and Attorney Liability Newsbrief
TABLE OF CONTENTS
The Affordable Care Act: Due Diligence—An Area of Growing Importance
Contracting Parties Must Make the Identity of the Corporate Entity Clear in Contract to Avoid Personal Liability
Failure to Advocate for or Predict Overruling of Controlling Precedent Does Not Result in Malpractice
Proposed Regulations for Massachusetts Paid Sick Leave Law Provide Some Clarity, Leave Questions for Employers
Federal anti-SLAPP Statute Proposed in Congress
Lawsuits Challenge Classification of Uber Drivers as Independent Contractors
Do You Have a Data Breach Response Plan? The Justice Department Thinks You Should
The Massachusetts Supreme Judicial Court has held the Commonwealth may not compel a law firm to produce its client’s cell phone pursuant to a grand jury subpoena, where the client has transferred the phone to his lawyers for the purpose of obtaining legal advice. The opinion, In the Matter of a Grand Jury Investigation, 470 Mass. 399 (2015), by Justice Barbara Lenk, arose from a prosecutor’s request for a grand jury subpoena to compel a law firm to produce its client’s cell phone allegedly containing text message evidence of a crime.
The Superior Court had concluded while a subpoena served on the client would violate his rights against self-incrimination, and a subpoena served on the law firm would violate the attorney-client privilege, a subpoena compelling the law firm to produce the telephone could be served upon an ex parte showing by the Commonwealth of probable cause sufficient for the issuance of a search warrant. The Court on appeal disagreed, concluding, “the attorney-client privilege protects [the client] against compelled production of the telephone by the law firm, and that the protection afforded by the attorney-client privilege may not be set aside based on a showing of probable cause.”
The Court’s conclusion was based on Constitutional protections against self-incrimination, as well as the attorney-client privilege and the “act of production” doctrine, according to which the act of producing documents in response to a subpoena may have a compelled testimonial aspect, because production may constitute an admission that the documents existed, were in the witness’s possession, and were authentic. If a subpoena were served on the client, the Court reasoned, he would be able to assert a privilege against its protec-tion based on the Fifth Amendment or Article 12 of the Massachusetts Declaration of Rights. Justice Lenk noted the client gave the firm the phone for the purpose of obtaining legal advice, thus bringing the phone under attorney-client privilege. The law firm stands in its client’s shoes; therefore, if a client could not be compelled to produce materials because of the right against self-incrimination, and if the client transfers the materials to the attorney for the provision of legal service, an attorney likewise cannot be compelled to produce them.
The Court rejected the Commonwealth’s attempt to distinguish between the cellphone as a piece of physical evidence (cont. page 2)
Supreme Court Holds Commonwealth May Not Compel Law Firm to Turn Over Client’s Cell Phone by Ben N. Dunlap, Esq.
CALIFORNIA | COLORADO | CONNECTICUT
GEORGIA | MARYLAND | MASSACHUSETTS MICHIGAN | NEVADA | NEW JERSEY
NEW YORK | PENNSYLVANIA | TEXAS
VIRGINIA | WASHINGTON, D.C.
LeClairRyan’s Annual Accountant Liability Seminar
June 25th, 2015 - Full Morning Program
at the Westin Waltham in Waltham, MA
On the Agenda
Employment Law Update | Financial Risk Management
Newly Revised AICPA Code of Professional Conduct and the Conceptual Framework Approach | Risk Management Trends | Hidden Exposures
Click HERE for registration information or call 857.305.4426. There is no cost to attend, but seating is limited.
4 LUs are available for this program.
and the data it contained, and its assurances it would seek a search warrant authorizing a forensic examination once the phone was turned over.
“Because the Commonwealth does not contest that [the client’s] privilege against self-incrimination would prohibit it from compel-ling [the client] to produce the telephone had he retained it, and because under [U.S. v. Fisher, 425 U.S. 391 (1976)], the law firm cannot be compelled to produce materials transferred to it by a client for the provision of legal advice if the client could not have been compelled to produce them, we conclude on the rec-ord before us that the attorney-client privilege protects against compelled production of the telephone,” the opinion states.
In a concurring opinion joined by Chief Justice Ralph Gants and Justice Francis Spina, Justice Robert J. Cordy cautioned placing incriminating evidence in the hands of a lawyer “does not se-quester it under Massachusetts law from the reach of law en-forcement.”
Contact the author at [email protected]
Client’s Cell Phone cont.
