Updates and Legal Developments Winter 2019

Posted on 01-16-2020

AMAZON’S DATA STORAGE VIOLATES ILLINOIS BIOMETRIC PRIVACY LAW, STATE RESIDENTS ALLEGE

AMAZON WEB SERVICES IS VIOLATING THE ILLINOIS Biometric Information Privacy Act (BIPA), 740 Ill. Comp. Stat. Ann. 14/1, by allowing commercial customers to use its cloud storage services to house employees’ biometric data without obtaining permission or disclosing the purpose for the storage, a group of Illinois residents alleges in a suit filed in state court. Ragsdale v. Amazon Web Services Inc., No. 2019-CH-13251, Ill. Cir. Ct., Cook Cty.

Martin Ragsdale, filing on his own behalf and a class of state residents, alleges that Amazon stores data and information generated as a result of the collection of biometric identifiers, such as fingerprints, for commercial clients, including employers.

The BIPA, enacted in 2008, requires private entities to develop and make available to the public written policies establishing a retention schedule and guidelines for destruction of biometric identifiers. Collectors of biometric data must inform subjects that the data is being collected and stored, disclose the purpose and length of time for which the information is being collected and stored, and receive written consent for collection of the information.

“Despite obtaining, storing, and processing biometric information of thousands of Illinois residents, including Plaintiff’s biometrics, on behalf of scores of its customers, Defendant failed to comply with BIPA,” the class plaintiffs allege.

The plaintiffs seek injunctive relief, statutory and compensatory damages, costs, and attorney’s fees.

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Data Security & Privacy > State Law Surveys and Guidance > State Guidance > Articles


PENNSYLVANIA SUPREME COURT STRIKES DOWN FLUCTUATING OVERTIME PAY METHOD

THE FLUCTUATING WORK WEEK (FWW) METHOD OF calculating overtime pay violates state law, the Pennsylvania Supreme Court has ruled in Chevalier v. Gen. Nutrition Ctrs., Inc., 2019 Pa. Lexis 6521 (Nov. 20, 2019).

While acknowledging that federal law allows employers to use the FWW method, the court said that the practice violates the state Minimum Wage Act (MWA).

The justices affirmed the award of $1.7 million in back overtime pay to employees of General Nutrition Centers (GNC). The employees filed suit in the Allegheny County Court of Common Pleas, arguing that GNC’s use of FWW to pay them overtime at a diminishing rate depending on how many hours are worked during a week violates state law. The FWW rate is calculated by dividing the employee’s weekly salary by the number of hours, including hours in excess of the standard 40, actually worked in a week, then multiplying the hours in excess of 40 by one-half the regular pay rate and adding that amount to the regular salary. The employees argued that the MWA’s mandate that workers be paid at least “one and one-half times” their regular rate for hours in excess of 40 hours requires that the excess hours be calculated by multiplying the regular rate by 1.5.

The FWW method was adopted by the U.S. Department of Labor (DOL) in a guidance issued in 1940. The U.S. Supreme Court affirmed its use in Overnight Motor Transp. Co. v. Missel, 316 U.S. 572 (1942). The DOL issued a regulation codifying its use in 1950. The MWA was adopted by the Pennsylvania legislature in 1968.

The trial court entered summary judgment for the employees, finding that the language in the MWA is ambiguous and that the ambiguity has not been addressed by a Pennsylvania appellate court. The court awarded the employees almost $1.4 million in unpaid overtime, plus interest, costs, and attorney’s fees. The state Superior Court affirmed.

Affirming, the Supreme Court acknowledged the ambiguity in the MWA and held that “the rules of statutory construction favor Plaintiffs’ interpretation requiring application of the 1.5 Multiplier.” The court cited the “unmistakable intent of the General Assembly to use the Commonwealth’s police power to increase wages to combat the ‘evils of unreasonable and unfair wages’” and its failure to specifically adopt the FWW method in promulgating state regulations.

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Labor & Employment > Wage and Hour > Compensation > Articles


EEOC, DOLLAR GENERAL REACH $6 MILLION SETTLEMENT IN CRIMINAL BACKGROUND CHECK SUIT

RETAILER DOLLAR GENERAL AND THE U.S. EQUAL Employment Opportunity Commission (EEOC) have entered into a $6 million settlement in a six-year-old case alleging that the company discriminated against a nationwide class of black applicants by way of its criminal background check policy. EEOC v. Dolgencorp LLC d/b/a Dollar General, No. 13 C 4307, N.D. Ill.

Under the terms of a three-year consent decree approved by U.S. Judge Andrea Wood of the Northern District of Illinois, Dollar General did not admit to liability for the allegations in the complaint, and the EEOC did not accept any of the defenses raised by Dollar General. Individuals whose job offers were rescinded as a result of the background check policy dating back to 2004 are eligible to receive a part of the monetary settlement. Additionally, if Dollar General opts to use criminal conviction history to inform its hiring decisions during the three-year term of the decree, it must hire a criminology consultant to develop a new criminal background check based on specific factors outlined in the decree.

