Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.
Our privacy rights constantly tumble in flux as technology continues to outpace practical legislation concerning data collection and use. Aggregated Information used to, for example, study trends is not the primary issue. Rather, information that contains something an unrelated person can use to identify who it came from is. If I visit a website that tracks details of my visit, I do not expect the website to sell information that alone would allow the buyer to personally identify me without my knowledge or permission. Personal information comes in many forms, but heightened attention is focused on current issues around biometrics.
Biometric identifiers are things like your fingerprint, voiceprint, facial geometry, or iris scan. Biometric information is the information that contains your biometric identifiers. They are unique personal identifiers. Think facial recognition capabilities of Facebook or Shutterfly when people upload photos. This same capability landed both companies in recent litigation for violating an Illinois biometrics privacy law.
With increasing availability of ways to obtain and verify consumer information (say going from gathering my date of birth to gathering my fingerprint or other biometric identifier), companies can implement advanced analytics to recognize and monitor consumers whose information they obtain. Problem is, the more unique my personal information, the more valuable it becomes to me. My finger print is one of the most unique identifiers I possess. My birthday, like everyone else’s in the world, is only one of 365 options. Of course I already know a person who obtains my information, regardless of fault, can cause me harm. To gauge the degree of risk when I share my information, I think of a chart where the more unique my personal information, the more severe the potential harm. People who wrongly access my information can create problems like identity theft, but depending on the information type they may even be able to use it to track my activities and physical location.
Although government’s use of biometrics is not new, prevalence of affordable, accurate applications that businesses can use to gather and analyze the data has gained increasing traction. Now, it is a matter of determining to what extent private sector actors will be obligated to disclose their intentions to consumers to allow for informed consumer consent prior to gathering or using biometric information.
That brings us back to the recent issues Facebook faced in Illinois for violating the state’s 2008 Biometric Information Privacy Act (BIPA) which prohibits collection, use and sale of biometric identifiers absent proper informed consent. Illinois residents filed suit against Facebook for violations of BIPA that have yet to be fully decided. The California courts first had to decide regarding unrelated legal matters like jurisdiction, forum selection and other procedural items. The court decided BIPA applies, but it is still unanswered as to whether Facebook (1) properly informed consumers about the specific use, storage and collection of their biometric data, (2) obtained signed releases from consumers to conduct activities with their biometric data, or (3) sold, traded or disseminated to consumer’s data for profit.
The case against Facebook is just one example of challenges to companies’ over their use of consumer information. As consumers we ideally should own our information, and control how it is used, but the Illinois case shows how the legal framework surrounding ownership, collection, use, and sale specifically of biometric information remains unclear at best.
The difference with Facebook’s facial recognition verse iPhone’s use of fingerprint identification, for comparison, is Apple is not collecting or storing the data. The phone holds the encrypted mathematical mapping of your fingerprint data to help preserve ownership and to avoid unauthorized access from others.
To determine who owns what, including the data that has already been gathered and is stored, legislators need to refine the scope of consumer protection and privacy laws regarding data sharing, storing, collecting, and cross-referencing. Consumers need the ability to make informed consent about the use of their biometric information.
There are substantial benefits to advancing technology surrounding biometric identifiers, which should not be ignored or over inflated when addressing issues of its ownership and use, but the greater the advancement in technology can also lead to a greater risk of biometric data being used improperly.
rxadmin July 13th, 2016
Posted In: Uncategorized
rxadmin July 5th, 2016
Posted In: Uncategorized
Businesses must soon determine if the Department of Labor’s (Department) updated overtime rules published under the Fair Labor Standards Act (FLSA), taking effect December 1, 2016, impact them. The revised rules are the outcome of President Obama’s aim to solidify the precept that “a hard day’s work deserves a fair day’s pay.” They raise the standard salary required for application of a “white collar” exemption (in 29 CFR Part 541). Not all employees work overtime or fall into an exemption, but employers need to look at how they classify and compensate employees to see whether changes affect them.
When Do the Rule & Exemption Apply?
Remember FLSA is broadly construed to afford employees protection concerning wages earned and hours worked. FLSA covers employees (a) of organizations with annual gross revenue exceeding of $500,000, (b) engaged in interstate commerce or producing goods for commerce; and (c) of hospitals, medical facilities that care for their residents, schools and public agencies.
