California Wildfires—Insurance Tips for Policyholders
The recent wildfires in California have clearly had a catastrophic impact, destroying a vast number of homes and business premises across the region. Homeowners and businesses may have limited means to protect against nature’s forces, but, in this alert, we provide tips on steps that can be taken to protect against denials of coverage by insurers. Careful and proactive attention to insurance coverage considerations could be the key to restoring homes and business operations and weathering the financial storms that follow from such disastrous events.
Potentially Relevant Insurance Policies
It is vital for affected homeowners and businesses to review all relevant or potentially relevant insurance policies promptly, including excess-layer policies, and to comply with loss notification procedures. The most common source of coverage for most individuals and businesses is likely to be first-party property coverage insuring the damaged premises and other assets, including against the risk of fire, smoke, and related damage. In many cases, this insurance will be supplemented by specialty coverages that apply to specific situations.
For businesses, the coverage will typically include the following:
Property damage where losses are caused to the business premises and assets, including computers and machinery.
Business interruption (BI) where the business experiences loss of earnings or revenue due to property damage or loss of use caused by an insured peril, for a specified period of time after the insured event or until normal business operations have been resumed.
Contingent BI which generally covers loss of revenue arising from damage to the property of a supplier, customer, or other business partner.
Denial of access, where use or access to the insured property is prevented or restricted for a specific period of time, for example, if roads or bridges leading to the property have been blocked or destroyed.
Civil authority coverage, which covers losses arising from an order made by a civil or government authority that interferes with normal business operations.
Service interruption coverage, which typically covers the insured for losses related to electricity or interruption of other utilities or supplies.
Extra expense incurred to enable business operations to be resumed or to mitigate other losses.
When presenting an insurance claim, it is important that policy provisions are considered against the backdrop of potentially applicable insurance coverage law to ensure that the policyholder is taking the steps necessary to maximize coverage. Many property policies are written on an “all risks” basis, but there will typically be exclusions, sublimits, or restrictions applicable to certain perils or circumstances. Some coverages may be subject to different policy limits and policy deductibles that impact the amount of coverage available. A proper analysis of the policy wording is vital to enable the insured to take full advantage of the coverage provided.
Practical Tips to Maximize Coverage
There are several steps policyholders should consider when making an insurance claim arising from natural disasters like the California fires:
Be Proactive in Notifying Insurers
Most policies identify specific procedures to be followed in presenting a claim, and there are likely to be timing deadlines associated with them. Failure to comply may result in insurers seeking to restrict or deny coverage for a claim otherwise covered by the policy. Policyholders should carefully consider any notice requirements, including any clause allowing for notice of a loss or an event that may or is likely to give rise to a claim. Prompt notification may assist policyholders in securing early access to loss mitigation resources and related coverages.
Early Assessment of Coverage
There are significant benefits in evaluating coverage at an early stage to understand any issues that may impact the way in which the claim is presented. Consultation with experienced coverage lawyers will assist in identifying and analyzing responsive policies as well as anticipating coverage issues or exclusions insurers might seek to rely upon.
Collate and Preserve Relevant Documents
Insurers typically require proof of loss and damage along with extensive supporting documentation. It is critical to take steps early on to ensure that potentially relevant documents and electronic records are located and preserved. In particular, insurers may argue that some part of the revenue loss is attributable to other causes, such as poor business decisions or economic downturn, such that historical records often must be examined and relied upon.
Preparation of Proof of Loss
The preparation of a detailed inventory and proof of loss is a time-consuming and challenging process but can prove invaluable in seeking to challenge any settlement offers made by the insurers or any loss adjustors appointed on their behalf. Many commercial policies include claim preparation coverage, which covers costs associated with compiling a detailed claim submission. The appointment of independent loss assessors or forensic accountants can prove particularly beneficial for collating BI losses, which are often challenged by insurers. For example, insurers may adopt a narrow view of what constitutes “interruption” to the business, particularly where certain business activities are ongoing.
Advance Payments
Any delays by insurers in making appropriate and periodic payments will delay the rebuilding of premises and the resumption of business operations. Insureds should consider requests for interim or advance payments, prior to completion of the loss adjustment process, particularly if the policy expressly provides for this.
Evaluating and Challenging Insurer Positions
The validity of any coverage defenses or limitations raised by insurers will be impacted by the precise wording of the insurance contract and by the applicable governing law. Experienced coverage counsel will be able to assist an insured in assessing the merit and viability of any coverage issues raised by insurers, or by their appointed loss adjusters, and in maximizing the insured’s potential recovery.
PBGC Technical Update on Accelerated Premium Filing Due Dates for 2025
As described in further detail below, absent Congressional action, plan sponsors should take note that PBGC premium filings will generally be due one month earlier than usual for plan years beginning in 2025. This modification only applies for 2025.
Under ERISA Section 4007, the PBGC determines when premium filings—the submission of required data and payment of any required premiums for PBGC-insured plans—are due. Accordingly, PBGC Regulation Section 4007.11 provides that, in most cases, the premium filings for a plan year are due the “fifteenth day of the tenth calendar month that begins on or after the first day of the premium payment year.”
However, Section 502 of the Bipartisan Budget Act of 2015 (“BBA of 2015”) provides that, notwithstanding ERISA Section 4007 and the corresponding PBGC regulation, for plan years beginning in 2025 only, premium due dates are accelerated by one month to the “fifteenth day of the ninth calendar month that begins on or after the first day of the premium payment year.”
Technical Update Number 25-1 released by the PBGC on January 6th provides further information on the timing of premium payments under the BBA of 2015 for plan years beginning in 2025, including clarification that this accelerated nine-month timeline applies to all premium due date rules in 2025 (including the special due date rules under the PBGC regulation for new plans and short plan years). The Technical Update also indicates that information regarding these special filing due dates for 2025 will be incorporated into the PBGC’s forthcoming 2025 Comprehensive Premium Filing Instructions.
It is important to note, however, that this special acceleration period for 2025 does not supersede PBGC’s disaster relief policy—which, for plans affected by a disaster, generally extends premium filing due dates to correspond with any disaster-related extensions of Form 5500 due dates by the IRS—nor does it supersede any of the PBGC’s general filing rules for due dates that fall on weekends or Federal Holidays.
For illustrative purposes, a calendar year plan beginning January 1, 2024, had a premium filing due date of October 15, 2024, under ERISA Section 4007 and the corresponding PBGC regulation. However, pursuant to the special acceleration provision under the BBA of 2015, for 2025, the same plan will instead have an accelerated premium filing due date of September 15, 2025. The Technical Update includes a full chart for plan years beginning in 2025, which is reproduced below.
Date Plan Year Begins
Due Date
1/1/2025
9/15/2025
1/2/2025 – 2/1/2025
10/15/2025
2/2/2025 – 3/1/2025
11/17/2025*
3/2/2025 – 4/1/2025
12/15/2025
4/2/2025 – 5/1/2025
1/15/2026
5/2/2025 – 6/1/2025
2/16/2026*
6/2/2025 – 7/1/2025
3/16/2026*
7/2/2025 – 8/1/2025
4/15/2026
8/2/2025 – 9/1/2025
5/15/2026
9/2/2025 – 10/1/2025
6/15/2026
10/2/2025 – 11/1/2025
7/15/2026
11/2/2025 – 12/1/2025
8/17/2026
12/2/2025 – 12/31/2025
9/15/2026
* The 15th day of the ninth month on or after the first day of the plan year falls on a weekend or federal holiday.
Finally, Technical Update Number 25-1 comes with a warning: because of anticipated increased costs and burdens on plan sponsors, a repeal of Section 502 of the BBA of 2015 has been on the legislative agenda for the past eight years. So, a mid-year repeal of the accelerated premium filing schedule by Congress is possible. The PBGC pledges to “revise the premium filing instructions and notify practitioners as quickly as possible” if such a repeal occurs.
Alex Scharr also contributed to this article.
HHS OCR Settlements: Last Week in Review
During the week of January 6, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into resolution agreements and corrective action plans with Elgon Information Systems (“Elgon”), Virtual Private Network Solutions, LLC (“VPN Solutions”) and USR Holdings, LLC (“USR”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule.
The proposed resolutions with Elgon and VPN Solutions are the eighth and ninth ransomware investigation settlements announced by OCR. Elgon is required to pay $80,000 to OCR and will be subject to its monitoring for three years to ensure compliance with HIPAA. VPN Solutions is required to pay $90,000 and will be subject to one year of monitoring. The corrective action plans also lay out certain steps each entity is required to take to resolve potential violations of the HIPAA Privacy and Security Rules.
The proposed resolution with USR, announced on January 8, 2025, stems from a data breach, during which an unauthorized third party/parties were able to access a database containing the electronic protected health information (“ePHI”) of over 2,900 individuals and able to delete ePHI in the database. The resolution agreement requires USR to pay $337,750 to OCR and take steps to resolve potential violations of the HIPAA Privacy and Security Rules. USR will be subject to OCR monitoring for two years to ensure compliance with HIPAA.
Last week’s flurry of settlements is in keeping with a broader trend of OCR Security Rule enforcement activity in the past year. These agreements underscore how it is critical that organizations of all sizes that handle ePHI ensure their compliance with the HIPAA Security Rule, which requires administrative, physical and technical safeguards to ensure the confidentiality, integrity and availability of ePHI.
