Cybersecurity & Data Privacy Updates, Part II

From California to New York, data privacy laws and enforcement actions are ramping up. Check out some highlights below.

1. New York State Department of Financial Services launched its first enforcement action in July 2020.

As U.S. companies focus on CCPA enforcement, they should not ignore other state laws and accompanying regulations. The New York Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies (“DFS’s Cybersecurity Regulation”) first took effect on March 1, 2017.

Recently, cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data.  In an effort to combat such exploitation, this regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a vigorous way. Senior management are encouraged to take this issue seriously. They must ensure that someone is responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations. A regulated entity’s cybersecurity program must ensure the safety and soundness of the institution and protect its customers.

On July 22, 2020, the New York Department of Financial Services announced cybersecurity charges against First American Title Insurance Company for exposing millions of documents with consumers’ nonpublic personal information over the course of several years, including bank account numbers, mortgage and tax records, Social Security Numbers, wire transaction receipts, and drivers’ license images.

This marks the first cybersecurity enforcement action filed by the Department. The hearing will take place at the office of the New York State Department of Financial Services beginning on October 26, 2020.

2. What is The California Privacy Rights Act of 2020—“CCPA 2.0?”

If you’re thinking, “Wait! Didn’t the California Consumer Privacy Act (“CCPA”) just go into effect?” You’re right. The CCPA took effect on January 1 of this year, and enforcement actions began on July 1. Already, a privacy advocacy group, California for Consumer Privacy, collected 900,000 signatures to place the California Privacy Rights Act (“CPRA”) on the November 2020 ballot. According to several news sources, current polling suggests that the bill will pass.

The CPRA seeks to, among other things, establish the California Privacy Protection Agency (“CPPA”), a new privacy enforcement authority, similar to the Data Protection Authority put in place in the European Union by the General Data Protection Regulation (“GDPR”). This Agency will be empowered to fine transgressors, hold hearings about privacy violations, and clarify privacy guidelines.

In addition, the law would establish a new category of sensitive personal information, including Social Security numbers, precise geolocation data, biometric or health information, and more. It would also give consumers greater power to restrict the use of such data. The law would also add email addresses and passwords to the list of items covered by the “negligent data breach” section to help curb identity theft.

3. The Connecticut Insurance Data Security Law goes into effect on October 1, 2020.

The Act establishes standards applicable to licensees of the Connecticut Insurance Department for data security, the investigation of a cybersecurity event, and notification to the Department of such event. In preparation for this law to take effect, Connecticut’s Insurance Department issued a Bulletin on July 20, 2020 to all licensees of the Department.

Licensed insurance companies, and any other companies otherwise authorized to operate pursuant to the insurance laws of Connecticut, should be aware of and follow the guidelines laid out in the Bulletin.

The attorneys at Flaster Greenberg are following developments related to the COVID-19 Pandemic and formed a response team and to work with businesses to keep them up-to-date on developments that impact their business. If you have any questions on the information contained in this blog post, please feel free to reach out to Donna UrbanKrishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups. 

COVID-19 RESOURCE PAGE

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource page on our website. Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business.

Cybersecurity & Data Privacy Updates

cybersecurity and data privacy updates

There is a lot going on in the world right now—and the world of data privacy is no exception.

Here is a snapshot of what’s on our radar:

1. Senators Jeff Merkley and Bernie Sanders introduced the National Biometric Information Privacy Act of 2020 on Tuesday, August 4, 2020.

This legislation would, among other things, prohibit private companies from collecting biometric data—including eye scans, voiceprints, faceprints, and fingerprints—without consumers’ and employees’ consent, or profiting from this data. This introduction comes amid growing concerns over the prevalence of biometric data collection among private companies, including the use of facial recognition technology.

This legislation limits the ability of companies to collect, buy, sell, lease, trade, or retain individuals’ biometric information without specific written consent, and requires private companies to disclose to any inquiring individual the information the company has collected about that individual. Importantly, this bill would allow individuals and State Attorneys General to bring lawsuits against companies that fail to comply.

2. Several United States Senators have urged Congress to include the privacy protections contained in the Public Health Emergency Act into any new stimulus package.

On July 28, 2020, several U.S. senators drafted a letter addressed to senate leaders urging them to include the privacy protections contained in the Public Health Emergency Privacy Act in any forthcoming stimulus package.

The senators emphasized the need for commonsense privacy protections for COVID data because “public trust in COVID screening tools will be essential to ensuring meaningful participation in such efforts.” Research shows that many Americans are hesitant to adopt COVID screening and tracing apps due to privacy concerns; therefore, the lack of health privacy protections could significantly undermine efforts to contain this virus and safely reopen—“particularly with many screening tools requiring a critical mass in order to provide meaningful benefits.”

As the drafters point out, “health data is among the most sensitive data imaginable and even before this health emergency, there has been increasing bipartisan concern with gaps in our nation’s privacy laws.” The drafters believe these common-sense protections are critical in quelling the spread of COVID-19 while at the same time protecting sensitive health and geolocation information.

We will continue to track this legislation and provide updates as they become available.

3. Schrems II invalidated the EU-US Privacy Shield.

On July 16, 2020, the Court of Justice of the European Union issued a decision in Data Protection Commission v. Facebook Ireland, Schrems. The decision, known as Schrems II, invalidated the European Commission’s adequacy decision for the European Union-United States (EU-US) Privacy Shield framework, which is critical for more than 5,000 United States based companies that conduct trans-Atlantic trade in compliance with EU data protection rules.

The Court found the European Commission’s adequacy determination for the Privacy Shield invalid for two primary reasons: (i) the US surveillance programs, which the commission addressed in its previously-issued Privacy Shield decision, are not limited to what is strictly necessary and proportional as required by EU law; and (ii) with regard to US surveillance, EU data subjects lack actionable judicial redress and, therefore, do not have a right to an effective remedy in the US, as required by the EU Charter.

