Much has been written about the European General Data Protection Regulation (GDPR). Commentators have touted the EU’s supposedly superior data protection regimen. But don’t lose focus on what is happening within the U.S. and the implications for U.S. companies that may not be focused on GDPR requirements. Even companies that are GDPR focused may not meet the upcoming requirements. At least three significant privacy legislation fronts in the U.S. bear mentioning: Continue Reading
The United States Patent and Trademark Office’s intellectual property attaché program offers valuable resources to guide U.S. businesses in navigating IP systems abroad
The United States Patent and Trademark Office (USPTO) offers valuable IP-related business resources through an intellectual property (IP) attaché program. The program is structured to generally improve IP policies, laws and regulations abroad for the benefit of U.S. businesses and stakeholders, while providing country-specific IP-related materials and services to teach and inform. However, the program also makes representatives available who can act as points of contact for U.S. businesses to guide actions and to provide interactions with foreign governmental entities to addresses country-specific IP-related legal issues.
Pilot program for PCT applications streamlines examination and search procedures
On July 1, 2018, the United States Patent and Trademark Office (USPTO) began a 3-year pilot program known as The PCT Collaborative Search and Examination Pilot (CS&E) Program, to streamline examination and search procedures for patent examiners in multiple countries. The program is a coordinated effort with patent offices from around the world, together known as the IP5 offices. Specifically, participating International Search Authority (ISA) members include the USPTO, European Patent Office (EPO), Japan Patent Office (JPO), Korean Intellectual Property Office (KIPO), and State Intellectual Property Office of the People’s Republic of China (SIPO). This program is a continuation of two previous programs launched in 2010 and 2011, respectively, involving the USPTO, EPO and KIPO that laid the groundwork for this expanded program aimed at testing user interest, operational and quality standards, and the electronic platform.
Currently, upon filing a PCT application, applicants designate one of the IP5 offices to provide an international search report (ISR) and written opinion. However, upon reaching the national stage as applicants pursue applications in individual countries, applicants can be presented with country-specific search reports involving entirely new art depending on varying search criteria. This can place a burden on applicants and hinder cohesive world-wide prosecution strategies. The CS&E program addresses this issue by coordinating searches from each office, thereby providing a higher quality work product which is more likely to comprehensively identify and consider world-wide art. The CS&E program provides the advantages of having the searching performed by multiple examiners with different language capabilities and an increased predictability of outcome. Importantly, at this time the CS&E program requires no extra cost. Continue Reading
Ohio passes new law providing safe harbor to businesses suffering a data breach and amends Ohio law to allow records and contracts secured by blockchain technology
Implementing a cybersecurity framework may begin to pay off for companies doing business in Ohio. As anyone following data privacy litigation knows, litigation stemming from data breach incidents can prove to be extraordinarily burdensome and expensive. Ohio is the first state to pass a law that will limit a business’s exposure in data breach litigation if the businesses has voluntarily adopted an identified cybersecurity framework.
In terms of the particulars, Ohio recently passed S.B. 220, which provides an affirmative defense against tort claims to businesses sued by data breach plaintiffs. The law will be codified at R.C. 1354.01–1354.05 and will go into effect on Nov. 2, 2018.
The law will provide a business with a “legal safe harbor” if the business adopts and complies with a “recognized cybersecurity framework.” The act lists a number of qualifying safe harbor cybersecurity frameworks including, but not limited to: Continue Reading
Sixth Circuit finds insurance coverage for phishing losses
“The risk of loss due to some form of cyberattack should prompt employers to consider insuring against those losses. But, not all cyberinsurance policies are created equal.” Our colleague, Brian Hall, writes in the most recent Employer Law Report blog post which discusses the recent 6th Circuit case, American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America.
“When shopping for insurance to cover potential losses due to cyber activity, businesses will need to make sure that they understand exactly what the policy terms mean and what events will trigger coverage under the policy and which will not. In addition, it is important to know what the policy will pay once a triggering event occurs. For instance, will it pay for regulatory fines, the cost of sending data breach notices, the cost of identity theft services for customers, or business interruption?”
