Risk Operations Compliance

DOJ Proposes Tighter Disability Accessibility Requirements For State and Local Government Apps

Posted on August 5, 2023 by Cynthia Marcotte Stamer

On August 3, 2023, the Department of Justice published a Notice of Proposed Rulemaking (NPRM) proposing to update the regulations for Title II of the Americans with Disabilities Act (ADA) to better ensure web and mobile app accessibility for people with disabilities. The Department seeks public feedback on its proposal, which aims to clarify how State and local governments can meet their existing ADA obligations as their activities increasingly shift online.

Under Title II of the ADA, state and local governments’ services, programs, and activities must be accessible to people with disabilities. In Title II, state and local governments are also called public entities. Title II applies to all programs, services, or activities of state and local governments, from adoption services to zoning regulation. This includes the services, programs, and activities that state and local governments offer online and through mobile apps.

Like the rest of Title II, the proposed rule would apply to all state and local government entities. Examples of these include:

State and local government offices that provide benefits and/or social services, like food assistance, health insurance, or employment services
Public schools, community colleges, and public universities
State and local police departments
State and local courts
State and local elections offices
Public hospitals and public healthcare clinics
Public parks and recreation programs
Public libraries
Public transit agencies.

For a high-level summary of the NPRM, read the fact sheet. The Department has also published a press release. Members of the public can submit comments on the NPRMonline by October 3, 2023. Comments may also be mailed to the Disability Rights Section, Civil Rights Division, U.S. Department of Justice, P.O. Box 440528, Somerville, MA 02144.

Impact of state and local government entities and their applications, vendors, and advisors should review and comment on these proposed rules as well as began assessing their impact, and costs of compliance as soon as possible.

More Information

When investigating and responding to a violation, it is critically important to document the timing and details of the discovery of a potentially concern

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer’s work throughout her 35 year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As an ongoing component of this work, she regularly advises, represents and defends businesses on Guideline Program and other compliance, risk management and other internal and external controls in a wide range of areas and has published and spoken extensively on these concerns.

Ms. Stamer also is widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on workforce, compensation, and other operations, risk management, compliance and regulatory and public affairs concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving, and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Posted in Uncategorized | Leave a comment

Sex Harassment Lawsuit Against Landlord Reminder Federal Discrimination Bans Apply To Housing, Other Business Ops Beyond Employmenr

Posted on April 19, 2023 by Cynthia Marcotte Stamer

A new Fair Housing Act sexual harassment lawsuit filed against the owner and operator of rental properties in the Pulaski County, Kentucky area reminds business owners and leaders that sexual harassment and other federal civil rights and other discrimination and retaliation prohibitions apply to more than employment practices. Similar provisions also generally apply to businesses dealings with vendors, customers, and others in the course of its operations. Implementing appropriate controls to ensure compliance with these nondiscrimination rules critical to prevent exposure to substantial liabilities under federal law.

Federal Civil Rights Laws’ Broad Reach

Federal civil rights statutes generally apply to essentially any entity that receives an award of federal financial assistance — regardless of which federal agency awards the grant or cooperative agreement — and encompass the “program or activity” funded in whole or in part with the federal financial assistance.

I’m the case of housing and related lending, for instance, they Fair Housing Act (“FHA”) prohibits discrimination in housing based on sex, race, color, religion, national origin, disability and familial status. The FHA makes it illegal discrimination to take any of the following actions because of race, color, religion, sex (including gender identity and sexual orientation), disability, familial status, or national origin:

Refuse to rent or sell housing;, to negotiate for housing; or otherwise make housing unavailable
Set different terms, conditions or privileges for sale or rental of a dwelling;
Provide a person different housing services or facilities;
Falsely deny that housing is available for inspection, sale or rental;
Make, print or publish any notice, statement or advertisement with respect to the sale or rental of a dwelling that indicates any preference, limitation or discrimination;
Impose different sales prices or rental charges for the sale or rental of a dwelling;
Use different qualification criteria or applications, or sale or rental standards or procedures, such as income standards, application requirements, application fees, credit analyses, sale or rental approval procedures or other requirements;
Evict a tenant or a tenant’s guest;
Harass a person;
Fail or delay performance of maintenance or repairs;
Limit privileges, services or facilities of a dwelling;
Discourage the purchase or rental of a dwelling;
Assign a person to a particular building or neighborhood or section of a building or neighborhood;
For profit, persuade, or try to persuade, homeowners to sell their homes by suggesting that people of a particular protected characteristic are about to move into the neighborhood (blockbusting);
Refuse to provide or discriminate in the terms or conditions of homeowners insurance because of the race, color, religion, sex (including gender identity and sexual orientation), disability, familial status, or national origin of the owner and/or occupants of a dwelling; or
Deny access to or membership in any multiple listing service or real estate brokers’ organization.

It also is illegal discrimination to take any of the following actions in mortgage lending based on race, color, religion, sex (including gender identity and sexual orientation), disability, familial status, or national origin:

Refuse to make a mortgage loan or provide other financial assistance for a dwelling;
Refuse to provide information regarding loans;
Impose different terms or conditions on a loan, such as different interest rates, points, or fees;
Discriminate in appraising a dwelling;
Condition the availability of a loan on a person’s response to harassment; and
Refuse to purchase a loan.

Furthermore, the FHA also makes it illegal to:

Harass persons because of race, color, religion, sex (including gender identity and sexual orientation), disability, familial status, or national origin;

Threaten, coerce, intimidate or interfere with anyone exercising a fair housing right or assisting others who exercise the right; or
Retaliate against a person who has filed a fair housing complaint or assisted in a fair housing investigation.

Added prohibitions and protections also apply to disability discrimination. Housing providers must make reasonable accommodations and allow reasonable modifications that may be necessary to allow persons with disabilities to enjoy their housing.

New FHA Lawsuit Against Landlord Bell

The Justice Department lawsuit filed as part of its Sexual Harassment in Housing Initiative today alleges Danny T. Bell sexually harassed numerous female tenants since at least 2010. According to the complaint, Bell made repeated and unwelcome sexual comments to female tenants, entered the homes of female tenants without their consent, touched female tenants’ bodies without their consent, offered reduced or free rent in exchange for sexual contact and took adverse housing-related actions against female tenants who refused his sexual advances. The lawsuit seeks monetary damages to compensate those harmed by the alleged harassment, a civil penalty to vindicate the public interest and a court order barring future discrimination.

The Sexual Harassment in Housing Initiative launched by the Justice Department in October 2017 is led by the Civil Rights Division, in coordination with U.S. Attorneys’ Offices across the country. The initiative seeks to address and raise awareness about sexual harassment by landlords, property managers, maintenance workers, loan officers and other people who have control over housing. Since launching the initiative, the department has filed 30 lawsuits alleging sexual harassment in housing and recovered over $9.8 million for victims of such harassment.

The Justice Department made a point of emphasizing its commitment to enforce sexual harassment and other prohibitions against discrimination in retaliation and housing when it announced today’s lawsuit.

“Everyone deserves to feel safe at home, and sexual harassment in housing destroys that feeling of security,” said Assistant Attorney General Kristen Clarke of the Justice Department’s Civil Rights Division. “The Justice Department will continue to vigorously enforce the Fair Housing Act to protect tenants from harassment and retaliation by their landlords.”

With the current Administration’s emphasis on the expansion of civil rights protections and enforcement, all businesses need to understand their obligations and implement appropriate controls and training to promote compliance against the possible need to defend their own organizations actions. Often, violations are committed by employees or agents in the field, who are in adequately, trained or managed. Businesses also should ensure that contracts, advertisements, property notices, and other documents in communications incorporate non-discrimination and equality notifications, as required by law or otherwise advisable. tenants, customers, or others suspecting potential violations should be notified of procedures for reporting concerns, and businesses should conduct prompt, comprehensive investigations and document, their actions and responses to help mitigate potential liability. Most businesses also will want to ensure that they arrange for liability insurance coverage, providing for defense and insurance of potential claims and should work with legal counsel to investigate and respond to any complaints, reports, or other concerns to promote defensibility.

When investigating and responding to a violation, it is critically important to document the timing and details of the discovery of a potentially concern

More Information

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35+ years of workforce and other management work, public policy leadership and advocacy, coaching, teachings, scholarship and thought leadership. As a part of this experience, Miss Stamer has experience assisting clients with the investigation and defense of housing, health care and other civil rights and disabilities discrimination and retaliation complaints in employment, housing, health care, hospitality, lending and other businesses including defense of one of the initial disability discrimination, investigation and enforcement actions brought by the Justice Department and the HUD; section 1557 healthcare discrimination charges; as well as civil rights and other discrimination and retaliation enforcement actions in other industries.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Posted in CEO, CFO, Compliance, discrimination, Government Contractor, Internal Controls, landlord tenant, Leadership, management, Officers, Officers Liability, Performance Management, real estate, Risk Management, Uncategorized | Leave a comment

New DOJ Voluntary Self-Disclosure Policy Alerts Organizations To Strengthen Sentencing Guideline Compliance Programs

Posted on February 23, 2023 by Cynthia Marcotte Stamer

Organizations and their leaders risk, federal criminal liability from violations of an ever-growing multitude of federal tax, securities, cyber liability, labor and employment, safety, environmental and other laws.

