RSS Feed LinkedIn Instagram Twitter Facebook
FMG Law Blog Line

Archive for September, 2016

Apartment Management and Owners Increasingly on the Hook for Violent Crime

Posted on: September 26th, 2016

By: Wes Jackson

Unknown assailants killed a 33-year-old father of three during an apartment robbery in 2015. Earlier this month, a Clayton County jury determined the apartment complex where the robbery occurred is liable for half of the $20 million verdict in the father’s wrongful death action. 

The jury apportioned 50% of the fault for the shooting against the owners and managers of Bradford Ridge Apartments in Forest Park, Georgia. Attorneys for the plaintiffs had argued that the apartment was located in a high-crime area and had lax security, which consisted of “courtesy officers” who patrol the grounds twice a day in exchange for a free apartment unit. Plaintiffs also pointed to the lack of significant changes in security measures after the murder of a 13 year old just two years before. The jury apportioned the other 50% of the $20 million verdict against the unknown shooters.

The verdict goes to show that apartment owners, managers, and their insurers continue to be targets for big judgements and could be left holding the bag after violent crime occurs on their premises, especially where the management knows of similar instances of violence on the premises in the recent past.  This is true despite Georgia law allowing juries to apportion damages to non-parties that plaintiffs did not sue.

At least in theory, owners and managers can avoid these huge verdicts by matching instances of crime on the premises with new security measures. But one question remains: how much extra security will satisfy a Georgia jury?

Sixth Circuit Becomes Latest Court to Find Standing in a Data Breach Lawsuit

Posted on: September 23rd, 2016

By: David Cole

The majority of lawsuits filed by consumers over data breaches in recent years have been successfully defended by arguments that the plaintiffs lacked standing to bring the lawsuit. To have standing, a plaintiff must be able to show that he or she has suffered injury that is “concrete, particularized, and actual or imminent; fairly traceable to the challenged action; and redressable by a favorable ruling.” Clapper v. Amnesty Intern. USA, ___ U.S. ___, 133 S. Ct. 1138, 1146 (2013). Based on this rule, businesses have successfully argued that the mere theft personal information does not result in any actual injury that is sufficient to confer standing, absent some evidence that the personal information has been misused. While this continues to be a strong argument in most jurisdictions, a few cases decided within the past year may indicate a shift in the way courts analyze this issue. Earlier this month, the Sixth Circuit became the latest court to join this trend.

In its decision in Galaria v. Nationwide Mut. Ins. Co., no. 15-3386 (6th Cir. Sept. 12, 2016), the U.S. Court of Appeals for the Sixth Circuit held that plaintiffs had standing to assert claims arising from hackers’ alleged theft of their personal information, even though there are no allegations that the information has been misused. The lawsuit is based on a 2012 data breach in which hackers stole data that Nationwide collected for underwriting life insurance policies. Plaintiffs received written notice of the data breach, which explained that hackers had stolen data including the names, dates of birth, marital status, genders, occupations, employers, Social Security numbers, and driver’s license numbers of individuals who applied for insurance. Nationwide provided all affected individuals one year of free credit monitoring and identity-theft protection insurance. Based on those protections and plaintiffs’ failure to allege any actual misuse of their stolen information, the district court granted Nationwide’s motion to dismiss for lack of standing.

On appeal, however, the plaintiffs successfully argued that the district court did not fully appreciate the injury they had suffered. Because hackers target personal information for the very purpose of misusing it, plaintiffs argued that the risk of injury was neither speculative nor remote. And, even absent actual misuse of data, plaintiffs argued that instituting credit monitoring and other protections against identity theft imposed a cost in time and money on affected individuals. The Sixth Circuit agreed, holding that the criminals’ intentional theft of plaintiffs’ personal information created an immediate, serious, and tangible risk that compelled plaintiffs to take protective action, resulting in concrete injury sufficient to give them standing.

