GENERAL DATA PROTECTION REGULATION COMPLIANCE: DOESN'T APPLY TO YOUR ONLINE BUSINESS? NOT SO FAST.
If you do any business or provide services to customers on the Internet, May 25, 2018 is an important day. That Friday is the deadline for companies to implement and comply with the European Union’s General Data Protection Regulation (GDPR) that governs the collection and use of personal identifiable information. Personal identifiable information includes any data that can be used to identify a specific individual or to distinguish one person from another. Such data includes, but is not limited to, names, addresses, telephone numbers, email addresses, birthdays, social security numbers, credit card numbers, login names, profile photos and images, demographic information and even IP addresses.The GDPR governs what companies must do to receive, maintain and protect personal identifiable information that they request, receive and collect from their customers on the Internet. The new law has very significant fines and penalties for non-compliance.
Do you think that the GDPR does not apply to you because you are a company in the US?
Not so fast. Even if your business is outside of the European Economic Area (another name for the geographic areas occupied by member nations of the EU), GDPR regulations will probably affect your business. It definitely will apply if your company collects or stores any data from any customer or person who sends that information (whether knowingly or unknowingly) from within any nation that is member of the EU. Furthermore, all business, even small businesses, are subject to GDPR enforcement and regulation and so this is not something that your company should ignore or overlook.The new law clearly applies to electronic and digital data collected through the Internet – so this means that e-commerce platforms, social networks, business websites and other platforms used for cloud computing that exchange and store data from its visitors are definitely subject to the new regulations. Because e-commerce and the Internet are basically borderless, companies may find out that they are subject to GDPR requirements without knowing it, and so all companies who do business on the Internet are well-advised to comply with the new laws in order to avoid any serious surprises and consequences.The following countries are currently part of the EU and any information your business collects (whether knowingly or unknowingly) from persons in these countries is governed under the GDPR: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom (Until March 29, 2019).As a business owner or company with an online business presence, you will need to understand and assess what kinds of data your company collects and controls. The GDPR requires that you receive specific and express consent to collect and process someone’s information and requires you to keep only the minimum amount of data required for the purposes for which it is used. Your company is also responsible for third-parties who manage and process the data you collect, so mere finger-pointing when something goes wrong will not suffice.The penalty for technical noncompliance is the “greater” of either €10,000,000 (currently $11,852,905 US) or 2% of your company’s global revenues. The penalty for more serious noncompliance, namely violations of certain key provisions of the GDPR, is the “greater” of either €20,000,000 or 4% of your company’s global revenues. Obviously then, compliance with the GDPR may make the difference between your company's solvency and insolvency.The task of complying with the GDPR is daunting but effective safeguards should be fairly easy to implement. A starting point to evaluate your company’s risk is to examine the following:
What kinds of data do you have, where is it stored, and how secure is that information from possible hackers or thieves? (The GDPR is particularly sensitive to the collection of children’s data.)
Where does the data come from, and how are input into your company’s system?
What kinds of security protocols does your company use to prevent data breaches and are the procedures clear and effective?
Do you have someone in the company who is specifically dedicated to oversee privacy and security protocols?
Small businesses (companies with fewer than 10 employees and annual revenues of €2,000,000, or about $2.5 Million US) are exempt from certain portions of the new regulations. However, the GDPR does not decrease the penalties and fines for small businesses that violate or ignore the requirements. Therefore, even small businesses must be careful to remove private data if there is no valid business justification or purpose for retaining such information and to comply with all applicable provisions of the GDPR.Even if the GDPR absolutely, certainly and undeniably does not apply to your company (which is increasingly unlikely in today’s global and technological world), data security and records handling is still obviously an important part of your business that cannot be ignored. At a minimum, we suggest that you consider implementing at the least the following when asking customers and visitors for their personal information:
Be specific and concise about the kind of information that you are asking from your customers and visitors and make sure that they consent to each category of information.
Keep your consent requests separate from other terms and conditions governing your customers and visitors’ use of your website and services.
Use Opt-Ins that require customers and visitors to actively give their consent; do not assume permission merely because they choose to continue to use your website and services
Identify, when available, any third parties who will rely on the consent
Make it easy for individuals to withdraw their consent at any time and provide a clear way for them to do it
Remove personal data of anyone from your system whenever they request (except for minimal record keeping items for law-enforcement and court-related purposes)
Create and maintain a record of consents that you from your customers and visitors (i.e., who, when, how)
Examine your consent practices and existing records routinely.
