Even Privilege Logs Can Be Privileged Under the Fifth Amendment
On January 28, 2025, the U.S. Court of Appeals for the Ninth Circuit issued a significant ruling reinforcing the Fifth Amendment’s protection against self-incrimination and clarifying the attorney-client privilege in the context of grand jury subpoenas.
In In Re Grand Jury Subpoena, 127 F.4th 139 (9th Cir. 2025), the Ninth Circuit held that counsel cannot be compelled to provide a privilege log delineating all documents a client previously sent to counsel for the purpose of obtaining legal advice unless and until the court conducts an in camera review of the documents at issue to determine whether the Fifth Amendment right against self-incrimination, as announced in Fisher v. United States, 425 U.S. 391 (1976), applies.[1]
The decision further defines the limits of government subpoenas in criminal investigations and clarifies when privilege logs themselves may be shielded from disclosure. This ruling has far-reaching implications for attorneys, clients, and government investigations, particularly in white-collar, tax fraud and corporate compliance matters.
Fisher v. United States: Fifth Amendment Protections for Document Production
The Ninth Circuit’s ruling relied upon the Supreme Court’s decision in Fisher v. United States, which laid the foundation of the “act of production” doctrine, governing the Fifth Amendment’s protection against self-incrimination in the context of document production.[2]
In Fisher, the Court held that, while the Fifth Amendment protects against compelled testimonial communication, it does not automatically shield pre-existing documents from disclosure. The Court reasoned that documents voluntarily created before a subpoena is issued are not “compelled testimonial” communication because they were not prepared under government coercion.[3]
The Court also clarified that attorney-client privilege does not extend to pre-existing documents that a client could have been forced to produce had they remained in the client’s possession.[4] Although attorney-client privilege protects confidential communications between a client and their lawyer, it does not transform otherwise discoverable records into privileged material.
However, the Supreme Court recognized that the act of producing documents can be “testimonial” if it forces a person to admit the existence, authenticity, or control of the documents.[5] In such cases, the Fifth Amendment may protect against compelled production, and the attorney-client privilege extends that protection to attorneys who possess documents on behalf of their client. Despite this protection, the Court also introduced the “foregone conclusion” exception, which allows the government to compel the production of documents if it can independently prove their existence, authenticity, and the individual’s possession of them.[6]
The Ninth Circuit’s Decision: When Privilege Logs are Protected
In In Re Grand Jury Subpoena, the Ninth Circuit clarified that Fisher extends beyond the production of documents to the content of privilege logs delineating documents withheld on the basis of privilege.[7]
The case arose from a grand jury investigation into an alleged tax evasion scheme. The government subpoenaed an individual, who declined to testify or produce documents, citing the Fifth Amendment. The government then subpoenaed a law firm that had previously represented the individual in connection with tax matters, demanding that the law firm produce documents related to its representation and prepare a privilege log listing any documents the firm withheld from its production. The law firm refused, asserting that production of the privilege log would violate the client’s Fifth Amendment rights. The district court disagreed and ordered the firm to comply.[8]
On appeal, the Ninth Circuit reversed, holding as a matter of first impression that a privilege log is protected under the Fifth Amendment if its production would confirm incriminating details about the existence, authenticity, or control of the documents.[9] The court reasoned that a privilege log can confirm facts the government cannot independently prove, making it potentially self-incriminating and protected under the Fifth Amendment. Because Fisher shields attorneys from producing documents their clients could not be compelled to provide, the court ruled that a privilege log—which would effectively reveal and confirm the existence and client’s custody of those same documents—may also be protected.[10]
The Ninth Circuit also rejected the government’s argument that the privilege log could be compelled under the “foregone conclusion” exception.[11] The government failed to independently establish the existence, authenticity, and control of the documents, meaning that compelling the privilege log would improperly force the client to provide self-incriminating testimony. To ensure courts properly apply Fisher, the Ninth Circuit further held that a district court must conduct an in camera review—a private judicial examination of the withheld documents—before ordering the production of the privilege log.[12]
Practical Implications
By recognizing that privilege logs can be testimonial, the decision strengthens Fifth Amendment protections and ensures that attorneys cannot be compelled to indirectly confirm the existence of incriminating documents.
The government is prevented from using privilege logs as a backdoor method to obtain knowledge of incriminating evidence that it could not otherwise access.
This case reiterates the importance of closely monitoring attorney-client privilege obligations and potential Fifth Amendment privilege issues when responding to a government subpoena.
ENDNOTES
[1] In Re Grand Jury Subpoena, 127 F.4th 139 (9th Cir. 2025).
[2] Id. at 142–43 (citing Fisher v. United States, 425 U.S. 391, 404–05 (1976).
[3] Fisher, 425 U.S. at 409–10.
[4] Id. at 404–05.
[5] Id. at 410–11.
[6] Id. at 411.
[7] 127 F.4th at 143–44.
[8] Id. at 142.
[9] Id. at 144–45.
[10] Id.
[11] Id.
[12] Id. at 145–46.