The Affordable Care Act: Due Diligence - An Area of Growing Importance
by Elizabeth J. Atkinson, Esq.
As deal volume continues to increase, an important consideration for buyers is a target company’s compliance with the ACA. This is especially important in stock deals because there could be significant undisclosed excise tax liabilities.—up to $36,500 per employee, per year. For example, if the target company had a non-compliant medical reimbursement plan, there could be ex-cise taxes for which the buyer could be liable. It is these sorts of issues that due diligence can uncover and mitigate. Targets who are self-insured or participants in multi-employer plans, are especial-ly likely to have potential issues, including the need to determine whether the plans may be subject to “Cadillac tax” in 2018.
Even in an asset sale, ACA compliance is a significant issue. Often, “workforce in place” is one of the more significant assets in a deal. Changes to benefits can have a significant impact on workforce stability and productivity. There also may be issues with measurement and stability periods, especially for part-time and variable hour employees.
Aside from potential liabilities, there are data integration issues that are now more difficult because of the ACA’s new Form 1095 reporting requirements. There should be a thorough review of the information systems and how the reporting information can be captured and accessed post-merger.
Due diligence is an area where CPAs and attorneys can work together to mitigate risk and add value for clients. CPAs can add value by reminding attorneys of the areas that need review and developing thorough checklists for compliance and integration. Attorneys should ensure that the buyer’s internal deal team un-derstands the areas for review and, if necessary, bring in outside expertise.
Contact the author at [email protected]
Contracting Parties Must Make the Identity of the Corporate Entity Clear in Contract to Avoid Personal Liability by Catherine A. Bednar, Esq.
In Keane v. Waggoner and Vom Daxi Haus, LLC, the Appellate Divi-sion of the District Court Dept. (Northern District), Case No. 13-ADMS-10033 (Oct. 27, 2014)[confirm citation], vacated a jury’s award of damages to “Vom Daxi Haus, LLC”, finding the LLC’s claim should not have gone to the jury as there was insufficient evidence the LLC was a party to the underlying contract. The Plaintiffs, Heather and Christopher Keane, had purchased a show dog from Mark and Jacqulyn Waggoner. Shortly after the purchase, a dispute arose as to the dog’s pedigree. The Keanes sued the Waggoners and “Vom Daxi Haus.” The Waggoners filed an Answer to the Complaint on behalf of themselves individually and “Vom Daxi Haus, LLC.” They also brought a counterclaim for breach of contract by the LLC against Mrs. Keane, and a defamation claim by Mrs. Waggoner against Mrs. Keane.
The trial court dismissed the Keanes’ direct claims against the Wag-goners, on the grounds that they were protected from personal liabil-ity. The trial court denied a motion for directed verdict on the LLC’s breach of contract claim. The jury ultimately found in the LLC’s favor. The Appellate Division reversed, finding that at most, the evidence showed the Waggoners were acting as individuals under a trade name. The Court noted that the contract identified the seller as “Jacqulyn Waggoner”, and made references to “Vom Daxi Haus”, but not to “Vom Daxi Haus, LLC.” Likewise, the Waggoners’ website and communications with the Keanes made no reference to “Vom Daxi Haus, LLC.” The Court reasoned: “the onus was not on the Keanes to determine with whom they were dealing; rather, the Waggoners bore the burden, if they were to avoid personal liability, to disclose fully the identity of the principal on whose behalf they were acting.”
The key lesson for small business owners is to make clear to clients and customers the identity of the corporate entity involved in any transactions. If you are rendering services on behalf of an LLC or other corporate entity, make sure your contracts, correspondence and marketing materials reflect that – both to preserve the company’s potential claims and to avoid personal liability.
Contact the author at [email protected]
Failure to Advocate for or Predict Overruling of Controlling Precedent Does Not Result in Malpractice by Matthew M. O’Leary, Esq.
In Minkina v. Frankl, 86 Mass. App. Ct. 282 (2014), the Massa-chusetts Appeals Court held it is not malpractice for an attorney to fail to anticipate or advocate for the overruling of an established prec-edent. Specifically, Minkina claimed her former counsel committed legal malpractice in an employment discrimination action by negli-gently failing to recognize the reasoning in a then-controlling decision of the Appeals Court, Mugnano–Bornstein v. Crowell, 42 Mass. App. Ct. 347 (1997) (“Mugnano”), would be rejected by the Su-preme Judicial Court in a later decision, Warfield v. Beth Israel Dea-coness Med. Center, Inc., 454 Mass. 390 (2009) (“Warfield”).