The settlement comes in a suit alleging that Dollar General refused to consider the age of job applicants at the time of the alleged criminal offense or the nexus of the crime and the duties of the job for which they applied. For instance, the EEOC alleged that the company disqualified an applicant for three years who was convicted of improperly supervising a child and disqualified another for 10 years based on a conviction for possession of drug paraphernalia. The policy resulted in the elimination of about 10% of black applicants as opposed to 7% of non-black applicants, the EEOC said.

The lawsuit stemmed from EEOC guidance from 2012 that warned employers of violating Title VII if they used criminal background results to screen potential employees, and the practices were not “job-related and consistent with business necessity” and performed on a case-by-case basis.

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Labor & Employment > Screening and Hiring > Recruiting and Screening


SUPREME COURT TO DECIDE ON REGISTRABILITY OF BOOKING.COM TRADEMARK

THE U.S. SUPREME COURT WILL DECIDE LATER THIS TERM whether the name Booking.com is sufficiently distinctive to merit registration as a trademark for an online travel site. U.S. Patent and Trademark Office v. Booking.com BV, 2019 U.S. Lexis 6782 (Nov. 8, 2019).

The justices granted a petition by the U.S. Patent and Trademark Office (PTO) for review of a decision by the U.S. Court of Appeals for the Fourth Circuit affirming a lower court ruling finding the mark protectable under the federal Lanham Act.

Booking.com applied for registration of the mark in 2011. The PTO rejected the application, finding the mark generic as applied to travel services and holding that Booking.com had failed to establish secondary meaning for the mark. On appeal, the Trademark Trial and Appeal Board affirmed on genericness grounds.

Booking.com filed suit in the U.S. District Court for the Eastern District of Virginia, citing a survey indicating that almost 75% of consumers recognize the mark as a brand rather than a generic service. The district court entered summary judgment for Booking.com, finding that while “booking” is a generic term for travel services, the mark Booking.com, taken as a whole, is descriptive in nature. Further, the court said, the company has met its burden of proof on the issue of secondary meaning.

On appeal, the Fourth Circuit affirmed, finding that the composite created by the addition of .com to a generic term “may be non-generic where evidence demonstrates that the mark’s primary significance to the public as a whole is the source, not the product.”

In seeking review by the high court, the PTO argued that the lower court ruling “is likely to have serious and immediate anti-competitive effects” by discouraging competitors “from using the generic names of their goods or services in their own domain names.” In response, Booking.com argued that to deny registration would “free unscrupulous competitors to prey on its millions of loyal consumers by falsely advertising as ‘Booking.com’ or making deceitful direct promotions.”

Arguments are expected in the spring, with a decision to be released before the end of the high court’s term in late June.

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Intellectual Property & Technology > Trademarks > Trademark Registration > Articles


NEW YORK SHIELD ACT STRENGTHENS DATA SECURITY REQUIREMENTS FOR BUSINESSES

KEY PROVISIONS OF NEW YORK’S NEW DATA SECURITY statute that took effect recently impose new requirements on businesses to notify consumers of data breaches and extend the period during which the state attorney general can file suit for violations of the statute. Stop Hacks and Improve Electronic Data Security (SHIELD) Act (N.Y. Gen. Bus. Law § 899-aa).

The notification provisions of the statute, signed into law by Governor Andrew Cuomo in July and effective as of October 23, require businesses that suffer a data breach to notify affected persons “in the most expedient time possible and without reasonable delay.” Notification must be made by written, electronic, telephonic, or some other method, including email, posting on a business web site, or notification to major statewide media.

An exception is available if the exposure of private information was “an inadvertent disclosure by persons authorized to access private information” and the disclosing person or business “reasonably determines” that the exposure will not result in misuse or harm. Such an exposure must be reported to the state attorney general within 10 days if it affects more than 500 New York residents.

Additional provisions of the statute, which require businesses to adopt “reasonable safeguards” against data breaches, are scheduled to go into effect on March 21, 2020. (N.Y. Gen. Bus. Law § 899-bb). The statute sets forth a list of items to include in a compliant data security program, including administrative, technical, and physical safeguards.

The statute does not include a private cause of action; enforcement is left to the state attorney general. In addition to injunctive relief, violations of the statute can result in actual damages and civil penalties of $5000 or up to $20 per instance of failed notification, provided that the latter amount does not exceed $250,000. The statute of limitations is three years after the date on which the attorney general becomes aware of the violation.

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Data Security & Privacy > Data Breaches > Response > Articles