What You Need to Know About the Equifax Data Breach

What happened? From May to July 2017, hackers breached data security at Equifax, one of the three major credit bureaus. The hackers got names, Social Security numbers, birth dates, addresses, and driver’s license numbers. They also credit card numbers of 209,000 consumers and dispute documents with personal identifying information of 182,000 consumers. Equifax estimates this data breach affects 143,000,000 American consumers – over 40% of American adults. Texas Attorney General, Ken Paxton, estimates 12 million Texans are affected. Equifax learned about the breach on July 29 and failed to disclose the breach publicly until September 7.

Was my information stolen? Equifax has set up a website for consumers to find out if they are affected. Visit: https://www.equifaxsecurity2017.com/potential-impact/ and click the maroon box. You’ll be taken to a form where you type in your last name and the last 6 digits of your Social Security number. You’ll also have to answer a question to prove you are a human and not a robot. The site will tell you simply whether or not Equifax believes your information was impacted and will allow you to sign up for a year of free credit monitoring.

What is being done to help victims? Not a lot. Equifax is offering victims one year of free credit monitoring through its TrustedID service. The service includes one year of identity theft insurance. So far, 30 class action lawsuits have been filed against Equifax as a result of the breach; a couple are in Texas. The Senate Finance Committee is asking questions of Equifax, and that could lead to a Congressional investigation. The Federal Trade Commission has put up an information website: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.

What should I do? Here’s a checklist:

  • It is safest to assume you are affected.
  • Place a 90 day fraud alert on your credit report by calling 1-888-766-0008.
  • Consider placing a credit freeze. A credit freeze is more effective than a fraud alert, but unless you have made a police report, you must pay a nominal fee to each credit bureau to freeze your credit, and to use your credit you must unfreeze your reports. To place a credit freeze, you must contact each credit bureau separately at the links or phone numbers listed below:
  • Visit annualcreditreport.com and get a free credit report from Transunion or Experian. Look through the report carefully. If there is any information on it that does not belong to you, dispute it immediately. Check again with the other company in November.
  • Carefully check all of your bank statements and credit card statements from May forward. If you find transactions that you did not authorize, report them. Note that the financial institution is not required to investigate the items you report from May, June, or July.
  • Make plans to review all of your statements each month and immediately dispute any transactions that you did not authorize.
  • Be alert to scammers trying to profit off your misery. If you did not initiate a phone call, email, or text message, treat it like a scam!
  • Plan to file your federal income tax return as early as possible – before identity thieves do it.
  • Visit our identity theft information page: ppiercelaw.com/identity-theft.

Overtime Update

 

It seems a lifetime ago that the Department of Labor (DOL) announced changes to employee overtime rules that would raise the salary threshold for exempt employees.* The rule was to take effect on December 1, 2016. Many employees who had been exempt from overtime would be eligible for overtime pay under the new rule which raised the exemption threshold to $913 a week: $47,476 per year rather than the current $23,660. Employers scrambled to revise job descriptions and policies regarding overtime work to comply with the rule.

Twenty-one states file suit to challenge the new rule. On November 22, 2016, the U.S. District Court in Sherman, Texas granted the states’ motion to prevent the rule from taking effect. The DOL appealed the decision to the Fifth Circuit. Briefing was completed last month, and it appears that the DOL has abandoned the new salary level. Instead, the DOL is seeking information. On July 26, the Federal Register published a request for information posing 11 sets of specific questions for public comment. Questions include whether there should be multiple salary levels for exempt employees based on factors such as inflation, employer size, and census region; how setting different exemption levels for executive vs. administrative employees would affect businesses; and whether the exemption test ought to be based solely on the employee’s duties rather than salary. Comments are due by September 25, 2017. The questions and instructions for submitting comments are here. Anyone can submit a comment, and so far over 65,000 comments have been submitted.

What should employers do? Nothing for now. Now, we wait for the Fifth Circuit to issue an opinion.

See our previous blogs about the overtime rule: 11/29/16 – A Lump of Coal for Admin Employees? Texas Court Blocks Implementation of DOL’s Overtime Rule Change; 11/16/16 $47,476 the Magic Number – Are You Ready?; 10/10/16 – Time’s a Wastin’ – Get Ready for the new Overtime Rule; 5/27/16 – Holiday Gift for Salaried Workers: OVERTIME.

“Be Nice” Policies Employee handbooks revisited

Many employers want to include provisions in their handbooks requiring that employees be polite to each other and act with honesty and integrity. The National Labor Relations Board took the position that such provisions violated the National Labor Relations Act by discouraging employees from union organizing.