In 2002, Minkina was hired as a physician by the Affiliate Physi-cians Group of Beth Israel Deaconess Medical Center (“APG”). She executed an employment agreement that contained a clause requir-ing all disputes between the parties be resolved by arbitration. In 2003, Minkina filed charges of discrimination pursuant to G.L. c. 151B against APG with the Massachusetts Commission Against Discrimination (“MCAD”). In September, 2004, APG terminated her employment. In November, 2004, Minkina removed the MCAD action to the Superior Court. APG moved in June, 2005, to compel arbitration of the employment discrimination claims.
In support of its motion to compel arbitration, APG argued the arbi-tration clause in Minkina's employment agreement was broad, not narrow, and that the Appeals Court decision in Mugnano and the Supreme Judicial Court decision in Drywall Sys., Inc. v. ZVI Constr. Co., 435 Mass. 664 (2002) (Drywall Sys.), were controlling prece-dents requiring the arbitration of Minkina's discrimination claims. In Mugnano, the Appeals Court required the arbitration of G.L. c. 151B claims based on an arbitration clause governing “any controversy concerning ... termination of employment,” and in Drywall Sys., the Supreme Judicial Court required arbitration of claims under G.L. c. 93A based on an arbitration clause governing “[a]ny controversy or claim ... arising out of or related to this [s]ubcontract.”
In response to the motion to compel arbitration, Minkina’s former counsel did not argue the arbitration clause at issue was narrower than the ones referenced in Mugnano and the other cases cited by APG and therefore not broad enough to encompass the discrimina-tion claims. Rather, former counsel contended: (1) the arbitration provision was unenforceable because it contained unconscionable prospective waivers of punitive damages and attorney's fees; (2) APG waived its right to demand arbitration by engaging in discovery and filing a motion to dismiss; (3) APG failed to meet the terms of the “Dispute Resolution” procedures set forth in the employment agreement; and (4) the arbitration clause did not apply to Minkina's claims against a necessary party, APG's president.
In 2006, a judge in the Superior Court found Minkina's G.L. c. 151B claim arbitrable. The judge relied on: (1) the “strong presump-tion of arbitrability” that attaches to broad arbitration clauses; (2) the breadth of the language of the arbitration clause at issue here, which “encompasses not only claims based on the contract itself, but al-so ... disputes arising out of the contractual relationship”; and (3) the rule that “[s]tatutory claims [including discrimination claims] also may be contractually limited to the arbitral forum,” as held in Drywall Sys. and Mugnano.
Minkina retained new counsel to represent her in the arbitration and in March, 2009, the arbitrator found APG had engaged in unlawful employment practices, and awarded Minkina approximately $266,000 in damages, fees, and costs. The arbitrator concluded punitive damages were not recoverable - and he would not have awarded them even if they were. Minkina did not move to vacate or modify the award.
In May, 2009, Minkina filed a malpractice action against her former counsel alleging her former counsel in filing Minkina's opposition to APG's motion to compel arbitration “neglected to raise important arguments that might have succeeded if raised, namely that an im-proper termination of Minkina's employment negates the validity of the employment contract's arbitration clause.” On July 27, 2009, the Supreme Judicial Court issued its opinion in Warfield holding that for statutory discrimination claims under G.L. c. 151B to be arbitrable, they must be specifically referenced in the arbitration clause. The court expressly overruled the Appeals Court's analysis in Mugnano, which had rejected such a requirement.
Minkina retained an expert who opined the “competent employ-ment counsel would have made and pressed the argument that the arbitration clause in [Minkina's] employment agreement with de-fendants in the [APG] [c]ase was a narrow one and did not author-ize arbitration of employment discrimination and other statutory em-ployment claims.” He further opined that “[w]ell before the issuance of the Massachusetts Supreme Judicial Court's decision in Warfield ... competent counsel would have understood that the Mugnano [decision,] ... on which the trial court in the [APG] [c]ase heavily relied, was plainly distinguishable, as the arbitration clause in that case referred to employment disputes and was not limited to claims arising under the employment agreement, as was true of Minkina's arbitration agreement... .”
