|Wilson Elser’s Cyber Incident Response Team has seen an alarming uptick in cyber-criminal activity targeted at professional services firms, particularly accounting firms. As described in more detail below, the criminal activity follows a very specific pattern. We take this opportunity to remind all professionals of the need to be wary and skeptical of what communications they receive electronically. Consider starting the New Year with training and education for yourself as well as your partners, staff and employees on cyber risk and how to best avoid an attack and mitigate any damages if an attack occurs. In the past three months, we have noticed a pattern of activity targeted at small to midsize professional services firms. Attackers attempt to gain access to computer systems containing sensitive financial information, which may result in a legal duty on the part of the professional to notify their clients that their confidential information was or may have been exposed. Continue Reading|
The past several years have seen a slew of high-profile excessive force cases against law enforcement officers, often highlighted by cell phone video. These cases have placed increasing pressure on local police departments, which continue to struggle with balancing the public interest in community safety against the individual rights of suspects on the street. At the highest level of the legal landscape, however, the United States Supreme Court recently issued a decision that arguably expands the qualified immunity defense, at least in certain kinds of deadly force cases. Continue Reading
Design and other professionals often incorporate their practices in an effort to avoid individual liability. They also add well-crafted limitations of liability and indemnification clauses in their form services contracts to avoid responsibility for problems that arise in the execution of the plans. These strategies are especially important for practitioners in jurisdictions where a design professional may be exposed to liability disproportionate to the limited scope of services, such as where codefendants have no insurance coverage or are underinsured. It is also common for plaintiffs to sue the professional individually to attempt to circumvent favorable clauses in the professional corporation’s standard contract for services.
Last fall, I posted a blog about the national trend of including arbitration provisions in nursing home admission agreements. This trend peaked following the U.S. Supreme Court’s decision in Marmet Health Care Center v. Brown, 132 S.Ct. 1201 (2012), in which the Court determined that the Federal Arbitration Act (FAA) preempts any state law or public policy limiting arbitration, holding that the language in the Act did not limit its application to non–personal injury disputes. The only remaining issue is whether contracts requiring arbitration, like any other contracts, are procedurally and substantively enforceable under New York contract laws. Continue Reading
California SB 178 Seeks to Apply Warrant Requirement to Electronic Devices and Online Data
The California Senate is currently reviewing the proposed California Electronic Communications Privacy Act (SB 178), which generally requires law enforcement entities to obtain a search warrant before accessing data on an electronic device or from an online service provider. The purpose of the bill is to codify and expand on existing case law pertaining to electronic devices and online privacy. SB 178 is co-sponsored by the Electronic Frontier Foundation and the California Newspaper Publishers Association.
Among other things, the bill requires the issuance of a search warrant or wiretap order before a government entity can (1) compel the production of or access to electronic communication information from a service provider, (2) compel the production of or access to electronic device information from any person or entity except the authorized possessor of the device, and (3) access electronic device information by means of physical interaction or electronic communication with the device.
In the most recent “North America Top Technology Initiatives Survey Results,” CPAs responding to the poll ranked “securing the IT environment” as the number-one priority, followed by “managing and retaining data,” “ensuring privacy,” “managing IT risks and compliance,” and “preventing and responding to computer fraud.” The top five poll results all relate to securing, managing or protecting the information entrusted to CPAs. The poll results are largely consistent with prior years and not particularly surprising in a world where data breaches routinely make national headlines, and CPAs receive and store large amounts of highly personal and confidential data. What is surprising and potentially alarming is the seemingly low levels of confidence the poll respondents had in their ability to protect data.
For years, U.S. Department of Labor Chief Accountant Ian Dingwall has been advising employee benefit plan administrators to avoid using auditors who “dabble” in employee benefit plans. During this period, the DOL has consistently found that approximately one third of the employee benefit plan audits the agency reviews are deficient, and points to the firms that perform fewer than five of these audits as the most common offenders. Building on this public commentary, the DOL has worked vigorously to push out the dabblers, and the American Institute of Certified Public Accountants (AICPA) and a growing number of state boards of accountancy are supporting this effort.
Uncertainty Remains for Financial Institutions’ Client Communications Under the TCPA
There has been an increase in lawsuits against financial institutions under the Telephone Consumer Protection Act (TCPA), and recent multimillion-dollar class action settlements raise significant concerns in the financial services industry regarding the efficacy of existing compliance protocols. One area of murkiness is the Federal Communication Commission’s (FCC’s) requirement that companies obtain “prior express written consent” for cellular telephone communications with customers. Specifically, financial services companies have requested that the FCC clarify issues concerning what constitutes “prior express written consent” and whether customers have the right to revoke consent after it has been provided.
The TCPA restricts telemarketing and limits the use of automatic dialing systems, artificial or prerecorded messages, texts and faxes used by businesses to advertise products and services to customers and collect outstanding debts. Pursuant to a change that took effect in October 2013, the TCPA requires written consent for most automated telemarketing communications. The TCPA specifically prohibits the use of an automated telephone dialing system or an artificial or prerecorded voice to make calls to cell phones without prior written consent of the party receiving the call.
Advances in medical technology have made it possible to interpret x-rays from half way around the world, perform surgery through robots and diagnose dermatological conditions via Skype. Today we are on the cusp of further developments that will allow medical technicians to use 3D printers to generate medical devices, prosthetic limbs, and body parts and organs. While the technology is moving forward rapidly, the societal, ethical and legal debates are only beginning and will need to catch up quickly.
Additives manufacturing or process, a.k.a. 3D printing, provides a method for an object designed on a computer to be “printed” in plastic in a three-dimensional form. I read about this technology in a New York Times story about a new way to manufacture guns to get them past airport security. While this concept is certainly scary, there are obvious potential benefits from this technology in many fields, including the possibility of one of the greatest impacts on the medical community in history.
It the fast-paced world of health care, it is easy to forget the simple things – like notifying your state licensing board about address changes. It seems trivial, but there may be consequences for a physician who fails to update her physician profile.
State medical boards have the responsibility and obligation to protect consumers of health care by ensuring that all licensed physicians comply with the laws and regulations related to the practice of medicine. These boards have a process for the public to submit formal complaints, and, once a complaint is made, the board conducts an investigation that includes contacting the physician for a response. But what happens when the physician does not respond?