Data Security Updates

Data Security Updates
By Martin F. Medeiros, Managing PartnerSwider Medeiros Haver LLP

I. Privacy Policies Must be Followed or Warranty-Like Claims May be Triggered in Marketing Materials
If businesses are unable to perform and ensure their ability to protect privacy claims in marketing materials or privacy policies, expect liability for failure to so ensure. The Federal Trade Commission (FTC), one of the administrative agencies in the United States of America charged with regulating consumer affairs, ruled against one company in a recent decision (In re CBR Systems, Inc.) and ordered a bi-yearly audit for the next twenty years as it found the privacy policy claims marketed to consumers were deceptive, and its unmonitored allowance of employees to handle and transport information about consumers. The FTC concluded the company failed to take adequate steps to prevent, detect and investigate unauthorized access to its computer networks.

II. Important Updates to Children Online Privacy Protection Act (“COPPA”)
The amendments go into effect July 1, 2013 which redefine “operator,” “personal information” and “website or online service directed to children.” Readers and clients must update their privacy policies and processes before this date. The following are important changes:
1. Personal information or Personally Identifiable information (“PII”). Operators cannot collect PII such as geo-location information, photos, and videos from children under 13 without parental consent.
2. Mobile IDs and Internet Protocol (IP) Addresses are now PII. PII now includes persistent identifiers, such as IP addresses and mobile device IDs.
3. Plug-ins etc. Expressly covered. Third parties PII exclusion is now expressly prohibited for child targeted plug-ns, apps, etc.
4. Due Diligence Requirement on PII Release to Third Parties. Effected website operators must take reasonable steps to ensure they only release PII to companies that are competent to secure and maintain confidentiality.
Also, in 2012, the FTC approved safe harbor program for Aristotle International Inc., which is expected to be the model safe harbor for COPPA compliance. To be approved by the FTC, proposed safe harbor guidelines must fulfill three criteria: (i) provide the same or greater protections for children as those contained in the Rule; (ii) set forth effective, mandatory mechanisms for the independent assessment of members’ compliance; and (iii) provide effective incentives for members’ compliance. You can obtain copies of the approved program at:

III. Important Updates to Heath Insurance Portability and Accountability Act Updates (HIPAA)
New changes concern Personal Heath Information (PHI) became effective March 22, 2013 but the full compliance date for the majority of modifications is September 23, 2013. HIPAA governs the privacy protection of individual health information for “covered entities” (e.g., healthcare providers, health plans and health information clearing houses, etc.). 45 C.F.R. §§ 160, 164. Updates:
1. Privacy Notices. Readers and clients that are “covered entities” must review current notices and resolve discrepancies with the new rules on privacy notices and policies.
2. Subcontractors and Business Associates Now Explicitly Covered by the Law. Parties performing services on behalf of general contracts that create, receive or maintain, or transmit PHI are held directly liable. This broadens or makes the requirement explicit; as an example, any cloud computing service providers, information technology (IT) services, managed services, backup and storage companies who take custody of or transmit PHI or those of their customers are now directly liable for HIPAA non-compliance.
3. Notification Triggers Lowered. Now any “impermissible use or disclosure” is presumed to be a security breach. This clarifies some ambiguity in several instances.

Negotiating Enterprise Resource Planning (ERP) Licenses in the Era of Cloud Computing

By Martin F. Medeiros, Managing Partner, Swider Medeiros Haver LLP

Institutions that use Enterprise Resource Planning (ERP) software are under new and constant pressure to make systems cost effective. Discovery of organizational efficiency is the goal.  Saving money on the initial transaction and maintaining an ongoing relationship is a concern.  However, the advent of sophisticated cloud computing applications seems to give organizations, information technology managers and general counsel a great deal of complex decision-making.  ERP vendors are under pressure to maintain and grow market share.  ERP software has proven to save companies tens of millions of dollars when implemented and negotiated professionally. However, when negotiated and implemented poorly, ERP projects have contributed to the dissolution of publicly traded companies. When it comes to difficulties, there are eight recurring themes I’ve noticed in the last eighteen years in negotiating with these providers.

1. Advanced Planning is the Key

Ensure you know what you want and how that fits into the organization, and then name licensing rights accordingly. Recently, it seems software publishers themselves have lost control of the actual product names and associated rights in the product set.  This control loss follows when publishers release a product under one name, discover it is not ready, pull the product, and rename it under something else or integrate it into a new product.  The legacy of thinking on the publisher’s part and the difficulty in the licensee’s part in letting go of the use of the former product may be challenging.  From day one, track licensing types (whether by CPU, site, machine, role, cloud subscription, etc.) and link them to a specific product name and the function on the module and any other restriction, which may even be a named end user. Swider Medeiros Haver LLP uses a universal matrix that keeps varied products, functions, rebranding and licensing rights organized. Planning is needed with regards to: which infrastructure pieces are required; the mix of internal installation of software verses cloud solutions; and how they interface with calls to cloud-based applications. Planning for a de-install if things go sideways is key for this risk mitigation exercise. This includes knowing data portability issues of cloud applications. Periodic testing of what I call “drone” data applications to ensure the cloud application is not corrupting data is also part of a strong risk management strategy.