FLSA includes white collar exemptions from minimum wage and overtime pay requirements for executive, administrative, professional, outside sales, and some computer related employees. The three tests used to decide if an exemption applies are (i) the salary basis test – how is the employee paid; (ii) salary level test – how much is the employee paid; and (iii) duties test – what job-tasks does the employee perform. All tests must be satisfied in order. It is neither job title nor salary alone that guides exemption application. Note, this test does not apply to doctors, lawyers or teachers.
What Do These Tests Mean?
The salary basis test means the employee is regularly paid a pre-determined fixed wage not reduced for quality or quantity of work. Unless the employee does not work for a particular week, the employer must pay her salary regardless of days worked. Employers can chose to pay on a fee basis predetermined for a specific job- the total paid is divided by hours worked on the job to determine satisfaction of the set standard weekly salary amount.
The salary level test is based on the amount an employee earns. This standard salary level is increased by the overtime rule from $455/week ($23,660 annually) to $913/week ($47,476 annually) – or at least $27.63/hr. for computer professionals. Those paid less than the standard salary are entitled to overtime pay when working more than 40 hours/week. Employers are not required to pay a salary at or above the standard level unless claiming a white collar exemption. Overtime rules will automatically update salary and compensation levels every three years starting with 2020.
A big change to the salary level test is an employer can include non-discretionary bonuses or incentive payments to account for up to10% (up to $91/week) of an employee’s. To qualify, incentive payments must be paid at least quarterly. The employer must make a catch up payment no later than the first pay period ending after any given quarter where an employee does not receive at least the 10% of the standard salary in bonus payments. Failure to make the catch up payment means the exemption is lost for the applicable pay-period and all overtime wages that would have accrued are due to the employee.
Employees who meet the salary level may be exempt from overtime pay if they satisfy the duties test. The duties test remains the same in the overtime rules. This test applies differently based on the type of employee and their salary. Highly compensated employees, earning $134,004 base level salary or more annually, are subject to a more relaxed test than other professionals.
What Can Employers Do?
According to the Department, employers have many options for how to respond to overtime rules, none of which are favored by the Department. Employers do not have to require employees use a clock in/clock out system, so long as records are maintained accurately. Past that, once an employer determines if an employee satisfies all three white collar exemption tests, then they need to determine how or if to adjust hours and wages. Options suggested by the Department include (1) raise salaries to maintain exemptions; (2) pay current salaries with overtime pay after 40 hours; (3) reorganize workloads; and (4) adjust wages
Obviously one option is to raise salaries of employees to the minimum standard salary level. Presuming the employees compensated in an amount close to the standard level, this is a decent option- especially if the employee works overtime more often than not.
Reorganizing workloads or adjusting schedules can go a couple ways. Employers with some employees who are each under and over worked can distribute tasks so all employees work 40 hours or less per week. Or the employer may hire more part-time workers, while risking that if those workers want a full-time job they may leave once they find one.
Employers with employees not often working over 40 hours can simply pay overtime payments for the additional hours instead of worrying about the white collar exemption. Note employees must be paid based on actual hours worked for the period – as in the calculation of whether their wages are at or above the standard salary are based on the actual amount paid divided by actual hours worked – but again, employers cannot just reduce a salary if the employee works less than 40 hours in a given pay period.
Last, the Department suggests employers can adjust, with the mutual agreement of the employee, regular hourly wages and overtime wages so the total wages earned for a pay period are roughly the same, but apportioned in a manner that either satisfies the exemption tests or equates in the employer paying overtime- this is a hybrid of the first and second suggestions and may be hard to manage from employee to employee or for employer’s whose business fluctuates in an unpredictable fashion.
rxadmin June 1st, 2016
Posted In: Uncategorized
Finally, starting-May 16, 2016, businesses can raise up to $1 million every 12 months by crowdfunding–or targeting the public with low dollar, internet-based securities investment offerings-without general public registration.
Why the Wait? Congress gave the SEC 270-days to finalize rules upon implementation of the JOBS Act in April 2012. Those days came and went with the New Year. The 2013 New Year, that is. Proposed rules were not even approved until October 2013. To which the SEC received hundreds of response letters before the 90-day comment period ended. A speech by SEC Chair White left people expecting final rules in October 2014. However, an SEC agenda published shortly after, set a target adoption time of October 2015-making SEC’s crowdfunding rules creation a 24 month process.
