HackCybersecurity is a critically important concern for businesses of all sizes and in all sectors of the economy. The growth of various electronic data systems, not to mention the internet, has brought almost countless new risks from hackers and others, who use new technologies to perpetrate traditional crimes like theft. Businesses that collect and maintain consumers’ personal information must be particularly careful, since cybersecurity breaches can affect their customers’ financial interests as well as their own. The New York State Department of Financial Services (DFS) announced new proposed cybersecurity regulations several months ago for businesses in the financial sector. The proposed regulations, which are reportedly the first of their kind in the country, would require covered businesses to undertake extensive measures to safeguard their data.

New York law currently requires state agencies and private businesses to notify the state’s attorney general of any cybersecurity breaches that result in the release of “private information” to unauthorized persons. “Private information” includes information that may be used to identify a particular individual and that includes details like a Social Security number, a driver’s license or other identification number, or information that could enable access to a credit card or another financial account. N.Y. State Tech. L. § 208, N.Y. Gen. Bus. L. § 899-AA. State law does not currently impose affirmative obligations on businesses to protect private information or to guard against cybersecurity breaches.

The governor announced the proposed DFS regulation in mid-September 2016. The regulation, which will be codified in Title 23 of the New York Codes, Rules, and Regulations (NYCRR), applies to any business or organization under the jurisdiction of the New York Banking Law, Insurance Law, or Financial Services Law. 23 NYCRR § 500.01(c) (proposed). It requires “covered entities” to perform a risk assessment on a periodic basis, initially to identify cybersecurity needs and vulnerabilities, and subsequently “to respond to technological developments and evolving threats.” Id. at § 500.09.

Continue Reading

penguinDigital technology enables businesses to store information electronically, without the need for expansive file cabinets and storage facilities, and to transmit data quickly and efficiently. It also exposes businesses to the risk of data breaches, which expose consumers to risks like identity theft. The Federal Trade Commission (FTC) recently issued guidelines regarding compliance with two major federal statutes that protect consumers and their privacy:  the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Pub. L. 104-191, 110 Stat. 1936 (Aug. 21, 1996); and the Federal Trade Commission Act (FTC Act) of 1914, 15 U.S.C. § 41 et seq.

HIPAA is a comprehensive law dealing with various aspects of health insurance, but it is perhaps best known to the public for its provisions regarding medical information privacy. The statute directed the Department of Health and Human Services (HHS) to present “detailed recommendations on standards with respect to the privacy of individually identifiable health information” to several Congressional committees. Pub. L. 104-191 § 264, 110 Stat. 2033. HHS developed a set of standards and procedures from this, commonly known as the Privacy Rule, found at 45 C.F.R. Part 164.

In a very general sense, the Privacy Rule only applies to health care providers, insurers, and related businesses, described as “covered entities.” 45 C.F.R. 160.103. The Rule also applies, however, to “business associates,” defined to include any “subcontractor that creates, receives, maintains, or transmits” PHI. Id. This definition can apply to many types of businesses besides medical professionals and health care providers.

Continue Reading

meetingThe owners of a corporation, typically known as shareholders or stockholders, are shielded from individual liability for corporate debts. This is one of the main purposes of organizing a business venture as a corporation. Protection from liability is not absolute, however, and courts can “pierce the corporate veil” to hold shareholders individually liable for a variety of reasons under both statutes and common law. New York’s Business Corporations Law includes a provision that allows courts to hold the “10 largest shareholders” of a corporation liable for unpaid wages owed to the corporation’s employees. N.Y. Bus. Corp. L. § 630. The New York Legislature amended the law in 2016 to ensure that it applies equally to domestic and foreign corporations.

Shareholders, as a matter of general legal principle, may not be held individually liable for the corporation’s debts as long as any actions by the shareholders are reasonable and directed toward the benefit of the corporation. Self-dealing by a shareholder, the use of a corporation by a shareholder as an “alter ego,” or acts that are illegal or grossly negligent may result in individual liability. A wide array of court decisions have identified circumstances in which courts may pierce the corporate veil. Certain situations also allow courts to hold all shareholders or a distinct group of shareholders strictly liable for corporate debts.

