Monthly Archives: January 2020

Have You Been Contacted by the BSA? Don’t Wait to Contact an Attorney.

In past articles, we have discussed what to do if you have been contacted by the Business Software Alliance (“BSA”) regarding potentially unlicensed software. See Driving Your Computer without a License: Beware the Wrath of the BSA and Software Audit Demand from the BSA.

This article, however, will focus on the importance of getting an attorney involved early in the process. Recently, a potential client contacted the firm who was in the middle of negotiations with the BSA over alleged unlicensed software. By the time we were contacted, the company had already conducted an audit, without any limitations, and provided the results to the BSA. The company had subsequently received a settlement offer from the BSA and was looking for legal advice regarding the offer.

While it is smart to seek out legal representation, by this point almost all the leverage the company had to negotiate was gone. The company had given the BSA everything they had asked for and provided the BSA with evidence, evidence the company itself created, of the infringing software.

Had the company sought legal representation as soon as it received the first demand from the BSA, it would have had significantly more leverage to negotiate and would have likely not sent the BSA evidence that incriminated itself.

The BSA conducts fishing expeditions. The BSA takes some evidence of infringing software (e.g., a former employee reports a company to the BSA for having unlicensed copies of Microsoft Office) and attempts to use that information to “fish” for other potentially unlicensed software belonging to any of their member companies, which include Adobe, ANSYS, Apple, Autodesk, Bentley Systems, CA Technologies, CNC/Mastercam, DataStax, Dell, IBM, Intuit, Microsoft, Minitab, Oracle, salesforce.com, SAS, Siemens PLM, Splunk, Symantec, The MathWorks, Trend Micro, Trimble and Workday.

Essentially, the BSA will request that an audit of all software belonging to any of its member companies be conducted and a report furnished to it, despite only having information to support infringement of one product belonging to only one member company. If a company blindly follows this request, it could be turning over evidence to the BSA that the BSA will turn around and use against it for significant monetary damages (up to $150,000 per infringing work).

Involving an attorney early in the process will help ensure that any audit is limited only to the software for which the BSA has credible evidence of infringement and that any incriminating evidence is not disclosed to the BSA.

By doing this, the company can limit its exposure and keep significant leverage in negotiating any settlement. Once the cat is out of the bag, however, it is too late and the BSA will hold all the cards.

If you have received a demand letter from the BSA, you should contact an attorney at Smith & Associates to discuss your rights.

HIPAA Violations – What are Your Remedies?

Health care providers have a duty under both federal and Florida law to protect your medical information. But what happens when they don’t?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides a way for people who have had their private medical records unlawfully disclosed by a covered health care provider. Complaints can be filed here: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf. Once a complaint is received, the Office of Civil Rights will review the HIPAA claim and attempt to resolve it with the provider. If the HIPAA claim is proven, the provider may even be assessed a civil money penalty.

Unfortunately, any penalties collected stay with the government – the person who was damaged by the breach does not recover anything at all. What can you do if you have been monetarily damaged by this breach?

Florida Courts have held that a patient has a right to privacy in their medical records. If a health care provider fails to adequately take steps to protect them, they have breached a duty owed to the patient and the patient can recover damages See e.g. Florida Dept. of Corr. V. Abril, 969 So. 2d 201, 206 (Fla. 2007) (“[T]his Court has consistently and rigorously enforced the rights of patients to confidentiality in their medical records. In view of these multiple sources of a duty of confidentiality and privacy,” a health care facility has a duty to maintain their confidentiality.).

Thus, if you have suffered damages due to a breach of your private medical records, you may be entitled to damages.

If you have had your private, confidential medical records disclosed by a health care provider, you should contact an attorney at Smith & Associates to discuss your rights and remedies.

Do You Manufacture or Sell CBD Products? New Rules Could Affect You.

CBD is one of the fastest growing markets in the United States and is expected to be a $20 billion dollar industry within the next few years. Despite the size and growth of this industry, until recently the manufacturing of hemp and the sale of CBD (a hemp extract) were largely unregulated in Florida.

In 2019, however, Florida’s Governor signed into law Senate Bill 1020. This law, codified at Section 581.217, Florida Statutes, sets forth the general guidelines for Hemp Cultivation and the Distribution and Sale of Hemp Extracts (“CBD”). Importantly, these guidelines empower Florida’s Department of Agriculture to implement rules in these areas. These new rules, located at 5K-4.034, Florida Administrative Code, took effect January 1, 2020.

The biggest change is that anyone who cultivates hemp or manufactures or sells CBD for human or animal consumption must be licensed. Guidance from the Department of Agriculture state that this licensing requirement applies to everyone in the distribution and retail chain – including manufactures, middlemen, and the individual stores that sell CBD products.

Further, the statute requires that CBD may only be sold in Florida if it has a certificate of analysis prepared by an independent testing laboratory proving:

  1. The hemp extract is the product of a batch tested by the independent testing laboratory;
  2. The batch contained a total delta-9-tetrahydrocannabinol concentration that did not exceed 0.3 percent on a dry-weight basis pursuant to the testing of a random sample of the batch; and
  3. The batch does not contain contaminants unsafe for human consumption.

Fla. Stat. § 581.217(7)(a).

The statute also mandates labeling requirements that include:

  1. A scannable barcode or quick response code linked to the certificate of analysis of the hemp extract by an independent testing laboratory;
  2. The batch number;
  3. The Internet address of a website where batch information may be obtained;
  4. The expiration date;
  5. The number of milligrams of hemp extract; and
  6. A statement that the product contains a total delta-9-tetrahydrocannabinol concentration that does not exceed 0.3 percent on a dry-weight basis.

Fla. Stat. § 581.217(7)(a).

The Florida Department of Agriculture has already started sending out enforcement teams to inspect cultivation and retail establishments for compliance with these new laws and regulations.

While the rules related to penalties (Rule 5K-4.035, Florida Administrative Code) have not yet been adopted, it appears that, once they are, penalties for violations can range from orders prohibiting the sale of CBD to fines up to $10,000.00 (or both).

If you have been cited by the Department of Agriculture or if you are concerned as to how these new statues and rules may affect your Hemp or CBD business, you should contact an attorney at Smith & Associates to help evaluate your rights.