News (All) - Page 109 of 164 - Campolo, Middleton & McCormick, LLP

A New Cybersecurity Reality for the New York Insurance and Financial Services Industries

Posted: February 9th, 2017

On March 1, 2017, the New York financial services industry will awaken to a new regulatory regime designed to set minimum standards for the development and functionality of cybersecurity programs. The New York State Department of Financial Services’ (“DFS”) proposed cybersecurity regulation (the “DFS Rule”) will cover any institution doing business in New York pursuant to a license, registration, charter, or similar authority under New York’s Banking, Insurance, or Financial Services Laws. Companies outside the financial services sector should also take heed, as regulators overseeing other industries may use the DFS regulations as a benchmark for what a “reasonable” cybersecurity program looks like.

The DFS Rule is motivated by the clear and present danger posed by cybercriminals who seek to access sensitive personal data and potentially cause significant economic harm. Of course, privacy and consumer protection cannot be achieved without an investment of time and resources by the financial services industry, and companies need to start preparing for the new normal in the digital age.

At its broadest level, the DFS Rule requires companies to maintain a risk-based cybersecurity program that is designed to protect the confidentiality, integrity, and availability of the company’s information systems. Under the rule, every company must implement and maintain a cybersecurity policy that is approved by a senior corporate officer or the board of directors.[1] Every company must also designate a qualified employee to act as a Chief Information Security Officer (“CISO”),[2] as well as the capability to run penetration assessments of their systems,[3] create audit trails,[4] and ensure effective training and monitoring.[5] Companies must ensure and periodically review risk-based access privileges designed to limit internal access to nonpublic information.[6] The list goes on.

The DFS Rule is in some ways more robust than the hodge-podge of cybersecurity regulations and best practices that have been promulgated over many years at the federal level. But following the comment period in the fall of 2016, the latest iteration of the DFS rule offers companies a degree of flexibility not seen in the earlier version of the proposed regulation.

The DFS Rule permits financial services companies to outsource many of the requirements, subject to certain standards and without permitting the companies to abrogate their responsibility for effective cybersecurity. For instance, Section 500.04 of the rule allows companies to designate an affiliate or third-party provider to serve as the institution’s CISO who need only report to the board of directors on an annual basis. Under the revised rule companies may also outsource their cybersecurity personnel, and now the required cybersecurity policy need only address areas relevant areas of the institution’s operations based on the mandatory risk assessment.

Even some of the encryption and authentication provisions do not read as check-the-box, hyper-technical requirements. For instance, Section 500.12 (“Multi-Factor Authentication” or “MFA”) states that companies “shall use effective controls, which may include Multi-Factor Authentication or Risk-Based Authentication, to protect against unauthorized access to Nonpublic Information or Information Systems.” While MFA is required for those accessing a company’s internal network from an external one, the company’s CISO may approve in writing a “reasonably equivalent” alternative. The DFS Rule appears to give companies some degree of flexibility in achieving the underlying policy goals.

If senior management is asking whether their institution is too small to fall within the DFS Rule’s ambit, think again. Companies qualify for limited exemptions under the rule if they have (a) fewer than 10 employees, including independent contractors, (b) less than $5 million in gross annual revenue in each of the last three fiscal years, or (c) less than $10 million in year-end total assets, including assets of all affiliates.[7] There aren’t many financial services companies in New York that would qualify. What’s more, even if a company operates only a small portion of its business in New York, it cannot comply with the DFS Rule by changing its practices only within New York. Cyber and network security necessarily crosses jurisdictional boundaries and banks cannot require MFA or application security in a New York branch without upgrading in New Jersey as well.

Banks, insurance companies, and other financial services firms need to start assessing their existing cybersecurity program and determine what steps they must take to achieve compliance under the new law. Companies will have 180 days from March 1, 2017 to comply with the DFS Rule, subject to a few exceptions. For instance, companies will be given one year to comply with penetration testing and vulnerability assessments as well as the MFA requirements,[8] and eighteen months to comply with the audit trail and application security requirements.[9] Finally, in addition to regularly certifying to the regulator that your company is in compliance, the DFS Rule mandates an incident response plan[10] that includes internal processes for responding to a cybersecurity event, such as a network penetration, and a 72-hour period in which the company must notify the DFS Superintendent of such an event.[11]

DFS has the authority to assess both civil and criminal penalties, so while the costs of compliance with the DFS Rule may be significant, the costs of non-compliance could be catastrophic.

Please contact us with any questions or for guidance on how to bring your company into compliance with the DFS Rule in a timely manner.

