By: Heather Gries
There’s an outbreak of fitness fever popping up in our communities and Delaware is not immune to the cause. There’s an ongoing, innovative campaign called “Motivate the First State” that launched on June 1. Governor Markell is challenging Delawareans to achieve one million miles of physical activity between June 1st and December 31st. “Join me on the trails, sidewalks and bike paths.” he said. “Together, we can log one million miles of physical activity and make each step, each pedal stroke count for Delaware charities that help our kids, our families and our citizens with special needs.” The statewide campaign is aimed to encourage Delawareans to participate in regular physical activity and will reward participants with contributions to three Delaware charitable organizations – Special Olympics Delaware, Boys & Girls Clubs of Delaware, and The YMCA of Delaware. All Delaware residents are invited to participate in the campaign. Track your movement through the easy to use online community powered by Plus3.com, the campaigns technology platform. Logging your activities on the website can be done manually, by hand (using the honor system), uploaded from compatible trackers like Garmin and Fitbit, or with the Plus3 app, available for Apple and Android devices. The website gives option to share your postings on other social media platforms like Facebook and Twitter. Contributions can be made by completing activities such as walking, cycling, by choosing water over soda and eating fruits and vegetables. Each healthy choice earns a specified amount of kudos determined by Plus3, one “kudos” will earn you one penny. Don’t worry if you forget to log something that day because you can log your activity completed up to one week previous. The online community allows you to connect with other participants, add “Friends” and share your activity. Motivate the First State is the Plus3 designed Clubhouse and within the clubhouse Delawareans can log, publicly or privately, as individuals, or participate as a team. Additionally, participants can join an ongoing team and incorporate their contributions. Jason Danner, Regional Vice President, Market Leader, Kelly Benefit Strategies Group, says this campaign is a “win, win, win” for all parties involved “Make every time your active count for charity”. Jason, who serves as a representative for Motivate the First State says the goal is to have 5,000 people logging their efforts consistently. This will serve as a baseline for the coming 2016 year. Motivate the First State is hosted by the Delaware State Chamber of Commerce in partnership with Kelly Benefit Strategies Group, Inc. Other partnerships for the campaign include Delaware Division of Public Health, Sussex County Government, Sussex Outdoors, Healthier Sussex County, Sussex County Health Promotion Coalition, Bike Delaware, Kent Kids, and Races2Run. (You can sign up for FREE at www.motivatethefirststate.com to join the campaign.)
0 Comments
By Carl N. Kunz, III*
Recently, The News Journal® published an article titled, “Some still unaware of identity-theft bill.” Mordock, J., (2015, July 26), The News Journal, p.1E. (Editor’s note: It was also published online earlier under a different headline.) The News Journal article highlighted passage by the Delaware legislature in 2014 of House Bill 295, now codified as 6 Del. C. §5001C et seq.: Safe Destruction of Records Containing Personal Identifying Information. Much of the article, however, focused on the fact that, despite the law going effective in January 2015, businesses either do not know about the law or do not know what they might need to do to comply. As Governor Markell is slated to sign into law two additional pieces of privacy related legislation on Friday, August 7, 2015, this article provides a summary of the currently in effect Safe Destruction law and the two that will be signed imminently: the Delaware Online Privacy Protection Act, primarily applicable to businesses with websites, and the Student Data Privacy Protection Act, which seeks to regulate the activities of operators of websites and applications designed and marketed for K-12 public school purposes, or those who collect, maintain or use student data in digital or electronic form for K-12 public school purposes. Safe Destruction of Records Containing Personal Identifying Information The law relating to safe destruction of records that was the topic of The News Journal piece provides that a commercial entity (corporation, business trust, partnership or limited partnership, estate, trust, LLC, LLP, association, organization or other legal entity, whether or not for profit) seeking to permanently dispose of records containing consumer’s personal identifying information (PII), “shall take reasonable steps to destroy or arrange for the destruction of each such record by shredding, erasing, or otherwise destroying or modifying the personal identifying information in those records to make it unreadable or indecipherable.” The law defines “Personal identifying information” as “a consumer’s first name or first initial and last name, in combination with any 1 of the following data elements that relate to the consumer, when either the name or the data elements are not encrypted: Social Security number; passport number; driver’s license or state identification card number; insurance policy number; financial services account number; bank account number; credit card number; debit card number; tax or payroll information or confidential health-care information including all information relating to a patient’s health-care history; diagnosis condition, treatment, or evaluation obtained from a health-care provider who has treated the patient which explicitly or by implication identifies a particular patient.” A “record” includes information in virtually any tangible, electronic or other medium, but does not include any publicly available directories or sources of information that a customer has consented to have publicly available. Entities transacting business in Delaware should be aware of this law. While a civil suit may be brought against an entity only for reckless or intentional (but not negligent) violation of the law, one doesn’t want to be the source of a data breach resulting from the improper keeping or destruction of records. And with technology changing rapidly from day to day, what might constitute “reasonable steps to destroy” today, might not be reasonable tomorrow. Since the law requires an entity to “take reasonable steps to destroy or arrange for the destruction of” such records, businesses should carefully control and monitor those steps. If an entity contracts with a third-party for such