The Schrems II decision requires both data importers and data exporters to be reasonably certain that they can comply with their obligations in the Standard Contractual Clauses. Where they cannot comply, importers and exporters should likely stop transferring data, forcing some companies into data localization. Schrems II addresses a long-running series of issues regarding the appropriate role of surveillance in our society and its inevitable clash with privacy.

This decision also influences data flows across nations. Some data privacy professionals believe that we are moving away from global data flows and moving towards more fragmented data flows. This shift could have a particularly significant impact on e-commerce. For more, see the Court of Justice of the European Union’s Press Release on this decision.

The attorneys at Flaster Greenberg are following developments related to the COVID-19 Pandemic and formed a response team and to work with businesses to keep them up-to-date on developments that impact their business. If you have any questions on the information contained in this blog post, please feel free to reach out to Donna Urban, Krishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups. 

COVID-19 RESOURCE PAGE

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource page on our website. Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business.

 

More Tips On Protecting Your Virtual Meetings to Avoid a Cybersecurity Breach: An Update

top view photo of girl watching through imac

Photo by Julia M Cameron on Pexels.com

At this point, many of us are well into our fourth or fifth week of quarantine due to the outbreak of COVID-19. Even for those of us who are fortunate enough to be able to work remotely from our homes, this comes with certain challenges, including potential security issues with virtual conferencing. In our first installment about virtual meetings, and their unintended vulnerabilities, we provided some guidance on how you and your staff might implement certain strategies to keep your virtual conferences as safe as possible from hackers and trolls. In this new installment, we will provide further guidance on staying safe amidst emerging privacy and security concerns associated with virtual meeting platforms.

Zoom Announces Updates to its Data Privacy and Security Measures

On April 1, 2020, the Chief Operating Officer of Zoom, Eric Yuan, announced certain changes that Zoom is making to enhance its virtual meeting spaces. On April 14th, the Chief Product Officer of Zoom, Oded Gal, provided clarification on those enhancements to those of us who are using Zoom during quarantine.

  • Have a plan and be prepared for interference in your virtual meetings. Zoom has encouraged its users to have a plan in place for their virtual meetings and to be prepared should any unwanted interference arise. This includes ensuring that the application has been updated to include the latest security features, co-hosting meetings whenever possible, and utilizing preexisting and new security tools built into the application. To check for updates to the app, click on the main menu, then click on “Check for Updates,” and then “Begin Upgrade” if any new updates are available. We recommend doing this every week or so to ensure that you and your staff are up to speed on all available cybersecurity protections.
  • Co-host and record your virtual meetings whenever possible. A meeting creator can choose to co-host a meeting while creating the meeting invitation or in the actual Zoom meeting itself. A co-host can monitor the virtual waiting room or assist with any disruptions. Furthermore, record your Zoom meetings whenever possible because recording meetings creates a forensic trail of the meetings, as well as any bad actors that interfere with them, as soon as the meetings begin. The more data that virtual meeting platforms are able to collect about bad actors, the better able they are to stop the threat of further disruption.
  • Zoom has increased access to its security features. Zoom has made its pre-existing security features easier to find. A “Security” button has been added to the bottom banner of virtual meetings and is now easily accessible to meeting hosts. By clicking on this new security feature, meeting hosts are able to enable a waiting room or lock the meeting. Moreover, a meeting host can also remove a participant from a virtual meeting. Once that participant has been removed, he or she cannot reenter the meeting, even if using a different username. This is because as a part of Zoom’s new security rollouts, Zoom has started to collect IP addresses, among other data, to be able to better respond to security threats. While removing a participant from a meeting will only remove the participant from that particular meeting, you have other tools available to permanently block that user.

For example, right now Zoom recommends recording your meetings whenever practicable to ensure a forensic trail is created, as stated above. In addition, Zoom recommends taking a screenshot whenever a bad actor enters your virtual meeting. Then, you can report this intruder on Zoom’s website. And starting this coming weekend, Zoom will be releasing a new security feature built into the app, which will allow users to send a report to Zoom right from the security button should any unwanted interference arise.

Other Noteworthy Developments

Zoom announced that as of April 1, 2020, it would freeze all future product development except for data privacy and security updates for the following 90 days. Moreover, beginning April 18, 2020, every paid Zoom customer will be able to customize which data center regions their account can use for its real-time meeting traffic. By default, however, there will be no connection to any data centers in China beginning April 18, 2020 for all users. Additionally, users with an “.edu” registered email address are automatically given the highest level of security in their meetings, and this will continue. Zoom has begun to address user demands for a “kid-friendly” interface, but it has not yet launched any such interface.

Other virtual meeting platforms, such as GoToMeeting, have also enacted enhanced security protections in their respective applications. For example, GoToMeeting gathers cyber threat intel through partnerships including external intelligence communities, personal and professional sharing groups, and its own internal research to collect Indicators of Compromise or IoC data. IoC can include forensic data such as IP addresses, domains, hashes, and pulls them into its threat intelligence platform to reduce the risk of cyber threats.

Still though, platforms like Zoom and GoToMeeting urge users to utilize additional security measures as outlined in our previous blog post, and above, to provide the greatest level of privacy and data security for your virtual meetings.

Updates on Regulatory Guidance

On April 8th, Senator Edward Markey, whose priorities include telecommunications, technology, and privacy policy, urged the Federal Trade Commission (FTC) to publish industry cybersecurity guidelines “for companies that provide online conferencing services, as well as best practices for users that will help protect online safety and privacy during this pandemic and beyond.”

In Senator Markey’s letter, he urges that the guidance cover, at a minimum, the following topics:

  • Implementing secure authentication and other safeguards against unauthorized access;
  • Enacting limits on data collection and recording;
  • Employing encryption and other security protocols for securing data; and
  • Providing clear and conspicuous privacy policies for users.

Senator Markey also requests that the FTC develop best practices for online conferencing users, so that they can make informed, safe decisions when choosing and using these platforms. He requests that these best practices cover at least the following topics:

  • Identifying and preventing cyber threats such as phishing and malware;
  • Sharing links to online meetings without compromising security;
  • Restricting access to meetings via software settings; and
  • Recognizing that different versions of a company’s service may provide varying levels of privacy protection.