Section 630 effectively imposes a strict liability standard on a group of corporate shareholders. An employer with a claim for unpaid wages must serve written notice on a shareholder, either within 180 days of being terminated or 60 days after reviewing the corporation’s shareholder records. The statute identifies the 10 largest shareholders based on “the fair value of their beneficial interest as of the beginning of the period during which the unpaid services…are performed.” N.Y. Bus. Corp. L. § 630(a). These shareholders are jointly and severally liable for the amount of unpaid wages.

Continue Reading

highway signsThe Commerce Clause of the U.S. Constitution gives Congress the power “to regulate Commerce…among the several States.” U.S. Const. art. I, § 8, cl. 3. Federal laws can therefore regulate business activities if they affect interstate commerce. This authority has led courts to identify a converse legal principle, known as the “dormant” Commerce Clause, which holds that state laws may not discriminate against out-of-state businesses in a way that impedes interstate commerce. A petition for certiorari currently before the U.S. Supreme Court could lead to changes in how states may regulate interstate commerce. Texas Package Stores Assoc., Inc. v. Fine Wine and Spirits of North Texas, LLC, No. 16-242, pet. for cert. (Sup. Ct., Aug. 19, 2016). The petitioner is asking for clarification about the scope of the dormant Commerce Clause in relation to the rarely-discussed Twenty-First Amendment, which ended Prohibition and gave broad authority to the states to regulate alcohol.

The U.S. Supreme Court has given Congress very wide authority under the Commerce Clause. The dormant Commerce Clause is essentially the negative converse of this authority. If Congress can regulate interstate commerce, the states cannot unreasonably impede it, nor can they discriminate against out-of-state businesses in favor of in-state businesses. For example, the Supreme Court found that a Massachusetts law imposing a tax on milk produced out of state, while providing a subsidy for in-state milk producers, violated the dormant Commerce Clause. West Lynn Creamery, Inc. v. Healy, 512 U.S. 186 (1994).

The Twenty-First Amendment ended the period of American history known as Prohibition, when alcohol was banned nationwide, in 1933. The Eighteenth Amendment, ratified in 1919, had started Prohibition. Section 1 of the Twenty-First Amendment officially repealed the Eighteenth Amendment. Section 2 states that transporting, importing, or possessing alcohol in any U.S. state or territory is prohibited if it is done “in violation of the laws thereof.” This has generally been construed to mean that the states have broad authority to regulate alcohol within their own jurisdictions. Courts have had to address the apparent conflict between § 2 and the dormant Commerce Clause on several occasions.

Continue Reading

careerSmall businesses must overcome a near-countless array of obstacles in order to succeed and prosper. Competition from larger companies, which might have more resources, more institutional experience, and more connections can be a significant hurdle for a small or startup business. Many companies never clear this particular hurdle, but the Small Business Administration (SBA) offers some tools to help small businesses overcome various obstacles and disadvantages. It recently unveiled a new program designed to help small business “protégés” obtain guidance from large business “mentors” with regard to government contracts. Under the Small Business Mentor-Protégé Program (SBMPP), qualifying pairs of businesses will be able to bid on government contracts as joint ventures.

The federal Small Business Act defines a “small business concern,” in a very general sense, as a business that is “is independently owned and operated and…not dominant in its field of operation.” 15 U.S.C. § 632(a)(1). The SBA has promulgated additional rules for determining whether a particular business qualifies as a “small business concern.” 13 C.F.R. § 121.101 et seq. Prior to the establishment of the SBMPP, the SBA only offered a mentor-protégé program for “disadvantaged businesses” under § 8(a) of the Small Business Act, 15 U.S.C. § 637(a). Congress authorized the expansion of the SBA’s mentor-protégé program in § 1345 of the Small Business Jobs Act of 2010, Pub. L. 111-240, 124 Stat. 2546 (Sep. 27, 2010); and § 1641 of the National Defense Authorization Act for Fiscal Year 2013, Pub. L. 112-239, 126 Stat. 2076 (Jan. 2, 2013). See also 15 U.S.C. § 657r.

