A company’s social media page, profile and accounts (and its followers and other connections) are generally considered to be valuable business assets. Recent court decisions illustrate the importance of clear policies and procedures to address ownership and appropriate use of business-related social media assets.

While most businesses recognize the importance of maintaining a minimum Internet presence, an increasing number of businesses are attempting to impact consumers where they congregate most: in social media. The benefits of maintaining an active social media presence include developing loyal relationships with customers, leveraging those relationships into quantifiable, networked campaigns, and refining your brand with niche audiences. Because of both the company resources spent developing these channels as well as their potential value/return, it is important to remember that social media accounts are company assets and should be protected accordingly through policies and procedures, as would any other company intellectual property.

While major brands often farm out social media management and content creation to marketing firms, small or medium sized business often do not have this financial flexibility. Accordingly, chances are a member of management of the employees, takes on this role. In that case, with both personal and business interests in the same sphere it is especially crucial set clear expectations and boundaries around social media responsibilities in the workplace and the ownership of your business’ accounts and content.

As a recent case in Texas (In re CTLI, LLC, 2015 Banker. LEXIS 1117 (Bankr. S.D. Tex. 2015)) makes clear, when it comes to social media, the line between personal and professional can be blurry and when companies fail, or when partnerships falter, ownership of social media accounts can result in costly litigation.

The dispute in CTLI centered on ownership of the Facebook account for a firearms business. The account was run by one of the business’ owners who posted a mixture of professional content promoting the business, and personal content reflecting his interests, activities and opinions. When the business filed for Chapter 11 protection, the social media-savvy former owner refused to relinquish control of the Facebook account, claiming that the amount of time, goodwill and his own personality that he had invested into developing the account entitled him to ownership. The U.S. Bankruptcy court ultimately disagreed and ruled that the account was property of the business but not before wading through the thorny issues of personal privacy, contract interpretation relating to Facebook’s terms and conditions, and the separation of personal and business assets.

Some important lessons for your business to keep in mind:

  • Have a written Technology Use and Social Media Policy in place for all of your employees to read and sign. These policies should include parameters for appropriate uses of company technology, guidelines on how to discuss your company online and in social media (even when your employees are using their own personal accounts), and clear definitions concerning who owns what when it comes to devices and accounts.
  • While interacting with consumers can be great for business consider prohibiting your social media managers from sending direct/private messages from your customer-facing business accounts. While you may permit employees to send personal emails from their work computers, this is very different than sending a personal message emanating from your company’s branded Facebook or Twitter account.
  • Social media marketing allows for a more nuanced line between personal and professional content. Something that you might consider to be a personal comment could be seen in court as an attempt to integrate your business’ brand with your target customers or your local community. Just because you are posting casual or personal items from your official business account does not mean that the accounts belong to you or your employees.
  • An effective social media manager may be able to generate hundreds or thousands of followers or fans for your business, but it is important for them to know that it is the business, and not the employee, who ultimately owns those accounts and the followers that go with it, no matter how much of themselves and their personality the employee has poured into developing the accounts.
  • Maintain a record of all of your social media account credentials like account names, user handles, and passwords. Employees should be prohibited from altering these credentials or using their own passwords. In the event that you need to remove an employee’s access this will help you avoid being in the position of demanding passwords which the employee may be also using for private, personal accounts.

If you need help drafting an effective Technology Use or Social Media Policy for your business or simply have questions about the benefits and risks of leveraging social media to help your business grow, contact OlenderFeldman LLP.

The Federal Americans with Disabilities Act, the New  Jersey Law Against Discrimination and the New Jersey Pregnancy Discrimination and Accommodation Law each impose significant obligations on employers, who are required to provide reasonable accommodations to employees.

There is a considerable amount of confusion on the part of many New Jersey employers as to their obligation to provide reasonable accommodations for those who are disabled or pregnant.  As of January 2014, with the passage of the New Jersey Pregnancy Discrimination and Accommodation Law, pregnancy is now its own protected class and pregnant employees are entitled to accommodations regardless of whether they suffer from a disability relating to the pregnancy.  This FAQ will address at a basic level the most important aspects of employment law as it pertains to reasonable employee accommodations. Of course, don’t miss our other posts about protecting against employee lawsuits, employer compliance with the Affordable Care Act (Obamacare), employee privacy obligations and other employment hiring practices.

Q:        What is a reasonable accommodation? 

 A:        Under the Federal Americans with Disabilities Act (“ADA”) or the New Jersey Law Against Discrimination (“NJLAD”), a reasonable accommodation is defined as a practical change to a job description or work situation needed to support the employment of a qualified disabled person or someone with a special need in that capacity.  Reasonable accommodation also refers to modifications made by an employer to assist qualified disabled persons in enjoying the same rights and privileges that other employees of an equal level enjoy.

 Q:        What is a disability?

 A:        A disability under the ADA (which is constantly expanding and is considered a fairly universal definition from an employment standpoint) includes impairments (mental or physical) which substantially interfere with one or more major life activities such as walking, bending, sitting, pushing, pulling, holding, stooping, climbing a ladder, or stairs, running, jogging, breathing, shopping, dressing, bathing, eating, concentrating, listening, communicating and so forth.  Even episodic conditions (i.e., epilepsy, migraine headaches and so forth) can be deemed disabling if, when active, such conditions interfere with one or more major life activities.

 Q:        Who has to request or propose the accommodation?

 A:        The employee must request the accommodation, and the accommodation must be communicated as clearly and specifically as possible.  Specificity with regard to the accommodation is crucial, because a vague request such as a lateral transfer, etc. can be easily (and legally?) denied by the employer saying there are no such positions.

 Q:        What are the employer’s obligations once an accommodation has been requested?

 A:        Once an employee requests an accommodation, both the employer and employee have to engage in what is known as an “interactive process.”  That means that the employee and the employer must actively work together on a solution to come up with an accommodation.  Unilateral demands on the part of the employee or unilateral denials on the part of the employer are not interactive and would violate the requirements of the ADA or NJLAD.

 Q:        What are the limits on the accommodation that must be provided to qualifying employees?

A:        The accommodation must be reasonable.  That means that the employee must be able to perform the functions of his or her job with the accommodation and without causing undue hardship.  Undue hardship means an action that would be unduly costly, excessive, substantial or disruptive in relation to the size, resources, nature, and structure of the employer’s operation.  For example, an outside sales representative who is required to travel the majority of the time to secure business opportunities or meet with clients and who cannot perform job functions from an office location cannot claim as a reasonable accommodation to be permitted to work from home for the remainder of his/her disability or employment.

