CLOSE X
RSS Feed LinkedIn Instagram Twitter Facebook
Search:
FMG Law Blog Line

Archive for July, 2014

Don’t Sue The County if Your Car is Damaged by a Pothole…One Time

Posted on: July 31st, 2014

By: Coleen D. Hosack

Can you maintain suit against the county that builds and maintains your roads if your car hits a pothole and is damaged as a result? Probably not — unless your car hits that pothole more than once and is damaged both times.  Theron and Dana Davis brought a nuisance claim against Effingham County after Mr. Davis’s car hit and struck a pothole on a county maintained road, resulting in damages to his person and his vehicle. Even though there had been recent previous reports to the County of potholes along Chimney Road, a county maintained road, the Georgia Court of Appeals held the County could not be liable in nuisance because the basis for the nuisance claim was the ‘single isolated occurrence’ of the car hitting the pothole one time.  Davis v. Effingham County Board of Commissioners

The Court explained that the idea of a nuisance is that it is continuing or regularly repeated. Unless that isolated occurrence is regularly repeated, it is not a nuisance if it happens just one time. The focus is on the occurrence or incident that caused the injury, not the existence or duration of the pothole itself, even if the county has actual or constructive knowledge of it.  The idea of holding a county liable in nuisance for damages to property means that the county created, maintained, or worsened the nuisance. In the Effingham County case, the factual basis formulating the Court’s dismissing the County was the one-time occurrence coupled with the fact that the County did not create the pothole in the first place, the rain did.

The opinion also contains a good analysis of official immunity as it relates to the claim against the Effingham County Sheriff in his individual capacity. The Sheriff prevailed on summary judgment as well because the written policy dealing with how to investigate and deal with “roadway defects” required personal deliberation and judgment, as opposed to a ministerial act.

VISA Issues Security Alert Due to Increased Data Breaches Caused by Insecure Remote Access

Posted on: July 30th, 2014

By: David Cole

When a merchant experiences a data breach involving credit card information, it is often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI investigates the incident and then provides a report to the card brands on what happened, how it happened, and whether the merchant’s system complied with the Payment Card Industry Data Security Standards (PCI DSS).  The card brands receive hundreds of PFI reports each year, and they occasionally issue security alerts when they see an emerging threat pattern in PFI reports.

Just this month, Visa issued a security alert titled “Insecure Remote Access and User Credential Management,” in which it reported an increase in data security breaches stemming from insecure remote access.  The alert notes that a number of remote access solutions are commonly used to provide remote management and support for merchants, such as LogMeIn, PCAnywhere, VNC, and Microsoft Remote Desktop.  When used correctly, applications like these are effective ways to provide technical support among large numbers of merchants.  But if used maliciously, they can expose payment card data and other sensitive information to cyber criminals. This is because insecurely deployed remote access applications create a conduit for cyber criminals to log in, establish additional “back doors” by installing malware, and steal payment card data.

The alert warns that the circumstances around multiple data breaches in the last several months suggest that an actor or group of actors are targeting merchants who share common Point-of-Sale (POS) integrators or remote support vendors.  It then identifies several common vulnerabilities that are allowing intruders to gain access through remote applications.  These include: (1) remote access ports and services always being available on the Internet; (2) outdate or unpatched systems; (3) use of default passwords or no passwords at all; (4) use of common usernames and passwords; (5) single factor authentication; and (6) improperly configured firewalls.

To protect against these vulnerabilities, the alert advises merchants to examine their remote management software for insecure configurations, use of outdated or unpatched applications, common or easily-guessed usernames and passwords, and ensure that overall payment processing environment is securely configured and maintained in accordance with the PCI DSS.  In addition, merchants should follow these other security practices to mitigate their risk:

  • Ensure proper firewalls rules are in place, only allowing remote access only from known IP addresses.
  • If remote connectivity is required, enable it only when needed.
  • Contact your support provider or POS vendor and verify that a unique username and password exists for each of your remote management applications.
  • Use the latest version of remote management applications and ensure that the latest security patches are applied prior to deployment.
  • Plan to migrate away from outdated or unsupported operating systems like Windows XP.
  • Enable logging in remote management applications.
  • Do not use default or easily-guessed passwords.
  • Restrict access to only the service provider and only for established time periods.
  • Only use remote access applications that offer strong security controls.
  • Always use two-factor authentication for remote access. Two-factor authentication can be something you have (a device) as well as something you know (a password).