The decision in Galaria may reflect an increasing willingness of courts to find standing where personal information has been stolen. The ruling follows two recent cases from the U.S. Court of Appeals for the Seventh Circuit which found standing in data breach lawsuits even without allegations that the plaintiffs’ stolen information had been misused. See Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016); Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2015). In Remijas, for example, the Seventh Circuit concluded that “customers should not have to wait until hackers commit identity theft or credit card fraud in order to give the class standing, because there is an ‘objectively reasonable likelihood’ that such an injury will occur.” Similarly, in Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010), the Ninth Circuit found standing because the plaintiffs alleged a sufficiently “credible threat of real and immediate harm” as a result of the theft of a laptop containing their unencrypted personal data.

Businesses and insurance carriers should be mindful of these decisions and the shifting legal landscape they may represent. It is possible that if more cases survive early challenges to standing, more of them will be filed. While litigation arising from data breaches has, for the most part, been limited to large-scale breaches at big businesses, a change in judicial perspective about standing in the context of data breaches could give rise to more claims on a smaller scale. All of this underscores the importance of working with experienced legal counsel to properly respond to a data breach when it occurs and being proactive before a breach occurs to review your data security policies and practices, as well as your incident response procedure, to make sure you are well-positioned to protected against and respond to a data breach. In all of these areas, our attorneys in our Cyber Liability, Data Security & Privacy practice group are here to help.


States File Lawsuit to Block New Department of Labor Overtime Rules

Posted on: September 22nd, 2016

By: Timothy Holdsworth

On September 20, twenty-one (21) states filed a challenge to the Department of Labor’s (“DOL”) increases to the minimum salary included in the final rules amending the Fair Labor Standard Act’s (“FLSA”) White Collar Exemptions, released in May.

As you may recall, these changes increase the minimum salary for individuals paid under the FLSA’s “white collar” exemptions to $47,474 per year, with an effective date of December 1, 2016.

In the complaint, the states argue that the new overtime rules unconstitutionally infringe on their sovereign power to dictate the pay, hours, and compensation of state employees, and, therefore, how the states allocate their budgets.

The states also argue that the DOL exceeded its Congressional authority under the FLSA by enacting changes to the white collar exemption’s salary level, highly compensated employee minimum salary level, and automatically updating these salary levels without going through notice-and-comment rulemaking.

As we have previously discussed, challenges to the DOL’s final rule were expected. However, it is unclear whether this challenge will substantially change or delay the enforcement date of December 1, 2016. As a result, we strongly encourage our clients to continue reviewing all of their salaried exempt positions to determine what changes may need to be made to be compliant with the final rule. In the meantime, we will keep you updated on any major developments in this case.

Our Employee Said What Online? Public Entities and Employee Speech in the Digital Age

Posted on: September 22nd, 2016

By: Paul H. Derrick

Unlike their private-sector counterparts, employees of municipalities, counties, and other public entities have work-related free speech rights that enjoy varying levels of First Amendment protection.  Supreme Court law is clear on that broad point, although its contours are sometimes anything but clear.  In the 21st-century world of social media and other online forums, figuring out what is protected and what is not can be downright confounding.

Some public entities have simply thrown up their hands and lamented that there is nothing they can do when workers post damaging or embarrassing comments online.  Even taking First Amendment protections into account, however, all may not be lost.

The Supreme Court’s basic test for deciding when public employees’ speech is protected is seemingly straightforward.  When the speech is pursuant to an employee’s official duties, it is not constitutionally protected and the employee can be disciplined for saying the “wrong” thing.  When a public employee speaks in his/her capacity as a citizen on a matter of public concern, however, the speech generally is protected and cannot lead to discipline unless the public employer can show an overriding interest for taking such action.

Predictably, the various appellate courts around the country have not seen eye-to-eye on what that broad guidance means.  A number of them, however, use a three-part analysis.  The threshold inquiry is whether the public employee was speaking as a citizen on a matter of public concern or as an employee about something of merely personal interest.  Second, courts examine whether the employee’s interest in speaking outweighs the government’s interest in managing and maintaining an orderly work environment.  Just because speech involves a matter of public concern does not automatically give it absolute constitutional protection.  Finally, courts look for evidence that the employee’s speech was a substantial factor in the employer’s decision to terminate employment or otherwise punish the employee.

