The Justice Department Criminal Division recently released guidance on what it considers when deciding how a corporation’s compliance program factors into its investigation and the ultimate decision as to whether to bring charges, negotiate pleas or enter into other agreements with corporations under investigation. The Evaluation of Corporate Compliance Programs, released on April 30, 2019, is an expansion of the 2017 guidance document issued by the Criminal Division Fraud Section.

Prosecutors Must Ask Three Fundamental Questions

Prosecutors will ask three fundamental questions to determine if a corporation’s compliance program was effective at the time of the offense and at the time of charging:

1. Is the compliance program well-designed?
2. Is the compliance program being implemented effectively?
3. Does the compliance program work in practice?

Is Your Compliance Program Well-Designed?

An Effective Compliance Program Identifies Specific Risks

An effective compliance program will be tailored to the specific risks affecting the company under investigation. Prosecutors will ask if the company identified its own “high-risk” areas, as well as the degree to which the program dedicates resources to monitor these areas. Even a well designed program might not catch every event. Therefore, another important factor is when an event is uncovered, are the lessons learned incorporated into the compliance program going forward?

Train Your Employees

Prosecutors will analyze how thoroughly and effectively a company has trained its employees on its compliance program. Companies should use real-life experiential training scenarios and case studies during employee training. Employees must know when, where and how to report suspected misconduct. Then, once an incident is reported, how does the company identify which complaints merit further investigation? What access is given to the individual investigating the complaint? Is this an employee or an independent outside agency? A well-designed compliance program will also make it clear that no employee retaliation will be tolerated.

Third-Party Risk

Just as you should be monitoring your employees, it is just as (if not more) important to take your third-party vendors into consideration when assessing high-level risks. Your company should be mitigating these risks by using appropriate contracts and agreements for outside work, and doing regular due diligence and compliance training for third-party vendors.

Is Your Compliance Program Being Implemented Effectively?

Prosecutors will analyse if your compliance program is being implemented effectively. A company can spend countless hours developing a compliance program that looks and sounds great, but if, after the initial introduction to employees, it gets forgotten or completely ignored, then prosecutors will not look favorably on your company’s efforts. A successful compliance program must be woven into the fabric of the day-to-day culture from the top down.

Does Your Compliance Program Work in Practice?

The final question prosecutors will ask is whether the compliance program actually works in practice. Prosecutors will look into : (1) Was investigation into the misconduct conducted in a timely manner? (2) Has the company completed a root cause analysis? (3) Can the program be tested in order to improve? Again, evolution is key here. Does your program have to be perfect? No, no risk will ever be 100% mitigated. However, a program that works in practice needs to have the ability to be updated built into its core.

Take Away

As you can see, the DOJ has shared valuable insight into what prosecutors look for when evaluating compliance programs. This is extremely valuable and companies should take advantage of this intel and honestly self-assess whether its program measures up. Companies that have well-thought-out and designed plans that are capable of evolving will fare better before the Criminal Division than those who do not. If you have any questions regarding your program or compliance in general, or any other aspect of your business, please feel free to contact us at Danziger Shapiro, P.C.
This entry is presented for informational purposes only and is not intended to constitute legal advice.

Voice recordings violate the General Data Protection Regulation (GDPR) when companies fail to provide callers the ability to opt out according to a ruling earlier this month by the Denmark Data Protection Authority. Under the GDPR, voice recordings are considered personal data. Therefore, companies that communicate with EU residents need to understand what the GDPR requires from a compliance perspective to avoid unwanted violations.

This Call May Be Monitored …. Requires Affirmative Consent

We have all heard some form of the following phrase right before a live person answers the phone, “This call may be monitored for training purposes…” Well, in this instance the caller asked the Company NOT to monitor the call for training purposes. The Company representative replied there was no way to turn the recording off. Based upon these facts, the agency in Denmark held the inability to turn the recording off when requested violated the GDPR. The Company argued unsuccessfully that by continuing on the call, the customer consented to having the conversation recorded. The agency disagreed and stated consent needs to be more than just tacit approval but rather a clear, affirmative and unambiguous choice to have your personal data recorded. Affirmative consent was not available in the foregoing example.

