Articles Posted in Uncategorized

After a teenage boy was fingerprinted without written consent when he purchased a season pass to Great America, his mother sued Six Flags for violation of the Illinois Biometrics Act.  In January the Illinois Supreme Court unanimously found that plaintiffs can bring a private cause of action for violations of the state’s biometric privacy law’s notice and consent requirements, even if they can’t show any harm.

The court found (Rosenbach v. Six Flags Entertainment Corporation) that individuals have control of, and a right to privacy over, their biometric identifiers, such as voice samples, retina scans and facial geometry, in addition to fingerprints. Because neither the son nor the mother consented in writing nor signed a written release for the taking of the fingerprint, and because Six Flags did not provide documentation about how long they might retain the data before destroying it, the court found the theme park violated these rights.

This decision underscores the fact that biometric privacy is quickly becoming an area of the law with greater application for businesses—and that they need to start paying attention, particularly as technology ramps up to a whole new level with the advent of microchips.  About the size of a grain of rice, these chips have been voluntarily implanted in the hands of employees at several companies and work like a card reader, providing the ability to open doors, get into company accounts and order from company vendors.

Estate plans should account for the disbursal of all assets, lest they become marooned in probate purgatory.  People are forgetting that they have digital assets that need to be accounted for.

bitcoin-1056983-300x169

Protecting Your Digital Assets

Digital assets like cryptocurrency, social media accounts, e-commerce and online accounts need to be cared for just as much as conventional ones, so that family members are able to account for and access them as property, wealth and assets are transferred from one generation to the next.

self-driving-uber-300x165The recent deaths of a motorist and a pedestrian in separate incidents in California and Arizona, respectively, both of which are under National Transportation Safety Board investigation, raise the question of whether autonomous driving technology has become safe enough for day-to-day roadway use.

A man from Peninsula, California, died when his Tesla Model X, which data from the vehicle log showed was in autopilot mode at the time, crashed into a concrete barrier on Highway 101 in nearby Mountain View.

Other Tesla drivers reported similar experiences near this same reeway barrier and others, corroborating accounts of the overall unreliability of the autopilot system near such dividers. At least one Tesla owner who drove near the barrier in question posted several videos showing autopilot steering to the left—straight toward the divider.

bitcoin-1056983-300x169Cryptocurrencies like Bitcoin have been spreading like cyber-kudzu during the past couple of years in certain corners of the online investing world. More cautious investors still might be hanging back to make sure they’re not a crypto-bubble. And now all investors have a reason to hesitate: a series of legal and regulatory investigations that call into question their stability as investments.

Among the recent developments that could give would-be investors pause:

  • The U.S Securities and Exchange Commission in May announced that it had secured injunctive relief to halt alleged “ongoing fraud” by an unregistered, non-exempt Initial Coin Offering (ICO) that had raised as much as $21 million in cryptoassets. Titanium Blockchain Infrastructure Services, Inc., EHI Internetwork and Systems Management, Inc., and Michael Stollery, a self-described “block chain evangelist,” were collectively accused of fraud in connection with purchase, offer or sale of securities under both the Securities Exchange Act and the Securities Act. The SEC alleged that the defendants created a digital asset known as BAR and TBAR tokens, orchestrated a social media campaign based on false corporate relationships—including, most egregiously, a supposed link with the Federal Reserve Bank—and false testimonials to show their supposed expertise. The complaint further alleged that the group of defendants had generated demand by offering various incentives and creating a sense of urgency, then inflated the price of the tokens on the secondary market in a “pump and dump,” or “create and inflate” scheme. Such schemes are seen as a widespread problem on crypto-exchanges.

Pot in the Workplace?

Illinois legalized the use of marijuana for more than three-dozen medical conditions starting in 2016, and by the end of 2017, nearly 35,000 people had applied for the program. Earlier this month, the legislature voted to allow the use of marijuana in lieu of prescription painkillers, to help avoid opioid addiction, which Governor Bruce Rauner is considering whether to sign.

And if Democratic candidate J.B. Pritzker defeats Rauner in this November’s elections, he has taken the position that he wants to legalize marijuana use in the state for recreational purposes, for the tax revenue it will bring into the state and the law enforcement and prison resources it will save. So where does this leave employers who still want to regulate its use in the workplace?