To date, the FTC has not published new guidelines.

Remember to have a plan and be prepared. Stay safe, everyone!

If you have any questions, please feel free to reach out to Donna UrbanKrishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups.  

Donna T. Urban is a member of Flaster Greenberg’s Commercial Litigation and Environmental Law Departments concentrating her practice in telecommunications law, environmental regulation and litigation, and privacy and data security. She is a seasoned litigator, and for more than 20 years has successfully represented business clients in contract disputes, regulatory matters, and complex negotiations. She can be reached at donna.urban@flastergreenberg.com or 856.661.2285.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

  

Ten Tips for Avoiding Litigation: Tip #5 – Treat Your Employees Fairly and Consistently

Business teamwork and global finance blue background

The lifeblood of every business – big, small or in-between – is its employees, aptly called its human resources or human capital. A company can have the most innovative product or service idea in the world, along with a recognized market and an excellent strategy for capitalizing on it, but, without the right people to implement the idea and the right managers to train, supervise, and motivate that staff, the idea is likely to fail. That is why your employees are your most valuable resource. At the same time, however, employees are also frequent sources of litigation for businesses, including claims for wrongful discharge, discrimination, harassment, hostile work environment, failure to accommodate a disability, wage and hour violations, failure to properly pay overtime, breach of non-compete agreements, and theft of company trade secrets, to name just a few.

Employees are much more challenging to manage than any other resource your company uses to conduct its business. Your inventory, for example, is, for the most part, fungible. If one source dries up or becomes prohibitively expensive, chances are you will be able to find a replacement source. Similarly, your equipment is generally easily repairable or replaceable if something breaks. Not so with your employees. They require training, motivation, and incentives. They take sick days, personal days, and holidays. They go on vacation, care for sick or disabled family members, and sometimes they do not get along or work well with each other. And they sue their employers with increasing frequency.

In addition, studies show that the replacement of just one key employee can cost your business hundreds of thousands of dollars. Think about the down time and lost productivity associated with the departure of the former employee, internal and external recruitment costs to find a replacement, costs of training and orienting the new employee, and the down time and lost productivity involved in getting the new employee up to speed. These are just a few of the costs associated with losing an employee.

In short, you have invested a huge amount of your company’s resources in your employees. Doesn’t it make sense that you should protect that investment by implementing policies to keep your employees productive, motivated, safe, healthy a relatively happy? Here are some things you can try to help accomplish that goal.

First, always treat your employees respectfully, honestly, and fairly. This suggestion might sound obvious, and it is, but it is also frequently forgotten or ignored in the normal stress of the business world. It might also sound inconsequential, but it might just be the key to reducing claims against the company by its employees. Every employee wants to feel like his or her work is valued and essential for the success of the business. Finding ways to recognize and honor all your employees’ contributions will pay significant dividends. Even simple gestures will reap rewards in areas like better employee morale and increased productivity among your staff.

Second, don’t BS your employees. They know what is going on in the world and how outside events affect the company. They also know far more than you think about changes the company is considering, especially changes that could affect them negatively. Silence and secrecy may be necessary, but outright lying to employees is never a good idea. It is guaranteed to produce a cynical, untrusting, and equally secretive staff.

Third, have clear, well-defined company policies to let employees know what behavior you expect from them, what behavior you will not be tolerate, and the consequences of engaging in that behavior. These policies should be memorialized in a written employee manual or, even better, easily accessible to employees on the company website. You should hire an experienced employment lawyer, who is knowledgeable about the current state of constantly changing employment laws in your jurisdiction, to draft your employee manual. The manual should also contain procedures for addressing problems when they arise, and for reporting violations. Whom do you call when X happens? To whom do you report violations of Y policy?

Fourth and finally, once you have those company policies in place, enforce them as consistently as possible. One of the most difficult management tasks is balancing the goal of fairness and consistency versus the desire to be flexible and treat people as individuals rather than as interchangeable parts. Rigid, unthinking, and blind adherence to rules can not only damage employee morale by stifling creativity and employee innovation, but also lead to unsatisfactory and inappropriate results. On the other hand, any perception by your employees that you are showing inconsistency or, even worse, favoritism in your enforcement of certain policies can lead to divisiveness and be equally damaging to employee morale. Inconsistently enforced rules are, in some ways, worse than no rules at all.

The safest, but perhaps most difficult path to follow, is to treat rules as sacrosanct except in unusual and rare cases that require special empathy and flexibility. If you conclude that a large number of your employee could qualify for the same exception if they were to ask for it, then you should either deny the request for an exception or consider scrapping the rule. Before making any exception to a policy or rule, consider the potential consequences down the road. What will you do the next time someone else asks for the same exception, particularly if that person is someone you do not particularly like? Reward your best employees with raises, promotions, stock options, and the like, not with exceptions to company policies. The former will motivate your good employees to try to be better; the latter will make them cynical about following company rules.

There are other ways to enhance and retain your human resources, such as training your managers to know and follow the applicable federal, state, and local employment laws,  and minimizing the use and severity of non-competition agreements. I will cover these topics in future installments of this blog, so stay tuned!

Click here for Tip #1: Always Have a Strong Written Agreement to Govern Your Business
Click here for Tip #2: Avoid Doing Business with Members of your Family
Click here for Tip #3: Check Your Insurance Coverage Frequently to be Sure it Protects Your Business from Exposure and Risk
Click here for Tip #4: Every Significant Business Transaction Should Be Documented

Phil Kirchner of Flaster Greenberg
Philip Kirchner is a member of Flaster Greenberg’s Litigation Department headquartered in Cherry Hill, NJ. He concentrates his practice on resolving business disputes, including complex litigation of all types of business issues in both the federal and state courts of New Jersey and Pennsylvania. He can be reached at 856.661.2268 or phil.kirchner@flastergreenberg.com.