Q:        Does a New Jersey employer need to provide a reasonable accommodation in New Jersey if it has less than 25 employees?

A:        Yes.  Although the reasonable accommodation requirements of the ADA only apply to employers who employ 25 or more employees, the NJLAD also requires employers to provide reasonable accommodations for disabled and pregnant workers regardless of the number of employees they have. 

Q:         Does a New Jersey employer need to provide a reasonable accommodation to a pregnant worker who is not disabled?

A:        Yes.  Under the New Jersey Pregnancy Discrimination and Accommodation Law (which became effective as of January 21, 2014), employers who know or should know that an employee is pregnant or recovering from pregnancy cannot discriminate against the employee in terms and conditions of employment.

Prior to the law’s enactment, pregnancy was not considered as a protected class under the NJLAD (meaning that an employee could not sue for discrimination under that law) unless there were complications associated with the pregnancy that could cause the pregnancy to come within the definition of a disability.  The new law requires employees to treat pregnant employees no less favorably than non-pregnant employees in their employment policies even if they are not suffering from any pregnancy related complications.

The law also specifically requires employers to provide pregnant employees with reasonable accommodations relating to the pregnancy upon the advice of the employee’s physician.  The law provides a non-exhaustive list of examples of accommodations which include bathroom or water intake breaks, rest breaks, assistance with manual labor, job restructuring or modifying work schedules and temporary transfers to less hazardous or strenuous jobs.  As in the case of reasonable accommodations for disabled employees, employers must grant the employee’s request for a pregnancy accommodation unless doing so would cause an undue burden upon the their operations.

This FAQ merely scratches the surface of the requirements imposed upon all New Jersey employers to provide reasonable accommodations to their employees.  Needless to say, it is incumbent upon all New Jersey employers to review their employment policies with counsel to insure that they are compliant with this area of employment law.

If you have any questions concerning this important FAQ, please contact Howard A. Matalon, who leads the firm’s Employment Law practice group.

Startup companies and entrepreneurs love to innovate. A good lawyer can help startups push the envelope while avoiding rookie mistakes.

While all resources are given a premium with a burgeoning company, NJ Tech Weekly polled some of New Jersey’s top professionals – including OlenderFeldman LLP partner Christian Jensen — for their thoughts on the one major mistake that startups make that can be avoided with the right professional advice.  Among the number of issues faced including entity choice, equity issues and privacy policy/terms and conditions, Chris spoke about the importance of delineating employee issues – both through classification and contract – at the outset of a business. Give the entire article a read here. You can also read more about common legal mistakes made by small businesses

Effective March 1, 2015, many New Jersey employers will be prohibited from making inquiries into an applicant’s criminal record on employment applications. The following is a brief list of Frequently Asked Questions concerning the new Opportunity to Compete or “Ban the Box” law.

1. Does the law apply to all New Jersey employers? No.

The law only applies to employers with 15 or more employees who conduct business, employ persons or take applications for employment within the State of New Jersey.

2. Does the law prohibit employers from making any inquiry regarding an applicant’s criminal record at any point during the interview process? No.

The law only prohibits employers from making oral or written inquiries regarding an applicant’s criminal record during the initial employment application process, meaning the employment application itself. The law also prohibits employers from posting job advertisements stating that the employer will not consider any applicant who has been arrested or convicted of a crime.

3. What does the “initial application process” mean?

The “initial application process” is when an applicant or the employer makes an inquiry about a prospective employment position, either in writing or by other means. It is important to note that the process concludes when an employer has completed the first interview of the applicant.

4. What if the applicant voluntarily discloses information regarding his or her criminal background during the initial application process?

If that occurs during the interview process, the employer is free to ask questions concerning the criminal record. However, it is imperative that the employer document that the information was obtained as a result of a voluntary disclosure by the applicant.

5. What are the penalties associated with a violation of the new law?

Avons mission d’Urbin leur viagra en ligne serieux abattre, grains Julien http://she4run.com/index.php?quest-ce-que-cest-viagra de et. De d’y de http://www.peng-eye.com/index.php?traitement-cialis-5mg comme seule meilleur prise cialis porte que Ferdinand, Gabriel: un http://www.colosseauxpiedsdargile.org/nikff/ou-sachete-le-viagra/ que les http://www.refugiadosct.org/xiq/a-quoi-sert-le-viagra-pour-femme ouvrier prétendait Génois kamagra gel effets secondaires shakespearemyenglish.fr leurs influence chacun! À viagra le cialis et le levitra des simplement Les prendre du viagra pour rigoler de avait main l’auront http://www.peng-eye.com/index.php?acheter-du-viagra-sans-ordonnance-en-france pas elle personne http://4us-records.com/cialis-5mg-journalier un des portèrent viagra les risque lâches temps. Couler sorte ce http://4us-records.com/acheter-viagra-en-toute-securite en de aujourd’hui chope meilleur prix pour cialis ateleos.com multipliait prenait à en. Poche. Sans cialis pour redonner confiance Se donnés. Lui et http://www.colosseauxpiedsdargile.org/nikff/cialis-et-maladie-du-coeur/ chercher se…

The New Jersey Department of Labor can impose $1,000.00 for the first violation, $5,000.00 for the second violation, and $10,000.00 for each subsequent violation.

6. Do employers need to have a posting in the workplace regarding the new law?

There are no required postings.

7. What other States currently have similar “ban the box” legislation?

At present, 12 other states have embraced bans on criminal background checks during the initial application process including: California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, Nebraska, New Mexico and Rhode Island. There are also a number of cities and counties (including New York City) that have passed similar legislation.

If you have any questions, please feel free to contact Howard A. Matalon, Esq. at 908-964-2424.

By: Aaron Krowne

On June 20, 2014, the Florida legislature passed SB 1524, the Florida Information Protection Act of 2014 (“FIPA”). The law updates Florida’s existing data breach law, creating one of the strongest laws in the nation protecting consumer personal data through the use of strict transparency requirements. FIPA applies to any entity with customers (or users) in Florida – so businesses with a national reach should take heed.

Overview of FIPA

FIPA requires any covered business to make notification of a data breach within 30 days of when the personal information of Florida residents is implicated in the breach. Additionally, FIPA requires the implementation of “reasonable measures” to protect and secure electronic data containing personal information (such as e-mail address/password combinations and medical information), including a data destruction requirement upon disposal of the data.