Corporate Transparency Act Back in Effect with March 21 Deadline
The Financial Crimes Enforcement Network (FinCEN) issued a notice confirming that beneficial ownership information (BOI) reporting rules are back in effect following a February 18, 2025, ruling in Smith, et al. v. U.S. Department of the Treasury, et al. in the Eastern District of Texas. The Smith Court lifted its injunction following the January 23, 2025, Supreme Court decision in Texas Top Cop Shop, Inc., et al. v. Garland, et al., which we discussed in a previous alert.
For most reporting companies,[1] the deadline to file a new, updated, or corrected BOI report is now March 21, 2025. However, FinCEN’s notice states that the agency will use the 30-day period before the deadline to “assess its options to further modify deadlines, while prioritizing reporting for those entities that post the most significant security risks.” According to the notice, FinCEN may also work toward revising the BOI reporting rules to “reduce the burden for lower-risk entities.”
Recent legislation unanimously passed in the U.S. House of Representatives exacerbates the lack of certainty around the new deadline. H.R. 736, Protect Small Businesses From Excessive Paperwork Act of 2025, which is now before the Senate, would extend the deadline for filing BOI reports to January 1, 2026, for companies formed before January 1, 2024.
The Corporate Transparency Act (CTA) contains civil and criminal penalties for noncompliance. Reporting companies that take a “wait and see” approach between now and March 21, 2025, should be prepared to file quickly as the deadline approaches. Given the compressed timeframe and the single deadline for the vast majority of companies, there may be a significant demand on FinCEN’s online portal as we approach March 21.
CTA in the Courts
For those keeping score on the CTA litigation front, both cases mentioned above are currently pending in the U.S. Court of Appeals for the Fifth Circuit, with oral arguments scheduled in Texas Top Cop Shop for April 1, 2025. Other cases on appeal to circuit courts include:
National Small Business United v. Yellen — The U.S. District Court for the Northern District of Alabama issued an injunction preventing enforcement of the CTA against the named plaintiffs. Oral arguments were held on September 27, 2024, in the government’s appeal to the U.S. Court of Appeals for the Eleventh Circuit. No decision has been issued.
Firestone et al v. Yellen et al. — The U.S. District Court for the District of Oregon denied the plaintiffs’ request for a preliminary injunction, and the plaintiffs appealed the decision to the U.S. Court of Appeals for the Ninth Circuit.
Community Associations Institute et al v. U.S. Department of the Treasury et al. — The U.S. District Court for the Eastern District of Virginia denied the plaintiffs’ request for a preliminary injunction, and the plaintiffs appealed the decision to the U.S. Court of Appeals for the Fourth Circuit.
In a noteworthy decision on February 14, 2025, in Boyle v. Bessent, et al., the U.S. District Court for the District of Maine granted the government’s motion for summary judgment, finding the CTA to be a valid exercise of congressional authority.
We will continue to monitor this situation closely and provide updates as needed.
ENDNOTES
[1] Companies that were previously granted an extended deadline later than March 21, 2025, must file by such later deadline. In addition, the injunction in favor of the plaintiffs in National Small Business United v. Yellen remains unaffected by the latest ruling. Companies formed after February 19, 2025, must file within 30 days of formation.
HIPAA VIOLATIONS?: Health Insurance Company Allegedly Tracks and Shares Private Health Information
Hey, CIPAWorld! The Baroness here. Happy Friday everyone
Believe it or not, even health insurance companies are facing litigation for allegedly tracking and sharing consumer information. Just yesterday, Blue Cross Blue Shield of Massachusetts (BCBS) and its subsidiary removed such a case to the District of Massachusetts. Vita v. Blue Cross & Blue Shield of Mass., Inc., No. 1:25-cv-10420 (D. Mass. Feb. 20, 2025).
In the Amended Complaint, Plaintiff Vita claims that she lives in Massachusetts and obtains health insurance from BCBS. She claims that BCBS’s Website, https://ww.bluecrossma.org/, offers consumers general information about insurance plan offerings by BCBS and individualized information about consumers’ insurance plans. Notably, Plaintiff states that the website includes a “Find a Doctor” function that enables users to search by condition, specialty, gender, language, and location; a “24/7 Nurse Line” through which consumers can communicate with nurses employed by BCBS; allows consumers to access their insurance information, including services and medications obtained, amounts paid, and benefits available; and it allows consumers to access their private medical information through the MyBlue patient portal.
Vita argues that BCBS Website users have legitimate expectations of privacy and that BCBS will not share with third parties their communications with BCBS without consent. She alleges that these expectations are supported by Massachusetts state law and HIPAA, which prohibit healthcare companies from using or disclosing individuals’ protected health information without valid authorization from the individual.
Additionally, Vita references multiple statements in BCBS’s online policies in which it explicitly states that BCBS’s cookies, clear gifs, and other web monitoring technologies do not collect any personally identifiable information. Because of this, Vita claims that healthcare consumers would not anticipate that their communications with BCBS would be intercepted and shared with third parties, like Google, Facebook, Twitter, and LinkedIn for marketing purposes, and that BCBS did not inform consumers of this via a pop-up notification or otherwise.
