civil rights – Page 5

DOJ Begins Its Own DEI Enforcement Efforts

Wednesday evening, February 5, 2025, Attorney General Pam Bondi issued a series of memos to various divisions of the Department of Justice (DOJ). One memo asserted that the DOJ will take action to enforce President Trump’s efforts to eliminate illegal diversity, equity, and inclusion (DEI) initiatives, as outlined in Executive Order 14173 (“Ending Illegal Discrimination and Restoring Merit-Based Opportunity”).
This memo, titled “Ending Illegal DEI And DEIA Discrimination And Preferences,” tasks the DOJ’s Civil Rights Division with investigating, eliminating, and penalizing illegal DEI “preferences, mandates, policies, programs, and activities in the private sector and in educational institutions that receive federal funds.” By March 1, 2025, the Civil Rights Division and the Office of Legal Policy are to submit a report containing recommendations to “encourage the private sector to end illegal discrimination and preferences” related to DEI. That report is also supposed to identify the most “egregious and discriminatory DEI and DEIA practitioners in each sector of concern.” One big takeaway from this memo is the implication that some private companies may face criminal penalties for DEI initiatives.
Bondi also directs the DOJ to work with the Department of Education to eliminate DEI programs at universities, based on the Supreme Court’s 2023 decision in Students for Fair Admissions, Inc. v. Fellows of Harvard Coll., 600 U.S. 181 (2023).
Notably, the memo itself does not purport to prohibit educational, cultural, or historical observances that “celebrate diversity, recognize historical contributions, and promote awareness without engaging in exclusion or discrimination.” Examples of these types of observances include Black History Month and International Holocaust Remembrance Day.
This new effort from the DOJ will likely face legal scrutiny in the coming weeks, as federal courts have routinely upheld private employers’ First Amendment right to promote DEI. Employers should stay up to date with the rapidly evolving DEI landscape and consult with legal counsel as they evaluate their practices and initiatives for compliance with federal non-discrimination laws.

2025 Employment Law Updates

Many state and local government employment laws went into effect January 1, 2025. Here is a non-exhaustive list of 2025 employment law updates.

The Worker’s Compensation Time of Hire Notice can be found here.
The Worker’s Compensation Updated Poster can be found here.

Employers should also be aware that numerous hourly minimum wage rate increases are set to take effect in various jurisdictions on January 1, 2025, as previously detailed here.
Again, this is a non-exhaustive list of employment law updates. Contact your Polsinelli attorney if you have any questions or need assistance regarding employment law compliance in 2025, as well as to get up to speed on the latest employment law updates.

Is Lack of Diversity the Cause of DExit?

Suddenly, DExit has moved from the theoretical to the real. Over the last several months, several publicly traded companies have filed proxy materials with the Securities and Exchange Commission that include proposals to reincorporate in Nevada. See Several More Companies Propose Move From Delaware To Nevada. More recently, Dropbox filed materials disclosing a plan to reincorporate in Delaware and it has been reported that Bill Ackman intended to reincorporate his management company in Nevada. Suddenly, the Silver State is looking positively golden.
Delaware legislators have taken notice. In an opinion piece Senato Nicole Poore and Speaker Melissa Minor-Brown duly note the importance of the corporate franchise business to Delaware. According to these legislators, the problem is a lack of diversity:
While Delaware’s Court of Chancery has remained widely respected for its expertise and fairness, we acknowledge that it’s important to address its lack of diversity and ensure the judiciary reflects the broader perspectives of the communities it serves, thereby enhancing its credibility and fairness, and Delaware’s leadership in corporate governance and justice.

I have yet to find a proxy statement which cites a lack of diversity in the Delaware courts as a reason for leaving.

Calling the Right DEI Play for the NFL

Today’s Wall Street Journal story about Roger Goodell’s decision to maintain the NFL’s DEI programs reported that Mr. Goodell stood by the football league’s diversity initiatives, which would not change in response to the political climate. The article noted that Mr. Goodell characterized the NFL’s programs as being both positive for the league and a “reflection of our fan base and our communities and our players.” While the NFL’s decision to push back against the current anti-DEI trend is notable, it is clear that the NFL made this decision after conducting a thoughtful and introspective process, which included an understanding of a key DEI goal – which is to level both the literal and figurative playing field.
Mr. Goodell noted that the purpose of the NFL’s DEI programs in reference to the talent pipeline was “about opening that funnel and bringing the best talent into the NFL.” DEI detractors often base their attacks on the premise that DEI causes bias, rather than diminishing it. But in fact, and as I noted last year in Merit Unmasked, DEI’s true goal is to unmask overlooked talent. I posited then (and believe now) that DEI should be framed as talent-searching, and never as talent-diminishing. If we reframe the approach to DEI in this fashion – like the NFL and many other businesses that have engaged in meaningful introspection about their DEI programs – then it becomes much easier to understand, accept, and advocate for the reasons supporting DEI, and how to tailor it for each business.
The NFL has long offered Americans the joy (and misery) of competition, the celebration of (and frustration with) sport, and the community of (and discord among) fans. But it is interesting times indeed to see the NFL as a model for American business on how to best fully serve corporate communities, employees, and stakeholders.