With the online and social media world now becoming almost ubiquitous, there are growing numbers of cases in which courts rely essentially on this same analysis in the context of adverse employment action taken because of an employee’s online speech.  In Duke v. Hamil (*WL 414222 (N.D.Ga. 2014)), for example, a police force demoted one of its officers for posting on his personal Facebook page an image of the Confederate flag, along with the phrase, “It’s time for the second revolution.”  The officer claimed that the posting was directed at “Washington politicians” and had nothing to do with his employer.  Although the officer quickly removed the image, another Facebook user submitted a screenshot of it to a local television station.  After the department began receiving complaints, the officer was demoted for publicly espousing his political views.

In considering the officer’s subsequent lawsuit, the court determined that the speech clearly was regarding a matter of public concern.  Nonetheless, three factors led it to rule in the department’s favor and dismiss the lawsuit.  First, the officer was a high-ranking official in the department; therefore, his posting had the potential to cause significant disruption both within the department and among the public.

Second, his personal Facebook page disseminated the message widely and publicly.  The officer’s speech received broad attention and implicated the public’s trust in law enforcement.  His actions reflected on the department’s reputation significantly and the posting appeared to advocate revolution, which could undermine confidence in the department because the officer was supposed to uphold law and order.

Third, while the speech was arguably political, its message could just as easily be interpreted as divisive, prejudicial and offensive, lacking substantive content that was important to the public’s interest in free speech.  Under the circumstances, the chief of police did not have to wait to see what happened as a result of the controversy before taking action to abate it.

Likewise, in Graziosi v. City of Greenville (5th Cir., No. 13-60900 (Jan. 9, 2015)), a police sergeant posted a series of scathing comments against her chief on Facebook after he refused to send a representative to the funeral of a police officer from another city killed in the line of duty.  Among other comments, she said that “[t]his is totally unacceptable” and asked the mayor “can we please get a leader that understands that a department sends officers of (sic) the funeral of an officer killed in the line of duty?”  Later, Graziosi posted an additional comment that stated “If you don’t want to lead, can you just get the hell out of the way.”  Shortly thereafter, she was fired for violating the department’s rules of conduct.

The district court, later affirmed by the Fifth Circuit, dismissed the case, concluding that Graziosi did not speak on a matter of public concern and that, even if she did, the department’s interest outweighed her interest in speaking.  Even though the employee invoked the issue of public spending—whether the department failed to send a representative because of the cost—the employee’s primary complaint was that she was personally offended by what she perceived as a slight to a fallen officer.  The posts amounted to nothing more than an internal grievance because they constituted a “rant” attacking the police chief and culminating “with the demand that he ‘get the hell out of the way.’”  Thus, the speech was not entitled to First Amendment protection. The court also found that Graziosi’s minimal interest in speaking on matters of public concern was outweighed by the city’s substantial interest in maintaining discipline and close working relationships and preventing insubordination within the department.

These cases and others like them demonstrate that public employers do have at least a foothold in their efforts to take action against inappropriate postings by their employees.  Disruptive online speech can be the basis for disciplinary action when public employers are able to show that their interests in maintaining the public’s trust, an orderly workplace, and/or any number of other legitimate goals outweigh any First Amendment interest that an employee might otherwise have.

Self-Driving Cars Will Likely Change the Insurance Landscape

Posted on: September 21st, 2016

By: Melissa Santalone

This week Uber debuts its pilot program for self-driving cars in Pittsburgh.  These lucky Uber users in Pittsburgh will be among the first Americans to come into direct contact with technology that is expected to eventually make its way into our everyday lives.  With the greater implementation of this technology, huge changes are likely to come in the legal and insurance realms and new cyber security concerns will be created.

The increased usage of self-driving cars, while intended to make driving safer, also opens up new opportunities for hackers.  Every car operated by a computer could be at risk of being taken over by hackers or invaded by ransomware or viruses.  This could pose catastrophic consequences for passengers, as well as other vehicles sharing the road.  This is especially true for fleets of vehicles programmed to communicate with each other, a problem which will no doubt be of special interest to Uber.  These new risks create new needs for protection by automakers, fleet operators, and individual vehicle owners.  Insurers will have an opportunity to offer protection from these new risks in the form of additional lines of insurance coverage.

This technology is coming and the inevitable changes it will bring are going to change the auto insurance industry and raise new and serious cyber security concerns.  The time for preparation is now.