Author: Liam Mennitt

Pastore & Dailey Wins Jurisdictional Motion Involving Connecticut, Pennsylvania and Texas.

Posted on by Liam Mennitt

On July 23rd, 2019, Pastore & Dailey prevailed in a jurisdictional motion against a Texas defendant accused of participating in the theft of intellectual property, obtaining a ruling that denied the defendant’s motion to dismiss for want of jurisdiction. An evidentiary hearing has been scheduled to assess the jurisdictional claims of two other defendants connected to the alleged intellectual property theft, which involves the transfer of proprietary information between competing health food companies.

Pastore & Dailey Retained by International Fashion Retailer on Large Trademark Action

Posted on by Liam Mennitt

Pastore & Dailey has filed a broad trademark action in Federal Court seeking to enforce the intellectual property rights of one of the best know fashion designers in world against alleged infringers of its trademarks. The action has received substantial press coverage.

The Importance of Value-Added Billing Based upon the Circumstances Presented

Posted on by Liam Mennitt

As the cost of legal fees continues to rise, many clients are justifiably concerned about the economic implications of retaining an expensive law firm. According to the legal fee analysis organization NALFA, a not insignificant proportion of the country’s top attorneys have recently begun charging more than one thousand dollars an hour for their services.1 Adding to that the ever-increasing cost of junior associate billings,1 many businesses are facing a conundrum: the price of legal services often exceeds the cost involved with litigating or settling a matter. To fulfill their responsibilities to clients, law firms must move beyond costly price structures and embrace value-added billing – an approach that emphasizes the importance of improving a client’s bottom line by embracing flexible billing rates and alternative fee arrangements. 

What value can a law firm legitimately claim to provide when its billings outstrip the cost of a settlement? Despite all the cachet that comes with the retention of a large national firm, common sense dictates that clients are getting a raw deal when law firms cannot add value in the course of their work. If clients do not see their bottom line improve after retaining a certain firm, that firm simply does not deserve their business.

Value-added billing does not just benefits clients, however. In the long run, it may well benefit law firms to make an honest accounting of the cost of legal services – especially because clients may cut and run if they find themselves overpaying for legal fees. Value-added billing may also obviate the newfound preference of many businesses for non-traditional legal services,2 which often prove to be more flexible and economical than the costly billing practices employed by most firms.

To transition from unfair, costly billing practices to value-added billing, firms can make several changes to their fee structures. First, they can adjust their average billing rates in accordance with the estimated cost of litigating or settling a certain matter. If the attorney tasked with handling a certain matter realizes that their usual legal fees will surpass the expected cost of litigation or settlement, he or she should adjust them accordingly. In addition, firms can add value by embracing alternative fee structures. If an attorney determines that taking a matter on a contingency basis is likely to improve their client’s bottom line, he or she should not hesitate to do so. 

 Obviously, this sort of common-sense calculation can be thrown into confusion by uncertainty as to the final cost of litigation or settlement. The success or failure of legal procedures like litigation or arbitration (not to mention their length) cannot easily be predicted, especially considering that the introduction of new evidence or an unexpected level of intransigence on the part of the opposing party sometimes scramble the contours of a certain matter. But legal expertise and experience can help ameliorate this problem. Presumably, senior partners will have handled similar cases in the past and can extrapolate from the cost of litigating or settling those cases to estimate the potential impact on a client’s bottom line. (This assumes, of course, that firms are keeping close track of their total billings for each matter they handle).

Law is a business like any other, even if many attorneys are loath to admit it. Their primary task should be to add value, not to charge unfair fees. Anything else risks hurting the firms they were hired to represent.

  1. http://www.thenalfa.org/blog/law-s-1-000-plus-hourly-rate-club/
  2. https://abovethelaw.com/2019/07/biglaw-is-losing-out-on-legal-work/

Connecticut’s New Insurance Data Security Law: The Costs and Benefits of Compliance

Posted on by Liam Mennitt

An important section of the recent budget bill adopted by the state of Connecticut demonstrates that regulatory fever has become contagious, at least as far as data security is concerned. Section 230 of the recently adopted bill sets forth a comprehensive set of cybersecurity regulations for the state’s insurers, requiring them to comport with guidelines modeled after those developed by New York State’s Department of Financial Services (DFS).1 Connecticut insurers will now have to develop a “comprehensive written information security program,” evaluate the efficacy of that program “not less than annually,” and periodically aver to the state’s Insurance Commissioner that the law’s provisions are being followed.2 In addition, the law requires that insurers establish strict cybersecurity regulations for third parties and develop “incident response plan[s]” to recover in the wake of a cyberattack.3

The data security law also establishes a comprehensive enforcement regime to investigate and punish noncompliance. Under the provisions of Section 230, the state’s Insurance Commissioner has a broad investigative power to verify compliance with the new regulations.4 Furthermore, the Commissioner retains the power to punish recalcitrant insurers by revoking business licenses and issuing fines of up to fifty thousand dollars (provided that the offending firms have not shown themselves to be exempt in an evidentiary hearing).5 The law does contain some exceptions, however. For a one-year period between 2020 and 2021, insurers with fewer than twenty employees will be exempt from the law’s requirements, and from 2021 on insurers with fewer than ten employees will be exempt.6 Moreover, those firms already compliant with the requirements set forth in the Health Insurance Portability and Accountability Act of 1996 (a federal statute)7 are exempted from the Connecticut law if they can certify their compliance to state regulators.8 Nevertheless, compliance figures to be costly for Connecticut insurers.

As discussed on this blog previously, however, the cost of a cyberattack can often far outstrip the cost of compliance with cybersecurity regulations. This goes double for insurance companies, especially because such firms often possess “high-value consumer information, such as sensitive personal information, health information and payment card information.”9 Thanks to the creation of cybersecurity insurance, insurers are often left holding the bill in the wake of a devastating cyberattack elsewhere. Because they have presumably processed numerous such claims, they should know better than anyone else the true cost of a data breach. The aid of knowledgeable legal professionals and a healthy dose of common sense are all that stand in the way of cost-saving compliance with Connecticut’s new cybersecurity regulations.

 

  1. https://www.natlawreview.com/article/connecticut-budget-includes-insurance-data-security-law
  2. https://www.cga.ct.gov/2019/act/pa/pdf/2019PA-00117-R00HB-07424-PA.pdf
  3. Ibid
  4. Ibid
  5. Ibid
  6. Ibid
  7. Better known as HIPAA
  8. https://www.cga.ct.gov/2019/act/pa/pdf/2019PA-00117-R00HB-07424-PA.pdf
  9. https://www.stradley.com/-/media/files/publications/2017/05/landon—cyber-attacks-targeting-insurers.pdf

Data-Centric Security Strategies and Regulatory Compliance

Posted on by Liam Mennitt

In the wake of a recent spate of cybersecurity breaches, the practice of data-centric security has received renewed attention from business leaders concerned about the integrity of critical data. As defined by a PKWare white paper, data-centric security focuses on protecting data itself, rather than the systems that contain it.1 Central to the concept of data-centric security is the notion that the systems established to store and guard data sometimes crumble in the face of cyberattacks.1 Given that all manner of data storage systems have shown themselves to be vulnerable, it is hard to argue with this foundational principle. Rather than offering prescriptions for the improvement of systems, then, data-centric security places safeguards around the data itself – safeguards which are automatically applied and regularly monitored to ensure data security.1

Data-centric security strategies have several key advantages over the “network-centric” models currently employed by many firms.2 As discussed, data-centric strategies account for the proclivity of security networks to succumb to cyberattacks by securing the data itself. In addition, because security measures are built into data, “security travels with the data while it’s at rest, in use, and in transit,” a characteristic of data-centric strategies that facilitates secure data sharing and allows firms to move data from system to system without having to account for inevitable variations in security infrastructure.3 Moreover, data-centric security allows for easy access to data (a cornerstone of productivity in any firm) without compromising data security. In fact, Format-Preserving Encryption (FPE) – the specific type of encryption employed by many data-centric strategies4 – “maintains data usability in its protected form,” striking a balance between security and accessibility.5 Clearly, data-centric strategies provide stronger, more all-encompassing, and eminently manageable modes of data protection.

But perhaps the most important aspect of data-centric security is its essential role in any security regime compliant with New York State cybersecurity regulations. In fact, as the data security company Vera has noted, “the new rules are focused not just on protecting information systems but on securing, auditing and the disposition of data itself.”6 New York’s determination to advance data-centric security is evident in certain provisions of the recent cybersecurity regulation, the most important of which mandate that companies “restrict access privileges not only to systems but to the data itself.”6 Moreover, New York State’s cybersecurity regulations reflect the priorities of data-centric security because they require firms to “implement an audit trail system to reconstruct transactions and log access privileges,” a system which allows the security of individual pieces of data to be monitored automatically.6 New York regulators have already recognized the benefits of data-centric security strategies. Now, with the assistance of legal experts well-versed in cybersecurity compliance, companies concerned about their data security can too.

____________________________________________________________________________________

  1. https://pkware.cachefly.net/webdocs/pkware_pdfs/us_pdfs/white_papers/WP_Data_Centric_Security_Blueprint.pdf
  2. https://www.symantec.com/blogs/expert-perspectives/data-centric-security-changing-landscape
  3. https://www.comforte.com/fileadmin/Collateral/comforte_FS_tokenization_vs_FPE_WEB.pdf?hsCtaTracking=8a3a11b3-5ba3-4e1a-a41f-78bb92d22458%7C358952c5-4dff-4793-bbeb-8835361c3b14
  4. https://www.1stmarkets.de/en/blog/blog-article-3
  5. https://www.techpowerusa.com/wp-content/uploads/2018/03/MicroFocus.Techpower-Big-Data-eBook-2018-9434.pdf
  6. https://www.vera.com/wp-content/uploads/2018/02/Veras-Guide-to-the-NY-DFS-Regulations.pdf

Cybersecurity Compliance Could Have Saved Capital One Millions

Posted on by Liam Mennitt

A recent cybersecurity breach involving one of the country’s largest financial services firms illustrates both the necessity of strong cybersecurity regulations and the imperative for credit card holders to jealousy safeguard their personal information. In a criminal complaint filed July 29th, 2019 at the U.S. District Court for the Western District of Washington, the federal government alleged that Paige A. Thompson, a computer engineer, had taken advantage of a gap in Capital One’s cloud security to obtain the personal financial records of millions of the company’s customers in the U.S. and abroad.1 Thompson, who used the online alias “erratic,” allegedly exploited a defect in Capital One’s firewall to access confidential financial information stored on the servers of the Cloud Computing Company, a Capital One service provider.1 Despite Capital One’s claim that “no credit card account numbers or log-in credentials were compromised and less than one percent of Social Security numbers were compromised,” the episode is a reminder that without robust cybersecurity measures and a broad-based commitment to personal data security, information stored with American financial institutions remains vulnerable to cyberattack.2 In fact, had Thompson been more careful to remain anonymous,3 the data breach could well have become catastrophic.

First, the data breach demonstrates the value of robust cybersecurity regulations. For example, if Capital One’s cybersecurity measures had met the stringent standards of the regulations issued by New York State’s Department of Financial Services that is now being enforced by the state’s new Cybersecurity Division, this problem may have been avoided. The DFS has committed itself to ensuring that “encryption and other robust security control measures” characterize the cybersecurity policies of the state’s financial services firms.5 Had Capital One encrypted or tokenized6 all of the data subject to the recent breach, it is possible that the effects of the cyberattack may have been less widespread. In fact, the criminal complaint against Thompson notes that “although some of the information” targeted by the cyberattack “has been tokenized or encrypted, other information[…]regarding their credit history has not been tokenized,” allowing “tens of millions” of credit card applications to be compromised.1 Of course, the cybersecurity regulations adopted by New York State are burdensome. But the alternative is even worse – especially considering that Capital One will “incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support,” a price tag that doubtless outstrips the costs of regulatory compliance.3

Pastore & Dailey is a leading firm in the drafting and implementation of procedures necessary to comply with federal and state securities and banking cybersecurity regulations and laws, which in this case could have saved Capital One millions if properly followed.

Second, the cyberattack bears out the importance of diligence in safeguarding financial information. According to Forbes, individuals worried about the security of their financial information can take a host of precautions: “[updating] passwords,” avoiding the use of e-mail accounts to share confidential information, “[establishing] two-factor authentication,” and so on.7 Cyberattacks like the one that recently struck Capital One have become a fact of life for many Americans who bank online, but they need not be costly. Common-sense precautions and security diligence can go a long way towards ensuring the integrity of your financial records.

Pastore & Dailey Secures Settlement in Failed Systems Case

Posted on by Liam Mennitt

Pastore & Dailey recently secured a favorable settlement in a case involving the loss of server data from an accounting firm. The settlement, which was reached after the loss of vital data from the client’s computer network, helped the client offset substantial financial harm produced by the server failure.

Cryptocurrency Tax Consequences

Posted on by Liam Mennitt

A recent decision by the Internal Revenue Service (IRS) to clamp down on cryptocurrency back taxes has understandably concerned many investors and thrown a host of complicated legal questions into sharp relief. In an effort to collect capital gains taxes on cryptocurrency trades, the IRS recently sent out a series of letters to about 10,000 investors warning them that failure to account for capital gains accrued in cryptocurrency markets could invite an audit or the imposition of even harsher penalties.1 The IRS has reportedly sent out three types of letters – one gently reminding investors to update their tax returns, another warning about the costs of tax evasion, and a third threatening an audit if a response is not received – “depending on the severity of the [tax] issue.”1

The IRS’ legal authority to send such letters and threaten enforcement action is rooted in the designation of cryptocurrencies as taxable property, rather than as currencies. In explaining this classification, the key consideration employed by the agency is that while cryptocurrencies can “be used to pay for goods or services” just like regular currencies, they can also be “held for investment,” a status that makes cryptocurrency subject to capital gains taxes.2 Cryptocurrency’s status as taxable property has a host of ramifications for tax preparation, the most important of which will be summarized below.

Before any investor can assess their cryptocurrency-related tax liability, they need to tabulate their “taxable events.” Taxable events, according to CryptoTrader.tax, encompass the following: “trading cryptocurrency to fiat currency” or to another form of cryptocurrency, “using cryptocurrency for goods and services,” and “earning cryptocurrency as income.”3 (Importantly, these provisions apply to cryptocurrency “miners,” the individuals who are paid in cryptocurrency to maintain blockchain networks).3 Whenever any of these taxable events occur, cryptocurrency investors need to log the “fair market value” of the cryptocurrency (plus any fees associated with the cryptocurrency purchase, sale, or trade) and determine if they incurred any gains or losses in the transaction.3 The tax rate on each transaction is determined by the length of time for which the investment was held. That is, cryptocurrencies purchased, held, and sold within a year are subject to the short-term capital gains tax (equivalent to regular income tax rates).4 Because U.S. tax law seeks to incentivize long-term investing, assets purchased and held for more than a year are subject to the long-term capital gains tax, which is considerably lower than the short-term rate.4

Although these rules may seem complex and burdensome, there are many ways to minimize your cryptocurrency tax liability. First and foremost, investors can actually claim deductions on their cryptocurrency losses – just as capital losses are deductible for more conventional assets.3 Moreover, as Accounting Today notes, investors can avoid capital gains taxes by gifting or donating cryptocurrency.5 Because the long-term capital gains rate is lower than the short-term rate (as discussed above), investors can lower their tax bill by making long-term investments.5 Finally, investors can reduce their tax liability by immediately converting cryptocurrency that has appreciated in value into a fiat currency like U.S. dollars, rather than using it to purchase another form of cryptocurrency.5 This is because both the conversion to U.S. dollars and the act of purchasing another cryptocurrency with capital gains are both taxable events.5

Despite the uncertainty and mystique surrounding cryptocurrency, these novel investment opportunities are governed by laws and regulations familiar to any experienced investor. Common sense, sound legal advice, and diligence will prevent your cryptocurrency tax bill from growing exorbitant.

 

  1. https://www.cnn.com/2019/07/26/tech/irs-cryptocurrency-taxes/index.html
  2. https://www.irs.gov/pub/irs-drop/n-14-21.pdf
  3. https://www.cryptotrader.tax/blog/the-traders-guide-to-cryptocurrency-taxes
  4. https://www.investopedia.com/taxes/capital-gains-tax-101/
  5. https://www.accountingtoday.com/opinion/minimizing-tax-liability-for-crypto-invested-clients

Cryptocurrency in Capital Markets: From ICOs to STOs

Posted on by Liam Mennitt

In the wake of chronic price volatility and a series of enforcement actions against the chaotic and unregulated market for Initial Coin Offerings (ICOs), alternative financial instruments have recently been developed to help investors share in the precipitous growth of cryptocurrency and blockchain technology. At first, the ICO – an instrument that Investopedia.com defines as “the cryptocurrency space’s rough equivalent to an IPO in the mainstream investment world” – constituted the primary vehicle for investment in cryptocurrency.1 Under the terms of an average ICO, investors purchase an emergent cryptocurrency either with traditional currency or another, established cryptocurrency in the hopes that the emergent cryptocurrency will enter widespread usage and increase in value.2

Despite their seeming promise, many ICOs have faced regulatory headwinds and practical challenges from the start. In fact, several high-profile ICOs have been shut down because their issuers failed to comply with SEC securities regulations. In SEC v. Howey (1946), the Supreme Court set forth a canonical test for classifying financial products as securities, asserting that financial products should be regulated as securities when they constitute an “investment of money” as part of a “common enterprise” which entails “an expectation of profits [generated by a] promoter or third party.”3 Armed with this binding precedent, the SEC has classified cryptocurrencies as securities and has not shied away from clamping down on unregistered offerings. As recently as June 4th, 2019, the commission filed suit against the instant-messaging service Kik on the grounds that the company had “sold [cryptocurrency] tokens to U.S. investors without registering their offer and sale as required by[…]U.S. securities laws.”4 At issue in the Kik case was not just the company’s failure to register the offering with the SEC, but also the disconnect between cryptocurrency’s avowed purpose as a mode of exchange and its practical role as a store of value.5 That is to say, it becomes harder and harder to claim that cryptocurrencies are not securities when investors primarily acquire them in order to capitalize on price fluctuations.

Even though many ICOs have been registered after the fact to comport with securities regulations,6 they still constitute less than stable investment opportunities. According to a study conducted by Ernst and Young, “a lack of fundamental valuation and the due diligence process by potential investors is leading to extreme volatility of the initial coin offering (ICO) market,” trends which would presumably render them unacceptably risky choices for most investors.7

Faced with high levels of risk and the possibility of SEC enforcement, some investors are turning to Security Token Offerings (STOs) in order to acquire securitized cryptocurrency on capital markets. STOs typically offer securitized cryptocurrency “backed by real assets or things that have established value,” a characteristic that tends to immunize them against the price volatility of ICOs.8 STOs also have several key legal advantages over ICOs. Because the cryptocurrency offered is pegged to an identifiable group of revenue-generating assets, the issuers of the STO do not have to make the facile claim that their financial product is a mode of exchange and not merely a store of value. That is to say, as long as they are registered with the SEC and otherwise comply with securities regulations, STOs can be placed in essentially the same legal category as regular securities,5 a status which does not exempt them from federal oversight but can clear the way for the buying, selling, and trading of cryptocurrency on the open market. In this sense, STOs constitute safer, far less legally dubious vehicles for investors eager to take advantage of the cryptocurrency boom.

___________________________________________________________________________________

  1. https://www.investopedia.com/terms/i/initial-coin-offering-ico.asp
  2. Ibid.
  3. https://consumer.findlaw.com/securities-law/what-is-the-howey-test.html
  4. https://www.sec.gov/news/press-release/2019-87
  5. https://selfkey.org/stos-vs-icos-a-comprehensive-introduction-for-2018/
  6. https://www.clearyenforcementwatch.com/2019/02/sec-issues-first-ico-enforcement-action-against-a-self-reporting-token-issuer/#_ftn3
  7. https://www.ey.com/en_gl/news/2018/01/big-risks-in-ico-market–flawed-token-valuations–unclear-regulations-heightened-hacker-attention-and-congested-networks
  8. https://gomedici.com/2018-recap-move-over-icos-its-time-for-stos

FLSA: Congressional Intent and Gaming the System

Posted on by Liam Mennitt

Despite its status as a seemingly antiquated piece of New Deal legislation, the Fair Labor Standards Act (FLSA) has constituted the battleground for a long-running legal conflict over the right of employees to claim overtime. The Supreme Court issued its first major FLSA ruling in A.H. Phillips Inc. v. Walling (1945), a decision which established strict construction of the law’s provisions for exemption (a status that precludes overtime pay) as the legal norm. The case, which involved A.H. Phillips’ decision to deny overtime pay to employees in its warehouse and central office, demonstrated the Court’s determination to vindicate congressional intent. Writing for the majority, Justice Murphy noted that because the act constituted “humanitarian and remedial legislation” and comported with “the announced will of the people,” its provisions for exemption should not be subjected to jurists who might “abuse the interpretative process.”1 The provisions of the law at issue, the Court held, should be applied only to “those plainly and unmistakably within its terms and spirit,” setting the stage for narrow construction of the FLSA’s rules for overtime exemption and affirming the central purpose of the law: to ensure that workers in low-wage industries receive fair pay for the hours they work.2

Ironically, however, there has been a recent rash of otherwise well-off plaintiffs eager to claim non-exemption under the FLSA and obtain additional compensation, a development which surely contradicts the intent of the law’s framers. In fact, as Law360 notes, “almost all of Wall Street’s biggest banks have been hit with lawsuits alleging that they violated the Fair Labor Standards Act by classifying brokers as administrators rather than as sales people,” a classification which would render them exempt from FLSA overtime rules.3 These claims lack merit – especially in light of guidelines published by the Department of Labor that assert that “[e]mployees in the financial services industry generally meet the duties requirements for the administrative exemption.”4 Even in light of the obvious weakness of these assertions, the alarming fact that workers in the financial services industry (a field generally known to be lucrative) lodged such claims at all demonstrated that the intent of the law needed to be clarified again by the nation’s highest court.

The Supreme Court did just that in Encino Motorcars v. Navarro (2018), a landmark FLSA case on par with A.H. Phillips. Writing for the majority, Justice Thomas rejected a claim that “service advisors” employed by an auto dealership met the definition of nonexempt workers under the FLSA.5 Even more importantly, Encino Motorcars signaled the Court’s willingness to apply a broad standard in assessing exemption under the law, rather than a narrow standard that grants exemption only to those employees “plainly and unmistakably within [the FSLA’s] terms and spirit.”1 Although the Court’s recent decision constitutes a departure from precedent, it vindicates both the intent of the FLSA’s drafters and reaffirms the common-sense understanding that employees should be remunerated only in proportion to their willingness to work hard and accomplish the tasks set before them. In other words, both congressional intent and common sense dictate that financial services employees should be paid a salary reflecting the quality of their work product, not merely the hours they work. They are professionals, after all.

  1. A.H. Phillips v. Walling (1945), Murphy, J. Majority opinion.
  2. Ibid.
  3. https://www.law360.com/articles/34738/investment-banks-take-the-offensive-in-flsa-suits?copied=1, para. 2
  4. https://www.dol.gov/whd/overtime/fs17m_financial.pdf, para. 3
  5. Encino Motorcars v. Navarro (2018), Thomas, J. Majority opinion.