RPS moved for summary judgment on all claims, which the Superi-or Court allowed. The motion judge concluded the law existing at the time of the motion to compel arbitration, particularly Mugnano, sup-ported the enforcement of arbitration clauses, even where the clause did not explicitly mention G.L. c. 151B discrimination claims. The Appeals Court affirmed the decision, holding it is not malpractice to fail to advocate for or anticipate a substantial change in law requiring the overruling of a controlling precedent. At the time of the motion to compel arbitration, the Appeals Court decisions in Mugnano and Drywall Sys. were two of the closest controlling cases. Both cases referred to the respective arbitration clauses, whether it be controver-sies arising out of or related to employment or an agreement, as “broad.” Both cases discussed the “presumption of arbitrability in the sense that [a]n order to arbitrate the particular grievance should not be denied unless it may be said with positive assurance that the arbitration clause is not susceptible of (cont. page 4)
an interpretation that covers the asserted dispute. Doubts should be resolved in favor of coverage.... Such a presump-tion is particularly applicable where the clause is ... broad.” Both cases also required the arbitration of statutory claims even though the claims had not been specifically referenced in the arbitration clause at issue, and both courts expressly rejected the requirement of specific reference to statutory claims in the arbitration clause itself.
In Warfield, the Supreme Judicial Court changed the stand-ards for arbitrating G.L. c. 151B claims, expressly overruling aspects of the Mugnano. The Appeals Court noted the allega-tions by Minkina were not that her former counsel simply failed to distinguish a readily distinguishable case. Mugnano was not merely distinguished by the Supreme Judicial Court in Warfield. Critical parts of it were directly overruled, particu-larly Mugnano's rejection of the requirement of a specific ref-erence to discrimination claims in an arbitration clause for such discrimination claims to be arbitrable. Prior to the deci-sion in Warfield, Mugnano was an established Massachusetts precedent that had been cited by the Supreme Judicial Court multiple times, including in Drywall Sys., a decision whose reasoning appeared to further confirm the validity of the ap-proach adopted in Mugnano. Contrary to the position main-tained by Minkina, it was not an obviously incorrect statement of the law. A reasonably competent lawyer does not commit malpractice by failing to anticipate or advocate for the overrul-ing of an established precedent.
When advocating for clients, it is reasonable and often times appropriate to argue for the change in existing precedent. As Minkina makes clear, however, where there is established controlling precedent, an attorney does not commit malprac-tice by advocating for or anticipate reversal of that controlling precedent.
Contact the authors at: matthew.o’[email protected]
Failure to Advocate cont.
Proposed Regulations for Massachusetts Paid Sick Leave Law Provide Some Clarity, Leave Questions for Employers by Daniel J. Blake, Esq. and Lauren A. Appel, Esq.
In November 2014, Massachusetts voters made paid sick leave mandatory for most employers through a ballot initiative, now known as the Earned Sick Time Law. While voters made clear that they favor the idea of paid sick leave, the language of the law posed many problems for Massachusetts employers, and particularly those which already have sophisticated leave policies in place. The Massa-chusetts Attorney General’s Office has now issued proposed regula-tions that, if enacted, will provide some clarity for employers, but ultimately leave certain questions unanswered.
The new law was primarily intended to ensure hourly wage and part-time workers – and particularly those in the food services industry – could take sick leave to protect the health and safety of their cowork-ers and customers. Now, however, it imposes far-reaching obliga-tions on nearly all Massachusetts employers. Effective July 1, 2015, the new law requires employers with 11 or more employees to allow employees to accrue one hour of paid sick leave for every 30 hours worked. Employers with fewer employees must provide unpaid leave that accrues at the same statutory rate. The statute lacks guidance on several issues, however, including who qualifies as an employer and/or an employee, how to calculate sick time pay for certain work-ers, how the new law interacts with other leave laws, and how the law affects employers’ policies designed to prevent abuse of paid leave.
Recognizing the concerns created by the Earned Sick Time Law, the Massachusetts Attorney General’s Office proposed regulations to clarify many of its confusing provisions and provide much-needed guidance for areas the statute fails to address. For example, the new law requires that workers be paid their “same hourly rate” when taking earned sick leave, but fails to explain how employers should calculate the sick leave pay rate for employees who are not paid by the hour. The proposed regulations clarify that, for employees paid on a piece work basis, salary, or any other fee basis, employers should calculate their sick pay by dividing the employees total earn-ings in the previous pay period by the total hours worked during the previous pay period, excluding overtime.
