Defend Trade Secrets Act of 2016

Important new federal legislation, Defend Trade Secrets Act (“DTSA”) has been signed into law.  The most significant change of this new law is trade secret owners may now bring a civil claim for misappropriation of trade secrets to federal court. Prior to this legislation, trade secret theft was governed exclusively by state law resulting in wide variety of outcomes and uncertainty.  Another significant change under the new federal law is the right, in extraordinary circumstances, for an ex parte seizure order; if certain specific findings are made, showing: (1) a temporary restraining order or another form of equitable relief is inadequate; (2) an immediate and irreparable injury will occur if seizure is not ordered; and (3) the person against whom seizure would be ordered has actual possession of the trade secret and any property to be seized. This new federal law doesn’t preempt state laws.  It provides trade secret holders with important, additional recourse, more uniformity and access to federal courts.trade-secrets-pic

The single most important part of this new legislation requires employers and contractors to provide a specific “whistleblower clause” (or reference to it) in every contract with employees or independent contractors governing trade secrets, proprietary rights or confidential information in order to recover critically important damages – such as punitive damages or attorney’s fees. Unless employers provide the prescribed notice in every contract with their employees or independent contractors they waive these incredibly important rights. The one immediate step we’re recommending is for all Non-Disclosure Agreements, Employee Policies and Procedures or other Confidentiality Agreements to be reviewed and updated to include the notice language required by the statute.  Otherwise, a sizable element of potential recovery in every successful trade secret case will be forever lost.

A brief re-cap of this new legislation includes:

The first group of new enactments includes a number of more technical provisions such as re-defining “trade secret” and “improper means”; clarifies that ex parte seizures may only be instituted for a limited and defined set of circumstances; and directs the Federal Judicial Center to develop best practices for the execution of seizures and the storage of seized information.

The second group of enactments provides protection to whistleblowers, who disclose trade secrets to law enforcement in confidence for the purpose of reporting or investigating suspected violations of law, and outlines protections for confidential disclosures of trade secret in lawsuits or anti-retaliation proceedings.  The statute, importantly, extends immunity under both state and federal laws in both civil and criminal proceedings.

We’d be glad to assist clients with reviewing and updating documents to ensure these important protections are included in all applicable confidentiality agreements.

________________________________________________________________

Attorney Tegan Blackburn regularly counsels clients on wide range of sophisticated business and corporate matters, including advice on protecting their assets and “secret sauce”, trademark registration and infringement issues, regulatory compliance and a wide range of contacting issues.

(Note: This new law is based on a number of the provisions of the Uniform Trade Secret Act of 1985, adopted by several states, which was intended to provide better trademark protection and more uniform standards to trade secret holders doing business in multiple states.)

Tegan Blackburn LLC         All Rights Reserved.

The Latest Security Threat – Ransomware

Ransomware Increasing in Alarming Numbers

The growing sophistication and volume of cyber security threats is a serious, ever-present risk.  Here’s the latest one – ransomware.  Today’s blog will help you understand what this latest threat is, how to avoid it and if the worst thing happens, how to respond to it.

Just how serious is it? If you visit the websites of any federal regulators or enforcement agencies such as the FBI, HHS, OCR or the Secret Service, you’ll see what a big threat this has become – some estimating a 3,500% increase of ransomware just this year.  Readily available, free open source code makes for easy exploits by cyber thieves. With the return on investment for cyber criminals very high, everyone from mom and dad to the local grocer, as well as big business is at risk.

bad guy pic

There are a lot of different types of ransomware out there, but all of them have the same purpose. And it’s pretty much what it sounds like – they kidnap your data, leaving you at the mercy of criminals, who’ve taken over and locked down your computer (using an encrypted locking device) until you pay up.  This is just the latest in highly profitable criminal enterprises out there lurking on the internet, hitting businesses and individuals alike with software capable of locking down a computer or entire computer network with just one wrong key stroke.