Despite this expectation, Vita alleges that BCBS’s Website is designed with tracking technology that permits third parties such as Google and Facebook to intercept consumers’ interactions with BCBS, and that the information intercepted includes private health information. Vita claims that BCBS uses or has used tracking technologies such as Google Analytics, Google DoubleClick, Meta Pixel, and others, and that such tracking is injected into the code of almost all of the pages on BCBS’s Website, including the MyBlue patient portal. The Amended Complaint is detailed, going so far as to include screenshots of the code of the Website with portions highlighted to show tracking.
Based on these facts, Vita seeks to represent the following class:
All Massachusetts residents who, while in the Commonwealth of Massachusetts, accessed any portion of the website at bluecrossma.org between three years prior to the date of the filing of the initial complaint in this action and September 29, 2023.
Based on these facts, Vita alleges that BCBS violated the ECPA, 18 USC § 2511, which prohibits the intentional interception of the content of any electronic communications, as well as HIPAA, which imposes a criminal penalty for knowingly disclosing individually identifying health information to a third party. 42 USC § 1320d-6(a)(3). Second, Vita claims that BCBS violated M.G.L. c. 93A §§ 2, 9, which proscribes unfair competition and unfair or deceptive acts in trade or commerce, by falsely stating that its website does not capture personally identifiable information. Third, Vita brings a cause of action for violating the Massachusetts Right to Privacy Act, M.G.L. c. 214 § 1B, which confers a private right of action to Massachusetts citizens for privacy violations. Vita also brings claims for negligence, breach of confidence, breach of contract, and unjust enrichment.
Because this case was just removed, it is still in its nascent stage. We will be sure to keep you folks updated as the case progresses.
Corporate Transparency Act Returns: New Deadline March 21, 2025
On February 17, 2025, the Eastern District of Texas in Smith v. United States Department of the Treasury lifted the last remaining nationwide preliminary injunction on enforcement of the filing deadline under the Corporate Transparency Act (CTA) in light of the Supreme Court’s stay of the injunction in Texas Top Cop Shop, Inc., et al. v. Merrick Garland, et al., earlier this year. Following the ruling, the Treasury Department stated that it would extend the filing deadline to March 21, 2025.
With the deadline back in effect, newly formed entities will also need to file within 30 days of formation. In addition, any changes to filings already made will need to be updated within 30 days of the change (if, for example, ownership or control of the entity changes, or if a beneficial owner moves to a new residential address).
The Financial Crimes Enforcement Network (FinCEN), tasked with enforcing the CTA, advised that it is undertaking a review of the CTA to determine if lower-risk categories of entities should be excluded from the reach of the filing requirements. FinCEN will make an initial statement on that review prior to the March 21, 2025 deadline. However, unless and until FinCEN makes changes in the applicability of the requirement, all companies subject to the CTA should treat the deadline as enforceable.
FinCEN also announced that it will initiate a longer process this year to revise the reporting rule to reduce the filing burden for lower-risk entities, but it’s currently unclear as to what those modifications might entail.
Passed in the first Trump Administration but implemented during the Biden presidency, the CTA — an anti-money laundering law designed to combat terrorist financing, seize proceeds of drug trafficking, and root out illicit assets of sanctioned parties and foreign criminals in the U.S. — has faced legal challenges around the country, many of which are ongoing despite the lifting of the preliminary injunctions. In addition to district court proceedings, appeals are currently pending before the Fourth, Fifth, Ninth, and Eleventh Circuits.
Please note that if you file or have already filed and the law is ultimately found unconstitutional or otherwise overturned or rescinded, you will not be under any continuing obligation regarding that filing.
Who Owns a Vibe? Content Creators Battle Over Aesthetics of Social Media Posts
Even before modern-day social media, aesthetic trends or so called “vibes” were pervasive online and in real life. Tumblr Girls in the mid-2000s, grunge fashion and metalheads in the 90s, and the mods and rockers of 1960s England dominated the media of their respective eras. It was not so long ago that the “Bieber Haircut” trumped the German-influenced Beatles Cut. As vibes come and go, evolving with cultural influences, these aesthetics impact not only people’s looks, but also the way they live. The question remains: who owns a vibe?
That issue is squarely presented in a very modern setting by the case of Gifford v. Sheil, in which two influencers with competing “clean girl” vibes battle over whether the plaintiff, influencer Sydney Nicole Gifford and her LLC (“Gifford”), can enforce her rights in her Amazon store front, Instagram posts, and Tik Tok videos against another influencer, Alyssa Sheil and her LLC (“Sheil”). Gifford contends that Sheil infringed copyright in the content Gifford posted. Gifford also contends that Sheil misattributed that content to herself rather than to Gifford under a provision of the Digital Millennium Copyright Act (“DMCA”), which prohibits alteration of Copyright Management Information (so called “CMI”). Finally, Gifford claims trade dress infringement – or a copying of the “total image and overall appearance” that can attach to décor such as a restaurant, the layout and appearance of a mail-order catalog, and even the look and appearance of a website.