Yesterday, the 5th Circuit Court of Appeals clarified that these kinds of handbook provisions do not violate the law as long as a reasonable employee would interpret the policy as a common sense instruction to use professional manners, maintain a positive work environment, and be courteous.

Employers need not shy away from asking for civility in the workplace with a carefully crafted handbook.

The Court decision is Cause No. 16-60284, T-Mobile USA, Inc. v. NLRB, In the United States Court of Appeals for the Fifth Circuit, July 25, 2017.

Year-End Tune Up For Your Small Business


Ah, December . . .  It’s chock full of holiday parties, events, out-of-town visitors, and shopping.

It’s also when small business owners must get things in order for tax season.

It’s also a great time to take stock of the year that is ending and plan ahead for a successful new year.

Here’s a handy checklist to help you perform a year-end business tune up. No list is exhaustive, yet this list is still pretty long. Adjust it to fit your business needs.

Staffing:

Complete performance reviews for all employees and independent contractors.

Review your staffing needs and plan to add, subtract, or reorganize accordingly.

Review job descriptions for independent contractors to ensure they are truly contractors and not mischaracterized employees.

Review personnel files and update I-9s and W-4s as necessary.

Review employee benefits.

Policies & Procedures:

Review your employment policies and procedures to ensure they are up to date and comply with recent changes in the law.

Review your administrative and business policies and procedures to see whether they accurately reflect your current practices.

Sales & Marketing:

Compare your actual sales to your yearly goal.

Identify successes and areas for improvement in the areas of lead generation and conversion of leads to customers.

Adjust marketing plan to match your goals.

Quality:

Check customer satisfaction.

Review customer service policies and procedures.

Identify ways to improve the customer experience.

Financials:

Reconcile accounts.

Collect W-9s from contractors and vendors that need 1099s.

Review yearly journal or transaction entries for accuracy. Especially make sure that income and expenses are properly categorized.

Verify year-end accounts payable and accounts receivable.

Reconcile payroll including comparing taxes paid to payroll returns.

Prepare documents and files for your CPA or tax professional.

Run year-end reports such as a profit and loss statement, budget report, and balance sheet. Compare to last year’s reports.

Prepare next year’s budget.

IT:

Review IT policies and procedures.

If you collect personal information from customers, review your PCI compliance.

Train employees as necessary.

Install security patches, software, and operating system updates.

Consider getting a cybersecurity audit.

Goal Setting:

Review last year’s goals.

Review your long-term goals.

Set next year’s goals.

Adjust your business plan accordingly.

 

Finally, have a successful new year! 

 

We’ve Been Breached – Now What? Cybersecurity for businesses is more important now than ever before

 

The Federal Trade Commission has released a free, comprehensive data breach guide for businesses.*

*Download here: https://www.ftc.gov/system/files/documents/plain-language/pdf-0154_data-breach-response-guide-for-business.pdf

The Commission has broken down breach response to a 3 step process: secure your operations, fix vulnerabilities, and notify the appropriate parties.

Each step includes sub-tasks such as consulting experts to identify vulnerabilities in your business systems.

It’s a good idea to add an analysis of your business data protection policies to your regular year-end review process.

Begin with a review of policies and procedures for employees who handle sensitive customer information and make sure employees are well-trained to follow your procedures for data protection.

Next, review your polices for safe internet and email use, and make sure all of your employees are trained to follow basic internet and email safety practices.

For more guidance, check out https://staysafeonline.org/business-safe-online/train-your-employees.

Take time to look at your network safety.

What information is collected on your website? How it is protected?

For more information see: https://www.ftc.gov/tips-advice/business-center/guidance/protecting-personal-information-guide-business.

Be sure to look at state laws. 

Chapter 521 of the Texas Business and Commerce Code requires businesses to protect personal information collected from consumers. If your customer data is breached, in most cases you must notify customers whose data may have been compromised.

Failing to have procedures in place to protect consumer information carries steep penalties.

The Texas Attorney General’s Office provides guidance for businesses here: https://texasattorneygeneral.gov/cpd/protecting-consumers-personal-data.

 

Here’s to a safe and prosperous 2017!

Holiday Safety: A Short Checklist

fullsizerender-2

The holiday season, really from Halloween through the twelfth day of Christmas, is this Austin Business Attorney’s favorite time of year. I love just about everything about the holidays. But, with the good comes the thieves.

Old fashioned thieves and high tech thieves come out of the woodwork during the holidays. From stealing packages off the porch to stealing your identity online, thieves are hard at work during the holiday season.

