It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

The NAIC Working Committee expressed a preference for a uniform nationwide standard: “This new model, the Insurance Data Security Model Law, will establish standards for data security and investigation and notification of a breach of data security that will apply to insurance companies, producers and other persons licensed or required to be licensed under state law. This model, specific to the insurance industry, is intended to supersede state and federal laws of general applicability that address data security and data breach notification. Regulated entities need clarity on what they are expected to do to protect sensitive data and what is expected if there is a data breach.  This can be accomplished by establishing a national standard and uniform application across the nation.”  Other than small licensees, the only exemption is for Licensees certifying that they have in place an information security program that meets the requirements of the Health Insurance Portability and Accountability Act.  According to the Committee, following adoption, it is likely that state legislatures throughout the nation will move to adopt the model law.

The model law is intended to protect against both data loss negatively impacting individual insureds, policy holders and other consumers, as well as loss that would cause a material adverse impact to the business, operations or security of the Licensee (e.g., trade secrets).  Each Licensee is required to develop, implement and maintain a comprehensive written information security program based on a risk assessment and containing administrative, technical and physical safeguards for the protection of non-public information and the Licensee’s information system.  The formalized risk assessment must identify both internal threats from employees and other trusted insiders, as well as external hacking threats.  Significantly, the model law recognizes the increasing trend toward cloud based services by requiring that the program address the security of non-public information held by the Licensee’s third-party service providers.  The model law permits a scalable approach that may include best practices of access controls, encryption, multi-factor authentication, monitoring, penetration testing, employee training and audit trails.

In the event of unauthorized access to, disruption or misuse of the Licensee’s electronic information system or non-public information stored on such system, notice must be provided to the Licensee’s home State within 72 hours.  Other impacted States must be notified where the non-public information involves at least 250 consumers and there is a reasonable likelihood of material harm.  The notice must specifically and transparently describe, among other items, the event date, the description of the information breached, how the event was discovered, the period during which the information system was compromised, and remediation efforts.  Applicable data breach notification laws requiring notice to the affected individuals must also be complied with.

The Florida Supreme Court ruled last week that referral sources in the home healthcare industry can be protected legitimate business interests under the state law governing non-compete agreements, thus finding enforceable such a restriction on a former marketing employee who left for a competitor.

Although the Florida statute in question (542.335) does not specifically list “referral sources” as one of the five categories of business interests subject to protection, the Court notes that those enumerated categories are prefaced by the phrase “including, but not limited to” thereby finding that the list is not meant to be exhaustive and may necessarily include other interests which may justify enforceability of a non-compete agreement.

As is often the case in properly reasoned restrictive covenant decisions, Courts must necessarily engage in fact and industry specific determinations when finding whether the restrictions are necessary to protect a legitimate business interest of the former employee or if they are merely anti-competitive by preventing a former employee from fairly earning a livelihood in their chosen industry.  The Florida Supreme Court went through such analysis here finding that the principal responsibility of marketing representatives of home health service companies was to cultivate relationships with referral sources such as doctors, case managers and referral coordinators in the hope of securing future patient referrals.  Such companies specifically train their representatives to target such referral resources and provide them with access to internal databases of referral source preferences, strategies, and procedures for them to utilize.  This investment in their employees and referral source databases was sufficient to establish a protectable legitimate business interest under the Florida non-compete statute warranting enforcement of the restrictive covenant in question.

When: Thursday, September 14, 2017 8:00 a.m. – 4:30 p.m.

Where: New York Hilton Midtown, 1335 Avenue of the Americas, New York, NY 10019

Epstein Becker Green’s Annual Workforce Management Briefing will focus on the latest developments in labor and employment law, including:

  • Immigration
  • Global Executive Compensation
  • Artificial Intelligence
  • Internal Cyber Threats
  • Pay Equity
  • People Analytics in Hiring
  • Gig Economy
  • Wage and Hour
  • Paid and Unpaid Leave
  • Trade Secret Misappropriation
  • Ethics

We will start the day with two morning Plenary Sessions. The first session is kicked off with Philip A. Miscimarra, Chairman of the National Labor Relations Board (NLRB).

We are thrilled to welcome back speakers from the U.S. Chamber of Commerce. Marc Freedman and Katie Mahoney will speak on the latest policy developments in Washington, D.C., that impact employers nationwide during the second plenary session.

Morning and afternoon breakout workshop sessions are being led by attorneys at Epstein Becker Green – including some contributors to this blog! Commissioner of the Equal Employment Opportunity Commission, Chai R. Feldblum, will be making remarks in the afternoon before attendees break into their afternoon workshops. We are also looking forward to hearing from our keynote speaker, Bret Baier, Chief Political Anchor of FOX News Channel and Anchor of Special Report with Bret Baier.

View the full briefing agenda and workshop descriptions here.

