THIS ISSUE'S HEADLINES YouÕve Been Hacked: Should You (or Your Insurer) Pay The Ransom? Proceed with Caution Before ÒServing UpÓ Hemp-Based CBD Products How Employers Should Navigate Vaccination Issues in the Workplace Webinar Ð Register Today Avoiding An Unwelcome Surprise in Your Business & Estate Planning Understanding The Importance Of A ÒLOIÓ In Business Transactions The Cap Table and the Start-Up Venture Stay Informed — PLDO COVID-19 Resource Library YOUÕVE BEEN HACKED: SHOULD YOU (OR YOUR INSURER) PAY THE RANSOM? ItÕs 4:00pm on a Friday. You get a text message from a colleague saying they canÕt log into their email. Then others start texting you with a similar message. Your IT person reports that thereÕs unusual activity on your computer network and theyÕre having trouble remoting into the system. An hour or so later, you get the weekend-ruining-news: your systems have been hacked and the hackers are demanding ransom in Bitcoin to get your files back. What you do next largely depends on the nature of your business, whether you have recent backups of your critical files, and whether you have cybersecurity insurance (which almost all businesses should). The specifics of a proper ransomware response are outside of the scope of this article and will vary widely depending on the circumstances of each attack. Here, we focus on the single critical question: should you (or your insurer) pay the hackers the ransom they are demanding? Unsurprisingly, the answer is, ÒIt depends.Ó Most likely, your business is not in the financial position to pay the six or seven-figure sums demanded by the hackers, so you rely upon your insurer for advice and guidance. Naturally, you probably would be very much inclined to tell your insurer to Òdo whatever it takesÓ to get access to your systems back. But, itÕs not that simple, especially in light of recent guidance from the United States Department of the Treasury. That guidance warns businesses who have been victimized by ransomware attacks to carefully consider whether they or their insurers should pay ransom to hackers. Putting aside the obvious ethical issues associated with continuing to fund bad actors who do bad things, the government wants businesses and insurers to know that directly or indirectly facilitating payments to hackers may violate federal law and regulations if it turns out that the ransomware payments were made to groups or individuals on the governmentÕs ÒSpecially Designated Nationals and Blocked Persons List.Ó In other words, if the government subsequently learns that you or your insurer made a payment to a person or entity on this list, you may face legal consequences even if you did not know that the recipient of the payment was on the governmentÕs list. (Helpfully, however, the government notes that if you promptly consulted with law enforcement before making any ransomware payment, the government will consider that consultation with law enforcement a mitigating factor in your favor.) Does this mean that your insurer should never pay ransom? No, because again, the complexities associated with that question vary widely on the facts and circumstances of each ransomware attack. If a business believes it may have experienced or is experiencing a ransomware attack, it should promptly contact their insurer, a qualified cybersecurity expert, competent legal counsel, and perhaps law enforcement to determine the best path forward. In any cybersecurity incident, a business is often faced with lots of really bad options. They key is to pick the approach that allows the business to continue to operate while minimizing any potential legal fallout as much as possible. This may or may not include paying the ransom demanded. If you have questions and would like further information or a review of your organizationÕs cybersecurity policy, please contact PLDO Partner Brian J. Lamoureux at 401-824-5155 or email bjl@pldolaw.com. Attorney Lamoureux is a member of the firmÕs litigation, employment, and cybersecurity teams. [back to top] PROCEED WITH CAUTION BEFORE ÒSERVING UPÓ HEMP-BASED CBD PRODUCTS Hemp-based CBD is popping up in mixed drinks, post-workout smoothies, candy, and various other food and drink products. However, conflicts between federal and state law makes the hemp-based CBD market challenging to navigate. For example, while federal regulations do not sanction food or beverages that contain CBD in interstate commerce, the largest hurdle is federal treatment of CBD as a food additive which has not yet been approved by the Food and Drug Administration for such purpose. On the other hand, Rhode IslandÕs Industrial Hemp Growth Act not only defines Òhemp-derived consumable CBD products,Ó but provides packaging and labeling requirements. Nevertheless, there are numerous products on the market that are conspicuously labeled as containing hemp-derived CBD. A 2018 FDA Statement makes it clear that the FDA will take enforcement action against companies that claim their products have therapeutic or health benefits. It appears that any warning letters that the FDA has issued, regarding CBD in food or drink, have been for products that make health or therapeutic claims, such as Òcompanies illegally selling CBD products that claimed to prevent, diagnose, treat, or cure serious diseases, such as cancer.