Government Websites With Cybersecurity Tips & Information

My colleague, Pat Fowler, is one of the authors of Into the Breach… Data Privacy and Protection Blog and wrote a fantastic article about government websites with cybersecurity tips and information that I wanted to provide here. It’s the perfect one-stop-resource for those whose data and information (or third-party information under your control) is vulnerable.  Here you go – Enjoy:

As part of the government’s recent clarion call to improve our individual and collective cybersecurity posture, several federal and state agencies have released a variety of guidelines, frameworks, best practices and tips.  Some are more helpful than others.  Much of it focuses on helping those perceived to be the most vulnerable in the current cyber-threat environment – small and midsize businesses (SMBs).

Now, finding that useful information among the 925 million websites currently in use can be a real challenge, especially if you’re in a pinch.  So we have posted the links to some of the more prominent government sites that focus on basic cybersecurity, data protection and breach response topics.  By posting these links, we’re not, of course, endorsing the accuracy or applicability of the information they may contain.  And obviously, there are many other websites that may contain additional information that may be useful to you as well.  But these are a good starting point, and you can see your tax dollars at work.

The Small Business Administration

The Small Business Administration has created an on-line, self-paced training exercise that provides an introduction to securing information in a small business. It’s called “Cybersecurity for Small Businesses” and can be downloaded as a pdf as well.

The Federal Trade Commission

The Federal Trade Commission (FTC) recently issued “Start With Security: A Guide For Business”, available also as a PDF, and as an on-line tutorial as well. It’s worth noting that the FTC says it drew upon some of its recent enforcement actions involving alleged consumer privacy violations and deceptive and unfair trade practice claims, so these materials also provide some insight concerning the FTC’s analysis of data breach scenarios.

If you or someone you know experiences an identity theft, the FTC has an identity theft resource site.

The Department of Justice

In the event of a cyber-attack and data loss, the Department of Justice’s “Best Practices for Victim Response and Reporting of Cyber Incidents” is a popular reference. Despite its title, it also contains recommended practices to take before the cyber-attack and data loss occurs.

The Federal Communications Commission

While you may not think of the Federal Communications Commission (FCC) in the cybersecurity and data privacy space, it has published several pertinent documents of note. These include “Cybersecurity for Small Businesses” and a “Cybersecurity Planning Guide

The Department of Homeland Security

The Department of Homeland Security (DHS) has been particularly active in pushing out guidelines and tips in the cybersecurity and data privacy space. Among other things, it maintains the “Stop.Think.Connect: Cybersecurity Resources for Small Business” website. DHS also published “Cybersecurity Questions for CEOs”, “Cybersecurity 101” and “Cybersecurity Tips”

An agency within DHS, the United States Computer Emergency Readiness Team (US-CERT), maintains a website with useful cybersecurity resources: “Getting Started for Small and Midsized Businesses (SMB)

The Securities and Exchange Commission

Earlier this year, the Securities and Exchange Commission, Division of Investment Management issued “Cybersecurity Guidance” to investment advisors and brokers. This follows the Division of Corporation Finance’s 2011 Guidance related to disclosure of cybersecurity risks and cyber incidents.

The Department of Commerce, National Institute for Standards and Technology

Last year, the Department of Commerce, National Institute for Standards and Technology (NIST) issued the Framework for Improving Critical Infrastructure Cybersecurity, which is a useful reference for companies to review when evaluating or implementing their cybersecurity programs. NIST maintains a website that contains version 1.0 of the Framework document as well as related resources and information.

The National Security Agency

The National Security Agency (NSA) has published a tip sheet “Best Practices for Keeping Your Home Network Secure”.

The State of California Attorney General’s Office

The California Attorney General’s Office, in collaboration with others, recently published, “Cybersecurity in the Golden State”. It contains information and tips that business owners can use to “protect against and respond to malware, data breaches and other cyberincidents.”

The Maricopa County, Arizona Office of Enterprise Technology

The Maricopa County, Arizona Office of Enterprise Technology maintains a website that contains links to a number of useful cybersecurity resources, including links to law enforcement agencies and other entities that focus on cybersecurity and data protection

If we learn of other website with useful information in the cybersecurity and data privacy space, we’ll update this in the future. Stay tuned.

