Articles Posted in Technology in Business

2008 DraftThe regulation of any new economic activity should be of interest to New Jersey business owners, even if it does not directly affect their business. “Fantasy sports” has been both a popular pastime and a controversial topic lately. Many people participate in fantasy sports leagues organized among their friends, but businesses have also begun offering online fantasy sports competitions. This has led to concerns among lawmakers about whether they violate laws that regulate or prohibit sports betting. The Third Circuit Court of Appeals struck down a New Jersey law allowing sports betting, holding that it violates a 25-year-old federal statute. The U.S. Supreme Court has agreed to hear the state’s appeal in that case. At around the same time that the Supreme Court made that decision, the Governor of New Jersey signed a law authorizing and regulating fantasy sports, while maintaining that fantasy sports do not constitute “gambling” under state law.

In 1992, Congress enacted the Professional and Amateur Sports Protection Act (PASPA), codified at 28 U.S.C. § 3701 et seq. That law effectively prohibited sports betting throughout the country, except in several states, including Nevada and Delaware, which had already created sports lotteries. It prohibits gambling and related activities based on athletic competitions or on the performance of individual athletes. In addition to gambling by private individuals and entities, the statute prohibits governmental entities from “authoriz[ing] by law” any such gambling activities. Id. at § 3702(1).

New Jersey enacted a law in 2014 that repealed some of the state’s prohibitions on sports betting. See N.J. Rev. Stat. § 5:12A-7. In response, a group of sports organizations, consisting of the NCAA, NBA, NFL, NHL, and Major League Baseball, filed suit against the governor, other state officials, and several horse racing organizations. The plaintiffs alleged that the New Jersey law violated PASPA and was therefore invalid under the Supremacy Clause of the U.S. Constitution. A panel of the Third Circuit struck down the New Jersey law, and the full court affirmed this ruling after an en banc rehearing. NCAA, et al. v. N.J. Governor, et al., 799 F.3d 259 (3d Cir 2015); 832 F.3d 389 (3d Cir. 2016).

BlockchainMaintaining accurate records is one of a corporation’s most important responsibilities. New Jersey business and corporate laws give shareholders the right to examine a corporation’s books at almost any time. State courts have the authority to compel production by a corporation if it fails to make the books available. For many years, a corporation’s books were kept in literal book format at a corporation’s headquarters. Inspection required a shareholder to visit the corporate office, or to request photocopies of relevant records. Digital technologies have enabled corporations to experiment with new methods of corporate record-keeping. A new Delaware law allows corporations to use blockchain technology, which is mostly associated with “cryptocurrencies” like Bitcoin, to maintain corporate records. The law does not directly affect New Jersey or New York businesses, but Delaware’s corporate laws often serve as a model for new laws around the country.

New Jersey requires corporations to keep records, including minutes, of all official meetings of shareholders and the board of directors, as well as all formally established executive committees. Corporations must also maintain a current list of all shareholders that identifies the number and class of shares that they hold and the dates that they acquired the shares. The statute does not require any specific format for the corporation’s books, except that the records must be “capable of being converted into readable form within a reasonable time.” N.J. Rev. Stat. § 14A:5-28(1). Shareholders who meet a minimum standard for how many shares they hold and for how long may inspect the corporation’s books “for any proper purpose” with at least five days’ notice. Id. at § 14A:5-28(3).

Blockchain technology is rather notoriously complex and difficult to describe, which is part of its appeal for uses like cryptocurrency. It consists of individual digital records, known as “blocks,” that are connected, or “chained,” to other records across multiple devices on a shared network. Each block has unique identifiers, including timestamps and links to earlier blocks in the chain. The distribution of the blocks across a network, along with the identifying information associated with each block, makes it extremely difficult to alter or falsify information. In the context of corporate records, blockchains are known as “distributed ledger” technology. The chain of interconnected records, none of which can be altered without altering multiple other records, bears many similarities to a traditional corporate ledger system.

