The National Labor Relations Board ("NLRB") recently enacted new election rules that substantially change (and speed up) the existing union election process.  The new rules, which went into effect on April 14, 2015, allow for a "quickie" election that can be done in as little as three (3) weeks. 

Among the changes imposed by the new rule are:

1. All pre-election hearings must be set to begin eight (8) days after a hearing notice issues.                                                                                                                       
2. Employers must file a "Statement of Position" by noon on the day before the hearing begins. The Statement of Position must include a list of prospective voters and their names, job classifications, shifts, and work locations. Failure to include arguments or defenses in the filing may result in waiving that position going forward.                                                                                                    
3. Pre-election hearings will be drastically limited in scope, with regional directors and hearing officers having authority to exclude evidence or prevent pre-election litigation over voter eligibility and inclusion issues and to make such determinations based on statements of position and offers of proof.           
4. Post-hearing briefs are limited to when the regional director determines that they are necessary.                                                                                                            
5. The right to obtain NLRB review of post-election regional director decisions is eliminated and replaced with a discretionary review process.                                 
6. An employer must make available for campaign purposes, within two (2) business days of the election agreement or decision directing an election, employee personal telephone numbers and email addresses.                                 
7. Electronic filing of election petitions and the related showing of interest to support the petitions is now permitted.

     The new rule provides unions with significant advantages over the employer once a petition is filed.  As a result, managers and supervisors must report the early warning signs of union activity to allow ownership to properly address any workplace issues that may give rise to union organization and to ensure that all NLRB rules are followed if and when a petition is filed. 

     If you suspect that union activity is taking place at the dealership and need guidance or if you have any questions related to unions and/or union activity, call Stevan LaBonte at 516-280-8580.  

By: Mark Eichorn | May 20, 2015

It's a question we're asked a lot. "What happens if I'm the target of an FTC investigation involving data security?" We understand - no one wants to get that call.  But we hope we can shed some light on what a company can expect.

First things first. All of our investigations are nonpublic. That means we can't disclose whether anyone is the subject of an investigation. The sources of a data security investigation can be news reports, complaints from consumers or other companies, requests from Congress or other government agencies, or our own initiative.

FTC staff typically begins with an informal investigation, usually by reviewing publicly available information or even reaching out to the company directly. Sometimes no further action is necessary.

In other instances, what we initially learn may lead us to conduct a full investigation, often by sending a formal request to the company for documents, information, or testimony. We may ask to review materials like audits or risk assessments that the company or its service providers have performed; its information security plan; privacy policies and any other promises the company has made to consumers about its security; and employee handbooks and training materials. In addition, we may want to speak with people at the company knowledgeable about its data security practices. We may gather information from others, too, like experts, consumers, and other companies, perhaps including vendors or banks.

The next step is to review this information and consider both the facts and potential legal theories. We look at what a company says about its data security practices - as well as what it actually does - to determine whether its practices are reasonable in light of the sensitivity and volume of consumer information the company holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities.

If a company is subject to certain statutes, like the Gramm-Leach-Bliley Act or the Fair Credit Reporting Act, we may consider additional company policies to evaluate compliance with those requirements.

If we open an investigation following a breach, we'll probably ask for information to help us understand the circumstances surrounding the breach: what happened, what protections were in place at the time, and how the company responded. In addition, we'll often ask companies to provide information about the consumer harm - or likely harm - that flowed from a breach or about consumer complaints relating to security issues. When we do that, keep in mind that as a consumer protection agency we're focused on the security of consumer information entrusted to the company - not its IP portfolio, trade secrets, or the loss of other company information that doesn't concern consumers.

We'll also consider the steps the company took to help affected consumers, and whether it cooperated with criminal and other law enforcement agencies in their efforts to apprehend the people responsible for the intrusion. In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach. Therefore, in the course of conducting an investigation, it's likely we'd view that company more favorably than a company that hasn't cooperated.

Once we've reviewed the facts, if there is reason to believe the law has been violated, FTC staff will make a recommendation to the Commission to proceed with an administrative action or seek relief in federal court. We may attempt to negotiate a settlement with the company, or we may recommend that the Commission issue a civil complaint, either administratively or in federal court.

That summarizes the steps we typically take, but keep another key consideration in mind. Just because a company is the subject of an investigation does not mean that it broke the law. In fact, we close more cases than we bring, based on our assessment that despite breaches or data security problems, a company's data security practices were - on balance - reasonable.

That's what companies can expect if the FTC comes to call.

******************************************************************************
     If you have not reviewed your Privacy and Safeguard Rule policies and procedures recently you may find that they are either out of date or out of compliance.  In addition, if you have not trained your employees on how to comply with the Privacy and Safeguard Rules then you are equally out of compliance.  In this highly active governmental enforcement environment it is highly recommended that you take the time to verify compliance with these and other federal regulations.  

     For more information on how to comply with the federal regulatory rules that apply to a dealership or to schedule in-house training of your personnel on these rules please call the LaBonte Law Group at 516-280-8580.