As part of these efforts, leaders now need to consider advisability of enhancements or other modifications of their organization’s Federal Sentencing Guideline and other compliance programs and practices in light of the new corporate criminal conduct Voluntary Self-Disclosure Policy (“VSD policy”) announced by the Department of Justice on February 23, 2023. Concurrently, organizations and their leaders also will want to monitor and respond promptly to Justice Department statements and congressional recommendations on proposed Guideline changes providing critical insights into the Justice Department’s planned interpretation and enforcement of federal criminal laws and the Guidelines against organizations and their leaders like those available here.

While the application of the VSP policy inherently requires subjective decision-making, the VSP policy and other emerging statements reenforces to organizations and their leaders the advisability of ensuring their organizations adopt and administer effective Federal Sentencing Guideline compliance programs for the ever-growing list of laws applicable to their organizations that carry potential felony and class A misdemeanor criminal liability and timely to investigate and self-disclose violations with the assistance of legal counsel in accordance with the Guideline requirements for liability mitigation to mitigate the potential liability exposure of the organization and its leader.

VSD Policy Standardizes USAO Sentencing Guideline Organization Liability Determinations

Chapter 8 of the Federal Sentencing Guidelines sets standards for assessment of criminal liability and punishment against corporations, partnerships, labor unions, pension funds, trusts, non-profit entities, and governmental unit (“organizations”) and their leaders for legal violations committed by the organization that carry felony or Class A misdemeanor liability or when the Federal Sentencing Guidelines impute criminal liability to the organization for criminal acts that an employee of the organization commits an act within the apparent scope of his employment.

The standards for organizational sentencing offer organizations the opportunity to mitigate their liability exposure if it can persuade the prosecuting U.S. attorneys office (“USAO”) it had in place and followed an effective compliance program, promptly reported the violation to the authorities, and that high level were not involved in the actual offense conduct. On the other hand, an organization the organization’s lack of an effective compliance program, delay in investigation, cover-up or failure or delay or timely disclose and make restitution for violations are aggravating factors that can increase its potential sanction.

According to the Justice Department, the Justice Department intends that the VSD policy ensure that organizations can rely on receiving the same treatment and benefits for voluntarily self-disclosing criminal conduct under the Federal Sentencing Guidelines organizational liability rules to any USAO no matter where the organization operates by setting “a nationwide standard” for how USAOs will determine whether an organization has made a voluntary self-disclosure and making transparent the specific, tangible benefits to an organization that the USAO will offer the organization for making a voluntary self-disclosure, fully cooperating, and remediating the criminal conduct.

In furtherance of this goal, the new VSD policy provides that a USAG will consider an organization to have made a VSD for purposes of the Federal Sentencing Guidelines if it becomes aware of misconduct by employees or agents before that misconduct is publicly reported or otherwise known to the DOJ, and discloses all relevant facts known to the company about the misconduct to USAO in a timely fashion before an imminent threat of disclosure or government investigation.

In the absence of any aggravating factor, the VSD policy calls for the USAG “significant benefits” to a corporation that voluntarily self-discloses criminal conduct committed by its employee or agent in accordance with the VSD policy, fully meets the other requirements of the VSD policy, fully cooperates and timely and appropriately remediates the criminal conduct including agreeing to pay all disgorgement, forfeiture, and restitution resulting from the misconduct. The promised significant benefits for organizations making a qualifying VSD include that the USAO:

Will not seek a guilty plea;
May choose not to impose any criminal penalty and in any event will not impose a criminal penalty that is greater than 50% below the low end of the United States Sentencing Guidelines (USSG) fine range; and
Will not seek the imposition of an independent compliance monitor if the company demonstrates that it has implemented and tested an effective compliance program.

The VSD policy identifies three aggravating factors that could warrant a USAO seeking a guilty plea even if the other requirements of the VSD policy are met:

If the misconduct poses a grave threat to national security, public health, or the environment;
If the misconduct is deeply pervasive throughout the company; or
If the misconduct involved current executive management of the company.

The Justice Department says the presence of an aggravating factor does not necessarily mean that a guilty plea will be required. Rather, the USAO will assess the relevant facts and circumstances to determine the appropriate resolution. If a guilty plea is ultimately required, the Justice Department says the organization will still receive the other benefits under the VSD policy, including that the USAO will recommend a criminal penalty of at least a 50% and up to a 75% reduction off the low end of the USSG fine range, and that the USAO will not require the appointment of a monitor if the company has implemented and tested an effective compliance program.

In cases where a company is being jointly prosecuted by a USAO and another DOJ component, or where the misconduct reported by the company falls within the scope of conduct covered by VSD policies administered by other DOJ components, the USAO will coordinate with, or, if necessary, obtain approval from, the DOJ component responsible for the VSD policy specific to the reported misconduct when considering a potential resolution. Consistent with relevant provisions of the Justice Manual and as allowable under alternate VSD policies, the USAO may choose to apply any provision of an alternate VSD policy in addition to, or in place of, any provision of its policy.

VSD Policy Reenforces Effective Compliance Program & Guideline Compliance Necessity

The stated goal of the VSD policy to incentivize companies to maintain effective compliance programs capable of identifying misconduct, expeditiously and voluntarily disclose and remediate misconduct, and cooperate fully with the government in corporate criminal investigations sends a strong message to organizations and their leaders to maintain and administer effective compliance programs and follow the VSD policy promptly when issues arise.

While the Justice Department touts the benefits of compliance with the VSD policy, its adoption also carries an implicit warning to organizations against failing to comply with its provisions.

With the Biden Administration accelerating enforcement of a wide range of federal laws carrying criminal liability, organizations and their leaders should heed this warning by auditing and enhancing their and their organization’s potential criminal exposures and the adequacy of their compliance policies, practices and documentation.

Because of the highly sensitive nature Campus of this type of analysis for the organization and its leaders, before starting the review, and throughout its conduct organizations are urged to engage and seek guidance from qualified legal counsel to position their review for protection, within the scope of attorney, client privilege, and other evidentiary protections, as well as to maximize the benefit of the effort undertaken in the event of future investigations or enforcement.

Possessing an up-to-date understanding of legal obligations, caring, criminal liability exposure is absolutely critical to the effectiveness of this review. With laws and regulations constantly changing, and organizations, and their leaders must start by ensuring their organizations’ processes for monitoring and identifying laws, carrying potential criminal liability, exposure or otherwise, requiring corporate compliance programs are robust and up to date.

When implementing compliance procedures, for any specific law, organizations, and their leaders will also want to ensure that their processes and policies are designed to meet the seven criterial that Chapter 8 of the Federal Sentencing Guidelines outlines for establishing an “effective compliance program”

The maintenance and enforcement of compliance standards and procedures reasonably capable of reducing the prospect of criminal activity;
Oversight by high-level personnel;
Due care in delegating substantial discretionary authority;
Effective Communication to all levels of employees;
Reasonable steps to achieve compliance, which include systems for monitoring, auditing, and reporting suspected wrongdoing without fear of reprisal.
Consistent enforcement of compliance standards including disciplinary mechanisms; and
Reasonable steps to respond to and prevent further similar offenses upon detection of a violation.

Taking into account these criteria and the new VSP policy, organizations and their leaders also should ensure their organization has appropriate procedures and protocols for receiving, investigating and reports of potential violations and the organization’s timely and appropriate response in a manner that best positions the organization to demonstrate the culture of compliance, and other factors necessary to qualify for the maximum leniency under the guidelines. in a manner that best positions the organization to demonstrate the culture of compliance, and other factors necessary to qualify for the maximum leniency under the guidelines.

When designing and administering compliance investigations and responses, documentation and other evidence regarding actions taken, communications and deliberations, play a key role in deciding how the organization and its leaders will be treated under the VCD policy and the guidelines. For this reason, organization should include appropriate procedures to determine when and how legal counsel will become involved to guide the process and allow for the use of attorney client privilege to help protect, sensitive discussions along the way. Legal counsel also should assist in documenting the process and findings for presentation to the Justice Department and subsequent communications with it through resolution.

