RSS Feed LinkedIn Instagram Twitter Facebook
FMG Law Blog Line

Archive for July, 2014

Don’t Sue The County if Your Car is Damaged by a Pothole…One Time

Posted on: July 31st, 2014

By: Coleen D. Hosack

Can you maintain suit against the county that builds and maintains your roads if your car hits a pothole and is damaged as a result? Probably not — unless your car hits that pothole more than once and is damaged both times.  Theron and Dana Davis brought a nuisance claim against Effingham County after Mr. Davis’s car hit and struck a pothole on a county maintained road, resulting in damages to his person and his vehicle. Even though there had been recent previous reports to the County of potholes along Chimney Road, a county maintained road, the Georgia Court of Appeals held the County could not be liable in nuisance because the basis for the nuisance claim was the ‘single isolated occurrence’ of the car hitting the pothole one time.  Davis v. Effingham County Board of Commissioners

The Court explained that the idea of a nuisance is that it is continuing or regularly repeated. Unless that isolated occurrence is regularly repeated, it is not a nuisance if it happens just one time. The focus is on the occurrence or incident that caused the injury, not the existence or duration of the pothole itself, even if the county has actual or constructive knowledge of it.  The idea of holding a county liable in nuisance for damages to property means that the county created, maintained, or worsened the nuisance. In the Effingham County case, the factual basis formulating the Court’s dismissing the County was the one-time occurrence coupled with the fact that the County did not create the pothole in the first place, the rain did.

The opinion also contains a good analysis of official immunity as it relates to the claim against the Effingham County Sheriff in his individual capacity. The Sheriff prevailed on summary judgment as well because the written policy dealing with how to investigate and deal with “roadway defects” required personal deliberation and judgment, as opposed to a ministerial act.

VISA Issues Security Alert Due to Increased Data Breaches Caused by Insecure Remote Access

Posted on: July 30th, 2014

By: David Cole

When a merchant experiences a data breach involving credit card information, it is often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI investigates the incident and then provides a report to the card brands on what happened, how it happened, and whether the merchant’s system complied with the Payment Card Industry Data Security Standards (PCI DSS).  The card brands receive hundreds of PFI reports each year, and they occasionally issue security alerts when they see an emerging threat pattern in PFI reports.

Just this month, Visa issued a security alert titled “Insecure Remote Access and User Credential Management,” in which it reported an increase in data security breaches stemming from insecure remote access.  The alert notes that a number of remote access solutions are commonly used to provide remote management and support for merchants, such as LogMeIn, PCAnywhere, VNC, and Microsoft Remote Desktop.  When used correctly, applications like these are effective ways to provide technical support among large numbers of merchants.  But if used maliciously, they can expose payment card data and other sensitive information to cyber criminals. This is because insecurely deployed remote access applications create a conduit for cyber criminals to log in, establish additional “back doors” by installing malware, and steal payment card data.

The alert warns that the circumstances around multiple data breaches in the last several months suggest that an actor or group of actors are targeting merchants who share common Point-of-Sale (POS) integrators or remote support vendors.  It then identifies several common vulnerabilities that are allowing intruders to gain access through remote applications.  These include: (1) remote access ports and services always being available on the Internet; (2) outdate or unpatched systems; (3) use of default passwords or no passwords at all; (4) use of common usernames and passwords; (5) single factor authentication; and (6) improperly configured firewalls.

To protect against these vulnerabilities, the alert advises merchants to examine their remote management software for insecure configurations, use of outdated or unpatched applications, common or easily-guessed usernames and passwords, and ensure that overall payment processing environment is securely configured and maintained in accordance with the PCI DSS.  In addition, merchants should follow these other security practices to mitigate their risk:

  • Ensure proper firewalls rules are in place, only allowing remote access only from known IP addresses.
  • If remote connectivity is required, enable it only when needed.
  • Contact your support provider or POS vendor and verify that a unique username and password exists for each of your remote management applications.
  • Use the latest version of remote management applications and ensure that the latest security patches are applied prior to deployment.
  • Plan to migrate away from outdated or unsupported operating systems like Windows XP.
  • Enable logging in remote management applications.
  • Do not use default or easily-guessed passwords.
  • Restrict access to only the service provider and only for established time periods.
  • Only use remote access applications that offer strong security controls.
  • Always use two-factor authentication for remote access. Two-factor authentication can be something you have (a device) as well as something you know (a password).