TOP 7 CONTRACT TERMS YOU NEED TO UNDERSTAND BEFORE SIGNING
People often ask me, a business lawyer, what I look for when
I review contracts. My unvarying response is “everything.” That, by the way, should
also be the response of any competent and careful attorney charged with
protecting a client’s interest.
The point of a written contract is to clearly state the
parties’ respective expectations. Contracts should also provide unambiguous
guidance for frequently-encountered situations that may arise during the course
of the parties’ contractual relationship. Every contract is unique. Contracts also
vary widely in scope and quality depending on the level of skill and experience
of the person drafting them.
Experienced attorneys do not necessarily need to opine on
every single term or paragraph in a contract. However, a careful attorney will
normally review everything the contract contains. This is so that the client
will not encounter unpleasant (and likely consequential) future surprises that
could have been identified in advance through a careful and thorough review.
Of course, the most basic components of a contract, such as the
date of the contract, sale price, salary, loan amount, or rental rate - among
other things - should always be identified and clearly understood. These are
things that most non-lawyers understand to look for without the counsel of an
experienced attorney. However, there are other contractual terms that are
frequently just as important and must not be overlooked.
Here is a short list of the Top Seven Things that you should
always identify and understand before signing any contract:
1. The identity of the parties.
It is vital to know exactly who you are dealing
with. Oftentimes, a salesperson or vendor presenting you with the contract is
merely an intermediary for someone else. A salesperson or vendor could
rightfully owe you nothing after they have obtained your signature. You need to
know who to go to if you encounter a problem. Conversely, you also need to know
and understand to whom you owe your contractual obligations.
2. The duration of the contract and surviving
Do you intend to be bound only for several days,
a month, a year, or perhaps only until the job is done? Aside from knowing when
your rights and obligations will expire, you also need to understand how long
after your performance the other side can hold you legally accountable to do or
perform other things. Many contracts will require that certain duties (for
example, warranty and repair requirements) survive the completion of job or the
3. Terms defining default/breach and specifying
Understanding terms of breach and the sorts of remedies
a contract offers is extremely important. Otherwise, you could violate the
terms of the contract without knowing it. You also need to know to what extent
you are liable to the other party if you fail to perform. These terms will
spell out what will trigger liability and dictate the other side’s right to
take you to court to seek a remedy. Most well-written contracts will also
control what kinds of remedies are available to an aggrieved party. Sometimes
the remedies are the same that the law generally provides, but frequently they
are not. It is important that you know what circumstances will expose you to
liability and also the exact consequences.
4. Assignment clause.
Many contracts allow one party to transfer its
obligations and rights to someone else who is entirely unrelated. If working
with the same person or company over the course of a contract is important to
you, you need to understand when and how the contract can be assigned to
someone that you potentially do not know or have never dealt with. It is entirely
possible, for example, that the other side may have the right to transfer the
contract to someone else who may not be as qualified or perhaps be incapable of
furnishing the result that you expected when you signed the contract.
5. Forum Selection Clause.
It is critical for you to know where you can
take the other side to court if there is a serious problem. Most well-written
contracts identify a specific jurisdiction or court in which you can file suit
or where a lawsuit may be filed against you. This is important because, realistically,
it will make it much more expensive for you to recover damages - for example - if
you live in Chicago but the contract requires you to file a lawsuit in New York
City in order to vindicate your rights. Conversely, it may also be much
costlier for you to defend against a claim in Anchorage, Alaska if you live in
6. Attorneys’ fees provision.
Many contracts contain an attorneys’ fee
provision which states that the party prevailing in any lawsuit or dispute has
the right to recover its attorneys’ fees and legal expenses from the other
side. This clause is important in that it may control the dynamics of the
contractual relationship and is oftentimes a significant factor in determining
whether it makes more sense to sue or to settle. For instance, a party will
probably not file suit to recover fifty dollars. However, if the contract
allows that party to also recover its attorneys’ fees and legal expenses, that
may change the dynamics enough to make it worthwhile to file suit.
7. Arbitration clause.
Contracts may or may not contain an arbitration
clause. However, they are more frequently seen in contracts when one side has
significantly more bargaining power or financial resources over the other.