More Information

When investigating and responding to a violation, it is critically important to document the timing and details of the discovery of a potentially concern

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Posted in agriculture, antitrust, bank secrecy act, Bankruptcy, Board of Directors, CEO, CFO, Compliance, Cyber, D&O, Director Liability, Director Liabiloity, Employee Benefits, Employment, Fair Debt Collection Practices Act, Fair Debt Collections Act, fda, Fiduciary Responsibility, Government Contractor, Internal Controls, management, Officers, Officers Liability, Reductions In Force, Risk Management, Securities, sentencing guidelines, Tax, Uncategorized, Workforce Management | Leave a comment

Automobile & Other Motor Vehicle Businesses Must Prepare For New FTC Rules

Posted on July 28, 2022 by Cynthia Marcotte Stamer

Automobile and other impacted motor vehicle sellers and related businesses should begin preparations to comply with a recently proposed Federal Trade Commission (“FTC”) consumer protection rules targeting certain motor vehicle seller’s marketing, sales, leasing and financing practices proposed in the recently published FTC Motor Vehicle Dealers Trade Rule Notice of Proposed Rulemaking (“Proposed Rule”) as well as submit any relevant comments on the Proposed Rule by the September 12, 2022 comment deadline.

If adopted as currently proposed, the Motor Vehicle Dealers Trade Rules would impose substantial new compliance, training and documentation requirements automobile and other vehicle businesses. Among other things, the Proposed Rule will:

Prohibit motor vehicle dealers from making certain misrepresentations in the course of selling, leasing, or arranging financing for motor vehicles;
Require “accurate pricing disclosures” in dealers’ advertising and sales discussions;
Require dealers to obtain consumers’ express, informed consent for charges;
Prohibit the sale of any add-on product or service that confers no benefit to the consumer; and
Require dealers to keep specified records of advertisements and customer transactions.

The Commission says the Proposed Rule is needed to protect service members and other consumers against “unscrupulous auto dealers” using “payment packing” (slipping unwanted add-ons into a purchase agreement), bait-and-switch tactics, extra junk fees and other unscrupulous and predatory auto sales practices. To combat these practices, the Proposed Rule would:

Ban bait-and-switch claims: The proposal would prohibit dealers from making a number of deceptive advertising claims to lure in prospective car buyers such as the cost of a vehicle or the terms of financing, the cost of any add-on products or services, whether financing terms are for a lease, the availability of any discounts or rebates, the actual availability of the vehicles being advertised, and whether a financing deal has been finalized, among other areas. Once in the door or on the hook, consumers face the fallout of false promises that don’t pan out.
Ban fraudulent junk fees: The proposal would prohibit dealers from charging consumers junk fees for fraudulent add-on products and services that provide no benefit to the consumer (including “nitrogen filled” tires that contain no more nitrogen than normal air).
Ban surprise junk fees: The proposal would prohibit dealers from charging consumers for an add-on without their clear, written consent and would require dealers to inform consumers about the price of the car without any of optional add-ons.
Require full upfront disclosure of costs and conditions: The proposal would require dealers to make key disclosures to consumers, including providing a true “offering price” for a vehicle that would be full price a consumer would pay, excluding only taxes and government fees. It would also require dealers to make disclosures about optional add-on fees, including their price and the fact that they are not required as a condition of purchasing or leasing the vehicle, along with disclosures to consumers with key information about financing terms.
Recordkeeping Requirements. Require dealers to maintain specific records of marketing, sales and leasing and other activities.
Authorize FTC Recoveries. The proposed rule also would allow the Commission to recover money when consumers are misled or charged without their consent.

Dealers impacted by the Proposed Rules should anticipate that the Proposed Rule, if adopted as proposed, the Proposed Rule will require significant changes in their marketing, sales, disclosure, recordkeeping, training and compliance practices.

Dealers concerned about the scope and burden of these proposed requirement should consider submitting well-reasoned comments on the Proposed Rule before the September 12, 2022 comment deadline. Pending the finalization of the Proposed Rule, dealers should keep in mind that significant risk already arises from the enforcement of existing laws against perceived abuses in motor vehicle marketing, sales and leasing, financing and other business practices by the Commission, state regulators and private litigants. Consequently, in addition to preparing to comply with the Proposed Rules when adopted, dealers should review and tighten their current practices to minimize their already existing exposures from lax or overreaching practices.

The Proposed Rule and related automobile marketing and sales consumer protection efforts is only one of a plethora of stepped up regulatory and consumer protection initiatives targeting a broad range of industries and practices the FTC currently is pursuing. All organizations and their leaders should review and monitor these FTC activities and take the appropriate documented steps to ensure that their organizations practices are updated and backed by compliance and risk management programs and practices with the necessary internal and external controls, governance and oversight to monitor and maintain compliance and identify and respond to new requirements and incidents with appropriate process, intervention and documentation to defend compliance and mitigate other cyber-related risks for their organizations, their investors and their leaders.

More Information

We hope this update is helpful. For more information about or assistance with these or other workforce, internal controls and compliance or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public companies of all types and sizes, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, lending, occupational injury, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of a host of industry and operation specific internal and external compliance, risk management and operations concerns.

As a part of this work, she also has worked closely with automobile and other retailers and wholesalers, banks and other finance, real estate, health care, insurance, manufacturing, technology and data, advertising and marketing and a host of other highly regulated businesses, their leaders, investors, creditors, employee benefit plans, consultants to design, administer and defend a broad array of industry and operation-specific internal and external compliance, risk management, governance and other controls and practices as well as to anticipate and respond to federal and state legislative, regulatory, investigatory and enforcement including the Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; private litigation and other enforcement.

Ms. Stamer also has decades of leadership experience in a wide range of professional, civic and community organizations including service as incoming American Bar Association (ABA) International Section Life Sciences Committee Chair, continuing ABA Intellectual Property Section Law Practice Management Committee Chair, Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, incoming ABA TIPS Medicine & Law Committee Chair-Elect, returning incoming RPTE Law Practice Management Chair and Welfare Benefit Committee Co-Chair and former Chair of its Fiduciary Responsibility, Plan Terminations and Distributions and Defined Contribution Plan Committees, a former JCEB Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former SHRM Consultants Board and Region IV Chair, former Texas Association of Business Board, BACPAC Board and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas.

Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relaationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2022 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Posted in Board of Directors, Compliance, Internal Controls, marketing, Performance Management, Risk Management, Uncategorized | Tagged Compliance, Consumer Protection, employment, Governance, Internal Controls, Risk Management, Risk Managment, Training, Workforce | Leave a comment

Texas Supreme Court Extends Special COVID-19 Landlord-Tenant Eviction Rules

Posted on April 21, 2022 by Cynthia Marcotte Stamer

The Texas Supreme Court’s Fiftieth Emergency Order Regarding the COVID-19 State of Disaster (50th Order”) published today (April 20, 2022) reissues the judicial relief and procedures previously in effect under its Forty-Eighth Emergency Order (Misc. Dkt. No. 22-9015) in light of the U.S. Department of Treasury’s allocation of additional rental assistance funds to the Texas Department of Housing and Community Affairs (“TDHCA”) for the Texas Eviction Diversion Program.

Under the 50th Order, any Texas action for eviction to recover possession of residential property
under Chapter 24 of the Texas Property Code and Rule 510 of the Texas Rules of Civil
Procedure based, in whole or part, on the nonpayment of rent must comply with additional requirements and procedures beyond those typically required for residential convictions in the absence of the COVID-19 health care emergency.

Review the requirements of the 50th Order here.

Landlords and tenants contemplating or dealing with eviction or unpaid rent enforcement should review and follow these orders carefully.

More Information

For additional information about the requirements or concerns discussed in this article, republication or other related matters, please contact the author, employment lawyer Cynthia Marcotte Stamer via e-mail, via telephone at (214) 452 -8297 or on LinkedIn.

Solutions Law Press, Inc. invites you to receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Well-known for her extensive work with health and life sciences, insurance, employee benefits, health and other insurance, financial services, technology, energy, manufacturing, retail, hospitality, government contractors, governmental and other highly regulated employers, her more than 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources, employee benefits, daily performance and operations management, internal controls, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations.

Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com, her LinkedIn Profile or e-mail her directly.

