenderFeldman LLPNew Jersey’s Revised Uniform Limited Liability Company Act – What all owners of New Jersey LLCs Need to Know

 

 

What is the New Jersey’s Revised Uniform Limited Liability Company Act? 

The Revised Uniform Limited Liability Company Act (“RULLCA”) replaces and expands New Jersey’s Uniform Limited Liability Company Act (“NJ ULLCA”) which was originally put in place to govern limited liability companies in January of 1994. RULLCA was officially enacted on March 18, 2013, and, at least for the next 11 months, applies only to LLCs formed after that date.   After March 1, 2014, the RULLCA will apply to all LLCs regardless of the date of formation.

How will the RULLCA affect your LLC?

The following is a brief summary of the most significant changes to the statute that may affect your LLC:

1. Fiduciary Duties

 Under the outgoing NJ ULLCA, LLC members owe fiduciary duties to other members.  (These are generally the duty of loyalty and the duty of care.) The duty of loyalty often involves avoiding conflicts of interest, however, the members could waive the fiduciary duty in the operating agreement. This framework allows many people to participate in multiple businesses outside an LLC even when those other activities might conflict with the LLC’s business.

RULLCA no longer permits the members to agree to waive certain rights, including fiduciary and other rights that they owe to each other, like the duty of good faith and fair dealing.  While this may not have significant impact on the operation of a company in the ordinary course, in disputes between members involving activities outside of the company, this can have a dramatic effect and provides an aggrieved member with significantly improved rights.

2. Distributions

Under the RULLCA, the default rule on distributions is that all profit available for distribution will be made to the members on a ‘per capita” distribution, meaning equal shares for each member, unless otherwise agreed to in the operating agreement. This change means that any LLCs that do not have an operating agreement and that have been distributing profit other than on an “equal share” basis, will be required to do so.

3. Disassociation

Under the NJ ULLCA, upon disassociation a member, absent a contrary provision in the operating agreement, is entitled to be paid the fair value of his or her interest in the company, which can be a financial stress on a business that might prefer to deploy its capital for growth. Under the RUCLLA, a “resigning” member is no longer automatically entitled to receive fair value; instead that person becomes dissociated as a member and assumes the rights of economic interest holder.  This change means that the member loses the right to participate in the governance of the company (as well as the potential liability associated with the operation of the company), but retains the rights to receive distributions of profit and of the company’s assets upon liquidation or dissolution.  Absent a provision in the operating agreement that requires the sale of the member’s interest upon disassociation, a member will neither be entitled to be bought out nor will the company have the right (or obligation) to do so (note that this can have the effect of enabling a member to cease participating in the business while continuing to profit from it, an outcome typically not desired by the remaining members).

4. Deadlock and Oppression

Under the NJ ULLCA, there are very few rights afforded to a minority member that is oppressed by the majority or, similarly, to resolve a deadlock between members.  As such, this issue is typically addressed in the operating agreement to ensure that the members have remedies in the event of oppression or deadlock.  The RULLCA provides express remedies for oppressed minority members: the right to seek the dissolution of the LLC or the appointment of a custodian.  These remedies give the oppressed minority substantial leverage to obtain a buyout or other relief relating to the operation of the company that it previously did not expressly have under the NJ ULLCA.

Conclusion

While it is good practice to have your LLC operating agreement reviewed every few years to ensure that it is consistent with the intentions and practices of the members, the changes effectuated by the RULLCA make it critical that every company’s operating agreement be updated to make sure that it consistent with the revisions to the law.

OlenderFeldman LLP

New Law Significantly Limits Viability of Certain Shareholder Derivative Suits in New Jersey

On April 2nd, New Jersey Governor Chris Christie signed bill A-3123 into law and in doing so, significantly revised the law in New Jersey regarding shareholder derivative proceedings under N.J.S.A. §14A:3-6, etseq. The stated purpose of the new law is to temper derivative lawsuits brought by shareholders against a corporation, its directors or majority shareholders and to make efforts to curb excessive and unnecessary litigation costs on New Jersey corporations.  Beyond this succinct goal, an ancillary intent of the law is to encourage corporations to continue to incorporate in New Jersey by making the state more corporate friendly.