Visit the briefing website for more information and to register, and contact Sylwia Faszczewska or Elizabeth Gannon with questions. Seating is limited.

It is fairly uncommon for a circuit court to opine on the reasonableness of a restrictive covenant. In Ag Spectrum Co. v. Elder, No. 16-3113, 2017 U.S. App. LEXIS 14128 (8th Cir. Aug. 2, 2017), the Eighth Circuit issued a decision holding that an independent contractor’s non-compete was unreasonable and unenforceable.

Applying Iowa law, the Eighth Circuit explained that reasonableness depends on the circumstances, including consideration of several factors such as: (1) the employee’s closeness to customers; (2) the employee’s peculiar knowledge gained through employment that provides a means to pirate the customer; (3) the amount and sophistication of employer-provided training and the nature of the business; and (4) matters of basic fairness. The Court stated that the fundamental goal is to prevent unjust enrichment.

In this case, Ag Spectrum’s 3-year noncompete provision with independent contractor Vaughn Elder was unreasonable for three reasons:

First, it was not reasonably necessary to protect Ag Spectrum’s business (selling fertilizer, nutrients and crop-management services). Essentially, like any ordinary reseller, Elder purchased Ag Spectrum product and sold it at a markup. Ag Spectrum did not offer any special training and support, and Elder’s knowledge of Ag Spectrum’s product did not give him an advantage after he left his arrangement with the company. Importantly, as an independent contractor, Elder made and developed his own contacts.   In such a situation, the noncompete allowed Ag Spectrum not to protect a proprietary customer base, but instead to capture customers that Elder himself had provided.

Second, the provision burdened Elder out of proportion to the benefit to Ag Spectrum because enforcing the provision would have required him to rebuild his customer base from scratch. Although Elder conceivably could have sold noncompeting products to his same customers or sold competing products to new customers, such a workaround would have been unreasonable given how little protectable benefit Ag Spectrum had in the parties’ independent-contractor relationship.

Finally, there was no evidence that restricting Elder’s business would harm the public.

Accordingly, the Eighth Circuit held that requiring Elder to forsake the customers that he had brought to Ag Spectrum as an independent contractor would be unreasonable under the circumstances, and thus the noncompete was unenforceable.

Featured on Employment Law This Week – An Illinois appellate court weighs in on social media and solicitation. The case involved a defendant who sent LinkedIn connection requests to three former coworkers, even though he had signed a non-solicit agreement. In considering whether social media activity violates non-solicitation agreements, other courts have drawn a distinction between passive social media activity and more active, direct activity. Though these requests were made directly to the former coworkers, the court in this case ruled that the content constituted passive activity because the defendant did not discuss his new job in any way, nor did he directly attempt to recruit his former coworkers. The court concluded that sending the connection requests did not violate the prohibition against inducing co-employees. Brian Spang, from Epstein Becker Green, has more:

“This particular agreement only prohibited direct inducement. It prohibited the employee from inducing other employees to leave. It could have and should have included a restriction against both direct and indirect inducement. This is important because the court pointed out in multiple places that the plaintiff did not present any evidence of ‘direct’ inducement. . . . I think that a non-compete or non-solicit agreement can specifically reference social media as a potential avenue for violation of the agreement.”

Watch the segment below and read our recent post on the topic.

In a very thorough analysis following a 3 day Preliminary Injunction hearing Judge Jed Rakoff declined to issue injunctive relief to a former employer seeking to enjoin four former employees and their new employer from competing or from soliciting clients or employees. The decision is far ranging in the employee movement context touching upon inadvertent retention of confidential information, the propriety of new employers providing broad indemnifications and large signing bonuses to the recruits,  and the scope of allowable “preparatory conduct” in a one year non-compete period, among other issues presented in the context of a group of employees in the eDiscovery services space collectively on the move.

Four senior sales executives of plaintiff Document Technologies Inc (“DTI”) collectively decided to leave DTI and signed new employment agreements with LDiscovery. LDiscovery provided the four with agreements that indemnified them from claims of improper conduct by DTI as well as significant signing bonuses to make up for lost compensation during the one year non-compete period they agreed to abide by. The Court found nothing wrong with these agreements and also that accepting employment and engaging in preparatory meetings and analysis of the marketplace were permissible preparatory acts and do not violate the non-competition prohibitions in their agreements with DTI. The Court also found that there was no breach of the employee non-solicit where the four employees coordinated their job search since they had each individually resolved to leave DTI in advance of coming together. Collectively reaching the conclusion to seek alternative employment was found not to be a breach of the employee non-solicit provisions each had in their agreement with DTI. The Court was skeptical that where the employees were all “at will” versus subject to a term contract, that the three prong test of enforceability under BDO Seidman could be met. The fact that they marketed themselves as a “package” deal was not unfair competition supporting a finding of breach. Similarly, LDiscovery could not be held liable for tortious interference by recruiting the team, providing them with signing bonuses and by indemnifying them.

