Small Businesses Will Bear a Large Burden of Proposed EPA Water Rules

This post was written by Christopher L. Rissetto and Robert Helland.

The Public Policy & Infrastructure practice continues to monitor the rollout of the “Waters of the United States” (“WOTUS”) rule proposed by the Environmental Protection Agency (“EPA”) and Army Corps of Engineers (“Corps”). The comment period for this proposed rule closed November 14, 2014. The purpose for this rule – ostensibly – is to settle 40 years of debate as to what constitutes waters of the United States under the Federal Water Pollution Control Act, commonly known as the Clean Water Act (“CWA”) 33 U.S.C. § 1251 et seq. But, as we have noted, the new policy presents an aggressive direction for EPA and the Corps, placing broad areas of wetlands, streams – including intermittent streams, and so-called “other waters” under federal scrutiny. The Public Policy Team assisted in developing client rulemaking comments for the WOTUS rulemaking.

The CWA applies to (1) waters used in interstate or foreign commerce; (2) interstate waters; (3) the territorial seas; (4) and any “impoundments” of these waters (e.g., reservoirs or other water basins created when water is dammed). The proposed rule does not change this, but adds three new bodies of water:

  1. All tributaries of the waters identified above
  2. All waters, including wetlands, adjacent either to the newly defined tributaries or to any of the other waters identified above
  3. So-called “other waters,” including wetlands. Section 2 (a)(5-7).

The impact on small businesses. If implemented as written, any entity that owns or operates land on or near these bodies of water will be facing a host of new permitting requirements. But the burden of compliance would fall disproportionately on golf courses, farmers, homebuilders and other small businesses throughout the country. They will need federal permission – which is not guaranteed – for any activity that may affect these waters, or face civil penalties at the current rate of $37,500 per day for each violation. This could halt operations at these small businesses or even cause them to close altogether. It was because of these concerns that the Small Business Administration’s Office of Advocacy, in a letter dated October 1, 2014, recommended the EPA “withdraw the rule and…conduct a Small Business Advocacy Review panel before proceeding any further with this rulemaking.” Dr. Winslow Sargeant, Chief Counsel for Advocacy, noted that a Small Business Advocacy Review panel is required under the Regulatory Flexibility Act (Pub. L. 104-121, Title II, 110 Stat. 857 (1996)) “when a rule is expected to have a significant economic impact on a substantial number of small entities.” He stated that the Office of Advocacy believes that the proposed rule does have “direct, significant effects on small businesses."

The Office of Advocacy echoes the concerns being raised by many in the small business community. These concerns were discussed in a “Small Entities Meeting” at EPA headquarters October 15, and will likely be raised again in the thousands of comments submitted on the rule. The new Congress is anticipated to respond to the proposed rulemaking, as EPA actions, generally, will be closely reviewed.

FCA Enforcement: The Landscape After FX

This post was written by Eoin O'Shea.

This briefing discusses the new approach of the UK’s regulator, the FCA, to regulatory enforcement of wholesale markets, as revealed by the recent settlements between the agency and five banks relating to FX manipulation. These are the largest regulatory settlements in UK history, a total of £1.1 billion (or $1.72 billion), the largest slice of a $4.3 billion total figure across four international regulators. The size of the penalties, and, perhaps more importantly, the FCA’s methodology in arriving at the final figures, should be of real concern for UK-regulated entities.

Please click here to read the issued Client Alert.

Condensate Exports Raise Compliance Questions for Purchasers

This post was written by Jeffrey Orenstein.

Recent press reports covering the sale and export of lightly processed condensate from the Eagle Ford Shale have characterized such transactions as a major test to the four-decade-long ban on crude oil exports, and a sign that the ban is crumbling. They are not exactly that. However, as condensate exports become more common, they will raise important compliance questions for would-be purchasers.

Click here to view the full issued Client Alert.

FCC Confirms that Even Solicited Fax Ads Must Contain Opt-Out Language, and Sets Six-Month Deadline for Companies to Seek a Retroactive Waiver

This post was written by Judith L. Harris, Lisa B. Kim, and Christine N. Czuprynski.

On October 30, 2014, the FCC issued a much-anticipated ruling (“FCC Order”) resolving several petitions seeking clarification of the opt-out notice requirement regarding advertisements faxed to consumers, contained in the Telephone Consumer Protection Act, section 227 of the Communications Act (“TCPA”). The FCC ruled that all such faxes, even those sent with the recipient’s prior express permission or invitation – in other words, “solicited” fax advertisements – must include both notice of the recipient’s right to opt-out of receiving future faxed ads and notice of the mechanism recipients can use to exercise such opt-out right.

However, in light of the apparent confusion that existed before the FCC’s clarification regarding the applicability and scope of the TCPA’s opt-out notice requirement, the Commission granted 24 individual petitioners limited retroactive waivers, giving them six months to come into compliance with the rule. Importantly, the FCC also announced in its ruling that it will allow similarly situated entities to seek their own retroactive waivers on the same grounds. Any business that did not include an opt-out notice on fax advertisements it sent to recipients who had previously provided permission or an invitation to send them should take advantage of this rare opportunity provided by the FCC to seek a retroactive waiver.