Recent Georgia Court of Appeals Decision a Cautionary Tale for Subcontractors

Posted on: July 28th, 2014

By: Gautam Y. Reddy

The Georgia Court of Appeals recently issued an opinion dismissing a paving subcontractor’s claims for payment. The case, First Bank of Georgia v. Robertson Grading, Inc., (Case No. A14A0701), represents a rather harsh result for the subcontractor, Robertson Grading. In doing so, it serves as a reminder for subcontractors in Georgia to follow certain prudent business practices.

The facts are as follows: Robertson contracted with general contractor R & B Construction to perform paving work at a project for around $400,000. To ensure that R & B had sufficient funds to pay for this work, Robertson asked for and received a list of credit references from R & B. This list included First Bank of Georgia (“the Bank”), the eventual defendant in this action. Before beginning work but after signing the contract, Robertson met with the Bank. During this meeting, the Bank reassured Robertson that it “would get paid for the paving” and that it would notify Robertson if any problems arose.

Satisfied with this assurance, Robertson began paving and subsequently submitted its first invoice to R & B for around $124,000. However, R & B did not pay this invoice, thus prompting Robertson to meet with the Bank. During this meeting, the Bank stated that it wanted to issue one check at the end of the work and promised that Robertson would get paid. Robertson then told the Bank that it expected the paving work to be finished in two to three weeks. However, Robertson’s work was delayed because R & B requested extra work. Due to this request and increased material prices, Robertson’s final invoice totaled nearly $450,000. Robertson was not paid for this invoice either so it again contacted the Bank. This time, the Bank informed Robertson that because R & B had missed its last payment on its construction loan, the Bank was no longer disbursing funds on the account.

In response, Robertson filed a lien on the property while R & B simultaneously filed for bankruptcy. Unfortunately for Robertson, the bankruptcy court found that the lien was not properly perfected. Thus, Robertson’s only option was to seek payment as an unsecured creditor. The Bank then foreclosed on the property and managed to sell it all for a profit of over $1 million. It later admitted that these sales would not have been possible if the streets were not paved.

Upon reading these facts, one would assume that Robertson should have some sort of legal recourse against the Bank. Indeed, Robertson brought claims of promissory estoppel, unjust enrichment, negligent misrepresentation, and fraud. At the trial court, the jury found in favor of Robertson on the first three claims and awarded it $448,600.65 in damages and $149,500 in attorney’s fees. However, the Georgia Court of Appeals reversed this ruling, holding that the trial court erred in not dismissing each of these claims.

For the promissory estoppel claim, the court stated that Robertson had to show that it reasonably and exclusively relied on the Bank’s promises.  Here, Robertson had already contracted with R & B before talking to the Bank. Thus, the court held that Robertson could not have relied on the Bank’s promises in entering the contract.

Robertson also asserted a promissory estoppel claim for the Bank’s promise that it would issue one final check after completion of the work. The court held that the Bank’s promise was conditioned on Robertson completing the work in two to three weeks, as it represented to the Bank. Although Robertson was not responsible for the delay, the court noted that Robertson did not communicate this to the Bank. Thus, the court held that Robertson “unilaterally changed the terms on which the promise was made” and could not sustain a claim for promissory estoppel.

Next, the court held that Robertson’s negligent misrepresentation claim must fail because there was no evidence of proximate damage from the Bank’s negligent misrepresentation. In layman’s terms, this means that Robertson could not show that the Bank’s misrepresentation was the cause of any economic damage it suffered. Again, the court’s reasoning was that Robertson contracted with R & B prior to meeting with the Bank. Thus, any misrepresentation the Bank made regarding its ability to pay had no effect on Robertson’s decision to contract with R & B. The court held that R & B’s default on the loan was the proximate cause of the damages. R & B’s default was unrelated to any misrepresentations made by the Bank.

Finally, the court addressed Robertson’s unjust enrichment claim. Here, the court simply stated that under Georgia case law, Robertson’s sole remedy was filing a lien and that any enrichment by the Bank was not unjust because it resulted via foreclosure. The Bank’s enrichment did not result from any contract it had with Robertson because Robertson’s only contract was with R & B.