The typical way ransomware takes over is by:

  • Drive-by downloads – all it takes is a visit to malicious website, clicking a pop-up ad or opening an infected email attachment. This often called the “human factor” – people clicking before thinking, not taking a moment to consider if what they’re about to open is legit.  Click, and it’s too late, they’ve taken over and locked you out until you pay up.
  • Exploiting program vulnerabilities if you don’t run and update anti-virus and malware detection (settings to automatic updates is best); you’ve left the door wide open to cyber criminals gaining easy entry to your computer system.   The hackers and crackers, or whatever you want to call them, aren’t targeting you, they have malware spiders and bots running behind the scenes 24/7 looking for any open doorway.

 To up the ante, criminals often use scare tactics displaying logos and images of known law enforcement agencies threatening punishment or imprisonment if payment isn’t made.  All of this works at lightning speed and without warning.  As soon as the pop-up ad, email attachment or link containing ransomware is opened, everything is immediately encrypted preventing access to the computer or network.  The attacker then demands payment (usually requiring purchase and delivery of unregulated bit coins) before giving you the decryption key that, presumably, allows access to the computer.

What can you do to avoid this?    computer locked pic                                      

  1. Always back up your data: Frequent (sometimes redundant) backups of data is the best policy – if the worst happens, your data can be promptly restored.
  2. Think before clicking: Don’t click pop-up ads, open attachments or unrequested links unless you know and trust the source.  A lot of these infected emails and links contain red-flags and everyone should be trained on what to look out for.
  3. Secure your PC: Make sure you run and update adequate anti-virus and malware detection software on all systems. Check all system settings so they automatically update and apply appropriate patches.
  4. Don’t Pay: If you think you’ve been the victim of ransomware attack, don’t panic and rush to pay. There’s no guaranty after making payment that your computer’s functionality and files will be restored. In some instances, more recent less “robust” versions of this malware delete all your data so even after you pay up, there’s no guarantee your data will be here. In some instances the Secret Service, FBI or other law enforcement officials should also be contacted.  These agencies typically recommend not paying up as a disincentive to the bad guys, who are often here and gone, beyond the reach of U.S. officials.  (Our next blog will discuss the intricacies posed by a number of federal and state privacy, security and breach notification laws such as HIPAA, which may require notifications and additional steps to be taken.)

If you’ve done what we recommend, frequently backing up files and programs, then using your own resources to quickly restore functionality is a far better way to go than negotiating with criminals and hoping for the best.  Of course, avoiding the problem all together is the goal and we’d be glad to assist.

_____________________________________________________________________

Our firm frequently advises clients and provides training on how to avoid these all too present security threats, and if the worst should happen, how to respond.  We welcome your inquiries on our business and corporate legal services; and would be glad to speak with you specifically about our extensive background and expertise helping clients develop and implement the best practices, policies and procedures to avoid these unnecessary, costly problems.

Tegan Blackburn LLC                      www.teganblackburn.com            All Rights Reserved.

New Connecticut Law Restricts Non-Compete Agreements with Physicians

New legislation significantly changes the law regarding covenants not to compete involving physicians.  This new law effective July 1, 2016 (Public Act 16-95) is intended to increase competition among healthcare providers.  While there has never been a really bright line rule for enforcing non-competes in Connecticut, and elsewhere, courts typically considering the “reasonableness” of the restrictions imposed.  With this new law, Connecticut now has a bright line rule limiting physician non-competes to no more than: (a) 1 year; and (b) 15 miles from the “primary site” where the physician practices.non compete pic

The reasonableness standard that has always applied to non-competes will continue to be important.  In any enforcement action, physician non-competes will continue to be enforceable only if: (a) necessary to protect a legitimate business interest; (b) reasonable in limiting time, geographic scope and practice restrictions; and (c) otherwise consistent with law and public policy.  An important drafting note for non-competes and when making hiring decisions is determining (and defining) “the primary site” to avoid conflicts in interpretation and when more than one location may apply.  The “primary site” where the physician practices” is defined as “the office, facility or location where a majority of the revenue derived from the physician’s services is generated.”  The statute also includes additional restrictions for non-competes entered into, amended or renewed, after the effective date, between hospitals, health systems, medical school or medical foundations allowing these covenants to restrict the physician’s right to practice only with another such entity or foundation.