Notable changes  include the following:

As a precondition to suit, a shareholder must make a written demand to the corporation to take suitable corrective action and allow the corporation 90 days to investigate and respond to the demand unless “irreparable injury to the corporation would result by waiting.”  This 90 day waiting period is a akin to a tort claims notice and is intended to give corporations adequate time to remedy potentially minor issues before dealing with the costs and expense of litigation.

In the event that a plaintiff challenges a company’s actions in suit after the demands made in the 90 day letter are rejected, he/she/it must allege with particularity that the decision was improper and show any rejection was in bad faith or not made by “independent directors.”   A status as a litigant does not divest a director of independence and unless the independence of the directors is challenged successfully, the plaintiff must show bad faith on the part of the entity.

The law increases the interest requirement that a plaintiff must hold an entity to avoid the posting of security against the possible award of attorney’s fees and costs. If litigant a holds less than 5% of the outstanding shares of any class or series of the corporation, unless the shares have a market value in excess of $250,000, the corporation can require the plaintiff to give security for the reasonable expenses, including attorney’s fees.  This will hopefully dissuade minority shareholders from filing suits with questionable merit.

The law requires that a plaintiff remain a shareholder throughout any initiated litigation so that it can adequately and fairly represent the corporation’s interests.  Prior to this change, the shareholder merely had to be a shareholder at the time suit was filed.

The law applies to both derivative proceedings brought on behalf of single shareholders as well as class actions.

A corporation can move for dismissal of a suit, after a good faith investigation, and assert that the derivative proceeding is not in the best interest of the corporation on the grounds that its board is independent and acted in good faith.  Such a motion will be granted unless the court finds otherwise or the shareholders rebut the corporation’s supporting facts.

The court must stay discovery until ruling on the motion to dismiss, but can order limited discovery if the plaintiff shows a lack of independence or good faith.

The court must approve any settlement or dismissal.

The court can award expenses to the plaintiff if the proceedings result in a substantial benefit to the corporation, or to the defendant if the case was commenced or maintained without reasonable diligence or reasonable cause or for an improper purpose.

For these new provisions to apply, existing corporations must amend their certificate of incorporation and explicitly adopt these provisions.

For more information about this new law and how it may impact your business please contact Olender Feldman LLP, or review our additional  business legal resources here.

 

The consequences of failing to develop employment-hiring materials can be devastating. So why do many employers fail to develop a basic set of documents governing the employment relationship with new hires?

Howard Matalon notes that although employment documents can be developed in a very cost-effective manner, many employers fail to give consideration to such documents until it is too late.  and no employer can afford to build a business without them. “Employers must reprioritize the importance of employment hiring practices and make them an actual part of their business model,” says Matalon.   Compliance as an afterthought has become an extremely expensive prospect for the unfortunate employers who ignore their human resource obligations.”

For these reasons, all employers must take a methodical approach to their hiring practices and procedures and treat these processes as seriously as they would every other critical aspect of their business. Read the full article regarding employment hiring practices.

In this age of social media and ubiquitous photography, what are your rights as a photographer? What privacy laws do you need to be concerned with?

OlenderFeldman LLP’s Aaron Messing was interviewed by Dave Johnson of Techhive.com about the rights and obligations of photographers, especially concerning privacy:

First, the good news: Most people, most of the time, can simply take pictures and not worry about what is legal and what isn’t. As a general rule, you can use a camera to take photos in public—on streets, on sidewalks, and in public parks—without restriction. As Aaron Messing, an attorney at OlenderFeldman LLP, puts it, “What can be seen from public can be photographed.”

[However,] [e]ven in the United States, Messing notes, photography can be prohibited around military locations and sensitive energy installations. And it gets more complicated from there. Remember that you can’t shoot on private property with the same impunity as in public. And sometimes it’s not easy to tell.

Read the whole article over at Techhive.

What is the best way to protect against employee lawsuits?