Take Away

The take away here is that affirmative consent requires the ability to opt out. If there is no way to opt out, were you given a meaningful choice? Is tacit compliance enough? In Denmark, the answer was clearly no. Going forward, US companies that are subject to the GDPR should take notice of this ruling and pay careful attention to internal telephone practices. Click here for more information generally on the GDPR. If you have any questions regarding this or any other aspect of your business, please feel free to contact us at Danziger Shapiro, P.C.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

The State Office for Data Protection Supervision (BayLDA) in Bavaria recently conducted an audit on 40 websites and concluded all 40 websites were in violation of the GDPR. The audit revealed, as discussed below, that all websites failed to provide its users with clear and concise information regarding the use of cookies in direct violation of the GDPR. Interestingly, none of the 40 companies were technology based companies. This should serve as a stark warning to all companies that compliance with the GDPR is not something only technology companies must comply with but applies across all sectors.

Cookie Banners

By now it is commonplace to see at the top of a website a banner that states something along the lines of “This site uses cookies to provide you with a better user experience. By using this website you consent to and accept the use of cookies….” In reviewing the 40 websites BayLDA found that the cookie banners used were ineffective at disclosing useful information to end users to protect them from unknown tracking. Specifically, the banner MUST disclose the specific type of cookie being used. Broad generic descriptions such as performance or analytic cookies do not suffice.

In addition, BayLDA found it problematic that cookie tracking started, known as the “cookie drop”, on most of these websites immediately upon the site’s loading. In essence tracking started before you even had a chance to opt out! Thus even if you consented by clicking on the cookie banner, did you really given meaningful consent if the cookie dropped even before you agreed?

Take Away

While the BayLDA audit does not rise to the level of formal guidance, US companies that are subject to the GDPR should take notice and pay careful attention to their cookie banners and timing of the “cookie drop.” Click here for more information generally on the GDPR. If you have any questions regarding this or any other aspect of your business, please feel free to contact us at Danziger Shapiro, P.C.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

The General Data Protection Regulation (GDPR) was approved by EU Parliament back in May 2017. The GDPR, in a nutshell, was designed to replace an inconsistent set of data privacy laws with a comprehensive law that protected all European Union residents. Please click here for my original post on the GDPR. While the GDPR has been in effect for over a year, the law gave companies until May 25, 2018 to comply. Well, that deadline has come and gone. If you fail to comply, regulators can impose a fine of up to 4% of worldwide revenue. This is NOT a typo! 4% of worldwide revenue up to 20 million euros.

Currently, there are no grace periods if your company still has not complied with the GDPR. Additionally, as the ability to enforce compliance is less than 1 week old, there is no precedent out there that we can use as guidance. Regulators for EU member states have indicated different going forward approaches to enforcement. While one state regulator has inferred that even if full compliance has not yet been achieved, the efforts made to attain compliance will be taken into account as a mitigating factor. Alternatively, other state regulators have simply stated that if we have reason to impose a fine we will impose a fine. In this regard, the newly created European Data Protection Board was recently created.

Going Forward – What should US Companies do?

US companies had over a year to prepare for the May 25, 2018 compliance deadline. Just burying your head in the sand is not a good strategy considering the potential fine of up to 4% of worldwide revenue. US companies need to understand if their online business presence falls under the GDPR. If you have any questions regarding this or any other aspect of your business, please feel free to contact us at Danziger Shapiro, P.C.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

A Delaware business client recently asked me to review his commercial privacy policy to see if his website complied with current online privacy protection requirements. Not surprisingly in this fast pace and constantly changing digital landscape – the website failed because it did not clearly provide a link to its privacy policy on the home page. And this is putting aside the May 25, 2018 GDPR compliance deadline that is fast approaching and its severe financial consequences for noncompliance. The Delaware Privacy Online Act Delaware Online Privacy Protection Act has three stated goals but for purposes of this alert, I will focus on only on the commercial purpose. Operators of an internet service must conspicuously post its “privacy policy” if it collects personally identifiable information of Delaware residents. To better understand this, let’s break this down into its component parts.