A little history: the TCPA prohibits sending unsolicited fax advertisements. The TCPA was amended in 2005 by the Junk Fax Prevention Act, which codified an established business relationship exemption to the prohibition and required the sender of an unsolicited fax advertisement to provide specific notice and contact information on the fax that would allow recipients to “opt out” of any future fax transmissions from the sender. In 2006, the Commission issued additional regulations (the “Junk Fax Order”), including the following: “A facsimile advertisement that is sent to a recipient that has provided prior express invitation or permission to the sender must include an opt-out notice that complies with the requirements in paragraph (a)(4)(iii) of this section.” 47 CFR § 64.1200(a)(4)(iv) (the “Challenged Regulation”). However, that Order also contained a footnote, which read in relevant part, “the opt-out notice requirement only applies to communications that constitute unsolicited advertisements.” Junk Fax Order, 21 FCC Rcd at 3810, n.154.

In 2010, Anda, Inc. filed a request for declaratory ruling on the validity of the Challenged Regulation and its applicability to solicited fax ads. Anda argued that the Commission did not have the authority to promulgate the Challenged Regulation because the TCPA applies only to unsolicited fax advertisements. Alternatively, Anda argued that the TCPA was not the statutory basis of the Challenged Regulation, and thus, there is no private right of action to enforce that provision.

The Consumer and Government Affairs Bureau (“Bureau”) denied Anda’s petition in 2012 on procedural grounds. First, the Bureau ruled that Anda had identified no controversy because the Junk Fax Order identified section 227 as the statutory basis for the Challenged Regulation. In addition, any challenge to the Commission’s authority to adopt the rule itself was a collateral challenge that should have been raised within 30 days of the date of public notice of such action, which was in May 2006. Because Anda waited until 2010 to challenge the regulation, it was untimely. Anda sought review of this ruling by filing an Application for Review of the Bureau Order on May 14, 2012.

Dozens of petitions have been filed since Anda submitted its Application for Review. Those petitions parallel the arguments Anda raised in its original petition and its request for review. In addition, several of those petitions sought from the FCC a ruling that opt-out notices that “substantially complied” with the Challenged Regulation’s requirements, but did not track the language from the regulation exactly, were sufficient under the law. Some petitioners also challenged the regulation as an unconstitutional limitation on free speech.

The recently released FCC Order denies much of the relief requested by Anda and the other petitioners. Specifically, the FCC Order:

  • Affirms the Bureau’s holding that the Anda petition was an improper and untimely collateral attack on the Challenged Regulation
  • Affirms that the Commission relied on section 227 of the Communications Act to promulgate the opt-out requirement for solicited fax ads
  • Affirms that the Commission had authority to adopt the Challenged Regulation
  • Denies one petitioner’s request to repeal the Challenged Regulation on First Amendment grounds
  • Denies petitioners’ requests to allow for “substantial compliance” with the opt-out notice requirements, instead requiring full compliance

Commissioners Ajit Pai and Michael O’Rielly concurred in part and dissented in part to the order. Their statements offer a roadmap of sorts to petitioners who want to appeal this FCC ruling to the federal court of appeals, which has jurisdiction to review FCC orders. Commissioner Pai stated that “to the extent our rules require solicited fax advertisements to contain a detailed opt-out notice, our regulations are unlawful. And to the extent that they purport to expose businesses to billions of dollars in liability for failing to provide detailed opt-out notices on messages that their customers have specifically asked to received they depart from common sense.” Commissioner O’Rielly concurred with the relief granted, but dissented, like Commissioner Pai, from the ruling that the Commission has statutory authority to require opt-out notices on solicited faxes. He said that though the agency has the right to fill gaps in a statute, “it is not entitled to invent gaps in order to fill them with the agency’s own policy goals, no matter how well intentioned.”

The FCC Order acknowledges that petitioners and other entities may not have complied with the opt-out notice requirements for solicited faxes as the result of “reasonable confusion or misplaced confidence” that the opt-out notice did not apply to those fax ads. This confusion could have been the result of two things: (1) the contradictory footnote in the Junk Fax Order, referenced above; and/or (2) the lack of explicit notice, at the time the Challenged Regulation was adopted, that the Commission was contemplating an opt-out requirement on solicited fax ads. The FCC thus concluded that this reasonable confusion and misplaced confidence provided good cause for it to grant individual retroactive waivers to the petitioners, and to open up that opportunity to other similarly situated businesses.

On a practical level, this means that a business that sent fax ads with the recipient’s permission that did not include an opt-out notice, or included an opt-out notice that was not in full compliance with the language in the regulation, should lose no time seeking a retroactive waiver from the FCC. Such a waiver would protect that business from lawsuits based on past behavior, but would not apply to conduct that occurs after April 30, 2015, which is six months from the release date of the FCC Order.

