Major Ambiguities Remain, but Health Care Vendors Should Focus on California Consumer Privacy Act Preparedness
Are you a health care vendor that does business in California? If so—and keep in mind that the concept of “doing business” in California may be broader than you expect—there are new, expansive data privacy requirements that might start keeping you awake at night. California created waves in the information privacy space with its enactment of the California Consumer Privacy Act of 2018 (the “Act”) last summer. The Act, which will be operative beginning January 1, 2020, was hurriedly enacted to prevent a proposed ballot initiative from going to voters in November 2018. That process created a number of significant ambiguities, which remain present in the Act. There are significant questions regarding what types of businesses will be subject to the broad-reaching obligations of the statute and forthcoming regulations. Businesses that have, thus far, managed to avoid the application of the similar EU General Data Protection Regulation (the “GDPR”) may nonetheless fall within the scope of the Act and confront new and expanded compliance obligations similar to those imposed by the GDPR. Based on the current wording of the statute, a “business” subject to the Act’s requirements includes a for-profit entity that (i) collects the personal information of California residents, (ii) determines the purposes and means of processing that information, (iii) does business in California and, among other potential triggers, (iv) has annual gross revenues in excess of an inflation-adjusted amount of $25 million. It remains to be seen whether the forthcoming regulations will define the scope of revenue (which, at present, does not appear to be limited to a business’s California revenue), the meaning of information “processing,” and other related concepts. With respect to applicability, the statute also contains a carve-out for commercial conduct that takes place “wholly outside of California. The present definition of this concept contains somewhat contradictory language, and it is not yet clear what any amended or clarified language will look like. Businesses potentially subject to the Act should also be wary of the way that the Act ambiguously defines “personal information.” The Act does not apply to medical information governed by HIPAA, which will provide some relief to many health care vendors. However, the Act does apply to other categories of personal information, including IP addresses and other information concerning consumers’ (including patients’) interaction with a business’s website. Even more significantly, the Act appears to apply to (i) employee personal information contained in employment records and (ii) the personal information of client officers and employees that a business gathers in providing services to, and interacting with, its clients (i.e., not traditional “consumer” interactions). Absent some clarification to the contrary in any further statutory amendments or in the forthcoming regulations, health care vendors should prepare to comply with the Act in connection with these particular categories of information. Due to the current broad scope of the Act, the potential applicability to information collected or disclosed in 2019, and the fact that the Act has significant “teeth” from an enforcement standpoint, health care vendors should not wait for these concepts to be fully refined. Rather, they should prepare now to comply with the Act’s core requirements by taking the following actions, among others: Determine what personal information the business collects, how it collects it, where it stores it, and how it manages, uses, and discloses the information, as well as any service providers that collect or receive information on its behalf (including determining whether any disclosures of information could be deemed the “sale” of information under the Act) Provide appropriate mechanisms through which consumers can make permitted requests of the business Prepare to...
Read MoreThe Importance of Getting Your License Before You Start Your Own Construction Business
Are you thinking about starting your own construction business? If so, whether in the commercial or residential setting, it is imperative to find out if you are required to have a license. Keep in mind each state has its own requirements. If you’re in Tennessee, it’s highly likely you’ll need one. Under Tennessee’s Contractors Licensing Act, it is unlawful for any person or business to represent itself as a licensed contractor, or to act in the capacity of a “contractor” while not licensed. Now, you may be thinking “I am not a contractor. I am a designer, or a supplier, or a subcontractor, etc — so the contractors’ license requirement does not apply to me and my new business, right?” Well, not necessarily. The term “Contractor” is incredibly broad under the Licensing Act. “Contracting” includes, among other things, bidding, offering to engage, supervising, overseeing, scheduling, directing or in any manner assuming charge of construction, alteration, improvement, or negotiating a price for projects of $25,000 or more (including all labor, materials, and equipment). Electrical, mechanical, plumbing, HVAC, and roof contractors must also be licensed when working directly with any contractor to perform projects when the total cost of that portion on the project is over $25,000. Tennessee also regulates licenses for certain types of “home improvement” in most of the larger counties. For example, a home improvement contractor’s license is required for residential projects that range from $3,000 to $24,999 (i.e. projects designed for a residence or dwelling unit with no more than 4 units). Again, the term “home improvement” includes a vast array of construction-related work, all of which requires a license – such as repairs, replacement, remodeling, alterations, and more. Obtaining the appropriate contractor’s license before you start working is extremely important from a risk management standpoint. In fact, contracting in Tennessee without the appropriate license can expose your new business and possibly you, personally to significant liability. For example, to represent yourself as a licensed contractor without the required license, or to act in the capacity of a contractor without the required license, constitutes an unfair and deceptive act under Tennessee’s consumer protection law. This is significant, particularly to a business in its infancy, as you could end up on the hook for a dissatisfied client’s attorneys’ fees and triple their actual damages. While there are a variety of other matters that must be tackled before getting a new construction business off the ground, licensing is certainly an important box to check off the list. The guidance of an experienced construction attorney can help alleviate any worries you may have in navigating the laws that may apply to you. In addition, finding a well-versed construction attorney can assist a new business in a multitude of areas spanning from drafting of construction contracts, handling of construction defect claims, payment and lien disputes, and other related matters. If you have questions specifically related to construction or general startup matters, please contact me or a member of Chambliss Startup group. *This blog post is brought to you by Logan...
Read More