Operators of an Internet Service

The Act defines operators of an internet service in a straightforward manner. An operator is defined as a person who owns an internet website, online or cloud computing service, online application, or mobile application. (Going forward I will refer to all of these platforms as a “web site”). It does not however include a third party who manages or hosts your site. This distinction is important because it places the responsibility on the “owner” of the site and not the person or entity who is actively managing the site on a day to day basis. This means for the business owner you are responsible and it is not a defense to argue that you hired a company to manage your web site. Internet service is defined broadly to encompass everything internet related regarding communication of information by wire, radio or other methods of transmission.

Personally Identifiable Information

Personally identifiable information (“PII”) is defined as data that allows a user to contact an individual through the collected PII either online or directly. Examples of PII include, first and last name, a physical address, an e-mail address, a telephone number, a social security number, or any other identifiers that would allow direct or online contact.

The Privacy Policy Must Be Conspicuously Posted

A conspicuously posted privacy policy can be satisfied in several ways but the main two options are as follows:

• Home Page – The privacy policy is posted on the home page or the first significant page after you enter the site; or
• Hyperlink – A hyperlink on the first web page links to the actual privacy policy. The hyperlink must contain the word “Privacy” in all caps and in the same or larger font than the rest of the font on that specific page. Alternatively, the hyperlink must be displayed in such a manner that any reasonable person would notice it.

The Privacy Policy Must Include

• The categorizes of PII that are being collected and if such information is being shared
• If the operator of the website maintains a method for the user to update or review its PII, this process must be disclosed to the user
• A description of the process by which material changes to the Privacy Policy will be made available to the users of the website
• Disclose how the operator responds to web browser “do not track” signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personally identifiable information
• The effective Date of the Privacy Policy

Take Away – Review Your Website

The key takeaway here is that your PRIVACY POLICY must be clearly stated on the first meaningful page of your web site. Failure to do so can result in up to a $10,000 fine imposed by the Delaware Attorney General. Remember, what is great about a web site, not being tied to a specific location like the typical brick and mortar store, can also lead to greater exposure. You need to be cognizant of privacy policies for each state and in some instances an even broader GDPR approach (please click here.) may be required. Having said this, we recognize a state by state analysis may not be practical for your situation but there certainly is an approach that can be implemented. If you have any questions regarding this or any other aspect of your business, please feel free to contact us at Danziger Shapiro, P.C.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

The recent Equifax data breach has been called the worst personal data breach in history. Over 143 million people have been affected. Experts are saying that is it safer to assume you were affected and take preventative measures immediately.

Data Breach Timeline

• Mid May – July 2017: The data breach occurred mid summer 2017. Information exposed includes social security numbers, birth dates, addresses.
• July 29, 2017: Data breach is discovered by Equifax.
• August 1, 2017: Three top Equifax executives sell their stock. Equifax asserts executives were unaware of data breach.
• September 2017: Data breach announced to public. Equifax sets up website to assist affected customers.
• September 8, 2017: Class Action filed against Equifax

Security Steps to Consider: Fraud and Freeze Alerts

If you believe you may have been affected by the Equifax data breach, set up a fraud and freeze alert. This is a 90 day alert that ensures (hopefully) that anytime someone tries to use your information, the credit reporting agencies are notified. You do this by contacting one of the three main credit watchdog agencies (Transunion (800-680-7289), Experian 888-397-3742 and Equifax (888-766-008). This is a free service.

A freeze alert ensures that no new accounts are opened in your name. Once this is requested, the credit reporting agencies will send you a letter with a PIN. You will need to use the PIN when you want to open a new account. There is a small fee associated with this service.

Monitor your accounts for unusual activity. Regularly check your accounts and stay on top of things. Sometime the simplest and most common sense approach is the best.

Take Away

Unfortunately the take away here is that data breaches are now a common occurrence and we all need to be aware and take steps to reduce our exposure and response time. Consider two-step authentication for all of your accounts and never use the same password across your accounts are great starts. Douglas Leavitt is an attorney with Danziger Shapiro and focuses his practice on guiding business with their daily operational needs. Please feel free to contact him or any of the other attorneys at Danziger Shapiro to discuss how this new change will affect your business or any other issue you may have that concerns you and your business.

This entry is presented for informational purposes only and does not constitute legal advice.