All businesses sending out fax advertisements should reach out to experienced counsel to review their marketing practices and, if necessary, petition the FCC for a retroactive waiver regarding the inclusion of opt-out language and an opt-out mechanism in their solicited fax ads. All requests for waivers are to be submitted by April 30, 2015. For more information, join the authors of this alert for a webinar Wednesday, November 19, 2014, or contact the authors or any member of Reed Smith’s TCPA team for assistance in filing a waiver request.

Applying a Plain Meaning Interpretation to 'Automatic Telephone Dialing System,' the Southern District of California Dismisses TCPA Class Action Lawsuit

This post was written by Raymond Y. Kim and Jack J. Gindi.

On October 23, 2014, the U.S. District Court for the Southern District of California further clarified the federal Telephone Consumer Protection Act’s (“TCPA”) definition of “automatic telephone dialing system” (“ATDS”) and granted summary judgment for the defendant on the grounds that it did not use an ATDS to send promotional text messages. Marks v. Crunch San Diego, LLC, -- F.Supp.3d --, 2014 WL 5422976 (S.D. Cal. October 23, 2014).

Here are the major takeaways from the case:

  • “Capacity” means current, not potential, capacity.
  • The FCC lacks the authority to define an ATDS as anything but “a random or sequential number generator.”
  • The defendant’s dialing equipment was not an ATDS because it “lacks a random or sequential number generator.”
  • Meyer v. Portfolio Recovery Assocs. LLC, 696 F.3d 943 (9th Cir. 2012), is not controlling because the Ninth Circuit Court of Appeals did not consider the issue of whether the FCC had authority to define an ATDS.
  • Any dialing equipment (including a predictive dialer) that does not have the capacity to generate random or sequential phone numbers is not an ATDS.

In Marks, Crunch, a gym operator, used a third-party, web-based platform to send promotional text messages to its members’ and prospective customers’ cellular telephones. The phone numbers were inputted into the platform by one of three methods: (1) when Crunch or another authorized person manually uploaded a phone number onto the platform; (2) when an individual responded to a Crunch marketing campaign via text message; and (3) when an individual manually inputted the phone number on a consent form through Crunch’s website that interfaced with the platform. Crunch selected the desired phone numbers, generated a message to be sent, and selected the date the message was to be sent, and then the platform sent the text messages to those phone numbers on that date. The plaintiff filed a class action alleging that Crunch violated the TCPA by sending promotional text messages using an ATDS without the recipients’ prior express consent. Crunch filed a summary judgment motion arguing that its dialing platform was not an ATDS because “it lacks the capacity to store or produce telephone numbers to be called using a random or sequential number generator.”

The TCPA defines an ATDS as “equipment which has the capacity--(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” 47 U.S.C. § 227(a)(1). Based on the TCPA’s “clear and unambiguous” definition of an ATDS, the court held that Crunch’s equipment was not an ATDS because it “lacks a random or sequential number generator.” In so holding, the court rejected the FCC’s 2003 interpretation of an ATDS, finding that it “is not binding on the Court.”

In 2003, the FCC broadly interpreted the definition of ATDS to include “any equipment that has the specified capacity to generate numbers and dial them without human intervention regardless of whether the numbers called are randomly or sequentially generated or come from calling lists.” In the Matter of Rules and Regulations Implementing the Tel. Consumer Prot. Act of 1991, 27 F.C.C.R. 15391, 15392 n. 5 (2012) (emphasis added). The court found that the FCC’s 2003 commentary “change[d]” and “modif[ied]” the TCPA’s definition of an ATDS, which the FCC did not have authority to do because 47 U.S.C. section 227(a) – unlike section 227(b) and section 227(c) – “does not include a provision giving the FCC rulemaking authority.”

Turning to the interpretation of “capacity,” the court applied the current capacity interpretation and found that Crunch’s equipment was not a “random or sequential number generator” because “[n]umbers only enter the system through one of the three methods listed above, and all three methods require human curation and intervention.” The court was clear that calling a list of stored phone numbers is not “random or sequential number generation”:

“Random or sequential number generator” cannot reasonably refer broadly to any list of numbers dialed in random or sequential order, as this would effectively nullify the entire clause. If the statute meant to only require that an ATDS include any list or database of numbers, it would simply define an ATDS as a system with “the capacity to store or produce numbers to be called”; “random or sequential number generator” would be rendered superfluous. . . It therefore naturally follows that “random or sequential number generator” refers to the genesis of the list of numbers, not to an interpretation that renders “number generator” synonymous with “order to be called.”

Going a step further, the court also found that the dialing platform did not have the “potential capacity” to become an ATDS because Crunch used a third-party text delivery service that controlled the technology, and its “access to the platform [wa]s limited.”

The court also addressed Meyer v. Portfolio Recovery Assocs. LLC, where the Ninth Circuit deferred to the FCC and found a predictive dialer to be an ATDS. 696 F.3d 943, 950 (9th Cir. 2012). The court concluded that Meyer was not controlling because there, the defendant had waived its right to challenge the FCC’s authority to define ATDS by failing to raise the argument at the district court level. Meyer, 707 F.3d at 1044. The court also distinguished Crunch’s platform from the “predictive dialer” at issue in Meyer. However, the court noted that, based on a current capacity interpretation of ATDS, a predictive dialer is not itself an ATDS because it is “neither the database storing the numbers nor a number generator creating an ephemeral queue of numbers.”