Footnotes:

[1] 23 NYCRR § 500.03.
[2] 23 NYCRR § 500.04.
[3] 23 NYCRR § 500.05.
[4] 23 NYCRR § 500.06.
[5] 23 NYCRR § 500.14.
[6] 23 NYCRR § 500.07.
[7] 23 NYCRR § 500.19.
[8] 23 NYCRR § 500.22(b)(1).
[9] 23 NYCRR § 500.22(b)(2).
[10] 23 NYCRR § 500.16.
[11] 23 NYCRR § 500.17.

February 2017 CMM Newsletter: Best of Long Island, Cybersecurity Update and More

Posted: February 3rd, 2017

Middleton Elected to East End Arts Board of Directors

Posted: February 2nd, 2017

Scott D. Middleton, a founding partner and trial attorney at Campolo, Middleton & McCormick, a premier law firm with offices in Ronkonkoma and Bridgehampton, New York, has been elected to the Board of Directors of East End Arts, an award-winning nonprofit committed to enriching the community through the arts. The Riverhead-based organization has served Long Island’s East End since 1972. As a board member, Middleton will work to further the nonprofit’s core values of leadership, collaboration, access, and education.

East End Arts is a powerful catalyst for economic and cultural revitalization. The organization has long been recognized for its cultural tourism initiatives and programs that collaborate with government, civic groups, private businesses, and other nonprofits. CMM is a longtime supporter of numerous East End Arts initiatives including the Teeny Awards, which honor the best of local high school theater, and JumpstART, a series of workshops focusing on the business side of a career in the arts.

Middleton chairs the Municipal Liability and Personal Injury groups at CMM. He handles all types of litigation, representing individuals and defending large and small businesses and municipalities in a wide array of matters including transportation, personal injury, labor law (construction accidents and employment issues), civil rights, and general litigation. Head of the firm’s Catastrophic Loss team, Middleton maintains a particular focus on complex negligence cases involving catastrophic injuries, insurance issues, and contractual disputes.

A graduate of Stony Brook University and Brooklyn Law School, Middleton serves on the Stony Brook University Intercollegiate Athletic Board and the Brookhaven Industrial Development Agency (IDA). Middleton also holds an AV-Preeminent rating from Martindale-Hubbell, which recognizes attorneys for ethical standards and legal ability. He has also served his community through roles as Mayor, Justice, Attorney and Prosecutor for the Village of Lake Grove.

About CMM
Campolo, Middleton & McCormick, LLP is a premier law firm with offices in Ronkonkoma and Bridgehampton, New York. Over the past generation, CMM attorneys have played a central role in the most critical legal issues and transactions affecting Long Island. The firm has earned the prestigious HIA-LI Business Achievement Award and LIBN Corporate Citizenship Award, a spot on the U.S. News & World Report list of Best Law Firms, and the coveted title of Best Law Firm on Long Island. Learn more at www.cmmllp.com.

About East End Arts
East End Arts is an award-winning nonprofit organization serving the five East End towns of Long Island since 1972. East End Arts is committed to building and enriching the community through the arts by way of education, support, advocacy and inspiration. Learn more at www.eastendarts.org.

Campolo quoted in Newsday article “LI Businesses are Using Storytelling to Sell, Market and Lead”

Posted: January 30th, 2017

By Robert Lerose, Special to Newsday

The tradition of telling stories has been around since the beginning of human civilization. Increasingly, members of the business community have been using storytelling as a potent tool for engaging with employees, prospects and customers.

“There’s something about stories that inspire us,” says Paul Smith, author of “Lead With a Story” and an organizational storytelling coach. “The kind of reaction you’ll get from a really good PowerPoint presentation is that it was nice. But you immediately share a great story with somebody else.”

Stories have the power to touch people in ways that logical arguments and data-driven presentations can’t, Smith says, making it easier for your message to be understood and remembered.

Joe Campolo, managing partner at Campolo, Middleton & McCormick, a business law firm in Ronkonkoma, does a lot of public speaking and trains younger lawyers in his firm. He said he frequently draws upon episodes from his own life to craft stories that will resonate with his audience.

To stress the importance of a strong work ethic, Campolo tells the story of his 97-year-old grandmother — a single parent who labored in sweatshops turning out ladies’ garments, but scraped together enough money to buy a brownstone in Brooklyn and raise his father.

“Everybody likes to pretend they work hard, but when I start telling stories of how she sold apples during the Depression to try to put food on the table, it sort of brings in a context of how much progress we’ve made and how much easier the workforce has it today than back then,” Campolo explains.