About Solutions Law Press, Inc.™

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2022 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Posted in COVID, landlord tenant, Uncategorized | Tagged COVID, Evictions, Rent | Leave a comment

SEC Proposed Cybersecurity Rules Reenforce Tighten Requirements & Highlight Imperative For Market Involved & Influencing Businesses & Leaders To Clean Up Cybersecurity Practices & Disclosures

Posted on March 10, 2022 by Cynthia Marcotte Stamer

Public companies and other market participating or influencing companies and their leaders should begin preparing to comply with enhanced cybersecurity risk management, disclosure, strategy, governance and incident reporting and response requirements of a Proposed Rule the Security and Exchange Commission (“SEC”) published in today’s (March 9, 2022) Federal Register. Published on the heels of the SEC’s announcement of plans to hold public companies and their leaders accountable for lax cybersecurity risk management and disclosure, the SEC’s promotion of the Proposed Rule is one of a growing series of SEC and other federal agency initiatives ratcheting up responsibilities and legal liability risks of organizations and their executives in the face of growing cybersecurity threats. In the face of these rising risks, public companies and their leaders should move promptly to conduct documented assessments of the adequacy of their existing cybersecurity safeguards, risk assessments and breach detection and response practices within the protective scope of attorney-client privilege as soon as possible considering the requirements of the Proposed Rule and other rapidly evolving rules, precedent and cyberthreats. Meanwhile, individuals and organizations wishing to comment on the Proposed Rule should submit their comments as soon as possible and no later than May 8, 2022, which is the last day of the 60-day comment period established in the Proposed Regulation.

Cybersecurity Risks & Responsibilities Of Companies & Their Leaders Rising

With cybersecurity threats and compliance concerns growing, the SEC is prioritizing cybersecurity investigation and enforcement against public companies and other market participants for lack cybersecurity governance, safeguards or disclosures. See e.g., SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations. Along announcing its commitment to hold market involved and impacting regulated entities accountable for failing to maintain and enforce appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, training and awareness, investor disclosures and other practices.

Beginning in 2019, the SEC strengthened its warnings to public companies and other market involved and influencing organizations and has begun more aggressively investigating and pursuing enforcement against companies that fail to fulfill their SEC cybersecurity obligations. As public companies and investor losses from data breaches, malware and other cybersecurity have continued, taken enforcement action against various public companies that experienced significant drops in stock value due to malware, data breach or other cybersecurity incidents. See here. For instance, in August, 2021, London-based educational publishing giant Pearson plc, agreed to pay $1 million to settle SEC charges that it had inadequate cybersecurity disclosure controls and procedures and made misleading statements and omissions about the 2018 data breach involving the theft of student data and administrator log-in credentials of 13,000 school, district and university customer accounts. In its semi-annual report, filed in July 2019, Pearson referred to a data privacy incident as a hypothetical risk, when, in fact, the 2018 cyber intrusion already had occurred. Also in a July 2019 media statement, Pearson stated that the breach may include dates of births and email addresses, when, in fact, it knew that such records were stolen, and falsely that Pearson had “strict protections” in place, when, in fact, it failed to patch the critical vulnerability for six months after it was notified. The media statement also omitted that millions of rows of student data and usernames and hashed passwords were stolen. The SEC order further found that Pearson’s disclosure controls and procedures were not designed to ensure that those responsible for making disclosure determinations were informed of certain information about the circumstances surrounding the breach and that Pearson waited to inform investors about the breach until after contacted by the media. After the SEC issued an order that found Pearson violated Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933 and Section 13(a) of the Exchange Act of 1934 and Rules 12b-20, 13a-15(a), and 13a-16 thereunder, without admitting or denying the SEC’s findings, Pearson agreed to cease and desist from committing violations of these provisions and to pay a $1 million civil penalty.

Until recently, these cybersecurity enforcement actions focused primarily on entities. Last summer, however, the SEC announced that along with continuing its enforcement against public companies and other market involved and impacting companies for cybersecurity deficiencies, it now intends to purse enforcement against officers, directors or other leaders of companies that allow these deficiencies. Coincident with this announcement, the SEC made good on its promise to prosecute individual leaders by suing leaders of three companies accused of violating SEC cybersecurity controls, governance, and disclosure rules.. See, e.g., SEC Announces Three Actions Charging Deficient Cybersecurity Procedures.

Newly Proposed SEC Cybersecurity Rule Clarifies Expectations, Facilitates Noncompliance Enforcement Against Public Companies & Leaders

The SEC publication of the Proposed Rule both reenforces its prior cybercompliance warnings and adds more teeth to the SEC’s efforts to monitor, investigate and enforce its rules against market involved and impacting regulated entities and their leaders that fail to fulfill their cybersecurity obligations.

The “clarifications” in the Proposed Rule define minimum expectations for public company management and disclosures to investors about their cyber risk management, strategy, and governance and requiring public companies to notify investors of material cybersecurity incidents very quickly.

Among other things, the Proposed Rule will require that public companies:

Amend Form 8-K to require registrants to disclose information about a material cybersecurity incident within 4 business days after the registrant determines that it has experienced a material cybersecurity incident;
Add new Item 106(d) of Regulation S-K and Item 16J(d) of Form 20-F to require registrants to provide updated disclosure relating to previously disclosed cybersecurity incidents and to require disclosure, to the extent known to management, when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate; and
Amend Form 6-K to add “cybersecurity incidents” as a reporting topic.

The Proposed Rule also will require enhanced and standardized disclosure about public company cybersecurity risk management, strategy, and governance by:

Adding Item 106 to Regulation S-K and Item 16J of Form 20-F to require a registrant to:
Describe its policies and procedures, if any, for the identification and management of risks from cybersecurity threats, including whether the registrant considers cybersecurity as part of its business strategy, financial planning, and capital allocation; and
Require disclosure about the board’s oversight of cybersecurity risk and management’s role and expertise in assessing and managing cybersecurity risk and implementing the registrant’s cybersecurity policies, procedures, and strategies; and
Amending Item 407 of Regulation S-K and Form 20-F to require disclosure regarding board member cybersecurity expertise including disclosure in annual reports and certain proxy filings if any member of the registrant’s board of directors has expertise in cybersecurity, the name(s) of any such director(s) and any detail necessary to fully describe the nature of the expertise; and
Requiring public companies present the cybersecurity disclosures in Inline eXtensible Business Reporting Language (Inline XBRL).

Given the SEC’s announced cybersecurity priorities, most commentators expect the SEC to move promptly to implement the Proposed Rule after the comment period ends on May 8. If these expectations prove true, market participating and influencing entities and their leaders already at risk under preexisting enforcement priorities will have to move quickly to clean up their compliance and fulfill their new responsibilities.

Managing existing risks and meeting these new requirements will be complicated by the need or advisability for many of the impacted public companies and their leaders to consider and appropriately address longstanding and newly expanding SEC and other cybersecurity exposures and disclosures. Aside from meeting the particulars of the new requirements going forward, companies also should be prepared to address preexisting cybersecurity exposures under existing SEC and other laws, regulations and contracts.

In conducting these activities, organizations and their leaders should keep in mind that their SEC cybersecurity obligations and exposures include both SEC specific new and unresolved historical obligations as well as cybersecurity risks arising from other operational, contractual and regulatory sources.

Federal electronic crimes, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act (“FACTA”), the Internal Revenue Code, and a plethora of other federal and state laws long have required or made highly advisable that organizations and their leaders include appropriate cybersecurity governance, security, breach detection and response, disclosure and mitigation obligations in their Federal Sentencing Guideline or other organizational compliance programs.

To adequately fulfill the SEC expectations, corporations and their leaders generally also will need to assess compliance, controls and exposures considering other cybersecurity duties and risks from key components of public company and other organizations’ operations, heightened exposures to private litigation, audits, investigations and enforcement and other cybersecurity responsibilities and risks subsumed within their public company and employee benefit plan operations. See e.g., New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards ;Federal Agencies Take Aim At Businesses, Benefit Plan Fiduciaries & Service Providers & Others With Lax Cybersecurity & CyberBreach Compliance; Build Defenses By Strengthening Internal & External Controls & Risk Management; HIPAA & ERISA Fiduciary Rules Drive Imperative To Protect Health Plan Data & Systems From Hacking & Other Cyber Threats; Check Up Updated FinCEN Advisory on Ransomware For Opportunities To Strengthen Defenses; Raise Cybersecurity & Cyberbreach Compliance & Risk Management To Defend Against Rising Cyber Regulatory & Enforcement Risks; DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards.

As the conduct of the compliance and risk assessments necessary to evaluate and determine actions required or recommended in response to the emerging SEC and other cybersecurity obligations and risks could uncover and involve discussions of obligations and options for responding to known or suspected past or existing noncompliance risks, organizations and leaders should conduct their audit and analysis to the extent possible with the guidance of and within the scope of attorney-client privilege.

As part of these efforts, organizations and their leaders should move quickly to position themselves to defend against potential investigation and enforcement risks created by these emerging policies. These efforts should seek to ensure compliance with all applicable statutory, regulatory and contractual requirements as well as institutionalize the necessary operational controls to protect systems, data and operations from cyber breaches and other threats, to detect and redress cyber events promptly, and to ensure that the organization otherwise can demonstrate both their compliance efforts, as well as their timely prudent detection, investigation, reporting, mitigation and remediation in response to actual or suspected cyber threats or other compliance breaches.