Also, these non-competes will be void and enforceable against a physician if: (1) the employment agreement was not made in anticipation or part of a partnership or ownership agreement and the agreement expires and is not renewed, unless, prior to the expiration, the employer makes a bona fide offer to renew the contract on same or similar terms and conditions; or (2) the employer terminates the employment or contractual relationship without cause.  It’s important for employers to note that if a non-compete drafted under the new law exceeds the scope of its provisions (both the long existing “reasonableness standard” and the new bright line rule defining the time and geographic limitation from the primary site); or if the physician’s employment or contractual relationship is terminated without cause, or the agreement expires, the non-compete will be utterly void and unenforceable.

Lastly, in order to prevail, a party seeking enforcement must prove: (1) the non-compete complies with the new statute in all respects; (2) that they have not violated its provisions; and (3) that actual damages were suffered.

With the important new requirements under this bill, effective July 1, 2016, we can’t stress enough the importance of reviewing existing physician non-competes before contracts are renewed and having counsel prepare or review non-competes for all new hires to ensure they meet the requirements of this new law.  We welcome inquires on how we can assist.

 

 

 

Asset Transfers, How You Hold “Title” Really Matters

canstockphoto15887355

Asset transfers are made for a wide range of legitimate business, estate planning and other reasons.   How assets are titled can make all the difference between effortless, prompt transfers or having costly and often uncertain results.  In the estate planning context, it’s important to get it right before you need it.  Sometimes forms designating beneficiaries (and perhaps forgotten) or how deeds or accounts were set up will completely override what’s stated in a Will or other testamentary documents.  Lifetime transfers of business and personal assets can also be done with far greater ease when assets are properly titled, not leaving the door open for more costly delays or other unpleasant surprises.

When attorneys talk about “titling” assets, we’re talking about who the “legal owner” is.  Married couples will often own real estate as joint tenants with rights of survivorship (JTWROS).  So when a spouse passes away, the title vests 100% to the surviving spouse with ownership passing immediately to the surviving spouse.  This applies to any property provided the property is property titled in “survivorship”.

Alternatively, property is sometimes acquired or owned as “tenants in common” (TIC).  When, for example, multiple family members or unrelated individuals own property acquired through an inheritance or for investment purposes with each holding some specified share of the property.  Property owned as TIC is freely divisible whereas property owned in survivorship is not.  If a TIC owner dies, their share will be transferred in accordance with their Will (or Trust or if owned by a business, as designated in the governing documents) to the named beneficiary.  (If there is no Will or the Will is invalid even bigger problems can arise under state intestacy laws).  Lifetime transfers of TIC properties can pose challenges for the owners who now hold title with who knows who – since interests are freely divisible (unless there is a first right of refusal retained by the other owners in a valid document).  Trusts (or other agreements) can also be utilized by individuals or businesses to provide more seamless transfers.

Property is sometimes held in a sole individual name.  Property owned solely or “individually” at the time of death is considered a “probate asset” requiring a court order to transfer the property; subject to a few of the exceptions if property is deeded though Trusts and properly recorded, etc.  After the death of a spouse, a surviving spouse, who owns the property in her sole name, may wish to create a trust or other testamentary instrument so that property will not require probating and pass directly to heirs.

Each of these types of ownership interests will have dramatically different results so how to hold title should be carefully considered.  When titled properly, real estate, bank accounts and other assets can pass immediately to co-owners, survivors and beneficiaries, after death, without the delay or the involvement of probate court.  In the estate planning context, it’s extremely important to keep in mind that how accounts are titled will override the provisions in a Will.  While there are a number of options, how to take title during lifetime ownership will depend on a variety of factors and there are instances where jointly owned accounts may not be advisable. Many people choose a transfer on death (“TOD”) designee (which works like naming a beneficiary in a Will) so the account will pass automatically to the named TOD designee unlike a joint account, which during lifetime could be accessed and completely drained by any of its owners. Joint accounts should be identified as (JTWROS) and, as noted, there are some precautions to point out as any one of the owners can access, withdraw and make decisions on the account – so care should be taken here.