2. Get the Right Staff on the Project

Managing an ERP takes organized, systematic and savvy team members from information technology (IT), business units, finance and procurement functions. Experienced license and vendor relation managers with their 10,000 hours in are invaluable.  These people make these projects work; the software itself will not solve the problem unless the right people are involved. Finally, note that the procurement negotiators need to realize that these relationships are strategic, never a one-off commodity relationship, but a serial event attended by all the systems and complexities of human interaction.  Experts are required on the front side of the deal and especially in disputes.

3. Licensing Manager Focused on Cost Control

The names, functions and charges of the modules change so you need to ensure that you have a keen idea of what the product set is, who is using it and what the value proposition looks like. As mentioned in another context above, products or modules are pulled off the market, “perfected” and reintroduced years later. Many still pay maintenance / support fees (typically 12-25% on the base license cost) years after the product is de-installed or removed from the market. When managing licenses, pay for the value received.  Avoid paying maintenance / support fees on software you are not running. What is the benefit you are buying?

4. Avoiding Sales Driven Pressure

Licensee must ensure they understand and comply with license terms.  This is a question of process.  Meet with internal folks to verify understanding and have the licensor validate intended use.  In 2011, ERP vendors found themselves under pressure to make the ERP financial model work given the threat of cloud based applications. Now, more than ever, Swider Medeiros Haver is seeing compliance audit teams being used by the sales force to gain concessions. Sales teams are telling licensees they are out of compliance prior to an audit.  In a competitive market, it is not unheard of that the word of a long standing relationship with a trustworthy IT manager is questioned over that of a disgruntled former employee of the licensee.  “Trust but verified” is the rule as misplaced fear opens, and shuts, many wallets.  Using the audit for increased sales is a poor customer relationship management (CRM) tool.

5. Audit Accuracy

When it comes time for the annual “true up,” or even an unplanned audit, ensure you know exactly what the vendor is asking for and that they not only know the product set, but the terms of the licenses. An ambiguous request for an unknown product set can take months to complete, which costs time and money to the licensor, but more so for the licensee.

6. Flexibility

Can you flex up in use or withdraw usage?  Take or pay does favor the licensor but may also corrupt the relationship.  In some industries, CIOs are under similar pressures as if they are a utility operator and must charge fair and reasonable rates for a given business function, in others, cost is not an issue. Should ERP costs get sticky on the upside, reasonable rates become more elusive.  Above all the relationship must be flexible to allow for technological change and change in value and cost.  In cloud computing as with the internet, the consumer is king as choices and price pressure trend downward.

7. Corporate Changes

Corporate changes, mergers, acquisition, divestitures, going public or going private all may have ramifications on your software licensing and can be very costly.  For example, when a company goes public, some data may be pulled from the ERP application which may trigger costs.  If you are on a per data push license, real-time market data reporting, capacity data, usage and other data pushed to mobile devices can ring up charges if the licenses says it can. Determine if a data distribution is part of your intended use.  So a full audit on ERP licensing terms prior to any change in control is essential. So too, per seat charges may increase in a merger or decrease in an asset sale, this may trigger more seat charges, liquidated damages clauses or cause you to incur licensing costs.

8. It’s About the Negotiation

Astronomers say that an asteroid in deep space that is on a collision course with the Earth will miss the target by millions of miles if hit by the force of a paintball in that deep space location; so too can problems, including litigation, be avoided by the parties by negotiating a good manageable license before the software is installed; a few hours spent negotiating critical clauses can save millions down the road in Swider Medeiros Haver’s experience.  Above are a few of the recurring themes, which contribute to optimizing performance in the contractual relationship. All of the above can be addressed in the request for proposal or sales cycle and in any amendment to the original license. The key is to plan where the ERP interfaces with any cloud solution and knowing what rights transfer and when.

Crowdfunding and Social Entrepreneurs

By Tichelle A. Sorensen

One of the challenges for any small business, including social enterprises, is the ability to raise sufficient capital to fund start-up or ongoing business operations.  Usually an entity’s ability to raise capital is limited in two areas:  first, identifying potential investors and securing the investment; and second, complying with the US Securities and Exchange Commission’s (SEC) regulations.  While securities regulations were implemented largely to protect potential investors and the public from fraud and other harmful business practices, the practical effect is that understanding and complying with the regulations in order to raise money – even where you have an identified investment source, or sources – can be complex and expensive.

For social enterprises, raising capital can be even more difficult.  Small businesses of all kinds are challenged to find financial support, but social entrepreneurs face the additional challenge of connecting with like-minded investors – investors who understand and support the social mission and are willing to invest in a company that prioritizes a social mission (in some cases, over increasing profits in a way that contradicts that mission.)

For these reasons new online models which enable entrepreneurs to market their projects inexpensively to many possible funders has gained popularity among social entrepreneurs.

Current Complexities and Limitations to Crowdfunding  

Some entrepreneurs are able to build effective campaigns on websites like Kickstarter and Indie GoGo, successfully raising enough money to complete their proposal.   Online platforms such as these have provided an avenue for project-based funding for innovative and creative individuals and entities.  But these sites are only useful to certain categories of entrepreneurs – those who have the type of offerings that can fit the specific project funding model criteria, with either tangible products (films, books, artwork, etc.) or intangible experiences (music performances, guest lectures, etc.) that can be given to the participant in exchange for their financial “investment.”