Efforts should begin by taking carefully crafted, well-documented documented steps to prudently evaluate and strengthen cybersecurity and breach safeguards and compliance, as well as prudently to assess and verify those of their vendors and others involved with their employee benefit plans or their administration within the scope of attorney-client privilege.

Assessments should take into account all existing required statutory, regulatory, and contractual controls and practices, documentation and other procedures. In addition, organizations should consider the advisability of adopting other “best practice” safeguards or actions taking into account relevant agency guidance and resources, government or other contracts, other industry or related standards, known and suspected breaches, “red flags” and threats, their own, their vendor and business partner and other risk profiles and experience, and other factors likely to be viewed as prudent under the circumstances.

In assessing, designing and administering the cybersecurity processes, organizations and their leaders should give due attention to assessing and addressing the adequacy of their internal and external controls to ensure the adequacy of their systems, processes, oversight and response practices and capabilities as of the time of the assessment and on an ongoing basis. Beyond establishing required policies and formal controls, organization should ensure that their organizations have in place the necessary policies and practices to monitor and control cyberthreats arising from conduct and risks created by employees and other internal workforce, vendors and other parties interacting with the business and its operations. As part of these efforts, most organizations will need to evaluate their contractual obligations and requirements for vendors, suppliers and others interacting with their businesses. Beyond general contractual compliance obligations, organizations should weigh requiring contractors, suppliers and other business partners to make specific commitments to maintain and monitor compliance and other risks, to provide timely notice and reports, to cooperate with audits and investigations necessary or advisable to respond to private or government complaints, government or other investigation, reporting or other requirements, their own compliance and risk assessments, audits and investigations and other compliance and risk management efforts. Organizations also should give careful attention and review the adequacy of protections and responsibilities arising from contractual cybersecurity and breach notice, investigation, cooperation, indemnification, insurance and other associated protections and cooperation.

Organizations also should consider establishing and administering processes for independent monitoring of regulatory, news, and other reports that could provide early warning of potential cybersecurity weaknesses, threats and breaches.

All processes should include appropriate governance, oversight and reporting to provide for ongoing monitoring and oversight necessary to identify and respond to evolving risks arising in the course of their operations as well as consistent practices for carefully documenting their compliance and risk management compliance efforts.

Because of the frequently high cost of breach investigation, response and mitigation, most organizations will want to consider securing cyber liability or other coverage, require vendors and other business partners to provide cyber liability indemnifications backed up with insurance or other adequate assurance of their ability to fulfill these financial responsibilities.

Organizations and their leaders also should ensure that their compliance programs are backed up with appropriate governance and oversight to monitor and maintain compliance, address emerging issues and identify and respond to new requirements and incidents with appropriate process and documentation to defend compliance and mitigate other cyber-related risks for their organizations, their investors and their leaders.

More Information

About the Author

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, and author of the “Medical Privacy” Chapter in the BNA/ERISA Litigation Treatise, the “Other Torts Chapter” in the BNA/ABA E-Heath & Other Torts Treatise, “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other highly regarded data privacy and security, workforce and health care change and crisis management and other highly regarded publications and presentations, Ms. Stamer is widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public companies of all types and sizes, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of cyber and other incidents.

As a part of this work, she has continuously and extensively worked with domestic and international health and other employee benefit plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies. She also has extensive experience dealing with OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, current RPTE Welfare Benefit Committee Co-Chair and former Chair of its Fiduciary Responsibility, Plan Terminations and Distributions and Defined Contribution Plan Committees, a former JCEB Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former SHRM Consultants Board and Region IV Chair, former Texas Association of Business Board, BACPAC Board and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2022 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Posted in Uncategorized | Leave a comment

Check Up Updated FinCEN Advisory on Ransomware For Opportunties To Strengthen Defenses

Posted on November 15, 2021 by Cynthia Marcotte Stamer

The Department of Treasury Financial Crimes Enforcement Network (FinCEN) updated its 2020 advisory on ransomware and the use of the financial system to facilitate ransom payments on November 8 to add financial red flag indicators of ransomware-related illicit activity to assist financial institutions in identifying and reporting suspicious transactions associated with ransomware payments, consistent with their obligations under the Bank Secrecy Act. The updates also adds information released by FinCEN in its recent Financial Trend Analysis discussing current trends and typologies of ransomware and associated payments as well as recent examples of ransomware attacks. FinCEN hopes the updates will help disrupt criminal ransomware actors.

The updated information comes when financial organizations and other businesses face growing legal and business pressures to shore up ransomware and other cyber security safeguards to defend against the business risks associated with the rising tide of ransomware and other cybersecurity threats and heightened legal risks organizations and their leaders face from heightened regulatory responsibilities and and enforcement initiatives recently announced by the Biden-Harris Administration in an effort to get organizations to shore up defenses against these threats.

Government Contractors False Claims Act Risks

For instance, on October 6, 2021, Deputy Attorney General Lisa O. Monaco announced plans to civilly prosecute federal government contractors that fail to follow required cyber security standards under the False Claims Act under a new Civil Cyber-Fraud Initiative to be led by DOJ’s Civil Division’s Commercial Litigation Branch, Fraud Section. See e.g., New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards. May 12, 2021 Executive Order on Improving the Nation’s Cybersecurity; July 28, 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.

Under the Civil Cyber-Fraud Initiative, DOJ plans to use the False Claims Act to prosecute pursue cyber security related fraud by government contractors and grant recipients. According to DOJ, the initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cyber security products or services, knowingly misrepresenting their cyber security practices or protocols, or knowingly violating obligations to monitor and report cyber security incidents and breaches. Federal contractors and grant recipients submitting claims for federal funds will be considered to have filed a false claim in violation of the False Claims Act if their cyber security and cyber breach practices are not compliant with applicable federal requirements when the payment is requested.

Federal Health Program Participating Health Care Providers And Plans.

The DOJ Cyber-Fraud Initiative follows a similar interpretation of the Department of Health & Human Services (“HHS”) Office Inspector General (“OIG”) about the cybersecurity and cyberbreach compliance requirements health care providers and health plan issuers participating in Medicare and certain other federally funded health care programs (“Medicare Participating Providers”) are accountable to meet under the Conditions of Participation for those programs. HHS OIG’s construction of these Conditions of Participation as including cybersecurity and cyberbreach compliance signs that Medical Participating Providers with deficient cybersecurity practices now may risk program disqualification and False Claims Act liability along with their already well-known exposure to civil monetary penalties under the Health Insurance Portability & Accountability Act (“HIPAA”) protected health information privacy, security and data breach rules.

Health & Other Employee Benefit Plans & Their Fiduciaries

Health plans and other employee benefit plans, their fiduciaries, record keepers and service providers also face growing cybersecurity responsibilities and risks. While HHS Office of Civil Rights (“OCR”) continues to clarify and expand its interpretation, investigation and enforcement of HIPAA privacy, security and data breach rules against health plans, health care providers, health care clearinghouses and their business associates, the Department of Labor Employee Benefit Security Administration is turning up the heat on employee benefit plan fiduciaries to prudently protect their employee benefit plan assets and participants against cyberthreats.

On April 14, 2021, the Department of Labor Employee Benefit Security Administration (“EBSA”) made official its interpretation of the duty of prudence applicable to employee benefit plan fiduciaries under Section 404 of the Employee Retirement Income Security Act (“ERISA”) includes a duty for ERISA-covered employee benefit plan fiduciaries to take “appropriate precautions” to mitigate risks to plan participants and assets from both internal and external cybersecurity threats. The April 14 announcement makes official EBSA’s interpretation of the duty of prudence applicable to fiduciaries of ERISA-covered employee benefit plans as extending to a duty to act prudently to safeguard plan assets and plan participants against cybersecurity threats.

Concern about cyberthreats to private employee benefit plans covered by ERISA, their participants and beneficiaries has soared as massive data breaches Federal Thrift Savings Plan, Anthem, Capital One, the Public Employees Retirement Association of New Mexico and other employee benefit plans, their vendors and service providers increasingly have impacted millions of employee benefit plans, their accounts and participants.

While Congress chose to subject health plans to the detailed health privacy, security and breach rules of HIPAA and financial and certain other employee benefit plan service providers to consumer financial disclosure and data information security requirements of laws like Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act, and even employers and others conducting background and other credit checks to the Fair Credit Reporting Act, growing awareness of the cyberthreat to employee benefits has not prompted Congress to date to extend those laws or otherwise to enact express statutory requirements for employee benefit plans and their fiduciaries. However, private litigants and others increasingly have speculated that a fiduciary duty to safeguard plan asset against cyberthreats might be subsumed in the obligation of fiduciaries under Section 404 of ERISA at all times to act with “the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims.” See, e.g., See Record $16M Anthem HIPAA Settlement Signals Need to Tighten Your Health Plan HIPAA Compliance & Risk Management.