This opinion is particularly favorable for defendants because it holds that in order to be an ATDS, dialing equipment must have “a random or sequential number generator,” and that merely having the capacity to call a list of stored phone numbers without human intervention is not “random or sequential number generation.” Although this ruling is not binding, it adds to the body of law applying the current capacity interpretation, and further signals the judiciary’s desire to reasonably interpret and apply the TCPA according to its plain and unambiguous statutory language.

Highest-Level Who? What Contractors Need to Know About the New FAR Provisions Requiring the Disclosure of Immediate and Highest-Level Ownership

This post was written by Lorraine M. Campos, Leslie A. Monahan, and Nkechi Kanu.

Back in May, a final rule issued by the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) imposed new disclosure requirements on federal contractors. Contractors will now be required to disclose whether they are owned or controlled by another business entity during their System for Award Management (SAM) registration.

Starting tomorrow, November 1, 2014, SAM registrants will face a new set of questions on ownership. The first question asks:

  • Does your entity have an immediate owner?

If the registrant selects “yes,” they will be required to answer the second question:

  • Does your entity have a higher-level owner?

The final rule adds a new FAR subpart 4.18, which defines “immediate owner” and “highest-level owner.”

  • Immediate owner means an entity, other than the offeror, that has direct control of the offeror. Indicators of control include, but are not limited to, one or more of the following: Ownership or interlocking management, identity of interests among family members, shared facilities and equipment, and the common use of employees.
  • Highest-level owner means the entity that owns or controls an immediate owner of the offeror, or that owns or controls one or more entities that control an immediate owner of the offeror. No entity owns or exercises control of the highest level owner.

In addition, offerors are now required to provide their Commercial and Government Entity (CAGE) codes for awards valued at greater than $3,000 (the micro-purchase threshold). The CAGE code is a five-character alpha-numeric identifier used within the Federal Government. Further, offerors must also list the name and CAGE codes for all entities reported as immediate and highest-level owners.

While CAGE codes have traditionally been reserved for contractors, the final rule now requires legal entities that may not have their own government contracts to obtain this identifier. As a result, the federal government will have more insight into who is actually benefiting from federal contracts.

Data Security Threats Are on the Rise in the Golden State, According to California Attorney General Kamala Harris

This post was written by Maytak Chin, Lisa Kim and Divonne Smoyer.

A California attorney general’s report released this month shows that data security threats are on the rise in the Golden State. Against a backdrop of increasing security breaches, the report recommends best practices for companies to adopt as a way to reduce their vulnerabilities and to better protect consumers.

The report highlights trends in security breaches that have occurred in California over the past two years. Last year alone, personal data from more than 18.5 million California residents was compromised, which represents a 600 percent increase from the 2.6 million records breached the year before. Moreover, the leading industries targeted for hacks and malware attacks were retail, financial services, and health care. In 2013, the retail industry had 26 percent of total breaches, followed by financial services at 20 percent, and health care at 15 percent. These industries are most at risk for security breaches because they possess and transact sensitive consumer data as an integral part of their business models.

Large retailers are particularly in jeopardy for cyber attacks. For instance, Target had a security breach that compromised 41 million individual records, and Living Social had 50 million of its consumer records hacked in 2013, which affected consumers nationwide. The magnitude of the security compromises at Target and Living Social illustrates how large retail companies have become prime targets for cyber attacks. However, updating company practices and technological processes can reduce system vulnerabilities.

The California attorney general’s report recommends that companies take four steps to improve data security and reduce breaches:

  • First, companies could update point-of-sale terminals and systems, e.g., cash registers and other payment card technologies, to accept chip-embedded cards. Chip cards interact with physical sale terminals to authenticate payment cards and have the ability to send a one-time message, which changes with each transaction. Since 1994, more than 80 countries have moved toward using chip cards, including Canada, Mexico, and Brazil, and several countries in Europe and Asia.
  • Second, encrypting sensitive information could reduce unauthorized access to the data. Once encrypted, the data transforms into a non-readable format that becomes readable only when paired with a matching cryptographic key generated by a matching mathematical algorithm. This prevents access to such information from unauthorized users who do not have the matching cryptographic key.
  • Third, companies could employ tokenization solutions to make sensitive information less accessible. Tokenization is similar to encryption, except the key or token is generated at random at the point of use, rather than through a set mathematical algorithm.
  • Fourth, companies should implement security breach policies to ensure prompt notifications to consumers and responses to address the breach, as measures to prevent further systemic harm.

The California attorney general’s report comes on the eve before new personal information privacy rules take effect next year. In the past month, the California Legislature passed, and the governor approved, Assembly Bill No. 1710, which amend Civil Code section 1798 et seq. The newly enacted provisions will restrict the sale of Social Security numbers, including in advertising and offers to sell, and expand the law to reach any company that owns, licenses, or maintains specified personal information of any California resident. The new laws will also require that security breach notifications include an offer from the business with the breach to provide appropriate identity theft prevention and mitigation service to compromised consumers. For more information on Assembly Bill No. 1710, check our blog post on it here.