We recently received an inquiry about the best ways for businesses to protect against employee lawsuits. We’ve found that most employee lawsuits occur due to low morale, unaddressed personality conflicts, disparate productivity between employees and/or failure to give effective performance reviews. Of course, it is always important to have effective, well-drafted legal documents and policies that clearly delineate employee rights and obligations from the outset, which will help your business win lawsuits . However, the easiest way to protect your business from lawsuits is by preventing them in the first place. This means ensuring a good working environment, keeping employees happy, and giving employees recourse to deal with the issues that come up in the workplace, ideally through a dedicated and effective HR representative.

OlenderFeldman LLP Data Protection and Privacy lawyers Michael Feldman and Aaron Messing will attend the International Association of Privacy Professionals (IAPP) Global Privacy Summit, to be held March 6-8 in Washington, D.C.

The event will feature thousands of privacy industry professionals participating in dozens of educational sessions. If you would like to meetup with Michael or Aaron, please send them an email or contact us using the contact form. We hope to see you there.

In honor of Data Privacy Day, Cyber Data Risk Managers asked top industry experts their thoughts on what they think, feel and should happen in 2013 as it pertains to Data Privacy, Information Security and Cyber Insurance and what steps can be taken to mitigate risk.

Cyber Data Risk Managers asked many top privacy and data security experts, including Dr. Larry Ponemon, Rick Kam, Richard Santalesa and Bruce Schneier, their thoughts on what to expect in 2013. OlenderFeldman LLP’s information privacy lawyer Aaron Messing contributed the following quote:

2012 was notable for several high-profile breaches of major companies, including LinkedIn, Yahoo!, and Zappos, among others. As businesses move more confidential and sensitive data to the cloud (especially in the aftermath of Hurricane Sandy’s devastation and the havoc it wreaked on businesses with locally-based servers), data security obligations are of paramount importance. Businesses should expect more notable data breaches, more class-action lawsuits, and federal legislation concerning data breach obligations in 2013.

To protect themselves, business should: (i) require that cloud providers and other third-party vendors provide them with a written information security plan containing appropriate administrative, technical and physical security measures to safeguard their valuable information; and (ii) ensure compliance with those obligations by drafting appropriate contractual provisions that delineate indemnification and data breach remediation obligations, among others. In particular, when using smaller providers, businesses should consider requiring that the providers be insured, so that they will be able to satisfy their indemnification and remediation obligations in the event of a breach.

Give the 2013 Data Privacy, Information Security and Cyber Insurance Trends report a read.

 

Social networking sites, such as Facebook and MySpace, have become repositories of large amount of personal data. Increasingly this data is being viewed as relevant to all manner of litigation proceedings, and as such is increasingly being sought during discovery in civil litigation. Business and individuals that use social networking services should be aware of what data they put on social networking sites, as it could end up in court.

By Adam Elewa

In litigation, businesses or individuals must routinely comply with a process known as discovery, where both parties are compelled by the court to produce relevant documents concerning the issues in dispute to the opposing party. There are only a few areas that are off-limits to opposing counsel in discovery, such as privileged conversations between a lawyer and his client. With the proliferation of social networking, and the large amount of personal information being shared and stored in the cloud, lawyers now routinely attempt to compel disclosure of social networking profiles during discovery.

In general, courts have declined to find a general right of privacy in the information stored on social networking websites. Constitutional protections of privacy do not apply to private parties, only agents of the government. The current trend, reinforced by a recent federal court case in Montana, is to let the rules of civil procedure concerning discovery dictate how much and what kind of data posted to social networking sites must be turned over to the adversarial party. See, e.g., Keller v. National Farmers Union Property & Cas. Co., 2013 WL 27731 (January 2, 2013). Although judges have discretion in applying the rules of discovery, a consensus seems to be forming.

Courts have been clear that adversarial parties cannot compel the disclosure of social networking profiles without some reasonable belief that such information is relevant to the case at issue. In other words, lawyers cannot go on “fishing expeditions” by demanding the maximum amount of data be disclosed, in the hopes that something interesting will turn up.

However, courts have shown a willingness to disregard privacy settings and/or subjective expectations of privacy held by users of social networking websites when deciding whether to compel disclosure. In such instances, courts often rely on publicly shared information to determine whether private information is likely to be relevant. A public photo that is relevant to the litigated issue can be taken as an indication that more relevant information is likely to be lurking on the hidden portions of the user’s profile. Of course, making data unviewable by the public may make it more difficult for an adversarial party to demonstrate that a profile contains relevant information, and thus should be subject to discovery. Regardless, it is important to keep in mind the limits of privacy on Facebook and other social media sites.

