Lex Indicium

  • Return-to-Office Vaccine Requirements and HIPAA ComplianceFebruary 15, 2022

    Brooke Penrose

    Nearly two years since many professionals gathered in-person and on-site, the prospect of return-to-office en mass is picking up pace.

    The U.S. Bureau of Labor Statistics reports that the percentage of people telecommuting due to the pandemic dropped from 23.2% in January of 2021 to 13.4% in August of 2021. While this trend is met with mixed emotions by some, there is broad consensus that in-person gatherings, including return-to-office initiatives, are planned with the safety of all individuals in mind.

    Given the rapidly evolving landscape surrounding COVID, a popular safeguard employers consider is requiring employees to provide proof of vaccination status before physically returning to the office. Any request for employee health records rightfully raises concerns about privacy and the legality – to request.

    In most cases, businesses requesting an employee provide proof of vaccination will not violate the Health Insurance Portability and Accountability Act of 1996 (HIPAA), but requiring the employer-provided insurance policy to confirm status may-. In general, HIPAA only applies to a patient’s healthcare providers, healthcare clearinghouse, and insurance companies (called “covered entities”) and the businesses that process patient health information on behalf of covered entities (called “business associate”). If an employee directly provides their health … Keep reading

  • Trademark Board Confirms That Applications Must Assert Lawful Basis at Time of Filing ApplicationFebruary 02, 2022

    Brooke Penrose and Deb Peckham

    In a recent decision, the Trademark Trial and Appeal Board (TTAB or Board) considered whether an application based upon an “intent to use” a mark in commerce may be predicated on proposed use with currently unlawful goods that may become lawful in the future.

    In In re Joy Tea Inc., the applicant proposed to use its mark with, among other items, “tea-based beverages also containing CBD.” The Examiner refused to register the mark on the grounds that applicant’s claim of proposed use of a mark “in lawful commerce” was invalid due to not complying with the Food, Drug and Cosmetic Act at the time the application was filed.

    On appeal to the Board, the narrow question became: “[D]oes a trademark applicant’s belief that the cannabis goods specified in its trademark application will become federally lawful in the future provide a sufficient basis upon which to predicate its claimed ‘intent to use’ the mark in lawful U.S. commerce?”

    The TTAB’s answer was “no.”

    The TTAB upheld the Examiner’s refusal to register the applicant’s mark based on the longstanding prohibition against attempting to reserve a right in a mark, rather than having the ability to use the mark in commerce.… Keep reading

  • Navigating the New Standard Contractual ClausesOctober 14, 2021

    The European Commission published its implementing decision for the new Standard Contractual Clauses (“SCCs”) in June of 2021.  On September 27, 2021, the old SCCs that had been adopted prior to the General Data Protection Regulation (“GDPR”) going into effect were officially repealed and all new data transfers relying on the SCCs as its cross-border transfer safeguard mechanism under the GDPR will need to adopt the “new” SCCs.  (For more on SCCs generally, see our post here.)

    Unlike the old SCCs, the new SCCs require the parties to engage in some thought about the nature of their cross-border data transfer relationship and customize the SCCs to fit such.  Specifically, the new SCCs outline four categories of relationships that may be covered by the new SCCs under different “modules” within the SCCs:

    • Module 1: controller to controller
    • Module 2: controller to processor
    • Module 3: processor to processor
    • Module 4: processor to controller

    Once the parties understand the nature of their relationship, the new SCCs can be pulled together following the modular format put forth by the European Commission, with about half the new SCC provisions containing unmodifiable language applicable to all relationships and half of the new SCC provisions … Keep reading

  • My Friends Call Me Murphy … You Call Me RoboCallAugust 05, 2021

    Pesky telemarketing calls that plagued consumers in the 1990s were severely reined in through a combination of technology, such as caller ID, and legislation, such as the Telephone Consumer Protection Act of 1991 (“TCPA”). The TCPA regulates unsolicited marketing activities directed at residential telephones, including land lines and mobile phones by voice call or text. Among other things, the TCPA, as amended over the years:

    1. Established the national Do Not Call registry whereby consumers may register their numbers and organizations may be fined for directing unsolicited marketing activities to those registrants’ phones;
    2. Restricts the time periods during which unsolicited marketing calls and texts may be sent;
    3. Prohibits the use of pre-recorded phone contacts, such as robocalls and robotexts; and
    4. Prohibits the use of automated dialing technologies, such as autodialers.

    Importantly, there are several phone and text activities that are exempt from TCPA regulation. Unsolicited marketing contact by phone from charities, political groups, debt collectors, surveys, and companies the recipient has either recently done business with or has given written permission may be exempted from certain TCPA regulations. In addition, if the nature of the unsolicited contact is not to market goods and services to consumers, it would not run … Keep reading

  • Less Than Two Months Until New Chinese Data Security Law Goes Into EffectJuly 22, 2021

    Earlier this June, China passed the Data Security Law (“DSL”), which will go into effect on September 1, 2021. Unlike many international data security laws, the DSL is not restricted to personal information and instead regulates data broadly to include any record of information in electronic or other forms. However, consistent with many international privacy and data security laws passed post-GDPR, the DSL will have extraterritorial reach.

    Specifically, the DSL applies not only to processing personal data within China but also to any personal data processing activities that occur outside of China that threaten Chinese national security, public interest, or the lawful interests of its citizens or organizations. If this describes something your organization engages in, here are the top operational requirements covered by the DSL:

    1. Establish a data security management system across the organization. This should include providing data security training, implementing appropriate measures to safeguard data, and designating a data security officer if the organization processes important data.
    2. Actively monitor data security risks. When a risk is discovered, such as data security defects or leaks, the organization must take immediate remedial actions. When a data security incident occurs, the organization must immediately take responsive measures, notify users,
    Keep reading

Email Confirmation

Thank you for your interest in Burns & Levinson LLP. Please be aware that unsolicited e-mails and information sent to Burns & Levinson though our web site will not be considered confidential, may not receive a response, and do not create an attorney-client relationship with Burns & Levinson. If you are not already a client of Burns & Levinson, do not include anything confidential or secret in this e-mail. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not authorized to do so.

By clicking "OK" you acknowledge that, unless you are a current client, Burns & Levinson does not have any obligation to maintain the confidentiality of any information you send us.