For some context of what the parties’ posts looked like, see below for an example of some of Gifford’s images included in the Complaint (photos posted by Gifford on TikTok):
Some of the allegedly infringing images posted by Sheil, also on TikTok and included in the Complaint, are reproduced below:
To be sure, there are similarities between the two influencers’ posts and both promote the sale of similar goods (in this case minimalist furnishings and accessories). The Complaint alleges that Sheil posted content “containing styling, themes, camera shots and angles, and text captions, among other elements, copying those of [Gifford’s] posts.” But with respect to Gifford’s copyright infringement claim, it remains to be seen whether original creative expression, rather than a mere idea (or style) arguably pervasive on social media, was appropriated by Sheil. Third-party goods shown in the posts cannot be claimed as part of Gifford’s copyrightable expression because they were not created by the photographer (Gifford), but merely included in the photographs (although, to be sure, the angles, positioning and arrangement of the items might be copyrightable expression).
To prevail on the trade dress infringement claim, Gifford faces the hard task of proving that a pervasive aesthetic style is associated exclusively with her, and therefore, that she has trade dress rights in her content. For trade dress to exist, consumers must associate that trade dress with a single source (here Gifford). It will also be challenging to establish that those trade dress elements associated with Gifford’s posts are constant and unchanging, given the many different products she photographs and posts. A Starbucks coffee shop or an In-N-Out Burger is generally characterized by unchanging elements that are instantly recognizable and associated with a single source, but is an ever-changing array of social media posts featuring different items for sale as readily identified with a single source?
Even if Gifford can establish she has trade dress rights, she must also prove an appreciable number of consumers are likely to be confused as to whether Sheil’s content originates with or was endorsed by Gifford. Gifford alleges anecdotal evidence of actual consumer confusion (that is, the mistaken belief that Sheil’s content was endorsed, produced, or in some way associated with Gifford). Gifford also pleads that consumer confusion is further exacerbated by social media algorithms that feed its users content similar to that previously viewed by those users. A likelihood of confusion is the sine qua non of trade dress infringement. A few instances of actual confusion can be probative, but not dispositive, of that issue. The results of a consumer survey designed for the lawsuit will likely have to be considered in assessing likelihood of confusion.
And as to the CMI claim under the DMCA, is the respective parties’ content different enough to show that Sheil’s attribution of her content to herself rather than to Gifford is unlawful? We will follow the case closely and keep you posted on these and other issues.
As the Creative Economy becomes more popular for influencers and content creators, we’re likely to see guidance on copyright and other intellectual property law emerge.
Location Data as Health Data? Precedent-Setting Lawsuit Brought Against Retailer Under Washington My Health My Data Act
An online retailer was recently hit with the first class action under Washington’s consumer health data privacy law alleging that it used advertising software attached to certain third-party mobile phone apps to unlawfully harvest the locations and online marketing identifiers of tens of millions of users. This case highlights how seemingly innocuous location data can become sensitive health information through inference and aggregation, potentially setting the stage for a flood of similar copycat lawsuits.
Quick Hits
An online retailer was hit with the first class action under Washington State’s My Health My Data Act (MHMDA), claiming that the retailer unlawfully harvested sensitive location data from users through advertising software integrated into third-party mobile apps.
The lawsuit alleges that the retailer did not obtain proper consent or provide adequate disclosure regarding the collection and sharing of consumer health data; a term that is defined incredibly broadly as personal information that is or could be linked to a specific individual and that can reveal details about an individual’s past, present, or future health status.
This case marks the first significant test of the MHMDA and could provide a roadmap for litigants in Washington and other states.
On February 10, 2025, Washington resident Cassaundra Maxwell filed a class action lawsuit in the U.S. District Court for the Western District of Washington alleging violations of Washington’s MHMDA. The suit alleged that the retailer’s advertising software, known as a “software development kit,” or SDK, is licensed to and “runs in the background of thousands of mobile apps” and “covertly withdraws sensitive location data” that cannot be completely anonymized.
“Mobile users may agree to share their location while using certain apps, such as a weather app, where location data provides the user with the prompt and accurate information they’re seeking,” the suit alleges. “But that user has no idea that [the online retailer] will have equal access to sensitive geolocation data that it can then exfiltrate and monetize.”
The suit brings claims under federal wiretap laws, federal and state consumer protection laws, and violations of the MHMDA, making it a likely test case for consumer privacy claims under the MHMDA. This case evokes parallels to the surge over the past several years of claims under the California Invasion of Privacy Act (CIPA), a criminal wiretap statute. Both involve allegations of unauthorized data collection and sharing facilitated by digital tracking technologies. These technologies, including cookies, pixels, and beacons, are often embedded in websites, apps, or marketing emails, operating in ways that consumers may not fully understand or consent to.
As we previously covered, hundreds if not thousands of lawsuits relating to similar technologies were brought pursuant to CIPA after a California district court denied a motion to dismiss such claims in Greenley v. Kochava, Inc. Given the parallels and the onslaught of litigation that CIPA entailed, the MHMDA case may set important precedents for how consumer health data privacy is interpreted and enforced in the digital age, similar to the impact CIPA litigation has had on broader privacy practices. Like CIPA, the MHMDA also allows for the recovery of attorneys’ fees, but unlike CIPA (which provides for statutory damages even without proof of actual harm), a plaintiff must prove an “injury” to his or her business or property to establish an MHMDA claim.