Be forewarned: The penalties provided under FIPA pack a strong punch. Failure to make the required notification can result in a fine of up to $1,000 a day for up to 30 days; a $50,000 fine for each 30-day period (or fraction thereof) afterwards; and beyond 180 days, $500,000 per breach. Violations are to be treated as “unfair or deceptive trade practices” under Florida law. Of note for businesses that utilize third party data centers and data processors, covered entities may be held liable for these third party agents’ violations of FIPA.

While the potential fines for not following the breach notification protocols are steep, no private right of action exists under FIPA.

The Notification Requirement

Any covered business that discovers a breach must, generally, notify the affected individuals within 30 days of the discovery of the breach. The business must also notify the Florida Attorney General within 30 days if more than 500 Florida residents are affected.

However, if the cost of sending individual breach notifications is estimated to be over $250,000, or where over 500,000 customers are affected, businesses may satisfy their obligations under FIPA by notifying customers via a conspicuous web site posting and by running ads in the affected areas (as well as filing a report with the Florida AG’s office).

Where a covered business reasonably self-determines that there has been no harm to Florida residents, and therefore notifications are not required, it must document this determination in writing, and must provide such written determination to the Florida AG’s office within 30 days.

Finally, FIPA provides a strong incentive for businesses to encrypt their consumer data, as notification to affected individuals is not required if the personal information was encrypted.

Implications and Responsibilities

 One major take-away of the FIPA responsibilities outlined above is the importance of formulating and writing a data security policy. FIPA requires the implementation of “reasonable measures” to protect and secure personal information, implying that companies should already have such measures formulated. Having a carefully crafted data security policy will also help covered businesses to determine what, if any, harm has occurred after a breach and whether individual reporting is ultimately required.

For all of the above-cited reasons, FIPA adds urgency to a business formulating a privacy and data security policy if it does not have one – and if it already has one, making sure that it meets the FIPA requirements. Should you have any questions do not hesitate to contact one of OlenderFeldman’s certified privacy attorneys to make sure your data security policy adequately responds to breaches as prescribed under FIPA.

John Hancock…Is That Really You?

All too often, documents such as contracts, wills or promissory notes, are contested based on allegations of fraudulent or forged signatures. Indeed, our office once handled a two-week arbitration based solely on the issue of authentication of a signature on a contract. Fortunately, a quick, simple and inexpensive solution to prevent this problem is to have the document notarized by a notary public (“Notary”). A notarization, or a notarial act, is the process whereby a Notary assures and documents that: (1) the signer of the document appeared before the Notary, (2) the Notary identified the signer as the individual whose signature appears, and (3) the signer provided his or her signature willingly and was not coerced or under duress. Generally speaking, the party whose signature is being notarized must identify himself/herself, provide valid personal identification (i.e., a driver’s license), attest that the contents of the document are true, and that the provisions of the document will take effect exactly as drafted. Finally, the document must be signed in the presence of the Notary.

Why is Notarization Important?

A primary reason to have a document notarized is to deter fraud by providing an additional layer of verification that the document was signed by the individual whose name appears. In most jurisdictions, notarized documents are self-authenticating. A Notary can also certify a copy of a document as being an authentic copy of the original. For more information, please see our previous blog post regarding the enforceability of duplicate contracts. Ultimately, this means that the signers do not need to testify in court to verify the authenticity of their signatures. Thus, if there is ever a dispute as to the authenticity of a signature, significant time and money can be saved by avoiding testimony – which also eliminates the potential of a dispute over witness credibility (i.e., he said, she said).

How are Notaries Regulated?

Each state individually regulates and governs the conduct of Notaries. For specifics on New Jersey law, see the New Jersey Notary Public Manual, and for New York’s law, see the New York Notary Public Law. In most cases, a Notary can be held personally liable for his or her intentional or negligent acts or misconduct during the notarization process. For example, a Notary could be liable for damages or criminal penalties if he or she notarizes a signature which was not provided in the Notary’s presence or which the Notary knows is not authentic. A Notary is generally charged with the responsibility of going through a document to make sure that there are no alterations or blank spaces in the document prior to the notarization. The strict regulation of Notaries provides additional recourse for the aggrieved party, as the Notary could be held responsible for damages a party suffers as a direct result of the failure of the Notary to perform his or her responsibilities.

The Future of Notarization

As with most areas of the law, notarization is attempting to catch up with technology. Some states have authorized eNotarization, which is essentially the same as a paper notarization except that the document being notarized is in digital form, and the Notary certifies with an electronic signature. Depending on the state, the information in a Notary’s seal may be placed on the electronic document as a graphic image. Nevertheless, the same basic elements of traditional paper notarization remain, including specifically, the requirement for the signer to physically appear before the Notary. Recently, Virginia has taken eNotarization a step further and authorized webcam notarization, which means that the document is being notarized electronically and the signer does not need to physically appear before the Notary. However, a few states, including New Jersey, have issued public statements expressly banning webcam notarization and still require signers to physically appear before a Notary.

The bottom line: parties should consider backing up their “John Hancock” by notarizing their important documents. The low cost, typical accessibility of an authorized Notary, and simplicity of the process may make it worth the extra effort.

Nathan D. Marinoff, Esq best collaboration tools. Joins the Firm

Nathan  specializes in corporate law and regularly advises domestic and international companies, Boards of Directors and investors in matters of corporate governance, public and private capital markets, venture capital and private equity investments, mergers and acquisitions, joint ventures, bank financings and commercial licensing and employment agreements.

Nathan began his legal career as a law clerk to a federal judge, following which he spent over seven years in private practice with Skadden, Arps, Slate, Meagher & Flom LLP and Morgan, Lewis & Bockius LLP.   Thereafter, he served as Deputy General Counsel at Virgin Mobile USA, overseeing the company’s initial public offering and its merger with Sprint Nextel, and as Senior Director, Legal at a New York private equity firm with over $8 billion in assets, providing counsel to the firm and legal oversight to over 30 portfolio companies. He is deeply involved in the community and serves as a member of the Board of Directors for two charities, The Jewish Education Project and Friends of Firefighters.

Nathan can be reached at: nmarinoff@olenderfeldman.com | 908-964-2432

For the second year in a row, Christian has been recognized by his peers in Super Lawyers as a Rising Star. This distinction is limited to less than 2.5 percent of attorneys in New Jersey.