Arbitration clauses often prohibit an aggrieved party from filing suit in a
court and have the dispute tried by a jury. These arbitration clause will instead
require the parties to enter into binding mediation or arbitration. The courts
have widely enforced arbitration clauses, and it is important to know if you
will not be able to vindicate your rights in court if something goes wrong. The
ability, or inability, to file a lawsuit in court often affects the dynamics in
a dispute. Generally speaking, it is often more beneficial for the party who
does not have the means or resources of the other side to have the right to
have the case litigated in court and tried by a jury of peers.
There is a high likelihood that something in a contract will
be missed, misinterpreted or misunderstood without the benefit of a thorough
review and guidance of an experienced attorney. It is my general opinion that
non-lawyers who enter into contracts without first seeking the opinions of an
attorney do so at their own peril. However, I also recognize that someone may
not always have the time, money, or resources to engage a lawyer. In those
cases, it is imperative that – at the very least – the components identified
above be identified and understood before signing.
* * *
WESTMINSTER LEGAL GROUP focuses on business law, corporate
formation and structure, commercial transactions, and real estate. Conveniently
located in St. Louis, Missouri, we serve national and local clients in Missouri
and Illinois. Please visit us at www.westminsterlegalgroup.com.
The choice of a lawyer is an important decision and should
not be based solely upon advertisements. This disclosure is required by the
Supreme Court of Missouri. The Supreme Court of Illinois does not recognize
certifications of specialties in the practice of law and a certificate, award
or recognition is not a requirement to practice law in Illinois.
NUTS AND BOLTS FOR THE NON-LAWYER: ATTORNEY-CLIENT PRIVILEGE AND CONFIDENTIALITY
The FBI’s recent raid of the office, home and hotel room of Michael Cohen, President Donald Trump’s longtime personal attorney, has pushed the issue of attorney-client privilege and confidentiality into the national conversation. At the time of the raid, the FBI sought documents and information relating to alleged “hush-money” payments made to Stormy Daniels and Karen McDougal to determine whether Cohen’s involvement rises to a level of a crime, prompting the President to post on Twitter that, “attorney-client privilege is dead.” The FBI’s raid is unusual and there is particular sensitivity in this case because Cohen’s activities were allegedly performed for the direct benefit of the President who the FBI may be investigating for possible obstruction of justice.
In this context, the attorney-client privilege and confidentiality deserves some explanation. Fundamentally, the privilege exists so that a client is free to be completely honest and transparent with his legal counsel without fear of exposure or reprisal. It also exists so that the attorney may adequately and properly assist the client in the matter being discussed. Normally, a lawyer cannot reveal information relating to representation of a client unless the client consents to the disclosure.
The attorney-client relationship begins when the legal advice of an attorney is sought and received from a lawyer. Generally speaking, the attorney-client privilege applies to information shared voluntarily by a client to a lawyer in confidence in a manner that no other recipient (other than those reasonably necessary for the transmission of the information) is expected to receive the information. It exists for the benefit of the client and survives the death of the client. The privilege applies to individuals as well as to corporate entities. For example. A manager or members of top management of a company may be a “client” for purposes of the privilege between the company and the attorney.
There are exceptions to the attorney-client privilege. The privilege does not apply, for instance, where:
- the attorney is authorized to make disclosures that are impliedly authorized in order to carry out the representation, except where the client's instructions or special circumstances, prohibit the disclosure;
- the client’s communications concern future or contemplated frauds or crimes and where the lawyer believes that disclosure is reasonably necessary to prevent the client from committing a criminal act that will cause bodily harm or death;
- competing claimants claim through the same deceased client necessitating the disclosure;
- joint clients subsequently become involved in a controversy between or among themselves necessitating the disclosure;
- in criminal proceedings when the attorney-client privilege is trumped by a criminal defendant's need for exculpatory evidence, and
- the client has sued a lawyer for malpractice.
A client may waive the attorney-client privilege. This occurs when the client specifically and expressly waives the privilege. In the case of a corporation, the company’s management, officers and directors may waive the privilege.
Presumably, the FBI’s justification for the raid and search for attorney-client privileged information from the President’s attorney falls under the exception relating to fraud and crime. Specifically, the FBI was seeking evidence concerning a cover-up. The circumstances suggest that a judge issued the search warrant after concluding that the attorney-client privilege between President Trump and his attorney was being used in furtherance of a criminal act or that the privilege was being used to perpetuate a fraud. Normally, judges vigorously protect the sanctity of the attorney-client relationship and only abrogate that protection when there is sufficient and justifiable reason to do so.