Overcoming an obstacle is a staple of the narrative technique that businesses should keep in mind. According to Smith, a good story needs “a hero we care about, a villain we’re afraid of, and an epic struggle between them. You don’t have to love the person in the story, but you have to relate,” he says.

For Gadge USA, a privately owned packaging company headquartered in Lake Success, the management team became heroes in their own success story by relying on a beloved children’s book to take a metaphorical journey. The company wanted to change its corporate culture and hone managers’ leadership skills.

“To create growth and change in an organization, people need to be moved, touched and inspired, and what’s going to do that the most is a great story,” says Ellen Cooperperson, CEO of Cooperperson Performance Consulting in Hauppauge, who was brought in to guide the process.

Cooperperson used the plot and characters of “The Wizard of Oz” as an analogy for the company’s transformation. She began by asking the leadership team to describe their vision of Emerald City — where they were going and what they saw as their future goal or mission.

“It’s really about getting their ideas on the table, getting them excited about creating their own journey and their own reasons for doing it,” Cooperperson says.

Just as characters in the story counted on each other, Cooperperson explained to the Gadge managers, they needed to work together as a team to get what they wanted and fulfill their mission. The Yellow Brick Road became the new core values of the organization during the journey.

Dorothy always knew the secret to get home, Cooperperson says — a lesson the Gadge team came to identify with.

“She showed us that we were all of us individually Dorothy going through this journey,” says Anne Mao, director of business development at Gadge.

Mao had her team pick one new core value every week and tell how they lived up to it. When they saw they had been following these values already, “that was the Dorothy moment. They realized they had it in them all along,” Mao says. “We just didn’t identify it.”

Since going on their “Oz” adventure, Mao reports, their internal communications have dramatically improved and problems are addressed more quickly than before. She continues to use stories today whenever she works with her own team on a project.

“Storytelling is a positive tool,” she says. “You can have such an amazing outcome. You have much more buy-in and happier people. They feel more accomplished, and ultimately they retain the information that the story is telling.”

Volkswagen Guilty Plea Sets New Standards for White Collar Investigations and Enforcement

Posted: January 27th, 2017

Published In: The Suffolk Lawyer

Tags: white collar

On Wednesday, January 11, 2017 German auto-maker Volkswagen pleaded guilty to charges of conspiracy to commit wire fraud and to violate the Clean Air Act, as well as customs violations and obstruction of justice. The company agreed to pay an astounding $4.3 billion in criminal and civil penalties, which when combined with the settlements paid to car owners may total an eye-popping $20 billion.

The federal investigation stems from Volkswagen having lied about emissions tests for approximately 11 million diesel vehicles. U.S. regulators began investigating the company after an academic study demonstrated that Volkswagen’s diesel automobiles emitted less pollution during official omissions tests as compared to on the road. The investigation revealed that the company’s executives knew that the cars were programmed to deliver better emissions results during testing, and then tried to hide that fact from the EPA for over a year.

The most notable aspect of the Volkswagen case is not the dollar figures so much as the criminal liability attaching to both the company and individual executives. The Justice Department has been criticized of late for being too lenient on the banks at the center of the 2008 financial crisis. In contrast to the pattern of recent corporate investigations, Volkswagen did not obtain a no-liability settlement or deferred prosecution agreement. In pleading guilty, Volkswagen is now on the back foot in terms of defending itself against collateral investigations brought by Attorneys General, other federal regulators, or shareholders who will inevitably file derivative lawsuits.

And, after being criticized for not holding individual executives liable for their actions at the helm of companies—embodied in the refrain “too big to jail”—federal prosecutors in the Eastern District of Michigan secured indictments of six Volkswagen executives and employees. Oliver Schmidt, one of the six, was arrested earlier in January 2017 when he was visiting Miami, Florida. Mr. Schmidt is charged with defrauding the government and violating the Clean Air Act.

The Justice Department’s position in the Volkswagen case is evidence that the policy vision outlined in the September 2015 “Yates Memo,” named after its author, Deputy Attorney General Sally Yates, is more than mere words. The Yates Memo emphasizes individual culpability for corporate wrongdoing, explicitly admitting a policy shift from past DOJ practice. Among the prosecutorial guidelines outlined in the memo are greater communication between criminal and civil attorneys and a greater “focus on individuals from the inception of the investigation.” Whether it is emissions programs, anti-money laundering, securities, or anti-bribery, the risk for corporate executives to neglect compliance programs is now much higher if both they, and their companies, will be prosecuted.

Damages Dispute in Design Patent Case Heats Up

Posted: January 27th, 2017

Tags: intellectual property, Supreme Court

As design patents become a more popular method for businesses to protect their products, how damages are determined in the highly-publicized Samsung v. Apple litigation will merit close attention this year.