Free Speech is Not a License to Destroy

Many fervent activists are losing touch with the fact that free speech is not a license for violence, harassment, and vandalism. From college campuses and city streets to federal buildings, militant protesters are using force to draw attention to their causes. It’s time for the legal system to stop this reckless behavior.
The unlawful blockade at the Energy Department’s headquarters in Washington, D.C., this past month is a high-profile example of the slide from protected speech to misconduct. Climate Defiance, the climate activist group behind the blockade, has made national headlines over the past year through their deployment of confrontational tactics, such as storming a baseball field attended by members of Congress and rushing a stage during a book launch event featuring Minnesota Senator Amy Klobuchar.
It’s not just at our civic institutions where an “ends justify the means” attitude toward harassment and property destruction is taking hold. In the rioting after a 2020 police shooting in Kenosha, Wisconsin, the New York Times reported that 115 small businesses, many of them minority-owned, were either destroyed or damaged.
Of course, the rogue actions of a few people should not lead to the condemnation of any cause. But for some protesters, unlawful aggression is increasingly the point.
At a gathering of protesters in Portland, Oregon, literature titled Why Break Windows was disseminated, arguing that property destruction was excusable as part of a righteous cause. One recent poll found that 41% of college students believe that violence is justified if it’s used to prevent “hate speech.” This sentiment closely parallels themes conveyed in the 2021 publication How to Blow Up A Pipeline, which promotes sabotage of industrial facilities as a substitute for non-violent protests. After finding its way into college curriculums, the book was adapted into a movie that was described in the FBI Weapons of Mass Destruction Directorate as a vehicle that “could spark eco-terrorism against U.S. energy infrastructure.”
The growing juxtaposition of speech and violence by protest movements is concerning. It’s also a matter where courts may soon weigh in.
Next month, a North Dakota jury will consider whether to hold Greenpeace liable over its role in the destructive protests over the Dakota Access Pipeline. The lawsuit claims that the opposition to the pipeline devolved into property destruction, trespass, assaults on company employees, and other actions that far exceed the bounds of democratic political action. The damage from the protests cost the companies involved in the pipeline an estimated $7.5 billion.
Greenpeace argues that the lawsuit is an “attack on free speech.” But it’s not Greenpeace’s speech or public positioning that the lawsuit questions—it’s the organization’s conduct.
If the case is successful, it could mean bankruptcy for Greenpeace. A win for the plaintiffs would also send a strong signal that while the right to protest is protected by our Constitution, violence and property destruction are not.

Another Arbitration Agreement Bites the Dust!

The California Court of Appeal dealt another blow to arbitration, just months after we reported the last such decision here.
This time, the Court ruled that the federal Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act of 2021 (“EFAA”) overrides state law—even in cases in which the employee has signed an arbitration agreement that explicitly invokes state law favoring arbitration.
Kristin Casey, a former employee of D.R. Horton, Inc., sued the company and one of its employees, Kris Hansen, for sexual harassment, sex discrimination, retaliation, and failure to prevent discrimination and harassment in September 2023. D.R. Horton attempted to enforce an arbitration agreement in Casey’s employment contract, which included a choice-of-law provision applying California law. Casey opposed arbitration, arguing that the EFAA gave her the right to pursue her claims in court.
The EFAA, enacted in 2022, provides that a “person alleging conduct constituting a sexual harassment dispute” may elect that “no predispute arbitration agreement . . . shall be valid or enforceable with respect to the case filed under federal, tribal or state law and relates to the sexual harassment dispute.”
The trial court upheld the arbitration agreement, enforcing the terms to which Casey had agreed. But on a writ petition, the California Court of Appeal reversed, holding that the EFAA preempts state law so long as the employment relationship involves interstate commerce (a low hurdle). The court further determined that an employer cannot rely on a choice-of-law clause to avoid the effect of the EFAA.
You can read the full decision here.

HHS Publishes Notice of Proposed Rulemaking to Amend HIPAA Security Rule Requirements – Comments Due March 7, 2025