Keeping in mind that named beneficiaries or TOD election will override any provisions in a Will to the contrary, it’s extremely important to keep up-to-date records of beneficiary designations and document how accounts were set up.  Too often bank records aren’t correct, documents are lost or people forget to update beneficiary designations.  Don’t rely on bank representatives or family members to advise you.  I’ve seen situations where misinformation was provided to clients or mistakes were made by bank representatives causing unnecessary, lengthy delays, because documents prepared long ago were not done correctly or how they were done was not understood.  This can cause assets being transferred in a ways an owner never intended.   It’s critically important to make sure there are no inconsistencies with your wishes and that documents are correctly prepared.  Otherwise, costly, unpleasant, unintended consequences can and do result. The beneficiary designation (again, properly done and documented) will prevail over any contrary provision in a Will care must be taken!  The assistance of qualified legal counsel is important to make sure these avoidable, unintended (and sometimes irreversible) consequences don’t occur.

Preparing documents that meet your needs and reviewing your documents every year or two (or whenever a major life change occurs) is a great way to have peace of mind and feel secure about your future.  Everyone regardless of age should have a Will.  Anyone who owns a business should have a  Business Succession Plan, as well as Will. Having these documents in place before they’re needed is critically important.  If something unplanned occurs, it may be too late. Many times clients believe this will be an overwhelming process and are often surprised by how easy we make this process by listening carefully and explaining options.  There is often a great sense of relief for accomplishing business succession, estate plans or just having a review or update done to confirm all is well. Regardless of age or circumstances, it’s important that documents be properly titled so they can accomplish important goals. There’s nothing worse than finding out documents you prepared sometime ago may completely override what you intended.

Don’t wait – Please contact us today for assistance in reviewing your documents and goals.

At Last – Some Good News for Powers of Attorney

Did you know – until recently there was no Connecticut law requiring banks or financial institutions to accept a Power of Attorney?  Those of you who do know – have likely seen first-hand the problems this caused. A new Connecticut law, at last, has come to the rescue.  (See notes below on Adoption of Connecticut Uniform Power of Attorney Act).  This blog highlights the benefits of the new law and reasons Powers of Attorney are rejected, sometimes for valid reasons, sometimes not:probate image canstockphoto13987862 (2)

Here’s the top 2 reasons Powers of Attorney are rejected: 

  • Drafting problems. Banks, financial institutions and others can and often do refuse to accept a Power of Attorney (POA), because it doesn’t state the specific authority for what the agent wants to do.  For instance, the agent appointed under the POA wants (often needs) to access a safe deposit box, but the document doesn’t specifically mention a safe deposit box.  Documents can be more carefully drafted to avoid these types of problems; and
  • Internal bank policies. Powers of Attorney also get rejected without any really legitimate reason other than “our policy is such and such…” and your document doesn’t meet their policy. While banks came under greater scrutiny since the 2008 Wall Street debacles (through laws like Sarbanes Oxley (SOX) and Gramm Leach Bliley (GLBA) and some of the policies they adopted were intended to protect consumers, all too often  POAs are rejected for reasons that boggle the mind.  In one instance I know of a bank rejecting a POA, because it was executed more than 6 months ago. A number of other larger, well-known banks have adopted polices requiring POAs be no more than 12 months old or they reject them.  Needless to say, this caused a lot of unnecessary turmoil.  In many instances a perfectly good POA is rejected, because of these types of these internal policies.

Yes, banks can and do get away with this – until very recently there was no state law requiring them to accept an otherwise perfectly validly POA. Some banks have even have gone so far as to require their own forms be signed – huh, how practical is this?  It doesn’t take a rocket scientist to understand how this completely defeats the entire purpose of having these forms prepared and in the hands of those appointed before they’re actually needed.  For anyone attempting to act on behalf of a principal in a time of need; especially when the principal is incapacitated or unavailable and the agent has important duties to perform this can be a nightmare. The result is often engaging legal counsel to fight the battle, creating a new POA (if the principal is available and competent) or as a last resort needing to go to probate court for a conservator to be appointed – more unnecessary expense and delay.