But I didn’t Hire You!: Fifth Circuit Rules Franchisor is Not an Employer Under FLSA

Posted on: July 29th, 2014

By: Martin B. Heller

Over the past few years, employees of fast food franchisees have attempted to hold franchisors liable for alleged minimum wage and overtime pay violations under the FLSA based upon an allegation that the franchisor is a “joint employer” of the employees.  The Fifth Circuit recently rejected this strategy, and ruled that franchisors do not exercise the requisite control over a franchisee employee sufficient to establish an employment relationship.

In Orozco v. Plackis, a restaurant cook sued the franchisee (who quickly settled) and the franchisor, alleging that he was not paid properly under the FLSA.  After a jury concluded that the franchisor was the plaintiff’s employer (and awarded the plaintiff damages against the franchisor for FLSA violations), the Fifth Circuit examined whether a franchisor may be liable for the alleged FLSA violations committed by its franchisee.  The court relied upon the “economic realities” test, which examines whether the alleged employer (1) possessed the power to hire and fire employees; (2) supervised or controlled work schedules and/or conditions of employment; (3) determined pay rate and method; and (4) maintained employment records.

The Fifth Circuit set aside the jury verdict and ruled that, at least in this case, the franchisor did not satisfy any of these elements.  Therefore, the franchisor could not be considered the employee’s employer for the purposes of coverage under the FLSA.

This is a win for franchisors, who often find themselves added as additional defendants in FLSA suits when the franchisee is out of business or effectively judgment proof due to a lack of assets.  This also serves as an important reminder for franchisors: if you do not want to be liable for FLSA claims against your franchisees, ensure that you are following your franchise agreement and do not exercise control over the employees of your franchisees.

Recent Georgia Court of Appeals Decision a Cautionary Tale for Subcontractors

Posted on: July 28th, 2014

By: Gautam Y. Reddy

The Georgia Court of Appeals recently issued an opinion dismissing a paving subcontractor’s claims for payment. The case, First Bank of Georgia v. Robertson Grading, Inc., (Case No. A14A0701), represents a rather harsh result for the subcontractor, Robertson Grading. In doing so, it serves as a reminder for subcontractors in Georgia to follow certain prudent business practices.

The facts are as follows: Robertson contracted with general contractor R & B Construction to perform paving work at a project for around $400,000. To ensure that R & B had sufficient funds to pay for this work, Robertson asked for and received a list of credit references from R & B. This list included First Bank of Georgia (“the Bank”), the eventual defendant in this action. Before beginning work but after signing the contract, Robertson met with the Bank. During this meeting, the Bank reassured Robertson that it “would get paid for the paving” and that it would notify Robertson if any problems arose.

Satisfied with this assurance, Robertson began paving and subsequently submitted its first invoice to R & B for around $124,000. However, R & B did not pay this invoice, thus prompting Robertson to meet with the Bank. During this meeting, the Bank stated that it wanted to issue one check at the end of the work and promised that Robertson would get paid. Robertson then told the Bank that it expected the paving work to be finished in two to three weeks. However, Robertson’s work was delayed because R & B requested extra work. Due to this request and increased material prices, Robertson’s final invoice totaled nearly $450,000. Robertson was not paid for this invoice either so it again contacted the Bank. This time, the Bank informed Robertson that because R & B had missed its last payment on its construction loan, the Bank was no longer disbursing funds on the account.

In response, Robertson filed a lien on the property while R & B simultaneously filed for bankruptcy. Unfortunately for Robertson, the bankruptcy court found that the lien was not properly perfected. Thus, Robertson’s only option was to seek payment as an unsecured creditor. The Bank then foreclosed on the property and managed to sell it all for a profit of over $1 million. It later admitted that these sales would not have been possible if the streets were not paved.