Posted in Other Things... | Tagged , , | Leave a comment

The Lessons of EEOC v. Freeman – “Know when to hold ’em. Know when to fold ’em.”

3d person with casino chipsI was going to skip past this opinion from the District of Maryland until I realized that it started with a reference to a classic country song and, therefore, it immediately moved up my list and became worthy of a closer read.

World-renowned poker expert Kenny Rogers once sagely advised, “You’ve got to know when to hold ’em. Know when to fold ’em. Know when to walk away.”

In the EEOC v. Freeman opinion published in September, the court explained the company, Freeman, held the royal flush and the EEOC held nothing. Continuing the analogy throughout the introduction, the court found that, “Like the unwise gambler, it did so at its peril. Because the EEOC insisted on playing a hand it could not win, it is liable for Freeman’s reasonable attorneys’ fees.”

This case is based on Freeman’s practice of running background checks on applicants after conditional offers were made and credit checks on applicants in financially-sensitive positions with conditional offers.  The EEOC alleged that Freeman’s use of background checks had a disparate impact on African-American, Hispanic, and male job applicants.

“The EEOC is certainly entitled to attempt to police the use of background checks through litigation, and to attempt to use litigation to challenge whether an employer’s use of background checks is ‘job-related for the position in question and consistent with business necessity.’”  However, the United States District Court for the District of Maryland made clear that the analysis does not get to the “job-related” inquiry unless there is first reliable evidence of a disparate impact.

Here, the court found it was unreasonable for the EEOC to continue its investigation with the lack of proper analysis demonstrating disparate analysis and, instead, choosing to rely on flawed investigative reports. Ultimately, the court awarded over $938,000 in attorneys’ fees to Freeman.

Disparate impact cases (where an otherwise neutral policy have a disproportionate effect on a certain group) certainly remain a hot topic and were, in fact, one of the topics of presentations at the 2015 Annual Employment & Labor Law Fall Seminar sponsored by the State Bar of Arizona in Sedona last weekend. While this case is an example of one that turned out in favor of the company, it underscores the importance for both parties in litigation to get an early grasp of the statistics in the case and the determination of whether there is or is not a disparate impact.

Posted in EEOC | Tagged | Leave a comment

Women of Maricopa

Now that everyone has spent the last week reading articles about the new overtime regulations that were proposed by the Department of Labor, I thought I would highlight a recent event in the valley. A couple of weeks ago I co-hosted the Maricopa Community Colleges Foundation (MCCF) Women of Maricopa event at the Wells Fargo Museum with a fellow MCCF board member and friend, Misha Patel Terrazas.

It was a small group gathering and networking event to highlight some of the many success stories of the Maricopa Community Colleges, and to provide an opportunity for the attendees to network and develop new relationships.

I thought I would post about the Colleges here because many people don’t realize the true reach of the community colleges in Maricopa County as the 10 colleges, 2 skill centers, numerous education centers, and the Corporate College are all linked together as one. That means if you go to one community college, you can seamlessly transfer to another. You can apply to all colleges at once and take advantage of the 950 degree and certificate programs, and you can apply for numerous scholarships all at once.

The Maricopa Community College District is a significant investment in our region because it is an investment in the people.

IMG_2646That evening, we heard from Dr. Maria Harper-Marinick, the Executive Vice Chancellor and Provost, and also Autumn Barber, a recipient of the Women’s Philanthropy Circle Scholarship. We also talked about various scholarships available, including thirty endowed scholarships dedicated solely to women. These range from the Women’s Philanthropy Circle Scholarship, to the Linda B. Rosenthal Scholarship for re-entry students, to scholarships for single moms, to scholarships for women who are in the U.S. to escape persecution, or scholarships for women pursuing degrees in a certain field. My law firm created and endowed the Snell & Wilmer Leader Scholarship–which is named after the firm’s first female partner, Mary Leader, and is in its second year of being awarded to a minority woman who has demonstrated strong leadership skills and a commitment to serving her community. For those who are interested in supporting MCCF scholarships that are dedicated directly to women, you can check out the link here.