This new law is incredibly welcome news.  The law creates a presumption of validity for a person who accepts a POA if they believed in good faith it was validly executed. The law also limits the circumstances under which a POA can be rejected – for example, when the bank knows the POA was terminated or that it violates a state or federal law, perfectly legitimate reasons.  Also included in the new bill is a provision allowing the probate court to require the person who rejects a POA to accept it and can also award attorney’s fees and costs to the prevailing party – very welcome news!   (See sHB6774 for the full text of the bill – effective date October 15, 2015 was revised to be effective July 1, 2016).

If you want to avoid these costly, lengthy (often unnecessary) issues that frequently arise with some POA forms, we recommend carefully reviewing your current documents to make sure they still meet your needs with the assistance of a qualified attorney.  There are also some important new provisions in the new law that POAs should be updated to include. If you need assistance with this review, please contact me for a consultation.

(For readers of this blog unfamiliar with POAs – Powers of Attorney are created and used for a lot of different reasons, but the primary purpose is designating someone (called the agent) to legally make decisions or take actions on behalf of the principal.  The powers granted can be very limited or specific or they may be very broad.  In the estate planning context, powers of attorney are often durable, meaning they survive the incapacity of the principal.  Once incompetent, a person cannot enter into a new POA (or any contract for that matter.)

 

 

PRIVACY POLICIES REQUIRED

 

Think it doesn’t apply to you? Connecticut’s privacy law doesn’t just apply to the highly-regulated industries we’re accustomed to hearing about – like banking, healthcare, retail, publicly-traded companies and the government sector, who’re all regulated under a variety of strict, federal privacy and security laws. The Connecticut legislature (as well as many other states) saw fit to require anyone doing businesses in the state to safeguard personal information and requires that privacy policies be posted (See Conn. Gen. Stat.42-471). privacy policy picThis applies with the same force and effect to businesses both public and private. I can think of few, if any, businesses that don’t use, store, transmit or collect some type of “personal information” whether for payroll, offering health or other benefits, collecting social security numbers, conducting employment screenings, maintaining important customer and banking information – just to name a few of the areas covered by this law. Connecticut law requires more than just developing privacy policies – they must be publicly posted.

These privacy protections much like their federal counter-parts extend to any “personally identifying information” such a full name, social security number, address – essentially any information that either does or could reasonably lead to identifying someone. The definition of “personal information” under the Connecticut follows the definitions of other federal and state laws to include “information capable of identifying a particular individual by one or more identifiers – name, social security number, driver’s license, account numbers, photos, biometric information, health insurance information, credit or debit card numbers” and the like. Financial institutions that have complied with the privacy and security standards required under Gramm-Leach-Bailey (15 U.S.C. 6801) will be in compliance with this Connecticut law. Healthcare providers and business associates regulated under HIPAA/HITECH regulations (45 C.F.R. Sec. 160, et seq.) that have complied with the requirements of the 2013 Final Omnibus Rule will also likely avoid trouble.

To say the least, it’s a complex area. Depending upon the context and type of information collected, used or stored, businesses may also be required to comply with a variety of other privacy laws, in addition to this Connecticut law. While there are more than 30 federal laws governing privacy, and the list is growing, below is a summary of other, key federal laws that frequently apply to businesses (and their vendors) who are using, accessing, storing or transmitting “sensitive” information:

  1. HIPAA/HITECH covers past, present, or future physical, mental health conditions of a person;
  2. Financial information regulated under Gramm-Leach-Bliley Act (GLBA and FMSA);
  3. Credit card payments regulated under PCI-DSS industry standards;
  4. Computer Fraud and Abuse Act (CFAA) ;
  5. Children’s Online Privacy and Protection (COPP);
  6. Fair Trade Communications Act – FTC Privacy; and
  7. Electronic Communications Privacy Act (ECPA) regulating computer crimes.