Summary
On December 27, 2024, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) published its Notice of Proposed Rulemaking (“NPRM”) titled HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information. HHS seeks comments on proposed modifications to the Security Standards for the Protection of Electronic Protected Health Information comprising 45 C.F.R. Parts 160 and 164, Subpart C, commonly known as the “Security Rule”, to address modern breach and cybersecurity risks to electronic protected health information (“ePHI”)[1] and common deficiencies observed by HHS in Security Rule compliance investigations, and to incorporate current industry best practices[2] and court decisions affecting enforcement of the Security Rule[3].[4] As summarized below, the proposed modifications signal HHS’s commitment to aligning the Security Rule requirements with current cybersecurity standards and addressing areas of non-compliance with more prescriptive measures to enhance ePHI security in the face of evolving cyber threats and technological advancements. HHS invites interested parties to submit comments by March 7, 2025.
Two weeks after the NPRM was published in the Federal Register, President Trump issued an Executive Order requiring a “Regulatory Freeze Pending Review.” The regulatory freeze makes the fate of the proposed Security Rule amendments unclear. If the proposed Security Rule amendments proceed unchanged, regulated entities and health plan sponsors could incur significant combined costs, which HHS estimates at approximately $9.3 billion in the first year of implementation.[5]
HIPAA Framework
The statutory and regulatory framework that governs the privacy and security of (most) health information in the United States is codified under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, enacted on August 21, 1996 (“HIPAA”). Changes and additional requirements to this statutory and regulatory framework were included in the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), enacted as part of the American Recovery and Reinvestment Act of 2009, Public Law 111-5, signed into law on February 17, 2009. Additionally, the Genetic Information and Nondiscrimination Act of 2008 (“GINA”), Public Law 110-233, signed into law on May 21, 2008, included provisions governing the use of genetic data.
In addition to the Security Rule, HHS issued regulations under HIPAA on Standards for Privacy of Individually Identifiable Health Information comprising 45 C.F.R. Parts 160 and 164, Subparts A and E (“Privacy Rule”), Standards for Notification in the Case of Breach of Unsecured Protected Health Information comprising 45 C.F.R. Parts 160 and 164, Subpart D (“Breach Notification Rule”), and Rules for Compliance and Investigations, Impositions of Civil Monetary Penalties, and Procedures for Hearings comprising 45 C.F.R. Part 160, Subparts C, D, and E (”Enforcement Rule”). These rules, developed through successive waves of the administrative rulemaking process, are extensive and complex.
Summary of the NPRM and Specific Requests for Comment
The Security Rule applies only to ePHI transmitted by or maintained in electronic media by covered entities and business associates (“regulated entities”). The NPRM proposes several modifications to the Security Rule in recognition of the “significant changes in which health care is provided and how the health care industry operates”[6] since the Security Rule was last revised in 2013. As is common for significant rulemaking, HHS often requests comments on its proposed rule changes, including perceived benefits, drawbacks, unintended consequences, and specific considerations for each proposal.