destruction, careful review of the contract and an understanding about how the third-party protects such information is paramount. Indeed, reasonableness might require adherence to a chain of custody with the third-party ultimately certifying to the destruction of such records. One has to be sure that when the physical records, computer hard drives, thumb drives, CD’s, copier hard-drives, etc. are sent to third-party for destruction that they are actually being destroyed in a manner which renders them “unreadable or undecipherable.” As with many of the privacy laws being enacted in Delaware and around the country, the law provides an encryption safe harbor. If the data is encrypted, then, by definition, it does not constitute “Personal identifying information” under the law, and the law would not require specialized destruction of encrypted data. Delaware Online Privacy Protection Act The Delaware Online Privacy Protection Act (DOPPA), slated to be codified as 6 Del. C. § 1201C et seq., has three stated purposes: (i) to prohibit the operator of an internet service directed at children from marketing or advertising certain products or services on a website that are deemed harmful to children; (ii) to require an operator of an internet service to conspicuously post its privacy policy, if the internet service collects PII from Delaware residents for commercial purposes; and (iii) to protect the personal information of users of digital book services by prohibiting a provider of book services from disclosing personal information regarding users of book services to law enforcement entities, governmental entities or other parties except under specified circumstances. DOPP defines PII differently than the safe document destruction law. DOPPA defines PII as “any personally identifiable information about a user of a commercial Internet website, online or cloud computing service, online application, or mobile application that is collected online by the operator of that commercial internet website, online service, online application, or mobile application from the that user and maintained by the operator in an accessible form, including a first and last name, a physical address, an e-mail address, a telephone number, a social security number, or any other identifier that permits the physical or online contacting of the user, and any other information concerning the user collected by the operator of the commercial Internet website, online service, online application, or mobile application from the user and maintained in personally identifiable form in combination with any identifier described in this paragraph. See DOPPA at § 1202C(15) (emphasis added). Owners of commercial websites directed at children will need to make sure that their sites are not marketing any of the prohibited items listed in section 1204C(f) of the new law. For example, websites directed to children may not market or advertise alcoholic beverages, tobacco products, firearms, fireworks, tanning equipment, lotteries, body piercing, branding, tattoos, drug paraphernalia and tongue splitting. See DOPPA at §1204C(f)(1) – (15). Such websites also may not advertise or market “any material . . . which predominantly appeals to the prurient, shameful, or morbid interest of minors, is patently offensive to prevailing standards in the adult community as a whole with respect to what is suitable materials for minors, and taken as a whole lacks serious literary, artistic, political, social, or scientific value for minors.” DOPPA at § 1204C(f)(16). The law also mandates that a website’s privacy policy either be conspicuously available on a website, or that a link to the privacy policy be conspicuous. It also specifies certain types of information that must be disclosed in such a policy, including what information a website gathers, how it responds to “do not track” signals, the effective date of the privacy policy, and whether the operator of a website maintains a process for the user to review and request changes to that user’s PII, and a description of that process. The law specifies that a website operator will only be in violation of the privacy policy posting requirements only if the operator fails to make its privacy policy conspicuously available within 30 days after being notified that it is noncompliant. Finally, the law proscribes the circumstances in which a “book service” (defined as “an entity, [which] as its primary purpose, provides individuals with the ability to rent, purchase, borrow, browse, or view books electronically or via the Internet”) may disclose information about the users of their services to “to any person, private entity or government entity.” Generally, proper legal process and/or court order will be required as will notice to both the user and/or book service provider sufficient to permit the user or book service provide to timely appear and quash the request or contest issuance of any court order. In the case of a user of such services, a minimum of 35 days advance notice is required. Website operators will need to carefully review their websites and privacy policies to be sure that they will be in compliance with the new law. And they should not wait until the Delaware law goes into effect to do so. Indeed, although DOPPA will not become effective until January 1, 2016, many other states have already enacted similar statutes to protect their own residents. If a website is collecting information from those states’ residents, a website operator may already be in violation of those others states’ laws. Student Data Privacy Protection Act With the continuing push for more prolific and creative use of technology in Kindergarten through 12th grade classrooms, student data has become more valuable, and the protection of that data of greater concern. In the face of the perceived need for greater protection of student data, the Delaware General Assembly, on June 25, 2015, approved SS1 for SB 79, slated to be codified as 14 Del. C. § 8101A et seq. (the “Student Data Privacy Protection Act” or “SDPPA”). Expressly modeled on California’s Student Online Personal Information Privacy Act, the SDPPA is designed to prohibit educational technology service providers from selling student data, using student data to engage in targeted advertising to students and their families, or creating student profiles for non-educational purposes. When the law goes effective, the SDPPA will regulate the activities of operators of websites and applications designed and marketed for K-12 public school purposes, or those who collect, maintain or use student data in digital or electronic form for K-12 public school purposes. In particular, operators must provide