With cyber hacking and data breach incidents rising throughout the healthcare, retail, banking and government sectors, Connecticut employers and businesses, who haven’t taken steps to evaluate the regulated information they use or possess along with developing written privacy and security policies to keep “personal information” safe from misuse – are making a high stakes gamble. Many of us who regularly work in this area know it’s really not a question of if – it’s a question of when information that wasn’t adequately protected may fall prey. Why chance what will be costly, embarrassing event?  Developing, implementing and posting privacy policies is a must.

Where do you start? For many companies, compliance with this Connecticut law (and other state and federal laws) can be accomplished by conducting security assessments, training employees on the importance of protecting data, developing and enforcing security policies – and most importantly posting these privacy policies. In the past year, dozens of bills have been introduced to protect consumers from the real and increasing threats of identity theft and fraud. And more are likely to follow. Those not in compliance with the important intent of this law – to safeguard personal information – face the real and ever present risk of harm to innocent victims, significant regulatory fines or worse. Why chance it. Call us today for practical guidance on avoiding these risks.

With over a decade of experience as Legal Counsel & Chief Compliance Officer to a variety of highly-regulated industry clients, our firm has the dedication and experience to help clients assess security vulnerabilities, train employees and develop the all important privacy and security policies needed in today’s Internet of Things world.

Please contact us today for more information. Let us know if you’d like a speaker on these important topics at your next business event.

 

 

 

 

 

 

Intellectual Property (IP) Rights – My Top 5 Tips for Protecting Your “Secret Sauce”

Intellectual property (IP) can be a complex topic and covers a lot of concepts – and it’s not just registered patents, copyrights and trademarks that need protection. Too often businesses don’t take a few preliminary steps to adequately protect important “trade secrets” and other intellectual property rights.

canstockphoto28923602 IPHere’s my top five for protecting ideas and avoiding costly problems:

1. Get a Confidentiality-Non-Disclosure Agreement (NDA) signed before you share anything. A signed NDA with all players should always be the first step in a prospective new business relationship. No business should share information with another entity or individual involving confidential or proprietary business information, methods, ideas (registered or not), formulas, trade secrets, know-how, technology, personnel and employee information, pricing formulas, sales or marketing information without the benefit of an NDA in place. Start our right – invest in a well-written NDA.

2. If go forward with a business relationship, be sure to include adequate protections and remedies against misuse of any confidential, proprietary information or IP rights, including provisions for recovery of damages, attorney’s fees and injunctions in all your contracts.

3. Employees, Vendors and NDAs. In many situations signing an NDA during the pre-hiring or hiring process is an extremely good idea if employees (sub-contractors or other vendors) may have access to confidential information. If employees, vendors or others will be directly or indirectly involved in developing any intellectual property, additional agreements relinquishing rights to ideas or processes developed will go a long way to avoiding costly disputes.

4. Don’t rely on your incorporation to protect your trade-name. And do an adequate search first. Companies often go to great lengths to distinguish themselves from competitors with identifying logos and marks. The last thing a business needs is to spend the resources, financial and otherwise, to develop something close to or directly infringing on another company’s marks – only to have them shut you down by successfully prosecuting an infringement claim. When searching online state, federal and international registries, it’s really important to keep in mind that these registries are just that – registries only that do not include any common law or “unregistered” marks that may be in use by others. A search should be broad enough to cover registered and unregistered marks. A properly registered mark puts the world on notice that the mark is protected and who the rightful owner is. There are a surprising number of businesses that have never registered their marks – many are older or smaller businesses. And while they do enjoy “common law” protection for what they’re using, proving ownership in the absence of a registration is, frankly, very expensive. If the common law owner prevails (and they often do) would you be prepared to start all over and continue the business with an entirely new logo and marketing plan? Register your trademarks and logos to protect your assets. Do a search before using any logos, trade names, trademarks or service marks so you don’t invite problems.

5. Be vigilant in protecting what’s yours. There are very few businesses without IP rights to protect. For those with registered patents, copyrights and trademark, keep an up-to-date inventory with all expiration dates and actively “monitor” whether others may be infringing. For those without formal registration protections, the same lesson holds true. It’s critically important to inventory and monitor what’s yours. Safeguard your valuable ideas – infringement claims are costly. Don’t make it easy for others to steal your ideas. Registering and monitoring marks is a smart move.