secretInformation is a critical asset for any New Jersey business, and the value of many types of information is based, in whole or in part, on its secrecy. State and federal laws protect businesses’ rights to keep certain information, known as “trade secrets,” from becoming known to competitors or the general public. The federal Defend Trade Secrets Act (DTSA) establishes criminal and civil penalties for misappropriation of trade secrets and other acts. Businesses must make affirmative efforts to preserve the secrecy of information in order to enjoy the protection of laws like the DTSA. A currently pending federal lawsuit involving trade secrets asserts multiple statutory and common-law causes of action, including a DTSA claim. The lawsuit specifically alleges that the breach of trade secrets resulted from a romantic relationship between a now-former executive of the plaintiff and an executive employed by the defendant. Teva Pharmaceuticals USA, Inc. v. Sandhu, et al., No. 2:17-cv-03031, complaint (E.D. Pa., Jul. 7, 2017).

Almost any kind of information used in business can constitute a trade secret. Common examples include designs or processes used by the business, client lists, and lists of sales leads. The DTSA defines a trade secret by two criteria:  the owner has made an effort to maintain the information’s secrecy or confidentiality, and the information has “independent economic value” specifically because it is not widely known or easily discoverable. 18 U.S.C. § 1839(3).

A person can violate the DTSA through a variety of acts undertaken “with intent to convert a trade secret,” for the “benefit of anyone other than the owner,” and with either the intent to injure the owner or the knowledge that an injury is likely to result. Id. at § 1832(a). Violations may include stealing or otherwise misappropriating trade secrets, copying or altering trade secrets without permission, and receiving information known to be a misappropriated trade secret. The DTSA allows the government to file a civil lawsuit seeking injunctive relief against further violations. The plaintiff in the Teva case is also asserting a claim under this statute.

Handicapped signThe Americans with Disabilities Act (ADA) of 1990, 42 U.S.C. § 12101 et seq., significantly affected businesses across the country, requiring them to install facilities to ensure accessibility for people with disabilities. After more than 25 years, this aspect of the ADA has become commonplace, but the ADA’s reach to online, “virtual” spaces is still a matter of dispute. As more and more business is conducted online, the issue of website accessibility has gained in importance. This refers to measures that allow people with disabilities, such as impaired vision, hearing, or mobility, to use a website. A recent trial in an ADA discrimination lawsuit is believed to be the first to address website accessibility under the ADA. Gil v. Winn Dixie Stores, Inc., No. 1:16-cv-23020, verdict and order (S.D. Fla., Jun. 12, 2017). The verdict, which found a business liable for failing to make its website accessible to an individual with vision impairment, could affect businesses all over the country.

Title III of the ADA prohibits discrimination on the basis of disability by “public accommodations,” which are defined broadly to include hotels, restaurants, theaters, retail stores, laundromats and other service-oriented businesses, public transportation terminals, parks, museums, schools, and exercise or recreation venues like bowling alleys. 42 U.S.C. § 12181(7). The statute requires businesses “to design and construct facilities…that are readily accessible to and usable by individuals with disabilities,” unless doing so would be “structurally impracticable.” Id. at § 12183(a)(1). It set a deadline of “30 months after July 26, 1990.” Id. Perhaps the most common conception of an accommodation required by the ADA is a wheelchair ramp that allows access to a building. This is far from the only type of disability covered by the ADA, however.

Continue Reading

Airbnb houseThe “sharing economy” has become a feature of daily life for millions of people around the country and in New Jersey. It primarily consists of technology companies that use mobile apps to allow people, at least in principle, to make certain exchanges. Two well-known types of sharing economy services are ride-sharing and home-sharing. These particular business models frequently conflict with established local businesses and local regulations. Ride-sharing companies like Uber and home-sharing companies like Airbnb have often resisted efforts by local governments to regulate them as taxi and hotel companies, respectively. A pair of bills pending in the New Jersey Legislature would impose regulations on home-sharing services. While not expressly classifying them as hotels, the bills would subject them to similar rules and taxes.

Home-sharing services allow homeowners to make their homes available for short-term rental. The home-sharing service acts as a sort of broker between users and homeowners. This type of service has managed to avoid many of the legal pitfalls that some ride-sharing companies have encountered, such as questions of whether drivers are independent contractors or employees. Where home-sharing companies have found trouble, however, is on the question of whether they should be regulated and taxed as hotels.