The proposed regulations also address the increments by which an employee may take sick leave. While the statute provides that sick leave can be taken in the smallest increment allowed by the employ-er’s payroll system, the regulations explain that an employer may require an employee to use up to a full shift of earned sick time when the employee’s absence requires the employer to hire a re-placement (and, of course, the employer actually does so). This clari-fication provides a small break to employers and may help to deter potential abuse, such as employees attempting to use a few hours of sick time on a Friday to extend their weekend.
The regulations still leave questions for employers, however. For example, the regulations provide no further guidance on how the new law applies to collective bargaining agreements. Employers may have to renegotiate certain provisions of collective bargaining agree-ments with unionized employees in place if they do not meet the law’s requirements. Further, while the regulations provide an em-ployer may discipline an employee for sick leave misuse, the statute limits an employer’s ability to request documentation for an absence. The regulations do not clearly explain how an employer can lawfully identify abuse. (cont. page 5)
Other notable components of the proposed regulations include the following:
Earned sick leave must be provided in addition to leave provid-ed by FMLA, the Massachusetts Parental Leave Act, the Massa-chusetts Domestic Violence Leave Act (another new state leave law), and the Small Necessities Leave Act.
The regulations also clarify who qualifies as a Massachusetts employee. To be eligible for earned sick time, an employee’s primary place of work must be in Massachusetts, although the employee does not have to spend more than 50% of their working time in Massachusetts. For example, if 40% of the employee’s work is in Massachusetts, 30% in New Hampshire, and 30% in other states, Massachusetts is the primary place of work.
To calculate whether an employer has 11 or more employees, all employees must be counted, including those outside of Mas-sachusetts. This means that an employer with 10 employees in New Hampshire and one in Massachusetts must provide the Massachusetts employee with paid sick leave, rather than un-paid leave.
Employees who take a sabbatical or break in service up to one year maintain the right to use their accrued sick time upon their return to work.
Employers and employees may agree for the employee to “make up” their missed hours to avoid use of paid sick time, subject to federal wage and hour laws.
Attendance incentive policies that reward employees for good attendance are permissible under the new law, and an employ-ee’s inability to earn a reward because of earned sick time use is not an “adverse action.”
Recognizing that this new law goes into effect in the middle of many employers’ fiscal and/or calendar years, the regulations contain guidance for calculating earned sick leave during the 2015 “transition year.”
The Attorney General’s office held six public hearings throughout May and June at which comments on the proposed regulations can be made, and accepted written public comments until June 10, 2015.
Contact the authors at
Earned Sick Time cont.
Federal anti-SLAPP Statute Proposed in Congress by Leslie P. Machado, Esq.
With the District of Columbia Circuit holding that the DC anti-SLAPP act does not apply in federal court, and at least four judges in the Ninth Circuit concluding that Circuit erred in applying state anti-SLAPP statutes in federal court, the need for a federal anti-SLAPP statute has become more urgent.
Accordingly, the “‘Securing Participation, Engagement, and Knowledge Freedom by Reducing Egregious Efforts Act of 2015” or the ‘‘SPEAK FREE Act of 2015” has been introduced in Congress. Notwithstanding its . . . interesting . . . name (seriously, who has to come up with the words to fit these acronyms?), the statute is a potential game-changer in this developing area of the law.
Here are the details:
The proposed federal legislation would apply to any claim that “arises from an oral or written statement or other expression, or con-duct in furtherance of such expression, by the person against whom the claim is asserted that was made in connection with an official proceeding or about a matter of public concern.” (This is broader than some state anti-SLAPP statutes, which apply only to speech made in a public or official proceeding).
Like the DC anti-SLAPP statute, the proposed federal anti-SLAPP act establishes a low threshold for the moving party, and a higher bur-den for the party opposing the motion:
If the party filing a special motion to dismiss a SLAPP
suit makes a prima facie showing that the claim at issue
arises from an oral or written statement or other expression
by the defendant that was made in connection with an
official proceeding or about a matter of public concern, then
the motion shall be granted and the claim dismissed with
prejudice, unless the responding party demonstrates that
the claim is likely to succeed on the merits, in which case
the motion shall be denied.
(Interestingly, the proposed federal legislation does not define what “likely to succeed on the merits” means – an issue which has bedev-iled judges in the District of Columbia (see prior articles— http://dcslapplaw.com/2013/07/11/whats-the-standard/ and http://dcslapplaw.com/2015/04/09/three-takeaways-from-the-dc-superior-courts-order-granting-c4adss-anti-slapp-motion/.