Consumer Health Data
As many companies working in the retail space likely know, the MHMDA imposes a host of new requirements for companies doing business in Washington or targeting Washington consumers with respect to the collection of “consumer health data.” The law broadly defines “consumer health data” as any personal information that can be linked or reasonably associated with an individual’s past, present, or future physical or mental health status. The MHMDA enumerates an entire list of data points that could constitute “health status,” including information that would not traditionally be thought of as indicative of health, such as:
biometric data;
precise location information that could suggest health-related activities (such as an attempt to obtain health services or supplies);
information about bodily functions, vital signs, and symptoms; and
mere measurements related to any one of the thirteen enumerated data points.
Critically, even inferences can become health status information in the eyes of the MHMDA, including inferences derived from nonhealth data if they can be associated with or used to identify a consumer’s health data.
For instance, Maxwell’s suit alleges the retailer collected her biometric data and precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies. However, the complaint is light on factual support, alleging only that the data harvesting conducted via the retailer’s SDK couldreveal (presumably via inference in most cases) “intimate aspects of an individual’s health,” including:
visits to cancer clinics;
“health behaviors” like visiting the gym or fast food habits;
“social detriments of health,” such as where an individual lives or works; and
“social networks that may influence health, such as close contact during the COVID 19 pandemic.”
Notice and Consent
The suit further alleges that the retailer failed to provide appropriate notice of the collection and use of the putative class members’ consumer health data and did not obtain consent before collecting and sharing the data. These allegations serve as a timely reminder of the breadth and depth of the MHMDA’s notice and consent requirements.
Unlike most other state-level privacy laws, which allow different state-mandated disclosures to be combined in a single notice, the Washington attorney general has indicated in (nonbinding) guidance that the MHMDA “Consumer Health Privacy Policy must be a separate and distinct link on the regulated entity’s homepage and may not contain additional information not required under the My Health My Data Act.” Said differently, businesses in Washington cannot rely upon their standard privacy policies, or even their typical geolocation consent pop-up flows with respect to consumer health data.
Additionally, at a high-level, the MHMDA contains unusually stringent consent requirements, demanding the business obtain “freely given, specific, informed, opt-in, voluntary, and unambiguous” consent before consumer health data is collected or shared for any purpose other than the provision of the specific product or service the consumer has requested from the business, or collected, used, or shared for any purpose not identified in the business’s Consumer Health Privacy Policy.
Next Steps
The Maxwell lawsuit is significant as it is the first to be filed under Washington’s MHMDA, a law that has already spawned a copycat law in Nevada, a lookalike amendment to the Connecticut Data Privacy Act, and a whole host of similar bills in state legislatures across the country—most recently in New York, which has its own version of the MHMDA awaiting presentation to the governor for signature. The suit appears to take an expansive interpretation that could treat nearly all or essentially all location data as consumer health data, inasmuch as conclusions about an individual’s health that can be drawn from the data. And, while the MHMDA does use expansive language, the suit appears likely to answer still lingering questions about the extent of what should be considered “consumer health data” subject to the rigorous requirements of the MHMDA.
As this suit progresses, companies targeting Washington consumers or otherwise doing any business in Washington may want to review their use of SDKs or similar technologies, geolocation collection, and any other collection or usage of consumer data with an eye toward the possibility that the data could be treated as consumer health data. Also, their processors may wish to do the same (remember, the Washington attorney general has made it clear that out-of-state entities acting as processors for entities subject to MHMDA must also comply). Depending on what they find, those companies may wish to reevaluate the notice-and-consent processes applicable to the location data they collect, as well as their handling of consumer rights applicable to the same.
It Is More Than Conceivable That The Court Of Chancery Would Correct Statutory Law
The most distinguishing feature of Delaware law is that it is interpreted and applied by a court of equity. A recent post by Professor Stephen Bainbridge illustrates this point:
The Delaware Supreme Court held in Schnell v. Chris-Craft Industries, Inc., that “inequitable action does not become permissible simply because it is legally possible.” This means that even if a corporate action complies with the literal terms of a statute, Delaware courts can intervene if the action is deemed unfair or inequitable. Schnell thus demonstrates that Delaware courts will not allow statutory formalism to justify unfair corporate behavior. Equity acts as a safeguard against directors exploiting statutory provisions to the detriment of shareholders. The decision remains a cornerstone of Delaware’s approach to corporate governance, ensuring that statutory compliance is always subject to equitable scrutiny. It’s at least conceivable that an activist judge could invoke Schnell to impose liability in a particular case even though the technical requirements of SB 21 were satisfied. (See, e.g., the discussion above of Fliegler [v. Lawrence. 361 A.2d 218 (Del.1976)].)
This understanding of equity versus law goes all the way back to none other than Aristotle. See Nicomachean Ethics Book V, Section 10. Thus, the risk that the Court of Chancery would “correct” statutory law is more than conceivable. It is entirely plausible given the Court’s role as a court of equity.
DOL’s Power to Set Salary Minimum for Overtime Exemption Ripe for SCOTUS Review
On February 14, 2025, the Fifth Circuit denied the appellants’ petition for rehearing en banc in Mayfield v. United States Dep’t of Labor—a September 2024 decision holding that the U.S. Department of Labor’s authority to “define” and “delimit” the terms of the Fair Labor Standards Act’s executive, administrative, and professional (EAP) exemptions includes the power to set a minimum salary for exemption.