 

 

Tips On Protecting Your Virtual Meetings To Avoid A Cyber Security Breach

Computer Hacker

Virtual Meetings, and their Unintended Vulnerabilities

Advanced technology and the availability of online video and teleconferencing software has certainly helped ease the transition to working remotely for many businesses, schools, health care providers, and even the Courts. However, these virtual meeting platforms, while increasingly popular and essential especially during the COVID-19 pandemic, are not always completely secure.

Over the past few days, you may have seen the term “Zoom-Bombing” circulating around the news. This term refers to nefarious actors, or trolls, on the web hijacking Zoom and other virtual meetings to display a variety of disruptive, and often disturbing, behavior. This computer hacking creates serious privacy concerns as it exposes confidential and sensitive material, such as medical information, financial data, trade secrets, and other proprietary information, to these intruders and other third parties.

Protect Your Meetings from Uninvited Guests

We suggest taking the following steps to help keep your virtual meetings closed to intruders:

  • Create a random or randomly-generated meeting number for each meeting. Zoom, and other virtual meeting platforms such as GoToMeeting or Skype for Business, allow for a standing meeting number but reports have indicated that such standing meeting numbers are being sold on the dark web. In at least one instance, stolen account information such as email addresses, passwords, meeting identifications, type of account, host keys, and names were actively being sold or posted to the dark web. In other instances, sensitive information from virtual meetings was discoverable through a search engine on the open web. Even a United States healthcare provider, seven educational institutions, and one small business were targeted in such virtual meeting cyberattacks.
  • Ensure that each meeting is password-protected. For example, Zoom can automatically create a password and does with each new meeting. In the alternative, when creating the invitation, the meeting creator can assign a password in the invitation. The password will then be included in the meeting invitation that is sent out to the attendees.
  • Lock virtual meetings once they’re in session. Some virtual platforms allow for meeting creators to lock their meetings once they’re in session. To prevent unexpected attendees from joining a current session, lock your meeting or enable a virtual waiting room. You’ll be notified when an attendee attempts to join and can easily connect all waiting attendees to the meeting by unlocking.

These precautions should help keep your virtual meetings free from any unwanted “Zoom-Bombers.”

Further Guidance

To further address these emerging privacy concerns, on April 8th, Senator Edward Markey, whose priorities include telecommunications, technology, and privacy policy, urged the Federal Trade Commission to publish industry cybersecurity guidelines for online conference providers for protecting consumers’ privacy.

If you have any questions, please feel free to reach out to Donna Urban, Krishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups.  

Donna T. Urban is a member of Flaster Greenberg’s Commercial Litigation and Environmental Law Departments concentrating her practice in telecommunications law, environmental regulation and litigation, and privacy and data security. She is a seasoned litigator, and for more than 20 years has successfully represented business clients in contract disputes, regulatory matters, and complex negotiations. She can be reached at donna.urban@flastergreenberg.com or 856.661.2285.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

 

 

Pennsylvania’s Business Relief Efforts in the Wake of COVID-19

Pennsylvania State Capitol

In the past few weeks, the Commonwealth of Pennsylvania has put forth several relief efforts directed towards businesses in an effort to alleviate the strain caused by the outbreak of COVID-19 or coronavirus.

Governor Wolf’s Disaster Relief Order

On March 6th, Pennsylvania Governor Tom Wolf issued an Executive Order mandating business closures throughout the Commonwealth to mitigate the risk of spreading coronavirus, or his “Disaster Declaration Order.” As a part of that Order, the Governor allowed for greater flexibility in a variety of industries. For example, the Order allowed for greater flexibility in the application of state and federal motor carrier regulations to accommodate truck drivers involved in emergency activities during this time. Accordingly, the Governor directed the Commonwealth Department of Transportation to waive or suspend any laws, or federal or state regulations, related to the drivers of commercial vehicles.

Moreover, both Governor Wolf and Rachel Levine, MD, Secretary of Health, have ordered that life-sustaining businesses and services (as outlined in this list) may continue to maintain in-person operations, but that other non-essential businesses such as gyms, salons and spas, casinos, concert venues, theatres, bars, sporting event facilities, golf courses, and non-essential retail facilities like shopping malls (except for pharmacies or other health care facilities located therein) must shut down. Liquor stores were also ordered to shut down pursuant to the orders, though grocery stores with Pennsylvania Liquor Control Board licenses may still sell wine and beer. Restaurants are permitted to remain open for carry-out and delivery only. Enforcement actions against businesses that do not close their physical locations began at 8:00 a.m. on March 23rd.

Business Exemption Options

Businesses may seek a waiver or exemption to the closure order by using Pennsylvania’s Department of Community and Economic Development’s (DCED) Business Exemption Form. Among other things, the form asks how the business seeking the exemption meets the definition of “life-sustaining.” Furthermore, it asks whether the business has a plan to meet Center for Disease Control (CDC) recommended guidelines to maintain employee safety during the COVID-19 pandemic. Businesses seeking an exemption should be mindful of the CDC’s guidance on the limitation on the number of persons permitted to be in one work space, and be ready to answer the above questions. Once an exemption form has been submitted, decisions will be communicated by email. In making its decisions, the Commonwealth will seek to balance public health, safety, and the security of its industry supply chains supporting life-sustaining businesses.

Additional Resources for Business Relief

Businesses that do not wish to seek, or do not qualify for, a business exemption have other sources of financial relief available. For example, the Pennsylvania DCED offers working capital loans that could be of assistance to businesses impacted by COVID-19. DCED resources and information will be posted to its website as they become available.

The United States Small Business Administration (SBA), in addition to local funding partners, may also be a source of assistance for affected businesses. The SBA’s Economic Injury Disaster Loans offer up to $2 million in assistance and can provide vital economic support to small businesses to help overcome the temporary loss of revenue they may be experiencing. These loans may be used to pay fixed debts, payroll, accounts payable, and other bills that are not being paid because of the disaster’s impact. The interest rate is 3.75% for small businesses. The interest rate for non-profits is 2.75%.