The proposed federal legislation requires an anti-SLAPP motion to be made within 45 days after service, or within 30 days after removal to federal court. It requires the Court to promptly hold a hearing on the motion. And it requires the Court to issue a ruling on the motion within 30 days after it is fully briefed or heard. (These hearing/decision deadlines, which are not in the DC anti-SLAPP statute, are an excellent idea).
(cont. page 6)
The proposed federal legislation stays discovery “unless good cause is shown for specified discovery,” and allows for an immediate ap-peal “from an order granting or denying in whole or in part a special motion to dismiss.” It provides that a prevailing party shall be entitled to “litigation costs, expert witness fees, and reasonable attorneys fees,” while providing that the Court shall award similar fees and costs if it concludes that a motion was “frivolous or is solely intended to cause unnecessary delay.”
Like the DC anti-SLAPP statue, the proposed federal statute also contemplates a special motion to quash:
A person whose personally identifying information is
sought in connection with a claim subject to the procedure
described in section 4202(a) may at any time file a motion
to quash the order to produce the information. If the party
filing a motion to quash makes a prima facie showing that
the order is for personally identifying information, then the
motion shall be granted and the order to produce the
personally identifying information shall be quashed, unless
the responding party demonstrates with an evidentiary
showing that the claim is likely to succeed on the merits
of each and every element of the claim, in which case
the motion to quash shall be denied.
Most importantly, given that more than 20 states do not have anti-SLAPP statutes, several other states have narrow statutes and there is now growing uncertainty whether anti-SLAPP statutes apply in federal court, the proposed federal legislation allows an action that involves a claim arising under the statute to be removed to federal court. If the anti-SLAPP motion is denied, the case returns to state court.
Contact the author at [email protected]
Leslie Machado is the editor of LeClairRyan’s D.C. anti-SLAPP Blog, at http://dcslapplaw.com/
Lawsuits Challenge Classification of Uber Drivers as Independent Contractors by Brian G. Muse, Esq.
Uber is unquestionably a very hot commercial brand. Through the use of an app on a mobile phone or smart device, consumers can schedule a driver to pick them up and transport them to a destination. Unlike a traditional taxi company, however, Uber drivers are classified by the company as independent contractors and not employees. Uber drivers use their own vehicles and are free to work for other companies (such as competitor Lyft). Uber steadfastly maintains that it is not a transportation company at all, but rather a software technology company that provides a platform to connect consumers with a service. In multiple law-suits pending in California, however, drivers for Uber (and in another case its competitor Lyft) have filed lawsuits alleging that they should be considered employees entitled to related benefits and protections under federal and state law.
Employee vs. Independent Contractor
The proper classification of workers as employees or independ-ent contractors is not a new concern for many employers. Un-like employees, independent contractors are not subject to a variety of employment laws, including wage and hour laws, anti-discrimination laws, and unemployment and workers com-pensation requirements. The misclassification of an employee as an independent contractor, however, can carry steep fines and penalties under federal and state law, as well as claims for unpaid wages and benefits by the misclassified employees. For a company like Uber, misclassification also may have a signifi-cant impact on its business model moving forward, particularly if the company (and similar companies like Lyft) is required to undertake greater overhead expenses and assume greater risks in offering services to the public.
(Mis)Classification in the New Economy
Although a number of specific tests are associated with analyz-ing independent contractor status (“economic realities test”, “20 factor test”, and “ABC Test” just to name a few), ultimately, the critical factor for most, if not all, of these tests is the degree of control the business exercises over the independent contrac-tor/employee. A key consideration is whether the business con-trols the nature of the work performed by the contractor/employee, or whether that individual is able to determine the manner and method of the work. Other oft-cited factors include whether the job is integral to the operation of the business (more likely to be considered an employee), how dependent the individual is on the business for their livelihood, and whether the individual works exclusively for the business.
These tests (regardless of what they are specifically called) can be problematic for businesses like Uber that operate in a virtual or on-demand economy. Unquestionably, Uber drivers have many of the hallmarks of independent contractors. They use their own vehicles, pay for their own gas, set their own hours, and are free to work for anyone. Many, if not most drivers, also work regular jobs as employees for other businesses. Lawyers for the plaintiff-drivers, however, have focused on how integral the drivers are to Uber’s business, and are dependent on Uber for business. Essentially, their position is that, regardless of how Uber classifies its business, it could not operate without drivers, and the drivers could not operate without Uber.