Hotels, motels, “bed & breakfast” operations, and other businesses providing overnight accommodations are subject to a variety of state and local regulations. New Jersey law imposes a seven percent State Occupancy Fee on rental rates charged by hotels and motels across the state. Most municipalities in New Jersey are also authorized to collect a Municipal Occupancy Tax of up to one percent of rental rates.

Continue Reading

contractNew Jersey businesses that provide online services, sell goods online, or otherwise interact with their customers via the internet should be aware of some recent developments involving New Jersey consumer protection law. Two pending consumer class actions are seeking a broad application of the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (TCCWNA), N.J. Rev. Stat. § 56:12-14, et seq. While neither case has produced a final ruling, they have the potential to significantly affect businesses with an online presence, specifically in relation to the terms and conditions of website user agreements. Specific provisions could cause a business to violate state law, even inadvertently. Exactly when and how this might happen depends on multiple factors, including the nature of the business and the goods or services it provides.

Businesses often include agreements on their websites as a means of clarifying the business relationship—if any—established when someone visits the site and limiting their liability in various circumstances. A good business attorney will tell you that presenting an agreement in this manner is generally a good idea, but the reality is that almost no one ever reads these agreements before agreeing to them. When a consumer is presented with a contract that they cannot negotiate, essentially on a “take it or leave it” basis, courts tend to scrutinize the terms of those contracts very closely. The TCCWNA provides additional protections for consumers in this situation.

Under the TCCWNA, businesses may not use consumer contracts containing any “provision that violates any clearly established legal right of a consumer,” nor may a contract omit any legal “responsibility of a seller, lessor, creditor, lender or bailee.” N.J. Rev. Stat. § 56-12-15. This is a highly ambiguous restriction. The general rule in New Jersey has been not to bother contractual clauses that have no impact beyond the parties themselves. “Exculpatory clauses in private agreements that do not adversely affect the public interest are generally sustained.” Kane v. U-Haul Int’l Inc., 218 Fed. Appx. 163, 165 (3d Cir. 2007). A few recent cases may have changed this principle somewhat.

Continue Reading

The internet offers seemingly infinite possibilities for businesses to connect with their customers and reach out to new ones. It also gives consumers nearly unlimited ways to communicate with businesses and also with other consumers about businesses. Websites like Yelp enable consumers to post reviews of businesses for the public to see. Many businesses take negative reviews as a sign that they need to reconsider some aspect of their operations. A few, however, have taken a more assertive stance by attempting to bar customers entirely from posting negative reviews. A law passed by Congress and signed by President Obama in late 2016, the Consumer Review Fairness Act (CRFA) of 2016, prohibits businesses from using form contracts that purport to restrict consumers’ ability to post negative or critical reviews, commonly known as “gag clauses” or “non-disparagement clauses.”

1 starsAt first glance, a contract prohibiting someone from posting negative reviews to a site like Yelp, while possibly allowing positive reviews, might seem to violate the free speech guarantee of the First Amendment. This is not entirely accurate, though, since the prohibition comes from a contract between two private parties—a business and its customer. The First Amendment, simply stated, only prohibits the government from imposing content-based restrictions on speech. A private party, such as a restaurant or retail store, is legally permitted to eject a customer for almost any reason, including offensive speech.

One exception to the First Amendment’s free speech protection is defamatory speech. This is a statement made to the public that is false, that causes harm to the subject of the statement, and that the person making the statement knows or should know is false. A spoken defamatory statement is known as slander, and a written one is called libel. A customer who posts a negative review of a business that contains false information could be liable to the business for damages in a defamation lawsuit. The CRPA does not concern itself with this type of situation but instead with contractual clauses that prohibit both truthful and false negative reviews.