The General Data Protection Regulation, more commonly known as the GDPR, replaced an inconsistent country by country approach to how companies were required to handle the personal data of European Union (EU) residents. The EU Parliament approved the GDPR last month and all companies, including US companies, must be compliant by May 25, 2018 or face heavy fines that can be up to 20 million euros or 4% of a company’s prior year world-wide revenue, whichever is higher. This is not a typo. Now that I have your attention, let’s break the GDPR down to 2 important questions.

Does my US business offer goods or services to EU residents? If the answer is yes, you are subject to the GDPR.

First, what is a EU resident? A EU resident is any individual that resides in any of the 28 member states that form the EU. This applies to anyone who resides in the EU. Citizenship is NOT required. Second, there is no requirement that the company offering the goods or services be located in the EU. All that is required is that the individual resides in the EU. The GDPR focuses on the EU resident, known as the “data subject” and not the “data controller”. Consider the following, does your company have a website? If your website collects data from a EU resident you fall under the purview of the GDPR regardless whether you have a physical business location in the EU or any business transaction was consummated between your business and the EU resident. The mere surfing of a Pennsylvania business’s website by a EU resident makes your business subject to the GDPR.

Does my US business monitor the behavior of EU residents? If the answer is yes, you are subject to the GDPR.

Does your business engage in tracking or profiling the behavior of EU residents such that it uses such data to make business decisions or predict personal preferences of EU residents? Stated a bit clearer for the non tech savvy individual, have you ever wondered why or how ads seem to pop up that relate to items you had recently searched? This practice is covered under the GDPR.

Key Points of the GDPR

1. Consent

The GDPR requires that consent to the collection of data be given by a clear and affirmative act that is specific, informed and unambiguous. Silence or inactivity will not be considered consent. Consent can be shown by a “data user” clicking on a box that has not been prechecked that sets forth your consent in clear and unambiguous language.

2. Data Protection Officers

The GDPR requires data privacy officers be appointed at companies under certain circumstances. For example, if the company is involved in the public sector, has more than 250 employees or the company’s core business involves processing operations that require active monitoring. These data protection officers must be experts in the data protection field.

3. Data Breach Notification

As soon as your company becomes aware of a data breach, the EU supervisory authority must be notified within 72 hours of the breach. The EU resident affected by the breach must also be notified immediately if the breach involves the possibility of identity theft or fraud, physical harm, significant humiliation or damage to ones reputation.

4. Privacy Notices and Other Rights

The GDPR requires that certain disclosure are made in a privacy notice. While some disclosures such as the identity of the privacy officer, the purposes of data collection and the categories of the potential recipients of the collected data are not new, other rights are certainly new. For example, a EU resident now has the right to object, obtain the information collected about them, erasure and even correction and other rights not mentioned here.

Take Away – Compliance Deadline is Fast Approaching

The key takeaway here is that the May 25, 2018 compliance deadline is fast approaching. With unbelievably high fines available, affected EU residents are now empowered to go after US business that do not properly protect and/or collect their personal data. US companies will not be able to hide their heads in the sand merely because the affected individuals are across the pond. Meaningful enforcement penalties are available to EU residents. US companies need to take action now to understand how their business might be impacted by the GDPR and take corrective action now before GDPR compliance is required. For information in general on the GDPR click here. If you have any additional questions regarding this or any other aspect of your business, please feel free to contact us at Danziger Shapiro, P.C.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

Cyber Security Month

October is Cyber Security Month. If your company uses any kind of computers, cell phones, networks, software, etc. to go about its business, then this month applies to what you do day in and day out. Having these technologies makes our lives more advanced and efficient but they also leave us open to security issues. Business large and small have to have plans and processes in place for how they deal with their digital technologies BEFORE something terrible happens. It can seem like a big undertaking for the little guy given that the big guys seem to be hit time and time again. Yahoo for example, was recently the victim of yet another network security breach. One might ask what can a small business do with limited funds? After all, if large companies with departments solely dedicated to thwarting cyber intrusions cannot stop hackers, what can a small business do? The answer is simple – plenty.