Cases where lawyers have been successful demonstrating that information contained on social networking sites was likely to be relevant tend to share similar characteristics. Many of such cases concern private matters that would likely be shared, as a matter of social practice, on social networking sites. For example, the plaintiff in Keller alleged that the defendant’s actions had caused major disruptions to her social life. Lawyers for the defense successfully argued that the women’s social networking profile likely contained information that could demonstrate whether her life was in fact severely disrupted by the defendant’s alleged negligence.

Additionally, lawyers were able to support the contention that private aspects of an individual’s profile likely contained relevant information by reference to non-hidden or publicly viewable aspects of that individual’s profile. For example, in Keller, the contention that the plaintiff’s private profile contained information relevant to her quality of life was bolstered by publicly viewable images showing recent physical activity of a kind claimed by the plaintiff to be impossible.

Businesses seeking to communicate via social networking platforms or reach clients should be aware that such communications and business activities are likely discoverable in litigation. Individual and businesses should be mindful that:

  • Although social networking sites have “privacy” settings, these settings can be deemed legally irrelevant if the information contained on such platforms can be shown to be relevant to pending litigation.
  • Information that is publicly viewable can be used for any purpose by an opposing party. Public indications that a profile is used for business related communications might allow that profile to be subject to discovery where such communications are at issue. Thus, business and individuals should always be mindful of the evolving privacy polices of sites they transact business.

Finally, litigants should bear in mind that while social media evidence may be relevant to litigation, it is important not to make discovery requests overbroad. For the best likelihood of success, social media discovery requests should be narrowly tailored to produce evidence directly pertinent to the issues, rather than engaging in a fishing expedition.

When should you provide your social security number? State Farm asked us when sharing is required.

State Farm contacted OlenderFeldman LLP‘s Aaron Messing to ask when sharing your social security number is appropriate:

Think before revealing your Social Security Number (SSN). Its unauthorized use could lead to privacy invasion and identify fraud. Aaron Messing, an information privacy attorney at OlenderFeldman LLP, says sharing is generally required by law only for:

  • Records of financial transactions in which the IRS is interested (banking, stock market, investment, property, insurance or other financial transactions
  • Employment records
  • Driver’s license applications
  • Government benefit applications (Medicade, student loans, etc.)
  • Joining the armed forces
  • Obtaining some professional or recreational licenses

You can see the Fast Tracks article here.

Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an European Union directive on data protection and privacy in the digital age, which has been recently updated to require informed consent for non-essential cookies.

Many of our clients transact business internationally and have websites that target European users. The European Union’s E-Privacy Directive (the “Directive”), implemented in May 2012, requires that websites obtain informed consent from users prior to storing cookies on a device.  The Financial Times recently reported that the Information Commissioner’s Office (ICO) is beginning to crack down on non-compliant companies. If a website is found to be non-compliant, the ICO can issue fines of up to £500,000 ($807,450).

Cookies are small data files sent from a website and stored in a user’s web browser while a user is browsing a website, and are commonly used for remembering preferences and tracking user activity. Although the Directive exempts some cookies from the informed consent requirement, most commonly found cookies, such as third-party analytics, personalization and other persistent cookies are not exempt.  Generally speaking, if your website uses technology to track users, you need their consent to do so.

There are a few basic steps to take in order to comply with the Directive. First, audit your tracking technologies to determine what cookies, if any, your website places. You may be surprised at what is going on behind the scenes. Categorize your cookies into groups (i.e., necessary service/function cookies, analytical cookies, advertising cookies, etc.) so that you can better explain the types of cookies used on your site.

Next, update your privacy policy to ensure that it accurately reflects what is actually going on under the hood of your website.  Once your privacy policy is up-to-date and accurate, you should consider how you want to inform your users of your cookie policies. Simply relying that users might have read your privacy policy is no longer considered sufficient. Instead, many websites are implementing banners, headers, footers or splash screens that are designed to ensure informed consent.