The misnomer of naming the act the “JOBS Act” when in fact no new jobs were guaranteed (directly at least), left skeptics feeling this was merely an attempt to avoid transparency and to increase the likeliness of fraud on unsuspecting investors. Legislation faced serious opposition to rolling back Securities Act disclosure and investor protection provisions. Past SEC Chair Schapiro, even submitted an opposition letter, sparking debate over audited financial statement requirements. The SEC was not pleased with Congress’ haste to craft bipartisan legislation without sufficient time to formulate it. However, proponents urged Congress to pass legislation to democratize access to capital without cumbersome restrictions.
Considering the SEC rose out of the great depression, its weariness of fraudulent offerings targeting vulnerable consumer is not surprising. Let’s face it, smaller businesses are more apt to fail than succeed, highlighting the need to reduce risk when non-accredited investors are involved. To address concerns, the Commission balanced financial integrity against stifling capital formation. In theory, low dollar offerings and investment amounts protect all investors because it curbs the risk borne by any one investor. Still regulators worry people will not be self-accountable, or will too easily fall victim to fraud. The idea that people lack sophistication to properly vet potential investment opportunities is, however, short sided. Like the ‘call before you dig’ PSA, maybe regulators should make a campaign like ‘Q&A before you pay.’ Or maybe regulators will take comfort in knowing the low dollar amounts susceptible investor can actually lose are minimal (based on a lesser of salary or net worth for annual max contribution calculations). Instead of playing Chicken Little, regulators may consider protecting investors with education on how to analyze an investment opportunity. We cannot forget the intent of Congress that the crowd would network and share facts to, in essence, make a popularity contest where the issuer with the best presence prospers.
What Are the Benefits? On the bright side, at least audit requirement are out for company’s raising less than $500,000 a year. First-time crowdfunding issuers will be required to submit accountant reviewed financial statements (not audited statements) when raising between $500,000 and $1,000,000. Many commentators voiced concerns about burdensome requirements that would limit the ability of businesses already lacking capital to spend large amounts of money for audited financials. Another positive – issuers can conduct simultaneous offerings without running afoul of integration (presuming proper exemptions are followed).
In short, this isn’t an “either/or” proposition. This is good because having a limitation on raising other money for a full year could have chilled companies desire to participate in crowdfunding at all. It also would have prevented private equity funds from making larger investments in successfully crowdfunded companies for an entire year. Capping all investment at $1 million is obviously contrary to the underlying purpose of the law: to make it easier for smaller and startup companies to raise money. To some, the small stream of investment obtained by a crowdfunding offering will only provide limited opportunities for business growth at best.
Another benefit is that the SEC recognized challenges with monitoring individual investment amounts, and suggested investors “self-report” income and net worth, as well as their annual crowdfunding investments (not to completely relieve portals of monitoring requirements, though). This is also good news; without self-reporting of previous investments, it would be near impossible to track cross-portal activity.
Additionally, the delay allowed state petri dishes to enact their own versions of more flexible crowdfunding rules without pre-emption of Federal rules because of certain safe harbors or exemptions. In practice, however, the problem remains that by virtue of having funding portal listings online, the audience becomes difficult to control.
Of course fretting may prove wasteful at the end of the day. Investment capital will likely come primarily from people directly involved in the issuer, as it does in rewards based crowdfunding initiatives. There are always exceptions. But the critical mass of investors funding a campaign will likely be those closest to the issuer and therefore in the best position to evaluate whether they are comfortable with making an investment. In sum, crowdfunding is a catchy idea to spark consumer loyalty and raise awareness that may fizzle before reaching full potential.
To read all 685 pages of the final rules go to: http://www.sec.gov/rules/final/2015/33-9974.pdf.
rxadmin February 17th, 2016
Posted In: Uncategorized
Whether notice of credit card changes came as a newly issued chip card or through reading one of many news stories, you probably heard about the switch before reading this article. Maybe you have tried a chip card on an upgraded point-of-sale (POS) terminal at a major retailer. For those who have yet to try the new system, know there is not much to it. Instead of swiping your card’s magnetic strip through the side of a POS terminal, now you will insert, or “dip” as the payment processing industry calls it, your microchip card, aka EMV smart card, into a slot at the bottom of the terminal. Then simply wait for a beep signifying its ok to remove your card (in certain transactions, you will be prompted to sign – no difference here).