Here’s a short checklist to help you stay safe.

Personal Safety While Shopping:

  • Be alert to your surroundings.
  • Always lock your vehicle, and don’t leave anything valuable in sight.
  • Take your electronics with you!
  • Don’t leave cell phone, tablet, or laptop in a car.
  • Make sure your devices are locked so you have to use a password to use them.
  • Encrypt your hard drives!
  • Use find my phone or a similar location app.
  • Use an app that will remotely wipe your device if it is stolen.
  • Password protect important documents.
  • Even if the car is locked, Thieves now have devices that ping an electronic device if it’s on so they can easily locate which vehicles to smash and grab. True story: I was at lunch with a friend. As we walked to our cars, we saw two police cars blocking a pickup truck in the parking lot. There were legs sticking out of the driver’s side window. The police had caught a thief red-handed. He and a buddy were driving through parking lots locating vehicles that had laptops in them. They were smashing windows, grabbing laptops, and driving on to the next victim’s vehicle.
  • Carry bags across your body not just over your shoulder and clutch your clutch tightly.
  • Be alert to someone who is standing too close to you in line, they may have a card reader in their pocket – or they may be an old fashioned pickpocket.
  • Give yourself enough time. People make safety mistakes when they are in a hurry.

Safety at Home:

  • Package thieves are following mail and UPS trucks around Travis and Williamson County and are stealing mail and packages before the homeowner knows it’s arrived.
  • Have packages delivered to your work address
  • Ask a neighbor to collect your mail/packages while you are at work
  • Require a signature for package delivery.
  • If your mailbox locks, bravo! If not, make sure you know when the mail usually arrives and try to get it as soon as possible so thieves cannot rummage through your mailbox looking for gift cards and checks.
  • There is a ring of thieves in the Austin area that target neighborhoods and rummage through vehicles in driveways at night. Take everything out of your car at night, and lock it.
  • Lock your door during the holidays both when you’re not at home and at night.

Safety Online:

  • Look for HTTPS or the lock icon or symbol next to the web address before buying online. Thieves could be phishing for your credit card info! The lock icon ensures it’s protected. 
  • Use strong passwords that are a combination of numbers, letters, and symbols and that are at least 8 characters long.
  • Tip: pick a word or phrase that is at least 8 characters long and means something to you, e.g., if you love Christmas, you could choose it.
  • Change at least one letter to a capital (best not the first letter, use one in the middle), change at least one letter to a number, and change at least one letter to a symbol. Done!
  • Example: Christmas as a password might be chr9st#As.
  • Use multi factor authentication when it is offered. That’s a username and password combination plus at least one other piece of information, e.g., a security question.
  • Choose oddball security questions, and use something you make up as an answer. Example, do you remember who your fifth grade math teacher was? Use the question and make up an answer you can remember. Maybe you really wished Batman was your fith grade teacher. So, use Batman. Don’t use your father’s middle name or your mother’s maiden name and the like. Many ID thieves know their victims and know the answers to easy questions.
  • Be careful. Don’t click on anything suspicious. If you receive an email saying your bank account is overdrawn, don’t open it. Call your bank. Never use a phone number you receive in an email. Call the number on a statement, or look up the number.
  • Don’t keep a document on your computer called “Passwords.” I get it, we have too many accounts with user names and passwords. We have to keep them somewhere. Get creative! 
  • One option is to use a password keeping app like One Pass.
  • Another is to keep such a document but name it something that doesn’t alert a thief to the fact that it’s a password doc. Name it something unappealing like colonoscopy or foot fungus, and password protect it.
  • Do NOT under any circumstances keep a hand written list of passwords at your desk or in your bag!

Most of these tips are common sense. Learn to trust yourself.

If you think someone is standing too close, they probably are. Just move away. Go look at something else and get back in line later.

If it’s dark, don’t hesitate to ask a security guard to walk you to your car.

And, if you see an email from someone you don’t know, or if an email seems suspicious, just delete it.

Here’s to a safe and happy holiday season!

A Lump of Coal for Admin Employees? Texas Court Blocks Implementation of DOL’s Overtime Rule Change

On November 22, Judge Amos Mazzant, of the Eastern District of Texas sitting in Sherman, issued a nationwide injunction blocking implementation of the highly-anticipated changes to the Overtime Rule. A group of 21 state attorneys general, including Ken Paxton of Texas, sued to block implementation of the rule which was slated to take effect on December 1.