In these cases, supporters of such projects are not “investors” in the traditional sense.   While they may invest financial resources in a certain project or undertaking, they do so with the understanding that they will not share in the risk or reward of the company’s overall operations as a true investor would.   Their participation may help propel the business’ operations forward, but the only direct return they can expect is whatever item or experience is offered in connection with that project.

By contrast, an investor in the typical business scenario is interested in the opportunity to participate in the growth and financial success of a business in an ownership role.  In the securities sense, an investor has the expectation of a profit or potential profit.  An evidentiary instrument of this expectation is part of the investment agreement, typically in the form of a debt instrument, such as a promissory note, or an equity instrument, such as a stock certificate.  Along with this expectation, investors also share in the risks.  If the company fails, the investment is often lost.

Jumpstart Our Business Startups (“JOBS”) Act

For those social entrepreneurs that are seeking investors to participate in their company, the Jumpstart Our Business Startups (“JOBS”) Act, signed by President Obama on April 5, 2012, may open the door to opportunities for true crowdfunding, meaning the ability to raise capital by offering an ownership interest in the venture through crowdfunding portals.   The JOBS Act could help simplify the process of complying with securities regulations, as well as allow for a greater ability to promote the project to potential investors.

There are two noteable provisions of the JOBS Act that may be of interest to social entrepreneurs.  First, the JOBS Act amends Rule 506 of Regulation D of the Securities Act.  The practical effect of this change would allow more widespread advertising or general solicitation for investment, but only where all purchasers are “accredited investors.”  An accredited investor is a category of sophisticated purchasers that includes company officers and directors, banks, certain charities and trusts, and high net worth individuals. (For more information, on accredited investors, please visit  So, for a social enterprise that is seeking investment specifically from accredited investors, this could allow for broader media and advertising campaigns which could also help the enterprise communicate its mission and build its brand at the same time it is seeking investment.

The more compelling piece of the JOBS Act however is the provision that would allow for crowdfunding.   This would allow entrepreneurs to seek funding through online portals, where they could connect with potential investors who could enter into equity purchase transactions.   The portal operator would be responsible for ensuring that investors have an appropriate understanding of the risks of investing, and that the investor has not exceeded the law’s limits on individual investment (which are based on the investor’s income.)

For now, we can only guess how the provisions of the new law will be implemented in practice.  The SEC requested additional time to implement the changes to Rule 506.  The draft changes are not expected until later this year.

Despite the potential benefits of the new law, the JOBS Act will not eliminate the transactional costs for the entrepreneur.   Companies using crowdfunding portals would still need to provide financial analysis and disclosures, and comply with ongoing reporting requirements.  Additionally, closely held companies who have never worked with outside investors may need additional assistance understanding and complying with proper governance and recordkeeping procedures.  For social entrepreneurs, this would also mean the need to better understand how to protect the social mission of the organization, perhaps by taking advantage of newer forms of entity available in some states, such as benefit corporations.

As always, before taking steps to offer or sell securities to any third party, all entrepreneurs (including social entrepreneurs) should seek advice from competent legal and financial counsel.  This article is not intended as legal advice, and may not be relied on as such.


Checklist: Some Arts Contract Considerations

Originally posted on April 19, 2007

by Kohel Haver

•Who are the Parties and their addresses

•Identify their talent or what they bring to the deal

•Subject matter of the agreement as specifically as you can

•Subject Specifications: In detail use examples, exhibits.

- Exclusivity of the relationship

- Expenses: Who pays the cost of materials?

- Discuss the Format of delivered items

•Timing / Schedules / Delivery dates: Penalties for lateness.

•Change order procedure – Keeping written records.

•Revisions If requested by other party: artist agreement should contain an hourly fee for artist’s additions / changes / alterations / repairs / revisions / re-shoots / who can do it if the artist cannot.

•Solving Problems/ Errors how will you do this? Extra costs for reworking and who has the rights to do it and who will own it?

•Completion: Who decides when a work is “done” or has the rights to approve finals? How is approval to be expressed?

•Payment terms: progress, upfront in progress and on completion.

•Royalty and audit rights? Penalty is not followed.

•Termination – when is it done and when you can stop it?

•Cancellation and “Kill” fees – Getting paid for your time Play or Pay!

•Assignment or Non-Assignment: Can either party get a substitute?

•Copyright Ownership:

- What rights does the artist retain?

- What rights are purchased or transferred?

- Contingent on receipt of full payment what happens if only part.

- Buyouts: all rights conveyed to purchaser, for a higher fee.

- Subsidiary rights. Who controls and who gets the money?

- Electronic or digital rights

- Keeping a record on Artist web site and in portfolio.

•Rights to modify or add to the work, including attribution rights.

•Confidential information: Are the docs marked, any trade secrets?

•Artist copies and more copies? Royalties?

•Promotional activities required. Payment?

•Publicity rights to use creator’s personal information / image, etc.

•Credits: How is artist to be credited when and where?

•Return (or deletion) of original artwork and digital files.

•Warranties that work is original and protections offered to buyers.

•Non-competition clauses: reasonable duration and scope of restraint.