 

The LOI (Letter of Intent) is Binding – Really?

The Delaware Supreme Court thought so – even though most attorneys and business people, who regularly draft these documents know they’re always meant to be a non-binding expression of the major deal points to see if it makes sense to move forward with a deal and definitive, binding agreement. LOIs almost always state that they’re non-binding and courts in most jurisdictions seem to agree.

canstockphoto28784962

So what happened in the Delaware case SIGA Tech Inc. v PharmAthene, Inc. No 314, 2012, 67 A 3d 330 where the LOI was found binding is worth a close look. The parties in this case first entered into a non-binding licensing agreement term sheet (LATS) for a potential licensing deal, but PharmA insisted they explore a merger first. The parties then executed a Merger Agreement, which provided if the merger didn’t close by a certain date the parties would “negotiate in good faith with the intention of executing a definitive licensing agreement in accordance with the terms of the LATS”. The merger failed to close by the deadline. In a fortuitous turn of events for SIGA (but not so fortuitous in light of the high court’s later ruling), National Institutes of Health (NIH) agreed to provide significant funding for a new drug bumping the original valuation from $6mm to $40mm. SIGA refused to go forward with terms it earlier said were acceptable and PharmA, in turn, objected stating the terms were “radically different” from the LATS. SIGA then issued an ultimatum that PharmA negotiate “without any preconditions”. The lawsuit followed.

Even thought the LOI stated it was “non-binding” (most do to avoid potential claims and typically only state the major deal terms), the court found the language in the earlier License Agreement Term Sheet (LATS) incorporated into the merger agreement requiring negotiations “in good faith” compelling. The Delaware Supreme Court upheld the lower trial court’s decision that SIGA acted in bad faith. The Supreme Court went even further finding PharmA could recover “benefit of the bargain damages” (the value of the licensing agreement that would have been entered into but for bad faith) holding the parties were obligated to negotiate toward a license agreement on terms substantially similar if the merger wasn’t consummated. Great result for PharmA, not so much for SIGA.

The moral of the story? Draft carefully and include the most beneficial governing law provisions. LOIs have always been drafted and understood to be a non-binding first step to determine if parties want to move forward with a deal and definitive, binding agreement. What’s in the LOI and peripheral documents (here express good faith language or some other language a court may find binding and compelling enough to award damages) – must be carefully considered. Whether courts outside of Delaware may follow suit and what governing law provisions to include in the LOI must also be carefully considered.

Successor Liability – What is it and why should I care?

This blog post is prompted by an important, recent decision and case of “first impression” by the Connecticut Supreme Court containing valuable discussion of the special rules governing successor liability – Robbins v Physicians Women’s Health. (See case notes and citation below.) The following is oriented to Connecticut law, but many jurisdictions have similar rules.
file000821289525
How Successor Liability Arises – The General Rules:

Let’s assume a buyer wants to buy an existing business (or portion of a business). While there are many important considerations in a potential sale or purchase, successor liability (and how to avoid it) must be carefully considered. Agreements for business acquisitions are generally structured as either: (1) mergers or stock purchases of a company’s equity; or (2) purchases of the selling entity’s assets. Successor corporations may be liable for the debts and liabilities of the predecessor where there is a merger or consolidation of the two; or where there is a purchase of equity (corporate shares or LLC membership interests). Unlike most asset purchases where assets are typically transferred free of debts and liabilities. But care must be taken to ensure the right result.
Generally speaking, a purchaser can avoid successor liability by purchasing the assets of the selling entity, rather than purchasing the entity, itself. As the high court Robbin’s decision notes,” the general rules of corporate nonliability serve, in effect, as a security blanket to protect corporate successor from unknown or contingent liabilities of their predecessors”. But deals have to be structured correctly to avoid these perils and there are important exceptions.