The California attorney general’s office is one of the most active offices in the area of state privacy enforcement. In the past several years, however, state attorney generals across all 50 states have become increasingly active in privacy enforcement because of a lack of comprehensive privacy rules in the United States at the federal level.

Reed Smith attorneys conduct Q&A with Idaho AG

This post was written by Divonne Smoyer and Frederick Lah.

Attorney General (AG) Lawrence Wasden is Idaho’s longest-serving AG, having served since his election in 2002. Wasden has been a strong advocate of consumer protection issues related to privacy, such as marketing scams and Internet safety, particularly with respect to teens and children. He also has served as president of both the National Association of Attorneys General (NAAG), the nonpartisan professional association for state AGs, as well as the chair of the Conference of Western Attorneys General (CWAG), an educational association focusing on legal and policy issues of importance to states in the western U.S.

Reed Smith Data Privacy attorneys Divonne Smoyer and Frederick Lah produced a series of Q&A with AG Wasden. Click here to read the entire interview on The Privacy Advisor.

Also see our previous Q&As with Connecticut AG George Jepsen and Indiana AG Greg Zoeller.

Paying More: New Final Rule Implementing Federal Minimum Wage for Contractors

This post was written by Lorraine M. Campos and Paula A. Salamoun.

On October 7, 2014, the Department of Labor (“DOL”) published its Final Rule, 79 Fed. Reg. 60633, implementing Executive Order (EO) 13658’s new minimum wage requirements for government contractors and subcontractors. While addressing the nation in the January 2014 State of the Union Address, President Obama stated his intention to issue an EO that would “requir[e] federal contractors to pay their federally-funded employees a fair wage of at least $10.10 an hour.” Shortly thereafter, President Obama issued EO 13658, setting the new federal contractor minimum wage at $10.10, and tasking the secretary of the DOL with the responsibility of publishing new implementing regulations. In an earlier June 2014 post, we discussed the DOL’s then-proposed rule and its potential reach and applicability, as well as the potential pitfalls for contractors who ignore this new regulatory development. Since then, the DOL has wrapped up its notice and comment period, and put forth its Final Rule.


The DOL’s Final Rule applies to new and replacement federal contracts that arise from solicitations issued on or after January 1, 2015, or contracts awarded on or after January 1, 2015. Contractors engaging in business under any of the following four contractual categories will come under the provisions of the new regulations:

  • Procurement contracts for construction under the Davis-Bacon Act (DBA)
  • Service contracts under the Service Contract Act (SCA)
  • Concessions contracts, including any concessions contract excluded from the SCA by the Department of Labor’s regulations at 29 CFR 4.133(b)
  • Contracts related to federal property or lands and related to offering services for federal employees, their dependents, or the general public

New Obligations

Contractors and subcontractors are now subject to certain new obligations. For example, any covered lower-tiered subcontract must include the Executive Order contract clause informing parties of the new minimum wage. Additionally, contractors and subcontractors must assure notification of the new applicable minimum wage rate to all workers performing on or in connection with a covered contract.

The Final Rule also imposes new recordkeeping obligations that may cause some administrative headaches. For example, if a covered contractor during any workweek is not exclusively engaged in performing covered contracts, the contractor must record the time spent on covered contracts apart from time worked on contracts not covered. Further, contractors with covered contracts are required to maintain records of each worker's occupation or classification and the total wages paid.


The Final Rule provides regulations authorizing agency investigations and administrative hearings when necessary. Generally, enforcement procedures and remedies under these regulations will be based on the text of the Federal Labor Standards Act (FLSA), SCA, and DBA.

TCPA: The Muddled Madness Continues!

This post was written by Judith L. Harris.

Tuesday evening, the Federal Communication Bar Association held a seminar in Washington designed to help practitioners make some sense of the ever-expanding number of class actions that have been brought under the Telephone Consumer Protection Act (“TCPA”) by often over-zealous plaintiffs’ attorneys; the inconsistent decisions that have been rendered by the courts; and the scores of requests for declaratory rulings that are currently pending before the Federal Communications Commission (“FCC,” “Agency,” or “Commission”). While the participants on the seminar’s two panels (the first designed as a litigation update and the second intended to provide a look down the road) quibbled over substance throughout the evening, they did seem to share one common perspective: the TCPA is a mess!

Not surprisingly, the panelists – especially the FCC’s representative – were much more adept at identifying open issues than at providing answers. Nonetheless, we were able to gain some insight into what are generally considered to be the most difficult TCPA-related issues and how some of the current confusion might eventually sort itself out.