Moreover, the Commonwealth just created a portal for manufacturers, distributors, and other suppliers to upload information about supplies available for purchase so that the Commonwelath can efficiently procure these supplies for hospitals and other medical facilities across Pennsylvania. Notably, this includes any manufacturers that can shift their production to produce personal protective equipment (PPE) such as protective clothing, helmets, gloves, face shields, goggles, facemasks and/or respirators or other equipment designed to protect the wearer from injury or the spread of infection or illness (e.g., specialized sewing companies).

The Commonwealth has also decided that businesses that are temporarily closed due to COVID-19 will be granted Relief from Charges for any benefits received by a former employee who files for unemployment compensation, and their tax rates will not be increased because of COVID-19 related claims. Additionally, the Pennsylvania Department of Labor and Industry has programs to assist businesses impacted by COVID-19. The Shared Work Program, for example, can help keep employees attached to a business’s workplace by allowing an employer to temporarily reduce work hours rather than resorting to layoffs.

If a business has had to close temporarily, consider layoffs, or is financially at-risk for permanent closure, the Rapid Response Assistance Program is available to assist it with a variety of services and resources to help it. The Response Team is also available to assist employees. Moreover, the Commonwealth offers Local Assistance Partners so that businesses can contact them to discuss the impact of the coronavirus on their daily operations.

COVID-19 Working Capital Access Program

The COVID-19 Working Capital Access (CWCA) Program is administered by the Pennsylvania Industrial Development Authority (PIDA) and provides critical working capital financing to small businesses located within the Commonwealth that are adversely impacted by the COVID-19 outbreak. Importantly, there are no loan repayments required for the first 12 months.

All CWCA loan applications must be submitted through a Certified Economic Development Organization (CEDO). An eligible small business enterprise is a for-profit, limited liability company, partnership, proprietorship, or other legal business entity located in Pennsylvania, and having 100 or fewer full-time employees worldwide at the time of submission of the application. There will be a limit of $100,000 for each loan. The interest rate for such loans is 0%, except for agricultural producers, for whom the interest rate is 2%.

Philadelphia Small Business Relief Fund

The Philadelphia Small Business Relief Fund, jointly administered by the Department of Commerce (DOC) and the Philadelphia Industrial Development Corporation (PIDC), offers grants or zero-interest loans to Philadelphia small businesses impacted by the COVID-19 pandemic. The program aims to provide relief to small businesses in order to help them survive this crisis, retain as many employees as possible, help businesses avoid predatory lenders, and maintain the provision of goods and services for Philadelphia’s residents.

This is a three-tiered fund. Accordingly, the particular relief that a business qualifies for depends on its revenue level as follows:

  • Microenterprise Grants: Businesses are eligible for up to $5,000 per business for businesses with less than $500,000 in annual revenue.
  • Small Business Grants: Businesses are eligible for up to $25,000 per business for businesses with annual revenue between $500,000 and $3,000,000.
  • Small Business Zero-Interest Loans: Businesses are eligible for up to $100,000 per business for businesses with annual revenue between $3,000,000 and $5,000,000.

Businesses could have applied for all three tiers prior to Mayor Kenney’s announcement yesterday. Applications will be reviewed on a rolling basis once all materials are received and determinations should take about two weeks.

On Monday, March 30, Mayor Kenney announced that due to high demand and limited resources, the Philadelphia COVID-19 Small Business Relief Fund will not accept applications for the small business grants program or the small business zero interest loan program after 5:00 p.m. yesterday evening. Only applications for the microenterprise grant program, which provides $5,000 grants to small businesses, will be accepted after yesterday’s deadline.

Pennsylvania Industrial Development Authority

The Pennsylvania Industrial Development Authority’s currently putting together the Small Business First Fund to make $61,000,000 available for business assistance (see above). Funds can be used for working capital loans of up to $100,000 given to small businesses (and maybe nonprofits) who employ 100 or fewer people. Currently, the interest rates are set at 3% but the PIDA board has the authority to adjust the interest rates as low as 0%.

PIDA also provides low-interest loans and lines of credit for eligible businesses that create and retain full-time jobs for the development of industrial parks and/or multi-tenant facilities.

KIVA

Kiva is a nonprofit organization that gives entrepreneurs access to 0% interest small business loans through a crowdfunding platform.

FINANTA

FINANTA, short for FINANcing and Technical Assistance, is a nonprofit lending institution facilitating access to capital and/or consultation services for consumers, entrepreneurs, and first-time homebuyers in the Philadelphia region. FINANTA gives entrepreneurs affected by COVID-19, and other emergencies, loans that can range from $5,000 to $15,000 without closing fees. For more information about the loans or to apply, call 267-236-7030.

As businesses face the economic pressure caused by these uncertain times, they may be forced to make tough decisions to respond to these unprecedented challenges. If you or your client have any questions regarding the funds available, or how to weather this storm, you should consider contacting experienced legal counsel to assist you in this constantly changing area as soon as practical. Flaster Greenberg’s attorneys are available to discuss the available options at your convenience.

This blog post is part of Flaster Greenberg’s efforts to keep its clients and friends advised of the multitude of responses to the COVID-19 outbreak. The post can be found here and will be continually updated. If you have specific questions, or for more details on any of the above, please contact Krishna Jani, Doug Stanger, Damien Tancredi, or any member of Flaster Greenberg’s Corporateor Bankruptcy Departments.

COVID-19 RESOURCE PAGE

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource page on our website. Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business.

CARES Act to Provide Needed Aid to Small Businesses Dealing with Uncertainty and Disruption

Shopping Mall

The “Coronavirus Aid, Relief, and Economic Security Act” was signed into law by the President on March 27th in an attempt to curtail the massive economic fallout that is likely to result from the near complete shutdown of American commerce amid the COVID-19 pandemic. This comprehensive bill provides financial resources that augment the individual states’ responses. This alert will explain some of the relief provided by the CARES Act that affect businesses grappling with these difficult times. It provides only a summary of the highlights of the Act and should generally apprise you of the programs available.