The purpose of the SBMPP, according to the new rule issued by the SBA, is to “improve the protégé firms’ ability to successfully compete for federal contracts.” 13 C.F.R. § 125.9(a). A business may qualify to act as a mentor by “demonstrat[ing] a commitment and the ability to assist small business concerns.” Id. at § 125.9(b). This includes demonstrating “good moral character” to the SBA. Id. A small business that meets the SBA’s size standards may qualify as a protégé. A company acting as a mentor may only have one protégé, unless the SBA approves a request to have more than one, and small businesses are generally limited to one mentor.

Continue Reading

bargainAssessing the value of an ownership interest in a family business can be a tricky matter. If a person owns a minority interest in a family business, for example, the value of that interest is not necessarily the same as the pro rata share of the business’ value. This is due to disadvantages inherent in these types of ownership interests, which often make their real-world value less than what might appear on a balance sheet. The Internal Revenue Code (IRC) allows “valuation discounts” for certain types of ownership interests, under certain circumstances, for the purposes of gift and estate taxation. See 26 U.S.C. § 2704. A proposed regulation recently issued by the Internal Revenue Service (IRS), however, would make major changes to the valuation discount system. 81 Fed. Reg. 51413 (Aug. 4, 2016), 81 Fed. Reg. 68378 (Oct. 4, 2016). The agency is currently accepting public comments on the proposed rule change, which could take effect as early as January 1, 2017.

Minority interests in family businesses, particularly family limited partnerships (FLPs) and limited liability companies (LLCs), present multiple drawbacks. Owners of these types of interests are limited in their control and influence over the business, which affects the value of the interest. Additionally, when the rights associated with an ownership interest lapse, this creates valuation problems. In either case, the owner will have difficulty selling or otherwise transferring the interest for an amount equal or close to its value on paper—a 10 percent interest in an FLP with $1 million in assets is not really worth $100,000 because of these drawbacks. This is where valuation discounts come in.

Current rules regarding valuation discounts apply to controlling interests in family businesses—meaning 50 percent ownership or more—when voting or liquidation rights lapse. See 26 C.F.R. § 25.2704-1. The lapse is treated as a transfer of the ownership interest to the owner’s family. If the lapse is the result of the owner’s death, the transfer is subject to estate tax. Otherwise, it is considered a taxable gift. In general, the transfer is deemed to have occurred just before the lapse. The valuation discount uses the value after the lapse, i.e., when the value is diminished, as the value at the time of the transfer. This has the effect of reducing the taxable value and reducing the overall tax burden.

Continue Reading

Brooklyn BridgeOne of the greatest advantages of organizing a business as a corporation, along with certain other types of business entities, is that it shields the business’ owners from liability for business debts and other obligations. Corporations and other business entities exist separately from their owners as distinct legal entities. Creditors and other claimants can only recover from the business entity, except in certain rather extreme situations. A court rarely may “pierce the corporate veil” by allowing someone to assert a claim against, or collect a business debt from, the owners of a business. New York and New Jersey have similar rules regarding when a court may do this.

Types of Business Entities

Not all business entities protect owners from liability. An individual who operates a business with no formal legal structure is known as a sole proprietor. Two or more people operating a business in this manner are considered to be in a general partnership with each other. In both cases, the owners of the business may be held personally liable for business debts.

Organizing a business as a corporation requires filing paperwork with the state. Owners of a corporation are known as shareholders. Provided that they abide by the requirements set out by state law and by the business’ own bylaws, shareholders are shielded from liability.

Continue Reading

chess gameDebt collection is, unfortunately, an inevitable part of doing business for just about every business in New Jersey, the country, and probably the world. Whenever a business relies on customers or clients for revenue, it runs the risk of unpaid bills. Any business or individual engaging in debt collection should be aware of the time limit to bring a lawsuit, known as the statute of limitations (SOL). The New Jersey Appellate Division recently ruled in a case involving a dispute over retail store credit account debts. The parties disagreed over whether the six-year SOL for breach of contract claims should apply, or the four-year SOL for sales of goods. The court ruled that the four-year time limit applies. Midland Funding v. Thiel, et al., Nos. A-5797-13T2, A-0151-14T1, A-0152-14T1, slip op. (N.J. App., Aug. 29, 2016).