The dispute in Mayfield dates back to 2019, when the DOL issued a final rule raising the minimum salary required to qualify for most EAP exemptions from $455 per week to $684 per week. Mayfield, a small business owner, challenged the rule, arguing that the DOL lacks, and has always lacked, the authority to define the EAP exemptions in terms of salary level (as opposed to by job duties)—an argument that has been embraced repeatedly by the Texas federal district courts (see here and here). The district court granted the DOL’s motion for summary judgment, and Mayfield appealed to the Fifth Circuit.
The Court of Appeals held that the DOL was empowered to set a minimum salary for exemption—albeit with some meaningful limitations. Last week’s decision denying en banc review tees the issue up for a certiorari petition to the U.S. Supreme Court, which has not exactly been a big fan of regulatory activism as of late.
In related news, we’re expecting the DOL to drop its pre-Inauguration Day appeal of the November 2024 decision invalidating the 2024 overtime rule. We just can’t see this White House having any interest in continuing to appeal a decision curbing agency rulemaking power and saving American businesses untold billions in new overtime expenses.
DOL Appeal of Decision Invalidating 2024 Overtime Rule Likely on Last Legs
On November 15, 2024, in State of Texas v. United States Dep’t of Labor, the United States District Court for the Eastern District of Texas ruled that the U.S. Department of Labor (DOL) exceeded its rulemaking authority by issuing a rule in April 2024 raising the minimum salary for exemption as an executive, administrative, or professional (EAP) employee under the Fair Labor Standards Act.
Under the DOL’s rule, the minimum salary for exemption as an EAP employee, with limited exceptions, increased from $684 per week ($35,568 annualized) to $844 per week ($43,888 annualized) effective July 1, 2024. A second increase would have raised the salary threshold to $1,128 per week ($58,656 annualized) effective January 1, 2025. The rule also increased the minimum total annual compensation level for exemption as a “highly compensated employee” (HCE) and provided for automatic triennial increases in the minimum compensation levels for exemption beginning on July 1, 2027. The November 2024 decision declared the DOL’s rule an “unlawful exercise of agency power” and vacated it nationally.
The DOL—represented by the U.S. Department of Justice, Civil Division—filed an appeal of the decision with the U.S. Court of Appeals for the Fifth Circuit, notwithstanding that the incoming Trump administration was all but guaranteed to have no interest in appealing a decision curbing agency rulemaking power and saving American businesses untold billions in new overtime expenses. Lo and behold, within 48 hours after Inauguration Day, the government requests a 30-day extension of time, through March 7, 2025, to file its opening brief on appeal “because of the press of other business.” We wouldn’t hold our breath for the Trump Justice Department filing anything more in this case other than a stipulation withdrawing the appeal.
So is the DOL done rulemaking with respect to the minimum salary for exemption? It may be for the next four years, but likely not forever. The Fifth Circuit’s September 2024 decision in Mayfield v. United States Dep’t of Labor held that the DOL’s authority to “define” and “delimit” the terms of the EAP exemptions includes the power to set a minimum salary for exemption—albeit with some meaningful limitations. On February 14, 2025, the Fifth Circuit denied Mayfield’s petition for rehearing en banc. We’ll see if Mayfield tries to take the issue to the U.S. Supreme Court.
CTA UPDATE: US District Court Reinstates Reporting Requirement; FinCEN Grants 30-Day Filing Extension
Go-To Guide:
On Feb. 18, 2025, the U.S. District Court for the Eastern District of Texas granted the government’s motion to stay relief in Smith v. U.S. Department of the Treasury, thereby lifting the injunction against the Corporate Transparency Act (CTA) that had been in place in that case.
As a result, FinCEN confirmed that beneficial ownership information (BOI) reporting requirements under the CTA are once again back in effect, subject to a 30-day filing extension.
Most entities will have a reporting deadline of March 21, 2025 (except for reporting companies with later reporting deadlines under existing guidelines).
The CTA’s status has shifted multiple times1 since Dec. 3, 2024, when a Texas district court in Texas Top Cop Shop, Inc. v. McHenry (formerly Texas Top Cop Shop, Inc. v. Garland) preliminarily enjoined the CTA and its BOI reporting rule (Reporting Rule) on a nationwide basis.
On Jan. 7, 2025, a second federal judge of the U.S. District Court for the Eastern District of Texas (the District Court) ordered preliminary relief barring CTA enforcement in Smith v. U.S. Department of the Treasury.2 Then, notwithstanding the SCOTUS Order staying the injunction in Texas Top Cop Shop, on Jan. 24, 2025, FinCEN confirmed that reporting companies were not required to file BOI Reports with FinCEN due to the separate nationwide relief entered in Smith (and while the order in Smith remained in effect). On Feb. 5, 2025, the government appealed the ruling in Smith to the U.S. Court of Appeals for the Fifth Circuit (the Fifth Circuit) and asked the District Court to stay relief pending that appeal.
CTA Reporting Requirements Back in Effect
On Feb. 18, 2025, the District Court in Smith granted a stay of its preliminary injunction pending appeal, thereby reinstating BOI reporting requirements once again. On Feb. 19, 2025, FinCEN issued guidance on its website to reflect this update and to announce that companies have 30 days to submit BOI reports:
With the February 18, 2025, decision by the U.S. District Court for the Eastern District of Texas in Smith, et al. v. U.S. Department of the Treasury, et al., 6:24-cv-00336 (E.D. Tex.), beneficial ownership information (BOI) reporting requirements under the Corporate Transparency Act (CTA) are once again back in effect. However, because the Department of the Treasury recognizes that reporting companies may need additional time to comply with their BOI reporting obligations, FinCEN is generally extending the deadline 30 calendar days from February 19, 2025, for most companies.
New Filing Deadlines
Most reporting companies will be required to file BOI reports no later than March 21, 2025, as follows:
The new deadline to file an initial, updated, and/or corrected BOI report is generally now March 21, 2025.
Companies that were previously given a reporting deadline later than the March 21, 2025, deadline must file their initial BOI report by that later deadline (i.e., companies that qualify for certain disaster relief extensions and companies formed on or after Feb. 20, 2025).
Looking Ahead
In its guidance, FinCEN indicates that it will assess its options to further modify deadlines and initiate a process this year to revise the Reporting Rule to reduce burden for lower-risk entities, including many U.S. small businesses. How this will impact BOI reporting requirements remains to be seen.
Expedited oral arguments for the Fifth Circuit appeal in Texas Top Cop Shop are set for March 25, 2025. Unless the courts or Congress3 provide further relief, reporting companies should prepare to comply with the deadlines outlined above. Additionally, reporting companies should stay updated on FinCEN announcements, as further adjustments to reporting deadlines could be issued within the next 30 days.
1 On Dec. 3, 2024, the CTA and its BOI reporting rule were preliminary enjoined on a nationwide basis, approximately four weeks ahead of a key Jan. 1, 2025, deadline. FinCEN appealed that ruling, and on Dec. 23, 2024, a motions panel of the U.S. Court of Appeal for the Fifth Circuit stayed the injunction, allowing the CTA to go back into effect. Three days later, on Dec. 26, 2024, a merits panel of the Fifth Circuit vacated the motion panel’s stay, effectively reinstating the nationwide preliminary injunction against the CTA and the Reporting Rule. On Dec. 31, 2024, the government filed an emergency application with the U.S. Supreme Court to stay that preliminary injunction. On Jan. 23, 2025, the Supreme Court granted that application (the SCOTUS Order), staying the nationwide preliminary injunction in Texas Top Cop Shop, Inc. v. McHenry. McHenry v. Texas Top Cop Shop, Inc., No. 24A653, 2025 WL 272062 (U.S. Jan. 23, 2025).
2 See Smith v. United States Dep’t of the Treasury, No. 6:24-CV-336-JDK, 2025 WL 41924 (E.D. Tex. Jan. 7, 2025).
3 On Feb. 10, 2025, the House of Representatives unanimously passed the Protect Small Businesses from Excessive Paperwork Act (H.R. 736, 119th Cong. (2025)). The bill has moved to the Senate for consideration. If enacted, the bill will extend the reporting deadline for entities that qualify as “a small business concern” to Jan. 1, 2026.
New York’s Highest Court Declares Ethics Commission Valid
On Feb. 18, 2025, the New York State Court of Appeals issued a 4-3 decision upholding the constitutionality of the Commission on Ethics and Lobbying in Government (COELIG).1 As was previously detailed in GT Alerts from May 2024 and September 2023, both the Appellate Division, Third Department and the Albany County Supreme Court criticized COELIG’s structure, ultimately concluding that its establishment and scope of authority violated the separation of powers doctrine. The Court of Appeals, however, disagreed, finding that COELIG’s structure and the manner in which its commissioners are appointed is constitutionally permissible. As a result, COELIG may continue its work consistent with statutory provisions enacted in 2022.
In challenging the Commission’s authority following its attempt to enforce a monetary penalty for violating certain rules prohibiting the use of state resources for private purposes, former-Gov. Andrew Cuomo argued that COELIG, as an ethics enforcement body, exercises executive power and, for that reason, the executive must have sufficient authority to appoint and remove commissioners. Gov. Cuomo argued that the Ethics Commission Reform Act of 2022:
1.
“violates constitutional principles of separation of powers because the Commission exercises investigatory and enforcement powers constitutionally entrusted to the Executive, without sufficient oversight by the Governor”;
2.
“violates Article V of the State Constitution because, although the Commission is formally within the Department of State, it functions as a separate department without a head appointed by the Governor with the advice and consent of the Senate”; and
3.
“unconstitutionally displaces the . . . impeachment process, by permitting the Commission to sanction the Governor for putative violations of the Public Officers Law.”
The lower courts embraced these arguments, with the Albany County Supreme Court concluding that COELIG was unsalvageable due to it being “a body that exercises executive authority where the Governor’s role is confined only to nominating a minority of that body,” where the body’s vetting and appointment was being conducted by “private operators (like a bunch of deans).”2 After the Appellate Division, Third Department upheld the lower court, the state again appealed to the Court of Appeals.
The Court of Appeals focused on three factors to ultimately reverse the lower courts and conclude that the 2022 statutory changes creating COELIG are constitutional: (1) the separation of powers doctrine’s flexibility, (2) COELIG’s appointment and removal powers, and (3) the need to promote the public’s trust in government. The majority of the court stated that the separation of powers doctrine does not need to be applied in a rigid fashion; there may be overlap in duties so long as “core duties and responsibilities are retained” with the executive. The court’s majority similarly stated that the constitution is clear that “powers of appointment and removal . . . generally are divided between the Legislature and the Governor.” The governor is not afforded “indefeasible powers to appoint or remove non-constitutional state officers,” and thus that type of exclusive authority for COELIG does not need to rest with the governor.
Finally, the court reasoned that the legislative justification for the Ethics Commission Reform Act of 2022 was to maintain public confidence in government and that this “implicates fundamental constitutional values.” “Given the danger of self-regulation . . . there is an urgent need for the robust, impartial enforcement of the State’s ethics and lobbying laws.” For these reasons, the court concluded that the Act and the commission’s existence “neither unconstitutionally encroaches upon the Executive nor otherwise deviates from constitutional requirements.”
Promptly after the decision’s release, the Commission’s chair and executive director touted the result, stressing that COELIG has and continues to “administer and enforce the state’s ethics and lobbying laws, deliberately, fairly, and with zeal, pursuing its mission to restore New Yorkers’ faith in state government.” To that end, all regulated parties – including lobbyists, clients of lobbyists, and state government officials — should expect COELIG to proceed with business as usual.
1 Cuomo v. COELIG (2025).
2 Cuomo v. COELIG, (Alb. Sup. Ct. 2023).
The Return of the CTA: FinCEN Confirms that Beneficial Ownership Information Reporting Requirements are Back in Effect with a New Deadline of March 21, 2025
On February 19, 2025, the Financial Crimes Enforcement Network (“FinCEN”) announced that beneficial ownership information reporting requirements under the Corporate Transparency Act (“CTA”) are back in effect with a new deadline of March 21, 2025 for most reporting companies. This announcement came in response to the decision made on February 17, 2025 by the U.S. District for the Eastern District of Texas in Smith v. U.S. Department of the Treasury, No. 6:24-cv-336-JDK, 2025 WL 41924 (E.D. Tex.) to stay (lift) the preliminary injunction on enforcement of the CTA.
In addition to the deadline extension of 30 calendar days from February 19, 2025, FinCEN notably stated that “in keeping with Treasury’s commitment to reducing regulatory burden on businesses, during this 30-day period FinCEN will assess its options to further modify deadlines, while prioritizing reporting for those entities that pose the most significant national security risks. FinCEN also intends to initiate a process this year to revise the BOI reporting rule to reduce burden for lower-risk entities, including many U.S. small businesses.”
FinCEN did not provide any further details regarding how or when the BOI reporting rule would be revised. However, FinCEN did note that it would provide an update before the March 21, 2025 deadline “of any further modification of this deadline, recognizing that reporting companies may need additional time to comply with their BOI reporting obligations once this update is provided.” The full notice from FinCEN can be read here: FinCEN Notice, FIN-2025-CTA1, 2/18/2025.
Meanwhile, in Congress, several bills have been proposed that, if signed into law, would push the reporting deadline out still further. On February 10, 2025, the Protect Small Business from Excessive Paperwork Act of 2025, H.R. 736, co-lead by U.S. Representatives Zachary Nunn (R-IA), Sharice Davids (D-KS), Tom Emmer (R-MN) and Don Davis (D-NC), unanimously passed by the House. This bill, if passed into law, would modify the deadline for filing of initial BOI reports by reporting companies that existed before January 1, 2024 to not later than Jan. 1, 2026. On February 12, 2025, the Protect Small Business Excessive Paperwork Act of 2025 – companion legislation in the Senate that would likewise extend the filing deadline until January 1, 2026 – was introduced by U.S. Senators Katie Britt (R-AL) and Tim Scott (R-SC) and referred to the Committee on Banking, Housing and Urban Affairs.
Additionally, on January 15, 2025, another bill – the Repealing Big Brother Overreach Act – was introduced by U.S. Senator Tommy Tuberville (R-AL) in the Senate and re-introduced by U.S. Representative Warren Davidson (R-OH) in the House. This bill, if passed into law, would repeal the CTA entirely.
As noted above and in previous posts, the CTA landscape remains volatile. The Sheppard Mullin CTA Task Force will continue to monitor the various court cases, both in Texas and in other jurisdictions around the country, as well as the legislative bills that are making their way through the House and Senate, and will continue to provide updates as they become available. In the meantime, reporting companies are advised to comply with the law as it currently stands and, barring any further updates from FinCEN, should being filing BOI reports again if they have not already done so.
For background information about the CTA and its reporting requirements (including answers to several frequently asked questions), please refer to our previous blog post, dated November 5, 2024. For more information about the history of the CTA litigation mentioned above, please refer to our blog post, dated January 3, 2025.
Additional information about the CTA requirements can be found at the following FinCEN websites:
FinCEN’s website regarding beneficial ownership information
FinCEN’s Small Entity Compliance Guide
FinCEN’s BOIR Frequently Asked Questions (https://www.fincen.gov/boi-faqs)