The CARES Act allocates an additional $349 billion to loans and grants through the Small Business Administration (SBA). For small and midsize businesses, the most significant result of the Act is to amend Section 7(a) of the Small Business Act to create the Paycheck Protection Program (PPP).  The PPP provides loans of up to two and a half times a borrower’s average monthly payroll expenses (over the last twelve months) in order to pay employee wages, benefits, insurance premiums, mortgage, rent, and utility payments. “Payroll expenses” include employee pay, leave (vacation, sick, parental, family, etc.), and health insurance and premiums, but is subject to limitations for high earning employees. This program is designed to encourage and incentivize businesses with less than 500 employees to retain their labor force. Eligibility standards focus on whether the business was operational before the crises, not its ability to repay. The CARES Act also waives the “credit elsewhere” test and no longer requires a personal guarantee for PPP loans. All PPP loans have a maximum interest rate of 4%, but as shown below, some or all of these loans may be forgiven. Furthermore, the CARES Act provides that the SBA will pay principal and interest on existing and new SBA loans for six months.

PPP loans are eligible for forgiveness upon meeting certain standards and this canceled indebtedness will not be recognized as income. The SBA will forgive the amount that the borrower spent during the first eight weeks after receiving funds on: (i) payroll costs as defined above; (ii) interest on existing mortgages (iii) payments of existing rents; and, (iv) payments of existing utility service. Since the CARES Act is attempting to prevent job losses, a borrower’s eligibility to have its loan forgiven is proportionally reduced by any reduction in employees compared to the prior year. A borrower’s loan forgiveness is also reduced if an employee’s pay is decreased beyond 25% of his or her previous year’s pay. However, if an employer has already laid off or reduced an employee’s pay, it can reinstate that employee prior to June 30, 2020 without suffering a reduction in forgiveness.

In addition to the PPP, the CARES Act expands the availability of Economic Injury Disaster Loans (EIDLs) and expands the business entities eligible to receive them.  The CARES Act waives the need for personal guarantees for EIDLs less than $200,000 and approval is based strictly on the applicant’s credit score. Any applicant for an EIDL can also request up to $10,000 in an Emergency Grant that the SBA must distribute within three days. The advance payment through the Emergency Grant may not need to repaid but must be used to: (i) pay sick leave to employees; (ii) maintain payroll; (iii) meet increased costs to obtain materials; (iv) make rent or mortgage payments; or (v) repay obligations that cannot be paid due to revenue losses. Emergency funds or EIDLs that convert to SBA loans through the PPP can be forgiven as stated above.

The Act also provides valuable tax credits of 50% of the first $10,000 of wages paid by employers to each employee during the crisis. To be eligible, an employer must have had its operations fully or partially suspended due to a shut-down order or had its gross receipts decline by more than 50% compared to the same quarter last year. There are different rules concerning what wages are qualified depending on the number of employees a particular business employs. In addition to the tax credit, an employer or self-employed individual can defer payment of the employer share of Social Security tax and allows such payments to be made over two years with half due by the end of 2021 and other half due at the end of 2022. Additionally, the CARES Act expands the ability of businesses to offset operating losses and retroactively apply them to previous years (carry-back NOLs).

In addition, the CARES Act provides for tax credits for employers who pay the required enhanced leave for employees affected by COVID-19. Employers can receive tax credits for up to $511 per day per employee when they pay employees under sick leave. Much more information regarding paid leave can be found in Adam Gersh’s three part employer’s guide: Part 1 | Part 2 | Part 3.

The CARES Act requires the SBA to promulgate rules promptly that should provide some more details on the available funds, process, and administration of these loans. Interested borrowers should contact the SBA here.  Additionally, funds are available at the state and local level and will be the topic of another Flaster Greenberg post in the near future.

Finally, the CARES Act expanded the number of businesses that can seek Chapter 11 bankruptcy relief under the recently enacted Small Business Reorganization Act of 2019 (SBRA). For the next year, the SBRA is available to businesses that owe less than $7.5 million in total debt, which is nearly three times higher than the original SBRA limitation. The SBRA, like a more traditional chapter 11 bankruptcy, allows a debtor to reorganize its balance sheet with the intention of setting forth a bankruptcy plan that will allow the company to operate profitably in the future. The advantage of the SBRA is that it is designed to provide a streamlined process, reduce costs, and provider a quicker exit from bankruptcy as compared to the traditional Chapter 11 bankruptcy where its cost can be a significant barrier to entry. Although businesses rarely want to consider bankruptcy, it can prove to a significant step toward regaining solvency and emerging from this crisis.

If your company is one of the millions struggling with this disruption, it should consider whether it can utilize the funds available in order to meet the short-term liquidity crunch. As always, Flaster Greenberg’s attorneys are available to assist you and we are here to help your company through this difficult time. The next section contains important links that can provide assistance to businesses.

COVID-19 Resources

tancredi_damien_0082_f_web
Damien Nicholas Tancredi
 is a member of Flaster Greenberg’s Bankruptcy, Financial Restructuring and Risk Management Department focusing his practice on bankruptcy, specifically representing unsecured creditors and creditors’ committees, chapter 7 trustees and chapter 11 debtors. He also represents businesses in commercial litigation and corporate matters in Delaware, Philadelphia and South Jersey. He is admitted to practice law in Pennsylvania, Delaware and New Jersey as well as the United States District Court for the districts of Eastern Pennsylvania, Delaware, and New Jersey. He can be reached at damien.tancredi@flastergreenberg.com or 215.587.5675.