While EBSA has worked to formulate its recently announced positions, private litigants increasingly have begun debating the applicability and effect of ERISA on cyberbreaches involving ERISA regulated plans. See e.g., In re Anthem, Inc. Data Breach Litig., No. 15-CV-04739-LHK, 2015 WL 7443779, at *1 (N.D. Cal. Nov. 24, 2015)(holding Anthem entitled under ERISA to remove claims to federal court and refusing employee benefit plan participants’ motion to remand to state court state claims arising from data breach); In re Anthem, Inc. Data Breach Litig., No. 15-MD-02617-LHK, 2016 WL 3029783 (N.D. Cal. May 27, 2016)(refusing to dismiss participant claims against non-Anthem defendants for lack of standing), motion reconsideration denied In re Anthem, Inc. Data Breach Litig., No. 15-CV-04739-LHK, 2016 WL 324386 (N.D. Cal. Jan. 27, 2016); Bartnett v. Abbott Lab’ys, No. 20-CV-02127, 2021 WL 428820, at *5 (N.D. Ill. Feb. 8, 2021) (dismissing breach of fiduciary duty claim based on inadequate evidence); In re: Premera Blue Cross Customer Data Sec. Breach Litig., No. 3:15-MD-2633-SI, 2017 WL 539578, at *21 (D. Or. Feb. 9, 2017). While mostly unsuccessful to date for procedural or factual sufficiency reasons, the preemption issues argued in many of these cases support concerns that under the proper circumstances ERISA could apply to breaches involving plans or their participants. As these and other actions continue to wind their way through the courts, EBSA also has begun to acknowledge that ERISA plan fiduciaries duties of prudence include cybersecurity responsibilities.

EBSA’s first official recognition of a cybersecurity responsibility by plan fiduciaries appears in the Default Electronic Disclosure by Employee Pension Benefit Plans Under ERISA Final Rule (the “Electronic Disclosure Rule”), which took effect July 27, 2020 . In the discussion of its requirements regarding website-based electronic disclosures in Subpart (e)(3), the Electronic Disclosure Rule requires that “[T]he administrator must take measures reasonably calculated to ensure that the website protects the confidentiality of personal information relating to any covered individual.” Similarly, the requirements for using e-mail to provide electronic disclosures in Subsection (k)(4) of the Electronic Disclosure Rule require the plan administrator to take “measures reasonably calculated to protect the confidentiality of personal information relating to the covered individual.” While recognizing these cyber security responsibilities in the Electronic Disclosure Rule, however, EBSA explained in the Preamble to the Electronic Disclosure Rule that it decided not to include more cumbersome cybersecurity requirements in the Electronic Disclosure Rule out of concern over the cost and other burdens of such requirements. Nevertheless, the Electronic Disclosure Rule imposed a responsibility by plan fiduciaries of employee benefit plans making electronic disclosures to ensure that electronic recordkeeping systems have in place reasonable controls, adequate records management practice, and other measures calculated to protect Personally Identifiable Information.

EBSA’s April 14, 2021 reflects EBSA now views the fiduciary responsibilities of ERISA-covered employee benefit plan fiduciaries generally as including the responsibility to take “appropriate precautions” to mitigate risks to plan participants and assets from both internal and external cybersecurity threats. Beyond acknowledging a duty to take prudent steps to protect plans assets and participants against internal and external cybersecurity threats, EBSA also shared the following three resources to help plan sponsors, fiduciaries and participants to safeguard benefit plans and personal information against emerging cyber threats:

Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.

Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.

Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss

Participants in Securities Markets, Market Infrastructure Providers & Vendors.

Meanwhile the Securities and Exchange Commission (“SEC”) also has made clear its expectation that all firms participating in the securities markets, market infrastructure providers and vendors will appropriately monitor, assess and manage their cybersecurity risk profiles, including their operational resiliency. Consistent with the shared understanding of best cybersecurity practices shared with the agencies, the SEC guidance makes clear its market involved and impacting regulated entities are accountable for maintaining and enforcing appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention,mobile security, incident response and resiliency, vendor management, training and awareness and other practices. See SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations. Recently announced enforcement actions demonstrate that the SEC is acting on its promise to go after SEC regulated entities that breach these expectations. See, e.g., SEC Announces Three Actions Charging Deficient Cybersecurity Procedures.

These and other recently announced federal regulatory and enforcement developments send a clear message to businesses and their leadership, employee benefit plan sponsors, fiduciaries, record keepers and other vendors, SEC securities market involved organizations and others to clean up their cybersecurity compliance and risk management. Beyond the governmental enforcement risks these developments signal, these and other emerging regulatory developments provide added fuel for the already substantial private litigant and government complaints, investigations and prosecutions against businesses, their leaders, their employee benefit plan fiduciaries, record keepers and other service providers,and others. and their leaders unable to defend the adequacy of their cybersecurity related practices.

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

In the face of these developments, all businesses, employee benefit plan fiduciaries, their employer and other sponsors, record keepers and other vendors and their leaders should prioritize cybersecurity compliance, risk management, oversight and controls. As part of these efforts, organizations and their leaders should move quickly to position themselves to defend against potential investigation and enforcement risks created by these emerging policies. These efforts should seek to ensure compliance with all applicable statutory, regulatory and contractual requirements as well as institutionalize the necessary operational controls to protect systems, data and operations from cyber breaches and other threats, to detect and redress cyber events promptly, and to ensure that the organization otherwise can demonstrate both their compliance efforts, as well as their timely prudent detection, investigation, reporting, mitigation and remediation in response to actual or suspected cyber threats or other compliance breaches.

More Information

About the Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public employer, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of cyber and other incidents.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2021 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Posted in Uncategorized | Tagged cybersecurity | Leave a comment

Raise Cybersecurity & Cyberbreach Compliance & Risk Management To Defend Against Rising Cyber Regulatory & Enforcement Risks

Posted on October 20, 2021 by Cynthia Marcotte Stamer

Businesses, their employee benefit plan fiduciaries, their employer and other sponsors, their record keepers, financial advisors and other service providers and other business partners face growing pressure to shore up cyber security and cyber breach compliance and other safeguards to defend against a slew of new and ongoing federal cyber security and breach regulatory and enforcement the Biden-Harris Administration is rolling out in its effort to stem the rising tide of cybersecurity incidents.

Agencies Targeting Businesses, US Entities & Their Leaders For CyberSecurity & CyberBreach Regulation & Enforcement

The DOJ Civil Cyber-Fraud Initiative is the latest in a growing list of new regulatory and enforcement programs placing pressure on U.S. businesses and their leaders to get serious about cybersecurity. Examples of some of the more far reaching of these new or continuing programs include:

Government Contractors

On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced plans to civilly prosecute federal government contractors that fail to follow required cyber security standards under the False Claims Act under a new Civil Cyber-Fraud Initiative to be led by DOJ’s Civil Division’s Commercial Litigation Branch, Fraud Section. While adding new exposures to the already substantial exposures federal government contractors and grant recipients already face for failing to comply with applicable cybersecurity and cyberbreach notifications under federal and state laws, the Civil Cyber-Fraud Initiative also provides more evidence that the Biden-Harris Administration is serious about moving forward on its broader strategy to stem the recurrent waves of disruptive cyber breaches and other security incidents buffeting U.S. public and private institutions and citizens by ramping up cybersecurity regulations, oversight and enforcement against all U.S. organizations. See e.g., New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards. May 12, 2021 Executive Order on Improving the Nation’s Cybersecurity; July 28, 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.

Federal Health Program Participating Health Care Providers And Plans.

Health & Other Employee Benefit Plans.

Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.

Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.

Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss

Participants in Securities Markets, Market Infrastructure Providers & Vendors.

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

More Information

About the Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public employer, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of cyber and other incidents.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2021 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.

Posted in Uncategorized | Leave a comment

DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards

Posted on October 12, 2021 by Cynthia Marcotte Stamer

Federal government contractors and grant recipients should tighten cyber security policies, practices and internal controls to mitigate their exposure to civil False Claims Act claims by the Department of Justice (“DOJ”) under a new DOJ Civil Cyber-Fraud Initiative announced by DOJ last week. The new initiative adds False Claims Act civil liability to the already substantial civil liability that government contractors and other businesses already face for failing to comply with applicable cyber security and cyber breach notifications under federal and state laws. In the face of these added liabilities, federal contractors and grant recipients should act quickly to audit their cyber security and cyber breach practices, tighten cyber security and breach detection; oversight, credentialing and controls over employees, contractors and others with access to facilities and systems and take other appropriate action to prevent and remediate compliance deficiencies and risks.