Ó By contrast, Rhode Island law now permits hemp-based CBD in ingestible products. In July 2019, Rhode IslandÕs Industrial Hemp Growth Act was revised to permit commercial production and retail sale of hemp-derived consumable CBD products, so long as those products clearly outline that they contain 0.3% THC or less. These hemp-derived consumable CBD products may only be sold to persons age twenty-one (21) or older. Further, a specific warning must be prominently displayed on the packaging of hemp products stating that the product has not been approved by the FDA. The amount of THC and CBD in the product must also be displayed on the label. In order to produce hemp for processing into commodities, products, or agricultural hemp seed or cultivate hemp for commercial purposes, an individual or entity must hold a handler license, a grower license, or both. These licenses are issued by the Department of Business Regulation, and in accordance with The Hemp Growth Act. There are numerous other requirements and precautions that individuals and entities in Rhode Island should be sure to follow in this rapidly growing and evolving area. With nuances and conflicting federal and state law abound, those interested in pursuing hemp-based CBD business opportunities in Rhode Island would be best served by reaching out to experienced legal counsel in cannabis law and regulations. For assistance and further information, please contact PLDO Partner Benjamin L. Rackliffe, a leading authority in the areas of corporate and regulatory compliance within the cannabis industries, at 401-824-5100 or email brackliffe@pldolaw.com, or PLDO Associate Randelle L. Boots at 401-824-5100 or email rboots@pldolaw.com. [back to top] [back to top] AVOIDING AN UNWELCOME SURPRISE IN YOUR BUSINESS & ESTATE PLANNING In 2015, the Rhode Island Division of Taxation issued Declaratory Ruling 2015-01. The question at issue was whether a non-Rhode Island resident decedentÕs interest in a multi-member LLC that owned real property was sufficient to subject the decedentÕs estate to the Rhode Island Estate Tax. Generally, property has a tax situs in Rhode Island if it is either real estate or tangible property with an actual situs in Rhode Island, or the property consists of intangible personal property and the decedent was a resident. Rhode Island General Law s. 7-16-34 states that a membership interest in a limited liability company is personal property, but since the memberÕs interest is in the LLCÕs property at large, an interest in a multi-member LLC is intangible personal property. As such, the Division of Taxation held in Ruling 2015-01 that the non-resident decedent's less than 100% interest in the LLC is not subject to the Rhode Island estate tax and, consequently, would not require an estate tax lien discharge. The importance and impact of a letter of intent or ÒLOIÓ in a prospective transaction should not be minimized as it establishes the basic understanding of the parties, and lays out certain terms of the deal that will ultimately be included in the final documents. Despite the overall non-binding nature of a LOI, there will be certain aspects that are legally binding, which requires careful drafting of what will become the structure of the transaction. The terms of this initial document will have significant implications relating to the terms of the transactional documents. Most importantly, and to avoid legal issues, delaying or torpedoing the deal, parties of the transaction are wise to seek legal counsel in the preparation of the LOI to maintain their leverage by weighing all the issues that will flow from the LOI to the operative documents. When the LOI is carefully drafted, it will eliminate confusion and avoid unnecessary disputes during the drafting stages of the transactional documents.
For start-ups seeking investors, having an up-to-date Capitalization Table or Òcap tableÓ is a key document for securing the funding. For investors, understanding how it applies to investment decisions is just as important. PLDOÕs team of attorneys continue to add updates and advisories regarding the pandemic and its impact on families, businesses and organizations. To access our COVID-19 Resource Library, click here.
|
||||||
Pannone Lopes Devereaux & O’Gara LLC |