• Understand Your Business Network

Chances are that your business network has a wireless network (called a Wi-Fi network). The Wi-Fi network is what allows your computers, smart phones and tablets to connect to your business network. Your business connects to the internet through either a router or a wireless access point which in turn connects to the router. Both of these devices will broadcast wireless signals that the various devises in your business will use to connect to the internet. As a result, you need to know what type of system you have and how to secure the wireless signal as a simple step to protect your business network.

• Change Administrator Password and Login

Most routers and access devices are shipped from the factory with a default administrator password and login. Unfortunately, this information is well known and quite easily found with a quick internet search. Accordingly, one of the first things you should do when you set up your small business network is to change both the administrator login and password. If you fail to do this, the overall security of your network is extremely weak. Try a password generator to choose something that has no connection with your business and difficult to crack.

• Change the Name of the Network – SSID

The SSID stands for service set identifier is essentially the name of your business network. The SSID is the name that your device will see when it is searches for available networks. Why make it easy for hackers to identify the network they are trying to hack? Try for a unique name that is not personal to either yourself or your business so cyber intruders will not be able to associate your network with your business.

• Encrypted Networks

Make sure your wireless network is using the most advanced encrypted network. As of right now, this would be WPA2. If you use this, users will be asked a password to connect to your network. Make sure the password is strong AND different from the administrative password. We strongly recommend that you do not give your clients access to your business network. Instead, consider having a guest network. This way, while you are still providing a nice convenience to your clients, you are not giving your clients access to your business network. Finally, disable Wi-Fi Protected Set Up or similar setting that allow devices to connect to the network without first entering the password.

What’s Next…

While these steps are by no means a guaranty that you won’t get hacked, they are at least a first defense. An analogous way of thinking about this is that the brick and mortar thief will go from house to house until he finds one with the back door unlocked. The attorneys at Danziger Shapiro don’t want you to be that unlocked house. Make the cyber intruders go down the street. For additional information on cyber security in general or specific to your industry, take a look at Securing the Human. Otherwise, please feel free to contact us to discuss this or any other issue that is affecting your business.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

Under Pennsylvania tort law, libel is defined as “a maliciously written or printed publication which tends to blacken a person’s reputation or expose him to public hatred, contempt or ridicule, or injure him in his business or profession.” Specifically, in an action for libel a plaintiff in Pennsylvania has the burden of proving each of the following:

1. The defamatory character of the communication;
2. Its publication (communicated to a third person) by the defendant;
3. Its application to the plaintiff;
4. The understanding by the recipient of its defamatory meaning;
5. The understanding by the recipient of the communication as intended to be applied to the plaintiff;
6. Special harm resulting to the plaintiff from its publication; and
7. Abuse of a conditionally privileged communication.

I don’t want to get into the intricacies regarding each above element and corresponding defenses and privileges (for example, truth is an absolute defense to any defamation claim or that defamatory statements are allowed in company employee reports). However, I think it is important to recognize that the Judge in this contractor case merely applied the tried and true law of defamation of character in written form and found that the customer defamed her contractor. The mere fact that her “opinion” was posted online did not relieve her of any responsibility for not violating the laws of libel.

In his ruling, the Judge said that her post was “opinion and protected speech,” but several of her comments crossed the line from opinion to libel. “Terms such as ‘scam,’ ‘con artist’ and ‘robs’ imply actions approaching criminal wrongdoing rather than someone who failed to live up to the terms of an agreement,” the Judge said.. While I am sure this case will be appealed, the take away here is be sure not to cross the line when you post anything online. Your opinion is protected free speech but if you go too far, you may be held responsible for your actions. From a business owner perspective, have someone regularly review Yelp and FaceBook and other online forums to see if anyone is posting reviews that might damage your reputation. However, remember that if a review is negative does not mean it is defamation if it is couched as an opinion instead of as a fact.

If you have any questions regarding this topic or any other issue affecting your business, please feel free to contact us at Danziger Shapiro.