George-Bellas-Business-Attorney-300x195The growth of online paid subscription services that start with either a free trial that converts to automatic payments, or an upfront payment that automatically renews, have led to lawsuits challenging the clarity of such services’ terms of agreement.

A recent settlement that could total close to $2.3 million between several California jurisdictions and eHarmony, Inc., underscores the fact that small businesses offering automatic renewal subscription plans must present clear terms to customers prior to signup, and then obtain clear consent and an opt-in from customers to incur these fees.

The district attorneys of four California counties and the City of Santa Monica collectively filed the suit against eHarmony for allegedly violating state consumer protection laws—the California Business and Professions Code, and the Restore Online Shoppers Confidence Act. The Superior Court for the State of California for the County of Santa Cruz entered final judgment on Jan. 8.

data-protection-represents-forbidden-secured-and-wordcloud-266x300Have you thought about or bolstered your cybersecurity lately?

Because while government agencies, corporations and banks might be the top targets of would-be cyber attackers, small businesses need to make sure they’re protected, too, lest hackers succeed in their attempts to intrude and, in some form or fashion, monetize their information and data.

Such efforts start with educating yourself and your employees about malware and phishing attempts, ensuring that everyone knows not to open an attachment or click on a link—whether on their computer, phone or another device—if they don’t recognize the source.  You must regularly remind your employees and family never to open questionable emails or emails from an unknown source.   In particular, never open any attachments from people you don’t know or recognize.

identity-fingerprint-represents-log-ins-and-brand-300x225The Biometric Information Privacy Act, which the Illinois legislature passed in 2008, has led to a barrage of class action lawsuits in the past six months. Thought to be the nation’s most stringent law protecting biometric identifiers—which include fingerprints, iris or face scans, and voice identification—BIPA has spurred about 30 such suits in Cook County alone.

Filed against employers such as gas stations, restaurants, and retail outlets, mostly stemming from employer time clocks that use fingerprint identification, the cases allege that businesses did not obtain proper informed consent from their employees, or did not maintain or inform employees about the company’s use, storage and destruction of biometric data, as required by the law. Some of the cases also claim the employer improperly shared with time clock vendors the biometric data, and some go so far as name these third parties as defendants.

These local cases follow on the heels of five class-action lawsuits that were filed in 2015, four against Facebook and one against Shutterfly, which allege that these social media companies used facial recognition software without asking for consent or following under procedural requirements under BIPA, which allows an “aggrieved” person to recover $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

data-protection-represents-forbidden-secured-and-wordcloud-266x300Small business owners with customers based in the European Union will want to circle May 25 on their calendars. That’s the date that the EU’s General Data Protection Regulation (GDPR) goes into effect, significantly impacting enterprise cybersecurity and data governance policies and practices among organizations that handle data on EU citizens and residents.

In the U.S., businesses do not face an overarching data protection law—measures related to data protection are contained in various statutes and regulations, many of them at the state level, with California and Massachusetts, home to major tech companies, having probably the strictest requirements.

Stateside small businesses will need to continue to keep track of the patchwork quilt of U.S. laws and regulations while gearing up to become 100 percent compliant with GDPR, which means they need to begin implementing the necessary technologies yesterday.

George Bellas Business Attorney
The Federal Communications Commission will vote December 14 on whether to repeal so-called “net neutrality” rules.  Those in favor of the current rules, established in 2015, say this would mean a playing field tilted toward those with money to pay Internet service providers for rapid content delivery speeds, giving them a fast lane to consumers’ desktops, tablets and phones.  What would that mean for small businesses?

The plan, put forth by current FCC Chairman Ajit Pai and supported in writing by the two other Republican appointees on the five-person commission—thus making its passage likely—would reverse the Obama era decision classifying Broadband Internet Access Service (BIAS) as a telecommunications service. Instead these providers—which include wired telephone companies, wireless carriers and cable television service providers—would be reclassified as offering information services.

The 2015 classification, which received a 3-2 affirmative vote in the then-Democratic-controlled FCC, was affirmed in June 2016 by the U.S. Courts of Appeals for the District of Columbia Circuit. In declaring broadband providers as telecommunications services, the FCC promulgated rules that stopped providers from blocking access to content and applications, slowing the speed with which users could access content, and charging fees to those willing to pay to have their content disseminated more rapidly.