•Limitations on liability

•Special Delivery instructions – insurance what if repairs needed?

•Insurance: Who covers work during: creation, storage, and delivery?

•Signers: Who is signing for the work? Do they have power to bind or obligate the party listed in contract? Minors?

•Anything else especially anything specific to the project – like preparation and access to site?

NOTE: The information in this, and any other article on this website, is for information, discussion and academic purposes only and should not be relied on as legal advice. Seek legal and financial counsel in your jurisdiction before acting on any ideas presented in this website. This article does not create an attorney-client relationship.

Social Media for Large Private Institutions and Government: The Commonality, Confusion and Conflict

By Martin Medeiros

Originally posted on November 30, 2009

The United States of America established a government to “form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defense, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity.”[1] So, where in the Constitution of the United States do we fit in “public outreach … communicate with citizens… encourage feedback,” as the new federal government 2.0 guidelines mention as a primary goal[2]? And who should large private institutions, government and private sector lawyers, and institutional employees “friend” on Facebook to meet this and other iconic goals? The answers: nowhere and everywhere; nobody and everybody.

The so called Web 2.0, which goes beyond the information utility and infrastructure of the internet to arrive at human networks and community, has brought great change in our society: the disruption, if not marginalization, of the traditional print periodicals; a growing importance in intellectual property; and the rapid efficiency of information flow. But, it also has complexities that must be attended to and not overlooked by its ease of use and entertaining value. The most promising offspring of Web 2.0 is the so called “social media.” Consider a working definition of social media as any web presence that relies on a community of users as a primary operating function, and for content creation and communication. There are a number of examples, such as,,,,, etc. Observing and working with this media can be entertaining for everyone, including public servants, attorneys, scientists, educators and everyone else. However, the attorneys who serve the interest of the large institution must readdress the solemnity of their office and appreciate the risks in misuse of this powerful media, the whole story for which will not be fully written for years to come.

Recent changes in social media have presented certain fact patterns that neither our founders nor today’s government lawyers know how to easily deal with. Social media has become a great allocator of information, commonality, and may be a vehicle to “establish justice” or “promote the general Welfare.”[3] However, several governmental units have discovered the capacity of social media to do the opposite of these seminal directives. In the cross fire are large institutions that may contract or be heavily regulated. Moreover as commercial operations such as YouTube, Facebook, MySpace, LinkedIn, Wikipedia, Twitter, RSS feeds, and Second Life have triggered multiple disputes in tort, contract, public meetings, and judicial and legislative issues, both attorneys and the larger commercial community must recognize that the laws still apply. The only difference is the fact pattern.

1.0 What is in a Social Media Idea?

Ultimately, social media is about sharing ideas, but ideas in and of themselves may be neither valuable nor enforceable as a legal right. A few considerations include speech and property.

1.1 Free Speech.

The Internet has been a great engine of free speech, found within the First Amendment to the United States Constitution. However, if your institution is public or in certain heavily regulated industries, moderating any social media outlet may restrict speech and thus be subject to the rigors of this Amendment, which can be exceedingly complex. For example, if any restriction occurs, then it may be judicially scrutinized to determine whether the time, the place, and the manner of the restriction are reasonable. Also, you may be contractually bound by the organization’s charter, articles, bylaws, operating agreement contract if the organization has some sort of social charter or other governance restriction. This is an increasing phenomenon in the so-called “social enterprises.”

1.2 Accidental Intellectual Property.
Intellectual property may be created, and potentially alienated, in social networking sites without the parties knowing what form of intellectual property they are creating. Accidental here means “without knowledge of the law,” not necessarily without the intent to form such property.

Accidental creation generally occurs in copyright or trademark:
(i) Copyright. A copyright is created automatically upon the affixation of original works of authorship of expressive content in a tangible medium. This could potentially be anything you write down. Although copyright is automatically created, remedies are limited if you do not register the copyright with the Copyright Office within ninety days of publication.(
(ii) Trademark. A common law trademark may occur upon the affixation of a unique source identifier on a good or if a unique source identifier is used in conjunction with the provisioning of services.

Accidental alienation would mean giving up a right you do not intend to give up, generally occurs in patent and trade secret:

(i) Patent. A patent may be created upon the disclosure of a specification or methods by which a new, useful and non-obvious device is created. A one-year clock will automatically begin to run on such disclosures, and the patent must be filed within that year or patent rights may be lost (
(ii) Trade secret. A trademark may occur when there is disclosure of a secret that gives you a competitive advantage and has an independent economic value. Once the secret is made public, it is difficult to claim trade secret protection.

These intellectual property issues may be remedied with proper procedures on creative and innovative work disclosures. A process mapped out by an attorney to ensure that the filing deadlines are intentionally preserved or waived is a beneficial practice for such institutions.

2.0 Employment Issues.

2.1 Hiring Employees.
Controlling employees’ use of social media online has to do with productivity declines for those who do not have a legitimate business reason to use it. There can be various violations of Title 7 of the United States Code, as well as certain negligent hiring causes of actions, that can be brought against an employer. The following employment life cycle can be viewed thus:

(i) Associations. If the prospective employee is searched on Facebook, then a decision not to hire him/her because of various “groups” he/she belongs to could cause problems based upon some form of discrimination.