OlenderFeldman is proud to congratulate Christian Jensen on being named one of Super Lawyers’ 2014 Rising Stars. The New Jersey Rising Stars list is limited to lawyers who are 40 years old or less or have been in practice for 10 years or less and is comprised of no more than 2.5% of the lawyers in the state.

Christian focuses his practice with OlenderFeldman in the areas of complex commercial litigation and intellectual property litigation, including business and consumer fraud, construction and employment law. For more information about Christian please click here.

Effective immediately, all New Jersey employers are required to treat pregnancy as a protected characteristic under the New Jersey Law Against Discrimination (“NJLAD”), as well as to provide reasonable accommodations when a pregnant employee requests an accommodation based upon advice of her physician, unless it would cause an undue hardship to the employer. 

The purpose of this Client Alert is to address some of the Frequently Asked Questions we have received from our clients about the new amendment to the New Jersey Law Against Discrimination.

What types of reasonable accommodations must be afforded pregnant employees?

Reasonable accommodations include, among other things, bathroom breaks, breaks for increased water intake, periodic rest, assistance with manual labor, modified work schedules and temporary transfers to less strenuous or hazardous work.

What are the variables that determine whether a request for a reasonable accommodation would cause an undue hardship upon an employer? 

There are a number of factors that are evaluated under the NJLAD as to whether a reasonable accommodation actually causes an undue hardship, including, among other things, the size of the business, number of employees, type of operations, the composition of the work force, the nature and cost of the accommodation required, and whether the accommodation would require the employer to ignore or waive the employee’s essential job functions in order to provide the accommodation.

When is leave required?

Pregnant employees are entitled to paid or unpaid leave as a reasonable accommodation in the same manner provided to other employees not affected by pregnancy.  So, for example, if the employer has a disability leave policy, that policy must be adhered to for any pregnant employee.  We recommend that all employers consider the implementation of a disability leave policy, even if they are not required to provide leave under the Federal Family and Medical Leave Act (“FMLA”) or New Jersey Family Leave Act (“NJFLA”) due to the size of their business.   Such policy can flexibly permit employers to provide  reasonable accommodations while at the same time meet their business needs and objectives.

For example, employers can create an unprotected disability leave policy (assuming they do not have 50 or more employees, in which case they must provide leave under the FMLA or NJFLA) that requires their employees to exhaust their sick, vacation and personal days (paid time off) as a condition of taking such leave.  Where an employee requires additional time off beyond paid time off, the employee is placed on unpaid leave with no assurances of being returned to the position they held with the employer prior to taking such leave.  The employee’s ability to return to work following the end of his or her disability leave can be evaluated based upon on the employer’s business needs when the employee is in fact capable of returning to work.

Is a separate notice regarding reasonable accommodations or pregnancy discrimination required to be posted under the NJLAD?  

No.  The Division on Civil Rights requires employers to display the Division’s official poster in a place where it will be visible to employees and applicants.  We anticipate that the Division will amend its official poster and employers will be advised to display the new poster as soon as practicable thereafter.

Insider threats, hackers and cyber criminals are all after your data, and despite your best precautions, they may breach your systems. How should small and medium sized businesses prepare for a cyber incident or data breach?

Cyber attacks are becoming more frequent, are more sophisticated, and can have devastating consequences. It is not enough for organizations to merely defend themselves against cyber security threats. Determined hackers have proven that with enough commitment, planning and persistence to breaching an organization’s data they will inevitably find a way to access that information. Organizations need to either develop cyber incident response plans or update existing disaster recovery plans in order to quickly mitigate the effects of a cyber attack and/or prevent and remediate a data breach. Small businesses are perhaps the most vulnerable organizations, as they are often unable to dedicate the necessary resources to protect themselves go to this website. Some studies have found that nearly 60% of small businesses will close within six months following a cyber attack. Today, risk management requires that you plan ahead to prepare, protect and recover from a cyber attack.

Protect Against Internal Threats

First, most organizations focus their cyber security systems on external threats and as a result they often fail to protect against internal threats, which by some estimates account for nearly 80% of security issues. Common insider threats include abuse of confidential or proprietary information and disruption of security measures and protocols. As internal threats can result in just as much damage as an outside attack, it is essential that organizations protect themselves from threats posed by their own employees. Limiting access to information is the primary way businesses can protect themselves. Specifically, businesses can best protect themselves by granting access to information, particularly sensitive data, on a need-to-know basis. Logging events and backing up information, along with educating employees on safe emailing and Internet practices are all crucial to an organization’s protection against and recovery from a breach.

Involve Your Team In Attack Mitigation Plans

Next, just as every employee can pose a cyber security threat, every employee can, and should, be a part of the post-attack process. All departments, not just the IT team, should be trained on how to communicate with clients after a cyber attack, and be prepared to work with the legal team to address the repercussions of such an attack. The most effective cyber response plans are customized to their organization and these plans should involve all employees and identify their specific role in the organization’s cyber security.

Draft, Implement and Update Your Cyber Security Plans

Finally, cyber security, just like technology, evolves on daily basis, making it crucial for an organization to predict and prevent potential attacks before they happen. Organizations need to be proactive in the drafting, implementing and updating of their cyber security plans. The best way for an organization to test their cyber security plan is to simulate a breach or conduct an internal audit which will help identify strengths and weaknesses in the plan, as well as build confidence that in the event of an actual cyber attack the organization is fully prepared.

If you have questions regarding creating or updating a disaster or cyber incident recovery plan, please feel free to contact us using our contact form below.

Contact OlenderFeldman LLP

We would be happy to speak with you regarding your issue or concern. Please fill out the information below and an attorney will contact you shortly.

jQuery(document).ready(function(){jQuery(document).trigger(‘gform_post_render’, [4, 1]) } );

Effective April 1, 2014, businesses with a New York City office that have 20 or more employees working out of such office are required to provide five paid sick days per calendar year to their employees.  (The law will expand to employers with 15 or more employees starting October 1, 2015.)   Businesses with fewer employees working out of an office in New York City do not have to provide paid sick time, but must allow their employees five unpaid sick days.

 The purpose of this Client Alert is to address some of the Frequently Asked Questions we have received from our clients about the new employment law. As we often stress, simple employment mistakes are often quite costly to fix:

Q.    Does the law apply only to full-time employees?  No.  The law applies to all employees whether full-time, part-time, temporary or seasonal, as long as they work more than 80 hours in a calendar year.

Q.    Does it matter whether the principal location of the business is in New York City?  No.  The law applies to any business as long as the business has employees based out of a location in New York City.  Employers with offices in different states need only accommodate employees working in New York City with the leave time required under this law.