This case serves as a valuable lesson for subcontractors operating in Georgia. First, if you have any doubts about the general contractor’s ability to pay, confer with its creditors before signing the contract. Second, do not take a creditor’s promise to pay at face value without some sort of written agreement. Here, even though Robertson was not paid on its first invoice, it did not file a lien or take any other such measure. Instead, it relied on the Bank’s assurances and ultimately paid the price for this. Finally, make absolutely sure to perfect any liens you file. Robertson could have avoided much of this predicament by simply perfecting its lien.

Does E-Verify Participation Increase Your Probability of Being Audited?

Posted on: July 23rd, 2014

By: Kelly Eisenlohr-Moul

Unfortunately, the short answer is “yes.”

Over the last year, the Office of Special Counsel for Immigration-Related Unfair Employment Practices (“OSC”), located within the Department of Justice, has touted numerous settlements for alleged “document abuse” (discriminatory I-9 practices) and/or citizenship discrimination.

Press releases and settlement agreements are publicly available via the OSC’s website.

The employers identified in these press releases occupy a broad range of industries, including several large hospitality and construction businesses, which tend to be targeted due to their employee turnover and perceived likelihood to hire unauthorized workers.

Upon review of the settlement agreements, however, it becomes clear that each of these employers utilized E-Verify, the federal government’s online system for work authorization. The employers were audited based on this usage, through a “referral” from U.S. Citizenship & Immigration Services (“USCIS”).

If your company utilizes E-Verify, this is a concerning trend. The OSC takes an aggressive stance with regards to audits, fines, and administrative proceedings which results in the expenditure of significant time and resources.

The best way to avoid an audit is to take steps to insure that your E-Verify usage complies with federal law by:

• Implementing clear policies regarding Forms I-9 and E-Verify;
• Training each and every person involved in completing Forms I-9 or who uses E-Verify on behalf of the company; and
• Auditing Forms I-9 and E-Verify compliance on at least a yearly basis to correct inadvertent errors.

The bottom line is that E-Verify makes it easier for the federal government to spot potential violations. Take some time to make sure your company is protected from this liability.

EEOC’s New Enforcement Guidance On Pregnancy Expands Interpretation of Existing Law

Posted on: July 22nd, 2014

By: Amanda McCallum Cash

After a 3-2 vote, on July 14, 2014, the EEOC issued its first Enforcement Guidance on pregnancy in over 30 years. While the new guidelines cover a number of pregnancy-related topics that all employers should consider, two hot topics in the recent Guidance are (1) light duty for pregnant employees and (2) health insurance coverage for contraception.
For employers, the EEOC’s newly issued Guidance on light duty for pregnant employees is particularly noteworthy because many employers currently have policies providing light duty for employees only if they are injured on the job or are disabled within the meaning of the Americans with Disabilities Act. According to the EEOC’s recent Guidance, however, employers may violate the Pregnancy Discrimination Act if they do not change these policies. The Guidance provides that employers should provide light duty to pregnant employees to the same extent it is granted to other employees who are “similar in their ability or inability to work.” The Guidance is seen by many as a requirement to provide “reasonable accommodations” to non-disabled, pregnant employees.

Notably, the Supreme Court will take up a similar issue in its next term in Young v. United Parcel Service and determine the extent to which an employer must accommodate a pregnant, but non-disabled employee. In light of the impending decision by the Supreme Court, many have questioned the timing of the EEOC’s Guidance, as the Supreme Court’s decision could quickly overwrite the EEOC’s Guidance on this topic.

In another sharply criticized move, the EEOC’s Guidance also warns employers that they may violate Title VII if they provide health insurance coverage that excludes coverage of prescription contraceptives. Because contraceptives are only available for women, the EEOC’s position is that a health insurance plan excluding contraceptives is discriminatory. As many are aware, however, in Burwell v. Hobby Lobby Stores, Inc., the Supreme Court recently held that a private, closely held corporations could refuse to provide contraception coverage if it violated religious beliefs. Although the EEOC acknowledges this decision in a footnote, it sidesteps how the Burwell decision would affect the EEOC’s interpretation of this issue.
While these two topics in the Guidance have garnered significant attention thus far, the EEOC’s Guidance on pregnancy touches on numerous other issues that may impact employers’ workplace policies. Employers would be wise to review the entirety of the EEOC’s Guidance on pregnancy and consult with legal counsel about any changes that may need to be made to workplace policies and practices. Please check back for additional analysis and updates on the EEOC’s new Enforcement Guidance on pregnancy.