Ohio Streamlines Unemployment Insurance Reporting for Commonly Controlled, Concurrent Employers
New for January 1, 2025, Ohio has streamlined its unemployment insurance reporting process to allow employers that control multiple corporate entities to report unemployment insurance for their concurrent employees in a single account.
Quick Hits
Ohio now allows commonly controlled, managed, or owned companies—or companies reorganized in such a way—to apply for a single unemployment insurance account for reporting purposes.
Companies must file a “transfer of business form,” which began to be accepted on January 1, 2025.
On December 11, 2024, the Ohio Department of Job and Family Services (ODJFS) adopted revisions to Ohio Administrative Code Rule 4141-11-13 that rescinded the prior prohibition on common paymaster reporting, where one entity reports unemployment insurance for a group of related entities with concurrent employment. This change allows Ohio unemployment insurance reporting to be more closely aligned with the Internal Revenue Service’s “common paymaster” employment tax reporting.
Under the new Ohio rule, commonly controlled, managed, or owned companies, or companies reorganized in such a way, may apply for a single unemployment insurance account to report all employees. The rule is currently being interpreted to include registered professional employer organizations in which shared employees are coemployed. Companies meeting the rule’s definition must file a “transfer of business form … identifying the concurrent employers, and whether the employees will be reported on the primary account due to concurrent employment or transfer.”
The rule defines “concurrent employment” as the employment of an individual with at least two substantially commonly owned, managed, or controlled employers during the same time period.” According to ODJFS, commonly owned companies may further reorganize their structure to “create a new commonly owned entity” or may “use one of their existing commonly owned businesses as the primary-wage-reporting entity.”
The changes significantly streamline the unemployment insurance reporting process for commonly owned companies. Under the prior Rule 4141-11-13, each corporate entity was required to report payments for employees regardless of whether it was controlled by another entity under a “common paymaster arrangement” or similar.
The rule also makes clear that common paymaster reporting is an exception to the rule that one legal entity may not report another legal entity’s employees for Ohio unemployment insurance purposes without transferring the direction and control of the employees to the legal entity that will report the employees for Ohio unemployment insurance. Thus, common paymaster reporting is more than just an administrative election to report unemployment insurance under a particular entity.
Next Steps
The ODJFS began accepting applications for a single unemployment insurance reporting account on January 1, 2025. Employers must file a “Transfer of Business” form (JFS 20101), which can be found on the ODJFS website here.
If the primary account does not have an employer ID, ODJFS requires the employer to open a new account online or file “Report to Determine Liability” form (JFS 20100), which can be found on the ODJFS website here.
Supporting Employees Impacted by Wildfires
The ongoing Los Angeles, California, wildfires have caused widespread devastation, forcing residents to evacuate, and have destroyed homes and communities. President Joe Biden approved a Major Disaster Declaration in response to the wildfires in Los Angeles County on January 8.
There are several ways employers can support employees impacted by the wildfires, including by making qualified disaster relief payments to employees and creating paid leave sharing programs. Employers can also set up employee assistance funds through existing public charities that administer disaster relief programs, create an employer-sponsored charitable organization that provides disaster relief payments to employees, or set up a donor-advised fund with a sponsoring public charity. In addition, employers can allow employees greater access to distributions and loans from accounts under employer-sponsored retirement plans.
This alert provides a high-level overview of qualified disaster relief payments, leave sharing programs, disaster relief options using charitable organizations, and expanded opportunities to receive distributions and loans from employer-sponsored retirement plans. The following is intended to provide a brief introduction to the options available to employers and does not address the specific requirements for each option. Qualified disaster relief payments, leave bank programs, charitable organizations, and expansion of distributions and loans from employer-sponsored retirement plans must be carefully structured to ensure compliance under the federal tax laws. It is recommended to consult with legal or tax professionals to ensure full compliance and avoid potential liabilities.
Qualified Disaster Relief Payments
Section 139 of the Internal Revenue Code permits employers to make “qualified disaster relief payments” to employees in areas with an emergency disaster or major disaster declaration. Qualified disaster relief payments are not included in the employee’s gross income or subject to employment tax. Employers can also deduct qualified disaster relief payments to the same extent as payments treated as income to the employee.
A payment qualifies as a “qualified disaster relief payment” if the following requirements are satisfied:
There has been a “qualified disaster” (e.g., a federally declared disaster issued by the President of the United States).
The payment is intended to cover reasonable and necessary personal, family, living, or funeral expenses, or reasonable and necessary expenses incurred for repairing or replacing a personal residence or its contents, provided the expenses were incurred as a result of the qualified disaster and not covered by insurance or other resources.
The payment is not income replacement (e.g., severance, furlough pay, or lost wages from missed work).
Since President Biden approved the Major Disaster Declaration, employers can therefore provide financial assistance to employees impacted by the wildfires, provided that the payments meet the additional requirements described above. Employers who provide qualified disaster assistance payments should maintain adequate records for the program and request that recipients retain receipts and other documentation.
Leave Sharing Programs
Under Internal Revenue Service (IRS) Notice 2006-59, the IRS allows employers, responding to a “major disaster” (as declared by the president), to establish “leave banks” that enable employees to contribute accrued leave (up to the maximum amount the employee normally accrues during the year) to a collective pool for use by employees who have been adversely affected by a “major disaster” necessitating absence from work. Because President Biden approved a Major Disaster Declaration in response to the wildfires in Los Angeles County, employers can use employer-sponsored leave banks to support employees adversely impacted by the wildfires with additional paid leave. The leave is treated as wages with respect to the leave recipient and subject to federal income tax withholding and employment tax (e.g., FICA and FUTA). Leave donors are not entitled to a charitable contribution deduction on their individual income tax returns for the donated leave, but the portion of leave donated is not treated as income or wages to the leave donor. For employer-sponsored leave banks to qualify for the US federal tax treatment addressed herein, leave bank programs must meet certain additional requirements set forth in IRS Notice 2006-59.
Charitable Organizations
Employers can also support employees and other individuals impacted by the wildfires through disaster relief options using charitable organizations. Employers can set up employee assistance funds through existing public charities that administer disaster relief programs, create an employer-sponsored charitable organization that provides disaster relief payments to employees, or set up a donor-advised fund with a sponsoring public charity.
Employee Assistance Fund Administered by Existing Public Charity
Employers can create and fund an employee assistance fund administered by an existing public charity. This allows an employer to provide critical financial assistance to employees affected by the disaster while leveraging the charity’s established infrastructure and expertise.
Employer-Sponsored Public Charity
Employers can establish an employee-sponsored public charity to provide disaster relief payments to employees and other individuals impacted by current and future disasters. Employee-sponsored public charities are typically funded not only by the employer but also by employees or other donors. An employer-sponsored public charity can generally provide disaster relief to employees affected by current and future disasters, including qualified and non-qualified disasters or emergency hardship situations.
Employee-Sponsored Private Foundation
Employers can also establish an employee-sponsored private foundation to provide disaster relief payments to employees and other individuals impacted by current and future disasters. Employee-sponsored private foundations are generally funded by the employer and subject to additional requirements and restrictions that do not apply to public charities. An employer-sponsored private foundation can provide disaster relief to employees affected by current and future qualified disasters (but not non-qualified disasters or emergency hardship situations).
Employer-Sponsored Donor-Advised Fund
Employers can set up a donor-advised fund with a sponsoring public charity to support employees and their family members who are victims of qualified disasters. The sponsoring organization manages the fund, and a selection committee has advisory privileges over the fund. An employer-sponsored donor-advised fund can provide disaster relief to employees affected by current and future qualified disasters (but not non-qualified disasters or emergency hardship situations).
Disaster relief options involving charitable organizations are subject to complex tax requirements and must be carefully structured to ensure compliance.
Distributions and Loans From Employer-Sponsored Retirement Plans
Employers can allow their retirement plans to offer relief to “qualified individuals” impacted by a qualified disaster through expanded distribution options, increased access to plan loans, and loan repayment relief. A “qualified individual” is an individual whose principal residence during the incident period of any qualified disaster is in the qualified disaster area and the individual has sustained an economic loss by reason of that qualified disaster.
To the extent the plans do not already have provisions related to expansions of distributions and loans in the context of federally declared disasters, employers will need to amend their plans and would have until the end of this year to adopt the amendments.
Qualified Disaster Recovery Distributions
Employers can permit qualified individuals to receive distributions from the employee’s plan account in an amount up to $22,000 per disaster, with no early withdrawal penalty, and the option to repay all or a portion of the distribution within three years.
Increase to Plan Loan Limit
Employers can increase the maximum loan amount available to qualified individuals for plan loans made during a specified period following a qualified disaster. The plan loan limit may be increased to the full amount of the individual’s vested account under the plan, but not more than $100,000 (minus outstanding plan loans of the individual).
Relief for Plan Loan Repayments
Employers can also provide qualified individuals additional time (up to one year) to repay plan loans outstanding on the date of the declaration of the qualified disaster.
Wisconsin Appellate Court Interprets Construction Defect Exclusion and Fungi Exclusion
Cincinnati Insurance Company v. James Ropicky, et al., No. 2023AP588, 2024 WL 5220615 (Wis. Ct. App. Dec. 26, 2024)
On December 26, 2024, the Court of Appeals of Wisconsin issued is decision in Cincinnati Insurance Company v. James Ropicky, et al., No. 2023AP588, 2024 WL 5220615 (Wis. Ct. App. Dec. 26, 2024), addressing whether an ensuing cause of loss exception to a Construction Defect Exclusion, Fungi Exclusion, and Fungi Additional Coverage endorsement contained in a homeowner’s insurance policy issued by Cincinnati to its insureds precluded coverage for damage sustained by the insureds’ home following a May 2018 rainstorm. A final publication decision is currently pending for this case.