This decision provides a good framework for legal analysis when determining the propriety of a team move and whether certain conduct of the employees and their new employer warrant injunctive relief.

Nevada employers be advised: on June 3, 2017, Governor Brian Sandoval signed into law Assembly Bill 276, which amends Chapter 613 of the Nevada Revised Statutes and sets forth a new framework in which noncompetes are evaluated. The amended law includes the following four changes:

  1. A noncompete is void and unenforceable unless the noncompete:
    1. Is supported by valuable consideration;
    2. Does not impose any restraint that is greater than is required for the protection of the employer for whose benefit the restraint is imposed;
    3. Does not impose any undue hardship on the employee; and
    4. Imposes restrictions that are appropriate in relation to the valuable consideration supporting the noncompete.
  2. A noncompete may not restrict a former employee of an employer from providing service to a former customer or client if:
    1. The former employee did not solicit the former customer or client;
    2. The customer or client voluntarily chose to leave and seek services from the former employee; and
    3. The former employee is otherwise complying with the limitations in the noncompete as to time, geographical area and scope of activity to be restrained, other than any limitation on providing services to a former customer or client who seeks the services of the former employee without any contact instigated by the former employee.
  3. When an employee is terminated as the result of a reduction of force, reorganization or similar restructure of the employer, a noncompete is only enforceable during the period in which the employer is paying the employee’s salary, benefits or equivalent compensation (including severance pay).
  4. If an employer brings an action to enforce a noncompete and the court finds that it is supported by valuable consideration but (a) contains limitations as to time, geographical area or scope of activity to be restrained that are not reasonable, (b) imposes a greater restraint than is necessary for the protection of the employer and (c) imposes undue hardship on the employee, then the court must revise or “blue pencil” the noncompete to the extent necessary and enforce it as revised. Such revisions must render the limitations reasonable and no greater than is necessary for the protection of the employer.

Key Takeaways

The legislation does not clarify the meaning of the term “valuable consideration.” Such guidance will likely come from the courts as Nevada employees and employers litigate what is meant by the term, although it appears that an at-will employee’s continued employment in and of itself will not be considered sufficiently “valuable” under the law. In the meantime, without the benefit of legislative or judicial guidance, Nevada employers should assess whether an employee subject to a noncompete has received adequate consideration, particularly in relation to the restriction that is being imposed in the noncompete.

The legislation is also notable in that it reverses a prohibition on judicial blue penciling that was established by the Nevada Supreme Court in a 2016 decision, Golden Road Motor Inn, Inc. d/b/a Atlantis Casino Resort v. Islam and Grand Sierra Resort, 376 P.3d 151 (Nev. 2016). Nevada courts are now required to modify or “blue pencil” overbroad noncompetes to the extent necessary to render them enforceable. Although Nevada employers with an overbroad noncompete can take comfort knowing that the noncompete will not simply be discarded, they should nevertheless revise their noncompetes so that they impose restrictions in terms of time, geographical area and scope of activity that are reasonable.

In this age of social media, a frequently asked question is whether social media activity can violate a non-compete or non-solicit.   Although the case law is evolving, courts which have addressed the issue have focused on the content of the communication, rather than the medium used to convey it.  In so doing, they have distinguished between mere passive social media activity (e.g., posting an update about a new job) as opposed to more targeted, active actions (e.g., not merely posting about a new job, but also actively recruiting former co-workers or clients).

A “LinkedIn” case recently decided by the Illinois Appellate Court, Bankers Life v. American Senior Benefits, involved conduct which fell between these two extremes: an individual, Gregory P. Gelineau, who was contractually barred from soliciting former co-workers, sent three former co-workers  generic requests to become “connections” via LinkedIn.  The requests did not go further than that, but they were not purely passive in that they sent to specific individuals.  Gelineau’s former employer, Bankers Life, filed suit, accusing him of breaching his non-solicitation obligation.

After surveying decisions from around the country involving various forms of social media activity, the Court explained that the different results reached in these decisions “can be reconciled when looking at the content and the substance of the communications.” Here, the Court noted that the LinkedIn requests sent by Gelineau did not discuss Bankers Life or Gelineau’s new employer, did not suggest that the recipient view Gelineau’s new job description, and did not encourage the recipient to leave Bankers Life and join Gelineau’s new employer.  Rather, they were bare requests to become “connections” on LinkedIn.

The Court held that such bare requests were not the sort of direct, active efforts to recruit which would have been a breach of Gelineau’s contractual non-solicitation clause.

While the facts of Bankers Life fall in between the two extremes of social media activity addressed by other courts, the case ultimately turned on an evaluation of the content of the activity, as opposed to the medium.  This approach is consistent with that taken by courts whenever they are tasked with determining whether particular conduct constitutes an unlawful “solicitation.”