Federal Government Contractors Bear Cybersecurity Responsibilities

Federal government contractors can face cyber security and breach responsibilities under a myriad of federal laws, regulations and contracting standards which are incorporated into their government contracts as part of conditions for participation in the applicable contract or program. For example, businesses that sell products to the U.S. government generally are required to comply with 15 basic safeguarding requirements and procedures to protect systems used to collect, process, maintain, use, share, disseminate, or dispose of Federal Contract Information (FCI) set forth in FAR 52.202.21. Companies that produce products used by the Department of Defense (DoD) may be required to comply with the minimum cybersecurity standards set by DFARS if those products aren’t commercially available off-the-shelf (COTS). DFARS 252.204-7012 requires contractors with CUI to follow NIST SP 800-171, report cyber incidents, report cybersecurity gaps. DFARS 252.204-7019 (interim) requires primes and subcontractors to submit self-assessment of NIST 800-171 controls through the Supplier Performance Risk System (SPRS). DFARS 252.204-7020 (interim) requires primes and subcontractors give the DoD access to their infrastructure to verify the self-assessment (via DMCA) and requires contractors roll requirements down to subcontractors. Meanwhile, DFARS 252.204-7021 (interim) governs the rollout of the Cybersecurity Maturity Model Certification program over 5 years. These requirements are in addition to any cyber security or cyber breach requirements otherwise applicable to government contractors or grant recipients under laws such as the Fair & Accurate Credit Transactions Act (“FACTA”) that also might apply to other businesses that do not do business with the federal government.

New DOJ Civil Cyber-Fraud Initiative Against Government Contractors Heightens Enforcement & Liability Risks

According to the DOJ announcement, DOJ expects the initiative to:

Build broad resiliency against cyber security intrusions across the government, the public sector and key industry partners.
Hold contractors and grantees to their commitments to protect government information and infrastructure.
Support government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly used information technology products and services.
Ensure that companies that follow the rules and invest in meeting cyber security requirements are not at a competitive disadvantage.
Reimburse the government and the taxpayers for the losses incurred when companies fail to satisfy their cyber security obligations.
Improve overall cyber security practices that will benefit the government, private users and the American public.

The False Claims Act is the government’s primary civil tool to redress false claims for federal funds and property involving government programs and operations. The DOJ’s Civil Cyber-Fraud Initiative does not create new cyber security and cyber breach obligations to promote these goals. Rather, it piggybacks on already existing federal mandates by adding False Claims Act civil liability to the already substantial civil liability that government contractors and grant recipients already risk for failing to maintain and administer their data security and data breach practices in accordance with applicable federal laws. Under the new Civil Cyber-Fraud Initiative, DOJ has signaled it intends to include compliance with applicable cyber security and cyber breach reporting requirements applicable to contractors as part of the obligations of government contractors and grant recipients to comply with applicable law as a condition of eligibility to participate in federal programs and receive federal funds. Federal contractors and grant recipients submitting claims for federal funds will be considered to have filed a false claim in violation of the False Claims Act if their cyber security and cyber breach practices are not compliant with applicable federal requirements when the payment is requested.

Companies and individuals found to have violated the False Claims Act generally are liable for treble damages plus a penalty that is linked to inflation. In addition to allowing the United States to pursue perpetrators of fraud on its own, the FCA allows private citizens to file suits on behalf of the government (called “qui tam” suits) against those who have defrauded the government. Private citizens who successfully bring qui tam actions may receive a portion of the government’s recovery. Many DOJ Fraud Section investigations and lawsuits arise from such qui tam actions and result in often large recoveries by DOJ and the reporting whistleblowers. As a result of availability of whistleblower recoveries, government contractors should anticipate that disgruntled employees, contractors, or others with whom they do business with knowledge of data breaches or other cybersecurity weaknesses may be incentivized to act as whistleblowers.

Cyber Risks Already Substantial Cyber Risks

The False Claims Act exposure under the new DOJ Civil Cyber-Security initiative adds to the already substantial and mounting risks that government contractors already face under an ever-expanding tapestry of federal, state and in some instances, international statutes, regulations and rulings.

Along with any exposures specifically applicable to it as a government contractor, depending on the nature of the business and the data it collects, the business also likely falls subject to duties to safeguard the confidentiality and security of wide range of electronic or other personal financial, tax and other data under various federal and state laws such as FACTA, the Internal Revenue Code, the Health Insurance Portability & Accountability Act (HIPAA), state identity theft, and a host of other statutes and regulations, contractual agreements, or both.

Due to the nature of their activities and involvements, some of the most significant of these obligations may arise from electronic crime related provisions of the Criminal Code of the United States, which by virtue of their criminal nature trigger potential organizational compliance program responsibilities under the U.S. Sentencing Commission Organizational Guidelines for government contractors and other covered entities such as 18 U.S. Code § 1028 – Fraud and related activity in connection with identification documents, authentication features, and information; 18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices; and 18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers.

However, government contractors also can face cybersecurity responsibilities, breach notification and other obligations and liabilities under a wide range of other civil laws and regulations. For instance, FACTA generally requires covered entities that collect or use certain personal financial information to conduct due diligence, monitor the security of records and adopt disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report. As implemented by the Federal Trade Commission regulations, entities with covered accounts must develop and implement written identity theft prevention programs designed to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

Beyond these federal obligations, government contractors, like other businesses, also typically are exposed to liability under a wide variety of cyber security, cyber breach notification and other obligations and liabilities under state laws, regulations and common law. See, e.g. here. While the particulars vary based on the state, the nature of the business, where and how the business collects and maintains its data and other factors, the applicable state electronic confidentiality and data security requirements in most states and under some federal laws increasingly include express duties to take steps to protect data, to monitor from breaches and other threats, and/or to notify subjects of the breached data and in some cases, regulators and the public within a short period after a breach happens. Businesses operating in multiple states typically faces exposure under the laws of each jurisdiction where it operates with data impacted by the breach.

Because cyber security events increasingly create business and financial losses, investigation and defense costs, penalties and other liabilities and costs, cyber security breaches and other events also increasingly that fuel shareholder disclosure obligations and shareholder lawsuits. Indeed, former Securities and Exchange Commission Chair Mary Jo White in May, 2016 characterized cyber security as the biggest risk facing the financial system See here. In response to investor risks from cyber security events, the SEC has required regulated entities to make disclosures about these risks to investors since 2011. See CF Disclosure Guidance: Topic No. 2 – Cybersecurity. Given this guidance, it should come as no surprise that the SEC has imposed substantial fines against entities following a breach. See e.g. R.T. Jones reaches settlement with SEC in data breach case; Morgan Stanley Fined $1 Million for Client Data Breach.

Act To Manage Compliance & Risks

In the face of these added liabilities, federal contractors and grant recipients should act quickly to work with qualified legal counsel within the scope of attorney-client privilege to audit the adequacy of their existing cyber security and cyber breach practices under applicable federal statutes and contracts and other relevant laws and regulations as well as to confirm that adequate breach notification has been made for any existing or past breaches. To the extent that the audit uncovers any potential deficiencies in prior breach notification or other compliance, the federal contractor or grant recipient general will want to seek guidance from legal counsel regarding the advisable steps, if any, to take to mitigate and resolve outstanding liabilities, particularly in light of whistleblower liabilities. In addition to examining past and current compliance risks, government contractors and grant recipients also will want to explore advisable steps and documentation that will position their organizations to demonstrate their appropriate monitoring and maintenance of ongoing compliance or otherwise strengthen their defenses against potential cyber breaches as well as whistleblower and retaliation claims arising from employees or others seeking to use these exposures as leverage for settlements or claims. Given the potential magnitude of the liability, businesses generally not only need to take well documented steps properly to safeguard sensitive electronic sensitive personal information and systems holding or using it as well as be prepared to promptly provide notice in the event of any breach with the short time contemplated by law.

As part of these efforts, businesses and their leaders will want to ensure their compliance efforts include both adoption of all required formal policies, appropriate credentialing of employees, contractors and others accessing systems or facilities, well documented operational compliance and risk audits, documented risk assessment and response, compliance hotline reporting and investigation, suitable up-the-ladder reporting, and other appropriate procedures to facilitate rapid identification of potential concerns and other operational compliance.

Effective internal and external workforce credentialing, training, management and oversight are key to the success of these efforts, particularly because cyber breaches and other data threats often leverage internal access created by workforce infiltration, susceptibilities created by social engineering or other opportunities created from lax workforce or contractor compliance with security controls or both. See, e.g., Insider threat: The human element of cyberrisk.