Background Information
James Ropicky and Rebecca Leichtfuss (collectively “the insureds”) submitted a claim to their homeowner’s insurer, Cincinnati Insurance Company (“Cincinnati”), for alleged water and fungal damage that their home sustained as a result of a rainstorm that occurred on May 11, 2018. Based on Cincinnati’s investigation and the opinions rendered by its expert following his inspections of the insureds’ home, Cincinnati provided limited coverage for the insureds’ claim based on the contention that a majority of the damage was the result of “design or installation deficiencies” that had allowed storm water to enter the interior wall structure. Therefore, Cincinnati concluded the subject damage was either excluded under the policy’s Construction Defect Exclusion and Fungi Exclusion, or subject to the policy’s Fungi Additional Coverage endorsement. As a result, Cincinnati paid $10,000 under the policy’s fungi-related coverage (Fungi Additional Coverage endorsement) and $2,138.53 for other damages falling within the ensuing cause of loss exception to the Construction Defect Exclusion. Cincinnati denied coverage for costs associated with remedying and repairing the purported construction defects.
Eventually, Cincinnati filed a lawsuit against its insureds seeking declaratory judgement as to its coverage position. In response, Cincinnati’s insureds disputed Cincinnati’s coverage position and filed counterclaims against Cincinnati for breach of contract, declaratory judgment, and bad faith related to Cincinnati’s handling of their claim. The circuit court ultimately granted Cincinnati’s summary judgment motion as to coverage, agreeing that the Construction Defect and Fungi Exclusions contained in the applicable homeowner’s policy barred any additional coverage under the policy’s terms beyond that which Cincinnati had already paid with respect to the alleged May 2018 rainstorm damage. Further, because the circuit court ruled in Cincinnati’s favor and held that Cincinnati had not breached its contract with the insureds, the court dismissed, sua sponte, the insured’s bad faith claim as a matter of law. The insureds appealed the circuit court’s decision.
Decision and Analysis
On appeal, the Court of Appeals of Wisconsin concluded the ensuing cause of loss exception to the policy’s Construction Defect Exclusion reinstates coverage, and the policy’s Fungi Additional Coverage endorsement renders the Fungi Exclusion inapplicable. Thus, the appellate court reversed the circuit court’s decision, finding the circuit court erred in granting summary judgment in Cincinnati’s favor, and remanded the case for further proceedings.
First, the appellate court held that even assuming the Construction Defect Exclusion applies, the damage to the insureds’ home nevertheless constitutes an ensuing cause of loss under the policy’s ensuing cause of loss exception and the authority of Arnold v. Cincinnati Insurance Co., 2004 WI App 195, 276 Wis. 2d 762, 688 N.W.2d 707. Relying on Arnold as binding authority, the appellate court explained that an “ensuing loss” “is a loss that follows the excluded loss ‘as a chance, likely, or necessary consequence’ of that excluded loss[,]” and “in addition to being a loss that follows as a chance, likely, or necessary consequence of the excluded loss, an ensuing loss must result from a cause in addition to the excluded cause.” Id. at ¶¶27, 29 (emphasis added). The appellate court then proceeded to apply the following three-step framework adopted in Arnold to determine whether the ensuing cause of loss exception applies: (1) first identify the loss caused by the faulty workmanship that is excluded; (2) identify each ensuing loss, if any – that is, each loss that follows as a chance, likely, or necessary consequence from that excluded loss; and (3) for each ensuing loss determine whether it is an excepted or excluded loss under the policy. See id. at ¶34. Based on the appellate court’s application of this three-step framework, it concluded the rainwater at issue, i.e., the May 2018 rainstorm, was an ensuing cause of loss within the meaning of the applicable policy’s ensuing cause of loss exception to a Construction Defect Exclusion.
Second, the appellate court held that the policy’s Fungi Exclusion and its anti-concurrent cause of loss clause did not exclude coverage for the damage to the insureds’ home. Most significantly, in reaching this conclusion, the appellate court determined that the phrase “[t]his exclusion does not apply” in the Fungi Exclusion does not introduce an exception to the exclusion, but rather introduces two scenarios in which the Fungi Exclusion is never triggered in the first instance because its conditions for application are never satisfied. According to the appellate court, one of the circumstances enumerated in the Fungi Exclusion, wherein it states the exclusion “does not apply” “[t]o the extent coverage is provided for in Section I, A.5. Section I – Additional Coverage m. Fungi, Wet or Dry Rot, or Bacteria with respect to ‘physical loss’ caused by a Covered Cause of Loss other than fire or lightning,” rendered the exclusion inoperative with respect to the subject loss. Notably, the concurring opinion explains how the majority’s interpretation of the Fungi Exclusion’s “this exclusion does not apply” language appears to depart from prior case law, wherein Wisconsin courts have repeatedly concluded that this language creates an exception to an exclusion that reinstates coverage. See Neubauer, J. (concurring).
Third, the appellate court held the policy’s $10,000 limit of Fungi Additional Coverage applies to the portion of subject home’s damages that was at least partially caused by “fungi, wet or dry, or bacteria.” However, the $10,000 limit does not decrease or limit the coverage that was otherwise available for the home’s damages caused solely by rainwater.
Based on its interpretation of the policy provisions set forth above, the appellate court additionally held: (1) genuine questions of material fact exist at least as to whether “fungi, wet or dry rot, or bacteria” caused any of the damage to the insureds’ home, and if so, what portion of the damage is attributable to “fungi, wet or dry rot, or bacteria”; (2) only after properly apportioning any damage caused by “fungi, wet or dry rot, or bacteria” can Cincinnati determine the extent of coverage it is obligated to provide under the terms of the homeowner’s insurance policy; and (3) because issues of material fact remain as to the cost to repair the construction defects (not the ensuing loss), this issue remains to be addressed on remand. The appellate court also reinstated the insureds’ bad faith claim asserted against Cincinnati in the underlying action, which had been dismissed by the circuit court when granting summary judgment in Cincinnati’s favor.
What to Expect After a Car Accident in Philadelphia
If you’ve been injured in a car accident caused by another person’s carelessness, your life might feel uncertain and overwhelming. The physical injuries, emotional distress, and financial burden from the crash can seem like a lot to handle. In these difficult moments, it’s important to know that you’re not alone. A compassionate car accident attorney can help you understand your options and fight for the compensation you deserve.
Read on to explore what to expect after a car accident, from handling the immediate aftermath to understanding the insurance and legal processes. We’ll also highlight the importance of having a legal team on your side to protect your rights and guide you through each phase of your claim.
Immediate Aftermath
The moments immediately following a car accident can be disorienting, but you need to try and stay calm and focused to ensure your safety and protect your future claim. Here are the crucial steps to take:
Safety First: Moving Vehicles, Checking Injuries
Your first priority should always be safety. If you’re able, move your vehicle out of traffic to avoid additional collisions. Turn on your hazard lights to alert other drivers. If anyone is seriously injured, call 911 right away.
If possible, check for injuries—yours and others’—before doing anything else. Even if you don’t feel hurt immediately, some injuries might not show up until later. It’s a good idea to seek medical attention right away, just to be sure.
Documenting the Scene: Photos, Witness Information, Police Reports
Documenting the accident is essential for your claim. Take clear, detailed photos of the accident scene, vehicle damage, tire marks, road conditions, and any other relevant details. These photos can provide important evidence for your case.
If there are any witnesses to the accident, ask for their contact information. Their statements could support your version of the events.
When the police arrive, file a report. The report will serve as an official record and can be vital in proving your case. Be sure to get a copy of the police report once it’s available.
Medical Evaluation Timeline
Even if you don’t feel any pain right away, it’s important to seek a medical evaluation within 24 hours. Some injuries, like whiplash, may take time to show symptoms. A timely medical evaluation helps establish the connection between the accident and your injuries, which will be important if you pursue a claim later on.
Insurance Process
The insurance process can feel like a maze, but knowing what to expect can help you move through it with confidence. Here are the steps involved:
Filing the Claim
After the accident, you’ll need to file a claim with your insurance company. Be prepared to provide all the necessary documentation, including accident details, medical reports, and photos.
Speaking with Adjusters
Insurance adjusters will review your claim, assess damages, and determine compensation. Be cautious when talking to them. Insurance companies may try to minimize your compensation offer. It’s helpful to have a personal injury lawyer on your side to ensure that you’re treated fairly and that you don’t settle for less than you deserve.
Common Coverage Issues
Insurance coverage can be complicated. In some cases, the at-fault party may not have sufficient coverage or may be uninsured. This can lead to delays or complications in getting the compensation you need. Your own insurance policy may offer additional coverage in such situations, such as underinsured or uninsured motorist coverage.
Timeline for Settlements
The timeline for settling a claim can vary. Some claims are resolved within a few months, while others may take longer, especially if negotiations are required or the case goes to court. Keep in mind that each case is unique, and an experienced attorney can help you understand the process and manage your expectations.
Medical Treatment
After a car accident, receiving the proper medical treatment is not only crucial for your recovery but also essential for building a strong case if you decide to pursue a claim. Injuries from car accidents can vary greatly, ranging from minor cuts and bruises to severe, life-changing conditions.
Types of Common Accident Injuries
Car accidents can lead to a wide range of injuries, some of which may not be immediately noticeable. Common injuries include:
Whiplash and Neck Injuries: Often caused by sudden stops or collisions, whiplash can lead to neck pain, stiffness, and headaches.
Back and Spinal Injuries: These can vary from mild strains to serious injuries, such as herniated discs or spinal cord damage.
Head and Brain Injuries: Concussions, traumatic brain injuries (TBI), and other head injuries can have lasting effects.
Fractures: Broken bones in the arms, legs, ribs, or other parts of the body are common in severe accidents.
Soft Tissue Damage: Injuries to muscles, tendons, or ligaments can cause significant pain and swelling.
Internal Injuries: Damage to organs, including the lungs, liver, or kidneys, may not be immediately visible but can be life-threatening.
Documentation Requirements
To support your claim, it’s important to keep accurate and detailed documentation of your medical treatment. This includes:
Medical Records: Keep a record of all your doctor visits, diagnoses, treatment plans, and prescriptions.
Bills and Receipts: Save all medical bills, receipts for medications, physical therapy, and any other out-of-pocket expenses.
Test Results: Document the results of any tests or imaging (such as X-rays or MRIs) that are necessary for diagnosing your injuries.
Treatment Plans: Keep track of the treatments prescribed, including physical therapy or follow-up appointments, and any changes in your condition.
Following Treatment Plans
Adhering to the treatment plan recommended by your healthcare providers is critical to your recovery. This not only ensures that you have the best chance at healing but also shows the insurance company that you are taking the necessary steps to recover. If you miss appointments or fail to follow medical advice, it could be used to argue that your injuries are less severe or not related to the accident.
Long-Term Care Considerations
Some injuries may require long-term care, especially if they involve the spine, brain, or other critical areas. Long-term care could include ongoing medical treatments, surgeries, rehabilitation, or lifestyle changes. When pursuing compensation, it’s essential to consider these future medical needs. The costs associated with long-term care—whether physical therapy, assisted living, or home care—should be factored into the claim to ensure you’re fully compensated for the lasting impact of your injuries.
Legal Considerations
As you deal with insurance companies and medical providers, legal considerations will also come into play. Here’s what to keep in mind:
Statute of Limitations
In Pennsylvania, you typically have two years from the date of the accident to file a personal injury lawsuit. While this may seem like a long time, it’s essential to act quickly, as evidence and witness testimonies can fade over time. Consulting with an attorney early on will ensure you don’t miss important deadlines.
When to Hire an Attorney
You must hire an attorney if you suffer severe injuries or experience complications with the insurance claim. If the at-fault party disputes liability, an attorney can help protect your rights and push back against any attempts to unjustly blame you for the crash and your injuries. Even if you only suffer minor injuries, an attorney can still help ensure you obtain the compensation you need to cover your medical bills and other related expenses.
Evidence Preservation
You must have strong evidence to support your claim. An attorney can help preserve key pieces of evidence, such as photos, witness statements, and medical records. They can even obtain surveillance video footage, if applicable. A lawyer knows how to use the evidence effectively in your case.
Dealing with the Other Party’s Insurance
Insurance companies are often focused on minimizing payouts. Having a lawyer who understands how to interact with the at-fault party’s insurance company can protect your rights and ensure you don’t get pressured into accepting an unfair settlement.
Settlement Process
Reaching a settlement is often the preferred outcome, as it saves time and avoids the stress of going to trial. Here’s how the settlement process typically works:
Calculating Damages
To determine how much compensation you may be entitled to, your attorney will calculate your damages. This includes medical expenses, lost wages, pain and suffering, property damage, and any future costs related to your injuries.
Negotiation Phases
Once the damages are calculated, your attorney will enter negotiations with the insurance company. The goal is to reach a fair settlement. The insurance company may offer a lower amount initially, but your attorney will advocate on your behalf in an effort to secure you full compensation.
Settlement vs. Litigation
Most car accident cases are settled out of court. However, if a fair settlement can’t be reached, your attorney may recommend filing a lawsuit. If your case does go to court, you’ll have someone who understands the process and can guide you through each step.
Timeline Expectations
The timeline for reaching a settlement or resolving a lawsuit can vary. While some cases may be settled in a few months, others could take much longer, especially if they go to trial. Your attorney will provide you with a more specific timeline based on the specifics of your case.
Common Mistakes to Avoid
Making certain mistakes can hurt your chances of getting the compensation you deserve. Here are some things to avoid:
Social Media Activity
Avoid posting about the accident or your injuries on social media. Insurance adjusters may use your posts against you, claiming that your injuries aren’t as severe as you’ve reported.
Early Settlement Acceptance
Insurance companies often offer settlements quickly, but these offers are usually much lower than what you deserve. Always consult with an attorney before accepting any offer.
Missing Documentation
Keep all documents related to the accident, including medical bills, repair estimates, and any correspondence with insurance companies. Missing or incomplete documentation can hurt your claim.
Gaps in Medical Treatment
If you miss medical appointments or delay treatment, the insurance company might argue that your injuries aren’t as serious as you say. Stay consistent with your treatment plan to avoid this issue.
Steps to Protect Your Rights
To protect your rights and maximize your compensation, consider the following steps:
Medical Record Collection
Gather all medical records related to your injuries, including doctor’s notes, test results, and receipts for treatments. These documents will support your claim.
Communication Documentation
Keep records of all communication with insurance companies and other parties involved in the case. This ensures that there is a clear record of what was discussed and agreed upon.
Expert Consultations
Consulting with a medical expert or accident reconstruction specialist can strengthen your case by providing additional evidence of the extent of your injuries and the cause of the accident.
Settlement Evaluation
Before accepting any settlement, your attorney will carefully evaluate the offer to ensure it reflects the full extent of your damages, both current and future.
Know Your State’s Insurance Laws
Understanding your state’s insurance laws is important when filing a claim. Pennsylvania follows a no-fault system. This means your own insurance covers your medical expenses, regardless of who caused the accident. If your injuries are severe, you may still pursue a claim against the at-fault driver.
Consult a Philadelphia Personal Injury Attorney
Hiring an experienced Philadelphia personal injury attorney can make a significant difference in the outcome of your claim. A skilled attorney will handle the legal complexities, negotiate with insurance companies, and advocate for your rights to ensure that you receive the compensation you deserve.
FDIC Enforcement Spotlights Deficiencies in Kansas Bank’s Anti-Money Laundering Program
On December 27, 2024, the Federal Deposit Insurance Corporation (FDIC) announced a notice of assessment of a civil money penalty against a Kansas-based bank. The action, originally brought in November, imposed a $20.4 million civil money penalty against the bank and alleged violations of the Bank Secrecy Act (BSA), 31 U.S.C. § 5311 et seq., for its failure to implement an adequate anti-money laundering and counter-terrorism program.
The FDIC asserts that between December 2018 and August 2020, the Bank’s AML/CFT compliance program failed to address risks associated with its high-volume international banking operations. These operations included processing $27 billion in wire transfers for foreign banks in 2018 alone and facilitating bulk cash shipments from Mexico. Specific deficiencies cited by the FDIC include:
Inadequate Internal Controls. The bank’s reliance on flawed AML monitoring software and manual reviews failed to detect red flags, such as large, suspicious transactions and activity linked to high-risk jurisdictions. Although the banks employed external auditors to analyze its BSA compliance, the complaint claims the testing was too limited and lacked sufficient data.
Customer Due Diligence Failures. The bank failed to establish and maintain an effective customer due diligence program, as the BSA Officer’s ongoing due diligence for the bulk cash business was limited to comparing actual to expected cash deposits without conducting denomination analysis or monitoring outgoing wire activity, resulting in missed data indicative of money laundering and terrorist financing risk.
Deficient Reporting. The bank failed to file hundreds of suspicious activity reports (SARs) required by federal law, and did not implement sufficient customer due diligence or foreign correspondent account monitoring. The FDIC also found that the bank’s BSA Officer was not properly empowered to make SAR filings, SAR filing decisions were instead made collectively by a committee consisting of various C-suite executives of the bank.
Unqualified Oversight. The appointed BSA officer during the relevant period lacked necessary experience and authority to manage the bank’s AML compliance program effectively, pointing to deficiencies in the bank’s BSA/AML training program.
The FDIC described the alleged violations as part of a “pattern of misconduct” and noted that the bank benefited financially from these failures, generating significant fee income.
Putting It Into Practice: The FDIC’s action was swiftly challenged by the bank. On November 19, it filed a complaint in the U.S. District Court for the District of Kansas challenging the FDIC’s findings, emphasizing that the bank ceased the operations in question in 2020 and took swift corrective actions. In its complaint, the bank also argues that the fine penalizes “years-old conduct” and disregards the bank’s current compliance improvements.
Listen to this post
Beating Bump-Up Exclusions: Policyholder Prevails In Coverage for Settlement of M&A Shareholder Lawsuit
A Delaware court recently refused to enforce a directors and officers liability policy’s “bump-up” exclusion to a $28 million class action settlement, finding that the company’s insurers unjustifiably denied coverage. The decision, which is one of several recent bump-up D&O coverage disputes, provides valuable insights for corporate policyholders seeking coverage for M&A-related claims and settlements with shareholders.
Background
In connection with the sale of Harman International in 2017, a class of Harman stockholders filed a securities class action lawsuit alleging that disclosures made in connection with the sale were misleading and violated Section 14(a) and Section 20(a) of the Securities Exchange Act of 1934 (the “Baum action”). The Baum action was settled for $28 million. When Harman’s D&O liability insurers denied coverage under the policies’ so-called “bump-up” exclusion, the company sued for breach of contract and sought a declaratory judgment that the settlement was covered in full by the policies.
Bump-up exclusions are frequently found in D&O insurance policies. While the wording varies among policies, bump-up provisions bar coverage for settlements or judgments in deal-related litigation where the “loss” constitutes an increase (i.e., a bump-up) in the purchase price of the company. While insurers may agree to defend insureds against alleged wrongful acts in negotiating or approving the deal, they will not effectively fund the purchase price of the acquired company.
In the Harman transaction, the insurers rejected the claim by invoking the bump-up exclusion, which barred coverage for all claims alleging that the price “paid for the acquisition . . . of all or substantially all of the ownership interest in or assets of an entity is inadequate” and where the loss “represent[s] the amount by which such price or consideration is effectively increased.” Because the Baum action demanded the difference in price the shareholders received and the true value at the time of the acquisition, the insurers argued the settlement was excluded from coverage.
The Court’s Analysis
In a January 3 opinion, the Delaware Superior Court agreed with Harman and held that the insurers had wrongfully denied coverage for the settlement. In deciding that the bump-up exclusion did not apply, the court focused on three elements of the exclusion: (1) whether the settlement related to an underlying “acquisition”; (2) whether “inadequate deal price” was a viable remedy sought in the underlying litigation; and (3) whether the settlement represented an effective increase in transaction consideration. The insurers carried the burden to show that all elements were satisfied.
The Nature of the Transaction. The parties disagreed on whether the transaction, which was structured as a reverse triangle merger, was an “acquisition” potentially within the bump-up provision.
The court determined that the Harman transaction was an “acquisition” because, among other reasons, the transaction resulted in the buyer owning 100% of Harman, which was in effect an acquisition. Other factors, like Harman’s post-transaction legal status and cancellation of Harman’s shares, also supported Harmon being acquired. Finally, the court pointed to Harman’s own Form 8-K filed with the Securities and Exchange Commission, which described the transaction as an “acquisition.” The court found that these factors, taken together, made the transaction an “acquisition” as such term was used in the bump-up exclusion.
The Viability of Alleged Damages. Harman contended that the settlement could not constitute an increase in inadequate deal consideration because a Section 14(a) claim can’t be used to obtain damages for inadequate consideration. The insurers disagreed, contending that the settlement had to represent an increase in deal price because the Baum complaint expressly sought damages equal to the difference between Harman’s true value and the price paid to the shareholders when the transaction closed.
The court acknowledged that the Baum action alleged inadequate consideration, but the court emphasized that damages for an undervalued deal were not a viable remedy under Sections 14(a) and 20(a) of the Securities Exchange Act of 1934. Rather, the court said those claims focus on the accuracy of the proxy statement’s disclosures and did not raise any claims authorizing the court to remedy an inadequate deal price.
The Purpose of the Settlement. Lastly, the court examined the settlement and concluded it did not represent an increase in the deal price. The insurers contended that the settlement resulted in an increase in consideration because the settlement amount was based in part on the alleged fair value of Harman stock compared to what Harman shareholders actually received.
Harman argued that the settlement represented only the value of legal expenses that it avoided by not litigating. The court looked no further than the agreement itself, which denied liability and stated the sole purpose of the settlement was to avoid litigation. The $28 million settlement price closely resembled the estimated legal fees and was not in line with the potential increased deal consideration, which the court estimated would be over $279 million. Therefore, the court concluded that the Baum settlement did not constitute an adjustment of the consideration offered to Harman’s stockholders to complete the acquisition.
Discussion
The Harman decision has several takeaways for policyholders.
Deals Driving D&O Disputes. As insurers continue to test the limits of these exclusions, bump-up disputes continue to make headlines and drive high-value, contentious coverage litigation for deal-related D&O claims. The Harman decision is the latest example of judges grappling with enforcement of bump-up language in different scenarios, including other cases in Delaware, which have had varying outcomes for policyholders.
The recent win is significant, especially for policyholders incorporated in Delaware that may be more inclined to pursue coverage litigation in the First State where the Delaware Supreme Court has stated that Delaware law should apply to disputes over D&O policies sold to Delaware companies.
Insurers Have High Burdens. The decision reinforces the difficult burden that insurers should face in proving that a loss fits within a bump-up exclusion, especially in the context of a settlement rather than judicial decision on the merits. The court resolved the dispute through the “norm” that a bump-up exclusion is “construed narrowly” and that any ambiguity must be interpreted in favor of coverage. And a bump-up provision should apply only “if the settlement clearly declares that its purpose is to remedy inadequate consideration given in an acquisition.” While the Harman court felt that this standard was “beyond debate,” not all courts interpreting similar exclusionary provisions have been so clear in holding insurers to this burden, so it will surely be a welcome reminder for policyholders assessing deal-related D&O claims.
Allegations, Even of Inadequate Consideration, Are Not Dispositive. The insurers cited allegations of an “undervalued” acquisition resulting in damages calculated as “the difference between the price Harman shareholders received and Harman’s true value at the time of the Acquisition.” But the court more closely followed the language of the bump-up exclusion. The provision required not just that plaintiffs alleged inadequate consideration in the deal but that the loss “represent” an effective increase in consideration. The court only looked to the complaint to assess whether inadequate consideration was a viable remedy under the theories of liability alleged. Because cured inadequate deal price wasn’t available for Section 14(a) and Section 20(a) securities claims, the plaintiff’s “bare request” for relief for inadequate price was not enough. This will be welcome to policyholders because stockholder-plaintiffs routinely assert a variety of theories and purported damages in M&A litigation which should not necessarily dictate the nature of the settlement.
Consider Insurance Early and Often. The decision provides a roadmap of key issues for policyholders to consider when thinking about potential coverage in deal-related litigation. It starts with the structure of the deal itself, which here was a reverse triangular merger that Harman argued did not fit within the exclusion’s applicability to “acquisitions.” While the court did not accept that position, it pointed to a statement in Harman’s Form 8-K calling the deal an “acquisition” to suggest that the company in some sense understood it to be an acquisition.
More importantly, the court emphasized two aspects of the settlement agreement itself in determining the nature of the settlement: an express denial by the policyholder of any wrongdoing or liability; and statements that the reason for the settlement was “solely” to avoid protracted and expensive litigation and that it would be “beneficial to avoid costs, uncertainty, and risks” inherent in such litigation. This was not necessarily dispositive to the case. Given the lack of evidence from the insurers that might show the settlement was an effective increase in merger consideration, it may not have mattered if the settlement agreement read differently. But when faced with evidence that the settlement represented the estimated litigation costs, the court declined to speculate and rejected the insurers’ bump-up defense.
Conclusion
The Harman decision shows the continued importance of bump-up exclusions and how they can lead to coverage disputes in deal-related litigation. Policyholders need to understand whether their D&O policy has problematic exclusionary language and, if so, whether to address it before pursuing an M&A transaction. The decision also provides guidance for settlement strategies that may maximize coverage.
Recovering From Los Angeles-Area Wildfires: Initial Steps After Loss or Damage to Your Home, Business or Other Property
Highlights
The January 2025 wildfires in Los Angeles have caused widespread destruction to homes, businesses, and other property, leaving affected individuals and businesses dependent on insurance for recovery
Insurance companies may attempt to deny or limit coverage in response to the surge of claims, making it important for policyholders to understand their rights and coverage options
Affected businesses and individuals should consider taking immediate steps, such as notifying insurers, documenting damages, reviewing insurance policies, and tracking additional living expenses to ensure comprehensive claims
The January 2025 Palisades, Altadena/Pasadena, and other wildfires in the Los Angeles area have fundamentally altered the lives of our clients, colleagues, friends, and family members, causing destruction and damage to homes, businesses, vehicles, educational and religious institutions, community centers, and other property. Affected people and businesses will be relying on their insurance companies to pay their loss and help them rebuild their lives. Insurance companies may respond to the wave of claims by looking for ways to deny and/or limit coverage.
In the aftermath of the fires, many policyholders may be unfamiliar with the first steps to consider taking from a best practices perspective after suffering a loss like this. A non-exhaustive list of initial steps to consider is as follows:
Put your insurance company on notice immediately of any claim or potential claim related to fire damage, such as from the Palisades fire. Depending on what has been damaged (i.e., structures or vehicles), multiple policies and insurers may be implicated. It is common to give notice of your loss through your insurance broker and/or agent.
Take time to locate and review complete copies of your insurance policies now. They may be available through your agent or broker or on the insurer’s website.
Review all applicable coverage and consider discussing with your broker or with insurance coverage counsel to understand the policy benefits to which you are entitled.
To the extent possible and once safe to do so, document all loss and damage from the fire, including both photos and videos. Preserve documentary evidence necessary to support your insurance claim.
Take an inventory of your personal property, furniture, appliances, etc., including gathering pictures and electronic or paper receipts documenting purchases.
Track and keep receipts of your extra living expenses while you are displaced, including receipts of meals, transportation, and hotels and other paid accommodations, etc.
Consider demanding that your insurance company advance all available policy benefits immediately, including but not limited to benefits for alternative housing or business interruption. Generally, alternative housing should be comparable to your living arrangements prior to the loss and damage. Many policies also cover debris cleanup and various other coverage relevant to fire damage.
Expect the insurance company to try to minimize its financial obligations in response to your claim. Take time to thoroughly evaluate and consider all communications from your insurance carrier carefully and do not agree to their adjustment of the claim without fully understanding their methodology and logic.
Even if your home or business has not been destroyed, smoke in and of itself can cause recoverable damage under the meaning of property policies. Insurers often take the position that smoke damage alone is not covered. A best practice is not to accept this at face value.
Property policies often contain a shorter deadline to sue than other types of policies and contracts, which deadline can be as short as one or two years from the date of the loss. Consider carefully evaluating the deadline to sue in case any disputes with insurers arise.
The BR Privacy & Security Download: January 2025
Must Read! The U.S. Department of Health and Human Services Office for Civil Rights recently proposed an amendment to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule to strengthen cyber security protections for electronic protected health information. Read the full alert to learn more about the first significant update to HIPAA’s Security Rule in over a decade. Read More > >
STATE & LOCAL LAWS & REGULATIONS
Five New State Comprehensive Privacy Laws Effective in January with Three More to Follow in 2025: With the start of the new year, five new state comprehensive privacy laws have become effective. The comprehensive privacy laws of Delaware, Iowa, Nebraska, and New Hampshire became effective on January 1, 2025, and New Jersey’s law will come into effect on January 15, 2025. Tennessee, Minnesota, and Maryland will follow suit and take effect on July 1, 2025, July 31, 2025, and October 1, 2025, respectively. Companies should review their privacy compliance programs to identify potential compliance gaps with differences in the increasing patchwork of state laws.
Colorado Issues Proposed Draft Amendments to CPA Rules: The Colorado Attorney General announced the adoption of amendments to the Colorado Privacy Act (“CPA”) rules. The rules will become effective on January 30, 2025. The rules provide enhanced protections for the processing of biometric data as well as the processing of the online activities of minors. Specifically, companies must develop and implement a written biometric data policy, implement appropriate security measures regarding biometric data, provide notice of the collection and processing of biometric data, obtain employee consent for the processing of biometric data, and provide a right of access to such data. In the context of minors, the amendment requires that entities obtain consent prior to using any system design feature designed to significantly increase the use of an online service of a known minor and to update the Data Protection Assessments to address processing that presents heightened risks to minors. Entities already subject to the CPA should carefully review whether they may have heightened obligations for the processing of employee biometric data, a category of data previously exempt from the scope of the CPA.
CPPA Announces Increased Fines and Penalties Under CCPA: The California Privacy Protection Agency (“CPPA”), the enforcement authority of the California Consumer Privacy Act (“CCPA”), has adjusted the fines and monetary thresholds of the CCPA. Under the CCPA, in January of every odd-numbered year, the CPPA must make this adjustment to account for changes in the Consumer Price Index. The CPPA has increased the monetary thresholds of the CCPA from $25,000,000 to $26,625,000. The CPPA also increased the range of monetary damages from between $100 to $750 per consumer per incident or actual damages (whichever is greater) to $107 to $799. The range of civil penalties and administrative fine amounts further increased from $2,500 for each violation of the CCPA or $7,500 for each intentional violation and violations involving the personal information of children under 16 to $2,663 and $7,988, respectively. The new amounts went into effect on January 1, 2025.
Connecticut State Senator Previews Proposed Legislation to Update State’s Comprehensive Privacy Law: Connecticut State Senator James Maroney (D) has announced that he is drafting a proposed update to the Connecticut Privacy Act that would expand its scope, provide enhanced data subject rights, include artificial intelligence (“AI”) provisions, and potentially eliminate certain exemptions currently available under the Act. Senator Maroney expects that the proposed bill could receive a hearing by late January or early February. Although Maroney has not published a draft, he indicated that the draft would likely (1) reduce the compliance threshold from the processing of the personal data of 100,000 consumers to 35,000 consumers; (2) include AI anti-discrimination measures, potentially in line with recent anti-discrimination requirements in California and Colorado; (3) expand the definition of sensitive data to include religious beliefs and ethnic origin, in line with other state laws; (4) expand the right to access personal data under the law to include a right to access a list of third parties to whom personal data was disclosed, mirroring similar rights in Delaware, Maryland, and Oregon; and (5) potentially eliminate or curtail categorical exemptions under the law, such as that for financial institutions subject to the Gramm-Leach-Bliley Act.
CPPA Endorses Browser Opt-Out Law: The CPPA’s board voted to sponsor a legislative proposal that would make it easier for California residents to exercise their right to opt out of the sale of personal information and sharing of personal information for cross-context behavioral advertising purposes. Last year, Governor Newsome vetoed legislation with the same requirements. Just as last year’s vetoed legislation, the legislative proposal sponsored by the CPPA requires browser vendors to include a feature that allows users to exercise their opt-out right through opt-out preference signals. Under the CCPA, businesses are required to honor opt-out preference signals as valid opt-out requests. Opt-out preference signals allow a consumer to exercise their opt-out right with all businesses they interact with online without having to make individualized requests with each business. If the proposal is adopted, California would be the first state to require browser vendors to offer consumers the option to enable these signals. Six other states (Colorado, Connecticut, Delaware, Montana, Oregon, and Texas) require businesses to honor browser privacy signals as an opt-out request.
FEDERAL LAWS & REGULATIONS
HHS Proposes Updates to HIPAA Security Rule: The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule to strengthen cybersecurity protections for electronic protected health information (“ePHI”). The NPRM proposes the first significant updates to HIPAA’s Security Rule in over a decade. The NPRM makes a number of updates to the administrative, physical, and technical safeguards specified by the Security Rule, removes the distinction between “required” and “addressable” implementation specifications, and makes all implementation specifications “required” with specific, limited exceptions.
Trump Selects Andrew Ferguson as New FTC Chair: President-elect Donald Trump has selected current Federal Trade Commission (“FTC”) Commissioner Andrew Ferguson to replace Lina Khan as the new FTC Chair. Ferguson is one of two Republicans of the five FTC Commissioners and has been a Commissioner since April of 2024. Prior to becoming an FTC Commissioner, Ferguson served as Virginia’s solicitor general. During his time as an FTC Commissioner, Ferguson dissented from several of Khan’s rulemaking efforts, including a ban on non-compete clauses in employment contracts. Separately, Trump also selected Mark Meador to be an FTC Commissioner. Once Meador is confirmed to give the FTC a Republican majority, a Republican-led FTC under Ferguson may deprioritize rulemaking and enforcement efforts relating to privacy and AI. In a leaked memo first reported by Punchbowl News, Ferguson wrote to Trump that, under his leadership, the FTC would “stop abusing FTC enforcement authorities as a substitute for comprehensive privacy legislation” and “end the FTC’s attempt to become an AI regulator.”
FERC Updates and Consolidates Cybersecurity Requirements for Gas Pipelines : The U.S. Federal Energy Regulatory Commission (“FERC”) has issued a final rule to update and consolidate cybersecurity requirements for interstate natural gas pipelines. Effective February 7, 2025, the rule adopts Version 4.0 of the Standards for Business Practices of Interstate Natural Gas Pipelines, as approved by the North American Energy Standards Board (“NAESB”). This update aims to enhance the efficiency, reliability, and cybersecurity of the natural gas industry. The new standards consolidate existing cybersecurity protocols into a single manual, streamlining processes and strengthening protections against cyber threats. This consolidation is expected to make it easier and faster to revise cybersecurity standards in response to evolving threats. The rule also aligns with broader U.S. government efforts to prioritize cybersecurity across critical infrastructure sectors. Compliance filings are required by February 3, 2025, and the standards must be fully adhered to by August 1, 2025.
House Taskforce on AI Delivers Report to Address AI Advancements: The House Bipartisan Task Force on Artificial Intelligence (the “Task Force”) submitted its comprehensive report to Speaker Mike Johnson and Democratic Leader Hakeem Jeffries. The Task Force was created to ensure America’s continued global leadership in AI innovation with appropriate safeguards. The report advocates for a sectoral regulatory structure and an incremental approach to AI policy, ensuring that humans remain central to decision-making processes. The report provides a blueprint for future Congressional action to address advancements in AI and articulates guiding principles for AI adoption, innovation, and governance in the United States. Key areas covered in the report include government use of AI, federal preemption of state AI law, data privacy, national security, research and development, civil rights and liberties, education and workforce development, intellectual property, and content authenticity. The report aims to serve as a roadmap for Congressional action, addressing the potential of AI while mitigating its risks.
CFPB Proposes Rule to Restrict Sale of Sensitive Data: The Consumer Financial Protection Bureau (“CFPB”) proposed a rule that would require data brokers to comply with the Fair Credit Reporting Act (“FCRA”) when selling income and certain other consumer financial data. CFPB Director Rohit Chopra stated the new proposed rule seeks to limit “widespread evasion” of the FCRA by data brokers when selling sensitive personal and financial information of consumers. Under the proposed rule, data brokers could sell financial data only for permissible purposes under the FCRA, including checking on loan applications and fraud prevention. The proposed rule would also limit the sale of personally identifying information known as credit header data, which can include basic demographic details, including names, ages, addresses, and phone contacts.
FTC Issues Technology Blog on Mitigating Security Risks through Data Management, Software Development and Product Design: The Federal Trade Commission (“FTC”) published a blog post identifying measures that companies can take to limit the risks of data breaches. These measures relate to security in data management, security in software development, and security in product design for humans. The FTC emphasizes comprehensive governance measures for data management, including (1) enforcing mandated data retention schedules; (2) mandating data deletion in accordance with these schedules; (3) controlling third-party data sharing; and (4) encrypting sensitive data both in transit and at rest. In the context of security in software development, the FTC identified (1) building products using memory-safe programming languages; (2) rigorous testing, including penetration and vulnerability testing; and (3) securing external product access to prevent unauthorized remote intrusions as key security measures. Finally, in the context of security in product design for humans, the FTC identified (1) enforcing least privilege access controls; (2) requiring phishing-resistant multifactor authentication; and (3) designing products and services without the use of dark patterns to reduce the over-collection of data. The blog post contains specific links to recent FTC enforcement actions specifically addressing each of these issues, providing users with insight into how the FTC has addressed these issues in the past. Companies reviewing their security and privacy governance programs should ensure that they consider these key issues.
U.S. LITIGATION
Texas District Court Prevents HHS from Enforcing Reproductive Health Privacy Rule Against Doctor: The U.S. District Court for the Northern District of Texas ruled that a Texas doctor is likely to prevail on her claim that HHS exceeded its statutory authority when it adopted an amendment to the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule that protects reproductive health care information and enjoined HHS from enforcing the rule against her. The 2024 amendment to the HIPAA Privacy Rule prohibits covered entities from disclosing information that could lead to an investigation or criminal, civil, or administrative liability for seeking, obtaining, providing, or facilitating reproductive health care. The Court stated that the rule likely unlawfully interfered with the plaintiff’s state-law duty to report suspected child abuse in violation of Congress’s delegation to the agency to enact rules interpreting HIPAA without limiting any law providing for such reporting. The plaintiff argued that, under Texas law, she is obligated to report instances of child abuse within 48 hours, and that relevant requests from Texas regulatory authorities demand the full, unredacted patient chart, which for female patients includes information about menstrual periods, number of pregnancies, and other reproductive health information, among other reproductive health information.
Attorneys General Oppose Clearview AI Biometric Data Privacy Settlement: A proposed settlement in the Clearview AI Illinois Biometric Information Privacy Act (“BIPA”) litigation is facing opposition from 22 states and the District of Columbia. The Attorneys General of each state argue that the settlement, which received preliminary approval in June 2024, lacks meaningful injunctive relief and offers an unusual financial stake in Clearview AI to plaintiffs. The settlement would grant the class of consumers a 23 percent stake in Clearview AI, potentially worth $52 million, based on a September 2023 valuation. Alternatively, the class could opt for 17 percent of the company’s revenue through September 2027. The AGs contend the settlement doesn’t adequately address consumer privacy concerns and the proposed 39 percent attorney fee award is excessive. Clearview AI has filed a motion to dismiss the states’ opposition, arguing it was submitted after the deadline for objections. A judge will consider granting final approval for the settlement at a hearing scheduled on January 30, 2025.
Federal Court Upholds New Jersey’s Daniel’s Law, Dismissing Free Speech Challenges: A federal judge affirmed the constitutionality of New Jersey’s Daniel’s Law, dismissing First Amendment objections raised by data brokers. Enacted following the murder of Daniel Anderl, son of U.S. District Judge Esther Salas, the law permits covered individuals—including active, retired, and former judges, prosecutors, law enforcement officers, and their families—to request the removal of personal details, such as home addresses and unpublished phone numbers, from online platforms. Data brokerage firms that find themselves on the receiving end of such requests are mandated by the statute to comply within ten (10) business days, with penalties for non-compliance including actual damages or a $1,000 fine for each violation, as well as potential punitive damages for instances of willful disregard. Notably, in 2023, Daniel’s Law was amended to allow claim assignments to third parties, resulting in over 140 lawsuits filed by a single consumer data protection company: Atlas Data Privacy Corporation. Atlas Data, a New Jersey firm specializing in data deletion, has emerged as a significant force in this litigation, utilizing Daniel’s Law to challenge data brokers on behalf of around 19,000 individuals. The court, in upholding Daniel’s Law, emphasized its critical role in safeguarding public officials while concurrently ensuring public oversight remains strong. Although data brokers contended that the law infringed on free speech and unfairly targeted their operations, the court dismissed these claims as lacking merit, instead placing significant emphasis on the statute’s relatively focused scope and substantial state interest at play. Although unquestionably a significant victory for advocates of privacy rights, the judge permitted an immediate appeal by the data brokers.
GoodRx Settles Class Action Suit Over Alleged Data Sharing Violations: GoodRx has agreed to a $25 million settlement in a class-action lawsuit alleging the company violated privacy laws by sharing users’ sensitive health data with advertisers like Meta Platforms, Google, and Criteo Corp. The settlement, if approved, would resolve a lawsuit filed in February 2023. The lawsuit followed an FTC action alleging that GoodRx shared information about users’ prescriptions and health conditions with advertising companies. GoodRx settled the FTC matter for $1.5 million. The proposed class in the class-action lawsuit is estimated to be in the tens of millions and would give each class member an average recovery ranging from $3.31 to $11.03. The settlement also allows the plaintiffs to use information from GoodRx to pursue their claims against the other defendants, including Meta, Google, and Criteo.
23andMe Data Breach Suit Settlement Approved: A federal judge approved a settlement to resolve claims that alleged 23andMe Inc. failed to secure the sensitive personal data causing a data breach in 2023. According to 23andMe, a threat actor was able to access roughly 14,000 user accounts through credential stuffing, which further enabled access to the personal information that approximately 6.9 million users made available through 23andMe’s DNA Relative and Family Tree profile features. Under the terms of the $30 million settlement, class members will receive cash compensation and three years of data monitoring services, including genetic services.
U.S. ENFORCEMENT
FTC Takes Action Against Company for Deceptive Claims Regarding Facial Recognition Software: The Federal Trade Commission (“FTC”) announced that it has entered into a settlement with IntelliVision Technologies Corp. (“IntelliVision”), which provides facial recognition software used in home security systems and smart home touch panels. The FTC alleged that IntelliVision’s claims that it had one of the highest accuracy rates on the market, that its software was free of gender or racial bias, and was trained on millions of faces was false or misleading. The FTC further alleged that IntelliVision did not have adequate evidence to support its claim that its anti-spoofing technology ensures the system cannot be tricked by a photo or video image. The proposed order against IntelliVision specifically prohibits IntelliVision from misrepresenting the effectiveness, accuracy, or lack of bias of its facial recognition technology and its technology to detect spoofing, and the comparative performance of the technology with respect to individuals of different genders, ethnicities, and skin tones.
FTC Settles Enforcement Actions with Data Brokers for Selling Sensitive Location Data: The FTC announced settlements with data brokers Gravy Analytics Inc. (“Gravy Analytics”) and Mobilewalla, Inc. (“Mobilewalla”) related to the tracking and sale of sensitive location data of consumers. According to the FTC, Gravy Analytics violated the FTC Act by unfairly selling sensitive consumer location data, by collecting and using consumers’ location data without obtaining verifiable user consent for commercial and government uses, and by selling data regarding sensitive characteristics such as health or medical decisions, political activities, and religious views derived from location data. Under the proposed settlement, Gravy Analytics will be prohibited from selling, disclosing, or using sensitive location data in any product or service, delete all historic location data and data products using such data, and must establish a sensitive data location compliance program. Separately, the FTC settled allegations against Mobilewalla stemming from allegations that Mobilewalla collected location data from real-time bidding exchanges and third-party aggregators, including data related to health clinic visits and visits to places of worship, without the knowledge of consumers, and subsequently sold such data. According to the FTC, when Mobilewalla bid to place an ad for its clients on a real-time advertising bidding exchange, it unfairly collected and retained the information in the bid request, even when it didn’t have a winning bid. Under the proposed settlement, Mobilewalla will be prohibited from selling sensitive location data and from collecting consumer data from online advertising auctions for purposes other than participating in those auctions.
Texas Attorney General Issues New Warnings Under State’s Comprehensive Privacy Law: The Texas Attorney General issued warnings to satellite radio broadcaster Sirius XM and three mobile app providers that they appear to be sharing sensitive data of consumers, including location data, without proper notification or obtaining consent. The letter warnings did not come with a press release or other public statement and were reported by Recorded Future News, who obtained the notices through a public records request. The letter to Sirius XM stated that the Attorney General’s office found a number of violations of the Texas Data Privacy and Security Act by the Sirius XM privacy notice, including failing to provide reasonably clear notice of the categories of sensitive data being processed and processing sensitive data without appropriate consent. Similar letters were sent to mobile app providers stating that the providers failed to obtain consumer consent for data sharing or including information on how consumers could exercise their rights under Texas law.
Texas Attorney General Launches Investigations Into 15 Companies for Children’s Privacy Practices: The Texas Attorney General’s office announced it had launched investigations into Character.AI and 14 other companies including Reddit, Instagram, and Discord. The Attorney General’s press release stated that the investigations related to the companies’ privacy and safety practices for minors pursuant to the Securing Children Online through Parental Empowerment (“SCOPE”) Act and the Texas Data Privacy and Security Act (“TDPSA”). Details of the Attorney General’s allegations were not provided in the announcement. The TDPSA requires companies to provide notice and obtain consent to collect and use minors’ personal data. The SCOPE Act prohibits digital service providers from sharing, disclosing, or selling a minor’s personal identifying information without permission from the child’s parent or legal guardian and provides parents with tools to manage privacy settings on their child’s account.
HHS Imposes Penalty Against Medical Provider for Impermissible Access to PHI and Security Rule Violations: The U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) announced that it imposed a $1.19 million civil penalty against Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute (“GCPC”) for violations of the HIPAA Security Rule arising from a data breach. GCPC’s former contractor had impermissibly accessed GCPC’s electronic medical record system to retrieve protected health information (“PHI”) for use in potential fraudulent Medicare claims. OCR’s investigation determined that the impermissible access occurred on three occasions, affecting approximately 34,310 individuals. The compromised PHI included patient names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, chart numbers, insurance information, and primary care information. OCR’s investigations revealed multiple potential violations of the HIPAA Security Rule, including failures to conduct a compliant risk analysis and implement procedures to regularly review records of activity in information systems and terminate former workforce members’ access to electronic PHI.
HHS Settles with Health Care Clearinghouse for HIPAA Security Rule Violations: OCR announced a settlement with Inmediata Health Group, LLC (“Inmediata”), a healthcare clearinghouse, for potential violations of the HIPAA Security Rule, following OCR’s receipt of a 2018 complaint that PHI was accessible to search engines like Google, on the Internet. OCR’s investigation determined that from May 2016 through January 2019, the PHI of 1,565,338 individuals was made publicly available online. The PHI disclosed included patient names, dates of birth, home addresses, Social Security numbers, claims information, diagnosis/conditions, and other treatment information. OCR’s investigation also identified multiple potential HIPAA Security Rule violations including failures to conduct a compliant risk analysis and to monitor and review Inmediata’s health information systems’ activity. Under the settlement, Inmediata paid OCR $250,000. OCR determined that a corrective action plan was not necessary in this resolution as Inmediata had previously agreed to a settlement with 33 states that included corrective actions that addressed OCR’s findings.
New York State Healthcare Provider Settles with Attorney General Regarding Allegations of Cybersecurity Failures: HealthAlliance, a division of Westchester Medical Center Health Network (“WMCHealth”), has agreed to pay a $1.4 million fine, with $850,000 suspended, due to a 2023 data breach affecting over 240,000 patients and employees in New York State. The breach at issue, which occurred between September and October 2023, was reportedly caused by a security flaw in Citrix NetScaler—a tool used by many organizations to optimize web application performance and availability by reducing server load—that went unpatched. Although HealthAlliance was made aware of the vulnerability, they were unsuccessful in patching it due to technical difficulties, ultimately resulting in the exposure of 196 gigabytes of data, including particularly sensitive information like Social Security numbers and medication records. As part of its agreement with New York State, HealthAlliance must enhance its cybersecurity practices by implementing a comprehensive information security program, developing a data inventory, and enforcing a patch management policy to address critical vulnerabilities within 72 hours. For more details, view the press release from the New York Attorney General’s office.
HHS Settles with Children’s Hospital for HIPAA Privacy and Security Violations: OCR announced a $548,265 civil monetary penalty against Children’s Hospital Colorado (“CHC”) for violations of the HIPAA Privacy and Security Rules arising from data breaches in 2017 and 2020. The 2017 data breach involved a phishing attack that compromised an email account containing 3,370 individuals’ PHI and the 2020 data breach compromised three email accounts containing 10,840 individuals’ PHI. OCR’s investigation determined that the 2017 data breach occurred because multi-factor authentication was disabled on the affected email account. The 2020 data breach occurred, in part, when workforce members gave permission to unknown third parties to access their email accounts. OCR found violations of the HIPAA Privacy Rule for failure to train workforce members on the HIPAA Privacy Rule, and the HIPAA Security Rule requirement to conduct a compliant risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems.
INTERNATIONAL LAWS & REGULATIONS
Italy Imposes Landmark GDPR Fine on AI Provider for Data Violations: In the first reported EU penalty under the GDPR relating to generative AI, Italy’s data protection authority, the Garante, fined OpenAI 15 million euros for breaching the European Union’s General Data Protection Regulation (“GDPR”). The penalty was linked to three specific incidents involving OpenAI: (1) unauthorized use of personal data for ChatGPT training without user consent, (2) inadequate age verification risking exposure of minors to inappropriate content, and (3) failure to report a March 2023 data breach that exposed users’ contact and payment information. The investigation into OpenAI, which began after the Garante was made aware of the March 2023 breach, initially resulted in Italy temporarily blocking access to ChatGPT but eventually reinstated it after OpenAI made concrete improvements to its age verification and privacy policies. Alongside the monetary penalty, OpenAI is additionally mandated to conduct a six-month public awareness campaign in Italy to educate the Italian public on data collection and individual user rights under GDPR. OpenAI has said that it plans to appeal the Garante’s decision, arguing that the fine exceeds its revenue in Italy.
Australian Parliament Approves Privacy Act Reforms and Bans Social Media Use by Minors: The Australian Parliament passed a number of privacy bills in December. The bills include reforms to the Australian Privacy Act, a law requiring age verification by social media platforms, and a law banning social media use by minors under the age of 16. Privacy Act reforms include new enforcement powers for the Office of the Australian Information Commissioner that clarify when “serious” breaches of the Privacy Act occur and allow the OAIC to bring civil penalty proceedings for lesser breaches. Other reforms include requiring entities that use personal data for automated decision-making to include in their privacy notices information about what data is used for automated decision-making and what types of decisions are made using automated decision-making technology.
EDPB Releases Opinion on Personal Data Use in AI Models: In response to a formal request from Ireland’s Data Protection Commission asking for clarity about how the EU General Data Protection Regulation (“GDPR”) applies to the training of large language models with personal data, the European Data Protection Board (“EDPB”) released its opinion regarding the lawful use of personal data for the development and deployment of artificial intelligence models (the “Opinion”). The Irish Data Protection Commission specifically requested EDPB to opine on: (1) when and how an AI model can be considered anonymous, (2) how legitimate interests can be used as the legal basis in the development and deployment phases of an AI model, and (3) the consequences of unlawful processing in the development phase of an AI model on its subsequent operation. With respect to anonymity, the EDPB stated this should be analyzed on a case-by-case basis taking into account the likelihood of obtaining personal data of individuals whose data was used to build the model and the likelihood of extracting personal data from queries. The Opinion describes certain methods that controllers can use to demonstrate anonymity. With respect to the use of legitimate interest as a legal basis for processing, the EDPB restated a three-part test to assess legitimate interest from its earlier guidance. Finally, the EDPB reviewed several scenarios in which personal data may be unlawfully processed to develop an AI model.
Second Draft of General-Purpose AI Code of Practice Published: The European Commission announced that independent experts published the Second Draft of the General Purpose AI Code of Practice. The AI Code of Practice is designed to be a guiding document for providers of general-purpose AI models, allowing them to demonstrate compliance with the AI Act. Under the EU AI Act, providers are persons or entities that develop an AI system and place that system on the market. This second draft is based on the responses and comments received on the first draft and is designed to provide a “future-proof” code. The first part of the Code details transparency and copyright obligations for all providers of general-purpose AI models. The second part of the Code applies to providers of advanced general-purpose AI models that could pose systemic risks. This section outlines measures for systemic risk assessment and mitigation, including model evaluations, incident reporting, and cybersecurity obligations. The Second Draft will be open for comments until January 15, 2025.
NOYB Approved to Bring Collective Redress Claims: The Austrian-based non-profit organization None of Your Business (“NOYB”) has been approved as a Qualified Entity in Austria and Ireland, enabling it to pursue collective redress actions across the European Union (“EU”). Famous for challenging the EU-US data transfer framework through its Schrems I and II actions, NOYB intends to use the EU’s collective action redress system to challenge what it describes as unlawful processing without consent, use of deceptive dark patterns, data sales, international data transfers, and use of “absurd” language in privacy policies. Unlike US class actions, these EU actions are strictly non-profit. However, they do provide for both injunctive and monetary redress measures. NOYB intends to bring its first actions in 2025. Click here to learn more and read NOYB’s announcement.
EDPB Issues Guidelines on Third Country Authority Data Requests: The EDPB published draft guidelines on Article 48 of the GDPR relating to the transfer or disclosure of personal data to a governmental authority in a third country (the “Guidelines”). The Guidelines state that, as a general rule, requests from governmental authorities are recognizable and enforceable under applicable international agreements. The Guidelines further state that any such transfer must also comply with Article 6 with respect to legal basis for processing and Article 46 regarding legal mechanism for international data transfer. The Guidelines will be available for public consultation until January 27, 2025.
Irish DPC Fines Meta €251 Million for Violations of the GDPR: The Irish Data Protection Commission (DPC) fined Meta €251 million following a 2018 data breach that affected 29 million Facebook accounts globally, including 3 million in the European Union. The breach exposed personal data such as names, contact information, locations, birthdates, religious and political beliefs, and children’s data. The DPC found that Meta Ireland violated General Data Protection Regulation (GDPR) Articles 33(3) and 33(5) by failing to provide complete information in their breach notification and to properly document the breach. Furthermore, Meta Ireland infringed GDPR Articles 25(1) and 25(2) by neglecting to incorporate data protection principles into the design of their processing systems and by processing more data than necessary by default.
Additional Authors: Daniel R. Saeedi, Rachel L. Schaller, Gabrielle N. Ganze, Ana Tagvoryan, P. Gavin Eastgate, Timothy W. Dickens, Jason C. Hirsch, Tianmei Ann Huang, Adam J. Landy, Amanda M. Noonan, and Karen H. Shin