-
BDO USA, LLP, a Delaware limited liability partnership, is the
U.S. member of BDO International Limited, a UK company limited by
guarantee, and forms part of the international BDO network of
independent member firms. BDO is the brand name for the BDO network
and for each of the BDO Member Firms.
CENTRAL PENNSYLVANIA
BUSINESS LEADERS SUMMIT
Spooky Nook Sports2914 Spooky Nook RoadManheim, PA 17547October
19, 2016
-
Central Pennsylvania Business Leaders Summit / 2
UPCOMING EVENTS
-
Central Pennsylvania Business Leaders Summit / 3
EVENT DETAILS
Date Event Location
November 10 Let’s Talk Tax: Transfer Pricing Update
Harrisburg
November 16 The Exit Planning Crisis Advisor Roundtable –
Luncheon King of Prussia
November 22 Data Security for Small Businesses (Pennsylvania
Society of Tax & Accounting Professionals) Lancaster
December 6 Pennsylvania Banking Seminar Downingtown
December 8 New Jersey Banking Seminar Monroe Twp, NJ
December 13 Cybersecurity for Lawyers and Law Firms
Harrisburg
https://www.bdo.com/events/harrisburg-let%E2%80%99s-talk-tax-transfer-pricing-updamailto:[email protected]?subject=Exit%20Planning%20Crisis%20Advisor%20Roundtable%20Registrationhttps://na01.safelinks.protection.outlook.com/?url=http://www.mcneeslaw.com/data-security-small-businesses/&data=01|01|[email protected]|062b64862a324e5dfc8708d3f76e77d7|6e57fc1a413e405091da7d2dc8543e3c|0&sdata=pV0VxHJI2Nj4PCCZzDeUqHtbfYM8osqxz/s8bAzUzvQ%3D&reserved=0mailto:[email protected]?subject=PA%20Banking%20Seminar%20Registrationmailto:[email protected]?subject=NJ%20Banking%20Seminar%20Registrationhttps://na01.safelinks.protection.outlook.com/?url=http://www.mcneeslaw.com/cybersecurity-lawyers-law-firms/&data=01|01|[email protected]|062b64862a324e5dfc8708d3f76e77d7|6e57fc1a413e405091da7d2dc8543e3c|0&sdata=xj9pc00P9v4DhukrBppYJsQTCIi0NVvoKSOKbE5kP8I%3D&reserved=0
-
Central Pennsylvania Business Leaders Summit / 4
MERGERS & ACQUISITIONS
Joseph Burke, Transaction Advisory Services Partner, BDO USA,
LLP
Nicole Stezar Kaylor, Of Counsel, McNees Wallace & Nurick
LLC
Bob McCormack, Founder & Managing Partner, Murphy McCormack
Capital Advisors
Moderator: Michael Hund, Member, McNees Wallace & Nurick
LLC
-
Central Pennsylvania Business Leaders Summit / 5
ARE YOU PREPARED TO TRANSITION YOUR BUSINESS?
Vance Antonacci, Member, McNees Wallace & Nurick LLC
Joe Burke, Transaction Advisory Services Partner, BDO USA,
LLP
Katie Smarilli, Partner, Murphy McCormack Capital Advisors
-
Central Pennsylvania Business Leaders Summit / 6
AGENDA
Key Business Transition Facts Your Options – Consider Them Now
Prepare to Maximize Your Value/Building Value 10 Things to Help You
Prepare for Transitioning Your Business Review of Your Succession
Choices Questions
-
Central Pennsylvania Business Leaders Summit / 7
KEY BUSINESS TRANSITION FACTS
4.5 million small businesses are set to transition with over $20
trillion in value
80% of small businesses do not sell or transition, they close
their doors 75% of business owners are not familiar with the
transition process 70% not familiar with value of company 50% are
not prepared for the unexpected
-
Central Pennsylvania Business Leaders Summit / 8
KEY BUSINESS TRANSITION FACTS (CONTINUED)
Reasons that 80% Do Not Transition: Unplanned event, such as
death, disability, dispute, divorce Lack of focused planning for
exit Too much Debt and too large of a tax liability Many are small
companies and are lifestyle businesses
-
Central Pennsylvania Business Leaders Summit / 9
CONSIDER YOUR TRANSITION OPTIONS NOW
Do nothing Transition to family Management buy out ESOP
Strategic buyers Private equity/financial buyer Liquidation -
“Going out of business”
-
Central Pennsylvania Business Leaders Summit / 10
PLAN FOR UNEXPECTED CONTINGENCIES
Unexpected Succession
Death
Disability
DivorceTermination
Bad Acts
Other
-
Central Pennsylvania Business Leaders Summit / 11
HAVE YOU PROTECTED YOUR FAMILY’S WEALTH
Only 33% of business owners have completed a succession plan for
the business
Completed a will
Named a professional trustee
Created a succession plan for my business
Set up a trust fund for some or all of my household assets
Named a friend or family member to administer my estate
Obtained long-term care insurance for myself and/or
spouse/partner
Developed a comprehensive written financial plan with a
professional, including wealth transfer
31%
32%
33%
33%
44%
52%
63%
77%
Completed a living will/healthcare proxy
Source: Wealth and Values 2007-08, Presented by PNC, Prepared by
HNW, Inc. © 2007 HNW, Inc.
-
Central Pennsylvania Business Leaders Summit / 12
PREPARATION TO MAXIMIZE VALUE
• Segmentation to attract buyers
• Pipeline and forecasting
• Recurring and ‘repeat reactive’ revenue
• Run rate
• Demonstrable added value from contract base.
