One of the biggest threats businesses now face are cyberattacks and ransomware. Daily, we see headlines about companies and government agencies being hit with ransomware attacks that cripple victims until they either pay the ransom or rebuild their systems. No sector is safe, and any reputable business has, by now, taken steps to protect itself from such attacks. This protection most often comes in the form of strengthened IT security measures and obtaining cyber insurance to offset any financial losses from cyberattacks.

However, many businesses have yet to consider another important step: updating their contracts to excuse their performance if they are victimized by a ransomware attack. Often, contracts contain what are called “force majeure” clauses that excuse a party’s performance under a contract if they are impacted by circumstances outside their reasonable control. For example, typical force majeure clauses excuse a party’s performance due to acts of God, strikes, war, pandemics, terrorist attacks, etc. As long as a party takes reasonable measures to protect itself and avoid the impacts of such events, it will likely be excused from performing under a contract for as long as the event impacts their operations. Typically, for an event to be considered a valid excuse under a force majeure clause in a contract, it must be specifically listed or identified and outside the party’s reasonable control.

It is likely that many business contracts do not list “cyberattacks” or “ransomware demands” in their list of force majeure events. Businesses should consider adding these events to their standard contract terms going forward. Doing so would not necessarily be a magic bullet, especially if the company did not take reasonable steps to avoid the attack in the first instance. But, given that most cyberattacks are launched by anonymous organizations or individuals unaffiliated with a specific terrorist group or nation state, it is unlikely that such events would be considered acts of war or terrorist attacks under a force majeure clause. Therefore, much like last year when businesses were advised to consider adding the term “pandemic” to their standard force majeure clauses, they should also consider adding cyberattacks or ransomware demands as events that might excuse their performance until the consequences of the attack are remediated. If you have questions and would like further information, please contact PLDO Partner Brian J. Lamoureux at 401-824-5100 or email bjl@pldolaw.com. Attorney Lamoureux is a member of the firm’s litigation, employment, and cybersecurity teams.

[back to top]


RISE OF REMOTE WORKFORCE MAY COMPLICATE STATE TAXES FOR EMPLOYERS

The pandemic has undoubtedly changed the landscape for employers and employees, one area is the proliferation of remote workers. Working remotely is not a new concept, but it is now commonplace due to stay-at-home orders kickstarting the remote work movement. While restrictions have eased and many have returned to the office, there is a trend of employers maintaining their remote work policies. This new wave of remote workers may trigger different tax issues for business if they have employees working in a different state than the location of their business. Determining possible tax and payroll issues is very state and fact specific. There is further a greater level of complexity when remote workers who reside in one state then temporarily reside in another and continue to work remotely.

As a general rule, state income tax withholding is required in the state where the employee’s services are performed. This can make things complicated when employees work remotely in a state other than where the employer is located. In many states, an employee may be subject to income tax for working in a state for only one day, further creating a withholding requirement for the employer. Other states do not subject an employee to income tax withholding until they have been working in the state anywhere from ten days to two months.

Currently, many states have temporarily issued guidance which direct employers to continue withholding income tax from employees based upon their normal work location even if they are working remotely in another state due to the pandemic. This guidance is only temporary and many employers who chose to continue to maintain a remote workforce will soon have to comply with other states’ income tax withholding requirements.

Additionally, a business may be subject to a state’s income tax and reporting requirements if a nexus is established in that state. There are three factors to determine if a business establishes a nexus in a state: property, payroll, and sales. An employee usually will not create a nexus for its employer when the employee lives in a different state, however, in many states an employee working remotely at home in another state will trigger a nexus. With a proliferation of remote employees working in other states, businesses can be subject to income and franchise tax and sales and use tax obligations. For assistance navigating the tax implications associated with a remote workforce, please contact PLDO Attorney Katherine D. Bishop at 401-824-5100 or email kbishop@pldolaw.com.

[back to top]


THE IMPORTANCE OF INDEMNIFICATION PROVISIONS IN A BUSINESS TRANSACTION

When you are representing the seller in a business transaction, an important - if not most important - consideration is the scope of the seller’s indemnification obligations to the buyer. As a practical matter, the buyer’s remedy for any loss or damage resulting from the transaction is triggered by the indemnification provisions. This is why it is critical for the seller to be extremely careful with respect to their scope. The terms such as “caps” and “baskets” become the mechanism for limiting the seller’s exposure regarding any such claim of loss or damage.

A “cap” is considered the upper limit of the seller’s indemnification obligation to the buyer in that it is the total amount of loss and/or damage a buyer may seek to recover from the seller. Sellers want the cap to be as low as possible while the buyer will attempt to negotiate a higher ceiling. As a general proposition, caps can apply to different types of losses; however, the goal for the seller is to limit the indemnification provisions to breaches of the certain representations and warranties relating to the purchased assets. Typically, the cap would not apply to losses arising from a breach of a seller covenant, tax liabilities or fraud. It also would not apply to fundamental representations and warranties in which they are considered to be critical to the basis of the transaction. The limit of a cap in a business transaction could range from 1% of the purchase price to the full purchase price depending upon the size of the transaction.