Big changes for internet shopping
On June 21, 2018, the U.S. Supreme Court ruled in Wayfair v. South Dakota that internet and catalogue retailers can be required to collect sales taxes from customers in states where they have no physical presence. In plain English, in most situations, no more tax-free shopping on the internet. Buyers have always technically been required to pay a use tax to their state if no sales tax was collected by the seller. This decision overrules two older decisions that allowed retailers to avoid collecting sales tax on customers outside of its home state and outside other states where the retailer had employees, a store, a warehouse or some other physical presence. This is likely the most significant state and local tax case in 25 years and will have a profound impact on businesses who sell taxable goods or services online. Further, there are implications for mergers and acquisitions and could have a chilling effect when the potential buyer of a company realizes that the target has major sales tax exposure. Continue Reading
UPDATE: All fifty states now have data breach statutes
On July 1, 2018, all fifty states will have active data breach statutes that govern the notification process for companies that experience a data loss incident. Alabama and South Dakota both recently passed data breach laws, representing the last two states to enact data breach legislation. As with other data breach statutes, Alabama and South Dakota have imposed slightly different requirements on businesses that experience a breach event, contributing to the increasingly rich tapestry of state laws governing data breaches. Continue Reading
The federal landscape on self-driving cars
Motivated by the unprecedented spike in automotive fatalities in 2015, mostly caused by human error, the United States Department of Transportation (DOT), through the National Highway Traffic Safety Administration (NHTSA), has embraced self-driving cars as a means to significantly reduce motor vehicle crashes. In so doing, the DOT stands behind developing a regulatory framework which encourages the safe development, testing and deployment of automated vehicles. Because current legislation and policies have not caught up with technology, Congress and the DOT are hoping to create legislation which balances technology and car manufacturers’ freedom to test, evaluate and deploy driverless cars with ascertaining the best ways to operate and govern these vehicles on U.S. roadways.
ADA Website filings show no sign of slowing down
Regardless of industry, website accessibility has become an area of focus for ADA litigation. My colleague, Jamie LaPlante, was recently interviewed by the Bristol Herald Courier regarding a filing against Highlands Union Bank in the U.S. District Court in Abingdon, Virginia, where the plaintiff is a blind man from Fairfax county. The case follows a similar fact pattern to the 2017 Florida case against Winn-Dixie where a federal judge ruled the supermarket chain failed to make its website accessible due to the site’s lack of integration with screen reader technology. The last few years have seen an increase in threats of litigation and filings of lawsuits of this nature. We thought it was worth sharing this with you; check out the full article here.
DMCA agent requirements changing by end of year
In December 2016, the United States Copyright Office introduced an online registration system and electronically generated directory to replace the office’s old paper-based system and directory for filing DMCA agent information. The office no longer accepts paper designations. To designate an agent, a service provider must register with and use the office’s online system.
While the change to an electronic directory is noteworthy, those with existing DMCA agent registrations (filed to the old, paper-based registry) must submit new DMCA agent filings before the end of 2017. Per the US Copyright Office website, any service provider that has designated an agent with the office prior to Dec. 1, 2016, in order to maintain an active designation with the office, must submit a new designation electronically using the online registration system by Dec. 31, 2017. Any designation not made through the online registration system will expire and become invalid after Dec. 31, 2017. Until then, the copyright office will maintain two directories of designated agents: the directory consisting of paper designations made pursuant to the office’s prior interim regulations which were in effect between Nov. 3, 1998, and Nov. 30, 2016 (the old directory), and the directory consisting of designations made electronically through the online registration system (the new directory). During the transition period, a compliant designation in either the old directory or the new directory will satisfy the service provider’s obligation under 17 USC § 512(c)(2) to designate an agent with the copyright office. During the transition period, to search for a service provider’s most up-to-date designation, begin by using the new directory. The old directory should only be consulted if a service provider has not yet designated an agent in the new directory. Continue Reading