Effective internal monitoring and reporting protocols also are essential to ensure rapid breach identification, investigation and notification. These protocols also should be developed and implemented to ensure timely disclosure and management of any breaches within required time frames.

In recognition of the typically high financial and operational costs of breach investigation, notification and defense, organizations also should weigh the advisability of securing and requiring business partners to secure cyber insurance or other protection to help mitigate these costs in the event of a cyber event.

While the conduct of these assessments inevitably will require the involvement of outside consulting services, business leaders also are cautioned to use care to take appropriate steps to protect these interactions by arranging to engage these services pursuant to attorney-client privilege to help shield sensitive information likely to be uncovered through compliance, risk management or investigation activities. Likewise, given the short time allowed for breach mitigation and notification, businesses should weigh carefully whether to engage regulatory counsel to assist with the initial breach notification and mitigation, separate and apart from cyber litigation defense counsel that might be available under applicable cyber insurance policies unless the proposed litigation defense counsel has proven cyber and other regulatory knowledge, experience and qualifications handling breach mitigation and notification events.

More Information

About the Author

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EHR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other health industry matters, workforce and health care change and crisis management and other highly regarded publications and presentations, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.

Posted in bank secrecy act, Board of Directors, Compliance, Cyber, data breach, Director Liability, Fair Debt Collection Practices Act, Fair Debt Collections Act, Fraud, Government Contractor, Internal Controls, Labor Relations, Leadership, Officers, Officers Liability, patriot act, Performance Management, Privacy, Privacy, Uncategorized | Leave a comment

Baseball Lesson on Servant Leadership & Teamwork

Posted on December 9, 2020 by Cynthia Marcotte Stamer

A lesson in servant leadership and teamwork provides invaluable insights on building and perpetuating great teams and servant leaders.

At a fundraising dinner for a school that serves children with learning disabilities, the father of one of the students delivered a speech that would never be forgotten by all who attended. After extolling the school and its dedicated staff, he offered a question:

‘When not interfered with by outside influences, everything nature does is done with perfection.

Yet my son, Shay, cannot learn things as other children do. He cannot understand things as other children do.

Where is the natural order of things in my son?’
The audience was stilled by the query.

The father continued. ‘I believe that when a child like Shay, who was mentally and physically disabled comes into the world, an opportunity to realize true human nature presents itself, and it comes in the way other people treat that child.’

Then he told the following story:

Shay and I had walked past a park where some boys Shay knew were playing baseball. Shay asked, ‘Do you think they’ll let me play?’ I knew that most of the boys would not want someone like Shay on their team, but as a father I also understood that if my son were allowed to play, it would give him a much-needed sense of belonging and some confidence to be accepted by others in spite of his handicaps.

I approached one of the boys on the field and asked (not expecting much) if Shay could play. The boy looked around for guidance and said, ‘We’re losing by six runs and the game is in the eighth inning. I guess he can be on our team and we’ll try to put him in to bat in the ninth inning..’

Shay struggled over to the team’s bench and, with a broad smile, put on a team shirt.. I watched with a small tear in my eye and warmth in my heart. The boys saw my joy at my son being accepted.

In the bottom of the eighth inning, Shay’s team scored a few runs but was still behind by three.

In top of the ninth inning, Shay put on a glove and played in the right field. Even though no hits came his way, he was obviously ecstatic just to be in the game and on the field, grinning from ear to ear as I waved to him from the stands.

In the bottom of the ninth inning, Shay’s team scored again. Now, with two outs and the bases loaded, the potential winning run was on base and Shay was scheduled to be next at bat.

At this juncture, do they let Shay bat and give away their chance to win the game? Surprisingly, Shay was given the bat. Everyone knew that a hit was all but impossible because Shay didn’t even know how to hold the bat properly, much less connect with the ball.

However, as Shay stepped up to the plate, the pitcher, recognizing that the other team was putting winning aside for this moment in Shay’s life, moved in a few steps to lob the ball in softly so Shay could at least make contact.

The first pitch came and Shay swung clumsily and missed. The pitcher again took a few steps forward to toss the ball softly towards Shay. Athe pitch came in, Shay swung at the ball and hit a slow ground ball right back to the pitcher.

The game would now be over. The pitcher picked up the soft grounder and could have easily thrown the ball to the first baseman. Shay would have been out and that would have been the end of the game.

Instead, the pitcher threw the ball right over the first baseman’s head, out of reach of all team mates.
Everyone from the stands and both teams started yelling, ‘Shay, run to first!

Never in his life had Shay ever run that far, but he made it to first base. He scampered down the baseline, wide-eyed and startled.

Everyone yelled, ‘Run to second, run to second!’

Catching his breath, Shay awkwardly ran towards second, gleaming and struggling to make it to the base.

By time Shay rounded towards second base, the right fielder had the ball. The smallest guy on their team who now had his first chance to be the hero for his team.

He could have thrown the ball to the second-baseman for the tag, but he understood the pitcher’s intentions so he, too, intentionally threw the ball high and far over the third-baseman’s head.

Shay ran toward third base deliriously as the runners ahead of him circled the bases toward home. All were screaming, ‘Shay, Shay, Shay, all the Way Shay’

Shay reached third base because the opposing shortstop ran to help him by turning him in the direction of third base, and shouted, ‘Run to third!

As Shay rounded third, the boys from both teams, and the spectators, were on their feet screaming, ‘Shay, run home! Run home!’

Shay ran to home, stepped on the plate, and was cheered as the hero who hit the grand slam and won the game for his team

‘That day’, said the father softly with tears now rolling down his face, ‘the boys from both teams helped bring a piece of true love and humanity into this world’.

Shay didn’t make it to another summer. He died that winter, having never forgotten being the hero and making me so happy, and coming home and seeing his Mother tearfully embrace her little hero of the day!
We all have thousands of opportunities every single day to help realize the ‘natural order of things.’ So many seemingly trivial interactions between two people present us with a choice:

Do we pass along a little spark of love and humanity or do we pass up those opportunities and leave the world a little bit colder in the process?

A wise man once said every society is judged by how it treats it’s least fortunate amongst them.

May your day, be a Shay Day and your team be filled with servant leaders like these.

Posted in Employment, Internal Controls, Leadership, management, Performance Management, servant leadership, Workforce, Workforce Management | Tagged leadership teamwork management kindness includion | Leave a comment

Risk Operations Compliance

DOJ Proposes Tighter Disability Accessibility Requirements For State and Local Government Apps

Sex Harassment Lawsuit Against Landlord Reminder Federal Discrimination Bans Apply To Housing, Other Business Ops Beyond Employmenr

Federal Civil Rights Laws’ Broad Reach

New FHA Lawsuit Against Landlord Bell

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

New DOJ Voluntary Self-Disclosure Policy Alerts Organizations To Strengthen Sentencing Guideline Compliance Programs

Automobile & Other Motor Vehicle Businesses Must Prepare For New FTC Rules

Texas Supreme Court Extends Special COVID-19 Landlord-Tenant Eviction Rules

SEC Proposed Cybersecurity Rules Reenforce Tighten Requirements & Highlight Imperative For Market Involved & Influencing Businesses & Leaders To Clean Up Cybersecurity Practices & Disclosures

Check Up Updated FinCEN Advisory on Ransomware For Opportunties To Strengthen Defenses

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Raise Cybersecurity & Cyberbreach Compliance & Risk Management To Defend Against Rising Cyber Regulatory & Enforcement Risks

Agencies Targeting Businesses, US Entities & Their Leaders For CyberSecurity & CyberBreach Regulation & Enforcement

Government Contractors

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards

Federal Government Contractors Bear Cybersecurity Responsibilities

New DOJ Civil Cyber-Fraud Initiative Against Government Contractors Heightens Enforcement & Liability Risks

Cyber Risks Already Substantial Cyber Risks

Act To Manage Compliance & Risks

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Baseball Lesson on Servant Leadership & Teamwork

Recent Posts

Archives

Pages

Share this:

Federal Civil Rights Laws’ Broad Reach

New FHA Lawsuit Against Landlord Bell

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Share this:

Share this:

Share this:

Share this:

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Agencies Targeting Businesses, US Entities & Their Leaders For CyberSecurity & CyberBreach Regulation & Enforcement

Government Contractors

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Federal Government Contractors Bear Cybersecurity Responsibilities

New DOJ Civil Cyber-Fraud Initiative Against Government Contractors Heightens Enforcement & Liability Risks

Cyber Risks Already Substantial Cyber Risks

Act To Manage Compliance & Risks

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Share this:

Share this:

Recent Posts

Archives

Pages