And here’s a short highlight reel from the night.

IMG_2525Special thanks to our amazing sponsors: Snell & Wilmer, Wells Fargo*, Kendra Scott Jewelers, Sumits Yoga, Verde’ Maison Organic Beauty House, Esthetica, and Drybar.

*The Wells Fargo Museum is an absolute gem in downtown Phoenix. Despite being a native Arizonan, I had never gone there. It has an authentic 19th Century stagecoach and some great exhibits.

Posted in Other Things... | Tagged , | Leave a comment

New Overtime Regulations Will Impact Five Million Workers

breaking newsFor the first time in over a decade, the Department of Labor proposed updates today to the federal Fair Labor Standards Act (“FLSA”) white collar overtime regulations. These changes will impact businesses throughout the United States. The Department estimates that, in the first year, 4.6 million workers will be entitled to overtime protection because of these changes—specifically, the increase in the salary level threshold.


The FLSA establishes, among other things, minimum wage and overtime laws for workers in the United States. Non-exempt workers are entitled to minimum wage and overtime; whereas, exempt workers are paid a salary and not entitled to overtime protections. As explained in the proposed regulations, “[t]he exemption was premised on the belief that exempted workers earned salaries well above the minimum wage and enjoyed other privileges, including above-average fringe benefits, greater job security, and better opportunities for advancement, setting them apart from workers entitled to overtime pay.” There are various ways that a worker may qualify as exempt from overtime requirements and the proposed regulations, very simply, reduce the number of workers who can qualify as exempt.

An employee must meet certain tests to qualify for the white collar exemption. In particular, an employee must generally:

  • be paid a predetermined and fixed salary that is not subject to reduction because of variations in the quality or quantity of work performed (the “salary basis test”), and the amount must be more than a certain minimum amount identified by the Department (the “salary level test”); and
  • primarily perform bona fide executive, administrative, or professional duties, as identified by the Department regulations (the “duties test”).

If the Proposed Rules Are Adopted, What Will Change?

The Salary Level for Exempt Employees Will Be Changed.

pile of moneyCurrently, the minimum salary level required for an exemption for an executive, administrative, or professional employee is $455 per week ($23,660 annually). This means that, if an employee makes at least $455 per week, the determination of whether an employee is exempt depends on whether the employee otherwise meets the salary basis test and the duties test.

The new regulations propose to increase the minimum amount of pay and set the standard salary level to the 40th percentile of weekly earnings for full-time salaried workers. Using 2013 data provided by the Bureau of Labor Statistics, that amount would be increased to $921 per week ($47,892 annually). The Department estimates that the 2016 level will be approximately $970 per week ($50,040 annually).

To ensure the salary level does not, again, become outdated—since the last time the salary level requirement was updated was in 2004—the Department is proposing that the salary and compensation levels be automatically updated annually. The salary level will remain a threshold question when determining the applicability of an exemption and, even if a worker meets the salary basis test and the duties test, the employee will not be considered exempt if he/she does not have a salary above the new minimum salary level. More specifically, a worker who is exempt today and makes $24,000 annually will not be exempt when these regulations are finalized (assuming they are finalized as-is) unless his/her salary is at or over the 40th percentile (e.g., projected to be $50,040 in 2016) for full-time salaried workers.

The current standard of $455 per week, or $23,660 annually, falls below the poverty line for a family of four. The Department stated in its Frequently Asked Questions that the 40th percentile salary level “minimizes the risk that employees legally entitled to overtime will be subject to misclassification based solely on the salaries they receive, without excluding from exemption an unacceptably high number of employees who meet the duties test.”