NUTS AND BOLTS FOR THE NON-LAWYER: WHEN DOES THE LAW REQUIRE AGREEMENTS TO BE IN WRITING?
Most people are generally aware that verbal contracts and agreements are enforceable (so-called “hand-shake deals”). Difficulties typically arise, however, in situations where one side reneges on a verbal contract and the other side wants to hold the other party to its word. Without a written document containing the specifics of the parties’ agreement, disputes normally degenerate into a “he said versus she said” exercise in which the outcome is usually as vague and questionable as the verbal promise itself.
Certain kinds of contracts must be in writing
Illinois and Missouri require that certain kinds of agreements be written. This observes the accepted notion that evidence concerning verbal agreements are usually quite spotty or unreliable. Generally, the sort of contracts that must be written in Illinois and Missouri include the following:
- Agreements of personal representatives of a deceased person’s estate;
- Agreements where one person agrees to be responsible or liable for the obligations of another person;
- Agreements concerning marriage, such as prenuptial agreements;
- Contracts for the sale of real estate;
- Leases lasting longer than one year; and
- Any agreement that is not intended to, or cannot, be performed within a year.
Illinois law requires two additional categories of agreements to be in writing: agreements for the sale of personal property (as opposed to real estate) where the sale price is over $5,000, and agreements involving the sale of goods. Illinois law is also different from Missouri in that it does not require agreements for the purchase or sale of securities to be in writing.
Written contracts must have all of the “necessary ingredients” to be enforceable
In addition to identifying what sorts of agreements or contracts must be in writing, parties need to also ensure that their written contracts are “legally sufficient.” To be legally sufficient, written agreements in Illinois and Missouri must:
- Identify the date of the contract;
- Identify the parties;
- Identify the subject matter of the agreement;
- Identify the duration (and/or the expiration date) of the agreement; and
- Identify specifically what each party is bringing to the table in order to make the agreement binding.
To be enforceable, the contract in question must also be signed by the party (or the party’s authorized agent) being bound to the promises contained in the contract.
Observing the requirements laid out above, it’s easy to see why most quickly-scrawled contracts are unenforceable. Can you identify why the following is not “legally sufficient”?
| I.O.U. $10,000. - /s/ John Smith |
General thoughts and concluding remarks
There are some agreements that, for one reason or another, we would rarely insist be reduced to writing. For example, it is not usually worth the time or effort to prepare a written document whenever a friend asks to borrow a pen or to lend them a few dollars. When the stakes are higher, where one of the parties is perceived to be less than “honorable,” or when there will be a considerable amount of time until the other party finally performs the agreement, the scale usually slides in the other direction. Preparing fully enforceable written contracts and interpreting them involves art, science and experience. As in any business or personal endeavor, the trick is in knowing when to insist on having a written agreement versus an oral one.
CAR DEALERSHIP SERVICE ADVISORS NOT ENTITLED TO OVERTIME PAY
The US Supreme Court ruled Monday, April 2, 2018 that service advisors at car dealerships are excluded from federal overtime pay requirements.
In a 5-4 decision, the Court ruled that automobile service advisors are exempt from overtime pay under the Fair Labor Standards Act (FLSA), 52 Stat. 1060, as amended, 29 U. S. C. §201 et seq., which requires employers to pay overtime compensation to certain employees. By its plain language, the FLSA exempts from its overtime-pay requirement “any salesman, partsman, or mechanic primarily engaged in selling or servicing automobiles, trucks, or farm implements, if he is employed by a nonmanufacturing establishment primarily engaged in the business of selling such vehicles or implements to ultimate purchasers.” §213(b)(10)(A). §213(b)(10)(A). Although the Department of Labor initially interpreted it to exclude service advisors, the Court rejected that view.
In classifying service advisors as salesman, the Supreme Court stated that a service advisor is obviously a “salesman,” reasoning that the ordinary meaning of salesman is someone who sells goods or services. Even if service advisors do not spend most of their time physically repairing automobiles, the FLSA does not make that distinction.
Read the slip opinion here: https://www.supremecourt.gov/opinions/17pdf/16-1362_gfbh.pdf
FOR SINGLES, WIDOWS AND THE DIVORCED, ESTATE PLANNING IS STILL ESSENTIAL
Whether never married, widowed or divorced, single people face unique estate planning issues that require advanced planning and they need to pay just as much attention to their estate planning as married couples do.