These cases will ultimately prove a test of not only independent contractor status, but also for businesses, such as Uber, that operate in a “sharing economy” in an online marketplace. Ub-er, and other “sharing economy” businesses (such as EBay and Freecycle to name just two) rely not on brick and mortar and a traditional production chain, but rather rely on their ability to connect consumers directly (con.t page 7)
with services. If these businesses are required to undertake or “own” traditional labor burdens, including employee benefits, taxes, and health care costs (as well as ADA compliance in another lawsuit currently being defended by Uber) it has the potential not only to impact operating costs, but also go to the very heart of their business model.
The pending wage and hour claims against Uber (and its com-petitor Lyft) in California will serve as important test cases regarding how traditional notions of independent contractor classification will operate for new business models that focus on connecting consumers and services through social media and new technology. Although Uber is one of the first such companies to litigate this issue, it mostly certainly will not be the last.
Contact the author at [email protected]
This article and others are available on our EPLI blog at
Uber Misclassification cont.
Do You Have a Data Breach Response Plan? The Justice Department Thinks You Should
by John P. Hutchins, Esq.
In the wake of significant retailer data breaches in 2013 and 2014, and additional significant breaches continuing in 2015, a trend is clearly developing — an expectation of proactive risk identification and mitigation from a legal, tech-nical and business process perspective as the “gold standard” in terms of what organizations should be doing to protect sen-sitive customer, consumer or individual data, particularly with regard to the ever-expanding category of “personally identifia-ble information.” Massachusetts, Nevada and New Hamp-shire have passed laws specifically requiring private sector cybersecurity assessment and adherence to security standards by companies holding sensitive consumer data. It’s a matter of time before other states follow. Further, Congress is in broad agreement about the need for legislation on cybersecurity, and there has been a wide range of congres-sional proposals for statutory requirements for protection of various other kinds of sensitive data over the past few years
Most recently, on April 30, 2015, the U.S. Department of Justice issued cybersecurity guidance that counsels every organization with personally sensitive data to develop a well-considered, proactive Incident Response Plan before an attack hits, retain experienced legal counsel and remain vigilant even after an incident appears to be under control. Regardless of what kind of risk assessment your organization may or may not have done to date, one thing is clear from the lessons of the past 10 years since “data breaches” first became a newsworthy topic – data breaches can happen to anyone. Headlines have trumpeted the causalities.
In the wake of one of the largest and most infamous data breaches, the impacted company’s General Counsel, in testi-mony before Congress, offered one over-arching piece of ad-vice: Have a data response team and a response plan in place.
So, here’s a simple explanation of the basic elements of a good Data Breach Incident Response Plan.
First, build an Incident Response Team. Identify the constituen-cies within your organization that need to be involved with any potential response to a breach crisis. This will usually include representatives from legal, IT, HR, public relations and execu-tive management. The best practice is to appoint Team mem-bers from each of these groups, as well as backup Team mem-bers in case the appointed member for some reason can’t serve when a crisis occurs (i.e. family or medical leave, etc.). It’s also important that the people be appointed by authorized decision makers. The last thing you want in a crisis is a culture of deci-sion-making-by-committee to take over. The people named to your Incident Response Team should be prepared for a crisis and ready to take decisive action. For that reason, it’s very im-portant to pre-identify, as members of your Team, individuals from a qualified and experienced outside law firm, a computer forensics firm, and your insurance carrier. Before a breach cri-sis occurs, your Incident Response Team should caucus peri-odically, discuss and refine your Incident Response Plan, and “war game” possible responses to a breach. Table-top exercises are a great idea.
In that regard, your Incident Response Team, and especially outside counsel and your forensics firm, should become inti-mately familiar with relevant policies, organizational structure, operations and infrastructure considerations before a breach occurs. Many times, in a breach situation, hours and minutes matter, and there is no time to waste. If brand new people are forced to get up to speed in the heat of a crisis, when key em-ployees are scrambling and even fearful, critical information-sharing can be impeded, and important aspects of your re-sponse can be unnecessarily delayed.