Security Rule Requirements Are Not Optional. The Security Rule currently distinguishes between “addressable” and “required” implementation specifications to provide regulated entities with flexibility to implement administrative, physical, and technical safeguards that are reasonable and appropriate based on their risk analysis, risk mitigation strategies, existing security measures, and implementation costs. HHS has observed that, despite extensive guidance and regulation, some regulated entities have incorrectly interpreted “addressable” implementation specifications to be “optional” requirements, resulting in compliance gaps and increased risks to ePHI.[7] HHS proposes to eliminate the distinction between “addressable” and “required” implementation specifications to simplify and clarify the baseline mandatory security measures that regulated entities must meet in order to demonstrate they are reasonably and appropriately safeguarding ePHI.[8] With respect to this proposed modification, HHS requests comment on whether removing the distinction between required and addressable implementation specifications would result in unintended negative consequences for regulated entities and recommendations for how HHS may clarify that regulated entities are required to implement the security measures proposed in the NPRM.[9]
Routine Review and Testing of Security Measures. The proposed amendments to the Security Rule would require regulated entities to review and test the effectiveness of their required security measures “on a specified cadence” and to modify them as reasonable and appropriate.[10] Some of the proposed measures for reviewing and testing measures are undertaking tabletop exercises to assess how effectively personnel follow incident response and security procedures, conducting knowledge assessments after training on policies and procedures, and reviewing system logs and access records to evaluate whether personnel are properly complying with policies and procedures governing access to ePHI.[11]
Data Inventory, Network Map, and Risk Analysis.[12] The proposed Security Rule amendments include replacing the existing standard for security management process (45 C.F.R. 164.308(a)(1)) with a new requirement that a regulated entity conduct and maintain a written technology asset inventory. This inventory would demonstrate the regulated entity’s awareness of the location of ePHI it records, maintains, or processes. Additionally, regulated entities would be required to maintain a network map of their “electronic information systems”, including all technology assets that may impact the confidentiality, integrity, or availability of ePHI. The network map must detail the movement of ePHI within the regulated entity’s electronic information systems, showing how ePHI enters, exits, and is accessed from outside the electronic information systems. HHS also proposes to require a regulated entity to use information from the data inventory and network map to conduct a risk analysis to identify the potential risks and vulnerabilities to ePHI and related electronic information systems.[13] These proposed changes to the administrative safeguard requirements align with HHS’s objective of harmonizing HIPAA standards with familiar concepts from other data privacy and security frameworks and laws[14] that require organizations to understand the flow of the data they process. The changes also aim to enhance a regulated entity’s ability to identify and manage risks to the confidentiality, integrity, and availability of ePHI.
Encryption as a Standard.[15]HHS proposes to redesignate encryption and decryption from an implementation specification for access control (45 C.F.R. 164.312(a)) and transmission security (45 C.F.R. 164.312(e)) to a standalone standard for technical safeguards in order “to increase its visibility and prominence.” The proposed amendments would require a regulated entity to use widely accepted encryption standards to protect ePHI at rest and in transit, update encryption methods as standards evolve, and maintain up-to-date risk analyses and security plans, subject to limited exceptions. For example, if a regulated entity is currently using a technology asset that does not support prevailing encryption standards, the regulated entity may still be in compliance with the encryption requirement provided that it “establish[es] a written plan to migrate ePHI to technology assets that support encryption consistent with prevailing [encryption] standards and to implement such a plan… within a reasonable and appropriate period of time.”[16] Another proposed exception would be when a regulated entity is transmitting unencrypted ePHI in response to an individual’s request pursuant to 45 CFR 164.524 (HIPAA Right of Access), wherein the individual instructs the regulated entity to submit responsive data in an unencrypted format (e.g., some types of text messaging instant messaging, or via an unencrypted app).[17]
Authentication. HHS also proposes amendments to the existing standard for authentication by requiring a regulated entity to implement procedures that include technical controls for verifying the identity of those accessing a regulated entity’s electronic information system. HHS also proposes four new implementation specifications under this standard: (i) eliminate the use of default passwords, such as by requiring personnel to change any default passwords to unique passwords that are consistent with current authoritative source recommendations for unique passwords;[18] (ii) require regulated entities to use multi-factor authentication (“MFA”) to all technology assets in its relevant electronic information systems to verify that the person seeking access is the one claimed;[19] (iii) specific exceptions to MFA, including for currently-used technology assets that do not support MFA, when MFA is infeasible during an emergency, and for a technology asset that is a “device” defined under section 201(h) of the Federal Food, Drug, and Cosmetic Act;[20] and (iv) require a regulated entity to review and test the effectiveness of technical controls required by the authentications standard at least once every 12 months or in response to environmental or operational changes, whichever is more frequent, and modifying as reasonable appropriate.[21]
Contingency Planning and Response.[22] The proposed Security Rule amendments would require a regulated entity to establish and implement, as needed, a written contingency plan that includes policies and procedures for responding to emergencies, such as fire, system failure, natural disaster, or security incident that adversely impacts the confidentiality, integrity, and availability of ePHI. The proposed standard for contingency planning would require regulated entities to, among other things, perform and document an assessment of the criticality of relevant electronic information systems that create, receive, maintain, or transmit ePHI or that are otherwise crucial to ensuring the confidentiality, integrity, or availability of ePHI, providing patient care, and supporting other business needs. Additionally, regulated entities would be required to establish and implement a written data backup plan that includes procedures for creating and maintaining exact retrievable copies of ePHI; to restore critical relevant electronic information systems and data within 72 hours of loss; and to review and implement procedures for testing contingency plans at least once every 12 months and to document and modify as appropriate the results of such tests.
Compliance Audits.[23]The proposed Security Rule amendments require that a regulated entity conduct and document an audit of compliance with each standard and implementation specification of the Security Rule, either via an internal or third-party compliance audit, at least once every 12 months.
Business Associate Management.[24] HHS proposes to require regulated entities to verify that their business associates have implemented required technical safeguards and to obtain satisfactory assurances of compliance with the Security Rule. To support compliance with this new standard, regulated entities will be required to obtain written verification from their business associates at least once every 12 months. The verification must include a written analysis of the business associate’s electronic information systems conducted by a qualified individual with expertise in cybersecurity principles, and must be accompanied by a written certification from an authorized representative of the business associate, affirming that the analysis has been completed and is accurate. The proposed Security Rule amendment allows flexibility in selecting the individual to perform the analysis, permitting a regulated entity to select either an internal or third party to conduct the required analyses. This proposed requirement aligns with HHS’s Cybersecurity Performance Goals for Vendor/Supplier Cybersecurity,[25] which emphasizes identifying, assessing, and mitigating risks to ePHI shared with business associates.
Updated and New Definitions. HHS proposes to update 15 existing definitions in the Security Rule: access, administrative safeguards, authentication, availability, confidentiality, information system and electronic information system, malicious software, password, physical safeguards, security or security measures, security incident, technical safeguards, user, and workstation, primarily to clarify inconsistencies within the Security Rule.[26] For example, the proposed Security Rule amendments seek to modify the definitions for “administrative safeguards,” “physical safeguards,” and “technical safeguards”[27] to clarify that requirements also apply to actions to the policies and procedures addressing the activities covered by each definition. The proposed Security Rule amendments also seek to update the definition of “electronic media”[28] to include not only media on which data is or may be recorded electronically, but also media on which data may be maintained or processed. The proposed update expands the definition, capturing potential vectors for accessing or transmitting ePHI under the Security Rule’s requirements, thus reducing gaps in compliance. The proposed Security Rule amendments also propose to add 10 new defined terms to the Security Rule including: deploy, implement, electronic information system, multi-factor authentication, relevant electronic information system, risk, technical controls, technology asset, threat, and vulnerability[29] to clarify the scope of the Security Rule’s requirements and to further align the Security Rule with NIST CSF and other common security frameworks. HHS requests comments on whether the proposed updated definitions “would be problematic for regulated entities or result in unintended adverse consequences.” HHS also requests specific comments on some of the proposed definitions, including whether the proposed definition for “electronic media” accurately captures current uses and allows for future technological innovation, and whether additions to the non-exhaustive list of examples of electronic media are needed.