In early December 2016, the Supreme Court reversed the lower court’s decision that forced Samsung to pay $399 million in profits for violating three of Apple’s design patents and remanded the case for further consideration. The award accounted for the entirety of Samsung’s profit from the sale of the infringing smartphones. Samsung’s argument, however, is that damages should be limited to individual components covered by the patents. Thus, the case turned on a law that awards total profits based on an “article of manufacture” and the question was whether that phrase must be interpreted to mean the entire product or parts of it.

Under federal law, “[w]however during the term of a patent for a design, without license of the owner, applies the patented design, or any colorable imitation thereof, to any article of manufacture for the purpose of sale, or sells or exposes for sale any article of manufacture to which such design or colorable imitation has been applied shall be liable to the owner to the extent of his total profit, but not less than $250, recoverable in any United States district court having jurisdiction of the parties…” (emphasis added). 35 U.S.C. § 289.

The Supreme Court stated that the term “article of manufacture” is broad enough to include both a multicomponent product and individual components of that product. Justice Sotomayor added that the process for finding the value of design patent damages involved a two-step process: first, the court had to identity the “article of manufacture,” then “calculate the infringer’s total profit made on that article of manufacture.” Thus, on remand, the Federal Circuit will be tasked with determining whether the relevant “article of manufacture” for each design patent is the entire smartphone or a particular smartphone component.

The Federal Circuit’s determination will be highly anticipated as it may provide guidance in determining what constitutes an “article of manufacture” for the purposes of determining damages in design patent cases.

EEOC Proposed Enforcement Guidance for Addressing Unlawful Harassment

Posted: January 27th, 2017

On January 10, 2017, the U.S. Equal Employment Opportunity Commission requested public input on proposed enforcement guidance for addressing unlawful harassment in the workplace and hostile work environments under Title VII of the Civil Rights Act of 1964. Harassment claims have risen over the past few years and the proposed guidance follows a June 2016 EEOC report. While there are a number of classes protected under federal and state law, harassment claims based on sex, race, and/or disability appear to be most common. Employers should be aware of the legal standards and potential liability for unlawful harassment in order to help mitigate damages in advance.

As the Supreme Court explained in Harris v. Forklift Sys., Inc., 510 U.S. 17, 21-22 (1993):

Conduct that is not severe or pervasive enough to create an objectively hostile or abusive work environment – an environment that a reasonable person would find hostile or abusive – is beyond Title VII’s purview. Likewise, if the victim does not subjectively perceive the environment to be abusive, the conduct has not actually altered the conditions of the victim’s employment, and there is no Title VII violation.

The “severe or pervasive” standard seeks to find a middle ground between conduct that is juvenile or annoying and conduct that goes so far as to create a hostile work environment. Whether a person has been harassed depends on the “totality of the circumstances,” and a finding of harassment will turn on the specific facts of each case. Certain conduct is more blatant than other conduct, such as racial slurs or offensive comments about disabled persons. Other conduct may be more benign such as off-color jokes or distasteful insinuations but may nevertheless be a form of harassment when taken into the overall context.

Harassment must be based on a protected characteristic and can even be based on the perception that a person has a particular characteristic or belongs to a protected group, even if that perception is ultimately incorrect. Similarly, “associational discrimination” covers harassment against a person because of his or her association with individuals, such as a spouse, child, or close friend. Even if the alleged harasser belongs to the same protected class, harassment based on a protected characteristic may be found.

The liability standard on the employer depends on whether the harasser is the employer’s “alter ego” or “proxy,” a supervisor, or a non-supervisory employee, coworker, or non-employee. The burden of proof on an employee to simply file a discrimination or harassment complaint is virtually non-existent and federal and state agencies seem to accept blanket and conclusory allegations when accepting a charge. This turns the burden, along with the expense of properly defending a complaint, however frivolous, on the employer. For this reason, paper trails are important, and employee complaints along with disciplinary action and remedial measures should be properly documented and preserved to defend against all types of complaints.

The full text of the guidance is available at https://www.regulations.gov/document?D=EEOC-2016-0009-0001. The EEOC is accepting comments through Feb. 9, 2017: https://www.regulations.gov/docket?D=EEOC-2016-0009. If you have questions about how to protect your company and your employees from harassment in the workplace, please contact us.

Listen Up! Six Effective Listening Techniques to Improve Your Negotiation Success

Posted: January 27th, 2017

By: Joe Campolo, Esq. email

Tags: negotiation

I’m not known for keeping my thoughts to myself. In fact, many of you pay me to advocate and negotiate on your behalf.