Upon reading these facts, one would assume that Robertson should have some sort of legal recourse against the Bank. Indeed, Robertson brought claims of promissory estoppel, unjust enrichment, negligent misrepresentation, and fraud. At the trial court, the jury found in favor of Robertson on the first three claims and awarded it $448,600.65 in damages and $149,500 in attorney’s fees. However, the Georgia Court of Appeals reversed this ruling, holding that the trial court erred in not dismissing each of these claims.

For the promissory estoppel claim, the court stated that Robertson had to show that it reasonably and exclusively relied on the Bank’s promises.  Here, Robertson had already contracted with R & B before talking to the Bank. Thus, the court held that Robertson could not have relied on the Bank’s promises in entering the contract.

Robertson also asserted a promissory estoppel claim for the Bank’s promise that it would issue one final check after completion of the work. The court held that the Bank’s promise was conditioned on Robertson completing the work in two to three weeks, as it represented to the Bank. Although Robertson was not responsible for the delay, the court noted that Robertson did not communicate this to the Bank. Thus, the court held that Robertson “unilaterally changed the terms on which the promise was made” and could not sustain a claim for promissory estoppel.

Next, the court held that Robertson’s negligent misrepresentation claim must fail because there was no evidence of proximate damage from the Bank’s negligent misrepresentation. In layman’s terms, this means that Robertson could not show that the Bank’s misrepresentation was the cause of any economic damage it suffered. Again, the court’s reasoning was that Robertson contracted with R & B prior to meeting with the Bank. Thus, any misrepresentation the Bank made regarding its ability to pay had no effect on Robertson’s decision to contract with R & B. The court held that R & B’s default on the loan was the proximate cause of the damages. R & B’s default was unrelated to any misrepresentations made by the Bank.

Finally, the court addressed Robertson’s unjust enrichment claim. Here, the court simply stated that under Georgia case law, Robertson’s sole remedy was filing a lien and that any enrichment by the Bank was not unjust because it resulted via foreclosure. The Bank’s enrichment did not result from any contract it had with Robertson because Robertson’s only contract was with R & B.

This case serves as a valuable lesson for subcontractors operating in Georgia. First, if you have any doubts about the general contractor’s ability to pay, confer with its creditors before signing the contract. Second, do not take a creditor’s promise to pay at face value without some sort of written agreement. Here, even though Robertson was not paid on its first invoice, it did not file a lien or take any other such measure. Instead, it relied on the Bank’s assurances and ultimately paid the price for this. Finally, make absolutely sure to perfect any liens you file. Robertson could have avoided much of this predicament by simply perfecting its lien.

Does E-Verify Participation Increase Your Probability of Being Audited?

Posted on: July 23rd, 2014

By: Kelly Eisenlohr-Moul

Unfortunately, the short answer is “yes.”

Over the last year, the Office of Special Counsel for Immigration-Related Unfair Employment Practices (“OSC”), located within the Department of Justice, has touted numerous settlements for alleged “document abuse” (discriminatory I-9 practices) and/or citizenship discrimination.

Press releases and settlement agreements are publicly available via the OSC’s website.

The employers identified in these press releases occupy a broad range of industries, including several large hospitality and construction businesses, which tend to be targeted due to their employee turnover and perceived likelihood to hire unauthorized workers.

Upon review of the settlement agreements, however, it becomes clear that each of these employers utilized E-Verify, the federal government’s online system for work authorization. The employers were audited based on this usage, through a “referral” from U.S. Citizenship & Immigration Services (“USCIS”).

If your company utilizes E-Verify, this is a concerning trend. The OSC takes an aggressive stance with regards to audits, fines, and administrative proceedings which results in the expenditure of significant time and resources.

The best way to avoid an audit is to take steps to insure that your E-Verify usage complies with federal law by:

• Implementing clear policies regarding Forms I-9 and E-Verify;
• Training each and every person involved in completing Forms I-9 or who uses E-Verify on behalf of the company; and
• Auditing Forms I-9 and E-Verify compliance on at least a yearly basis to correct inadvertent errors.

The bottom line is that E-Verify makes it easier for the federal government to spot potential violations. Take some time to make sure your company is protected from this liability.