Impact on Regulated Entities
President Trump’s “Regulatory Freeze Pending Review” Executive Order directed federal agencies to “not propose or issue any rule in any manner… until a department or agency head appointed or designated by the President after noon on January 20, 2025, reviews and approves the rule.” While hearings for confirmation of the President’s nominee for Secretary of Health and Human Services are in process, the proposed amendments to the Security Rule face an uncertain future: they could move ahead as proposed in the NPRM, the proposed amendments could be revised and reissued, or the NPRM could be withdrawn entirely.
If, however, the proposed Security Rule amendments move forward in their current form, the impact on regulated entities and health plan sponsors would be substantial. HHS estimated that in the first year of implementing the proposed regulatory changes, regulated entities would incur approximately $4.655 billion in costs, while plan sponsors would incur about $4.659 billion.[30] HHS attributes these estimated costs to the following activities: conducting a Security Rule compliance audit; obtaining verification of business associates’ and subcontractors’ compliance with technical safeguards; providing verification of business associates’ compliance with technical safeguards; providing notification of termination or change of workforce members’ access to ePHI; deploying MFA and penetration testing; segmenting networks; disabling unused ports; removing extraneous software; notifying covered entities or business associates, as applicable, upon activation of a contingency plan; and updating health plan documents, policies and procedures, workforce training, and business associate agreements. These costs also include deployment of safeguards by health plan sponsors for their relevant electronic information systems to meet the new Security Rule standards and notifying group health plans upon activation of a plan sponsor’s contingency plan.
For more information, please contact the authors or your Squire Patton Boggs relationship attorney.
Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only and is not intended to constitute or be relied upon as legal advice.

[1] 45 CFR 160.103.
[2] See, e.g., NIST Cybersecurity Framework (“NIST CSF”), HHS’ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, the HHS Cybersecurity Performance Goals, the Federal Trade Commission’s (“FTC”) ‘‘Start with Security: A Guide for Business.” U.S. Department of Health and Human Services, 90 Fed. Reg. 900 (January 6, 2025).
[3] See, e.g., University of Texas M.D. Anderson Cancer Center v. U.S. Department of Health and Human Services, 985 F.3d 472, 478 (5th Cir. 2021). 90 Fed. Reg. 916.
[4] 90 Fed. Reg. 898.
[5] 90 Fed. Reg. 1010.
[6] 90 Fed. Reg. 899.
[7] 90 Fed. Reg. 917.
[8] 90 Fed. Reg. 933.
[9] 90 Fed. Reg. 934.
[10] 90 Fed. Reg. 936.
[11] Id.
[12] 90 Fed. Reg. 937.
[13] 90 Fed. Reg. 940.
[14] National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”), EU General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), Brazilian General Personal Data Protection Law (“LGPD”), and Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”).
[15] 90 Fed. Reg. 968.
[16] 90 Fed. Reg. 968-969.
[17] 90 Fed. Reg. 969.
[18] 90 Fed. Reg. 974.
[19] 90 Fed. Reg. 974-976.
[20] 90 Fed. Reg. 975.
[21] 90 Fed. Reg. 976-977.
[22] 90 Fed. Reg. 955.
[23] Id.
[24] 90 Fed. Reg. 924.
[25] https://hhscyber.hhs.gov/performance-goals.html.
[26] 90 Fed. Reg. 922.
[27] 45 C.F.R. 164.304
[28] 45 C.F.R. 160.103
[29] 90 Fed. Reg. 922.
[30] 90 Fed. Reg. 1010.

USPTO’s Proposed Terminal Disclaimer Practice

On May 10, 2024, the United States Patent and Trademark Office (“USPTO”) published a new proposed rule that would require when a patent applicant submits a terminal disclaimer to obviate non statutory double patenting that the applicant agrees:
that the patent in which the terminal disclaimer is filed, or any patent granted on an application in which a terminal disclaimer is filed, will be enforceable only if the patent is not tied and has never been tied directly or indirectly to a patent by one or more terminal disclaimers filed to obviate nonstatutory double patenting in which: any claim has been finally held unpatentable or invalid as anticipated or obvious by a Federal court in a civil action or by the USPTO, and all appeal rights have been exhausted; or a statutory disclaimer of a claim is filed after any challenge based on anticipation or obviousness to that claim has been made.