Continue Reading

HackCybersecurity is a critically important concern for businesses of all sizes and in all sectors of the economy. The growth of various electronic data systems, not to mention the internet, has brought almost countless new risks from hackers and others, who use new technologies to perpetrate traditional crimes like theft. Businesses that collect and maintain consumers’ personal information must be particularly careful, since cybersecurity breaches can affect their customers’ financial interests as well as their own. The New York State Department of Financial Services (DFS) announced new proposed cybersecurity regulations several months ago for businesses in the financial sector. The proposed regulations, which are reportedly the first of their kind in the country, would require covered businesses to undertake extensive measures to safeguard their data.

New York law currently requires state agencies and private businesses to notify the state’s attorney general of any cybersecurity breaches that result in the release of “private information” to unauthorized persons. “Private information” includes information that may be used to identify a particular individual and that includes details like a Social Security number, a driver’s license or other identification number, or information that could enable access to a credit card or another financial account. N.Y. State Tech. L. § 208, N.Y. Gen. Bus. L. § 899-AA. State law does not currently impose affirmative obligations on businesses to protect private information or to guard against cybersecurity breaches.

The governor announced the proposed DFS regulation in mid-September 2016. The regulation, which will be codified in Title 23 of the New York Codes, Rules, and Regulations (NYCRR), applies to any business or organization under the jurisdiction of the New York Banking Law, Insurance Law, or Financial Services Law. 23 NYCRR § 500.01(c) (proposed). It requires “covered entities” to perform a risk assessment on a periodic basis, initially to identify cybersecurity needs and vulnerabilities, and subsequently “to respond to technological developments and evolving threats.” Id. at § 500.09.

Continue Reading

penguinDigital technology enables businesses to store information electronically, without the need for expansive file cabinets and storage facilities, and to transmit data quickly and efficiently. It also exposes businesses to the risk of data breaches, which expose consumers to risks like identity theft. The Federal Trade Commission (FTC) recently issued guidelines regarding compliance with two major federal statutes that protect consumers and their privacy:  the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Pub. L. 104-191, 110 Stat. 1936 (Aug. 21, 1996); and the Federal Trade Commission Act (FTC Act) of 1914, 15 U.S.C. § 41 et seq.

HIPAA is a comprehensive law dealing with various aspects of health insurance, but it is perhaps best known to the public for its provisions regarding medical information privacy. The statute directed the Department of Health and Human Services (HHS) to present “detailed recommendations on standards with respect to the privacy of individually identifiable health information” to several Congressional committees. Pub. L. 104-191 § 264, 110 Stat. 2033. HHS developed a set of standards and procedures from this, commonly known as the Privacy Rule, found at 45 C.F.R. Part 164.

In a very general sense, the Privacy Rule only applies to health care providers, insurers, and related businesses, described as “covered entities.” 45 C.F.R. 160.103. The Rule also applies, however, to “business associates,” defined to include any “subcontractor that creates, receives, maintains, or transmits” PHI. Id. This definition can apply to many types of businesses besides medical professionals and health care providers.

Continue Reading

phishingA vast array of cybersecurity threats costs businesses billions of dollars each year. In early 2016, the FBI issued a warning to American businesses about “business email compromise” (BEC) scams, also known as “CEO fraud.” It stated that the number of incidents involving this type of scam, along with the amount of associated losses, has quickly increased in the past few years. New York and New Jersey business owners should be aware of what this type of scam involves, and their potential liability should they be the victims of such a scam.

A typical BEC scam involves the use of a company’s own email network, or an email address made to look like an internal company email, to pose as the CEO or another high-level executive. The scammer, commonly known as the “imposter,” contacts a lower-level executive or employee and directs them to take certain actions, such as wiring money to an account that the imposter controls. By the time the company becomes aware of the scam, the imposter has usually withdrawn the money and closed the account. The BEC scam is similar to scams known as “phishing,” in which a scammer solicits personal information from people through emails made to look like they come from a bank or another legitimate entity.

A business could face various types of liability if it is the victim of a BEC scam, depending on the nature of the scam and the resulting loss. If the scam somehow compromises secure business information, such as customers’ payment information, the business could be liable to those customers for their damages from the identity theft and other misuse of that information. Guarding against BEC scams should be part of every company’s cybersecurity strategy.

Continue Reading