Business Law Updates

Changes Affecting Your Business



Changes in the Law Affecting Business

The following topics are discussed below:

      Data Security


Nevada is the first state to require entities that transfer customer personal data outside of its secure system through an electronic transmission to use encryption; it mandates compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) for businesses that accept payment cards. It imposes a more rigorous encryption requirement and extends this requirement to portable storage devices. The law is effective January 1, 2010.

A Massachusetts regulation requires businesses to take a number of measures including encrypting wireless-transmitted data, utilizing up-to-date firewall protection, only permitting authorized users to have access to or to transmit data, and encrypt all personal data on laptops and data transmitted over public networks. The regulation is effective March 1, 2010. The law applies to companies that have employees or customers in Massachusetts. The provisions also were updated to reflect a risk-based approach for developing a written information security policy - in implementing safeguards, organizations should take into account their size, the types of records they maintain and the ID theft threat they pose.

The Federal Trade Commission (FTC) took the lead by bringing enforcement actions against companies, most notably TJX, whose failure to implement reasonable data security measures (e.g., not upgrading controls for wireless access to its networks, not requiring network administrators to use strong passwords, and not adequately investigating reported security incidents) created culpability for the massive and repeated breaches that ensued. Retailer TJX, Cos. Inc. agreed to pay $9.75 MM to 41 states to settle claims the company failed to protect its customers’ financial information.

See The National Law Journal, June 29, 2009, page 11.

      Electronic Discovery Sanctions



There is a trend for greater Court scrutiny and sanctions over E-Discovery obligations. Courts may regard the destruction of relevant evidence to be serious enough to warrant sanctions that effectively may be dispositive of a claim or defense.

Because of extreme wrongdoing during discovery, court prevented assertion of affirmative defenses of the safe harbor provision of the Digital Millennium Copyright Act, and granted summary judgment for plaintiff on all counts. Arista Records LLC v., 2009 WL 1873589 (S.D.N.Y. June 30, 2009)

See "Spoliation Leads to Severe Sanctions", By H. Christopher Boehning and Daniel J. Toal, New York Law Journal, August 28, 2009

      Independent Contractor


Companies save money with independent contractors by not paying payroll taxes, overtime or providing any benefits, besides having work performed at a lower cost and reducing their payroll budgets.


Companies save money with independent contractors by not paying payroll taxes, overtime or providing any benefits, besides having work performed at a lower cost and reducing their payroll budgets.

However, the U.S. Department of Labor and the Internal Revenue Service are increasing their investigations whether companies are mislabeling their employees as independent contractors. The Department of Labor recovered $185,287,000 in unpaid wages in fiscal year 2008. The IRS announced in September 2009 it would conduct random audits of 6000 domestic employers for employment tax compliance and whether classification of workers was correct, over three years. The IRS will require companies that misclassify employees as independent contractors to pay all back withholding taxes plus interest, even if the workers have already paid their taxes. The IRS may also seek large fines and criminal penalties.

See also, “Challenges to independent contractor mislabeling”, Carrie B. Hoffman, The National Law Journal, January 11, 2010, page 13.

      False Claims Act


On May 20, 2009 the Fraud Enforcement and Recovery Act of 2009 (FERA) was signed into law that contains a number of significant FCA changes. Entities applying for and receiving Federal stimulus funds are subject to the False Claims Act actions. (31 U.S.C. § 3729–3733). Whistleblowers can bring civil actions on behalf of US to recover damages for false claims made to US government programs and get a percentage of the recovery of 15 to 30%.

Subcontractors are now liable for knowingly committing fraud even if the fraud is committed indirectly through another contractor, removing the requirement that the claim be presented to an officer or employee of the federal government. (Public Law 111-21, section 4) “Knowing” = reckless disregard of truth.

FERA attaches liability whenever a person makes, uses, or causes to be made or used, a false statement "material to" a false claim. FERA broadly defined the term "material" as the natural tendency or capability to influence payment.

Violation may include: false certification of compliance with statute, regulation or contract, such as “Buy American” or Davis-Bacon waste provisions, or warranties. Damages can be treble, plus penalties without showing of damages.

See The Colorado Lawyer, 8/09, p. 87

      Whistleblower Protections


The 2009 stimulus bill (American Recovery and Reinvestment Act of 2009), section 1553, substantially increased the number of companies that are prohibited from retaliating against employees who disclose information they reasonably believe shows gross mismanagement of an agency contract or grant relating to stimulus funds, gross waste of stimulus funds, substantial and specific danger to public health related to the implementation or use of stimulus funds, any abuse of authority related to implementation or use of stimulus funds, or any violation of law or regulation related to an agency contract or grant related to stimulus funds. It appears the coverage extends to any contractor, subcontractor, grantee or recipient of stimulus funds, a licensee, or any contractor or subcontractor of the state or local government receiving stimulus funds.

The employee generally must just show the protected conduct was a contributing factor to the reprisal. There is no statute of limitations for filing the complaint. Employers must post a notice about this section.

The inspector general investigates applicable complaints. If a violation is found, the agency can award reinstatement, back pay, employment benefits, compensatory damages and attorney fees.

Companies that receive stimulus funds, directly or indirectly, must take care to comply with this law.

See also “Stimulus law expands whistleblower protections”, Lloyd Chinn and Harris Mufson, The National Law Journal, September 28, 2009, page 20.