The USPTO has promulgated this rule to prevent inventors from attempting to receive multiple patents directed to “obvious variations” of an invention. The USPTO believes that this proposed rule will deter anticompetitive behavior and promote innovation by “allowing a competitor to avoid enforcement of patents tied by one or more terminal disclaimers to another patent having a claim finally held unpatentable or invalid over prior art.”
Currently, when a terminal disclaimer is filed to obviate nonstatutory double patenting, a patent applicant is disclaiming any overlapping subject matter with an already existing patent owned by the patent applicant and is designed to prevent a patent applicant from improperly extending a patent’s term beyond its statutory limit. If a patent challenger wants to invalidate a family of related patents connected through terminal disclaimers, the patent challenger must invalidate each patent individually. Under the proposed rule, when a patent challenger is challenging a patent family, the patent challenger would need to successfully invalidate only one claim of a patent to invalidate that patent and any related patent that is tied to the invalidated patent through a terminal disclaimer.
On July 9, 2024, public comment closed for the proposed USPTO rule. Over 350 public comments were submitted giving feedback on the proposed rule. The public commentors’ opinions ranged from supporting the USPTO’s proposed rule to arguing against the USPTO’s proposed rule. Those submitting comments included private individuals, practicing attorneys, trade and policy organizations, and corporations.
Those against the proposed rule raised many concerns. The main issue with the proposed rule was the concern about the consequences of having a single patent claim invalidating an entire patent family. Other concerns raised included the potential of increased cost during patent prosecution and concerns about the potential to hurt small businesses by incentivizing companies to invalidate one claim instead of licensing patents.
Additionally, others argued that the USPTO does not have the authority to promulgate the proposed rule and that the USPTO is exceeding its statutory authority. For example, former USPTO directors Andrei Iancu, David Hirshfeld, David Kappos, Laura Peter, and Russell Slifer submitted a joint comment against the proposed rule noting many issues with the proposed rule including noting that the proposed rule would “render unenforceable entire patents if a single claim in a different patent is found to be invalid,” that the “proposal hands a powerful cudgel to infringers,” and that the USPTO is “evidently attempting to significantly deter, if not eliminate, continuations practice– a right that inventors are given by statute.”7 Others submitting comments against the rule included the American Intellectual Property Law Association and the American Bar Association Intellectual Property Law Association.
Those supporting the USPTO’s proposed rule argued that the proposed rule would promote competition and lower the cost to consumers by removing unnecessary patents and those supporting the rule believe that it allows smaller businesses to compete with larger corporations who are using “gamesmanship” to receive unmeritorious patents. For example, the Federal Trade Commission (“FTC”) issued a public comment supporting the USPTO’s proposed rule. In the support of the rule, the FTC explained that terminal disclaimers are used to “overcome the USPTO’s rejection of patent claims that are essentially the same as those in an existing patent,” that “[t]he use of terminal disclaimers linking similar patent claims can exacerbate the exclusionary impact of patent thickets by forcing potential market entrants to incur the high cost of challenging multiple duplicative patents,” and that “[t]he [FTC] believes the proposed rule will reform terminal disclaimer practice in a manner that reduces gamesmanship by patent holders, as well as the number, size, and impact of patent thickets. Intellectual property policy that promotes competition and market entry will foster vibrant markets that promote innovation and lower prices for businesses and consumers.”
Administrative Deference
While public comment was open for the proposed USPTO rule, the Supreme Court issued its decision in Loper Bright effectively eliminating Chevron deference for administrative agency action. The Supreme Court’s decision in Chevron, required courts to give “Chevron deference” to an agency’s administrative interpretation of a statue if the agency’s interpretation of an ambiguous statute was “rational” or “reasonable” and Congress had not spoken directly on that issue. However, in Loper Bright the Supreme Court found that Chevron deference “defied the command” of the APA and violates the court’s responsibility to interpret statutes and decide questions of law. This now means that Skidmore Deference will apply. Skidmore Deference means courts should judge an agency’s actions based on “the thoroughness evident in [an agency’s] consideration, the validity of its reasoning, its consistency with earlier and later pronouncements, and all those factors which give it power to persuade, if lacking power to control.” Skidmore v. Swift & Co., 323 US 134. 140 (1944)
The PTO’S primary statutory authority for rule making comes from 35 USC Section 2(b)(2), which provides that the USPTO “may establish regulations, not inconsistent with law, which—(A) shall govern the conduct of proceedings in the Office. . . .” The Federal Circuit years before Loper Bright issued already found that the PTO’s rulemaking authority authorizes them to create regulations regarding proceedings at the PTO and does not give the PTO the authority to issue substantive rules. See, e.g., Merck & Co., Inc. Kessler, 80 F.3d 1543, 1549-50 (Fed. Cir. 1996) (emphasis in original) (finding that the USPTO’s rulemaking authority authorizes the USPTO to create regulations regarding “the conduct of proceedings at the [PTO]” and “it does NOT grant the Commissioner the authority to issue substantive rules. . . . Thus, the rule of controlling deference set forth in Chevron does not apply.”); Animal Legal Defense Fund v. Quigg, 932 F.2d 920, 930 (Fed. Cir. 1991).
Therefore, with the stricter standard when judging agency action and the Federal Circuit finding the rule making authority for the PTO limited to proceedings at the PTO, it is likely that the proposed rule will not be passed. If it is passed, the courts will likely invalidate it finding that the PTO did not have authority to pass such a rule.