Reasons for change are fraud reduction, increased data security, and global acceptance of chip cards. EMV cards are more secure than strip cards primarily because chips hold from 2,000 to 64,000 bytes of data, whereas magnetic strip capacity maxes out at 62 bytes. This increased capacity allows microchips to hold and transfer encrypted data along with unique transaction identifiers. However, credit card fraud will not disappear once the transition is complete. EMV cards specifically reduce counterfeit card use because of its data capabilities. Fraud due to card not present (CNP) transactions- think online shopping- may remain the same or even increase as chips are not used in these purchases.
Leading the way is a more than decade old coalition between three major payment brands Europay, MasterCard, and Visa- hence the acronym “EMV”. EMV is a global standard for card microchip technology that uses layers of security as opposed to the generally un-encrypted magnetic strip card. EMVCo, the payment brand coalition that additionally includes American Express, JCB, Discover, and Union Pay, developed standard specifications for chip card payment processing. The U.S. is the last major market to adopt EMV technology. Congressional reports attribute domestic market hesitation to merchant and card issuers’ minimal appetite for absorbing transition costs. However, government’s increased scrutiny into corporate data breaches, including that of Target in 2013, spurred initiatives incentivizing change.
Card issuers (e.g. banks and other financial institutions) are responsible for creating, programing and delivering EMV cards to and for consumers. Issuers set parameters for consumer verification methods (CVM) used in a given transaction. Generally, CVM can be a signature, PIN or no CVM based on the likelihood of fraud in a particular transaction. For example, no CVM is for low dollar purchases, PIN for ATM usage, and signature validation for the bulk of U.S. POS transactions. The combination of chip card data and CVM theoretically make your data more secure as long as issuers and merchants properly follow EMV procedures.
Merchants are encouraged to upgrade POS terminals to accept EMV cards by October 1, 2015 (except fuel dispensaries, which have an extra 2 years). This deadline signifies a shift of liability for fraudulent credit card usage. After October 1, liability shifts to the payment chain participant that failed to implement EMV standards. If the issuer and merchant instituted relevant procedures, liability remains the same as pre-EMV implementation.
EMV cards are a step in the right direction, although not an ultimate solution, towards ending fraudsters’ ability to make purchases with another’s account. Until EMV technology is used by the majority of U.S. merchants, if not all, the strip will continue to function as a fallback method to ensure consumers can use their cards as needed. Consequently, this fallback leaves a gap for the exact counterfeit card use EMV cards intend to prevent.
rxadmin September 24th, 2015
Posted In: Uncategorized
Washington D.C. – The Frutkin Law Firm’s Principal attorney, Jonathan Frutkin, will be a speaker at the Third Annual Conference and Workshop for Crowdfunding USA scheduled for May 5-6 at the National Press Club in Washington D.C. Frutkin is also the CEO of Cricca Funding, a crowdfunding advisory company and the author of the book Equity Crowdfunding: Transforming Customers into Loyal Owners.
The conference panels and discussions will focus on the Title III fundraising ruling; a new system approved last October that will go into effect on May 16, 2016, allows issuers to raise up to $1M via equity crowdfunding. For the first time in history, small businesses can trade an equity stake in all future profits in exchange for a valuable influx of funds, without the burden of registering with the SEC.
In addition, to Frutkin’s work in crowdfunding he has a long history as a business executive and owner. He has owned a website design business, a software company, a real estate development company and was the developer for a national ice cream chain. As the founder of The Frutkin Law Firm, he worked to put together the top legal talent available to assist business clients – growing the firm to more than 10 attorneys within a few short years. His practice focus was on providing general counsel, including capital formation, mergers and acquisitions, litigation strategy and intellectual property. He has also appeared frequently in the media, including in international publications like The Economist, Kiplinger Personal Finance and The Washington Post. He is a frequent media commentator on television, on the radio and in print.
Jonathan Frutkin, explains the opportunity for small to medium sized businesses with this new SEC ruling: “The opportunity to raise capital using crowdfunding isn’t exciting. What is exciting is that local businesses can make their customers into owners. This marketing opportunity has huge potential.”
In addition to Frutkin one of the Firm’s associates, Amanda Salvione will be attending the conference as a participant to further expand her knowledge about the legal implications of crowdfunding as this continues to be an area of focus for the Firm’s legal practice.
rxadmin May 4th, 2015
Posted In: Uncategorized