This entry is presented for informational purposes only and does not constitute legal advice

So what is EMV technology and how does it work? Have you ever noticed on your new credit card that there is shiny silver square? This is a computer chip and it produces a code that EMV compliant credit card terminals must receive in order to authorize the trasaction. You will no longer “swipe” your card but rather insert it into the terminal. The code will be constantly changing making fraud much harder to occur. In addition, some issuers will also require a PIN to confirm the transaction as well. If either your credit card or the merchant’s terminal is not EMV compliant, the card, for now, will work as before by the swipe method. The only thing that has changed is the potential shift of liability. This is not new technology. Europe has been using this technology for years. For more information on EMV technology, click here.

While it makes sense for brick and mortar stores to switch to EMV compliant terminals it is less clear for on-line retailers. Right now major credit card companies are using two different systems for EMV online technology. MasterCard uses its “Chip Authentication Program” or CAP and Visa offers its “Dynamic Passcode Authentication” or DPA. It is very similar to the choice between VHS and Betamax all over again. Which technology will prevail is anyone’s guess at this point. In the meantime, it’s best to understand what’s out there and make an informed decision for your business’ individual needs.

If you have any questions regarding this or any other aspect affecting your business, please feel free to contact us at Danziger Shapiro.

This entry is presented for informational purposes only and does not constitute legal advice.

Looking first at the Riley case, the Court held cell phones contained private information which the police are not entitled to review merely incident to an arrest. Unlike the contents of your pockets or items in plain view, the government now cannot access your cell phone without a warrant during an arrest. This rule applies to both smartphones and so called dumb phones alike (the police viewed the incoming caller ID in one of the defendant’s older style flip phones to determine where he lived), and actually signals real concern for future business cases.

While this may seem like a boon to privacy advocates, there are holes in this ban big enough to steer Google’s self driving car through. First, there are exceptions for when the police believe they need to access your device in exigent circumstances. No warrant is required when the police are trying to prevent a disaster, or save someone else. Second, the Border Search exemption does not come up in this case. This exemption, still on the books but possibly overruled by today’s decision, allows for a warrantless customs search anywhere within 100 miles of an international border. That includes our offices in Philadelphia, and most of the population of the US who live within 100 miles of an international coastline. Is every police search now going to have a customs element to get around the Riley decision?

The bigger concern with this decision, from a business perspective, is the growing use by the Roberts Court of anecdotal evidence not truly before the Court. The Riley decision in some ways is based upon a faulty understanding of technology and how we interact with it on a daily basis. Justice Roberts cites to the iPhone User Guide as definitive proof that “Law enforcement officers are very unlikely to come upon such a phone in an unlocked state because most phones lock at the touch of a button or, as a default, after some very short period of inactivity.” While many phones have this feature, it’s frequently not used. Various surveys have shown between 40% to 70% of cell phone users don’t lock their phones. The Court similarly dismisses out of hand the potential for automatic wiping via geofencing as simply not a real concern. I’ll grant Justice Roberts that most criminals are not IT specialists, but it’s not difficult to set up a directive for your phone to be wiped if it enters the local police station. In fact, the controls to set that up are right in the apps at the heart of the Riley decision. Finally, the Court suggests merely turning the phone off or removing the battery as a way police can prevent a remote wiping signal, failing to understand that (i) many, if not most, new smartphone have integrated non-removable batteries; and (ii) a phone is not rendered completely inaccessible simply because it’s turned off.

The problem here is not holding itself, which may actually be a bit of a pendulum swing against the destruction of privacy standards we’ve seen since 9/11. Rather, the issue I see is that the Court continues to decide cases based upon a misunderstanding of how people interact with technology. This has led to, and will continue to create, decisions which raise significant business issues. We’ll have more in the next few days on the Aereo decision, which even the Court acknowledged will hang over SAS and cloud computing services for some time to come. But in the meantime, it’s clear that if we are going to continue to see technological growth, Congress needs to get on the ball and deal with some of these issues before they’re dumped at the courthouse steps.
more
We see the potential for business opportunity arising from the decisions put forth today by the Supreme Court. If your business is ready to capitalize on this changing landscape and you have any concerns for legal guidance, please feel free to contact the lawyers at Danziger Shapiro to discuss this and other business concerns you may have.