(ii) History. Surprisingly, individuals on social media sites, such as blogs, post things that compromise their ability to get a job, and some even post things that show off their prior illegal acts. The case can be made for negligent hiring, for example, if a visit to a prospective book keeper’s social media page would reveal they lost their previous job for embezzlement. The largest damage may be due to misapprehension about the individual’s professional conduct. For example, a litigator may be subjected to disciplinary measures or find difficulty in future employment if they post something that shows contempt for the court system or individual judges.[4] As a governmental employer or board member, does it compromise the position of the organization to hire such an individual if that hiring could be viewed as negligent?

2.2 Employee created torts. Employees may attach liability onto the organization if they have the indicia of authorization. For example, a purchasing agent in a government procurement group could potentially be held liable for interference with business expectancy or a business relationship by posting a comment that Vendor X was late in delivery. Defamation could be a real risk if the employee posts something indicating the sales person is incompetent at their profession or suffers from a personal medical condition disclosed in confidence.

2.3 Identity Theft Protection. The various states have passed many identity theft protection acts where personally identifiable information (PII) may not be disclosed. This is a real risk for human resource professionals and those who work in licensing roles and other roles where PII is handled. Oregon’s act[5] has a number of specific requirements that must be followed to avoid substantial liability.

3.0 Contracting in the Social Media Context.

3.1 Contracting Online. There are at least two levels of potential dispute when contracting online. One is the host’s terms of use, which are the terms you must click on in order to avail yourself of the website. The second is the potential of contract formation among interest group users. An example of online contracting: “in order to be a part of the Highway 101 improvement project you must be a government employee directly involved with the project or a contractor and agree to our group’s privacy polices.” Hosted social networking sites may or may not allow modification of their terms of use.

Contract law has not changed with the advent of the internet. The basic requirements for contract formation are the same: offer, acceptance and consideration. It is immaterial whether you call something a contract, terms of use, policy or other document. The basic contractual requirements and tests will apply. Electronic interactions are sufficient objective manifestations for evidence of a meeting of the minds to occur. Involving primarily two laws, the so called Uniform Electronic Transactions Act,[6] adopted by the majority of states,[7] and the Federal E-Sign Act,[8] one can no longer challenge the enforceability of a contract by the simple fact that it is conducted electronically.

A long litigated issue has been the enforceability of “shrink wrap” licenses, those pasted on the box of software, and later, “click-wrap” licenses, whereby a user must click the “I agree” button after reading the terms of use contract. Today, it is generally settled law that click-wrap licenses are enforceable. The first case on the merits in 1998 held that a Terms of Service contract in click-wrap format could be enforceable in court.[9] But, not all of these online contracts are always enforceable.

The higher risk clauses that are litigated deal with issues such as consumer contracts that amount to unreasonable contracts of adhesion. Generally, the first thing litigated is the jurisdiction clause, followed by forum selection and venue clauses. If the transaction is minor or immaterial, user assent may be almost passive. However, if a significant right is waived, such as a jury trial, especially prior to knowledge of a dispute, the enforceability of such clauses is unlikely in various jurisdictions is suspect.

The best practices in online contracting can be summarized as “the dearer the right, the greater the overt act of acceptance that is required.”[10] This comes down to whether the “I agree” checkbox seen at the bottom of the contract is unselected, or the “I do not agree” checkbox is pre-selected whereby the user must click on the “I agree box” and simply cannot go any further with the download or use of the site until that overt act occurs. A greater level of overt act requires the user to scroll down the entire contract until the “I agree box” is available for selection. The user must have an opportunity to print the agreement and be given either notice of changes or of their duty to check the terms of use for updates. Material changes must have some sort of notice which is fairly straight forward for most user accounts.

Social media contracts and contracts between users can be made. So too can intellectual property rights be infringed. Intellectual property includes copyright, patent, trademark and trade secret. The use and misuse of these can lead to potential liability. One of the greatest risks for social media users is copyright infringement. Governmental bodies seeking to use the medium are well advised to comply with the Online Copyright Infringement Liability Limitation Act (OCILLA) or the so-called notice and takedown provisions, where a specific process is followed in the event of alleged infringement.[11] A safe harbor filing period provides protection, and all entities should file their copyrights with the United States Copyright office – the fees are relatively small, but the protections against copyright infringement are great. The registration fees for Online Service Provider designation (which is the recordation of an interim designation of agent to receive notification of claimed infringement under section 512(c)(2)) are minimal.[12] Here, the “group” may qualify as an online service provider.
Torts can be committed online. These generally involve privacy torts, such as defamation or portrayal in a false light or use of image without permission; and economic torts, interference with business expectancy or contractual relations. Government lawyers must know that anything posted may trigger certain liabilities.

3.2 Procurement or Purchasing Issues.

The main issue here is due diligence. For example, are government or institutional contractors vetted, at the very least, by some investigation in their public space? Is a contractor near bankruptcy in a high capital cost contract, and could this be gleaned from social media traffic?