In the same spirit, your organization, including your Incident Response Team, should periodically review your organization’s exposures regarding collection practices, use, storage, scope of disclosure and risk of harm regarding personally identifiable information (broadly defined) or Protected Health Information. That includes reviewing contracts with outside vendors who may have responsibility for storing or managing your infor-mation in the cloud. What level of detail your organizational review includes will vary from one organization to the next, but proactively deciding to conduct such a periodic review, even with a small team, will raise important questions about your organization’s vulnerabilities and preparedness. It would also be a first step toward the kind of organizational assessment required by state laws discussed (cont. page 8)
Jeffrey L. Alitz
Elizabeth J. Atkinson
Douglas H. Amster
Michael E. Barnsback
Janet R. Barringer
Catherine A. Bednar
Daniel J. Blake
Paul G. Boylan
John D. Coyle
Barry A. Cozier
J. Douglas Cuthbertson
Ben N. Dunlap
Bruce S. Edington
Andrew J. Fay
Laura C. Fedyna
Linda B. Georgiadis
Judd A. Gilefsky
Michael P. Giunta
Tracy Taylor Hague
A. Neil Hartzell
Michael S. Hays
Ronald S. Herzog
W. Michael Holm
Charles H. Horn
Warren D. Hutchison
Robin Gnudi Kalocsay
Kevin G. Kenneally
Stephen E. Kesselman
John T. Kovach
Paul C. Kuhnel
Eric A. Martignetti
James J. McConn, Jr.
Thomas K. McCraw, Jr.
Patrick E. McDonough
John W. Moran
Kevin P. Oddo
Jeffrey L. O’Hara
Matthew M. O'Leary
Thomas C. Regan
Nancy M. Reimer
Leslie F. Ruff
Charles M. Sims
David A. Slocum
Patrick T. Voke
Michael B. Weinberg
LeClairRyan’s Accounting and Legal Malpractice Attorneys
with offices in
New Haven, CT
New York, NY
Los Angeles, CA
San Francisco, CA
Glenwood Springs, CO
Las Vegas, NV
above and put you on the road toward building a comprehen-sive Information Security Program, even if your organization is not immediately committed to a full-fledged assessment and comprehensive program at this time.
The next consideration regarding an Incident Response Plan is a plan for controlling internal communications in the event of a breach crisis. Emails, especially, have a tendency to start flying once a crisis breaks. If litigation ensues, internal communica-tions among a broad group of people – especially people who are uninformed or have no need to be discussing the issues – can come back to bite your organization. Your Incident Re-sponse Team should be prepared, in advance of a breach cri-sis, to communicate quickly and clearly to your organization that a specially prepared Team is “on it” and that internal com-munications regarding the events in question should be cur-tailed to the greatest degree possible. To that end, employee interviews conducted as part of your internal and forensic in-vestigation as to the causes and extent of the breach should be conducted with counsel included, so that the protection of at-torney-client privilege is preserved.
It’s also important to pre-plan regarding any outside third par-ties who must be contacted in the event of a breach. This is generally driven by the industry you’re in, the regulatory posture of your business, and relevant breach notification laws. For instance, if you’re a financial institution or a HIPAA-covered entity, the notification schemes governing those industries require regulators to be notified of a breach in certain circum-stances. Likewise, certain state notification statutes require noti-fication of the state Attorney General or other consumer protec-tion officials if certain thresholds are met. Knowing who you must notify outside of your organization, and how to notify them, before a breach occurs is critical.Although Uber is one of the first such companies to litigate this issue, it mostly certainly will not be the last.
Finally, it’s important, before a breach occurs, to have one spokesperson identified who will speak for your organization. Preferably, this person should be a member of your Incident Response Team so that they are adequately informed from the start. Multiple voices speaking to multiple constituencies – your internal organization, regulators, media outlets or law enforce-ment – generally just create a lot of noise, rather than a con-cise, informed, consistent message that is necessary to bring efficiency to your response, and calm to all the various constitu-encies concerned.
Building an Incident Response Plan is just one aspect of infor-mation security. Ideally, it should be part of a broad Information Security Program that includes assessment of all of your organi-zation’s information vulnerabilities and risks. But it’s perhaps the easiest step to accomplish, and when (not if) your organiza-tion experiences a data breach, you’ll be glad you set out to prepare yourself ahead of time.
Contact the author at [email protected]
John Hutchins is the editor of LeClairRyan’s Data Privacy and Security Practice Area. Check out the team’s new blog—Information Counts—at http://informationcounts.com/
Data Breach cont.
Want to subscribe ? Send an email to [email protected] with ACCT/ATTY News in the Subject line.