According to the Financial Times, the European Union has been aggressively enforcing compliance with the Directive and recently increased the size of its enforcement team by 60 percent to investigate infringements. All companies that use cookies on their websites and are subject to European Union jurisdiction should ensure that their site is updated to comply with the Directive.

We often receive questions about how to choose an attorney or law firm  that is suitable for your particular issue or business. Here are some considerations to keep in mind.

There are a number of consideration that go into vetting an appropriate attorney. The first, and arguably most important, is ensuring that your attorney understands business relationships and how companies function. While many lawyers are technically proficient in the law, it is important to ensure that your attorney understands, and craft legal solutions specific to, your business and industry. Your attorney should be practical and be able to develop solutions that not only address your requirements, but also those with whom you wish to do business with or interact with. In the negotiating process, many attorneys make unrealistic demands based on idealistic desired outcomes, or are unwilling to consider strategic compromises in order to make sure an agreement is actually reached. This ultimately works against your ultimate interests, as the job of your attorney is to make sure that your goals are accomplished with a minimum of time, effort and cost.

You should also ensure that your attorney has subject matter experience, both in the industry and specific to the work to be performed. This enables the attorney to work efficiently, and minimize cost and time. This is an important consideration that is often overlooked and bears emphasis. Hourly rates are actually less important than the ability to execute work efficiently. If an attorney is learning “on the go”, they will ultimately end up being more expensive than a lawyer who has experience in the industry and subject matter, even if the inexperienced lawyer’s hourly rates are cheaper.

Finally, you should ensure that the attorney is accessible, and that if work is to be delegated, that your attorney retains constant oversight of subordinates, rather than just handing off the work.

The Federal Trade Commission has proposed revisions that will bring the Children’s Online Privacy Protection Act in line with 21st century technology, largely targeting social networks and online advertisers.

By Alice Cheng

Based on comments solicited last year, the Federal Trade Commission (FTC) has posted proposed revisions to the Children’s Online Privacy Protection Act (COPPA). The Act, which has not been updated since its inception in 1998, may be extended to include social networks and online advertisers.

According to the current regulations, COPPA applies only to website operators who know or have reason to know that users are under the age of 13, requiring the sites to obtain parental consent before any collection of data. In the past decade, an increased ability to harvest consumer information has necessitated revisions. In a FTC staff report conducted earlier this year, the Commission addressed a growing need for app stores and app developers to provide more information regarding their data collection practices to parents. With the proposed changes posted today, the FTC plans to update COPPA to respond to modern concerns surrounding social networking sites, advertising networks, and applications. Under the proposed changes, such third parties may be held responsible for unlawful data collection practices when they know or have reason to know that they are connecting to children’s websites. Mixed audience websites may have to screen all visitors in order for COPPA regulations to apply to users under 13 years of age. Additionally, restrictions on advertising based on children’s online activity may be tightened.

 The FTC will be accepting public comment to the proposed rules via the FTC website. Comments will be accepted until September 10, 2012.

Several House lawmakers have sent letters to nine major data broker firms, seeking transparency on data practices.

By Alice Cheng

Last week, eight House members, including Congressional Bi-Partisan Privacy Caucus chairmen Ed Markey (D-Mass.) and Joe Barton (R-Tex.), sent letters to nine major data broker firms, asking for information on how they collect, assemble, maintain, and sell consumer information to third parties.

The letter references a recent New York Times article profiling data broker Acxiom, which may have spurred the lawmakers’ decision to target the firms. Data brokers are large firms that aggregate information about hundreds of millions of consumers, selling them to third parties for marketing, advertising, and other purposes.  Oftentimes, profiles of consumers are created to reflect spending habits, political affiliation, and other behavioral information. As the article explains, the issue with these activities is that they are largely unregulated, largely unknown to the general public, and are often be difficult to opt out of.

Privacy advocates, lawmakers, and often the Federal Trade Commission have made continued moves towards increased transparency of the activities of data brokers. A statement explains that, in sending the letter to the nine firms, the lawmakers in the Bi-Partisan Privacy Caucus seek to obtain information on the brokers relating to  “privacy, transparency and consumer notification, including as they relate to children and teens.”