The rule change would have raised the overtime exemption for salaried executive, administrative, and professional employees from $455 a week to $921 per week.

overtime-faq_645x400-1

In other words, administrative employees making less than $47,892 per year would have been entitled to overtime if they worked more than 40 hours in a week.

The court found that the Department of Labor (DOL) exceeded its statutory authority in issuing the rule change. The court’s decision is available on the Texas Attorney General’s website: http://tinyurl.com/zzdo4mw.

The DOL stated it is considering its legal options. It has not yet announced whether it will appeal the injunction to the 5th Circuit Court of Appeals. The DOL press release can be viewed here: https://www.dol.gov/WHD/overtime/final2016/.

As a practical matter, the ruling comes too late for most businesses.

The DOL announced the proposed rule change on July 6, 2015. The Department received over 290,000 comments to the proposed rule change. On May 18, 2016 the DOL released the final rule and warned the new rule would take effect on December 1.

Larger businesses adopted strategies for complying with the new rule months ago. Businesses that planned to comply and announced those plans to employees will hesitate to change course because of the cost of making changes at this late date, uncertainty whether the ruling will stand, and harm to employee morale.

$47,476 – The Magic Number ARE YOU READY?

On December 1,

new overtime rules take effect.

Is your business ready?

failure-to-pay-overtime-min-wage-1150x767

 

Starting in December, administrative employees making less than the magic number, $47,476 per year, will no longer be exempt from the overtime provisions of the Fair Labor Standards Act. These administrative employees will earn overtime pay if they work more than 40 hours in a week.

 Overtime pay is 1.5 times the employee’s hourly pay rate. The change is huge because it more than doubles the threshold for the exemption. Previously, administrative employees making more than $23,660 a year have been exempt from overtime.

Salary alone is not the only factor for determining whether a salaried employee is entitled to overtime or is exempt. There is actually a three part test:

  • The employee is paid a salary as opposed to an hourly wage;
  • The salary must be at least $47,476 annually for a full time worker to be exempt; and
  • The employee’s primary job must be executive, administrative, or professional, e.g., management, exercise of discretion and independent judgment, or work that requires advanced knowledge.

Otherwise, the employee is entitled to overtime pay at time and a half the employee’s hourly equivalent rate for each hour worked beyond a 40 hour work week.

The Department of Labor has identified four options for employers to comply with the new rule:

  • Raise salaries to maintain the exemption;
  • Keep current salaries, and plan to pay overtime;
  • Adjust workloads and schedules so that employees are not working overtime; or
  • Adjust wages by converting salaried employees to hourly.

What are businesses doing to prepare?

Raising salaries and paying overtime is simply not financially feasible for many businesses. Employees may negatively view adjustments in workloads and schedules or converting them from salary to hourly pay.

There is another way to comply with the new rule without undertaking additional financial burdens: adopt a workplace policy mandating that non-exempt employees cannot work overtime without prior written approval from a supervisor.

Enforce the policy consistently. This will help the business be able to predict and control labor costs while encouraging healthy work-life balance for employees.

Small businesses may have a tough adjustment period ahead.

Adopting a policy regarding overtime, educating employees about the policy, and enforcing the policy will provide some predictability and enable the business to manage workloads in a way that minimizes financial strain and possible cash flow problems. We can help craft company policies that comply with the new rule while providing the ability to manage overtime.

The Business Owner’s Tax Dilemma

Tax time is coming up, and it’s worth taking a look at your business records now so that you are prepared to send your 2016 records to your tax preparer come January.

t1larg-tax-forms-t1larg

It’s also a good time to think about your tax strategy.

Conventional wisdom is to maximize deductions and business losses and to minimize income. While this strategy results in lower tax bills, it may not be the best strategy for your business. Choosing the best tax strategy involves some advance planning and goal setting.

If your personal goals include buying a home or if your business goals include courting investors or seeking funding to meet your goals, then think carefully before minimizing your business income to avoid tax liability.

You may be outsmarting yourself out of your goals.

Mortgage companies tend to view the self-employed as high risk. Self-employed mortgage seekers must jump through more hoops than their counterparts who are employed by large companies. Mortgage lenders want to see a history of income stability. If your small business has taken a loss in each of the preceding several years, it will be hard to get a mortgage.

 The same goes for financing to grow your business. Lenders are looking for credit worthiness and stable income – not a brilliant tax strategy. Don’t let your brilliant tax strategy compromise your ability to meet your goals.

 Have a frank discussion with your tax preparer in advance if your business or personal plans include getting financing in the next 2-5 years.