4.0 Public Records: Cloud Computing Difficulties

Most states have public records laws that promote transparency in government. Here pubic and private intuitions should know the basics of a typical public records regime. The public records law in Oregon applies to every public body, as defined, which includes the governmental unit and any agency thereof, boards, and commissions.[13] A “Public Record” essentially is a writing that contains information regardless of form.[14] All government employees must accept the fact that everything is potentially discoverable, and even if an exception is claimed, there is a very strong presumption in favor of disclosure. Thus, the public or a judicial body can request, or order, disclosure.[15] The identity, motive or need for disclosure is irrelevant.[16]

An added complexity is the advent of “cloud computing”, whereby, institutions, large and small, are relying on third parties to store, house and manage the three tiered technological architecture (data, applications and operating systems) that institutions used to manage with their own assets and labor. In major cities[17] migrating to third party email systems as society moves cloud computing, arguments claiming privacy are more difficult. By necessity, the private email account that deals with anything involving policy should be presumed to be a public record.
It does not matter whether the account in question is a governmentally sponsored system or a private email account.[18] Even home computers are subject to discovery.[19] The issue is the conduct of use. If the use in any way involves the conduct of the public’s business, consider even private home computers to be discoverable.

Exemptions are not determined by a bright line test, and the public records will be released unless the “public interest” requires non-disclosure.[20] Conditional exemptions include things like trade secrets, civil rights investigations, locations of archeological sites, and documents created pursuant to litigation that may qualify as work product by the public entity. There are also exemptions related to public safety issues.

5.0 Public Meetings.

Oregon favors that “decisions be arrived at openly,” which means public debate by a Government body, which consist of two or more members, with authority to make decisions for or recommendations to a public body or administration.[21] Notice must be “reasonably calculated to give actual notice to interested persons including news media which have requested notice of the time and place for holding regular meetings.”[22]
The issue of notice is important, as online notice is not as inclusive for public meeting standards as it may seem. There are many individuals who do not have access to the Internet, either by choice or circumstance. For a government agency to think that the Internet automatically has a broad reach is a misconception. For example, one report shows that on “click-through regarding banner advertisements on websites, only 8% of Internet users are responsible for 85% of all clicks.[23] There may be certain justice requirements if individual rights are allocated or policy is made solely by electronic meeting or electronic notice of the meeting. For private concerns, this has market reach and notice issues; for example, relying on electronic means for a product recall may be inadequate. Shareholder and board of director meetings offer additional complexities for the large private institution. Increasingly, poor notice is becoming an important issue and the SEC has responded regarding proxy materials online.[24] Many jurisdictions do not have similar provisions for public policy decisions that may not rise to the level of rule-making.

5.1 Inadvertent Quorum.
If a governmental body forms a quorum, which could be two or more who can make recommendations on policy, the public meeting statues are triggered and policies arrived upon could be subject to attack on a number of grounds; as described above, lack of actual notice to the public may be one of them. The word “quorum” is a function of bylaws or organizational charters whereby the minimum number of governing body members is specified. In the absence of such definition of a quorum, the “majority” may be a quorum:, “in the absence of a special definition of ‘quorum,’’ the statutory definition[25] of “three or more persons” may apply according to the Oregon Attorney General’s Manual.

5.2 Archiving and Data Migration Issues. Government agencies must archive records. Social media, if meeting the requirements of public meetings or meeting the archive requirements, must be retained.[26] One large problem with cloud computing is the data migration issue. For example, if one moves a group from one social networking site to another, those proprietary systems may be less able, or more likely entirely unable, to port data.

6.0 Ethical Dilemmas
The ethical dilemmas presented by social networking are legendary, from jury misconduct, confidentiality disclosures, ex parte communications, communications with represented parties and judges “friending” litigants and others too numerous to mention here. This is becoming one more variable that can potentially ruin an otherwise perfect legal claim or right. The parties are best served by having an attorney draft social media policies.

7.0 Conclusion.
The essential nature of social media may be permanent or may be replaced by something else, but most important are the facts which will shape the law. Governmental and private sector institutions enjoy the same complexities. Whether or not this is the wave of the future, or our version of the Citizens Band radio fad of the 1970’s, or something in between, we will see as these cases wend their way through our judicial system. Swider Medeiros Haver has counseled approximately one dozen social media sites. The firm strongly suggests the reader not interpret these notes as legal advice but to seek competent legal counsel in your jurisdiction to draft social media guidelines for the organization.

[1] Preamble, United States Constitution.
[2] Guidelines for Secure Use of Social Media by Federal Departments and Agencies, Information Security and Identity Management Committee (ISIMC) Network and Infrastructure Security Subcommittee (NISSC) Web 2.0 Security Working Group (W20SWG)
(September 2009).
[3] Cite
[4]See, e.g., Where a bar member blogged about a judge describing the judge as, among other things, “evil”. Florida Bar Association v. Conway, 996 SO. 2d 21`3 (2008).
[5] ORS 646a
[6] Promulgated by the National Conference of Commissioners on Uniform State Laws.
[7] States that have not accepted the uniform act but have chosen their own include: Georgia: Ga. Code Ann., § 10-12-1; Illinois: 5 ILCS 175/1-101; New York: NY CLS State Technology § 301 et seq.; Washington:
[8] Pub. L. No. 106-229, 114 Stat. 464 (2000) (codified at 15 U.S.C. § 7001 et seq.).
[9]Hotmail Corp. v. Van$ Money Pie Inc., No. C-98 JW PVT ENE, C 98-20064 JW, 1998 WL 388389 (N.D. Cal., 1998).
[10] Cite.
[11] 17 USC § 512.
[12] Current fee schedule may be found at:
[13] ORS 192.410(3).
[14] ORS 192.410(4)(a).
[15] See, ORS 192.420(1).
[16] Smith v. School District No. 45, 63 OR App 685 (1983).
[18] ORS, 192.001(b).
[19]Nike v. City of Beaverton.
[20] ORS 192.501 et. seq.
[21] ORS 192.610(3).
[22] ORS 192.640.
[23]The results of an update to the comScore highly publicized “Natural Born Clickers” research, conducted two years ago with Starcom USA and Tacoda, indicate that the number of people who click on display ads in a month has fallen from 32% of Internet users in July 2007 to only 16% in March 2009, with an even smaller core of people (representing 8% of the Internet user base) accounting for 85% of all clicks.
[24] 17 CFR PARTS 240, 249 and 274
[25] ORS 174.30.
[26] ORS 192.005.