The attorneys at Danziger Shapiro, P.C. can help you with developing your security protocols and smart phone/tablet work policies customized to the unique needs of your business. Call us today to set up a free consultation to discuss this and any other issue affecting your business.
more
This entry is presented for informational purposes only and is not intended to constitute legal advice

In a nutshell, privacy policies will now be required to include how the website will respond to a web browser’s “do not track” security option and if the web site allows third parties to collect personally identifiable information from users and across third party websites. Failure to comply will cost you $2,500 for each violation. However, before any fine is imposed, the noncomplying business will be given 30 days to correct its privacy disclosures.

What is interesting about this new law is that while it places the onus on businesses to state how their website responds to a customer’s “do not track” option, it does not require the business to honor that request. We are truly operating in one unified economy and it is becoming increasingly important to be aware of the laws of other states as you do business on the global web.
more
As a result of this recent amendment, we recommend that you conduct an audit of your online commercial sites and review your privacy policy disclosures. Compliance is relatively simple and future issues can be avoided with the correct disclosures. Please feel free to contact us at Danziger Shapiro, P.C. if you are having difficulty implementing these new requirements or would care to discuss any other aspect of your business operation.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

PHILADELPHIA, PA, December 16, 2013- Danziger Shapiro, P.C., a Philadelphia based litigation law firm, (www.DS-L.com) is investigating securities fraud claims against NQ Mobile, Inc.. (NYSE: NQ). This inquiry centers on allegations that statements issued by NQ Mobile regarding its business operations and the company’s financial condition were deceptive and false.

NQ Mobile purports to provide security solutions for the mobile phone market. On October 24, 2013, a report issued by Muddy Waters states that NQ Mobile had engaged in fraudulent practices by, among other things, vastly overstating its market share in China by asserting it had a 55% share of the market when in fact it only had a 1.5% market share and that at least 72% of NQ Mobile’s alleged Chinese security revenue is fictitious. Upon the release of this news, in less than 36 hours, shares of NQ Mobile dropped approximately 56%, representing over $500 million in losses to investors
Individuals who purchased NQ Mobile shares between May 5, 2013 and October 24, 2013 who would like to learn more about this investigation, have an interest in joining a class-action lawsuit, or have any questions concerning this announcement and their rights, should on or before December 23, 2013, contact Douglas M. Leavitt, Esquire: (215) 545-4830 or visit: www.DS-L.com. You may also email Mr. Leavitt at leavitt@DS-L.com.

This press release may be considered Attorney Advertising in some jurisdictions under the applicable law and ethical rules.

About Danziger Shapiro, P.C.

Danziger Shapiro, P.C., is a litigation law firm committed to representing investors nationwide in securities matters and shielding investors against corporate misconduct. For additional information, please visit www.DS-L.com.

The attorneys at Danziger Shapiro are available to discuss how this will affect your company from an operational and policy perspective viewpoint. Please feel free to call us for a free initial consultation.

This entry is presented for informational purposes only and is not intended to constitute legal advice

First off, the law will apply to ALL NEW JERSEY EMPLOYERS regardless of size. Yes that is correct; there is no minimum number of employees for this law to apply. There is a minor exception relating to state and county jails and parole officers but for purposes of this entry, this law applies to ALL NEW JERSEY EMPLOYERS.

Under this law, an employer will not be able to force an applicant or a current employee to disclose any password, user name or other account login information to any social media that is used exclusively for personal communications and is unrelated to a business purpose of the employer. It will be a violation of this law if you even ask a prospective job applicant or current employee if they have a social networking site. However, there is nothing in this law that would prevent an employer from doing his own search to see if the prospective employee has her own social media accounts at Facebook and similar sites.

Like most laws, there are exceptions. In certain limited circumstances, an employer will be allowed to compel an employee to disclose his or her username and password. For example, disclosure may be required for (1) the employer to comply with a state or federal statute; or (2) employer investigations of workplace misconduct or theft of proprietary or confidential information. In each workplace investigation, the employer must be acting on credible and specific information and not be conducting a fishing expedition.

The law has anti-retaliation provisions designed to protect the applicant or employee from adverse actions of an employer who violates this law. If an employer does violate this law it will be fined $1,000 for the first violation and $2,500 for each successive violation. The proceeds will be collected by the Commissioner of Labor.