What to Know About the War Being Waged Against DEI

Can you still have DEI (diversity, equity, and inclusion) programs? How about affirmative action plans? The Supreme Court’s June 2023 decision in Students for Fair Admissions v. Harvard garnered national attention in holding that Harvard’s admissions program, which used race as a factor in admissions, violated the Equal Protection Clause of the 14th Amendment. Since then, major private corporations have made headlines with their decisions to scale back certain DEI initiatives. Other private companies, such as Costco and Apple, remain unwavering in their commitment to DEI. While not without legal risk, companies that have found DEI initiatives to be helpful to their business and culture can continue with their programs.
State Attorneys General Weigh In
In a recent letter, 13 Democratic attorney generals (from California, Connecticut, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, New York, Rhode Island, and Vermont) urged one retail giant to reconsider its scale back of DEI programs. The AGs’ letter reminded the retail giant that the Fair Admissions decision is a narrow ruling and does not prohibit private corporations from implementing DEI initiatives. The letter went on to remind the company that DEI initiatives are not only encouraged and beneficial but are in some cases necessary to comply with certain states’ anti-discrimination laws.
The New Administration Weighs In
President Trump’s recent executive order titled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” has made the future of DEI even more perilous. The executive order rescinded Executive Order 11246, a 1965 order that imposed affirmative action requirements on federal contractors. Additionally, the federal government has placed DEI employees on paid leave and ordered the termination of DEI activities within federal agencies. The recent executive order goes on to demand that the attorney general submit “recommendations for enforcing Federal civil-rights laws and taking other appropriate measures to encourage the private sector to end illegal discrimination and preferences, including DEI.”
Avoiding Legal Risks in Continued DEI Efforts
If you want to continue DEI efforts, do so thoughtfully and recognize the risks. The recent executive orders emphasize the idea of restoring merit to employment decisions. Therefore, your DEI measures should ensure that programs continue to be merit-based and are designed to provide equal access to opportunities for all applicants and employees. The executive order does not define the specific DEI programs or activities it deems to be illegal, however policies such as quotas, hiring preferences, or hiring goals are likely more susceptible to claims of discrimination. You should review any of your existing company policies and initiatives to ensure they comply with state and federal anti-discrimination laws, as well as recent executive actions.
In the aftermath of the Fair Admissions decision, the EEOC stated “[i]t remains lawful for employers to implement diversity, equity, inclusion, and accessibility programs that seek to ensure workers of all backgrounds are afforded equal opportunity in the workplace.” Due to recent executive actions, we may get additional guidance from the EEOC on the topic of DEI.
Before you make a decision to change an existing workplace DEI initiative or to implement a new initiative, you should consult with your legal counsel to ensure compliance with state and federal anti-discrimination laws. Be on the lookout for developments in this space, as the president’s recent executive actions will likely face legal challenges so the landscape could change.
Listen to this post

The DEI Whirlwind Continues – New Lawsuit Challenges Constitutionality of Anti-DEI Orders

On Monday, February 3, a group of organizations, including representatives of university diversity officers, sued President Trump and his administration, seeking to halt and declare unconstitutional two executive orders aimed at ending diversity, equity, and inclusion (DEI) programs. The lawsuit, filed in the U.S. District Court of the District of Maryland, challenges Trump’s orders as exceeding his constitutional authority and violating principals of equality.
These executive orders from the first week of Trump’s presidency target DEI programs within the federal government and institutions that receive federal funding. One challenged order aims to eliminate DEI offices and positions in the federal government. The other order seeks to deter publicly traded corporations, universities, and other large entities from supporting diversity initiatives.
The plaintiffs are the National Association of Diversity Officers in Higher Education, the American Association of University Professors, the Restaurant Opportunities Center United, and Baltimore’s mayor and city council. They argue that the executive orders undermine efforts to correct historical discrimination against women, racial minorities, and LGBTQ individuals.
In their complaint, the plaintiffs allege that these executive orders:

Exceed President Trump’s constitutional authority, infringing on the spending power, which the Constitution grants exclusively to Congress, by threatening economic sanctions for those who advocate equality and inclusion;
Violate the separation of powers enshrined in the Constitution;
Are unconstitutionally vague, meaning they fail to provide a person with fair notice of what is prohibited in violation of the Fifth Amendment; and
Violate the First Amendment Free Speech Clause by creating a chilling effect on expression or participation in anything that might be related to DEI.

The plaintiffs seek both preliminary and permanent injunctions to block the orders, as well as a declaration that both executive orders are unlawful and unconstitutional.
This lawsuit evidences ongoing debates over the role of DEI programs in addressing inequality. Those challenging the orders argue that DEI programs are necessary to correct long-standing disparities. Those in favor of eliminating DEI programs contend that such programs unfairly disadvantage other applicants. As this challenge to President Trump’s anti-DEI orders unfolds, it will have significant implications for the future of diversity efforts in both the public and private sectors.
Employers and universities alike should work with outside counsel to ensure they are compliant with applicable law and assess organizational risk where appropriate.

