California Appellate Decision Recognizing Manageability Requirements for PAGA Actions May Provide Much Needed Relief to Employers

It is no secret that the Private Attorneys General Act (“PAGA”) has been a cash cow for plaintiffs’ counsel in California.

PAGA allows a single employee (and their counsel) to file suit on behalf of other employees for alleged Labor Code violations, without having to go through the class action mechanism.  In other words, a PAGA plaintiff can file suit seeking penalties for hundreds or thousands of employees, yet never need to show that there are common issues susceptible to common proof – or even that their own claims are typical of those of other employees.

Read full article

Mandatory Vaccinations Are Coming for Many Employees Nationwide

On September 9, 2021, President Biden announced that his Administration is implementing a six-pronged, comprehensive national strategy to ensure that all available tools are being used to combat COVID-19.  The plan addresses: (1) vaccinating the unvaccinated; (2) further protecting the vaccinated; (3) keeping schools safely open; (4) increasing testing and requiring masking; (5) protecting the economic recovery; and (6) improving care for those with COVID-19.  The first strategy is germane to employers.

Read full article

A Draft Regulation Significantly Changes the Duty to Defend in Quebec

By Nick Krnjevic, from our Insurance Law Practice Group

PDF

September 10, 2021 — On September 8, 2021, the Quebec Minister of Finance published in Part 2 of the Official Gazette of Quebec a draft of the regulation [Draft Regulation] that specifies the categories of insurance contracts, and insured parties, that may derogate, in part, from the rules set out in articles 2500 and 2503 of the Civil Code of Quebec [CCQ].

Quebec has always been distinct in that the costs associated to the duty to defend are over and above the policy limits. The draft regulation will allow an insurer to deviate from this in certain circumstances.

Read full article
ILN Today Post

President Biden’s Six Prong COVID-19 Action Plan: What employers need to know about the Path out of the Pandemic

Facing the raging delta variant and waning vaccination levels, yesterday President Joe Biden announced a wide-ranging COVID-19 Action Plan termed the “Path out of the Pandemic,” designed to fight the continued spread of COVID-19. In a White House speech, the president implored the unvaccinated to get vaccinated and authorized federal agencies to take action to require public and private employers to make it happen.

Click here for an overview of the president’s six prong COVID-19 Action Plan and learn what action employers should take now when it comes to mandating vaccines.

Read full article
ILN Today Post

President Biden’s Six Prong COVID-19 Action Plan: What employers need to know about the Path out of the Pandemic

Facing the raging delta variant and waning vaccination levels, on Thursday, September 9, 2021, President Joe Biden announced a wide-ranging COVID-19 Action Plan (Plan) termed the “Path out of the Pandemic,” designed to fight the continued spread of COVID-19. In a White House speech, the president implored the unvaccinated to get vaccinated and authorized federal agencies to take action to require public and private employers to make it happen.  Read more…

Read full article
ILN Today Post

Howard & Howard Expands Michigan Office, Welcomes Dane M. Lepola

Royal Oak, Mich., September 9, 2021 – Howard & Howard is pleased to welcome Dane M. Lepola to the firm. He joins the business litigation group and will practice out of the firm’s Royal Oak office.

“I am a litigator who draws on my experience clerking for a federal judge to help resolve clients’ disputes.” – Dane M. Lepola

Read full article

Software Patents: When is enough enough?

Software Patents: When is enough enough?[1]

Developing a Disclosure for Software Patents:

  • Discuss with the inventor the technological underpinnings of the novel functional aspects of the software and how those technological considerations support that function.
  • Discuss with the inventor details that link the novel functional aspects of the software description to those technological underpinnings.
  • Ask the inventor to explicitly describe why the invention is more than the expected sum of its parts. Why couldn’t a software engineer, faced with the same problem, come up with the same solution?
  • When drafting, include these details explicitly in the specification.
Read full article

Rainmaking Recommendation from Jaimie Field: How Rainmakers Deal with Rejection

Join us for this week’s rainmaking recommendation from trainer and coach, Jaimie Field.

***

You’ve spoken to a potential client, and they seem to like you.