 

Ten Tips for Avoiding Litigation: Tip #4: Every Significant Business Transaction Should be Documented

Checklist document in laptop and working desk vector. Cartoon computer with checkmarks document or to do list with checkboxes, concept of survey. Online quiz or done test, feedback or workplace table

There is a nostalgic notion among traditional businesspersons that the best deals are sealed by a hand-shake (or an elbow in this COVID-19 world in which we live), and you don’t need fancy lawyers and contracts to be successful in the business world. That approach to reaching agreements seems to work well in John Wayne and Clint Eastwood movies, but it can lead to problems in the real world. Robert Frost famously said: “Good fences make good neighbors.” In the business world, good contracts make good deals.

So why should you insist on – and pay the expense of creating – written contracts to memorialize your significant agreements? Consider the myriad of psychological research studies, which show that memories fade with age and the passage of time and that, even under the best of circumstances, we tend to remember what we want to remember. The corollary to that rule is that different people will tend to remember different things, depending upon their varying interests. Next consider that, according to the natural order of the world, otherwise known as “Murphy’s Law,” if something can go wrong, chances are it will go wrong. Finally, consider what will happen when you and the other party to the deal have differing recollections about the terms of the deal but nothing in writing to confirm either party’s position.

For example, suppose you understood that your customer was going to pay shipping costs for the goods it purchased from your company. Your customer, to the contrary, is certain that shipping costs were included in the price it paid for the goods. Similarly, what if our customer thinks it is entitled to receive a 2% price discount if it pays your invoice within 20 business days of receipt. You recall discussion of a discount but swear the terms you agreed to required payment of the invoice within 10 days and a resultant 1% discount.

How will you resolve such disputes without a definitive written agreement that includes provisions for shipping, payment and price terms? To paraphrase Yogi Berra: If you don’t know where you are going, how will you know when you get there? More to the point, if you don’t have a contract, how will you know what the deal is?

Faced with such a disagreement about the terms of the deal, you will either negotiate a new deal to resolve the disputed issues, stop doing business with the other party, or end up in court. If you end up in court, without a written contract, it will be your word against your adversary’s. Unfortunately, that kind of litigation, which depends upon either a jury or judge deciding whose testimony is more credible – a so-called “credibility contest” — is one of the most expensive and unpredictable kinds of contract disputes to resolve. Moreover, even if you are fortunate to prevail in the litigation, you will most likely be responsible for your own attorney’s fees and costs, which could be enormous. Under the so-called “American Rule,” which is followed, with rare exception, by every state and federal court in this country, each side bears its own costs of litigation, regardless who wins. One exception to the American Rule occurs when the contract that is the subject of the litigation contains a “loser pays” provision. But, of course, without a written contract containing such a provision, you will be out of luck and will probably have to bear your own litigation costs.

One additional reason to insist upon a written contract to memorialize significant transactions is the good will it will buy you with your most valuable customers. The truth is that wasteful and unnecessary litigation is just as expensive, time consuming, and distracting for your customer as it is for you. Your adversary will be forced to eat its own attorney’s fees and litigation costs, just as you are, if the dispute ends up in litigation. Therefore, both parties will benefit from a well-drafted contract that resolves disagreements without the need to resort to litigation.

Finally, not every deal requires a full blown contract with all the bells and whistles, but even in those circumstances, there should be some written confirmation of the agreement. In many cases, a simple purchase order with pre-printed standard terms and conditions, sent by one party and accepted by the other, will suffice. Some simple deals will only require a confirming email or two back and forth to provide a record of the principal terms of the deal. With the convenience of electronic communications these days, there is no good excuse for not documenting every deal in writing!

Click here for Tip #1: Always Have a Strong Written Agreement to Govern Your Business
Click here for Tip #2: Avoid Doing Business with Members of your Family
Click here for Tip #3: Check Your Insurance Coverage Frequently to be Sure it Protects Your Business from Exposure and Risk

Phil Kirchner of Flaster Greenberg
Philip Kirchner is a member of Flaster Greenberg’s Litigation Department headquartered in Cherry Hill, NJ. He concentrates his practice on resolving business disputes, including complex litigation of all types of business issues in both the federal and state courts of New Jersey and Pennsylvania. He can be reached at 856.661.2268 or phil.kirchner@flastergreenberg.com.

 

What to Do When COVID-19 Impacts Your Alimony or Child Support

Word FAMILY LAW composed of wooden letters.

With the COVID-19 pandemic rattling our work, home, social, and personal lives at a rapidly-evolving pace, many families are dealing with unprecedented financial insecurity and uncertainty. This can be even more intimidating and confusing for divorced and separated families, where oftentimes there are court-ordered or contracted legal obligations that are challenged in the wake of these tumultuous financial times.

As a recipient of financial contributions incident to a divorce or dissolution, it can be daunting to worry about whether your ex-spouse or ex-partner will be able to continue to meet those obligations. Those obligations include things such as alimony, child support, or other monetary contributions to your family, such as payment towards college tuition or health insurance premiums. Unquestionably, folks rely upon those contributions in order to meet their needs and the needs of their family so it is understandable to want assurance that those contributions continue.

At the same time, an individual who is legally obligated to pay money to an ex-spouse or ex-partner may be experiencing a decline in their discretionary income as a direct result of the COVID-19 crisis. In both New Jersey and Pennsylvania, the governments have shut down or deeply curtailed almost all non-essential business practices, sidelining a large segment of the working class, through no fault of their own. Many individuals have taken pay cuts, are working reduced hours, have been forced to use PTO or sick time, or, in the worst case scenarios, have stopped working altogether, without pay. If this occurs, it can render it challenging, if not impossible, to satisfy all expenses in full and on time, including expenses like alimony or child support. Many folks find themselves faced with the difficult decision of choosing which bills to pay out of a limited supply of cash: Do I pay my mortgage in full, and slash my child support? Do I pay for health insurance, and skip my alimony? Should I stop paying anything to my ex until this is over? Can I just socially-distance myself entirely and hope this all goes away on its own?

These questions are valid, and there are equally compelling arguments on both sides as to how these issues should be addressed. Folks relying on the support of an ex-partner want (and need) to be paid, and folks obligated to provide support to an ex simply might not have the funds available.

