A TALE OF TWO REJECTED MOTIONS: Court Denies Plaintiff’s Motion for Leave to Amend and Defendant’s Motion to Compel
Hey, TCPAWorld!
Be timely. Don’t skip procedural steps. And always bring receipts.
In SHANAHAN v. MFS SUPPLY LLC, No. 8:23CV475, 2025 WL 885265 (D. Neb. Mar. 21, 2025), both Terrence Shanahan (“Plaintiff”) and MFS Supply LLC, (“Defendant”) filed competing motions. Plaintiff filed a Motion for Leave to Modify the First Amended Class Action Complaint and Case Progression Order, aiming to revise the class definition based on new facts uncovered during discovery. Meanwhile, the Defendant filed a Motion to Compel, to Deem Admissions Admitted, and to Enlarge the Number of Interrogatories, requesting the Court to force Plaintiff to respond to discovery requests.
The Court denied both motions.
Background
On October 27, 2023, Plaintiff filed a class action complaint accusing Defendant of sending unsolicited telemarketing texts to consumers on the national Do Not Call Registry (DNC). Plaintiff claims he received two such texts promoting real estate lockboxes and asserts he never gave consent, with his number registered on the DNC since December 17, 2004.
Plaintiff seeks to represent the following class:
“All persons in the United States who: (1) from the last 4 years to present (2) Defendant texted more than once in a 12-month period (3) whose telephone numbers were registered on the Federal Do Not Call registry for more than 30 days at the time the texts were sent.” (Filing No. 1 at p. 4 ). Plaintiff’s Complaint contains one cause of action for violations of 47 U.S.C. § 227(c) by telemarketing to telephone numbers listed on the Federal Government’s National Do Not Call Registry.”
Id. at *2. Plaintiff asserts a single cause of action, alleging that the Defendant violated 47 U.S.C. § 227(c) by making telemarketing calls to phone numbers registered on the National Do Not Call Registry.
Defendant filed an answer broadly denying Plaintiff’s allegations and asserting multiple affirmative defenses, including statutory exclusions and claims that Plaintiff and the putative class consented—either expressly or implicitly—to receiving the messages, among others.
Following the parties’ Rule 26(f) Report, the Court set June 24, 2024, as the deadline for written discovery and July 8, 2024, as the deadline to file a motion to compel. The Case Progression Order required parties to first contact the magistrate judge and receive authorization from the Court before filing a motion to compel.
Discovery
On February 7, 2024, Defendant served discovery requests and later deposed Plaintiff on May 6, revealing new information allegedly not disclosed in prior cases, including that Plaintiff’s phone number was tied to his real estate license and business since 2006. Then on May 8, 2024, Defendant served a second set of discovery requests, which Plaintiff largely objected to as exceeding the interrogatory limit under Rule 33(a), being irrelevant, burdensome, vague, ambiguous, among other objections. After receiving Plaintiff’s responses, the parties engaged in an exchange that would entertain—or agitate—any litigator, and according to the Court, went something like this:
Defense counsel: “These are late.”
Plaintiff’s counsel: “No they’re not.”
Defense counsel: “The admissions were due on the 7th. You are late on the admissions. The remainder of the responses are woefully inadequate…”
Plaintiff’s counsel: “Thank you for your professional courtesy in waiting one day. The requests were all overly broad.”
Defense counsel: No response.
Id. at * 2-3.
Counsel informed the Court of a dispute over whether Plaintiff should be allowed to conduct class discovery, and shortly before the conference, Plaintiff moved to amend the Complaint. During the June 17, 2024, conference, the Court directed Plaintiff to file an amended motion after finding no good cause for missing the amendment deadline under Rule 16(b). Further, the Court declined to grant class discovery or allow a motion to compel, instead directing the parties to resolve the issues through further meet-and-confer efforts.
On June 26, 2024, Plaintiff filed an amended motion to amend the complaint, seeking to revise the class definition and establish standing based on information learned during Defendant’s deposition which revealed that Defendant had sent approximately 34,000 text messages to a nationwide list that included Plaintiff. Plaintiff sought to add the following allegations to his Complaint:
“Defendant obtained Plaintiff’s information when it downloaded a nationwide list of 17,000 (Seventeen Thousand) Berkshire Hathaway Ambassador real estate agents. Plaintiff was unaware and had no knowledge that Defendant obtained Plaintiff’s information. Defendant uploaded the list to Textedly, a text messaging platform, and sent out two text messages soliciting one of its popular products (lockboxes, which are locked boxes for keys that realtors share).
Plaintiff’s phone number ending in 1146 is Plaintiff’s only residential phone number, and Plaintiff does not have a ‘landline.’
Plaintiff’s phone number ending in 1146 is his personal cell phone.
Plaintiff owns a real estate business and maintains four separate phone numbers ending in 6224, 0737, 6430 and 0366 for operational purposes so that people do not call his personal cell phone for matters dealing with routine operation of the business.”
Id. at *3. Plaintiff also sought to amend the class definition as:
“All persons in the United States who: (1) are on the list of Berkshire Hathaway Realtors obtained by MFS Supply LLC; (2) whose telephone numbers were connected to cell phones; (3) registered on the Federal Do Not Call registry; (4) whose owners do not maintain any other residential telephone numbers; and (5) do have separate telephone number(s) for business purposes.”