Workplace AI – Presidential Change and Unknown Expectations for Retail Employers

The use of Artificial Intelligence (“AI”) in the workplace has spread rapidly since President Trump left the White House in early 2021. In recent years, retail employers have started using AI technology in a variety of ways from automating tasks, to implementing data-driven decision making, to enhancing customer experience. Though the Biden administration started to grapple with the use of AI in the workplace, the second Trump administration could mark a dramatic shift in the federal government’s response to these issues.
The Biden administration took a somewhat cautious approach to the proliferation of AI in the workplace. In response to criticism, including the possibility of AI technology allegedly exhibiting implicit biases in hiring decisions, President Biden issued an executive order on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” which established parameters for AI usage and directed federal agencies to take steps to protect workers and consumers from the potential harms of AI.
President Trump repealed the Biden Executive order on January 23, 2025, but has not yet implemented his own policy. The Trump Executive Order directs the Assistant to the President for Science and Technology and other administration officials to develop an “Artificial Intelligence Action Plan” within 180 days of the order to advance the administration’s policy to “sustain and enhance America’s global AI dominance in order to promote human flourishing, economic competitiveness, and national security.” The specifics of the “Artificial Intelligence Action Plan” remain unclear. President Trump signed an executive order regarding AI during his first term in 2019 which encouraged AI research and implementation, however, the technology has since developed rapidly. Given the Executive Order’s statement that previous government action constituted “barriers to American AI innovation” it is likely the “Artificial Intelligence Action Plan” will promote the development and use of AI rather than create new red tape for employers.
In the wake of the Trump Executive order, federal agencies have taken down the limited guidance regarding the use of AI in the workplace they had released during the Biden administration. The Equal Employment Opportunity Commission (“EEOC”), for example, released guidance documents outlining the ways in which AI tools in the workplace could violate the ADA or Title VII of the Civil Rights Act, particularly with respect to hiring. The Department of Labor also issued guidance addressing wage and hour issues related to AI and laying out best practices for implementing these tools to ensure transparency in AI use and support workers who are impacted by AI. Both these documents have been pulled from their respective agencies’ websites.
President Trump’s decision to appoint David Sacks as an “AI & Crypto Czar” also signals what retail employers can expect from the administration moving forward. Sacks is an entrepreneur and venture capitalist who has espoused pro-industry stances on his podcast, “All-In.” He also has a personal stake in AI being utilized as employers as the owner of “Glue” a software program that integrates AI into work place chats as a rival to platforms like Slack or Teams.
If the federal government does not regulate AI’s use in the workplace, states may attempt fill this vacuum of regulation with legislation addressing emerging issues or counteracting the Trump administration’s actions. This could lead to a patchwork of different compliance standards for employers from state to state. New York City’s Local Law 144 creates obligations for employers including conducting bias audits where automated tools play a predominant role in hiring decisions. Illinois has prohibited employers from using AI in a manner that causes a discriminatory effect. Other states may further complicate this landscape in attempts to correct perceived issues with the use of AI in the workplace.
While President Trump’s stance encourages the use of AI, retail employers should remember that existing anti-discrimination statutes may still provide a vehicle to challenge employers’ use of AI. For example, if AI used in hiring disadvantages a certain race, the employer could still face liability under Title VII. Retail employers should be on the look-out for further actions from the Trump administration and developments regarding AI in the coming year.

DEI (Diversity, Equity, and Inclusion) v. Affirmative Action: They Are Not the Same

Recently, the terms DEI (Diversity, Equity, and Inclusion) and Affirmative Action have been thrown around as if they mean the same thing, but in reality, they are not. They represent distinct concepts with unique goals and approaches.
Affirmative Action is a legal policy created to address historical injustices and discrimination by providing opportunities to underrepresented groups. It involves initiative-taking measures to ensure that individuals from these groups have equal access to education, employment, and other areas where they have been historically marginalized. The primary focus is on creating opportunities and leveling the playing field for those who have faced systemic barriers. However, it should be understood that under this theory a lesser qualified person should not be chosen over a more qualified person. If implemented as intended, it would give an otherwise unavailable opportunity to a qualified person.
On the other hand, DEI encompasses a broader framework aimed at fostering an inclusive environment where diversity is valued, equity is ensured, and everyone feels a sense of belonging. Diversity refers to the presence of differences within a given setting, including race, gender, age, and more. Equity involves fair treatment, access, and opportunities for all, while Inclusion is about creating a culture where everyone feels respected and valued.
While Affirmative Action is often seen as a legal and policy-driven approach, DEI is more about cultural transformation and ongoing efforts to create a supportive and inclusive workplace. Both are crucial for building a fair and equitable society, but they operate on different levels and address different aspects of inequality. DEI initiatives, though can impact hiring, focus on the workplace and people in it. The intent is to embrace the collective, minimize bias and treat others in a respectful and understanding manner.
In further contrast, affirmative action relates to giving a preference to one over the other, even if the other is qualified. DEI is meant to impact a broader range of people and cultures by appreciating differences and encouraging deeper engagement.
Though affirmative action and similar preference policies have been banned or in certain cases unconstitutional, DEI programs are still very legal. It should be noted that despite the recent January 2025, executive order titled “Ending Radical and Wasteful Government DEI Programs and Preferencing,” which aims to terminate DEI programs, it is only relevant to practices within the federal government. DEI programs in private companies, educational institutions, and other non-federal entities are still legal.