The “basket” is the threshold amount of losses and damages that a buyer has to incur before it is entitled to any indemnification from the seller. Once the buyer has incurred losses equal to the amount of the basket, the buyer would be entitled to recover the full amount of the losses from the first dollar of loss. The basket is similar to a deductible in an insurance policy as it relates to when recovery begins. However, in the case of a deductible, the recovery for the loss is the amount that exceeds the deductible.

The bargaining power of the buyer and seller as well as other risk sharing elements of the transaction will ultimately determine the limits of the caps and baskets. It is critical to carefully negotiate caps and baskets in a business transaction as they impact the amount a buyer may recover in the event a loss is incurred in connection with the transaction and they will also limit the potential post-closing exposure to the seller. For further information on caps and baskets in a business transaction, business planning strategies or other business matters, please contact PLDO Managing Principal Gary R. Pannone at 401-824-5100 or email gpannone@pldolaw.com.

[back to top]


THE MISSING RELIGIOUS EXEMPTION

On August 17, 2021, the Rhode Island Department of Health published a regulation entitled “Requirement for Immunization Against COVID-19 for all Workers in Licensed Health Care Facilities and Other Practicing Health Care Providers.” As of October 1, 2021, health care facilities are required to deny entrance to any health care workers who are not vaccinated, subject to a medical exemption.

Causing great concern to health care facilities is the fact that the regulation only includes a medical exemption, and not a religious one. By contrast, Massachusetts’ recent public health order requiring workers in long term care facilities to be vaccinated included both a medical and a religious exemption.

The problem facing Rhode Island’s health care facilities is that sincerely held religious beliefs are protected by Title VII of the Civil Rights Act of 1964. An employer that implements a policy that conflicts with an employee’s sincerely held religious beliefs must make a reasonable accommodation to those beliefs, if possible.

Here, it has been documented that N95 masks can efficiently block SARS-CoV-2 particles from coughing COVID-19 patients. (Kim et al. Effectiveness of surgical, KF94, and N95 respirator masks in blocking SARS-CoV-2: a controlled comparison in 7 patients. Infect Dis (Lond). Nov-Dec 2020;52(12):908-912. doi: 10.1080/23744235.2020.1810858. Epub 2020 Aug 26, avail. at: https://pubmed.ncbi.nlm.nih.gov/32845196/). By contrast, after examining a COVID-19 outbreak in Provincetown, Massachusetts, the Centers for Disease Control and Prevention (“CDC”) determined that 74% of the detected cases occurred in fully vaccinated persons (exceeding the 69% vaccination rate in Massachusetts and, per CDC, also likely under-representing the true percentage of cases in vaccinated people due to detection bias). (Brown et al. Outbreak of SARS-CoV-2 Infections, Including COVID-19 Vaccine Breakthrough Infections, Associated with Large Public Gatherings — Barnstable County, Massachusetts, July 2021. Centers for Disease Control and Prevention, Weekly / August 6, 2021 / 70(31);1059-1062, avail. at: https://www.cdc.gov/mmwr/volumes/70/wr/mm7031e2.htm). Further, CDC found that cycle threshold values were similar among specimens from patients who were fully vaccinated and those who were not. In fact, it was this outbreak that caused CDC to recommend that masks should be worn indoors in public gatherings by unvaccinated and vaccinated alike.

Plainly put, CDC has found that COVID vaccines do not seem to reduce an individual’s propensity to ingest and transmit the SARS-CoV-2 virus, nor do they cause an infected individual to have a lower cycle threshold level on the PCR test. To go a step farther, the fact that a vaccinated person who is infected with SARS-CoV-2 is more likely to be asymptomatic makes that person equally more likely to go to work and infect others. Conversely, non-vaccinated people are more likely to display symptoms, and are thus more likely to be quarantined or to self-quarantine. As such, there may be an argument that permitting the wearing of an N95 mask in lieu of vaccination may constitute a reasonable accommodation that a health care facility is obligated to offer an employee seeking a religious exemption.

Governor McKee, in his press conference on Tuesday, August 31st, stated that “We’ll worry about the people who somehow are caught in the crosshairs because of what they believe.” This office has been in communication with the Department of Health as to a potential religious exemption, and will update clients on any developments in this regard. Until then, those seeking further guidance on how to implement a religious exemption should one be approved are encouraged to call PLDO Partner Joel K. Goloskie at 617-771-1154 or email jgoloskie@pldolaw.com or PLDO Principal William E. O’Gara at 401-824-5117 or email wogara@pldolaw.com.

[back to top]


STAY INFORMED – PLDO COVID-19 RESOURCE LIBRARY

PLDO’s team of attorneys continue to add updates and advisories regarding the pandemic and its impact on families, businesses and organizations. To access our COVID-19 Resource Library, click here.

[back to top]