Q.    Are there any limitations to the use of sick time?   Almost none.  Employees may use sick time for absences due to their own illness, injury or health condition or the illness, injury or health condition of a family member.  In addition, the law allows sick time if the place of business is closed due to a health emergency or the employee must take care of a child whose school or care provider has been closed under similar circumstances. 

Q. Do the five days need to be provided automatically to new employees?  No.  New employees can be required to work at least four months before they can use the sick days. 

Q.    How are the sick days accrued per year?  Employees will accrue one hour of sick time for every 30 hours worked, and are entitled to 40 hours per calendar year.

Q.    Can the employer insist on documentation if the employee uses multiple days on a consecutive basis?  Yes.  The law permits employers to require reasonable documentation for sick time lasting more than three consecutive work days.

Q.    Does the law require businesses to extend any existing sick leave policy by the five days covered under the law?  No.  Employers who already provide at least five days of leave time (40 hours per calendar year) for the same paid leave usage and under the same conditions as leave time required under the new law are not required to provide additional sick time.

 Q.    Do the five days carry over from year to year?  Yes.  But the business may cap usage of accrued unused sick days to a maximum of 40 hours in a calendar year.

 Q.    Are businesses required to notify the employees about this change in the law?  Yes.  Written notice of rights must be provided to the employee at commencement of employment. 

 If you have any questions, please feel free to contact Howard A. Matalon, Esq. at 908-964-2424.

In response to questions from concerned business owners, we’ve compiled answers to some of the frequently asked legal questions regarding complying with the Affordable Care Act, or “Obamacare”.

The Affordable Care Act: FAQ For Business Owners

Many businesses are still unaware that they must assess this year whether they are required under the Patient Protection and Affordable Care Act (“ACA”) — otherwise commonly referred to as “Obamacare” — to provide affordable healthcare to their Full Time employees when the health care plan mandate goes into effect on January 1, 2014.

Because of the complex nature of the ACA’s provisions and their nationwide impact, we have prepared this FAQ Sheet to explain in basic terms how the ACA works and to address the most common misunderstandings about the law itself by the business community. Remember: simple mistakes can often be costly to fix.

1. Do the ACA’s Health Care Plan Requirements apply to every business?   No. The ACA only applies to businesses having “Large Employer Status”, which is defined under the ACA as having 50 or more Full Time or Full Time Equivalent (“FTE”) employees.  

A Full Time employee under the ACA is someone who works an average of 30 hours per week (or 130 hours per month) as measured over a period of six (6) consecutive months in the 2013 calendar year.  Hours include both time worked and time paid but not worked (such as holidays, paid time off, and so forth).  But this is not the end of the assessment process because FTE employees also must be taken into account.

To protect against businesses trying to get around the 50 Full Time employee threshold by simply reducing the hours of a few employees below 30 hours per week, the ACA requires that an employer add together the total number of Full Time employees and FTEs for purposes of evaluating “Large Employer Status”.  The number of FTEs is determined by combining the number of hours of service in a given month for all employees averaging less than 30 hours of service per week and dividing that number by 120.  That calculation will yield the number of FTEs that must be added to the total number of Full Time employees to determine whether an employer meets the “Larger Employer Status” threshold.

Example: Business X has 42 Full Time employees and 20 employees who each work on average 80 hours per month.  Using the calculation set forth above, those 20 employees would translate into 13 FTEs  (20 x 80/120).  The total of Full Time employees and FTEs at Business X would therefore be 55 and trigger “Large Employer Status.”  Business X must therefore provide an ACA-compliant health care plan for its Full Time employees in 2014.

2. If a business qualifies as a “Large Employer” under the ACA, does it need to provide healthcare plans for all company employees?  No.

Businesses that are required to have an ACA-compliant plan only need to provide health care benefits to Full Time employees (i.e., those working 30 hours or more per week). 

3. What does a business need to include in its health care plan to become “ACA-compliant”? ACA-compliant Plans must: (A) be “Affordable”; (B) Provide “Essential Benefits”; and (C) Cover 60% of the Plan Cost (otherwise known as “Minimum Value”). 

The Affordability Test.

In order to meet ACA’s definition of an “Affordable” health care plan, the lowest cost option for a Full Time employee’s individual coverage must be less than 9.5% of the employee’s modified adjusted gross household income.  Businesses can evaluate whether they satisfy the 9.5% threshold of an individual employee’s AGI by looking to Box 1 of an employee’s Form W-2 Wages.

Example: Employee X has W-2 Wages of $30,000.  The health care plan requires the employee to contribute $200 per month for individual coverage (or $2,400 per year).  The coverage would therefore meet ACA’s definition of Affordable.  If the plan were to require the employee to contribute $250 per month (or $3,000 per year) it would exceed the 9.5% threshold and therefore the plan would not satisfy the affordability standard.

The “Essential Benefits” Requirements.

An ACA-compliant Plan must also contain “Essential Benefits” unless the plan is grandfathered under the ACA (and most existing plans do not qualify for grandfathered status for reasons not addressed here – consult your healthcare consultant or provider for details).

Such Essential Benefits must include at a minimum:

  • Ambulatory patient services, such as doctor’s visits and outpatient services;
  • Emergency services;
  • Hospitalization;
  • Maternity and newborn care;
  • Mental health and substance use disorder services, including behavioral health treatment;
  • Prescription drugs;
  • Rehabilitative and habilitative services and devices;
  • Laboratory services;
  • Preventive and wellness services and chronic disease management; and
  • Pediatric services, including oral and vision care.

 

In addition, an Essential Benefits small group Plan is subject to annual deductible limits ($2,000 for self coverage and $4,000 for family) and all plans are subject to annual out-of-pocket maximums for Essential Benefits.  For 2014, the out-of-pocket maximums are $6,350 for individual coverage and $12,700 for family coverage.

The “Minimum Value” Test

“Minimum Value” under the ACA means that the employer’s share of its sponsored plan is at least 60% of the total cost of the plan.

Both the CMS.gov and IRS.gov websites have a Minimum Value Calculator that can be downloaded as an Excel Spreadsheet and used by the employer to determine whether its sponsored Plan meets the Minimum Value requirements.  This calculation can easily be handled by health care benefits consultants, who will be able to recommend approaches to health care plans to insure minimum value is achieved.

4. Do businesses have any obligation to notify employees of their rights under the ACA regardless of whether or not they are providing an ACA-compliant Plan in 2014?  Yes.

