Important Considerations for In-House Counsel and Benefits Professionals The Employee Retirement Income Security Act (ERISA) can be daunting. In this article, we break down some of ERISA’s complexities and highlight its key rules of engagement. Knowledge of these rules can be invaluable in ensuring ERISA compliance, identifying risk and aiding in defense or litigation strategies. Providing Employers with Strategic Advantages in Litigation ERISA has its own civil enforcement scheme, and the universe of claims available to potential litigants is limited. Because ERISA is intended to provide an exclusive set of remedies, it preempts state law claims that relate to ERISA plans. ERISA’s broad preemptive effect means… Read more

Uber Technologies The scenario: In August 2018, the FTC announced an expanded settlement with Uber Technologies for its alleged failure to reasonably secure sensitive data in the cloud, resulting in a data breach of 600,000 names and driver’s license numbers, 22 million names and phone numbers, and more than 25 million names and email addresses. The settlement: The expanded settlement is a result of Uber’s failure to disclose a significant data breach that occurred in 2016 while the FTC was conducting its investigation that led to the original settlement. The revised proposed order includes provisions requiring Uber to disclose any future consumer data breaches, submit all reports for third-party audits of Uber’s privacy policy and retain reports on… Read more

Keeping personal health care information safe in the digital age Organizations that have access to, create or transport such information are “covered entities.” Covered entities include hospitals, physicians, health insurance companies and employer group health plans. These covered entities are subject to stringent regulations and requirements related to the privacy and security of PHI. They are only allowed to use PHI in specified ways. Companies that provide services to these covered entities, called “business associates,” are also subject to these requirements. The United States Department of Health and Human Services (HHS) Office of Civil Rights (OCR) is charged with overseeing compliance with and enforcing the HIPAA Privacy Rule… Read more

In the United States, the Federal Trade Commission (FTC) serves as the primary federal enforcer of consumer data privacy and security laws for most businesses. Companies that violate privacy rights of consumers or mishandle sensitive consumer information may face legal enforcement actions brought by the FTC and state-level authorities. The FTC began to bring these actions in the late 1990s and has since established a wealth of its own privacy jurisprudence in the absence of many judicial decisions relating to FTC enforcement. Together with various state-level agencies, the FTC has successfully investigated and taken legal action against many companies that have been alleged to have mishandled personal consumer information. Here… Read more

What the new legislation means for U.S. companies The phrase “it’s a marathon, not a sprint” is applicable to the world of data privacy regulatory compliance these days. Last year, companies located inside and outside the European Union scrambled to comply with the European Union’s far-reaching General Data Protection Regulation (GDPR) – which governs the processing of personal data – before the law became effective on May 25, 2018. The compliance effort is far from over, however. Companies must now devote resources to monitor the development of a new privacy law pending in the European Union: the ePrivacy Regulation (the “ePR”). Many U.S. companies impacted by the extensive compliance requirements under GDPR will be similarly impacted… Read more

How California continues to lead the way in consumer privacy protection California led the way over 15 years ago when, in 2003, it implemented the first state data breach notification law in the United States. Since that time, concerns about data privacy and cybersecurity have increased so notably among consumers and businesses that now all 50 states have some form of data breach law. These laws are in addition to numerous other state and federal regulations concerning the secure handling of personal data, as well as the far-reaching and recently effective European General Data Protection Regulation (GDPR). Against this backdrop, California continued its trailblazing approach in this sensitive area of the… Read more

What is new? The Act essentially doubles the estate and gift tax (and generation-skipping transfer tax) exemption amount to $11.18 million per person and is subject to inflation adjustments annually. A married couple can now transfer up to $22.36 million in 2018 to their family or other beneficiaries without estate or gift tax. How might this affect an existing will or revocable trust? If your documents were designed to minimize the federal estate tax – for example, they contain provisions for a “family trust” or a “credit shelter trust” – and you are not likely to have a taxable estate… Read more

» View the PDF MOTION PICTURES Can I make a film about a living person? When making an artistic work involving the characteristics of a real person, there are few safe harbors. In 2005, the Florida Supreme Court found that the producers and distributors of the film The Perfect Storm did not violate the state law prohibiting commercial appropriation because the film was not directly used to market goods for sale. Likewise, in March of this year, a California appeals court dismissed a lawsuit by Olivia de Havilland over her portrayal in the FX series, Feud: Bette and Joan. The California court found that the First Amendment… Read more