The Department is seeking guidance as to whether nondiscretionary bonuses or incentive payments (e.g., tied to productivity or profitability) should be included in the calculation of the salary level. In particular, the Department is considering whether it should permit the nondiscretionary bonuses or incentive payments to account for 10% of the standard weekly salary level or, whether it should consider a lower amount, a higher amount, or not permit it to apply at all. “[T]he Department envisions that in order for employers to be permitted to credit such compensation towards the weekly salary requirement employees would need to receive bonus payments monthly or more frequently. For similar reasons, the Department is not considering employers to make a yearly catch-up payment.”

The Salary Level for Highly Compensated Employees Will Be Changed.

In addition to the change to the salary level for exempt employees, there is another proposed change relating to the level of compensation necessary to qualify as a highly compensated employee. The highly compensated employee exemption currently applies only to employees who have a guaranteed total annual compensation of at least $100,000 and who “customarily and regularly” perform one or more of the exempt duties of an administrative, executive or professional employee, and are not engaged in manual work.

The assumption is that the high salary is a strong indicator that an employee is properly classified as exempt; therefore, the other tests are relaxed when determining whether an employee is properly classified. Just as the Department proposes increasing the salary level for all employees to qualify for an exemption, the Department also has proposed increasing the salary level for highly compensated employees to qualify for an exemption. The Department proposes that the level be set at the 90th percentile ($122,148 total annual compensation) for the highly compensated employee. Under the proposed regulations, the total annual compensation may continue to take into account commission payments, nondiscretionary bonuses, and other nondiscretionary compensation. However, it does not include board, lodging, or other payments for medical insurance, payments for life insurance, contributions to retirement plans and the cost of other fringe benefits.

There Are No Proposed Changes to the Duties Test.

There are no proposed changes to the duties test, which is one of the tests that must be met for a worker to be classified as exempt. Rather, the Department is seeking comments on whether the tests, which were last updated in 2004, are working properly. The expectation is that setting the salary level threshold at the 40th percentile will eliminate the need for “a more robust duties test to ensure proper application of the exemption.”

How Will This Impact My Business?

Right now these are just proposed regulations. Nothing is changing today, but big changes are on the horizon. The Department explained that, in 2013, there were 144.2 million workers in the U.S., of whom the Department estimated 43 million are white collar salaried employees. Of those, 21.4 million may potentially be affected by the proposed rule; whereas, a subset of workers who meet different exemption tests (e.g., physicians, teachers, judges, outside sales workers, etc.) may not be impacted by the change. In the first year of implementing the regulations, the Department estimates that 4.6 million exempt workers will be directly affected as they fall between the current $455 weekly salary level but less than the 40th percentile ($921) proposed by the Department and, accordingly, will need to be reclassified as non-exempt. With automatic updating of the salary levels, this amount is expected to increase to 5.1 to 5.6 million workers within ten years. In addition, an estimated 36,000 workers will be impacted by the change to the highly compensated employees salary level—originally set at $100,000 and, now, set to increase to the 90th percentile ($122,148).

Companies will need to audit their workforce to determine if employees will need to be reclassified when the final rules go into effect. Legal counsel should be involved to appropriately preserve privileges and to properly evaluate the classifications. While the proposed regulations focus primarily on updating the salary level, there must still be an analysis of the duties required to be performed to qualify for the various exemptions. The Department reaffirmed that “we have always recognized that the salary level test works in tandem with the duties test.” Accordingly, it is important to remember that job titles and descriptions alone do not determine exempt status but, rather, analyze exactly what employees actually do on a day-to-day basis to properly establish an exemption.

Keep in mind that the proposed rules are not final and may still be modified when the final regulations are issued. For those workers who are ultimately re-classified to non-exempt, companies will need to develop methods to track their hours so that overtime and minimum wages can be paid. Certain states may have their own regulations that may also be impacted, if the new FLSA regulations are adopted.

What’s Next?

If you want more information, here is a Fact Sheet published by the Department of Labor regarding the proposed changes to the regulations.

We are currently in the notice-and-comment period of the proposed rule. Comments can be submitted to the Department electronically through the Federal eRulemaking Portal for sixty days following the publication of the proposed rulemaking issued today. The Department identified in the proposed regulations specific areas it is seeking comments, but an individual or organization may choose to comment on any areas. The Department will ultimately base its decisions on these comments, as well as its own analysis and other data gathered.

