Legislation

Issuers should ensure that investors are not criminals

The JOBS Act requires that issuers wishing to engage in general solicitation take “reasonable steps” to verify the accredited investor status of purchasers. Rule 506(c) sets forth a principles-based method of verification which requires an objective determination by the issuer or its representatives that the steps taken are “reasonable” in the context of the particular facts and circumstances of each purchaser and transaction. But perhaps a question whether the investor is a felon should be added to the list.

A case decided in 2011 by California’s Court of Appeal, Second District, suggests that indeed it may be prudent for issuers to ensure that investors are not criminals. The plaintiff in this case intended to purchase units in a limited liability company, but was rejected after the mezzanine lender would not accept the plaintiff as a member due to his status as a former felon. The plaintiff subsequently sued the lender, alleging a violation of the Unruh Civil Rights Act. After a dismissal by a trial court, the case was appealed, resulting in a conclusion that  (1) status as a felon is not a personal characteristic similar to those enumerated in the statute; (2) criminal convictions raised legitimate questions about the honesty and trustworthiness of the plaintiff, and the lender had legitimate business reasons justifying its decision; and (3) the potential consequences of allowing the plaintiff’s claim would improperly involve the courts in second-guessing a lending institution‘s expertise in determining loan and investment criteria. As lenders are absolved from potential liability under the Act, issuers who unwittingly accept convicted felons as investors may be jeopardizing their funding.

California passes two new data privacy laws

Effective January 1, 2014, California will have two new data privacy laws: AB 370, which mandates disclosure of “do not track” and other tracking practices in online privacy policies, and SB 46, which amends the state’s data security breach notification law.

AB 370 adds to the California Online Privacy Protection Act (“CalOPPA”) a requirement for companies that collect personally identifiable information online to include disclosures regarding (1) how they respond to a web browser’s “do not track” (DNT) signal, and (2) if third-parties can collect personal information across a network of sites. The law does not require websites to honor browser DNT signals or block third-party tracking; it simply tries to increase transparency about the site’s practices.

SB 46 adds a new category of data triggering California’s breach notification requirements, to wit: “a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.” The new law requires notification of unauthorized access to user credential information even if that information is encrypted.

Tenant screening laws update: passing background check costs to the applicants

The states of Washington and Oregon recently enacted laws in connection with tenant screening. Among the provisions in both Washington’s RCW §59.18.257 and Oregon’s OAS §90.295, is that the entire cost of the background check can be charged to the applicant, if the screening is performed by a consumer reporting agency (“CRA”). However, if the landlord conducts the background check, it may not charge in excess of the customary fees of the CRAs in its geographical area.

Notably, California’s Civil Code §1950.6(b) provides that a landlord cannot charge (or pass-through) to the applicant more than $30 for a background check. This application screening fee may be adjusted annually by the landlord or its agent commensurate with an increase in the Consumer Price Index. (The current adjusted amount is $41.50.)

New regulation in the UK mandates licensing of private investigators

Presented to the Parliament by the Secretary of State for the Home Department by Command of Her Majesty on July 31, 2013, the new regulation, which will take effect next year, makes operating as an unlicensed private investigator in the United Kingdom a criminal offense. Licenses will be granted by the Security Industry Authority only when an applicant has successfully completed training and achieved a government-recognized qualification, including an understanding of relevant laws and standards, and the skills required to conduct activities ethically; has confirmed his/her identify; and has passed a criminal background check.

New Jersey enacts law for social media password protection

Continuing a nationwide momentum of restricting employers’ access to personal social media content of applicants and employees, in August 2013, New Jersey passed Act 2878 joining eleven other states (Maryland, Illinois, California, Michigan, Utah, New Mexico, Arkansas, Colorado, Washington, Oregon, and Nevada) with similar laws. Dozens more states and the U.S. Congress are considering comparable legislation. New Jersey’s new law, which becomes effective December 1, 2013, prohibits employers from asking or requiring that applicants or employees “provide or disclose any user name or password, or in any way provide the employer access to a personal account through an electronic communications device.”

California passes bill that would require policy disclosures for “do not track”

On August 28, 2013, the California State Senate and Assembly passed AB 370, to amend the California Online Privacy Protection Act (CalOPPA) that would require operators of commercial websites or “online services” accessible to California residents to disclose how the site responds to “do not track” (DNT) browser settings, which in turn will trigger enforceability by federal and state authorities. The amendment is expected to be signed by Governor Jerry Brown. 

SEC rule amends certain broker/dealer reporting, audit and notification requirements

The amendments issued by the Securities and Exchange Commission (the “SEC”) last month include:

  • a requirement that broker-dealer audits be conducted in accordance with standards of the Public Company Accounting Oversight Board (the “PCAOB”) “in light of explicit oversight authority provided to the PCAOB by the Dodd-Frank Wall Street Reform and Consumer Protection Act  to oversee these audits;”
  • a requirement that  a broker-dealer that clears transactions or carries customer accounts agree to allow representatives of the Commission or the broker-dealer’s designated examining authority (“DEA”) to review the documentation associated with certain reports of the broker-dealer’s independent public accountant, and to allow the accountant to  discuss the findings relating to the reports with those representatives when requested in connection with a regulatory examination of the broker-dealer;  and
  • a requirement that a broker-dealer file a new form with its DEA that elicits information about the broker-dealer’s practices with respect to the custody of securities and funds of customers and non-customers.

Rhode Island is the latest state to “ban the box”

On July 16, 2013, Rhode Island’s SB357 was signed into law, making it the eighth state to pass “ban the box” legislation. Effective January 1, 2014, the law, with a few exceptions, will make it an “unlawful employment practice” for an employer in the state to inquire whether an applicant has ever been convicted of a crime before the first interview. In “banning the box” for private  employers, Rhode Island follows on the heels of Hawaii, Massachusetts, and Minnesota, as well as the cities of Seattle, Buffalo, Philadelphia, and Newark. And many more jurisdictions have already “banned the box” for public employers and public contractors, and even more have some form of the legislation under consideration. Congress too is pondering its federal HR 6220 or “Ban the Box Act” introduced last July, which similar to these state and local laws, would make it illegal for an employer to ask about criminal history in an interview or on an employment application.

FINRA is spot-checking social media communications

In posting a Targeted Examination Letter (often referred as a sweep letter) on its website earlier this month, FINRA invoked Rule 2210(c)(6), which states that each FINRA firm’s written (including electronic) communications are subject to a periodic spot-check procedure.

FINRA’s sweep letter seeks, among other things, an explanation of how the firm is using social media at the corporate level in conducting its business; the identity of all individuals who post and/or update content; how the firm’s registered representatives and associated persons generally use social media to conduct the firm’s business; written supervisory procedures concerning the production, approval and distribution of social media communications; the measures to monitor compliance with the firm’s social media policies; and a tabular list of the firm’s top 20 producing registered representatives (based on commissioned sales) who used social media for business purposes to interact with retail investors.

Virginia takes workers’ privacy to a new level

Starting July 1, 2013, new Virginia Code §40.1-28.7:4 provides that “employers shall not, unless a listed exemption applies, be required to release, communicate, or distribute to a third-party, any current or former employee’s personal identifying information.”

In this context, “personal identifying information” is defined as a “home telephone number, mobile telephone number, e-mail address, shift times, or work schedule.”  Exceptions permitting the disclosure of such information include requirements of federal laws that supersede state statutes, court orders, judicial warrants or a subpoena in a civil or criminal case. Although there is no penalty, the statute establishes a public policy that endorses protection of the personal identifying information and could be used in a lawsuit against employers.

Go to Top