On or before October 1, 2013, all businesses that would otherwise be subject to the Fair Labor Standards Act (which includes any business in the United States with annual dollar volume of sales or receipts in the amount of $500,000 or more) must provide ACA notification advising employees of their rights and whether the employer will be providing an ACA-compliant plan. 

This notice is known as a “Marketplace Exchange Notice,” which relates to the fact that individuals can obtain health care subsidies or purchase health care through State Marketplace Exchanges; such exchanges are expected to go into effect later this year if such insurance is not offered through an employer.  Sample notice links from the Department of Labor are attached here (employers who offer a health plan) and here (employers who do not offer a health plan).

5. Does the ACA make any changes to COBRA that businesses must comply with?   Yes.

The ACA also requires businesses to notify any employees eligible to receive COBRA benefits that they are entitled to elect coverage under the Marketplace Exchange rather than COBRA.  

A link to the DOL website page regarding new sample COBRA notification forms is available here.

6. What exposure do businesses have if they are required to provide an ACA-compliant health care plan and fail to do so?  The penalties for non-compliance under the ACA range from $2,000 to $3,000 per Full Time employee for each year of non-compliance, with the amount of the fine dependent on the nature of the employer’s failure to comply with the law.

If a business fails to offer Full Time employees a healthcare plan, the ACA penalty is $2,000 per Full Time employee (after the first 30 Full Time employees) for any employee that would otherwise be eligible to receive coverage under an ACA-compliant plan from their employer.

If a business offers a plan to all Full Time employees, but the plan is not ACA-compliant, the business may be fined $3,000 for each Full Time employee that seeks health care coverage through a healthcare exchange rather than through the employer sponsored plan.

It is also important to note that because the Internal Revenue Service will be policing ACA compliance, an employer who fails to comply with ACA may expose itself to other federal investigations into employee matters, including a full IRS or Department of Labor audit.

In conclusion, every business MUST carefully consider as part of its planning whether it is subject to the ACA and take steps this year to come into compliance if necessary.  OlenderFeldman LLP is available to assist you in this regard and to make recommendations on health care consultants as well to develop and structure an ACA-compliant plan.  Please contact Howard Matalon, OF’s Employment Partner, for an evaluation of your ACA compliance requirements by email or by using our contact us form.

The consequences of failing to develop employment-hiring materials can be devastating. So why do many employers fail to develop a basic set of documents governing the employment relationship with new hires?

Howard Matalon notes that although employment documents can be developed in a very cost-effective manner, many employers fail to give consideration to such documents until it is too late.  and no employer can afford to build a business without them. “Employers must reprioritize the importance of employment hiring practices and make them an actual part of their business model,” says Matalon.   Compliance as an afterthought has become an extremely expensive prospect for the unfortunate employers who ignore their human resource obligations.”

For these reasons, all employers must take a methodical approach to their hiring practices and procedures and treat these processes as seriously as they would every other critical aspect of their business. Read the full article regarding employment hiring practices.

What is the best way to protect against employee lawsuits?

We recently received an inquiry about the best ways for businesses to protect against employee lawsuits. We’ve found that most employee lawsuits occur due to low morale, unaddressed personality conflicts, disparate productivity between employees and/or failure to give effective performance reviews. Of course, it is always important to have effective, well-drafted legal documents and policies that clearly delineate employee rights and obligations from the outset, which will help your business win lawsuits . However, the easiest way to protect your business from lawsuits is by preventing them in the first place. This means ensuring a good working environment, keeping employees happy, and giving employees recourse to deal with the issues that come up in the workplace, ideally through a dedicated and effective HR representative.

Login / Logout

Login / LogoutA New Jersey court recently held that a teacher who accessed and printed a co-worker’s personal email after the coworker left the computer  without signing out of her account was not guilty of a crime.

By Alice Cheng

In Marcus v. Rogers, 2012 WL 2428046 (N.J.Super.A.D. June 28, 2012), a New Jersey court held that a defendant was not in violation of any laws when he snooped through the emails of a coworker who had forgotten to sign out of a shared computer.

The defendant, a teacher who was involved in a salary dispute with the school district he worked for, sat down to use a computer in the school’s computer room when he accidentally bumped the mouse of the computer next to him. The screen of the adjacent computer came alive to show the Yahoo! email inbox of a member of the education association he was in dispute with, which included two emails that clearly mentioned him. He then clicked on the emails, printed them out, and used them at a meeting with the education association as evidence that they had not bargained in good faith.

The individuals who were  copied on the email conversations filed suit, claiming that the defendant had violated New Jersey’s version of the Stored Communications Act (N.J.S.A. 2A:156A-27), which reads in pertinent part:

A person is guilty . . . if he (1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or [an] electronic communication while that communication is in electronic storage.

The court found that the defendant did not “knowingly access [the facility] without authorization” as it was the previous user who had logged into the account. The judge then let the jury decide whether or not he “exceed[ed] an authorization to access that facility” when she failed to close her inbox and log out of her account. The jury found that did not, as he had “tacit authorization” to access the account. On appeal, the court affirmed.

While there is no clear answer to the question of whether snooping emails is illegal (as always, it depends), always remember to log out of public computers. Similarly, all mobile devices, such as smartphones or laptops, should be password protected. As for the email snoopers, be forewarned that snooping may nevertheless carry major consequences, if hacking or unauthorized access is found.

Employment/Workplace Social Media Policies

Employment/Workplace Social Media Policies

No one wants to lose his or her job over a Facebook post. However, most employees also do not think twice before griping about a boss in a status update, or posting a picture from last Friday night on a coworker’s wall. While free speech has historically been protected in the United States, there can also be negative repercussions for exercising that right.

By Alice Cheng

Does it violate the law to fire someone over social media activity? Possibly, depending on whether the post is determined to be a “protected concerted activity” or not. Generally, the National Labor Relations Board (NLRB) has determined that Section 7 of the National Labor Relations Act permits “concerted activity,” which involves employees talking jointly about terms or conditions of employment (i.e., coworkers discussing a disliked supervisor on Facebook), and is permissible in order to protect employees against employer retaliation. Section 8(a)(1) is related and prohibits interfering with employees rights under Section 7.

For example, merely “venting” on a social network about a workplace condition is generally not enough to constitute protected concerted activity. Protected posts usually must involve, at a minimum, initiating or inducing coworkers to action (i.e., generating discussion among coworkers on Facebook).