State and federal laws, such as the Fair Debt Collection Practices Act (FDCPA), 15 U.S.C. § 1692 et seq., regulate businesses that engage in debt collection activities on behalf of third parties. Creditors that attempt to collect their own debts are also subject to various laws and regulations. Prohibited conduct under the FDCPA includes excessive or harassing attempts to contact debtors. The law establishes a procedure for alleged debtors to dispute a debt and to receive documentation of the alleged debt from the debt collector. Violations of these provisions can result in civil liability to the debtor.

Most debt collection efforts do not lead to lawsuits, but a lawsuit offers the only legal means of compelling payment by a debtor. Under New Jersey law, a plaintiff alleging a breach of contract must bring suit within six years of the date of the alleged breach. N.J. Rev. Stat. § 2A:14-1. A four-year SOL, however, applies to “contract[s] for sale” in New Jersey. N.J. Rev. Stat. § 12A:2-725. State law defines a “contract for sale” as any contract for the “present sale of goods” and “to sell goods at a future time.” N.J. Rev. Stat. § 12A:2-106. Parties to a contract for sale may agree to reduce the SOL to a minimum of one year, but the law expressly states that they cannot extend it beyond four years.

Continue Reading

dollarsNew business ideas and practices spring up all the time. Some, but not all, find a niche that leads to success. Government officials at the city, state, and federal levels often keep a close eye on new or unconventional business practices to see how they fit into existing laws and regulations. If regulators determine that a particular business activity falls under their jurisdiction, they may attempt to rein in what they view as regulatory violations. The businesses, of course, might disagree with this assessment. Any new business should be aware of regulations that apply—or might potentially apply—to them. A lawsuit currently pending in a New Jersey federal court demonstrates this sort of dispute. RD Legal Capital, LLC v. U.S. Securities and Exchange Commission, No. 2:16-cv-05104, complaint (D.N.J., Aug. 22, 2016).

The plaintiff alleges that the Securities and Exchange Commission (SEC), a federal agency charged with enforcing securities laws, exceeded its authority under both federal law and the U.S. Constitution by initiating a regulatory action against it for alleged violations of the Investment Advisers Act (IAA) of 1940, 15 U.S.C. § 80b-1 et seq. While businesses in New Jersey and New York that do not provide financial services of any kind are not likely to find themselves subject to this specific statute, the case is illustrative of how the government can seek to impose an existing regulatory framework on a business, even if the business believes in good faith that it is not subject to that framework.

The statute at issue in RD Legal Capital defines an “investment adviser” in part as someone “in the business of advising others…as to the value of securities or as to the advisability of investing in, purchasing, or selling securities.” 15 U.S.C. § 80b-2(a)(11). Congress originally passed this law in the wake of important Great Depression-era statutes like the Securities Act of 1933 and the Securities Exchange Act of 1934. Each law uses a substantially similar definition of a “security,” id. at § 80b-2(a)(18), 77b(1), 78c(a)(10), and each has generated a considerable amount of regulatory opinions and caselaw regarding the scope of this definition.

Continue Reading

Fox NewsCorporate directors and officers owe a fiduciary duty to the corporation and its shareholders to act in the corporation’s best interest. This is commonly known as the “duty of loyalty.” A breach of this duty may expose both the individual officer or director and the corporation itself to liability to the shareholders. Allegations against the former chairman and chief executive officer of a large New York City media company have led to a discussion of whether this individual might have breached the duty of loyalty in connection with an ongoing scandal. While it is important to note that these are only allegations, the ongoing story provides a useful demonstration of the duty of loyalty, as well as a possible defense to a claim of breach.

Under New York law, corporate officers, directors, and majority shareholders are considered “guardians of the corporate welfare.” Alpert v. 28 Williams Street Corp., 63 N.Y.2d 557, 568 (1984), quoting Leibert v. Clapp, 13 N.Y.2d 313, 317 (1963). Even if a particular action does not violate any specific law, it might violate the duty of loyalty if its purpose is “the aggrandizement or undue advantage of the fiduciary to the exclusion or detriment of the stockholders.” Alpert, 63 N.Y.2d at 569.

“Self-dealing” is a common example of a breach, such as when an officer or director has a significant financial interest in a corporate transaction and prioritizes their own interests over those of the corporation. An officer or director can avoid legal liability if they disclose the conflict of interest to the corporation ahead of time and receive approval from a majority of disinterested directors or shareholders. See N.Y. Bus. Corp. L. § 713.

Continue Reading