If you find yourself on either side of this equation, it is important to address the situation early on before it spirals out of control. While rushing to initiate litigation might seem premature or perhaps not cost-effective, nonetheless you also don’t want to ignore the situation or engage in self-help mechanisms that do more harm than good. Below are some options for dealing with financial complications or disputes with your ex-spouse or ex-partner brought about by the COVID-19 crisis.

One good place to start is by opening the lines of communication with your ex-spouse or ex-partner. Transparency and honesty will go a long way towards understanding the situation from both sides. If you and your ex are able to reach an interim agreement about continued (but perhaps reduced) financial support on a short-term basis, you should contact an attorney who can codify that agreement into an appropriate legal document. This enables you and your ex to amicably reach an agreement without court intervention, which saves you both time and money, while also ensuring that your agreement is legally-enforceable should problems arise in the future.

If you and your ex-spouse or ex-partner are not in regular contact, have an acrimonious relationship, or simply cannot agree on a resolution, then it might be time to consult with an attorney. Your attorney can suggest interim financial arrangements that can be presented to your ex in the hopes of reaching an agreement. Sometimes all it takes is a little nudge from an attorney to compel both sides to put in the effort to achieve a resolution to emergent situations. If this is successful, then the agreement would be summarized in a legal document and made binding.

If all else fails and you and your ex-spouse or ex-partner cannot reach an agreement even with the assistance of attorneys, it might be necessary to seek court intervention. Despite the COVID-19 pandemic, most courts are attempting to operate as close to “normal” as possible, seeking to ensure that folks still have access to the judicial process as needed. The family courts are equipped to receive filings electronically and to schedule court appearances via telephone and video conferences.

In both New Jersey and Pennsylvania, there are laws that permit an individual to petition for a modification to their alimony or child support if that person’s financial circumstances have changed. A loss of income or cash flow due to COVID-19 could be viewed as a substantial, involuntary, and unforeseen change that would justify the court evaluating the situation to determine whether to provide appropriate relief. As the COVID-19 situation is unique as far as its widespread financial impact on New Jersey and Pennsylvania families, there is little precedential guidance to help us understand how the courts might respond to petitions regarding alimony and child support issues. However, below are some possible outcomes that might result from such litigation:

  1. The court could grant a temporary reduction to an obligor’s alimony and child support payments, with a mandatory re-evaluation to take place in 1-2 months, at which time the support figures could be increased back to their original amounts.
  2. The court could keep the alimony and child support at the same rate, but could suspend enforcement and collection efforts. Any deficiencies in payments would continue to accrue as “arrears” and the obligor would be required to pay back those arrears at a later date. Essentially, this would enable the obligor to pay less towards their obligations during the financial crisis while ensuring that the recipient of support is ultimately made whole at some point in the future.
  3. The court could look to alternative financial resources for both parties, examining each party’s respective access to alternate sources of cash. This could include exploration of lines of credit, loans against retirement assets, trust distributions, advances on inheritances, or relief to one or both parties under the Federal CARES Act. While every family’s situation will be unique, it is hoped that the courts will explore every option for getting folks through these tough times.

These are scary situations that are facing many people throughout our community right now, and it is completely understandable to worry about keeping your family financially secure while you also manage your family’s physical and emotional well-being, as well as your own. If you find that your legal rights or obligations pursuant to a divorce or dissolution have been negatively impacted by COVID-19, you should consult with an attorney today. Through diligence, advocacy, and creativity, it is possible to develop a plan that can help you and your family navigate these uncertain times with an emphasis on positive and fair results.

Know that you are not alone.

gambone_angie
As a shareholder and member of the firm’s Family Law Department, Angie Gambone concentrates her practice in the areas of complex family law, divorce and custody matters. She also focuses her practice on adoption, family formation and the family law needs of nontraditional and LGBT families. Angie can be reached at angie.gambone@flastergreenberg.com or 856.382.2217.

 

 

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

 

 

 

 

 

Business Interruption Insurance for COVID-19

Work InterruptionWith the government shutdown of businesses due to the COVID-19 virus, many business owners are wondering if there is insurance coverage for their revenue losses. As an insurance coverage lawyer who deals with these types of policies, here are some of my thoughts:

  1. Property policies vary widely in their language, and can be tailored to different kinds of businesses. For example, our firm’s policy is written on a form that is said to be tailored to lawyers. What is provided in one policy may not be provided in another.
  2. In order to obtain coverage under these policies, you normally need to show that the loss was due to “direct physical loss or damage” to the property. States construe that differently, but in New Jersey there are cases holding that as long as the insured is unable to use property because of a condition, there is direct physical loss or damage to the property even if there is no visible damage. In cases where a civil authority prohibits the business from being open, the argument may be strengthened. The question here is whether the virus makes the property in question unusable.
  3. Some, but not all property policies contain “virus” exclusions. Others may try to include this in the pollution exclusion, but in one version reviewed, those efforts may have rendered the policy language ambiguous and therefore ineffective. The New Jersey Legislature, and now the legislatures of other states, are considering whether to make these virus exclusions unenforceable. If enacted, the question would then be whether such laws would be constitutionally infirm for existing policies.
  4. If there is coverage for business interruption, it may be subject to sub-limits which in one sense favor the insurer, but also make it easier to establish coverage. If the insurer’s exposure is less, a court is more likely to side with an insured in a close case if there is a suit filed.
  5. There have already been suits filed concerning this issue. By no means is it clear that coverage will be afforded, but my suggestion generally is that, if in doubt, a claim should be made because unlike liability policies written on an occurrence basis, first party claims need to be filed promptly and procedures in the policy need to be timely followed.

Mitchell Kizner of Flaster Greenberg

Mitchell Kizner focuses his practice on environmental and insurance litigation. He represents clients in environmental, insurance and other commercial matters as part of his active litigation and commercial law practice. For more details on the legalities of Business Interruption Insurance, contact Mitchell or any member of Flaster Greenberg’s Insurance Coverage Practice Group.

 

 

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

%d bloggers like this: