Disinformation, Mob Mentality, And Federal Privacy Legislation

Will the disinformation that led to a mob surrounding the Capitol Building help drive federal privacy legislation?

Here’s why I think it will.

Disinformation

It is no secret that the internet is rife with information—some legitimate, and, inevitably, some not. In many ways, social media and the rise of new and emerging platforms on which to share information, contribute to the spread of disinformation. Disinformation is false information that is intended to mislead, unlike misinformation, which is false information that is spread, regardless of intent to mislead.

Disinformation can be damaging to both individuals and businesses because it can be difficult to discern the difference between evidence-backed information and disinformation. This very issue arguably resulted in thousands of people surrounding the Capitol Building on January 6, 2021 in Washington, D.C.

The Role of the Internet and Social Media

Though many platforms likely contributed to the widespread disinformation that led to a mob storming the Capitol Building, certain platforms have a significantly greater impact. For example, with more than two billion users worldwide, Facebook has unprecedented reach, and that reach has created a near-monopoly on certain types of information and the sharing of that information. For instance, small businesses often rely on Facebook to find customers. Content creators use Facebook to create visibility for their work. Software developers seek to attract customers on the platform. Media outlets use the platform to share news articles. The list goes on.  

Platforms like Facebook employ the details of personal profiles to gauge which content it believes a particular user will find enticing. Then, the platform will calibrate the user’s feed according to this process in an effort to maximize the amount of time that the user stays online. The result is that the information that appears in our feeds is informed, to at least some degree, by what our friends and network contacts post and consume. It is shaped, by a much larger degree, by the platforms’ algorithm.

This is precisely the point at which data privacy, personal autonomy, and democracy intersect.

The Problem and Ways to Avoid the Spread of Disinformation

Disinformation can harm businesses in a myriad of ways. Incorrect news, negative social media posts, and even overtly false consumer reviews can adversely impact a company’s bottom line.

Successful companies understand their markets, their customers, and their partners. They also need to understand how their brand is perceived by users of social media. This can be achieved by using in-house technology or hiring an outside firm. By doing so, companies can get advance warning of an individual’s or group’s efforts to spread disinformation about a given brand. To the extent a business participates in e-commerce and has a social media presence, the business should aim to establish verified accounts on major platforms and use them regularly to establish their markets.

Other tools businesses can use to avoid the spread of disinformation are: self-assessing, preparing for incident response, and communicating directly with their customers. In addition, data ethics should be incorporated into decision-making along with business motivation, technological practicality, and legal compliance.

How Federal Privacy Legislation Could Help

The federal government has no organization to regulate or help quell the spread of disinformation, and there is no one particular person within the government in charge of an overall disinformation policy. The United States needs a comprehensive approach to risk generated by data. Accordingly, any effective federal privacy regime must take into account the process of data throughout the whole lifecycle of data governance.

The business industry has plenty of reasons to support federal privacy legislation. For one, a single piece of comprehensive legislation reduces confusion surrounding compliance. Second, one law to rule them all would likely preempt many of the piecemeal legislative efforts of various states. Lastly, in the wake of the Schrems II decision, passing a commercial privacy law would help the atmosphere considerably as negotiations go forward with the European Union with regard to transborder data flows.

It is also worth noting that some of the largest markets in the world are moving toward comprehensive data protection laws, such as China, India, Brazil, and Canada. The adoption of a similar comprehensive law in the United States would solidify the United States’ position as a world leader in data privacy.

The goal of any federal privacy legislation should be to preserve the most beneficial aspects of social media platforms while simultaneously protecting individuals and businesses from the platforms’ more harmful impacts. Most pending federal legislation include the basics: data access, deletion rights, and portability. The next steps will be to incorporate protections against disinformation.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

How to Make Filing Your 2020 Returns Less Taxing

How to Make Filing Your 2020 Returns Less Taxing

Unquestionably, 2020 was a year full of unforeseen challenges. As much as we may want to put last year completely behind us, we need to file our 2020 tax returns before completely letting go. Although we speak about the challenges and frustrations of the past twelve months broadly, a few specific events will present unusual tax considerations for some Americans.

Taxation of Unemployment Compensation Income

More than 25 million Americans became unemployed during the pandemic and relied on unemployment benefits. Unemployment benefits are includable in gross income and, therefore, are subject to tax. This may come as a surprise, especially to the thousands of Americans who applied for unemployment benefits for the first time this year. Withholding tax from one’s unemployment income is voluntary through the completion of a form referred to as a W-4V and submission to the agency paying the benefits. If their withholding amount is too low to cover their tax liability or if they did not authorize withholding, taxpayers can make quarterly estimated tax payments. Given the economic instability and uncertainty we are experiencing, many taxpayers relying on unemployment benefits are unlikely to have the financial wherewithal to withhold any portion of that income. Even worse, they may have no means available to pay the tax when due. If they were unaware of the tax impact when receiving unemployment benefits, they should be prepared for the unexpected tax now.

Home Offices

On the flip side of the employment coin, another tax quirk created by the COVID-19 pandemic comes in the form of working from home. Many taxpayers spent time working from home last year (and some of us still are!). Had this pandemic occurred before the 2017 enactment of the Tax Cuts and Jobs Act (“TCJA”), millions of Americans would be eligible for a deduction for expenses incurred creating and operating a home office. However, the TCJA limited deductions for home office expenses to those who are self-employed and whose home office areas are a “room or separately identifiable space” used “regularly and exclusively” for work. Thus those of us who have properly designated home offices as a result of the pandemic that might otherwise qualify, but receive W-2s as employees are ineligible for such deductions.

CARES Act

Similarly, many Americans received government aid in the form of stimulus checks through the CARES Act. These payments are tax-free and are not required to be included in gross income on one’s federal tax return. Rather, they are treated as advances of 2020 tax credits and must be reflected that way on our 2020 tax returns. Some tax professionals anticipate many taxpayers will have discarded or misplaced documentation related to those distributions, which, in turn, increases the likelihood that returns will be inaccurate, which may delay refunds. Additionally, some tax professionals have recommended that the IRS setting up an online portal for taxpayers to look up the exact amounts they received in government aid under the CARES Act to ensure their 1040s are accurate, but no such portal has been created as of the writing of this post. Thus, it is important for taxpayers to locate and organize their documentation relating to any stimulus check payments.

PPP Income

On top of these challenges presented to individuals filing their 2021 tax returns, some businesses face the uncertainty of whether business expenses paid for with loans received from the Paycheck Protection Program (PPP) will be wholly or partially deductible on their 2020 returns.  Under the PPP, certain small businesses whose operations were directly impacted by the COVID-19 pandemic were able to secure loans to fund specified expenses, including eligible payroll costs, payments on business mortgage interest payments, rent and utilities during a period of 8 or 24 weeks after disbursement. Borrowers may apply for forgiveness of these loans within 10 months of their issuance, to the extent they are used for these purposes in the year the expenses are incurred. It was unclear under the original CARES Act whether the expenses paid with the forgiven loan proceeds would be deductible. In December 2020, Congress passed the Consolidated Appropriations Act, which finally clarified that business expenses paid with forgiven PPP loans are, in fact, tax deductible. This act supersedes prior guidance from the IRS, issued as recently as November 2020. While this came as a welcomed holiday gift to many, there may be S corporation shareholders and partners in partnerships with a lump of coal thrown in; the benefit may be somewhat less timely than anticipated given the quirks of pass-through entity taxation, effectively deferring the tax benefit another year. 


Carefulness has always been key when completing a tax return, but even more so when filing returns for tax year 2020. Any taxpayer who received a stimulus check should start looking for that piece of paper now — tax time will be here before you know it! As the COVID-19 pandemic persists while we await widespread distribution of the vaccine, the IRS has emphasized the need for taxpayers to complete their tax returns from the safety of home, and provides a number of services to assist taxpayers in doing so.  If you encounter any legal issues regarding your taxes, Flaster Greenberg can help; give us a call.

For more information on any of the information contained in this post, contact Kelly Barry or any member of Flaster Greenberg’s Taxation Practice Group

Kelly Barry is a member of the firm’s Business and Corporate Department and Taxation Practice Group assisting clients in a wide range of corporate matters, including those involving transactional law, tax, and trusts and estates.  She can be reached at kelly.barry@flastergreenberg.com or 856.382.3305.

Is Your Click Through Agreement in Compliance with New Jersey State Law?

Click Through Agreement Compliance in New Jersey

We have all done it. Clicked or checked the “I agree” box and agreed to terms, conditions or waivers just to get on the slopes, complete an online purchase or register our kids for sports or some other activity.  Most people secretly think, “This can’t be legal anyway.”  Well, in the words of Billy Joel, “You may be right.” However, in states like New Jersey, you may be wrong!  Now, more than ever, businesses are streamlining their processes by relying more and more on electronic waivers and agreements, especially as a result of the COVID-19 pandemic.  Business owners view online agreements and waivers as a quick method of completing the sale. However, business owners need to be mindful that these agreements could be loaded with possible pitfalls if they are not in compliance with state law. 

If a click through agreement was to be disputed by a consumer, how would this play out in New Jersey court?

Enforceability comes down to how easily the terms can be viewed and agreed upon by the user.  To dispense with the popular argument, the user (or consumer) cannot be relieved of their contractual obligations in New Jersey by arguing that they did not read the agreement before clicking “I agree” or affirming the terms. It’s a long standing principal in the Garden State that one cannot be relieved of their contractual obligations because they did not read the contract.

“Click the box” agreements and terms are not per se unenforceable in New Jersey because they are presented to a party in electronic form. The court will first consider the substance of the term at issue and the policy reasons in support of its enforcement. If the term at issue passes the first test, the court will then consider the mode of presentation of the term or how easily is it accessed and viewed by the user. It’s here that online terms and agreements run into trouble.

In order for terms of agreement to be valid in New Jersey, the term must be fairly presented and not submerged or concealed in a way that makes it difficult to find or access.  For example, while clickwrap agreements or hyperlinks are also not per se unenforceable in New Jersey, a business will most certainly run into trouble if they start burying key terms in secondary agreements that the user must click on to view.  Lastly, if a party tries to argue that “He made me an offer I could not refuse”, a.k.a. the adhesion contract argument, the court will likely uphold the term provided the above conditions are met. 

To sum up, the language of each term of your electronic agreement must comply with New Jersey law and must be easily accessible to the user. To the furthest extent, avoid requiring the users to click on multiple agreements and links to complete the process.  When in doubt, contact corporate attorney Chris Chiacchio, or any member of Flaster Greenberg’s Business and Corporate Department, to review your electronic agreements and waivers.

Chris Chiacchio is a shareholder in Flaster Greenberg’s Corporate Department. He provides small to midsized companies with guidance with their day to day operations, contract negotiations, and mergers and acquisitions. He can be reached at christopher.chiacchio@flastergreenberg.com or 856.382.2207.

Having A Will Is Important – Just Ask Chadwick Boseman’s Family

On August 28, 2020, the world mourned the loss of movie star Chadwick Boseman, who passed at the age of 43.  Known for his portrayals of iconic characters in films such as 42, Marshall, and Black Panther, Boseman quietly fought pancreatic cancer for four years before his untimely death.  Given Boseman’s stardom, it was surprising to learn that he did not have a Last Will and Testament in place, causing the late actor’s wife, Simone Ledmond, to petition the probate court in Los Angeles County to be named administrator of his estate last month.  According to court documents, Boseman’s probate estate has an estimated value of $939,000, which likely does not encompass the entirety of his wealth.  His non-probate assets, which include assets such as life insurance, 401ks, and other retirement accounts, would not be included in that estimate.

While it may seem shocking that such an accomplished actor (with a terminal illness, no less) would decline to create a Will and other end-of-life documents, Boseman was not alone.  Numerous other celebrities and public figures, including Aretha Franklin, Prince, and former Chief Justice of the United States Supreme Court Warren Burger, died without properly memorializing how they wanted their estates distributed.

What can we learn from this tragic situation?  In short, it is important to prepare documents that contemplate end-of-life and incapacity, including Wills, Testamentary Trusts, and Powers of Attorney.  Doing so ensures that your family and friends can respect your final wishes, which may bring them comfort and assurance while they are in mourning.  As the COVID-19 pandemic continues to ravage the country, creating a Will is more important than ever.  Otherwise, your home state’s intestacy laws will determine the distribution of your estate, which may be as forgiving as Killmonger in Black Panther movie (which is to say, not at all!)

How would Boseman’s death without a Will play out in New Jersey?  Boseman is survived by his wife, two living parents and no children.  If Boseman resided in New Jersey at his death, under New Jersey law, his spouse would be entitled to only the first 25% of his intestate estate (but not less than $50,000 nor more than $200,000), plus 3/4 of the remaining estate.  Further, under New Jersey law, Boseman’s parents would be entitled to the final ¼ of the estate.  Assuming the probate estate is actually valued at $939,000, Boseman’s spouse would be entitled to $200,000 plus ¾ of $739,000, which is $554,250 (totaling $754,250).  His parents would receive the remaining $184,750.  This accounting does not take into consideration court fees, legal fees, or other charges that would decrease the value of the probate estate.

Could Boseman have desired this result or the comparable result under California’s intestacy laws, where he resided?  Possibly.  However, we will never know his intent and that lack of knowledge leaves his grieving family vulnerable to probate challenges from relatives, friends, or others who may be involved.  You do not need a movie star’s net worth to make an end-of-life plan; it is worthwhile regardless of the dollar value of your assets. 

Kelly Barry of Flaster Greenberg

Questions? Let Kelly know.

Kelly Barry is a member of the firm’s Business and Corporate Department and Taxation Practice Group assisting clients in a wide range of corporate matters, including those involving transactional law, tax, and trusts and estates.  Kelly earned her J.D. from Villanova University Charles Widger School of Law and her B.A. in Political Science with a minor in Management, cum laude, from The Catholic University of America.

Insurance Recovery Best Practices After a Natural Disaster: Checklist for Policyholders

Gather all applicable insurance policies.

  • Often a single loss can trigger coverage under multiple insurance policies.
  • Examine each loss through the prism of each policy to determine the potential for coverage.

Review each applicable insurance policy’s terms and conditions, including:

  • Notice requirements. Insurance policies typically require prompt notice of a loss or notice within a specified time period. 
  • Proof of Loss requirements. A Proof of Loss form is typically furnished by an insurance company and must be completed by an insured and submitted within the time limits set forth in the policy. The form requires the insured to set forth the amounts being claimed under the policy, among other things. Some policies require the submission of this information automatically (even if a Proof of Loss form is not furnished by the insurance company).
  • Coverages, Limits, Sub-limits, and Deductibles. Commercial property policies typically provide coverage for property damage to buildings and contents/business personal property, Business Income loss, Extra Expense, among other things. To the extent possible, losses should be categorized within these coverage “buckets” when they are submitted to the insurance company. Consider consulting professionals, including a forensic accountant to assist you in quantifying and categorizing losses.

Provide prompt notice.

  • It is an obligation, and it triggers the insurer’s duty to investigate and pay or deny.
  • Failure to provide timely notice could result in the forfeiture of insurance. 

Appoint a “Clerk of the Claim” to maintain a chronological record of all events pertinent to the claim (a “Claim Log”), including:

  • the date notice was provided;
  • the date and description of all mitigation efforts;
  • the date and description of all communications and events pertinent to the loss; (such as communications with insurance company adjusters), inspection dates and details (who inspected, what they inspected, when, and for how long); 
  • any admissions made by insurance company representatives.

Document the loss through photographs, documents and witness interviews. 

Mitigate. Insurance policies typically require the insured to protect property from further damage.

Seek assistance when needed. An insurance recovery attorney can help you navigate the claim process from the outset, so you can maximize recovery under your insurance policies. For more information on the contents of this alert, please contact Lee Epstein, Meghan Moore or any member of our Insurance Recovery Practice Group.

Click here for a printable one-page PDF version of this checklist

Insurance Recovery Best Practices After a Natural Disaster

Cybersecurity & Data Privacy Updates, Part II

From California to New York, data privacy laws and enforcement actions are ramping up. Check out some highlights below.

1. New York State Department of Financial Services launched its first enforcement action in July 2020.

As U.S. companies focus on CCPA enforcement, they should not ignore other state laws and accompanying regulations. The New York Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies (“DFS’s Cybersecurity Regulation”) first took effect on March 1, 2017.

Recently, cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data.  In an effort to combat such exploitation, this regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a vigorous way. Senior management are encouraged to take this issue seriously. They must ensure that someone is responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations. A regulated entity’s cybersecurity program must ensure the safety and soundness of the institution and protect its customers.

On July 22, 2020, the New York Department of Financial Services announced cybersecurity charges against First American Title Insurance Company for exposing millions of documents with consumers’ nonpublic personal information over the course of several years, including bank account numbers, mortgage and tax records, Social Security Numbers, wire transaction receipts, and drivers’ license images.

This marks the first cybersecurity enforcement action filed by the Department. The hearing will take place at the office of the New York State Department of Financial Services beginning on October 26, 2020.

2. What is The California Privacy Rights Act of 2020—“CCPA 2.0?”

If you’re thinking, “Wait! Didn’t the California Consumer Privacy Act (“CCPA”) just go into effect?” You’re right. The CCPA took effect on January 1 of this year, and enforcement actions began on July 1. Already, a privacy advocacy group, California for Consumer Privacy, collected 900,000 signatures to place the California Privacy Rights Act (“CPRA”) on the November 2020 ballot. According to several news sources, current polling suggests that the bill will pass.

The CPRA seeks to, among other things, establish the California Privacy Protection Agency (“CPPA”), a new privacy enforcement authority, similar to the Data Protection Authority put in place in the European Union by the General Data Protection Regulation (“GDPR”). This Agency will be empowered to fine transgressors, hold hearings about privacy violations, and clarify privacy guidelines.

In addition, the law would establish a new category of sensitive personal information, including Social Security numbers, precise geolocation data, biometric or health information, and more. It would also give consumers greater power to restrict the use of such data. The law would also add email addresses and passwords to the list of items covered by the “negligent data breach” section to help curb identity theft.

3. The Connecticut Insurance Data Security Law goes into effect on October 1, 2020.

The Act establishes standards applicable to licensees of the Connecticut Insurance Department for data security, the investigation of a cybersecurity event, and notification to the Department of such event. In preparation for this law to take effect, Connecticut’s Insurance Department issued a Bulletin on July 20, 2020 to all licensees of the Department.

Licensed insurance companies, and any other companies otherwise authorized to operate pursuant to the insurance laws of Connecticut, should be aware of and follow the guidelines laid out in the Bulletin.

The attorneys at Flaster Greenberg are following developments related to the COVID-19 Pandemic and formed a response team and to work with businesses to keep them up-to-date on developments that impact their business. If you have any questions on the information contained in this blog post, please feel free to reach out to Donna UrbanKrishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups. 

COVID-19 RESOURCE PAGE

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource page on our website. Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business.

Cybersecurity & Data Privacy Updates

cybersecurity and data privacy updates

There is a lot going on in the world right now—and the world of data privacy is no exception.

Here is a snapshot of what’s on our radar:

1. Senators Jeff Merkley and Bernie Sanders introduced the National Biometric Information Privacy Act of 2020 on Tuesday, August 4, 2020.

This legislation would, among other things, prohibit private companies from collecting biometric data—including eye scans, voiceprints, faceprints, and fingerprints—without consumers’ and employees’ consent, or profiting from this data. This introduction comes amid growing concerns over the prevalence of biometric data collection among private companies, including the use of facial recognition technology.

This legislation limits the ability of companies to collect, buy, sell, lease, trade, or retain individuals’ biometric information without specific written consent, and requires private companies to disclose to any inquiring individual the information the company has collected about that individual. Importantly, this bill would allow individuals and State Attorneys General to bring lawsuits against companies that fail to comply.

2. Several United States Senators have urged Congress to include the privacy protections contained in the Public Health Emergency Act into any new stimulus package.

On July 28, 2020, several U.S. senators drafted a letter addressed to senate leaders urging them to include the privacy protections contained in the Public Health Emergency Privacy Act in any forthcoming stimulus package.

The senators emphasized the need for commonsense privacy protections for COVID data because “public trust in COVID screening tools will be essential to ensuring meaningful participation in such efforts.” Research shows that many Americans are hesitant to adopt COVID screening and tracing apps due to privacy concerns; therefore, the lack of health privacy protections could significantly undermine efforts to contain this virus and safely reopen—“particularly with many screening tools requiring a critical mass in order to provide meaningful benefits.”

As the drafters point out, “health data is among the most sensitive data imaginable and even before this health emergency, there has been increasing bipartisan concern with gaps in our nation’s privacy laws.” The drafters believe these common-sense protections are critical in quelling the spread of COVID-19 while at the same time protecting sensitive health and geolocation information.

We will continue to track this legislation and provide updates as they become available.

3. Schrems II invalidated the EU-US Privacy Shield.

On July 16, 2020, the Court of Justice of the European Union issued a decision in Data Protection Commission v. Facebook Ireland, Schrems. The decision, known as Schrems II, invalidated the European Commission’s adequacy decision for the European Union-United States (EU-US) Privacy Shield framework, which is critical for more than 5,000 United States based companies that conduct trans-Atlantic trade in compliance with EU data protection rules.

The Court found the European Commission’s adequacy determination for the Privacy Shield invalid for two primary reasons: (i) the US surveillance programs, which the commission addressed in its previously-issued Privacy Shield decision, are not limited to what is strictly necessary and proportional as required by EU law; and (ii) with regard to US surveillance, EU data subjects lack actionable judicial redress and, therefore, do not have a right to an effective remedy in the US, as required by the EU Charter.

The Schrems II decision requires both data importers and data exporters to be reasonably certain that they can comply with their obligations in the Standard Contractual Clauses. Where they cannot comply, importers and exporters should likely stop transferring data, forcing some companies into data localization. Schrems II addresses a long-running series of issues regarding the appropriate role of surveillance in our society and its inevitable clash with privacy.

This decision also influences data flows across nations. Some data privacy professionals believe that we are moving away from global data flows and moving towards more fragmented data flows. This shift could have a particularly significant impact on e-commerce. For more, see the Court of Justice of the European Union’s Press Release on this decision.

The attorneys at Flaster Greenberg are following developments related to the COVID-19 Pandemic and formed a response team and to work with businesses to keep them up-to-date on developments that impact their business. If you have any questions on the information contained in this blog post, please feel free to reach out to Donna Urban, Krishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups. 

COVID-19 RESOURCE PAGE

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource page on our website. Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business.

 

More Tips On Protecting Your Virtual Meetings to Avoid a Cybersecurity Breach: An Update

top view photo of girl watching through imac

Photo by Julia M Cameron on Pexels.com

At this point, many of us are well into our fourth or fifth week of quarantine due to the outbreak of COVID-19. Even for those of us who are fortunate enough to be able to work remotely from our homes, this comes with certain challenges, including potential security issues with virtual conferencing. In our first installment about virtual meetings, and their unintended vulnerabilities, we provided some guidance on how you and your staff might implement certain strategies to keep your virtual conferences as safe as possible from hackers and trolls. In this new installment, we will provide further guidance on staying safe amidst emerging privacy and security concerns associated with virtual meeting platforms.

Zoom Announces Updates to its Data Privacy and Security Measures

On April 1, 2020, the Chief Operating Officer of Zoom, Eric Yuan, announced certain changes that Zoom is making to enhance its virtual meeting spaces. On April 14th, the Chief Product Officer of Zoom, Oded Gal, provided clarification on those enhancements to those of us who are using Zoom during quarantine.

  • Have a plan and be prepared for interference in your virtual meetings. Zoom has encouraged its users to have a plan in place for their virtual meetings and to be prepared should any unwanted interference arise. This includes ensuring that the application has been updated to include the latest security features, co-hosting meetings whenever possible, and utilizing preexisting and new security tools built into the application. To check for updates to the app, click on the main menu, then click on “Check for Updates,” and then “Begin Upgrade” if any new updates are available. We recommend doing this every week or so to ensure that you and your staff are up to speed on all available cybersecurity protections.
  • Co-host and record your virtual meetings whenever possible. A meeting creator can choose to co-host a meeting while creating the meeting invitation or in the actual Zoom meeting itself. A co-host can monitor the virtual waiting room or assist with any disruptions. Furthermore, record your Zoom meetings whenever possible because recording meetings creates a forensic trail of the meetings, as well as any bad actors that interfere with them, as soon as the meetings begin. The more data that virtual meeting platforms are able to collect about bad actors, the better able they are to stop the threat of further disruption.
  • Zoom has increased access to its security features. Zoom has made its pre-existing security features easier to find. A “Security” button has been added to the bottom banner of virtual meetings and is now easily accessible to meeting hosts. By clicking on this new security feature, meeting hosts are able to enable a waiting room or lock the meeting. Moreover, a meeting host can also remove a participant from a virtual meeting. Once that participant has been removed, he or she cannot reenter the meeting, even if using a different username. This is because as a part of Zoom’s new security rollouts, Zoom has started to collect IP addresses, among other data, to be able to better respond to security threats. While removing a participant from a meeting will only remove the participant from that particular meeting, you have other tools available to permanently block that user.

For example, right now Zoom recommends recording your meetings whenever practicable to ensure a forensic trail is created, as stated above. In addition, Zoom recommends taking a screenshot whenever a bad actor enters your virtual meeting. Then, you can report this intruder on Zoom’s website. And starting this coming weekend, Zoom will be releasing a new security feature built into the app, which will allow users to send a report to Zoom right from the security button should any unwanted interference arise.

Other Noteworthy Developments

Zoom announced that as of April 1, 2020, it would freeze all future product development except for data privacy and security updates for the following 90 days. Moreover, beginning April 18, 2020, every paid Zoom customer will be able to customize which data center regions their account can use for its real-time meeting traffic. By default, however, there will be no connection to any data centers in China beginning April 18, 2020 for all users. Additionally, users with an “.edu” registered email address are automatically given the highest level of security in their meetings, and this will continue. Zoom has begun to address user demands for a “kid-friendly” interface, but it has not yet launched any such interface.

Other virtual meeting platforms, such as GoToMeeting, have also enacted enhanced security protections in their respective applications. For example, GoToMeeting gathers cyber threat intel through partnerships including external intelligence communities, personal and professional sharing groups, and its own internal research to collect Indicators of Compromise or IoC data. IoC can include forensic data such as IP addresses, domains, hashes, and pulls them into its threat intelligence platform to reduce the risk of cyber threats.

Still though, platforms like Zoom and GoToMeeting urge users to utilize additional security measures as outlined in our previous blog post, and above, to provide the greatest level of privacy and data security for your virtual meetings.

Updates on Regulatory Guidance

On April 8th, Senator Edward Markey, whose priorities include telecommunications, technology, and privacy policy, urged the Federal Trade Commission (FTC) to publish industry cybersecurity guidelines “for companies that provide online conferencing services, as well as best practices for users that will help protect online safety and privacy during this pandemic and beyond.”

In Senator Markey’s letter, he urges that the guidance cover, at a minimum, the following topics:

  • Implementing secure authentication and other safeguards against unauthorized access;
  • Enacting limits on data collection and recording;
  • Employing encryption and other security protocols for securing data; and
  • Providing clear and conspicuous privacy policies for users.

Senator Markey also requests that the FTC develop best practices for online conferencing users, so that they can make informed, safe decisions when choosing and using these platforms. He requests that these best practices cover at least the following topics:

  • Identifying and preventing cyber threats such as phishing and malware;
  • Sharing links to online meetings without compromising security;
  • Restricting access to meetings via software settings; and
  • Recognizing that different versions of a company’s service may provide varying levels of privacy protection.

To date, the FTC has not published new guidelines.

Remember to have a plan and be prepared. Stay safe, everyone!

If you have any questions, please feel free to reach out to Donna UrbanKrishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups.  

Donna T. Urban is a member of Flaster Greenberg’s Commercial Litigation and Environmental Law Departments concentrating her practice in telecommunications law, environmental regulation and litigation, and privacy and data security. She is a seasoned litigator, and for more than 20 years has successfully represented business clients in contract disputes, regulatory matters, and complex negotiations. She can be reached at donna.urban@flastergreenberg.com or 856.661.2285.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

  

Ten Tips for Avoiding Litigation: Tip #5 – Treat Your Employees Fairly and Consistently

Business teamwork and global finance blue background

The lifeblood of every business – big, small or in-between – is its employees, aptly called its human resources or human capital. A company can have the most innovative product or service idea in the world, along with a recognized market and an excellent strategy for capitalizing on it, but, without the right people to implement the idea and the right managers to train, supervise, and motivate that staff, the idea is likely to fail. That is why your employees are your most valuable resource. At the same time, however, employees are also frequent sources of litigation for businesses, including claims for wrongful discharge, discrimination, harassment, hostile work environment, failure to accommodate a disability, wage and hour violations, failure to properly pay overtime, breach of non-compete agreements, and theft of company trade secrets, to name just a few.

Employees are much more challenging to manage than any other resource your company uses to conduct its business. Your inventory, for example, is, for the most part, fungible. If one source dries up or becomes prohibitively expensive, chances are you will be able to find a replacement source. Similarly, your equipment is generally easily repairable or replaceable if something breaks. Not so with your employees. They require training, motivation, and incentives. They take sick days, personal days, and holidays. They go on vacation, care for sick or disabled family members, and sometimes they do not get along or work well with each other. And they sue their employers with increasing frequency.

In addition, studies show that the replacement of just one key employee can cost your business hundreds of thousands of dollars. Think about the down time and lost productivity associated with the departure of the former employee, internal and external recruitment costs to find a replacement, costs of training and orienting the new employee, and the down time and lost productivity involved in getting the new employee up to speed. These are just a few of the costs associated with losing an employee.

In short, you have invested a huge amount of your company’s resources in your employees. Doesn’t it make sense that you should protect that investment by implementing policies to keep your employees productive, motivated, safe, healthy a relatively happy? Here are some things you can try to help accomplish that goal.

First, always treat your employees respectfully, honestly, and fairly. This suggestion might sound obvious, and it is, but it is also frequently forgotten or ignored in the normal stress of the business world. It might also sound inconsequential, but it might just be the key to reducing claims against the company by its employees. Every employee wants to feel like his or her work is valued and essential for the success of the business. Finding ways to recognize and honor all your employees’ contributions will pay significant dividends. Even simple gestures will reap rewards in areas like better employee morale and increased productivity among your staff.

Second, don’t BS your employees. They know what is going on in the world and how outside events affect the company. They also know far more than you think about changes the company is considering, especially changes that could affect them negatively. Silence and secrecy may be necessary, but outright lying to employees is never a good idea. It is guaranteed to produce a cynical, untrusting, and equally secretive staff.

Third, have clear, well-defined company policies to let employees know what behavior you expect from them, what behavior you will not be tolerate, and the consequences of engaging in that behavior. These policies should be memorialized in a written employee manual or, even better, easily accessible to employees on the company website. You should hire an experienced employment lawyer, who is knowledgeable about the current state of constantly changing employment laws in your jurisdiction, to draft your employee manual. The manual should also contain procedures for addressing problems when they arise, and for reporting violations. Whom do you call when X happens? To whom do you report violations of Y policy?

Fourth and finally, once you have those company policies in place, enforce them as consistently as possible. One of the most difficult management tasks is balancing the goal of fairness and consistency versus the desire to be flexible and treat people as individuals rather than as interchangeable parts. Rigid, unthinking, and blind adherence to rules can not only damage employee morale by stifling creativity and employee innovation, but also lead to unsatisfactory and inappropriate results. On the other hand, any perception by your employees that you are showing inconsistency or, even worse, favoritism in your enforcement of certain policies can lead to divisiveness and be equally damaging to employee morale. Inconsistently enforced rules are, in some ways, worse than no rules at all.

The safest, but perhaps most difficult path to follow, is to treat rules as sacrosanct except in unusual and rare cases that require special empathy and flexibility. If you conclude that a large number of your employee could qualify for the same exception if they were to ask for it, then you should either deny the request for an exception or consider scrapping the rule. Before making any exception to a policy or rule, consider the potential consequences down the road. What will you do the next time someone else asks for the same exception, particularly if that person is someone you do not particularly like? Reward your best employees with raises, promotions, stock options, and the like, not with exceptions to company policies. The former will motivate your good employees to try to be better; the latter will make them cynical about following company rules.

There are other ways to enhance and retain your human resources, such as training your managers to know and follow the applicable federal, state, and local employment laws,  and minimizing the use and severity of non-competition agreements. I will cover these topics in future installments of this blog, so stay tuned!

Click here for Tip #1: Always Have a Strong Written Agreement to Govern Your Business
Click here for Tip #2: Avoid Doing Business with Members of your Family
Click here for Tip #3: Check Your Insurance Coverage Frequently to be Sure it Protects Your Business from Exposure and Risk
Click here for Tip #4: Every Significant Business Transaction Should Be Documented

Phil Kirchner of Flaster Greenberg
Philip Kirchner is a member of Flaster Greenberg’s Litigation Department headquartered in Cherry Hill, NJ. He concentrates his practice on resolving business disputes, including complex litigation of all types of business issues in both the federal and state courts of New Jersey and Pennsylvania. He can be reached at 856.661.2268 or phil.kirchner@flastergreenberg.com.

 

 

Tips On Protecting Your Virtual Meetings To Avoid A Cyber Security Breach

Computer Hacker

Virtual Meetings, and their Unintended Vulnerabilities

Advanced technology and the availability of online video and teleconferencing software has certainly helped ease the transition to working remotely for many businesses, schools, health care providers, and even the Courts. However, these virtual meeting platforms, while increasingly popular and essential especially during the COVID-19 pandemic, are not always completely secure.

Over the past few days, you may have seen the term “Zoom-Bombing” circulating around the news. This term refers to nefarious actors, or trolls, on the web hijacking Zoom and other virtual meetings to display a variety of disruptive, and often disturbing, behavior. This computer hacking creates serious privacy concerns as it exposes confidential and sensitive material, such as medical information, financial data, trade secrets, and other proprietary information, to these intruders and other third parties.

Protect Your Meetings from Uninvited Guests

We suggest taking the following steps to help keep your virtual meetings closed to intruders:

  • Create a random or randomly-generated meeting number for each meeting. Zoom, and other virtual meeting platforms such as GoToMeeting or Skype for Business, allow for a standing meeting number but reports have indicated that such standing meeting numbers are being sold on the dark web. In at least one instance, stolen account information such as email addresses, passwords, meeting identifications, type of account, host keys, and names were actively being sold or posted to the dark web. In other instances, sensitive information from virtual meetings was discoverable through a search engine on the open web. Even a United States healthcare provider, seven educational institutions, and one small business were targeted in such virtual meeting cyberattacks.
  • Ensure that each meeting is password-protected. For example, Zoom can automatically create a password and does with each new meeting. In the alternative, when creating the invitation, the meeting creator can assign a password in the invitation. The password will then be included in the meeting invitation that is sent out to the attendees.
  • Lock virtual meetings once they’re in session. Some virtual platforms allow for meeting creators to lock their meetings once they’re in session. To prevent unexpected attendees from joining a current session, lock your meeting or enable a virtual waiting room. You’ll be notified when an attendee attempts to join and can easily connect all waiting attendees to the meeting by unlocking.

These precautions should help keep your virtual meetings free from any unwanted “Zoom-Bombers.”

Further Guidance

To further address these emerging privacy concerns, on April 8th, Senator Edward Markey, whose priorities include telecommunications, technology, and privacy policy, urged the Federal Trade Commission to publish industry cybersecurity guidelines for online conference providers for protecting consumers’ privacy.

If you have any questions, please feel free to reach out to Donna Urban, Krishna Jani, or any member of Flaster Greenberg’s Telecommunications or Privacy & Data Security Groups.  

Donna T. Urban is a member of Flaster Greenberg’s Commercial Litigation and Environmental Law Departments concentrating her practice in telecommunications law, environmental regulation and litigation, and privacy and data security. She is a seasoned litigator, and for more than 20 years has successfully represented business clients in contract disputes, regulatory matters, and complex negotiations. She can be reached at donna.urban@flastergreenberg.com or 856.661.2285.

Krishna A. Jani is a member of Flaster Greenberg’s Litigation Department focusing her practice on complex commercial litigation. She is also a member of the firm’s cybersecurity and data privacy law practice groups. She can be reached at 215.279.9907 or krishna.jani@flastergreenberg.com.

To serve as a central repository of information and contributions from Flaster Greenberg attorneys on legal developments during the COVID-19 crisis, we have launched a COVID-19 Resource Page on our website.  Feel free to check back frequently for Flaster Greenberg’s ongoing analyses of important legal updates that may affect you or your business. 

 

 

<span>%d</span> bloggers like this: