A law firm as creative as you are.
image001
You have the ambition. We can help you get there.

California Adopts Three New Data Privacy and Security Laws Affecting Online Companies

Posted on Oct 22nd, 2013

In September 2013, California signed into effect three new laws relating to privacy and data breach. The first is online privacy bill A.B. 370 which amends the California Online Protection Act to add privacy policy disclosure requirements regarding online tracking activity by website operators.  This amendment goes into effect on January 1, 2014.

Under current California law, operators of commercial websites or online services (including mobile applications) that collect personally identifiable information (commonly referred to as “PII”) through the Internet about consumers residing in California who use or visit their commercial website or online service to conspicuously post a privacy policy on its website or online service and to comply with that policy.  The privacy policy is required to disclose the categories of PII that are collected and the categories of entities with whom such information is shared.

The 2013 law requires an operator that collects PII concerning a consumer’s online activities now also to disclose (1) how it responds to Web browser ‘do not track’ signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of a PII, and (2) whether third parties may also collect PII about an individual consumer’s online activities over time and across different websites when a consumer uses the operator’s website or service.

To be compliant with the new law, a privacy policy must not meet all of the following requirements:

(1) Identify the PII categories that the operator collects through the website or online service about individual consumers who use or visit its commercial website or online service and the categories of third-party persons or entities with whom the operator may share that PII.
(2) If the operator maintains a process for an individual consumer who uses or visits its commercial website or online service to review and request changes to any of the consumer’s PII that is collected through the website or online service, provide a description of that process.
(3) Describe the process by which the operator notifies consumers who use or visit its commercial website or online service of material changes to the operator’s applicable privacy policy.
(4) Identify its effective date.
(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of PII about an individual consumer’s online activities over time and across third-party websites or online services, if the operator engages in that collection.
(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different websites when a consumer uses the operator’s website or service.
(7) An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.

The second new law is S.B. 46, which adds to the current data security breach notification requirements a new category of data triggering these notification requirements: A user name or email address, in combination with a password or security question and answer that would permit access to an online account. The new law also provides more guidance on how website operators can satisfy disclosure obligations when a breach involves personal information that allows access to an online or email account.  This law also goes into effect on January 1, 2014.

Finally, S.B. 568, relates to online privacy protection for minors. This law will prohibit online marketing or advertising of certain products and services (such as alcohol, tobacco, and U/V tanning products) to children and teenagers under 18.  This law goes into effect on January 1, 2015.

Impacted companies must take the opportunity presented before these laws come into effect to examine their data collection, data privacy, and security policies and practices to determine whether they demand any updates. If you have any questions about this topic, please feel free to email us.


New SEC Investor Bulletins on General Solicitation and Accredited Investors

Posted on Oct 6th, 2013

In September the SEC issued two new alerts via its Office of Investor Education and Advocacy for investors. These alerts concerned the SEC’s new general solicitation rules and the details on the new definition of “accredited investor.” These alerts are available here on the SEC’s website at the following links:

New General Solicitation Rules

Accredited Investor Definitions

The alert concerning the general solicitation rules reminds investors of the variety of risks inherent to private placements. For example, there are differences between the relevant offering documents of private placements and registered offerings; private placement documents do not generally present the investor with as much information concerning the issuer and the offering. Furthermore, the failure of an issuer to verify accredited investor status might well be a red flag about the overall health of the offering.

In tandem with this, the SEC’s “accredited investor” alert is designed to assist investors in knowing whether they are accredited investors. It details several examples of the “net worth” test in practice using factual examples.

The alerts are the latest of the SEC’s ongoing attempts to curb inappropriate use of the general solicitation rules, and to ensure that the risks of investments are clear to private placement investors.

If you have any questions about this topic, please feel free to email us.


Due Diligence Counts

Posted on Oct 5th, 2013

Private equity and venture capital funds who distinguish themselves as being “active investors” should take note of a recent First Circuit decision in the Sun Capital Partners III et al v. New England Teamsters & Trucking Industry Pension Fund decision where the could The First Circuit found a private equity fund can be jointly and severally liable for the unfunded pension obligations of companies in its portfolio where it took an active role in the company’s business.

The portfolio company in question, Scott Brass, Inc., went into bankruptcy and defaulted on its withdrawal obligations to the New England Teamsters &Trucking Industry Pension Fund (Teamsters) at a time when the company was held by two Sun Capital Funds. The Teamsters argued that the funds were jointly and severally liable for the Scott Brass obligations because they were engaged in a trade or business and were controlled by ERISA along with Scott Brass.

The Massachusetts federal district court disagreed in late 2012 and held that the Sun Capital funds were not trades or businesses, and were instead private investment funds whose only function was to receive investment income. The First Circuit, in a decision that was admittedly “fact specific”, reversed, reasoning that what might otherwise be a passive investment could qualify an investor to be a trade or business when it is coupled with certain activities. The court referred to this as the “investment plus” analysis but declined to establish specific guidelines for what those “certain activities” might be.

Factors that the court did mention include:

  • The general partners of the Sun Capital funds had hiring and firing authority and otherwise managed the day-to-day operations of their portfolio companies.
  • Sun Capital affiliates actively worked on improving and restructuring the portfolio in order to sell it at a better price. These affiliates also served on the boards of portfolio companies and held the majority of the seats on the Scott Brass board.
  • Sun Capital Fund IV in particular received management fees from Scott Brass.

These factors prompted the Court to render its decision as to Sun Capital Fund IV and to remand the case as to Sun Capital Fund III for a new “trade or business” analysis; the receipt of management fees from Scott Brass is a key consideration.

Even if ERISA work isn’t your area, this case is an important reminder that even well-crafted reps and warranties and corporate limited liability shields may not protect an investor from being pursued by creditors of a portfolio company, especially a bankrupt one. For legal issues such as funded and unfunded retirement plans covered by ERISA, there is no substitute for careful due diligence by specialized professionals. Second, investors who find themselves in a similar situation should seek guidance from the Sun Capital case on how to manage the investment without toeing the line that results in potential exposure to the fund managers and their assets.

If you have any questions about this topic, please feel free to email us.


Recent Delaware Chancery Court Decisions Opines on Arbitration Clause in Merger Agreement

Posted on Oct 1st, 2013

A recent letter opinion by the Delaware Chancery Court in a case between Shareholder Representative Services (SRS) and a buyer of a business processing business raises an interesting interpretation of an arbitration clause in a merger agreement. The case can be read here.  The dispute between the parties arose from indemnification claims brought by the buyer under the merger agreement, which SRS claimed did not comply with the requirements of the merger agreement.  While the merger agreement contained a mandatory arbitration provision, it also provided that the Arbitrator did not have authority to grant “injunctive relief, specific performance or other equitable relief”.  Relying on this provision, SRS brought various claims in the Chancery Court, including a claim for injunctive relief to stop buyer from a breach of the merger agreement by seeking indemnification to which it did not have a right.  The court disagreed with SRS and compelled arbitration.

The court first noted that since the arbitration clause did not explicitly commit the determination of substantive arbitrability to the arbitrator, the court had jurisdiction to decide on this specific issue.  In a footnote, the court noted that these issues are presumptively determined by a court.  (One drafting note from this determination is that parties that wish to avoid any court proceedings altogether may want expressly cover the issue of substantive arbitrability in their agreement.)

The court cited a 2002 Delaware Supreme Court decision for the steps to be taken by a Delaware court to assess an arbitration clause:

  • First, the court must determine whether the arbitration clause is broad or narrow in scope.
  • Second, the court must apply the relevant scope of the provision to the asserted legal claim to determine whether the claim falls within the scope of the contractual provisions that require arbitration. If the court is evaluating a narrow arbitration clause, it will ask if the cause of action pursued in court directly relates to a right in the contract. If the arbitration clause is broad in scope, the court will defer to arbitration on any issues that touch on contract rights or  contract performance.

The court cited a few examples of a “broad” arbitration clause:  “any dispute, controversy, or claim arising out of or in connection with the …Agreement” and “any unresolved controversy or claim arising out of or relating to this Agreement” (the language at issue in the parties’ merger agreement). Finding this clause to be of the broad category, the court ruled that the determination of whether the indemnification claims were time-barred should be made by the arbitrator.

In support of its argument, SRS cited a 2006 decision involving an arbitration clause in a LLC operating agreement where the parties also sought injunctive relief from the court to compel a member to assent to a capital contribution.  The court distinguished this situation from the instance case, finding that SRS’s claims were really legal claims, not equitable ones, and colorfully noted that “[s]emantic legerdemain does not transform a legal claim into an equitable claim.”  The court reasoned that the relief that SRS has requested requires an analysis of the merits of the claims, which is legal (as opposed to equitable) in nature.   Accordingly, a plaintiff cannot “convert a claim for money damages arising from a breach of commercial contract . . . into a claim maintainable in equity by the expedient of asking that the defendant be enjoined from breaching such duty again.”

This decision is a useful reminder that boilerplate provisions such as arbitration clauses (and carveouts to those clauses) should be carefully considered in the context of any agreement, especially one relating to the sale of a business or other major transaction of a company.  While there may be varying opinions on the benefits of arbitration over litigation, once a path is chosen, the parties should carefully review these provisions to reduce ambiguity around any substantive and procedural issues that may arise.

If you have any questions about this topic, please feel free to email us.