Exceptions to the Rules Limiting Successor Liability:

As the Connecticut Supreme Court states in the Robbins decision, the rule limiting liability is nonetheless subject to four well-established exceptions. As successor corporation may be held liable for the debts and liabilities of its predecessor when: “(1) there is an express or implied assumption of liability; (2) the transaction amounts to a consolidation or merger; (3) the transaction is fraudulent; or (4) the transferee corporation is a mere continuation or reincarnation of the old corporation.”

The specific issue decided by the Supreme Court in Robbins was limited to: “Did the Appellate Court properly determine that the covenant not to sue executed by the Plaintiff in favor of a corporate tortfeasor does not foreclose imposition of successor liability, as a matter of law, on the subsequent purchaser of that company’s assets?” The Defendant in the case claimed the covenant not to sue executed by the Plaintiff in favor of a predecessor entity (Shoreline) prior to the acquisition by Physicians Women’s Health discharged any action against both Shoreline and its successors. The Supreme Court agreed.

The court found the covenant not to sue persuasive in precluding the Plaintiff from bringing an action against the subsequent purchaser, who later acquired Shoreline’s business. If you intend to purchase a business, it’s imperative that the purchase be structured to provide sufficient protections from these kinds of claims. And the old adage “Buyer Beware” always applies. Purchasers need to conduct appropriate levels of due diligence and have strong contractual provisions they can rely on after the closing to avoid the prospect of any later arising, expensive problems.

(Case Notes: The Robbins decision was published in 304 Conn. 926 and contains an interesting discussion of covenants not sue versus releases and various theories advanced by Plaintiff, including the liability of employers and joint tortfeasors under theories or respondent superior, which the court found unpersuasive “straw man” theories. The underlying case involved a medical malpractice claim that Plaintiff had settled with Shoreline where she provided covenants not to sue in connection with the settlement. Shoreline was later bought out by a successor medical provider and Plaintiff attempted additional recovery from Shoreline’s successor.)

 

HHS, OIG, DOJ & OTHER INDUSTRY LEADERS RELEASE COMPLIANCE GUIDANCE

If HHS or another regulator knocked on your door today – would you “pass” the audit?30647-doctors-and-nurses

On April 29, 2015, HHS (Dept. of Health and Human Services), OIG (Office of the Inspector General), HCS (Healthcare Compliance Association) and AHLA (American Health Lawyers Association) along with other industry leaders released a first of its kind joint collaboration education resource entitled “Practical Guidance for Healthcare Boards on Compliance Oversight” providing helpful tools for identifying risks, preparing for audits and responding to incidents. The document provides diverse tools and insights to governing boards, compliance officials and those reporting to them. Recognizing there is no uniform approach to compliance – no “one size fits all” approach, this multi-faceted guidance document will be a valuable resource for organizations both large and small to evaluate the scope and adequacy of their compliance programs.

In addition to asking the right questions of the right people to evaluate the risks posed to an organization, having an incident response plan before it’s needed is one of the best ways to ensure an organization can effectively respond to and recover from a security incident. Working with qualified legal and other professionals with strong compliance experience is one of the best ways to avoid problems.

This guidance emphasizes the importance of organization-wide accountability and offers decision makers a variety of tools to evaluate the effectiveness of policies and procedures within their organizations. The guidance – I believe correctly – concludes that asking the right questions is critical to staying ahead of problems.

The DOJ (Dept. of Justice) has also just released its guidance document entitled “Best Practices for Victim Response and Reporting of Cyber Incidents” providing practical advice for fending off and responding to cyber attacks. Offering guidance on what businesses should do before, during or after a cyber attack, DOJ outlines what’s expected in the event of a security incident, including the preservation of evidence and cooperation with their investigations.

As more and more healthcare and other entities are affected by illegal intrusions, these guidance documents offer practical advice for protecting against the ever present risk of cyber attack. An organization’s risk analysis (or lack of one) is a primary area of focus for regulators – knowing insufficient analysis to be the single, biggest culprit behind many known breaches. The absolute worst time to develop a breach response plan is after an attack – having the right people, processes and resources in place before it’s needed puts every organization in the best position to respond and successfully recover from a security breach.

With more than a decade of experience helping companies prepare for and respond to regulatory audits and security incidents, we welcome your inquires on how we can help.