Or maybe, you’ve sent out an RFP and been chosen to discuss your proposal with the potential client(s) who sent out the offer.

Or maybe you’ve gotten a tentative yes to work with someone you consider an ideal client.

Or maybe, you’ve sent out a resume to work with the law firm of your dreams.

Read full article

Proposed Massachusetts Law Classifying App-Based Drivers as Independent Contractors Clears First Step of Ballot Initiative Process

On September 1, 2021, Massachusetts Attorney General Maura Healey approved two versions of a ballot initiative (version 1, version 2) concerning the relationship between app-based drivers (such as those who transport passengers or deliver food) and the companies with which they contract. If passed, the ballot initiative will enact the Relationship Between Network Companies and App-Based Drivers Act (the “Act”) and classify such drivers as independent contractors, not employees. It will also require ride-sharing and food-delivery companies to provide them with certain benefits.

Read full article

Under Pressure: California Clarifies Cyber Risk Management Best Practices for Healthcare Sector

On Tuesday, August 24, 2021, California Attorney General Rob Bonta issued a guidance bulletin (the “Guidance”) to health care providers reminding them of their compliance obligations under California’s health data privacy laws, and urging providers to take proactive steps to protect against cybersecurity threats. This Guidance comes, in part, as a response to federal regulators sounding the alarm over an uptick in cybercrime against hospitals and other health providers. The Guidance follows an October 2020 Joint Cybersecurity Advisory issued by the Cybersecurity and Infrastructure Agency,[1] the Department of Justice, and the Federal Bureau of Investigation, which assessed that malicious actors are targeting the Healthcare and Public Health Sector through ransomware attacks, data theft, and other disruption tactics on the healthcare sector.

The Guidance also arrives in the wake of a recent spike in ransomware attacks directed at healthcare providers, many of which were not reported to the Office of the Attorney General. Ransomware is malicious software that encrypts data and servers to block access to a network until a “ransom” is paid. Oftentimes, it may not be immediately clear whether protected health information has been compromised following a ransomware attack, though providers should treat a successful attack as a presumed breach, thereby triggering the requirement to conduct an internal breach investigation under the federal Health Information Portability and Accountability Act (“HIPAA”). The Guidance notes that timely reporting is critical to help affected Californians “mitigate the potential losses that could result from the fraudulent use of their personal information[.]” Under California law, entities that are required to notify more than 500 Californians of a data breach must also report the breach to the Office of the Attorney General, who then notifies the general public.[2]

Citing HIPAA and the California Confidentiality of Medical Information Act (“CMIA”), the Guidance further reminds providers to implement reasonable administrative, technical, and physical security measures to prevent and mitigate against ransomware and other cybersecurity attacks. The California Consumer Privacy Act (“CCPA”) also establishes data protection requirements for data not otherwise subject to CMIA or HIPAA. CCPA guidance issued in 2016 recommended that California companies implement the twenty data security controls published by the Center for Internet Security to provide reasonable security. The recent Guidance outlines the minimum preventative measures that California health care providers, specifically, should implement in order to protect their data systems from cyberattacks:

  • keep all operating systems and software housing health data current with the latest security patches;
  • install and maintain virus protection software;
  • provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails;
  • restrict users from downloading, installing, and running unapproved software; and
  • maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.

The failure to implement the aforementioned measures could render California providers vulnerable to liability.

Attorneys in Epstein, Becker & Green’s Privacy, Cybersecurity, and Data Asset Management practice group have extensive experience in advising healthcare providers how to protect against an increase in cybersecurity threats, conducting internal investigations in response to a presumed breach, notifying state and federal regulators in the event of a breach, and responding to government inquiries. For any questions about these or other related issues, contact the authors or your regular EBG Attorney.

Download Epstein Becker Green’s Ransomware Checklist for tips to proactively mitigate ransomware risk and for reactive measures to respond to a ransomware attack.

***

[1] See also Cybersecurity & Infrastructure Agency, Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches (Aug. 2021), https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf (encouraging organizations to adopt a “heightened state of awareness” and implement certain recommendations to reduce risk of ransomware attacks).

[2] See California Civil Code section 1798.82.

Read full article