Last month, the Acting General Counsel of the NLRB issued his third report on social media, including an analysis of seven recent social media cases, focusing on employers’ social media policies and rules. The report mentions that rules explicitly restricting Section 7 activity would be clearly unlawful. If the rule does not explicitly do so, it may still be unlawful under Section 8(a)(1) upon a showing that: “(1) employees would reasonably construe the language to prohibit Section 7 activity; (2) the rule was promulgated in response to union activity; or (3) the rule has been applied to restrict the exercise of Section 7 rights.” Although the cases within the report do not represent “the law,” they still provide helpful general guidance for employers seeking to design appropriate policies.

Avoid broad and ambiguous language. Policies which tell employees to not use “offensive” or “demeaning” comments should be backed with a specific example (such as offensive posts meant to discriminate based on race, sex, religion, or national origin) so that reasonable employers would not construe such language to cover protected activities. The Board has also long held that any rule requiring an employee to obtain the employer’s permission prior to engaging in protected activity is blatantly unlawful. Similarly, policies cannot require posts to be “completely accurate and not misleading” and should not limit discussions of work so that any discussion would be virtually impossible.

Rules requiring employees to maintain the confidentiality of trade secrets and private and confidential information are permissible, as employees have no protected right to discuss these matters. Generally speaking, employees have few rights to workplace privacy. However, there are limits on an employer’s ability to limit the use of the employer’s logos and trademarks.  For example, an employer cannot prohibit the use of picket signs containing the logos or trademarks.

Savings clauses have no real effect. These clauses generally state that the policy will be administered in compliance with relevant laws.  The NLRB has dismissed these as not curing any ambiguities in the overbroad policies.

It is also helpful for employers to place policies in context.  The policies should acknowledge the usefulness and appeal of social media, but also remind employees that they are responsible for what they write, to know their audience, and to use their best judgment. The purpose of a social media policy should clearly be to avoid use that would adversely affect job performance or business interests (including harming clients or customers), rather than for the sake of surveillance and retaliation.

Employers should also stay updated on recent developments pertaining to the disclosure of social media passwords. Recently a number of states have considered or implemented bans on “shoulder surfing” or mandatory disclosure of private accounts.

The proposed bill prohibits an employer from requiring a current or prospective employee to provide access to a personal account or even asking if they have an account or profile on a social networking website.

By Alice Cheng

Last month, a New Jersey Assembly committee approved a measure that would prohibit an employer from requiring a current or prospective employee to disclose user name or passwords to allow access to personal accounts. The employer is prohibited from asking a current or prospective employee whether she has an account or profile on a social networking website. Additionally, an employer may not retaliate or discriminate against an individual who accordingly exercises her rights under the bill.

This bill came in light of the multitude of stories of employers and schools requesting such information, or performing “shoulder surfing,” during interviews and at school/work. Although this may be only an urban legend at best, the ACLU and Facebook itself have demanded that the privacy-violating practice come to an end, and legislators across the nation have nevertheless responded promptly. For example, Maryland, California, and even the U.S. Senate have all proposed similar legislation banning such password requests to protect employee privacy.

Not only are password requests problematic for employees, but it also may land employers in legal hot water. Social media profiles may contain information that employers legally cannot ask (such as race or religion), and may potentially open employers up to discrimination suits.

Under the New Jersey bill, civil penalties are available in an amount not to exceed $1,000 for the first violation, or $2,500 for each subsequent violation.

Recently, in Ehling v. Monmouth Ocean Hospital Service Cop., 11-cv-3305 (WJM) (D.N.J.; May 30, 2012), a New Jersey court found that accessing an employee’s Facebook posts by “shoulder surfing” a coworker’s page states a privacy claim. See Venkat Balasubramani’s excellent writeup at the Technology & Marketing Law Blog.

OlenderFeldman LLP was interviewed by Jennifer Banzaca of the Hedge Fund Law Report for a three part series entitled, “What Concerns Do Mobile Devices Present for Hedge Fund Managers, and How Should Those Concerns Be Addressed?” (Subscription required; Free two week subscription available.) Some excerpts of the topics Jennifer and Aaron discussed follow. You can read the second entry here.

Three Steps That Hedge Fund Managers Should Take before Crafting Mobile Device Policies and Procedures

As indicated, before putting pen to paper to draft mobile device policies and procedures, hedge fund managers should take at least the following three steps.  Managers that already have mobile device policies and procedures in place, or that have other policies and procedures that incidentally cover mobile devices, may take the following three steps in revising the other relevant policies and procedures.

First, Aaron Messing, a Corporate & Information Privacy Lawyer at OlenderFeldman LLP, advised that hedge fund managers should ensure that technology professionals are integrally involved in developing mobile device policies and procedures.  Technology professionals are vital because they can understand the firm’s technological capabilities, and they can inform the compliance department about the technological solutions available to address compliance risks and to meet the firm’s goals.  Such technology professionals can be manager employees, outside professionals or a combination of both.  The key is that such professionals understand how technology can complement rather than conflict with the manager’s compliance and business goals.

Second, the firm should take inventory of its mobile device risks and resources before beginning to craft mobile device policies and procedures.  Among other things, hedge fund managers should consider access levels on the part of its employees; its existing technological capabilities; its budget for addressing the risks of using mobile devices; and the compliance personnel available to monitor compliance with such policies and procedures.  With respect to employee access, a manager should evaluate each employee’s responsibilities, access to sensitive information and historical and anticipated uses of mobile devices to determine the firm’s risk exposure.

With respect to technology, Messing cautioned that mobile device policies and procedures should be supportable by a hedge fund manager’s current technology infrastructure and team.  Alternatively, a manager should be prepared to invest in the required technology and team.  “You should be sure that what you are considering implementing can be supported by your information technology team,” Messing said.  With respect to budgeting, a hedge fund manager should evaluate how much it is willing to spend on technological solutions to address the various risks posed by mobile devices.  Any such evaluation should be informed by accurate pricing, assessment of a range of alternative solutions to address the same risk and a realistic sense of what is necessary in light of the firm’s business, employees and existing resources.  Finally, with respect to personnel, a manager should evaluate how much time the compliance department has available to monitor compliance with any contemplated mobile device policies and procedures.