When the final rule is published in the Federal Register, the effective date of the new regulations will be identified.

*If you want to view this as a Legal Alert, as I originally published it today, you can check it out here.

Posted in DOL, FLSA | Tagged , , , | Leave a comment

Lunch with Justice Scalia

Scalia LuncheonI initially wanted to hold off on posting this article in order to not inundate the blog with Justice Scalia posts back-to-back (see Abercrombie case) but I got to thinking—Could there ever be too much Scalia? I don’t think so.

Regardless of whether you agree with his decisions or not, it is simply indisputable that Justice Scalia is a genius and, quite frankly, incredibly entertaining. I had the opportunity to hear him speak a couple weeks ago when he was in Phoenix, and thought I would pass along some gems* from the event:

First, the seriously-let’s-get-some-perspective part of the event. Scalia started off the luncheon by discussing what makes us the free-ist (is that a word? I think I just made it one) country in the world. You know, just another ice-breaker that deals with the heart and soul of our democracy. You might be thinking it’s the Bill of Rights but, not the case, said Justice Scalia. The Bill of Rights is just words on paper. Meaningless. What prevents the centralization of power is actually gridlock. That is the source of liberties. Only good legislation with solid support will get through.

ScaliaJustice Scalia also reminded the audience not to over-estimate the importance of his court. Federal law is a small part of the laws that govern our society. Murder – that’s a state crime (unless it goes haywire and crosses state borders, I guess). There are state laws of contract. Automobile accidents. That’s state law. Family court. It’s all state law. Scalia reminded the audience that the most important court should be our State Supreme Court.

Don’t exaggerate the value of my court in your life.

Soon, we transitioned to the audience Q&A portion of the luncheon. When asked about his “favorite dissent” Justice Scalia provided the light-hearted sentiment that “the most important element of a good dissent is a really stupid majority.” The example he gave was, ironically, a case that I had sitting on my desk–PGA Tour, Inc. v. Martin. His dissent is actually a good read – if you haven’t read it, read it here. And you, too, can feel the weight of “the solemn duty of the Supreme Court of the United States, laid upon it by Congress in pursuance of the Federal Government’s power ‘[t]o regulate Commerce with foreign Nations, and among the several States,’ U.S. Const., Art. I, §8, cl. 3, to decide What Is Golf.”

Justice Scalia pointed out that he is not a strict textualist. And he recommends that everyone read The Federalist Papers.

Scalia commented that international law has no relevance to the American constitution. Basically if you think your job is to think about what should the world be, then international law might have relevance, he commented.

Law schools. They are a frequent hot topic discussion point of what is great and what can be improved in this world—depending on who you ask. He said that he does not think that law schools should be reduced from three to two years. Scalia thinks that we need to cut out the courses like “Law on Marbles” (I would love to know what would be taught in that course) and make sure the curriculum is designed to train lawyers.

My favorite quote of the day? I don’t even feel the need to explain it.

More damage has been done by stupidity than [good by] benevolence over mankind.

Some closing remarks are that it is not the job for the judge to write the law. (Spoiler alert: Justice Scalia believes that’s Congress’s job). Justice Scalia commented that sometimes he has to produce “awful” results. “If given a stupid statute, then I am bound by oath to produce a stupid result.” He also reminded the crowd that questions during oral argument are opportunity and not an interruption. “For skillful counsel, a cold bench is terrible.”

And, for those who know me well–YES, I got my copy of Justice Scalia’s book autographed and added it to my Supreme Court Justice Collection. Send me a message if you hear of any other Justices coming to Phoenix…

Scalia book signing

*Full disclosure. I wrote my notes as fast as my hand can write, but I have poor handwriting and, actually, don’t often use primitive tools like pens and paper anymore. Combine that *obstacle* with the fact that I was also trying to eat my Ritz Carlton lunch while listening to the Justice–and herein lies my problem. There were a lot of amazing discussion points that I just couldn’t cover here.

Posted in Arizona, Other Things... | Tagged | 1 Comment