reasonable security to prevent unauthorized access to, destruction of, use, modification or disclosure of student data. Operators must also delete a student’s data within a reasonable period (not to exceed 45 days) following a school or school district’s request for such deletion. Operators also must not engage in targeted advertising using student data or state-assigned student identifiers where the data or student identifiers have been obtained as a result of use of a website, online or cloud computing service, online application or mobile application. Such data also may not be used to create a student profile except in furtherance of K-12 public school purposes. Student data may not be sold – except in instances of sale, merger or acquisition of an operator by another entity, and provided that the operator and/or successor entity continues to be subject to the SDPPA with respect to previously acquired student data. Operators also must not disclose student data except in certain specified instances, including responding to judicial process, to protect the security of the operator’s website or application, and protecting the safety of users of a website or application. Operators, however, may disclose student data when another provision of federal or state law requires disclosure, or for other legitimate research purposes. Finally, operators may use student data when supporting, evaluating or diagnosing the operator’s website, and may also use student data or de-identified student data to develop and improve an operator’s website or application, or to demonstrate the effectiveness of an operator’s products or services. In addition to the proscriptions on the use and disclosure of student data, the SDPPA establishes a Student Privacy Task Force to “study and make findings and recommendations regarding the development and implementation of a comprehensive framework to govern the privacy, protection, accessibility, and use of student data within and as part of the State’s public education system.” SDPPA at Section 3. The act also gives to the Consumer Protection Unit of the Delaware Department of Justice the power to enforce the new law. When the SDPPA is signed into law, the proscriptions applicable to operators will not take effect until August 1 of the first full year following the act’s enactment into law, with all other provisions taking effect immediately upon the Governor’s signature. SDPPA at Section 5. *Carl N. (“Chuck”) Kunz, III is a co-chair of the Morris James Data Privacy and Information Governance Group. This article is for informational purposes only. It is not to be construed as legal advice or to create an attorney/client relationship. The views stated herein are the views of Mr. Kunz, and not necessarily the views of Morris James LLP, or its clients. If you would like additional information, please visit our webpage for the Morris James Data Privacy and Information Governance Group, or follow us on Twitter. By James DeChene
A few things to consider this week as the News Journal reports that our state GDP isn’t matching the national average:
Those items, taken collectively point to some positive economic development in the state. While we are certainly still behind where we once were, we need to make sure we take the time to appreciate the gains we are making, and continue to find new and innovative solutions to bringing quality jobs into Delaware. The growth of Delaware’s gross domestic product has lagged behind the rest of the country, the federal government claims. However, some Delaware officials dispute the charge noting that employment is up in the First State. Delaware’s GDP grew at a rate of 1.2 percent in 2014, a full point behind the national economy which improved at a rate of 2.2 percent, according to recently released statistics by the U.S. Department of Commerce Bureau of Economic Activity. In addition, Delaware trailed its Mid-Atlantic neighbors, which reported a 1.7 percent growth last year. (The rest of the article can be found here.) By James DeChene
In a front page Wall Street Journal article, Delaware’s continued status as the premier corporate friendly location is called into question. The article highlights two specific provisions, fee-shifting and appraisal arbitrage, as the primary stumbling blocks to Delaware’s long standing reputation. Legislation on fee-shifting, authorized by a state Supreme Court decision last year, was passed in order to reverse the Court’s decision that would have curtailed shareholder derivative litigation in the state by requiring the losing party to cover the attorney’s fees and costs for both sides. In addition, the article outlined the proposal of new language that would change the rate of interest paid to shareholders until their appraisal case is decided. Shareholders now accrue 5.75 percent in annual interest on the deal price while waiting the years it takes to decide an appraisal case. There are those that feel that the rate is too high and limits the downside for hedge funds, encouraging them to exercise appraisal rights. Currently, if the court decides that the amount paid in the merger was fair and the hedge fund receives nothing extra, it still receives the interest. The proposed language permits companies to pay the amount of the merger price they do not dispute and then pay interest only on the amount of any difference if the court determines a higher value, but again, this language is not expected to be voted on by the General Assembly until 2016.At the end of the day, the takeaway from the article is that:
Here’s a blog posting (via Reuters) highlighting two cases last week where Vice Chancellors Laster and Noble sent pretty clear messages around so-called “disclosure only” settlements. These rulings are illustrative of the Delaware judiciary’s deep concerns about awarding legal fees in cases where little to nothing of substance is achieved for either the corporation or its shareholders. Two other recent cases further illustrate the Court of Chancery’s ability to sort out cases on their merits:
The referenced bill on fee-shifting/forum selection created a vehicle allowing companies to ensure that Delaware is the venue for their internal corporate disputes and it’s altogether appropriate that the business world watch carefully to see if the State’s judges fairly and actively filter out weak cases brought to Delaware. No doubt there will be many strong cases where litigants (and their counsel) will be well rewarded — but each of the above rulings show that Delaware’s courts are well equipped to combat meritless litigation and mindful of a responsibility to separate the wheat from the chaff. |
Archives
November 2024
Categories
All
|