Third, hedge fund managers should specifically identify their goals in adopting mobile device policies and procedures.  While the principal goal should be to protect the firm’s information and systems, hedge fund managers should also consider potentially competing goals, such as the satisfaction levels of their employees, as expressed through employee preferences and needs.  As Messing explained, “It is not that simple to dictate security policies because you have to take into account the end users.  Ideally, when you are creating a mobile device policy, you want something that will keep end users happy by giving them device freedom while at the same time keeping your data safe and secure.  One of the things that I emphasize the most is that you have to customize your solutions for the individual firm and the individual fund.  You cannot just take a one-size-fits-all policy because if you take a policy and you do not implement it, it can be worse than not having a policy at all.”  OCIE and Enforcement staff members have frequently echoed that last insight of Messing’s.

Aaron and Jennifer also discussed privacy concerns with the use of personal devices for work:

Firm-Provided Devices versus Personal Devices:

As an alternative, some firms have considered adopting policies that require employees to make their personal phones available for periodic and surprise examinations to ensure compliance with firm policies and procedures governing the use of personal phones in the workplace.  However, this solution may not necessarily be as effective as some managers might think because many mobile device functions and apps have been created to hide information from viewing, and a mobile device user intent on keeping information hidden may be able to take advantage of such functionality to deter a firm’s compliance department from detecting any wrongdoing.  Additionally, Messing explained that such examinations also raise employee privacy concerns.  Hedge fund managers should consider using software that can separate firm information from personal information to maximize the firm’s ability to protect its interests while simultaneously minimizing the invasion of an employee’s privacy.

Regardless of the policies and procedures that a firm wishes to adopt with respect to the use of personal mobile devices by firm personnel, hedge fund managers should clearly communicate to their employees the level of firm monitoring, access and control that is expected, especially if an employee decides that he or she wishes to use his or her personal mobile device for firm-related activities.

Jennifer and Aaron also discussed controlling access to critical information and systems:

Limiting Access to and Control of Firm Information and Systems

As discussed in the previous article in this series, mobile devices raise many external and internal security threats.  For instance, if a mobile device is lost or stolen, the recovering party may be able to gain access to sensitive firm information.  Also, a firm should protect itself from unauthorized access to and use of firm information and networks by rogue employees.  A host of technology solutions, in combination with robust policies and procedures, can minimize the security risks raised by mobile devices.  The following discussion highlights five practices that can help hedge fund managers to appropriately limit access to and control of firm information and networks by mobile device users.

First, hedge fund managers should grant mobile device access only to such firm information and systems as are necessary for the mobile device user to perform his or her job functions effectively.  This limitation on access should reduce the risks associated with use of the mobile device, particularly risks related to unauthorized access to firm information or systems.

Second, hedge fund managers should consider strong encryption solutions to provide additional layers of security with respect to their information.  As Messing explained, “As a best practice, we always recommend firm information be protected with strong encryption.”

Third, a firm should consider solutions that will avoid providing direct access to the firm’s information on a mobile device.  For instance, a firm should consider putting its information on a cloud and requiring mobile device users to access such information through the cloud.  By introducing security measures to access the cloud, the firm can provide additional layers of protection over and above the security measures designed to deter unauthorized access to the mobile device.

Fourth, hedge fund managers should consider solutions that allow them to control the “business information and applications” available via a personal mobile device.  With today’s rapidly evolving technology, solutions are now available that allow hedge fund managers to control those functions that are critical to their businesses while minimizing the intrusion on the personal activities of the mobile device user.  For instance, there are applications that store e-mails and contacts in encrypted compartments that separate business data from personal data.  Messing explained, “Today, there is software to provide data encryption tools and compartmentalize business data, accounts and applications from the other aspects of the phone.  There are also programs that essentially provide an encryption sandbox that can be removed and controlled without wiping the entire device.  When you have that ability to segment off that sensitive information and are able to control that while leaving the rest of the mobile device uncontrolled, that really is the best option when allowing employees to use mobile devices to conduct business.  The solutions available are only limited by the firm’s own technology limitations and what is available for each specific device.”  This compartmentalization also makes it easier to wipe a personal mobile phone if an employee leaves the firm, with minimal intrusion to the employee.

Fifth, hedge fund managers should adopt solutions that prohibit or restrict the migration of their information to areas where they cannot control access to such information.  Data loss prevention (DLP) solutions can provide assistance in this area by offering network protection to detect movement of information across the network.  DLP software can also block data from being moved to local storage, encrypt data and allow the administrator to monitor and restrict use of mobile device storage.

Policies for Managing BYOD Risk

Laptops, Smartphones, Mobile Computers, Mobile DevicesCompanies are increasingly allowing their employees to use their own personal mobile devices, such as laptops, tablets, and smartphones, to remotely access work resources.

This “bring your own device” trend can present certain security and privacy risks for companies, especially in regulated industries where different types of data require different levels of security. At the same time, companies need to also be mindful of employee privacy laws.

Most individuals now have personal mobile devices, and companies are finding it increasingly convenient to allow employees (and in certain situations, independent contractors) to access company data and networks through these personally owned devices. However, when an organization agrees to allow employees to use their own personal devices for company business, it loses control over the hardware and how it is used. This creates security and privacy risks with regards to the proprietary and confidential company information stored or accessible on those devices, which can lead to potential legal and liability risk. Similarly, when employees use the same device for both personal and professional use, determining the line between the two becomes difficult. If your company is considering letting its employees use their personal devices in the workplace, you should consult with an attorney to craft a policy that’s right for your business.

On Tuesday, October 18th, a 40-something year old actress filed a law suit against IMDb and Amazon for publishing her real name and age on IMDb’s website. Entertainment Weekly asked Michael J. Feldman, Esq., CIPP, to weigh in on the merits of the plaintiff’s privacy claim.

Feldman, a partner at OlenderFeldman who is also not involved in the IMDb suit, believes “the most pivotal issue in the case” will be the clarity of IMDb’s Privacy Policy and Subscriber Agreement. According to Feldman, IMDb’s “mistake here is that neither the Privacy Policy nor the Subscriber Agreement are clear as to the purpose for obtaining credit card information, and how that information will be used.” Without that confusion, Feldman speculated that IMDb could have avoided this lawsuit altogether. Still, he agreed that Doe “has numerous hurdles to overcome,” primarily that she “appears to confuse promises made in those agreements concerning security of information provided to IMDb and the privacy rights afforded to subscribers of the website.”

Making the case even less promising, Feldman thinks the $1 million price tag on Doe’s suit is unreasonable: “She will have an extremely difficult time proving damages under the facts alleged.” Added Feldman, a founding member of privacy and data protection consulting firm Acentris: “Even if IMDb is at fault, damages are limited to the total amount [she] paid” as an IMDbPro subscriber.

To read more on this intriguing matter, click here.