But while I may not be the quiet type, I believe that those who know me would still describe me as an excellent listener – and those skills have served me well in my negotiations in business and in life.

I firmly believe that all the preparation in the world won’t do you any good in a negotiation if you don’t listen to the other side. Sure, you hear what your adversary is saying, but are you really listening? A Campolo-ism, if you will: your ears are not for decoration. Use them!

Here, some strategies to make the most of it when it’s not your turn to talk.

1. Listen for the meaning, not just the words. People are so eager to defend their position and get a word in that they hear without really listening. Pay attention not only to what the speaker is saying, but how he or she is saying it. Does the person sound sincere? Disappointed? None of the above? The speaker’s attitude and means of delivery will tell you a lot about the person’s position in the negotiation. Use this to help you frame the conversation.

2. Ask questions. Rather than talking endlessly (lawyers are notorious for this), take the opportunity to draw more information from the other side. Ask about their position. Question details about their point of view. You don’t want to interject and bombard the person, but asking questions shows you’re interested in what they have to say. A person who feels that you’re making a real effort to understand his or her point of view will be more likely to share information with you.

3. Paraphrase to confirm understanding. Test how well you’ve been listening by repeating your adversary’s position back to them in your own words. This exercise gives you the opportunity to confirm that you understand their position, and helps you get up to speed if you’ve misunderstood something.

4. Resist the urge to prepare your response while the other side is speaking. I know, I know. They’re SO wrong, their position is SO unrealistic, and you can’t WAIT to tell them so. Stop! Keep listening. You may learn more details about where your adversary is coming from. You’ll have your turn to reply – and if you listen well now, your reply will be more effective than if it is an off-the-cuff, automatic response that you just can’t wait to get out.

5. Consider your body language. While the other side has the floor, show them that you’re listening. Maintain good eye contact, lean in toward the speaker, and nod your head. Take notes if the situation warrants it. Try not to cross your arms or otherwise put up a wall between you and your adversary.

6. Remain open-minded. Listening effectively requires you to think objectively. If you’re judging your adversary before you get to the table, the session will likely be unproductive. Hear the person out. This doesn’t mean you need to change your view to agree with theirs – if that were the case, negotiating would be easy. The point is to look for common ground.

To Mediate or Not to Mediate

Posted: January 27th, 2017

By Scott Middleton

Mediation can either be a great tool to move beyond an impasse or a colossal waste of time and money. Without the proper approach and preparation, the parties may be pushed further apart.

In a recent mediation, my client was amenable to settling but the plaintiff, in the lead-up to the mediation, was less than forthcoming. He led me to believe that he was looking for a number to settle at less than six figures. Based upon this understanding, my client agreed to mediation. Of course, we prepared our submission for the mediator (as did the plaintiff’s counsel who was foolish enough to also exchange it with our office) and attended with the goal of resolving the case.

Surprisingly, the plaintiff’s counsel increased his prior settlement demand and then acted indignantly when the offer presented was, in his mind, inadequate. The mediator was clearly on our side when it came to valuation but quickly saw that he could not reason with the plaintiff’s attorney. In an unbelievable move at the close of the mediation, he had a parting and insulting shot directed at my clients who sat in on the process – not a good strategy unless you want a trial. Needless to say, the case did not settle and moved from a reasonable offer to no-pay and we are moving toward trial – not the desired or expected result.

Our office moves a case into mediation only when there is that glimmer of hope for a resolution. Without a clear demand and offer, it is impossible to adequately assess the likelihood of success, and I believe mediation should be avoided in those circumstances.

Remember, mediation is a tool to avoid trial in an effort to resolve matters reasonably. Do not expect your lawyer to be as aggressive at mediation as he or she was during the discovery phase or as you expect him or her to be at trial. If an attorney enters mediation looking to win, everyone loses. We want a good and acceptable result but the approach is different than the slash and burn tactics often used at trial.

If we suggest mediation it is not because we do not want to go to the mat; in fact, at the stage of entering into mediation, we are at the point of being ready for trial. We want to go to mediation to avoid the uncertainty of trial and try to economically resolve the matter before fully preparing for a long and costly trial. When we are prepared and the parties are close enough to make it worthwhile, mediation is almost always a success. It is at times better to mediate than go through the expense of trial preparation, paying experts, and putting your fate in the hands of a group of unknown people.

When approached in the proper way and when one is fully prepared to engage in the process, mediation can be very cost-effective while at the same time giving the client the benefit of a final resolution. Sometimes it merely results in bringing the parties much closer together which in and of itself is beneficial, as this sets up the parties to continue to negotiate while the trial is approaching.