  • There seems to be universal agreement that the FCC will issue an order “any day now” dealing with opt-out requirements in situations involving solicited faxes. We got the sense that an order is already signed by at least the necessary three Commissioners, and that the Agency will cut a little bit of slack in limited circumstances, to telemarketers responding to consumer requests or sending faxes to existing customers who have consented to receiving them. We’ll see.
  • It also seems that Commission staff is currently grappling with the definition of “called party” in the case of reassigned mobile phone numbers. The courts have recently reached differing conclusions regarding that definition for purposes of ascertaining consent, some holding that the called party is the intended recipient of the call and others concluding that it’s the current subscriber. We’re guessing that this will be the subject of the next important TCPA order issued by the FCC.
  • The good money is betting that the other big questions (in particular, the many pending requests for declaratory rulings relating to the definition of an ATDS, the capacity debate, etc.) will be wrapped into the omnibus rulemaking currently pending before the Agency. It appears that the Commission would be very interested in arriving at a compromise position that could be embraced by both businesses and consumers. Panelist Jason Goldman, Counsel at the U.S. Chamber of Commerce, offered that the Chamber is very focused on trying to proactively develop solutions to some of these issues as, not surprisingly, this whole area of the law is of grave concern to the Chamber’s members.
  • Interestingly, in the first panel, two different answers were given by private practitioners to the question of how many petitions for declaratory rulings are currently pending before the FCC (41 and 52). During the second panel, which included Kristi Lemoine – an attorney with the FCC’s Office of Consumer and Governmental Affairs who described herself as spending more than 90 percent of her time on TCPA issues – Kristi confessed that she herself doesn’t know which of those two numbers was accurate, as petitions keep coming on a regular basis, and even she is having a hard time keeping track of them. As expected, Kristi gave the usual caveats before she spoke: (1) that she was only speaking for herself and not on behalf of the Commission; and (2) that she wasn’t going to have a lot to say because virtually all the issues that the audience might be interested in were currently the subject of pending petitions for declaratory rulings, which she was not at liberty to discuss. Then she proceeded to say almost nothing and made no predictions. She did advise that the FCC was attempting to group the petitions by issue, but even just doing that was tough because of the frequency with which petitions were being filed, and the fact that many posed more than a single issue.
  • There seemed to be some consensus that, currently, one of the most interesting open questions relates to the scope of third-party liability for mobile marketing TCPA violations. Several panelists referred to the recent decision of the Ninth Circuit holding that companies that hire third parties to send unsolicited text messages on behalf of yet another entity can be held liable for TCPA violations. See, Gomez v. Campbell-Ewald Co., __F. 3d___, 2014 WL4654479. The Gomez case reversed and remanded an order granting summary judgment in favor of defendants, holding that a marketing company, hired by the U.S. Navy to run a recruitment campaign, could be held liable for violations by a third party with which the marketing company had subcontracted to send text messages in furtherance of the Navy’s recruitment campaign. While the FCC has previously opined that third-party liability should be based on common law principles of agency (actual/apparent authority/ratification), everyone agreed that this Ninth Circuit decision, holding, as it did, that a middle man that hired a vendor on behalf of an entity that contracted with the middle man to have calls made or messages sent, could be held liable for acts of the vendor with which the middleman contracted, is really pushing the envelope; and may or may not end up accurately reflecting the law.
  • Finally, there were several references during the seminar to the Federal Trade Commission’s (“FTC”) announcement in August of the winners of its “Zapping Rachel” robocall contest as evidence that the relevant federal enforcement agencies remain laser-focused. According to the description on the FTC’s website: “Zapping Rachel marks the latest step in the FTC’s ongoing campaign to combat illegal, pre-recorded telemarketing calls known as robocalls. The contest challenged participants to design a robocall honeypot which is an information system designed to attract robocallers and help law enforcement authorities, researchers, and others gain enhanced insights into robocallers’ tactics.” Beware! The award winners came up with some pretty innovative ideas!

In other news, the FCC also released an Enforcement Alert. The Alert contains a warning (in this election season) that the TCPA’s prohibitions about auto-dialed calls and pre-recorded messages also apply to political calls, and that the Commission intends to enforce the law and its regulations in this regard. For you beleaguered defendants out there: turnaround is fair play!

From Epidemic to Bioterrorism: Mitigating Contractor Risks in a Worst-Case Scenario

This post was written by Lorraine M. Campos and Leslie A. Monahan.

While the current Ebola outbreak is a natural epidemic, the idea that the virus could be used as a bioterrorist threat has been considered. Accordingly, the potential for obtaining Department of Homeland Security (DHS) Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act) protection for products or services related to fighting the Ebola virus is not completely far-fetched.

As background, the SAFETY Act was established to facilitate the development and use of effective anti-terrorism products and services. The SAFETY Act creates systems of risk and litigation management by providing liability protections for manufacturers and sellers of qualified anti-terrorism technologies (QATT) that could save lives. Specifically, sellers of QATT are granted limited liability for third-party claims arising out of the deployment of the QATT with respect to acts of terrorism. The maximum liability is determined by DHS on an applicant-by-applicant basis based on information contained in the application, and the seller is required to maintain liability insurance at that level.

Although the SAFETY Act may seem limited in scope, it applies to comprehensive terrorism prevention, response, and mitigation, and has covered vaccines and screening technology in the past. For example, in 2006, SAFETY Act designation and certification was given to the developer of a vaccine to prevent the symptoms associated with infection with anthrax. That same year, the manufacturer of a sterile antibody product that can be used for the treatment of adverse reactions to the smallpox vaccine, or other uses relating to exposure to the smallpox virus, received SAFETY Act protection. Additionally, biological screening kits for multiple bioterrorism agents have been covered by the SAFETY Act.

In the event DHS would offer SAFETY Act protection to businesses developing new medical treatments and interventions to treat and contain the Ebola virus, this protection does not eliminate all risks and uncertainties for developers. SAFETY Act coverage only applies to claims stemming from designated acts of terrorism, and does not protect against non-terrorism related risks. Since there is also a risk of contracting Ebola outside of terrorist events, claims stemming from these incidents would be outside the scope of SAFETY Act protection.

Opportunity for Government Contractors to Develop Ebola Countermeasures

This post was written by Lorraine M. Campos and Nkechi Kanu.

The Ebola epidemic in West Africa is the worst medical outbreak of the disease in recorded history. Currently, there are no treatments or vaccines proven to be safe or effective for the Ebola virus, and investigational vaccines and treatments are only in the early stages of development. As such, the primary approach to containing the virus includes identifying and isolating infected people, and ensuring that health care workers have access to protective equipment.

In response to the Ebola outbreak, the U.S. government has been actively working with private and public entities and international organizations to facilitate the development of treatments and vaccines with the potential to help mitigate the Ebola epidemic. Additionally, the U.S. Food and Drug Administration (“FDA”) has utilized a mechanism under its regulatory framework to enable access to an investigational medical product that can detect the Ebola virus.

Under section 564 of the Federal Food, Drug, and Cosmetic Act (FD&C), the FDA can issue an Emergency Use Authorization (EUA), which allows for the use of unapproved medical products or unapproved uses of approved medical products in an emergency to diagnose, treat, or prevent serious or life-threatening diseases when there are no adequate, approved, and available alternatives. The FDA recently utilized an EUA to authorize the use of an Ebola diagnostic test, developed by the Department of Defense (DOD). The FDA declared that the DOD’s diagnostic test could help facilitate an effective response to the ongoing epidemic in West Africa by rapidly detecting patients infected with Ebola virus, and facilitating appropriate containment measures and clinical care. After the issuance of the EUA, the FDA encouraged other diagnostic product developers to pursue an EUA, or other appropriate mechanisms, for their investigational products that can be used to test for or treat Ebola. Although the EUA issued October 10, 2014 waived certain labeling, storage, and distribution requirements, developers should be mindful that section 564 of the FD&C Act does not establish a liability protection scheme or tort immunity for manufacturers or others who carry out any activity for which an EUA is issued.

In addition to the FDA’s authority to issue EUAs, the Public Readiness and Preparedness Act (PREP) authorizes the Secretary of the U.S. Department of Health and Human Services (HHS) to issue a PREP Act declaration in response to a public health emergency. Unlike an authorization under an EUA, a PREP Act declaration provides immunity from tort liability claims to individuals or organizations involved in manufacturing, distributing, or dispensing medical countermeasures. Covered countermeasures include vaccines, antidotes, medications, medical devices or other FDA-regulated products used to respond to pandemics, epidemics, or any biological, chemical, radiological, or nuclear threat. If HHS chooses to issue a PREP Act declaration for the Ebola virus, manufacturers who decide to distribute or dispense medical countermeasures under a declaration should be advised of the liability protections they can receive.

New VETS Rule Changes Reporting Requirements for Government Contractors - Veterans in the Aggregate

This post was written by Lorraine M. Campos and Nkechi A. Kanu.

The U.S. Department of Labor’s Veterans’ Employment and Training Service (“VETS”) recently issued a final rule altering the reporting requirements on veteran employment and hiring for federal contractors. The new rule revises the regulations implementing the reporting requirements under the Vietnam Era Veterans’ Readjustment Assistance Act of 1974 (“VEVRAA”). Although the rule becomes effective October 27, 2014, federal contractors and subcontractors will not be required to comply with the reporting requirements until the reporting cycle in August 2015.

The new rule rescinded obsolete regulations and changes the manner in which federal contractors and subcontractors report on their employment of veterans. Significant changes made in the final rule include:

  • Rescinding 41 C.F.R. Part 61-250: VETS rescinded the regulations in part 61-250, which generally apply to contracts entered into before December 1, 2003. VETS found that the rules were obsolete because the Federal Acquisition regulations (FAR) generally limit the length of government contract to a maximum period of five years. As such, any contracts entered into prior to December 1, 2003, have likely terminated.
  • Changing Reporting Requirements: The final rule renames the VETS-100A Report to VETS-4214 Report. The new rule provides that under VETS-4214, contractors can now report the total number of “protected veterans” in their workforce in the aggregate, rather than by each category of veterans protected by the statute. Previous reporting requirements under VETS-100A called for contractors to provide the total number of veterans protected under each of the four categories of “covered veterans”: (i) disabled veterans; (ii) other protected veterans; (iii) Armed Forced service medal veterans; and (iv) recently separated veterans.
  • Change in the Definition of Protected Veteran: The new regulation eliminates the definitions for “covered veteran” and “other protected veteran,” and provides a new definition of “protected veteran” to mean a veteran who may be classified as a disabled veteran, recently separated veteran, active duty wartime or campaign badge veteran, or an Armed Forces service medal veteran.

VETS believed that reporting aggregate data, rather than the data for each category of veterans protected, will provide more meaningful data to Congress. Specifically, the aggregate information will allow for cross-year comparisons of federal contractors’ employment and hiring of protected veterans, as well as the proportion of contractors’ workforce and new hires made up by protected veterans.

Additionally, VETS indicated that comprehensive data recording under the new rule will assist contractors in effectively monitoring the success of their recruitment and outreach efforts to attract protected veterans. Under the final rule, contractors and subcontractors may have to adjust their recordkeeping systems in order to comply with the revised data collection.

Court Finds, Again, That Device ID Is Not Personally Identifiable Information (PII) Under The Video Privacy Protection Act (VPPA)

This post was written by Lisa B. Kim.

On October 8, 2014, a district court judge in Georgia dismissed with prejudice a Video Privacy Protection Act (VPPA) action against The Cartoon Network (CN), holding that the disclosure of the plaintiff’s Android ID was not actionable because the Android ID did not qualify as “personally identifiable information” (PII). The full order is attached.

In Ellis v. The Cartoon Network, Inc., the plaintiff alleged that he downloaded the Cartoon Network App (“CN App”) and began using it to watch video clips on his Android device. Plaintiff alleged that each time he used the CN App, a complete record of his video history, along with his Android ID number, was transmitted to Bango. Bango, as a third-party analytics company that collects a wide variety of information about consumers from other sources, would then allegedly reverse-engineer the consumers’ identities by using the Android ID.

Plaintiff claimed that CN’s practice of sharing his Android ID and viewing history to Bango without his consent was a violation of the VPPA.

The court dismissed the case with prejudice, finding that the Android ID did not qualify as PII, and thus, CN’s practices of sharing device IDs to Bango did not fall within the purview of the VPPA. Citing to the In re Hulu and In re Nickelodeon cases, the court explained that in order to be considered PII, the information had to link an actual person to actual video materials. Where an anonymous ID was disclosed to a third party but that third party had to take further steps to match that ID to a specific person, no VPPA violation occurred. The court likened this case to the disclosure of cable box codes, which could not identify consumers without corresponding billing records. Here, too, Bango needed to go through an additional step of matching PII gathered from other sources to identify the user. This was not a situation where video viewing habits were linked to a Facebook account, where the specific person could be identified without any additional steps. Accordingly, the court found that the disclosure of an Android ID alone, as happened here, does not qualify as PII under the VPPA, and dismissed the case with prejudice.

The court also considered and rejected arguments by CN that plaintiff had no standing to bring the case because he did not suffer an injury in fact, and that plaintiff was not a “subscriber” to any of CN’s services, and thus, not a “consumer” under the VPPA. The court found that an invasion of a statutorily created right established standing even if no injury would have existed without the statute. Since plaintiff alleged a violation of the VPPA, the court found that plaintiff alleged an injury. The court also found that plaintiff was arguably a subscriber because he downloaded the CN App and used it to watch video clips. However, given that the court ultimately dismissed the case, these rulings would be considered dicta.

With this ruling, courts appear to be drawing a line with regard to applying the VPPA to sharing information with analytics companies. Plaintiffs have certainly been testing the waters with VPPA cases against various news and entertainment organizations (see May 5, 2014 blog post). This ruling demonstrates that the courts are hesitant to push the bounds of the VPPA to include the simple sharing of device IDs without more. Time will tell if the other courts follow suit.

U.S. Supreme Court Upholds Fourth Circuit Victory for Omnicare, Inc. in High-Profile, Precedent-Setting False Claims Act Case

This post was written by Eric A. Dubelier, Lawrence S. Sher, Katherine J. Seikaly, Mel BerasJames C. Martin, and Colin E. Wrabley.

In a decision that has significant repercussions both for the pharmaceutical and health care industries and False Claims Act jurisprudence more broadly, the U.S. Supreme Court denied review of a groundbreaking Fourth Circuit decision affirming the dismissal of a novel False Claims Act suit against Reed Smith client Omnicare, Inc. In its February 2014 decision, the Fourth Circuit rejected the qui tam relator’s claim that Omnicare violated the FCA when it sought reimbursement for drugs that it allegedly packaged in violation of certain federal packaging regulations. The significance of these rulings is especially great as FCA suits proliferate, and settlements and judgments explode. In fiscal year 2012 alone, nearly 800 FCA lawsuits were filed, more than half of which involved the health care industry. And in that same year, according to the U.S. Department of Justice, there were settlements and judgments in FCA cases of nearly $5 billion, more than $3 billion of which involved the health care industry.

Click here to view the full issued Client Alert.