Id. On July 8, 2024, Defendant filed a Motion to Compel, seeking additional interrogatories and to deem admissions admitted, alleging that Plaintiff’s counsel failed to provide documents, respond to interrogatories, or meet discovery deadlines.
Court’s Analysis of the Competing Motions
The Court starts with analyzing Plaintiff’s Motion to Amend his Complaint.
Under Rule 15(a), courts should freely grant leave to amend when justice requires, but if a scheduling deadline has passed, the party must first show good cause under Rule 16(b). Because Plaintiff filed his motion to amend more than three months after the March 15, 2024 deadline set in the Court’s scheduling order, he must first show good cause.
The primary measure of good cause is the movant’s diligence in trying to meet the deadline. Courts generally do not consider prejudice if the movant was not diligent, and absent newly discovered facts or changed circumstances, delay alone is insufficient to justify amendment. The Court found Plaintiff lacked good cause, finding that the facts were not newly discovered and could have been included earlier with diligence, nor did they alter the legal basis of Plaintiff’s claims which already addressed unsolicited texts sent despite being on the Do Not Call Registry. The Court also stated that granting the amendment after discovery had closed would cause delay, require further discovery, and unfairly prejudice Defendant.
Next, the Court analyzed Defendant’s Motion to Compel.
The Court denied Defendant’s motion for failing to follow procedural requirements, including not requesting a conference with the magistrate judge as required by the Case Progression Order and Civil Case Management Practices. Defendant also failed to show proof of a proper meet and confer, such as the date, time, or attachments any related communications between the parties. Plaintiff, on the other hand, submitted email evidence demonstrating that his counsel requested to meet and confer to resolve discovery issues, however, Defendant ignored the request and instead focused on filing the instant motion.
Moreover, the Court found that even if Defendant’s procedural failures were excused, the motion to compel still lacked the required evidentiary support to challenge Plaintiff’s production or objections, as local rules require supporting evidence for motions relying on facts outside the pleadings.
Specifically, the Court denied Defendant’s request for Plaintiff to respond to its second set of interrogatories, because Defendant exceeded the 25-interrogatory limit under Rule 33(a)(1) and failed to address the merits of Plaintiff’s objections or provide the original set of interrogatories.
Defendant’s request for production was denied as Defendant did not identify which of the 29 requests were deficient or explain why Plaintiff’s objections were invalid.
Finally, the Court denied the requests for admissions. Although Plaintiff’s responses were three days late, the Court, in its discretion, treated them as a request to withdraw deemed admissions and accepted them, finding no prejudice to Defendant and no impact on the merits of the case.
Takeaways
Scheduling Orders are not mere suggestions made by the Court and parties are expected to follow them. While the Court has the discretion to approve untimely requests to amend, the movant must show good cause under Rule 16(b), supported by diligence and not rely on preexisting facts that could have been included earlier.
Further, skipping procedural steps, such as a meet-and-confer, can kill your motion before its merits are weighed.
Finally, if you’re challenging discovery responses, make sure to bring receipts. Courts want precision—not general statements.
FDIC Aims to Eliminate Reputational Risk from Supervision
On March 24, acting FDIC Chairman Travis Hill informed Congress that the agency is preparing to eliminate the use of “reputation risk” as a basis for supervisory criticism. In a letter to Rep. Dan Meuser (R-Pa.), Hill explained that the FDIC has completed a review of its regulations, guidance, and examination procedures to identify and remove references to reputational concerns in its supervisory framework.
Hill stated that the FDIC will propose a rule that ensures bank examiners do not issue supervisory findings based solely on reputational factors, which have faced criticism from lawmakers who argue the concept has been used to discourage banking relationships with lawful but politically sensitive industries.
The FDIC is also reevaluating its oversight of digital asset activities. According to Hill, the agency intends to replace a 2022 policy requiring FDIC-supervised institutions to notify the agency and obtain supervisory feedback before engaging in crypto-related activities. The new approach will aim to provide a clearer framework for banks to engage in blockchain and digital asset operations, so long as they maintain sound risk management practices. Hill noted that the FDIC is coordinating with the Treasury Department and other federal bodies to develop this updated framework.
Putting It Into Practice: This initiative closely mirrors the OCC’s recent decision to eliminate reputational risk as a factor in bank supervision (previously discussed here). Both agencies appear to be responding to criticism that reputational concerns have been used to discourage banking relationships with lawful but disfavored industries. Banks should prepare for changes in examination procedures and evaluate how these developments may impact their compliance strategies.
Listen to this post
SEC Creates New Tech-Focused Enforcement Team
On February 20, the SEC announced the creation of its Cyber and Emerging Technologies Unit (CETU) to address misconduct involving new technologies and strengthen protections for retail investors. The CETU replaces the SEC’s former Crypto Assets and Cyber Unit and will be led by SEC enforcement veteran Laura D’Allaird.
According to the SEC, the CETU will focus on rooting out fraud that leverages emerging technologies, including artificial intelligence and blockchain, and will coordinate closely with the Crypto Task Force established earlier this year (previously discussed here). The unit is comprised of approximately 30 attorneys and specialists across multiple SEC offices and will target conduct that misuses technological innovation to harm investors and undermine market confidence.
The CETU will prioritize enforcement in the following areas:
Fraud involving the use of artificial intelligence or machine learning;
Use of social media, the dark web, or deceptive websites to commit fraud;
Hacking to access material nonpublic information for unlawful trading;
Takeovers of retail investor brokerage accounts;
Fraud involving blockchain technology and crypto assets;
Regulated entities’ noncompliance with cybersecurity rules and regulations; and
Misleading disclosures by public companies related to cybersecurity risks.
In announcing the CETU, Acting Chairman Mark Uyeda emphasized that the unit is designed to align investor protection with market innovation. The move signals a recalibration of the SEC’s enforcement strategy in the cyber and fintech space, with a stronger focus on misconduct that directly affects retail investors.
Putting It Into Practice: Formation of the CETU follows Commissioner Peirce’s statement on creating a regulatory environment that fosters innovation and “excludes liars, cheaters, and scammers” (previously discussed here). The CETU is intended to reflect that approach, redirecting enforcement resources toward clearly fraudulent conduct involving emerging technologies like AI and blockchain.
Listen to the Post
FDA Announces a “Chemical Contaminants Transparency Tool” to Evaluate Potential Health Risks of Contaminants in Human Foods.
On March 20, 2025, the Food and Drug Administration (FDA) announced the availability of a Chemical Contaminants Transparency Tool, a database intended to provide users with a list of contaminant levels in the food supply.
Contaminant levels, such as tolerances, action levels, and guidance levels, are used by FDA to evaluate potential health risks in food. If contaminant levels exceed the permissible threshold, FDA will deem the food to be unsafe.
The database compiles existing information from several sources, including compliance policy guides, guidance for industry, and the Code of Federal Regulations, into a single reference. Information includes the contaminant’s name, commodity, contaminant level type, level value, and its reference source. There are currently 301 records available on the database.
According to the news release, under the direction of Secretary Kennedy, the Chemical Contaminants Transparency Tool is one new initiative intended to modernize chemical safety. The intention behind the database is to offer the American public “informed consent about what they are eating.”
HUGE WIN FOR LENDING TREE!: Court Holds Tree is Not Responsible for Affiliate Calls in Pay Per Call Program And That’s Huge News
So Tree and I have buried the hatchet and are friends again– in fact, Lending Tree will be speaking at Law Conference of Champions III, how awesome is that!
But the BEST way to get on the Czar’s good side is to deliver huge industry-helping TCPA wins, and that is EXACTLY what Tree just did and I LOVE TO SEE IT.
In Sapan v. LendingTree, 8:23-cv-00071 (C.D. Cal March 18, 2025) the Court just entered judgment in favor of Tree finding it cannot be held responsible for calls made by affiliates in its pay per call program. Absolutely MASSIVE win,
The ruling turned on vicarious liability principles and applied the critical case of Jones v. Royal Administration Services, Inc., 887 F.3d 443 (9th Cir. 2018), which is the primary Ninth Circuit authority on the issue.
Under Jones a party must control the injury-causing conduct to be liable for calls. And where a party is making calls that may be transferred to any number of buyers the party that happens to buy that call simply cannot be held liable for the transfer.
In light of that authority the Sapan found Tree was not liable because it did not directly control the caller and the mere fact it accepted a transfer is not dispositive.
Excellent result– and undoubtedly the correct one!
This is an important ruling for folks to keep in mind. A ton of litigation arises following lead gen third-party transfers and folks buying leads on non-exclusive campaigns should be citing this case!
Coming Soon: Coordinated Pan-European Enforcement of the ‘Right to Erasure’
The European Data Protection Board (EDPB) recently announced the launch of its 2025 Coordinated Enforcement Framework (CEF) action, which will focus on the right to erasure, also known as the “right to be forgotten,” or, in the United States, the “right to delete.”
This initiative marks a significant shift in enforcement priorities for Europe’s Data Protection Authorities (DPAs) and reflects an increased focus on ensuring compliance with Article 17 of the General Data Protection Regulation (GDPR), which grants individuals the right to have their personal data deleted in certain situations.
Quick Hits
EDPB’s 2025 Enforcement Focus: The CEF will prioritize enforcement of the right to erasure under Article 17 of the GDPR and involve coordination among thirty-two DPAs across Europe.
Increased Scrutiny of Compliance: Organizations may face increased information requests, investigations, and follow-up actions to evaluate their erasure practices and identify compliance gaps.
Preparing for Enforcement: Organizations will likely want to review and refine their erasure request processes to ensure timely responses, proper application of exceptions, and effective data deletion across all systems, including backup systems, and also review their broader GDPR compliance framework to mitigate possible risk in the event of a broader request for information.
The right to erasure is one of the most frequently exercised rights under the GDPR. However, it is also a common source of complaints to DPAs and, when exercised in conjunction with other rights, such as the right to portability, is one of the more visible areas of GDPR noncompliance. The 2025 CEF action involves thirty-two DPAs across the European Economic Area that will begin contacting organizations directly to engage in formal and informal activities aimed at evaluating how the organizations handle and respond to erasure requests. A particular focus of the CEF action will be:
assessing organizational compliance with the conditions and exceptions outlined in Article 17 of the GDPR;
identifying gaps in the processes used by data controllers to manage data subject requests to erase; and
promoting best practices for organizations’ handling of such requests.
Organizations across various sectors can expect increased scrutiny from DPAs. This may include simple information requests from DPAs to evaluate their current erasure practices and procedures, but will also, in some circumstances, result in formal investigations and regulatory follow-up actions. Because this is a coordinated, pan-European enforcement focus, organizations can expect more targeted follow-ups both nationally and internationally as the year progresses.
Organizations can prepare for the heightened attention due to be paid to their erasure request handling processes by taking proactive steps to ensure that their data management practices align with GDPR requirements, particularly regarding:
timely and accurate responses to erasure requests (i.e., within one month of the request);
accurate application of exceptions, such as when data retention is necessary for legal compliance, or tasks carried out in the public interest or in the exercise of official authority;
appropriate notification of erasure requests to other organizations where relevant personal data has been disclosed or made public;
comprehensive processes to effectively erase data, such as erasure of personal data on backup systems in addition to live systems; and
transparent communication with individuals who submit requests for erasure about their rights and the outcomes of their requests.
Organizations may also want to review their broader GDPR compliance frameworks, as a pulled thread on a single identified non-compliance issue could unravel further areas of scrutiny and potentially trigger a larger and broader investigation into the business’s compliance posture on the whole.
NetChoice Sues to Halt Louisiana Age Verification and Personalized Ad Law
On March 18, 2025, NetChoice filed a lawsuit seeking to enjoin a Louisiana law, the Secure Online Child Interaction and Age Limitation Act (S.B. 162) (“Act”), from taking effect this July. The Act requires social media companies subject to the law to obtain express consent from parents or guardians for minors under the age of 16 to create social media accounts. The Act also requires social media companies subject to the law to “make commercially reasonable efforts to verify the age of Louisiana account holders” to determine if a user is likely to be a minor. Further, the Act prohibits the use of targeted advertising to children.
In its complaint, NetChoice has raised a First Amendment objection to the age verification requirement, arguing that the obligation “would place multiple restrictions on minors’ and adults’ abilities to access covered websites and, in some cases, block access altogether.” NetChoice has argued that the restriction is content-based, because the law applies to social media platforms and compels speech by requiring social media platforms to verify users’ ages. NetChoice also has argued that the law’s definition of targeted advertising is overly broad and not properly tailored to mitigate the potential impacts to free speech; in other words, NetChoice has argued that Louisiana has not shown that the age verification and advertising restrictions are necessary and narrowly tailored to address the impact of social media use on minors.
We previously blogged about lawsuits NetChoice has filed seeking to block Age Appropriate Design Code laws in California and Maryland.
Virginia Governor Vetoes Artificial Intelligence Bill HB 2094: What the Veto Means for Businesses
Virginia Governor Glenn Youngkin has vetoed House Bill (HB) No. 2094, a bill that would have created a new regulatory framework for businesses that develop or use “high-risk” artificial intelligence (AI) systems in the Commonwealth.
The High-Risk Artificial Intelligence Developer and Deployer Act (HB 2094) had passed the state legislature and was poised to make Virginia the second state, after Colorado, with a comprehensive AI governance law.
Although the governor’s veto likely halts this effort in Virginia, at least for now, HB 2094 represents a growing trend of state regulation of AI systems nationwide. For more information on the background of HB 2094’s requirements, please see our prior article on this topic.
Quick Hits
Virginia Governor Glenn Youngkin vetoed HB 2094, the High-Risk Artificial Intelligence Developer and Deployer Act, citing concerns that its stringent requirements would stifle innovation and economic growth, particularly for startups and small businesses.
The veto maintains the status quo for AI regulation in Virginia, but businesses contracting with state agencies still must comply with AI standards under Virginia’s Executive Order No. 30 (2024), and any standards relating to the deployment of AI systems that are issued pursuant to that order.
Private-sector AI bills are currently pending in twenty states. So, regardless of Governor Youngkin’s veto, companies may want to continue proactively refining their AI governance frameworks to stay prepared for future regulatory developments.
Veto of HB 2094: Stated Reasons and Context
Governor Youngkin announced his veto of HB 2094 on March 24, 2025, just ahead of the bill’s deadline for approval. In his veto message, the governor emphasized that while the goal of ethical AI is important, it was his view that HB 2094’s approach would ultimately do more harm than good to Virginia’s economy. In particular, he stated that the bill “would harm the creation of new jobs, the attraction of new business investment, and the availability of innovative technology in the Commonwealth of Virginia.”
A key concern was the compliance burden HB 2094 would have imposed. Industry analysts estimated the legislation would saddle AI developers with nearly $30 million in compliance costs, which could be especially challenging for startups and smaller tech firms. Governor Youngkin, echoing industry concerns that such costs and regulatory hurdles might deter new businesses from innovating or investing in Virginia, stated, “HB 2094’s rigid framework fails to account for the rapidly evolving and fast-moving nature of the AI industry and puts an especially onerous burden on smaller firms and startups that lack large legal compliance departments.”
Virginia Executive Order No. 30 and Ongoing AI Initiatives
Governor Youngkin’s veto of HB 2094 does not create an AI regulatory vacuum in Virginia. Last year, Governor Youngkin signed Executive Order No. 30 on AI, establishing baseline standards and guidelines for the use of AI in Virginia’s state government. This executive order directed the Virginia Information Technologies Agency (VITA) to publish AI policy standards and IT standards for all executive branch agencies. VITA published the policy standards in June 2024. Executive Order No. 30 also created the Artificial Intelligence Task Force, currently comprised of business and technology nonprofit executives, former public servants, and academics, to develop further “guardrails” for the responsible use of AI and to provide ongoing recommendations.
Executive Order No. 30 requires that any AI technologies used by state agencies—including those provided by outside vendors—comply with the new AI standards for procurement and use. In practice, this requires companies supplying AI software or services to Virginia agencies to meet certain requirements with regard to transparency, risk mitigation, and data protection defined by VITA’s standards. Those standards draw on widely accepted AI ethical principles (for instance, requiring guardrails against bias and privacy harms in agency-used AI systems). Executive Order No. 30 thus indirectly extends some AI governance expectations to private-sector businesses operating in Virginia via contracting. Companies serving public-sector clients in Virginia may want to monitor the state’s AI standards for anticipated updates in this quickly evolving field.
Looking Forward
Had HB 2094 become law, Virginia would have joined Colorado as one of the first states with a broad AI statute, potentially adding a patchwork compliance burden for firms operating across state lines. In the near term, however, Virginia law will not explicitly require the preparation of algorithmic impact assessments, preparation and implementation of new disclosure methods, or the formal adoption of the prescribed risk-management programs that HB 2094 would have required.
Nevertheless, companies in Virginia looking to embrace or expand their use of AI are not “off the hook,” as general laws and regulations still apply to AI-driven activities. For example, antidiscrimination laws, consumer protection statutes, and data privacy regulations (such as Virginia’s Consumer Data Protection Act) continue to govern the use of personal information (including through AI) and the outcomes of automated decisions. Accordingly, if an AI tool yields biased hiring decisions or unfair consumer outcomes, companies could face liability under existing legal theories regardless of Governor Youngkin’s veto.
Moreover, businesses operating in multiple jurisdictions should remember that Colorado’s AI law is already on the books and that similar bills have been introduced in many other states. There is also ongoing discussion at the federal level about AI accountability (through agency guidance, federal initiatives, and the National Institute of Standards and Technology AI Risk Management Framework). In short, the regulatory climate around AI remains in flux, and Virginia’s veto is just one part of a larger national picture that warrants careful consideration. Companies will want to remain agile and informed as the landscape evolves.
Can I Sue for for the Michigan Coach Data Breach?
What are My Legal Rights if I Received the FBI Letter or DOJ Letter?
Several student athletes from around the United States received a letter from the FBI about former University of Michigan football coach Matt Weiss. Other victims received an email from the U.S. Department to Justice Victims Notification System to advise them about the computer hack that allowed the coach to access personal photos and videos for the athletes. Coach Weiss was recently arrested and charged with computer crimes. He is out on bond and further criminal proceedings are scheduled for him criminal case.
The big question is “what are my legal rights if I received the FBI letter regarding the Michigan coach data breach?” If you received the letter from the FBI advising you that your personal photos and information were unlawfully accessed, you may have a claim for compensation.
What are my Legal Options to Pursue Compensation?
There are two legal cases arising out of the Matt Weiss data breach and computer hacking incident. First, there is the criminal proceeding for his unlawful conduct.
Criminal matters are being handled by the U.S. Attorney General Office and these charges seek criminal penalties, like incarceration, probation, and fines against the coach himself. He is entitled to a presumption of innocence, and his fate will be decided by a judge or jury.
Victims who received the FBI letter can also pursue a civil lawsuit against Matt Weiss and the University of Michigan. There may be additional defendants who were responsible for preventing computer hacks and unlawful data access from the university computers.
How Does a Hacking Victim File a Claim for Compensation?
If you received the FBI letter or the U.S. Department of Justice email saying that your social media accounts were hacked by Matt Weiss, you can file a civil claim for compensation. A Michigan data breach lawsuit lawyer can help if you were a computer crime victim by Matt Weiss, Michigan’s co-offensive coordinator.
The FBI has so far determined that Matt Weiss used University of Michigan computers to unlawfully access over 3,300 student athletes. Victims of the breach can pursue civil lawsuits for damages and institutions can also be held liable if they fail to protect sensitive data, underscoring the importance of robust legal protections. Invasion of privacy is a basis for civil lawsuits.
What is Invasion of Privacy?
Invasion of privacy involves infringement upon an individual’s right to privacy by several intrusive or unwanted actions. These invasions of privacy can include:’
Physical encroachments on a person’s private property
Taking unauthorized photos and videos of a person
Accessing a person’s private e-mail or text messages
Unauthorized access to a person’s private social media accounts
Access to this information, even if not disclosed to others, has a profound effect on the victims’ mental and emotional state. Private, personal, and intimate photos and information accessed by an unauthorized person causes embarrassment, humiliation, and other emotional harm.
Suing the University of Michigan for Invasion of Privacy
You may be able to sue the University of Michigan for invasion of privacy if your personal accounts were hacked and accessed by Matt Weiss. Much work and investigation must be done to determine if this cybercrime attack was preventable by the school with proper oversight and procedures to protect against its computers being used for criminal purposes.
Victims of digital abuse have several avenues to seek justice and compensation. They can pursue civil claims for damages related to privacy violations, emotional suffering, and even potential medical expenses linked to the breaches. These lawsuits can provide financial relief and hold perpetrators accountable for their actions.
Moreover, institutions that failed to protect sensitive information can also be held liable. Victims can seek financial compensation through civil lawsuits against universities and vendors if it can be demonstrated that these entities neglected their duty to safeguard private data. This dual approach not only addresses immediate harm but also promotes systemic change to prevent future breaches.
How Do I File a U of M Data Breach Lawsuit?
There will likely be a class action lawsuit filed against The University of Michigan and separate lawsuits filed by individuals. With over 3,000 victims, there will be many legal procedural obstacles to navigate to file and qualify for a settlement.
If you received a letter from the FBI or any other entity advising you that Matt Weiss unlawfully accessed your personal data, photos, or video, you should contact our award-winning law firm today. We will protect your legal rights and pursue claims on your behalf.
Is there a Coach Weiss Class Action Lawsuit?
A class action lawsuit has not been filed as of March 25, 2025, for invasion of privacy claims against the University of Michigan for the Coach Matt Weiss computer hacking incidents. A class action case may be filed shortly, and you may be able to join if you were a victim.
Kryptofonds in Deutschland – Was Verwahrstellen und Kapitalverwaltungsgesellschaften (voraussichtlich) beachten müssen
Das Inkrafttreten des Zukunftsfinanzierungsgesetzes markierte bereits 2023 die Geburtsstunde der „Kryptofonds“ in Deutschland, indem die unmittelbare Anlage in Kryptowerte auch für Publikumsfonds (i.S.d. §§ 221 bzw. 261 KAGB) ermöglicht wurde. Mit dem Ende 2024 in Kraft getretenen Finanzmarktdigitalisierungsgesetz hat man diese Idee vor dem Hintergrund der MiCAR mit einem Verweis auf dessen Kryptowerte-Begriff nun vollendet.
Da ein Investment in Kryptowerte mit neuen, spezifischen Risiken einhergeht, hat die BaFin den ersten Entwurf eines Rundschreibens zu den Pflichten von Verwahrstelle und Kapitalverwaltungsgesellschaft bei in Kryptowerte investierenden Investmentvermögen zur Konsultation (06/25) gestellt. Es soll einen grundlegenden Rahmen an regulatorischen Mindestanforderungen für Direktinvestitionen in Kryptowerte durch Fonds setzen und ist damit höchst praxisrelevant. Als Rundschreiben hat es nicht die Qualität einer echten Rechtsnorm bildet aber die von der BaFin angewandte Verwaltungspraxis ab.
Pflichten der Verwahrstelle
Grundsätzlich gelten die Pflichten der Verwahrstelle, die sich bereits aus dem Gesetz und dem Verwahrstellenrundschreiben ergeben, weiterhin und sollen durch das Rundschreiben ggf. vorrangig ergänzt werden.
Zusätzlich verlangt die BaFin laut dem Rundschreiben außerdem:
• Pflichten bereits vor der Übernahme eines Mandats. Insofern seien – angesichts der hohen Volatilität von Kryptowerten – bereits im Vorfeld Prozesse zu schaffen, die der Verwahrstelle ermöglichen, informiert das Marktrisiko zu erfassen und kontinuierlich zu bewerten.• Ausreichende sachliche und personelle Ressourcen. Dies betreffe grundsätzlich alle Ebenen und in besonderem Maße die fachliche Eignung der Geschäftsleiter. Hier erkennt die BaFin an, dass insbesondere praktische Vorerfahrungen in Bezug auf eine solch junge Asset-Klasse regelmäßig nur eingeschränkt vorhanden seien. Sie ermöglicht daher einen auf theoretischem Wissen fundierten Aufbau über einen Zeitraum von 6 Monaten.• Geeignete organisatorische Vorkehrungen und zwingend technische Vorkehrungen. Dies schließe IT-Systeme und -Prozesse ein und gelte in besonderem Maße, wenn die Verwahrstelle private Schlüssel zu den Kryptowerten verwahrt. Dann bedürfe es eines darauf ausgerichteten speziellen „Kryptokonzepts“.
Außerdem sei, wie auch bei anderen Assets, zu unterscheiden, je nachdem ob die Kryptowerte verwahrfähig i.S.d. §§ 72 bzw. 81 KAGB sind. Maßgeblich wird es hier auf die Einzelfallprüfung ankommen. Insofern fällt auf, dass die BaFin in ihrem Rundschreiben einen weiten „Kryptowert“-Begriff anwendet und etwa MiFID-Finanzinstrumente i.S.d. Artikel 2 Abs. 4 MiCAR nicht bereits von vornherein aussteuert. Die MiCAR unterscheidet hier konsequent zwischen „Kryptowerten“ und (ggf. auch auf DLT-Basis emittierten MiFID-)„Finanzinstrumenten“, für die die MiCAR entsprechend nicht gilt. Die überwiegend aus 2022 stammenden und inzwischen längst überholten Ausführungen der BaFin zu ihrem Verständnis von „Kryptotoken“, auf die die BaFin im Rundschreiben verweist, sind entsprechend wenig hilfreich.
Gleiches gilt mit Blick auf die Ausführungen zur Verwahrung von (BaFin-)Kryptowerten, weil eine begrifflich klare Unterscheidung verdeutlichen würde, dass DLT-basierte MiFID-Finanzinstrumente gleichsam MiFID-Finanzinstrumente und eben keine MiCAR-Kryptowerte sind. Wo das KAGB und die AIFMD auf den Begriff der MiFID-Finanzinstrumente zur Annahme der Verwahrfähigkeit abstellen, hätte es hier keiner Erörterungen bedurft.
Schließlich weist die BaFin darauf hin, dass ggf. zusätzliche Erlaubnisse erforderlich sein können, insbesondere für eine etwaige Erbringung des Kryptoverwahrgeschäfts in Bezug auf MiCAR-Kryptowerte.
Lautet das Ergebnis der Einzelfallprüfung, dass es sich um nicht verwahrfähige (MiCAR-)Kryptowerte handele, träfen die Verwahrstelle entsprechend die Pflichten für nicht-verwahrfähige Assets aus § 81 Abs. 1 Nr. 2 KAGB (bzw. § 72 Abs. 1 Nr. 2 KAGB). Diese umfassen eine Feststellungspflicht bzgl. des Eigentums bzw. einer entsprechenden Rechtsposition, die Prüfung und Sicherstellung der Zuordnung und Zugriffsmöglichkeiten des Kryptowerts (einschließlich etwaiger Rechte Dritter), die Erfassung in einem kontinuierlich gepflegten Bestandsverzeichnis. Zudem sei ggf. vertraglich sicherzustellen, dass die Verwahrstelle Zugang zu den Systemen des Kryptoverwahrers erhält.
Daneben würden die allgemeinen Kontrollpflichten der Verwahrstelle (vgl. §§ 76 und 83 KAGB) gelten. So müsse sie insbesondere prüfen, ob ein Erwerb von Kryptowerten mit den Anlagebedingungen vereinbar und ob die Erwerbsgeschäfte marktgerecht sind.
Pflichten der Kapitalverwaltungsgesellschaft
Die Kapitalverwaltungsgesellschaft („KVG“) muss den gleichen Risiken Rechnung tragen wie die Verwahrstelle, sodass in Bezug auf einen Direkterwerb von Kryptowerten auch ähnliche Konsequenzen folgen.
Zunächst sei ggf. eine Erweiterung der Erlaubnis zu beantragen, die den direkten Erwerb von Kryptowerten umfasst, weil bisherige Erlaubnisse auf andere Vermögensgegenstände lauten dürften. Insofern stellt die BaFin hier klar, dass der Katalog nach ihrem Verständnis statisch sei und Änderungen nicht von einer bisherigen Erlaubnis gedeckt seien. Insofern sei auch zu beachten, dass eine Verwahrung durch die KVG selbst nicht möglich wäre.
Auch in der KVG seien entsprechend hinreichende Ressourcen und Kenntnisse und Erfahrungen des Personals, ggf. unter Einstellung fachkundiger, externer Experten, sicherzustellen. Auch müssten die Geschäftsleiter ausreichende fachliche Eignung haben, wobei die gleiche Frist von sechs Monaten gelte wie für Geschäftsleiter der Verwahrstelle.
Zudem seien die Prozesse der KVG entsprechend anzupassen und zwingend vor der erstmaligen Investition in Kryptowerte ein Neue-Produkte-Prozess durchzuführen. Dieser müsste vor allem die einhergehenden ggf. erhöhten Risiken und deren Management abbilden sowie Vorgaben zur Best Execution und der Marktgerechtigkeitskontrolle und Wertermittlung machen.
Rundschreiben als Leitplanke
Sowohl Verwahrstellen als auch Kapitalverwaltungsgesellschaften, vor allem wenn sie bereits etablierte Prozesse für andere Finanzinstrumente haben, sollten anhand der Vorgaben des Rundschreibens als Leitplanke und unter Berücksichtigung der spezifischen Risiken von Kryptowerten funktionierende und aufsichtsfeste Strukturen für Direktinvestments schaffen können.
Wer Kryptofonds in Deutschland anbieten will, sollte zunächst prüfen, ob die dahingehende Erlaubnis ausreicht. Besonderes Augenmerk ist dann auf die (technischen) Ressourcen und das Know-How der Mitarbeiter zu legen – und darauf, in welcher Form der Entwurf nach Abschluss der Konsultation veröffentlicht wird.
Building the Blueprint: The Foundation of South Florida’s Tech Evolution Part 3 [Podcast]
In part 3 of the Building the Blueprint podcast miniseries, host Jaret Davis, Senior Vice President of Greenberg Traurig and Co-Managing Shareholder of the Miami office, is joined by GT Shareholder Joshua Forman, who leads the firm’s team in Miami focused on digital infrastructure and data centers. Together, they explore the critical role of data centers in Miami’s tech growth and their broader impact on the global tech ecosystem.
As demand for data continues to grow – fueled by AI, IoT, and remote work – Miami and South Florida are poised to play a key role in this evolving industry. This episode offers insight into the advancements shaping the future of data centers and examines the intersection of tech infrastructure, investment, and innovation in one of the fastest-growing tech hubs in the U.S. Tune in!
Other Transactions: A Flexible and Efficient Acquisition Tool for the Department of Defense
On March 6, 2025, the Defense Secretary released a memorandum directing the Department of Defense (“DoD”) to adopt the Software Acquisition Pathway (“SWP”) to speed up the development, procurement, and delivery of software needed for weapons and business systems. Specifically, the memorandum directed DoD to use Commercial Solutions Openings and Other Transactions (“OTs”) as the default solicitation and award approaches for acquiring capabilities under the SWP. As a result, we are likely to see an expansion in DoD’s use of OTs. Thus, contractors should be aware of the rules and regulations regarding OTs.
Background
While OTs have been in the news a lot these days, they are not a new concept. OTs date back to 1958, when Congress granted the National Aeronautics and Space Administration (“NASA”) the authority to enter into transactions other than contracts, grants, or cooperative agreements in order to foster innovation and speed in the space race.
Since then, Congress has granted OT authority to several other federal agencies, including the Department of Energy, the Department of Health and Human Services, the Department of Homeland Security, the Transportation Security Administration, and the Department of Transportation. However, the most significant and frequent user of OTs has been the DoD.
What is an OT?
An OT is a legally binding agreement that is not subject to most of the federal laws and regulations governing procurement contracts, such as the Federal Acquisition Regulation, the Competition in Contracting Act, the Cost Accounting Standards, and the Contract Disputes Act. An OT can be structured in various ways, depending on the type, purpose, and scope of the project, as well as the needs and interests of the parties. This means that DoD has more discretion and flexibility to negotiate the terms and conditions of an OT, and to tailor them to the specific needs and objectives of the project. This also means that the participants have more freedom and autonomy to conduct their work, and to avoid most of the compliance burdens and administrative costs associated with procurement contracts.
An OT is still subject to certain statutory requirements, such as the Anti-Deficiency Act, the Freedom of Information Act, the False Claims Act, the Anti-Kickback Act, and the Procurement Integrity Act. An OT is also subject to certain policy and oversight considerations, such as the public interest; the protection of human subjects; the safeguarding of classified information; the prevention of fraud, waste, and abuse; and the audit and review by DoD and other agencies. Moreover, an OT—while not a procurement contract—is still a contract in the eyes of the law, and can be enforced and challenged in the courts. As we recently discussed, the Court of Federal Claims (“COFC”) appears to be taking a broader view of its jurisdiction over OTs than it has previously, so we may see more post-award protests for OTs at the COFC.
Because an OT is not subject to many of the federal laws and regulations applicable to procurement contracts, an OT does not automatically provide the same rights and remedies that are available under procurement contracts, such as those relating to equitable adjustments, claims, appeals, protests, and termination settlements. Therefore, the parties to an OT need to carefully consider and negotiate the terms and conditions of their agreement, and also address the risks and responsibilities that may arise during the performance and administration of the project. For example, in addition to basic terms such as the scope of work, deliverables, performance milestones, and payment provisions, the parties may want to negotiate clauses addressing data rights, intellectual property rights, dispute resolution mechanisms, termination procedures, and audit rights.
Types of DoD OTs
The DoD has two main types of OTs: Research and Development OTs and Prototype OTs, the latter of which can lead to production contracts.
Research and Development OTs
Research and Development OTs are utilized for basic, applied, and advanced research projects.10 U.S.C. § 4021(a). Research OTs may be used to pursue research and development of technology with dual-use application (commercial and government). Research OTs may also be used to advance new technologies and processes to evaluate the feasibility or utility of a technology. However, unlike Prototype OTs, DoD cannot transition a Research OT to a follow-on production contract.
Prototype OTs
A Prototype OT can be used for a broad range of projects, including but not limited to (A) a proof of concept, model, or process, including a business process; (B) reverse engineering to address obsolescence; (C) a pilot or novel application of commercial technologies for defense purposes; (D) agile development activity; (E) the creation, design, development, or demonstration of operational utility; or (F) any combination of subparagraphs (A) through (E). 10 U.S.C. § 4022(e)(5). And, for a Prototype OT to be awarded, one of the following conditions must be met: (i) significant participation by a nontraditional defense contractor or a nonprofit research institution; (ii) all significant participants being small businesses or nontraditional defense contractors; (iii) at least one-third of the total cost being covered by non-federal parties; or (iv) exceptional circumstances that justify the use of innovative business arrangements or structures. 10 U.S.C. § 4022(d).
Note that successful completion of a Prototype OT can result in a follow-on production contract without further competition, provided the prototype OT was competitively awarded, and the solicitation and agreement included the possibility of a production contract. This streamlined transition from prototype to production can allow for rapid fielding of new technologies and capabilities—once a prototype has proven its value and effectiveness, DoD can quickly move to production, ensuring that contractors are able to start working on delivering critical technologies without the delays often associated with competitive procurements.
Key Takeaways
DoD’s use of OTs has been steadily growing in recent years, both in terms of the number and the value of agreements. This is only expected to increase further under the current administration. Thus, contractors should keep in mind the following:
Embrace the Flexibility: Recognize that OTs offer a flexible framework that allows for innovative and collaborative agreements. This flexibility can be leveraged to tailor agreements that meet specific project needs without the constraints of traditional procurement regulations.
Leverage Nontraditional Partnerships: Consider forming partnerships with nontraditional defense contractors, research institutions, and consortia. These collaborations can bring diverse expertise and innovative solutions to the table, enhancing the project’s success.
Stay Informed on Legal Requirements: While OTs are exempt from many procurement laws, they are still subject to certain statutory and policy requirements. Ensure compliance with these requirements to avoid legal pitfalls.
Monitor Emerging Trends: Keep an eye on emerging technology areas where the DoD is increasing its use of OTs and position your organization to take advantage of opportunities in these high-priority areas.
Seek Legal Counsel: Given the unique nature of OTs and their legal implications, it is important to consult counsel with experience in federal contracting and OTs to assist in navigating complex legal landscapes and mitigate risks.