Orphan Drugs: Pursuit of a Small but Reliable Market – The Law and the Incentives for Entrepreneurs

By Janina Malone

Originally Posted On February 15, 2010

Research and Development generally occurs in areas in which there is a demand or where demand can be created. Pharmaceutical development has traditionally followed this axiom with pharmaceutical companies pursuing development of drugs to treat common conditions such as high cholesterol, pulmonary embolism, arthritis, gastric reflux, hypertension and allergies. Cholesterol lowering statins alone generated $16 billion in U.S. sales in 2005[1]. However, due to the increased presence of generics, the expiration of patents, advances in genomics and proteomics and the development of personalized medicine, the research and development focus is changing. Pharmaceutical companies have become increasingly interested in a much smaller market, a market that is expected to reach an annual rate of $81.8 billion globally by 2011[2].

Tax credits, government grants, market exclusivity and fee waivers have helped to drive this market. Federal recognition of pharmaceuticals in this market has developed into an early-stage regulatory concurrence that can increase investor interest creating more funding opportunities, even in a down economy, and increasing the interest of big pharmaceutical companies in an area that for a long time received little interest and little funding. In 2009, Pfizer, GlaxoSmithKline, and Novartis each either licensed or received approval for pharmaceuticals in this market, treatment of orphan diseases.

An orphan disease is a condition affecting a small number of people. In the U.S., it is defined as affecting fewer than 200,000 residents. In the European Union, it is defined as affecting not more than 5 in 10,000 individuals in the Community and in Japan as affecting fewer than 4 in 10,000 individuals. However, there are approximately 7,000 rare diseases affecting approximately 25 million people in the U.S. and 30 million people in the European Union[3] alone. Global sales of orphan drugs reached 58.7 billion in 2006, up from $54.5 billion in 2005[4]. Several orphan drugs have reached blockbuster status, generating more than $1 billion in revenue annually. Orphan drugs can also be re-introduced to treat non-orphan diseases, increasing their market potential.

Orphan drug designation requires that the drug be for the treatment of a disease that affects a small number of people and that there is more than theoretical rationale for belief that the drug has promise for treating the orphan disease. In the 10 years prior to the passage of the Orphan Drug Act of 1983, ten drugs that fall under the definition of an orphan drug were approved for sale. In the ten years following the passage of the Act, 612 drugs were designated orphan drugs and 99 received market approval. In 2009, 159 drugs currently under development were designated orphan drugs and 17 received market approval.

The U.S. Orphan Drug Act of 1983 (P.L. 97-414, as amended) provides incentives for the development of these drugs including tax credits, marketing incentives, extended protection and grants. The European Union has similar legislation under Regulation 141/2000/EC on orphan medicinal products (Orphan Regulation), which provides for fee waivers, community marketing authorization, extended protection and protocol assistance. In an effort to reduce costs to manufacturers, the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMEA) agreed in 2007 to use a common application process for determination of orphan drug status.

There is also specialized funding earmarked for orphan disease research. The NIH announced a second phase of funding for the Rare Diseases Clinical Research Network (RDCRN) in October of 2009. Funds totaling more than $117 million are to be distributed over the next five years to 19 research consortia and a Data Management Coordinating Center.[5] Grants are also available through the National Organization for Rare Diseases (NORD). The NIH additionally provided $672 million in funding through its SBIR/STTR (Small Business Innovation Research/Small Business Technology Transfer) programs in 2009 and will again provide 2.7% of its extramural set-asides for R& D to the SBIR/STTR programs in 2010.

The annual budget under the Federal Orphan Grants program is currently $14 million. Grants are for up to $200,000 or up to $400,000 in total (direct plus indirect) costs per year for up to 4 years. A fourth year of funding is available for phase 2 or 3 clinical studies. For fiscal year 2011, the application receipt date for Federal Orphan Grants is February 3, 2010[6].

Orphan drug designations will continue to fuel new drug development, licensing, acquisitions and mergers leading to increased opportunities in a previously neglected area of drug development. Candidate funding is available at multiple levels, from seed money for academic scientists to grants for clinical testing. Application for designation as an orphan product can be made any time prior to the filing of an application for approval to market the product. To help with the application process, the FDA is launching an orphan drug workshop series for those who have developed at least one candidate drug. The workshop will be in Claremont, CA in February 2010 and Minneapolis, MN in August 2010. For more information on the FDA application process, protecting or licensing your product, please contact Swider Medeiros Haver LLP for further information.