Some complicated estate planning objectives for singles include: (1) ensuring that their assets go to relatives, loved ones and charitable organizations of their choosing rather than going to distant relatives or escheating to the state; (2) identifying specific individuals who may make decisions in cases of illness or incapacity instead of leaving that decision to a distant relative or a stranger appointed by the state; and (3) ensuring that accounts and assets will not end up in the hands of a former spouse.
To ensure that assets and decisions concerning their assets wind up with the relatives, loved ones, charitable organizations and persons of their choice, single persons should create a will and an irrevocable trust that specifically states how their assets are to be distributed. Also, certain accounts such as bank accounts, retirement plans and even life insurance policies require owners to designate a beneficiary when they enroll. These beneficiary designations are usually upheld, even if the owner gave the account to someone else in a will. Therefore, a thorough evaluation should be conducted to ensure that beneficiary designations are up to date and properly made.
It is also important for single persons to designate a trusted loved one or friend to manage assets and health care decisions in case of an emergency or in the event of incapacity. Without proper directives, important decisions may fall into the hands of distant, unfamiliar relatives or state-appointed strangers. Single people should have the proper documents prepared that allow a known and trusted person to make financial and medical decisions through a general power of attorney, an advance health care directive, and a HIPAA authorization.
EMPLOYER LIABLE TO THE TUNE OF $250,000 FOR FAILING TO ADEQUATELY PROTECT EMPLOYEE FROM CUSTOMER HARASSMENT
Businesses are typically very hesitant in taking any strong measures against customers who harass employees, but a recent federal case tells a cautionary tale. A former Costco employee alleged that her employer violated Title VII of the Civil Rights Act by not doing enough to protect her from a customer who allegedly stalked and harassed her while at work. The employer confronted the harassing customer and ordered the customer to leave the store, but a jury found that this action was not enough and awarded the former employee $250,000 in a unanimous verdict.
While it is unlikely that an employer is required to do something as drastic such as seeking a restraining order or an order of protection against the customer, it is clear from this case that it must do more than merely eject the customer from the place of business. Depending on the circumstances, it is advisable that employers at least contact law enforcement and file a report of the incident and take additional, reasonable measures to prevent any continuing or future harassment.
Read the full article here: http://cookcountyrecord.com/stories/511067371-eeoc-settlement-for-ex-costco-worker-harassed-by-customer-could-be-wake-up-call-for-employers
EMPLOYERS - DON'T FORCE EMPLOYEES TO PARTICIPATE IN YOUR COMPANY'S SOCIAL MEDIA
Illinois employers beware: requiring employees to participate in your company’s Facebook, Twitter and other social media activities will likely subject you to fines under the newly amended Right to Privacy in the Workplace Act, H.B. 4999, that will go into effect January 1. Offending Illinois employers could face fines and be found guilty for asking, requiring or coercing employees to use their personal online account to join their employer's online groups.
Read more at: http://cookcountyrecord.com/stories/511044304-illinois-employers-could-be-fined-for-asking-employee-to-like-or-retweet-employer-social-media-posts
CONTRACTORS AND SUBCONTRACTORS BEWARE:
Subcontractors have the right to payment even if the property owner fails to pay the contractor. However that rule can be, and is often, significantly altered in construction agreements so that subcontractors receive payment only after the owner has accepted and paid for the subcontractor’s work. See Beal Bank Nevada v. NorthShore Center THC, LLC, 2016 IL App (1st) 151697 (September 30, 2016) Cook Co., 5th Div. (REYES).
Be careful to have your contracts reviewed to see what triggers the right to payment before signing it.
Link to the full opinion: http://www.illinoiscourts.gov/Opinions/AppellateCourt/2016/1stDistrict/1151697.pdf
THINK AGAIN IF YOU STILL BELIEVE THAT HANDSHAKE DEALS ARE UNENFORCEABLE
The case of Trapani Construction Company, Inc. v. The Elliot Group, Inc. serves to remind us that simple handshake agreements carry the weight of the law and are enforceable. In that case, the general contractor had no written contract and relied on a handshake agreement with a real estate developer. When the developer refused to pay, the contractor sued in court and was awarded $257,765, which was later affirmed on appeal.
Read the opinion at: