California Appeals Court Decides PAGA Lawsuit Can’t Be Sent to Arbitration Without Individual Claims
A California court of appeal recently upheld a trial court’s ruling that rejected a sanitation company’s effort to compel arbitration of individual claims under California’s Private Attorneys General Act (PAGA), where the plaintiff disclaimed all individual relief.
Quick Hits
A California appellate court recently ruled a company could not compel individual PAGA claims to arbitration because the plaintiff disclaimed all individual relief and bought the action on a representative basis only.
There is a split of authority on this issue at the California appellate court level.
The company could appeal this decision to the California Supreme Court.
On February 26, 2025, the California Court of Appeal, Fourth Appellate District, upheld a lower court decision denying a sanitation company’s motion to compel arbitration of individual PAGA claims.
In February 2022, an employee sued Packers Sanitation Services, which was recently renamed Fortrex, in a representative capacity under PAGA, alleging violations of California’s overtime and meal and rest break requirements. In March 2022, the company moved to compel arbitration based on an arbitration agreement the employee had signed.
The plaintiff argued he did not allege the individual component of a PAGA claim, so there was no individual claim that the trial court could compel to arbitration. Instead, he argued that he was acting only in a representative capacity. The Imperial County Superior Court agreed.
The Fourth District agreed with the trial court and concluded that the plaintiff alleged violations only in a representative capacity, and the trial court was correct in denying the company’s motion to compel arbitration. It noted that a complaint could fail to include an individual PAGA claim, even if it should include an individual PAGA claim.
Notably, the California Court of Appeal, Second Appellate District recently came to the opposite conclusion as the Fourth District. In that decision, the Second District held that a PAGA plaintiff cannot disclaim the individual component of a PAGA action and bring such an action in only a representative capacity.
In 2022, the Supreme Court of the United States held in Viking River Cruises v. Moriana that individual PAGA claims can be compelled to arbitration, and any non-individual claims would be dismissed at that point. However, in 2023, the California Supreme Court ruled that plaintiffs may still be able to pursue representative PAGA claims in court, even after their individual claims are sent to arbitration.
Next Steps
The employer in this case could appeal the Fourth District’s decision to the California Supreme Court, especially in light of the current split in authority in the state.
In the meantime, California employers may wish to review their arbitration agreements when confronting a potential PAGA lawsuit.
New Rulemaking Announced: Treasury Department Suspends Reporting, Enforcement and Fines under the Corporate Transparency Act until Further Notice
How Did We Get Here?
The Corporate Transparency Act (CTA) went into effect on January 1, 2024, and was enacted as part of the Anti-Money Laundering Act of 2020. Administered by the Financial Crimes Enforcement Network, a bureau of the U.S. Department of the Treasury (FinCEN), the CTA is designed as another tool in the mission to protect the financial system from money laundering, terrorism financing, and other illicit activity. FinCEN issued the implementing final rules on September 29, 2022. Pursuant to these rules, reporting companies[1] formed before 2024 were to file their initial beneficial ownership reports (BOIRs) with FinCEN by January 1, 2025. Reporting companies formed after January 1, 2024, and before January 1, 2025, were to file their initial BOIR within 90 days following their formation.
In late 2024, multiple lawsuits were filed challenging the constitutionality of the CTA. Plaintiffs in those cases sought, and in many cases obtained, injunctions excusing them from filing their initial BOIRs until the merits of the case were decided. In two of the cases, federal judges issued nationwide injunctions excusing all reporting companies from filing their initial BOIR during the pendency of the case. As we recently reported, the United States Supreme Court on January 3, 2025 overturned the nationwide injunction in one of those cases, narrowing the injunction to just the plaintiffs in that particular case. On February 18, 2025, the district court judge in the other case narrowed his nationwide injunction to just the plaintiffs in that case. All of the cases continue to work their way through the federal court system.
As a result, on February 19, 2025, FinCEN issued a notice declaring a new filing deadline of March 21, 2025, for initial BOIRs. Then on February 27, 2025, FinCEN announced that by March 21, 2025, it would propose an interim final rule that further extends BOIR deadlines. Moreover, FinCEN stated it would not issue fines or penalties or take any enforcement actions until that forthcoming interim final rule became effective and the new relevant due dates in the interim final rule have passed. The Treasury Department also issued a comparable press release on February 27, 2025, but added that it will further not enforce any penalties or fines against U.S. citizens or domestic reporting companies or their beneficial owners after the forthcoming rule changes take effect. The Treasury Department stated that the interim final rule that it would issue by March 21, 2025, would propose narrowing the scope of the rule to foreign reporting companies only.
Current Status
The recently announced actions by the Department of Treasury effectively mean that:
FinCen won’t enforce penalties or fines against companies or beneficial owners who do not file by the March 21 deadline.
If your reporting company was created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe and all of the beneficial owners of your reporting company are U.S. citizens, the Department of Treasury has stated it intends to amend the rules to eliminate the obligation for your reporting company to ever file a BOIR report and accordingly, FinCEN will never enforce penalties or fines against your reporting company or its U.S. beneficial owners.
If your reporting company was created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe and some of the beneficial owners are NOT U.S. citizens, FinCEN won’t currently enforce any penalties or fines against the company or its foreign beneficial owners until after the new rules go into effect. The Department of Treasury press release suggests that it will eliminate the obligation to file a BOIR for your domestic reporting company with non-U.S. beneficial owners, but we must await the proposed new rule to see if FinCen is proposing to narrow the rule in this manner. The CTA itself defines what is a reporting company without this distinction of ownership by U.S. citizens or non-U.S. citizens. Given that the CTA’s stated objective to combat illicit activity, it would seem useful for FinCEN to have information about the non-U.S. citizenship ownership of a domestic reporting company.
If your reporting company was created by the filing of a document outside of the United States and you have registered your company with a secretary of state or a similar office under the law of a State or Indian Tribe, FinCEN won’t currently enforce any penalties or fines against the company or its foreign beneficial owners until after the new rules go into effect. Foreign companies are currently subject to the BOIR only if they are registered to do business in the United States. Foreign registered companies who are not registered to do business in the United States are not currently subject to the BOIR requirements (even if they are doing business here). Narrowing the BOIR reporting rules in this manner would seem to result in far fewer reporting companies. We await further communication from the Department of Treasury on this position.
State Level Developments
Lastly, we note that with this major development on the federal level, states may adopt CTA-like legislation for entities created or registered under their state law. The State of New York has already done so by enacting the New York Limited Liability Company Transparency Act (the NY LLCTA) which mirrors the CTA in many respects, with key differences. The NY LLCTA applies only to limited liability companies (LLCs) created under New York law or registered to do business in New York. Under the NY LLCTA, these reporting LLCs must disclose their beneficial owners to the New York State Department of State (DOS) beginning on January 1, 2026. LLCs that qualify for one of the CTA’s 23 exemptions will be exempt under NY LLCTA, but must file an “attestation of exemption” with DOS.
It is not clear whether any other states will enact comparable legislation. This includes Delaware, which has always been the preferred state for domestic businesses to incorporate, including 30% of Fortune 500 companies. More recently, however, Texas and Nevada have been courting companies to reincorporate in their states. These other states offer tax breaks and perceived business-friendly regulations. Faced with potentially losing corporate business to other states, it is not known whether Delaware would risk giving companies another reason to consider incorporating elsewhere.
ENDNOTES
[1] A “reporting company” is defined under the CTA as “a corporation, limited liability company, or other similar entity” that is either “created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe” or “formed under the law of a foreign country and registered to do business in the United States.”
Related or Not Related? Delaware Supreme Court Weighs in on What Constitutes a “Related” Claim
Highlights
The Delaware Supreme Court took a broad view of relatedness, holding that an SEC investigation and later class action were “related claims” despite that they involved different claimants, asserted different legal theories, and sought different relief
The decision reaffirmed the “meaningful linkage” test, stating that claims are “related” if they involve “common underlying wrongful acts”
The content and level of detail in the insured’s notice of claim or circumstances can be an important factor in determining whether claims are related
The Delaware Supreme Court recently handed down an insurance coverage decision addressing a question that has significant practical importance for both insurers and policyholders: What makes a wrongful act “related to” a prior wrongful act? The answer to this question can dictate under which policy period a claim is covered—or even whether it is covered at all.
The insured in In Re Alexion Pharmaceuticals, Inc. had two D&O coverage towers with substantially similar insurers: Tower 1, providing $85 million in coverage from June 2014 to June 2015, and Tower 2, providing $105 million in coverage from June 2015 to June 2017.
In March 2015, the Securities and Exchange Commission (SEC) issued a formal investigation order against Alexion regarding several potential violations of federal securities law, including inaccurate annual reports, failure to maintain adequate books and records, failure to maintain an adequate system of internal accounting controls, and bribing foreign officials and political parties. In May 2015, as part of that investigation, the SEC served Alexion with a subpoena and document preservation demand. Alexion tendered notice of the subpoena to its Tower 1 insurers, describing the focus of the document requests and observing that the subpoena could lead to other government investigations or “private litigations.”
Importantly, the primary insurer acknowledged Alexion’s notice as a “notice of circumstances” rather than a “notice of claim” and explicitly stated that no claim had yet been made against Alexion.
That observation lasted until December 2016, when Alexion stockholders filed a class action securities suit alleging that the company’s sales, marketing, and lobbying tactics violated Sections 10(b) and 20(a) of the Exchange Act and SEC Rule 10b-5. Alexion noticed the class action to Tower 2, and the primary insurer initially accepted coverage. But the primary insurer later reassigned the claim to Tower 1 because the class action “arose from the circumstances and anticipated Wrongful Acts reported during the 2014-2015 Policy Period, as well as many of the same Wrongful Acts and Interrelated Wrongful Acts.”
After Alexion settled with the SEC (for $21.5 million) and the class action plaintiffs (for $125 million), it demanded that the Tower 2 insurers cover the class action settlement up to the $105 million total policy limits. When they refused, Alexion sued for breach of contract. The trial court granted partial summary judgment for Alexion, agreeing that the SEC subpoena and the class action were insufficiently connected and that the class action should be covered under Tower 2.
The insurers appealed, arguing that the trial court applied the wrong standard; instead of evaluating the two matters for “meaningful linkage,” it should have asked whether the Securities Class Action arose from “any Wrongful Act, fact, or circumstance” covered in Alexion’s 2015 Notice. The insurers further argued that the 2015 Notice was a “notice of circumstances” rather than a claim, and pointed out that it expressly noted the potential for future civil claims arising out of the same issues.
The Delaware Supreme Court agreed with the insurers and reversed.
It first looked to the policies’ notice provision, which states that if the insureds “first become aware of facts or circumstances which may reasonably give rise to a future Claim covered under this Policy, and if the Insureds give written notice to the Insurer” during the policy period, then any “Claim which arises out of such Wrongful Act shall be deemed to have been first made at the time such written notice was received by the Insurer.” The Court found that this provision was not ambiguous and benefits insureds by allowing them to “lock in existing insurance for later related claims even though the facts and circumstances have yet to occur or might be somewhat different.”
Likewise, the limit of liability provision states that “[a]ll Claims arising out of the same Wrongful Act and all Interrelated Wrongful Acts . . . shall be deemed to be one Claim . . . first made on the date the earliest such Claims is first made,” which the Court read to mean that “all Claims arising out of a properly noticed Wrongful Act or Interrelated Wrongful Act are treated as a single Claim made on the earliest date the insurer received the insured’s written notice.”
The policies did not define the “arises/arising out of” phrases in these and other policy provisions, so the Court interpreted them “as requiring some ‘meaningful linkage between the two conditions imposed in the contract.’” In other words, “if the Securities Class Action is meaningfully linked to any Wrongful Act, including any Interrelated Wrongful Act, disclosed by Alexion in the 2015 Notice, the Securities Class Action is covered by Tower 1.”
The Court concluded there was such a “meaningful link”: both the 2015 Notice and the Securities Class Action “involve the same underlying wrongful act – Alexion’s improper sales tactics worldwide, including its grantmaking efforts in Brazil and elsewhere.” The lower court’s first mistake, the Court stated, had been its treatment of the 2015 Notice as a notice of claim, rather than a notice of circumstances. That error had led to another: the trial court narrowly focused on the wrongful acts alleged in the SEC subpoena, rather than considering all of the wrongful acts disclosed in the notice of circumstances.
The 2015 Notice disclosed the SEC’s investigation as well as the subpoena and described the potential consequences of that investigation, including possible “private litigations.” Because both the SEC investigation and the class action arose from Alexion’s grantmaking activity and foreign business practices—the same underlying acts—it did not matter that they involved different claimants, asserted different legal theories, and sought different relief: “It is the common underlying wrongful acts that control.”
Takeaways
Insurers use “arises/arising out of” language in many policies and contexts, so the Alexion decision will likely have implications beyond the D&O space in matters involving other types of claims-made policies such as environmental liability, professional liability, malpractice, and employment practices liability. It will be particularly relevant in industries that tend to attract both governmental enforcement actions and civil litigation—banking and investment, manufacturing, and transportation.
And although the decision may not have been favorable for Alexion itself, it may prove to be helpful to policyholders in the long run in certain instances. In many circumstances, as the Alexion Court observed, a policyholder may choose to give notice of circumstances before an issue has risen to the level of a claim in order to “lock in” favorable coverage. Insureds may find, notably, that the content of that notice could be critical: this might include questions of whether the notice includes enough information to satisfy the notice requirement, without providing so much detail that it invites the insurer to try to escape coverage by carving off the resulting claim off as “unrelated.”
On the flip side, an overly broad notice of circumstances could give the insurer an opening to shoehorn unrelated claims in with the noticed circumstances to take advantage of a lower or exhausted policy limit.
Tax Transparency and Data Privacy — Which Wins?
As tax authorities embrace new digital technologies, the issue of safeguarding citizens’ data privacy rights steps to the fore. Since the implementation of the EU General Data Protection Regulation (GDPR) in 2018, there has been a greater focus on data privacy from both the public and organisations. At the same time, the cooperative international effort to combat offshore tax evasion has been steadily increasing. Several information-sharing regimes have been conceived to allow tax authorities to share information globally relating to financial accounts and investments under Automatic Exchange of Information Agreements.
In J Webster v HMRC [2024] EWHC 530 (KB), Ms. Webster, a US citizen, brought a case against His Majesty’s Revenue and Customs (HMRC) regarding information sharing under the Foreign Account Tax Compliance Act. At the centre of this case stands the question of which wins — tax transparency or data privacy?
Automatic Exchange of Information (AEOI)
The United Kingdom shares information with foreign tax authorities under two specific regimes:
1. Foreign Account Tax Compliance Act (FATCA): The FATCA regime is US-specific. Financial institutions outside of the United States are required to provide the US tax authorities with information relating to the foreign financial accounts of US individuals. Information includes, for example, the individual’s name and address, account balance and amount of interest accrued.
2. Common Reporting Standard (CRS): Nicknamed “global FATCA” by commentators at its inception, the CRS requires the automatic exchange of financial account information between tax authorities globally. The information shared is largely the same as that under FATCA, with the addition of the date and individuals’ places of birth (in some cases).
In practice, financial institutions in the United Kingdom supply the required data to HMRC, which then provides it to the relevant tax authorities on an annual and automatic basis.
The GDPR
Data privacy in the United Kingdom is regulated by the UK GDPR (the retained version of the EU GDPR) and the Data Protection Act 2018. Under Article 4(1) of the UK GDPR, personal data means any information relating to an identified or identifiable natural person. There are seven key principles for processing personal data (found in Article 5, UK GDPR). Broadly, these require that personal data is: (i) processed lawfully, fairly and transparently, (ii) collected for specified, explicit and legitimate purposes only, (iii) limited to what is necessary for the purposes (minimisation), (iv) accurate, (v) not stored longer than necessary, and (vi) processed in a manner that ensures appropriate security of the data. Finally, the data controller must be responsible for and able to demonstrate compliance with the preceding six principles.
Importantly, personal data must only be transferred outside of the United Kingdom if the receiving countries have adequate levels of protection for data subjects in place or appropriate safeguards for the transfer of personal data (Article 46, UK GDPR).
So, Which Wins?
Ms. Webster argued that information sharing between tax authorities under the FATCA regime breached her data privacy and human rights. In summary, she claimed that there were no appropriate safeguards in place for the transfers by HMRC and that US law failed to provide adequate levels of protection. Additionally, the data transfers allegedly fell foul of the principle of proportionality, as bulk processing did not account for Ms. Webster’s personal circumstances — specifically, that Ms. Webster had no US tax obligations (having modest income in the United Kingdom and owning no assets or income in the United States).
Unfortunately, the central question of “which wins?” remains unanswered. The judgment focused more on questions of procedure than substance — for example, as argued by HMRC, whether the claim should have been brought via judicial review and was, therefore, an abuse of process.
However, it is not difficult to see some merit in Ms. Webster’s claim. The aims of FATCA and the CRS are clearly worthy, and tax transparency is important. However, since personal data is processed automatically and whether an individual poses any real risk of tax evasion is immaterial to that processing, it is unconvincing that the principles of proportionality and data minimisation are comfortably being met.
Information-sharing regimes have been challenged in other countries as well. For example, the Belgian Data Protection Authority has argued (in a decision that has since been annulled) that data exchanges under FATCA violate the EU GDPR since more information than necessary is shared and the purposes for the data transfers are insufficiently defined. The Slovakian Data Protection Authority also challenged FATCA on the grounds that the AEOI Agreement under which data transfers took place did not contain the necessary safeguards to transfer personal data to third countries.
It is widely agreed that the GDPR is far more comprehensive than US privacy laws — some might remember the highly publicised “Schrems II” case from 20201 where the Court of Justice of the European Union declared that the US privacy laws fail to ensure an adequate level of protection. Recent news about the US Treasury being hacked also inevitably raises concerns about the security of the personal data transferred, and with President Donald Trump’s firing of Democratic members of the Privacy and Civil Liberties Oversight Board since the beginning of his second term, more widespread privacy concerns now linger.
We will have to wait and see how the tension between tax transparency and data privacy culminates. A judgment that focuses on the merits of Ms. Webster’s concerns would bring us some much-needed answers. However, what is clear is that there is pressure on tax authorities to address concerns relating to the data privacy of individuals, which are not subsiding.
1 Data Protection Commissioner v Facebook Ireland Ltd, Maximilian Schrems and intervening parties, Case C-311/18.
Georgia Griesbaum contributed to this article
Update: Federal Judge Reinstates National Labor Relations Board (NLRB) Member (US)
President Donald Trump’s removal of Gwynne Wilcox, a Biden-appointed NLRB Member (which we discussed in a prior post), has been reversed by a federal judge. On March 6, 2025, U.S. District Court Judge Beryl Howell held that the President does not have the authority to terminate NLRB Members at will, and thus President Trump’s removal of Member Wilcox violated the law. Member Wilcox’s removal had caused the NLRB to lose a quorum of three Members, meaning that since January 28, 2025, the NLRB had been without the authority to decide cases. With her status restored, that authority also has now been restored.
That said, Member Wilcox’s status as a Board member is likely far from decided. The Trump Administration is likely to appeal the decision and may request a stay. And the legal battle over presidential authority appears to be ultimately destined for the United States Supreme Court.
We expect and will track additional changes at the NLRB under the Trump Administration.
FROM CORN DOGS TO COURTROOMS: Sonic’s Texts Might Cost More Than a Combo Meal
Quick update here for you. Have you ever received a text about a fast food deal you never signed up for? Usually, I receive these texts because I signed up for some deal, like a free milkshake or a discount. That is the trade-off. You get a coupon; in return, you let them send you marketing you can opt out of. Well, Plaintiff in this newly filed class action lawsuit says he has, and he is taking Sonic Drive-In to court over it. The lawsuit, filed in the United States District Court for the Western District of Oklahoma, accuses Sonic of sending promotional texts to consumers who had placed their numbers on the National DNC Registry. See Brennan v. Sonic, Inc., No. 5:25-CV-00280 (W.D. Okla. filed Mar. 4, 2025).
According to the Complaint, Plaintiff added his number to the DNC Registry on February 3, 2024. That should have stopped unsolicited marketing texts, but by March 6, Sonic was already sending him offers for grilled cheese and 99-cent corn dogs. The Complaint details texts sent on March 6, March 11, March 13, March 15, and March 20. Plaintiff claims he never provided his phone number to Sonic, never had a business relationship with them, and never opted into any rewards program. So how did Sonic get his number? Interesting…
The lawsuit argues that Sonic’s “impersonal and generic” messages, their frequency, and the lack of consent all suggest that Sonic used an automatic telephone dialing system (“ATDS”).
This is where things make me ponder. This is not Plaintiff’s first TCPA lawsuit. He has previously filed complaints against Pizza Hut, DirecTV, Meyer Corporation, and Transfinancial Companies. That is a stacked lineup of big-name defendants. That track record raises some interesting questions. Is Plaintiff an unlucky mass marketing recipient or something else at play here? Is this about stopping unlawful texts, or is Plaintiff turning TCPA enforcement into a side hustle? Either way, it puts Sonic in a tough spot. This is where Troutman Amin always steps up to the plate for stellar legal work.
Beyond the Plaintiff’s individual claims, this lawsuit covers a broader group of consumers who allegedly received these messages. The Complaint defines two classes. The DNC Registry Class includes those on the registry but still got texts. Additionally, the Autodialed Text Class covers anyone who received automated marketing texts from Sonic without providing written consent.
If the Court sides with Plaintiff, Sonic might find itself in a legal pickle that no amount of tots and milkshakes can fix—no pun intended. We’ll be sure to keep you posted.
TIME OUT!: NFL Team Tampa Bay Buccaneers Hit With Latest in A Series of Time Restriction TCPA Class Action
So TCPAWorld has been reporting on the clear trend of TCPA class action suits against companies (primarily retailers) that deploy text clubs and particularly those arising out of timing limitations in the TCPA and state statutes.
Well, the NFL’s Tampa Bay Buccaneers are the latest to fall victim to this trend with a new TCPA class action filed in Florida against the team’s ownership today.
Plaintiff Andrew Leech claims he was texted by the Buccaneers at 9:24 pm his time– he claims to live in Palm Beach County, Florida so not sure what happened there.
Plaintiff seeks to represent a class consisting of:
All persons in the United States who from four years prior to thefiling of this action through the date of class certification (1)Defendant, or anyone on Defendant’s behalf, (2) placed more thanone marketing text message within any 12-month period; (3) wheresuch marketing text messages were initiated before the hour of 8a.m. or after 9 p.m. (local time at the called party’s location)
Notably the Plaintiff does not say whether he agreed to be texted by the Buccaneers to begin with. As I have previously reported the TCPA’s timing regulations likely do NOT apply to consented calls, but there is very little case law on the issue.
The case is brought by the Law Offices of Jibrael S. Hindi– the same firm behind a number of similar timing cases. (He is apparently a Dolphins fan…)
Again until this trend abates companies deploying SMS need to be EXTREMELY cautious to assure timing limitations are complied with!
Tariffs: Force Majeure and Surcharges — FAQs
As we navigate a turbulent tariff landscape for manufacturers, we want to help you with some of the most frequently asked questions we are encountering right now as they relate to force majeure and price increases:
1. What are the key doctrines to excuse performance under a contract?
There are three primary defenses to performance under a contract. Importantly, these defenses do not provide a direct mechanism for obtaining price increases. Rather, these defenses (if successful) excuse the invoking party from the obligation to perform under a contract. Nevertheless, these defenses can be used as leverage during negotiations.
Force Majeure
Force majeure is a defense to performance that is created by contract. As a result, each scenario must be analyzed on a case-by-case basis depending on the language of the applicable force majeure provision. Nevertheless, the basic structure generally remains the same: (a) a listed event occurs; (b) the event was not within the reasonable control of the party invoking force majeure; and (c) the event prevented performance.
Commercial impracticability (Goods)
For goods, commercial impracticability is codified under UCC § 2-615 (which governs the sale of goods and has been adopted in some form by almost every state). UCC § 2-615 excuses performance when: (a) delay in delivery or non-delivery was the result of the occurrence of a contingency, of which non-occurrence was a basic assumption of the contract; and (b) the party invoking commercial impracticability provided seasonable notice. Common law (applied to non-goods, e.g., services) has a similar concept known as the doctrine of impossibility or impracticability that has a higher bar to clear. Under the UCC and common law, the burden is quite high. Unprofitability or even serious economic loss is typically insufficient to prove impracticability, absent other factors.
Frustration of Purpose
Under common law, performance under a contract may be excused when there is a material change in circumstances that is so fundamental and essential to the contract that the parties would never have entered into the transaction if they had known such change would occur. To establish frustration of purpose, a party must prove: (a) the event or combination of events was unforeseeable at the time the contract was entered into; (b) the circumstances have created a fundamental and essential change, and (c) the parties would not have entered into the agreement under the current terms had they known the circumstance(s) would occur.
2. Can we rely on force majeure (including if the provision includes change in laws), commercial impracticability, or frustration of purpose to get out of performing under a contract?
In court, most likely not. These doctrines are meant to apply to circumstances that prevent performance. Also, courts typically view cost increases as foreseeable risks. Official comment of Section 2-615 on commercial impracticability under UCC Article 2, which governs the sale of goods in most states, says:
“Increased cost alone does not excuse performance unless the rise in cost is due to some unforeseen contingency which alters the essential nature of the performance. Neither is a rise or a collapse in the market in itself a justification, for that is exactly the type of business risk which business contracts made at fixed prices are intended to cover. But a severe shortage of raw materials or of supplies due to a contingency such as war, embargo, local crop failure, unforeseen shutdown of major sources of supply or the like, which either causes a marked increase in cost or altogether prevents the seller from securing supplies necessary to his performance, is within the contemplation of this section. (See Ford & Sons, Ltd., v. Henry Leetham & Sons, Ltd., 21 Com.Cas. 55 (1915, K.B.D.).)” (emphasis added).
That said, during COVID and Trump Tariffs 1.0, we did see companies use force majeure/commercial impracticability doctrines as a way to bring the other party to the negotiating table, to share costs.
3. May we increase price as a result of force majeure?
No, force majeure typically does not allow for price increases. Force majeure only applies in circumstances where performance is prevented by specified events. Force majeure is an excuse for performance, not a justification to pass along the burden of cost increases. Nevertheless, the assertion of force majeure can be used as leverage in negotiations.
4. Is a tariff a tax?
Yes, a tariff is a tax.
5. Is a surcharge a price increase?
Yes, a surcharge is a price increase. If you have a fixed-price contract, applying a surcharge is a breach of the agreement.
That said, during COVID and Trump Tariffs 1.0, we saw many companies do it anyway. Customers typically paid the surcharges under protest. We expected a big wave of litigation by those customers afterward, but we never saw it, suggesting either the disputes were resolved commercially or the customers just ate the surcharges and moved on.
6. Can I pass along the cost of the tariffs to the customer?
To determine if you can pass on the cost, the analysis needs to be conducted on a contract-by-contract basis.
7. If you increase the price without a contractual justification, what are customers’ options?
The customer has five primary options:
1. Accept the price increase:
An unequivocal acceptance of the price increase is rare but the best outcome from the seller’s perspective.
2. Accept the price increase under protest (reservation of rights):
The customer will agree to make payments under protest and with a reservation of rights. This allows the customer to seek to recover the excess amount paid at a later date. Ideally, the parties continue to conduct business and the customer never seeks recovery prior to the expiration of the statute of limitations (typically six years, depending on the governing law).
3. Reject the price increase:
The customer will reject the price increase. Note that customers may initially reject the price increase but agree to pay after further discussion. In the event a customer stands firm on rejecting the price increase, the supplier can then decide whether it wants to take more aggressive action (e.g., threaten to stop shipping) after carefully weighing the potential damages against the benefits.
4. Seek a declaratory judgment and/or injunction:
The customer can seek a declaratory judgment and/or injunction requiring the seller to ship/perform at the current price.
5. Terminate the contract:
The customer may terminate part or all of the contract, depending on contractual terms
For additional information, here is a comprehensive white paper we have written on the tariffs.
DISA Global Faces Class Action After Cyber-Attack
Last week, two separate class actions were filed in the federal district court for the Southern District of Texas against DISA Global Solutions (DISA), a third-party employment screening services provider, related to an April 2024 cyber-attack.
DISA provides drug and alcohol testing and background checks for employers. DISA reportedly faced a cyber-attack from February to April 2024, which resulted in unauthorized third-party access to over 3.3 million individuals’ personal information. According to DISA, the information may have contained individuals’ names, Social Security numbers, driver’s license numbers, and financial account information.
DISA sent notification letters to individuals around February 24, 2025. The lead plaintiffs in both actions claim that they were required to provide their personal information to DISA as part of a job application or to obtain certain employment-related benefits.
Data breach class actions can help inform entities’ risk management strategies. We will consider some key considerations from the class action complaints against DISA.
Reasonable Safeguards
One plaintiff alleges that DISA had a duty to exercise reasonable care in securing data, but that DISA breached that duty by “neglect[ing] to adequately invest in security measures.” The complaint lists numerous commonly accepted security standards, including:
Maintaining a secure firewall configuration;
Monitoring for suspicious credentials used to access servers; and
Monitoring for suspicious or irregular server requests.
The other plaintiff similarly alleges that DISA failed to adequately implement measures. This complaint also enumerates common measures, including:
Scanning all incoming and outgoing emails;
Configuring access controls; and
Applying the principle of least-privilege.
Such claims of inadequate security and privacy measures are common in data breach class action litigation. Organizations should evaluate their security standards and ensure they are aligned with current best practices.
Notification Timeframe
DISA’s notification letter to affected individuals states that the unauthorized access occurred between February and April 2024. DISA sent notification letters in February 2025. One plaintiff alleges that the “unreasonable delay in notification” heightened the foreseeability that affected individuals’ personal information has been or will be used maliciously by cybercriminals.
It can take months to investigate a cyber incident and determine the nature and extent of information involved. Still, organizations who experience such incidents should be mindful of the ways in which plaintiffs can use the notification timeframe in their litigation.
Heightened Sensitivity of Social Security Numbers
One plaintiff includes in their complaint that Social Security numbers are “invaluable commodities and a frequent target of hackers.” This plaintiff alleges that, given the type of information DISA maintains and the frequency of other “high profile” data breaches, DISA should have foreseen and been aware of the risk of a cyber-attack.
The other plaintiff states that various courts have referred to Social Security numbers as the “gold standard” for identity theft and that their involvement is “significantly more valuable than the loss of” other types of personal information.
When it comes to information, not all data elements present the same level of risk if subject to unauthorized access. Organizations should track the types of information they maintain and understand that certain information may present higher risk if exposed, potentially requiring heightened security standards to protect it. The suits against DISA highlight that organizations should implement robust measures to not only minimize risk of cyber-attacks but also to minimize litigation risk in the often-inevitable class actions that follow.
Roma Patel also contributed to this article.
Federal Circuit Broadens ITC Economic Prong
In the recent decision of Lashify, Inc. v. International Trade Commission, the United States Court of Appeals for the Federal Circuit rejected the long-standing approach concerning the interpretation of the domestic-industry requirement under Section 337 of the Tariff Act of 1930. The complainant, an American company importing eyelash extensions from international manufacturers, which alleged that certain other importers were infringing on its patents.
The central legal issue in this case revolved around the interpretation of the “economic prong” of the domestic-industry requirement under 19 U.S.C. § 1337(a)(3)(B). Specifically, the panel examined whether significant employment of labor or capital related to sales, marketing, warehousing, quality control, and distribution could satisfy the economic prong, even in the absence of domestic manufacturing.
The Federal Circuit vacated the Commission’s split decision regarding the economic prong, finding that the Commission’s interpretation was contrary to the statutory text. Notably, the Court cited the Loper Bright Supreme Court decision that allows the Court to “exercise [] ‘independent judgment’ about the correctness of [the Commission’s] interpretation.”
The Court ultimately held that significant employment of labor or capital should be considered sufficient to satisfy the economic prong, regardless of whether the labor or capital is used for sales, marketing, warehousing, quality control, or distribution. The Court emphasized that the statutory language does not impose a domestic-manufacturing requirement or limit the economic prong to technical development. Rather the panel held that so long as the human activity is related to “aspects of providing [patented] goods or services,” the cost of that investment in human capital should be accounted for. This decision has significant implications for future cases involving the domestic-industry requirement under Section 337. The Federal Circuit’s interpretation broadens the scope of what can be considered significant employment of labor or capital, potentially allowing more companies to satisfy the economic prong without engaging in domestic manufacturing. This could lead to increased access to Section 337 relief for companies that focus on sales, marketing, and distribution activities within the United States.
Warby Parker Settles Data Breach Case with OCR for $1.5M
Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that between September and November of 2018, unauthorized third parties had access to customer accounts following a credential stuffing attack. The names, mailing and email addresses, payment card information, and prescription information of 197,986 patients was compromised.
Following the OCR’s investigation, it alleged three violations of the HIPAA Security Rule, “including a failure to conduct an accurate and thorough risk analysis to identify the potential risks and vulnerabilities to ePHI in Warby Parker’s systems, a failure to implement security measures sufficient to reduce the risks and vulnerabilities to ePHI to a reasonable and appropriate level, and a failure to implement procedures to regularly review records of information system activity.” The settlement reiterates the importance of conducting an annual security risk assessment and implementing a risk management program.
Blocked DOL Overtime Rule Set for Review in the Fifth Circuit (US)
On February 28, 2025, the US Department of Labor (DOL) appealed a December 2024 Texas federal trial court’s decision that blocked a Biden-era overtime rule promulgated by the DOL. This is the DOL’s second appeal following an appeal in November by the then Biden-led DOL of another Texas district court’s ruling that similarly vacated and set aside the overtime rule nationwide. Both cases were appealed to the Fifth Circuit Court of Appeals.
The DOL’s revised overtime rule went into effect in July 2024 and expanded overtime eligibility for employees by raising the salary threshold required for an employee to qualify for an overtime exemption under the Fair Labor Standards Act (FLSA). To be exempt from overtime requirements under the FLSA (time-and-one-half the regular rate of pay for hours worked in excess of 40 hours in a work week), employees must primarily perform certain job duties, be paid on a salary, not hourly, basis, and earn at least a minimum threshold salary.
Under the DOL’s 2024 rule, the annual salary threshold initially increased from $35,568 to $43,888 on July 1, 2024, and was set to increase again on January 1, 2025 to $58,656 prior to the decision by the US District Court for the Eastern District of Texas to vacate the rule in November. The rule also provided for a mechanism to increase the threshold level every three years, beginning on July 1, 2027. In November, District Court Judge Sean D. Jordan granted summary judgment, thereby blocking the rule nationwide, stating that the DOL’s “changes to the minimum salary level in the 2024 Rule exceed its statutory jurisdiction.” By setting the minimum salary threshold so high, Judge Jordan wrote, the 2024 rule “effectively eliminates” the other considerations required under the FLSA, like job duties, “in favor of what amounts to a salary-only test.”
The decision by the Trump Administration to appeal the most recent District Court decision came as a surprise to some, as it is believed by many that the Trump Administration will look to review the 2024 overtime rule and possibly get rid of it all together. However, the decision by the Trump Administration to appeal allows the DOL to defend its longstanding practice to set a salary threshold for overtime eligibility, although it appears likely the Trump DOL would set the threshold minimum much lower—closer to the $35,500 threshold minimum set by the DOL during the first Trump Administration.
We expect and will continue to monitor changes to the overtime rule as it moves through the courts under the new Trump Administration.