While this law affects social media at the workplace, please understand that it does not prevent an employer from having a workplace electronic communications policy. In fact, we recommend that you review your current communications policy to ensure compliance with this new law. The attorneys at Danziger Shapiro are available to discuss this and other issues affecting your company. Please feel free to call us for a free initial consultation.

This entry is presented for informational purposes only and is not intended to constitute legal advice

The act defines both “qualified investment” and “New Jersey emerging technology business” and I will not bore you with every detail here. However, in brief; in order for an investment to be a “qualified investment,” the investment must be a non-refundable transfer of cash to a “New Jersey emerging technology business” in exchange for rights to participate in the upside of the business or to use or market the technology.

To be considered a “New Jersey emerging technology business,” the act specifies the physical connection the company must have to New Jersey as well as the technological areas the business must be involved with. For example, the New Jersey business must have fewer than 225 employees, of whom at least 75 percent work in New Jersey. The company must also transact business, own property, or maintain an office in New Jersey. Finally, the company is required to operate in one of the following industries: advanced computing, advanced materials, biotechnology, electronic device technology, information technology, life sciences, medical device technology, mobile communications technology or renewable energy technology.

For investments made on or before July 1, 2013, an investor must submit a completed application before July 1, 2014. For all other investments, an investor must submit a completed application within one year of the date of the qualified investment. There are application fees not to exceed $1000 and approval fees that will be offset against the tax credit.

Whether this act actually spurs investments in the emerging technology industries remains to be seen. In the funding universe, angel investors are among the first ones in and take the biggest risk. Hopefully this tax credit will offset some of the risk and encourages investors to place seed money with the types of science and technology businesses New Jersey wants to grow. However, New Jersey’s commitment is questionable with such a low tax credit percentage (10%) combined with the legislature’s decision to have an “approval fee” as an offset to the allowed the tax credit. If you want to discuss any aspect of this or any other business transaction, please feel free to contact one of the attorneys at Danziger Shapiro.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

With this as background, in order to be entitled to the family owned business inheritance tax exemption the following requirements must be met:

• Qualified Business – The business must be a “qualified business” which requires that the business must be operated by either a sole proprietor or through a business entity (LLC, partnership or corporation). The business must have fewer than 50 employees and a net book value of less than $5million dollars.

•Ownership of Qualified Business – The business must have been in existence for the past 5 years and must have been owned by the decedent and members of the decedent’s family.

•Qualified Transferees – The “qualified business” may only be transferred to “qualified transferees”. Qualified transferees are, as you would expect, the decedent’s immediate family – spouse, children, grandchildren, siblings, cousins, parents and grandparents.

•Time Restriction – In order to retain this tax savings, the family business may not be transferred to another individual or entity for a period of 7 years from the date of the decedent’s death. Yearly certifications to the taxing authority will be required. If the business is transferred within this 7 years period, all inheritance tax plus interest that would have been due will now become immediately due and payable.

The take away here is that we now know that inheritance tax liability for certain qualified businesses under certain conditions are now exempt. Having this knowledge, a business owner can create a careful succession plan such that the business he has given his life to creating will not be crippled by his passing. If you would like to discuss this, or any other aspect of your business and its daily operations, please feel free to contact us at Danziger Shapiro, P.C..

This entry is presented for informational purposes only and is not intended to constitute legal advice.

Lucky for us, Karen Dilko’s July 1, 2013 article sets forth the different policies by several media giants. If you are with Yahoo, you are out of luck. There is no right of survivorship. When you die, Yahoo will delete all account information upon presentation of a death certificate. That seems harsh, no? Luckily, it is different with other providers such as Facebook or Twitter. These entities will work with your estate to transfer ownership.

The take away here is that we need to think what we want to do with our digital life and plan accordingly as if this is any other physical asset. Perhaps we should provide the attorney who drafted our will with user names and passwords to be held in a safe with a note “To be distributed to executor” when will is probated? Maybe you are not comfortable with this idea, but the point is that you need to think about your digital life and online accounts and how they are to be handled after you die. Please click on this link to read the article that prompted this post. You should also feel free to contact us at Danziger Shapiro if you would like to discuss this further.

This entry is presented for informational purposes only and is not intended to constitute legal advice.