[1] Steven Findlay. The Statin Drugs, Prescription and Price Trends October 2005 to December 2006, Consumer Reports Best Buy Drugs (February 2007).
[2] Syamala Ariyanchira Global Markets for Orphan Drugs, BCC Research Report ID:PHM038B (September 2007), available at
[3] Eurodis Rare Diseases: understanding this Public Health Priority, ” citing Background Paper on Orphan Diseases for “WHO Report on Priority Medicines for Europe and the World,” (7 October 2004), Eurordis, November 2005 available at
[4] Syamala Ariyanchira Global Markets for Orphan Drugs, BCC Research Report ID:PHM038B, Published: September 2007, available at


Increasing Deal Durability and Avoiding Litigation: New Research on Negotiating Deals That Last

by Martin Medeiros

Originally Posted on January 11, 2011

We have all been in the situation where we negotiated an unbelievably favorable deal, or conversely, feel the other side received such fortune. Many of these deals have not stood when one party has felt that they have been treated unfairly. Allegations of failure to disclose, unconscionability, fraud in the inducement, or fraud in the factum are bandied about to get deal justice. Generally, we want deals to be closed and not to pop up in some other strange form where it is revisited or second-guessed or re-opened, or worse, lead to expensive litigation. This is the concept of deal durability or “deal enfranchisement.” After the parties walk away from the deal, what is the rate of adherence? How do we get deals to stick?

The vast majority of negotiation skills publications focus on the result, the “win” or the “win-win” (the now famous Chinese panda) parties seek at the end of a negotiation, not the actual process of negotiating. New research suggests the process makes the result. Conventional wisdom is almost undeniable in this case; ultimately it is all about the money, the end game, the bottom dollar. This is conventional wisdom in many dynamics, such as when haggling over a property settlement, contract, or negotiated settlement after a dispute (mediation, arbitration or litigation). But according to Professor Rebecca Hollander-Blumoff, at Washington University in St. Louis, the research indicates otherwise. The concept of fairness is key.

So, how do we get to the real or perceived concept of fairness? One of the key teachings of process based consultancies, such as Negotiation Strategist Research (NSR), is the idea of deal enfranchisement. Professor Hollander-Blumoff’s research supports this notion. Unless all parties have meaningful input in the outcome (the deal enfranchisement) most deals will fall apart.

“The one who feels she’s been treated fairly is more likely to be enthusiastic about that outcome than the person who feels she was treated unfairly,” Hollander-Blumoff states. “In turn, that attorney is probably going to be more enthusiastic about recommending that settlement to her client.”[1] “A feeling of fairness is likely to result in long-term adherence to that agreement,” Hollander-Blumoff further asserts.

The concept of deal enfranchisement is everywhere. It is the key to reducing conflict various cases. For example, with retailers, deal enfranchisement reduces the post purchase dissonance that leads to product returns; in the case of a divorce settlement, it can reduce the probability of a “change in circumstances” filing where one former spouse sues the other for more marital support, child support, or parenting time. Feeling we received a fair deal can increase deal durability and ensure the deal that is closed does not come back as a redo, or worse, a lawsuit. Professor Hollander-Blumoff will be lecturing at the University of Oregon in 2011.


Independent Contractors Part II

By Tichelle Sorensen
Originally posted on January 11, 2011

In a previous issue of this newsletter we alerted you to an expected focus on the issue of the proper classification of independent contractors. The Oregon Bureau of Labor and Industries (BOLI) presented a free seminar in conjunction with the six Oregon agencies to discuss the proper classification of workers, and have made the handouts from that presentation available to the public. (Click here to read BOLI handouts).

In Oregon, the rules are different depending on the state agency and the purpose for which the classification is made. For example, BOLI has two tests. For wage and hour law issues, BOLI uses the “economic reality” test. This test looks at the level of economic independence of the worker from the business to which he or she provides services. For the purposes of civil rights law, BOLI uses the “right to control” test, which looks at whether the worker is free from the direction and control of the company to which services are provided. For the Department of Revenue, Employment Department, Construction Contractors Board and Landscape Construction Board the standard is set out in ORS 670.600, which defines an “independent contractor” using a multi-part test for the purposes of those agencies.

The Internal Revenue Service also has its own set of standards and guidelines for properly classifying workers. The IRS looks at three categories of facts, which relate to the degree of control and independence of the worker. First is behavior, whether the company can control what a worker does and how he or she does the job. The second category is financial, which involves issues such as how a worker is paid, who provides the tools and supplies for the work, and whether expenses are reimbursed. The final category looks at the relationship between the parties, considering such issues as whether the worker has access to benefits and what type of written contract is in place between the parties. A business or a worker can request that the IRS officially determine the worker’s status as either an employee or independent contractor by filing a form SS8, although this process takes several months to complete.

With a new year beginning and anticipated economic improvement, companies should review both their current contracts and their relationships with service providers to determine whether they are properly classified and have appropriate agreements in place. For specific legal advice about this issue, contact your attorney.