• Succession
• Briefing of key people
• Incentivisation
• Value of second tier management.
• Working capital
• Pension matters
• Deferred income.
• Comparability, consistency and reliability of historic and
forecast information
• Legal, financial, tax, KPIs
• Management’s financial forecast model
• Building buyers confidence.
• Demonstrating possible value add from future acquisitions
• Ability to fund/support organic growth
• Scalable platform.
• Segmentation
• Add backs/exceptional items
• Savings available to buyer
• ‘Mature’ run rate.
Information
Profit
Revenue
Strategic platform
Cash generation
VALUE MAXIMIZATION
People
-
Central Pennsylvania Business Leaders Summit / 13
BUILDING VALUE
Growing enduser markets
Diversifiedrevenue
Assetmanagement
Capitalintensive
SustainableService notjust price
One off dealsInternet auction
procurement
Hidden value
Synergies
Creatinglower capex
business model
VALUE ENHANCERS
MANAGE POTENTIAL DOWNSIDES
Fundinglines
Missingforecasts
Diligence issues/or ‘overselling’
Unprepared for process
SHAR
EHO
LDER
VAL
UE
-
Central Pennsylvania Business Leaders Summit / 14
10 STEPS YOU SHOULD TAKE NOW TO PREPARE FOR TRANSITIONING YOUR
BUSINESS
(Even if transition is years away)
-
Central Pennsylvania Business Leaders Summit / 15
#1 - GETTING STARTED -“TAKING STOCK”
Are operating agreements in place and reviewed/updated
regularly?
Do you have a quality buy-sell agreement in place if there are
multiple owners/partners?
Ongoing review of employment agreements, leases, vendor &
customer agreements
Review intellectual property, make sure patents, trademarks,
royalty agreements, etc. are in order
Has ownership completed their personal estate and financial
plans and are they current?
-
Central Pennsylvania Business Leaders Summit / 16
#2 – KNOW THE VALUE OF YOUR COMPANY
Start with Fair Market Value Know the ‘true value’ of your
company Consider all potential transition options and structures
Analyze taxes and fees of any viable option Review all risks to
your business, can your business risks be mitigated? Financial
Risk, Diversification of company operation, Management depth
competency, Industry & compliance risk, Reputational Risk
-
Central Pennsylvania Business Leaders Summit / 17
#2 – KNOW THE VALUE OF YOUR COMPANY
Start with Fair Market Value Know the ‘true value’ of your
company Consider all potential transition options and structures
Analyze taxes and fees of any viable option Review all risks to
your business, can your business risks be mitigated? Financial
Risk, Diversification of company operation, Management depth
competency, Industry & compliance risk, Reputational Risk
-
Central Pennsylvania Business Leaders Summit / 18
#3 – WILL YOUR LEADERSHIP TEAM TRANSFER THE VALUE OF YOUR
COMPANY?
Is your company singularly reliant on you? Are you the key to
your company’s growth?
What are the strengths of your leadership team? Having “Best In
Class” seasoned leadership will safeguard the transfer of value
Establish a plan to develop your team or consider hiring others
to lead the company
Consider taking an extended vacation regularly to test the
strength of your team- Give up control at least for a little
while!
-
Central Pennsylvania Business Leaders Summit / 19
#4 - QUALITY FINANCIAL REPORTING
Upgrade your financial reporting-compilation, review, audit
Eliminate ‘non business’ expenses, i.e.,
personal expenses, boat, plane, trips etc. Accurately report
inventory in advance of a transition Develop internal management
reporting systems like performance score cards Respond to data
requests in a timely fashion Be sure your CPA understands business
transitions & transition tax issues.
Does your CPA have credibility with financial institutions?
-
Central Pennsylvania Business Leaders Summit / 20
#5 - ARTICULATE A STRATEGY FOR THE FUTURE OF YOUR COMPANY
Articulate clearly the future opportunity of your business to
the next owner. Will you support this plan after a transition?
Prepare realistic and supportable financial projections
including key assumptions
Consider all paths open to you for growth and continued success,
be prepared to move outside your current comfort zone in this
process
-
Central Pennsylvania Business Leaders Summit / 21
#6 - CUSTOMER CONCENTRATIONS
Diversify revenue among customers Any customer accounting for
40% or more of your revenue
is a risk in a transition
Mitigate risks of client retention now Written agreements with
customers Broaden the pipeline
Review existing agreements for ability to transfer Establish
multiple points of contact within the company Review your vendor
relationships
-
Central Pennsylvania Business Leaders Summit / 22
#7 - WORKING CAPITAL
Working Capital is the lifeblood of the cash flow of the company
Manage your working capital levels Collect accounts receivable,
clean up ‘past due’ accounts receivable Reduce obsolete inventory
Build quality processes for billing, collection, purchases,
controls Understand the definition of working capital in the
purchase agreement and
impact on valuation
-
Central Pennsylvania Business Leaders Summit / 23
#8 - CAPITAL EXPENDITURES
Manage capital expenditures wisely Document your capital
expenditure and repair policy Document the difference between
growth capital
cap ex & maintenance cap ex Consider your tax liability in
terms of both year end
company/cash impact and the impact on your transition plans
-
Central Pennsylvania Business Leaders Summit / 24
#9 – IS YOUR ‘HOUSE’ IN ORDER?
Clean and orderly operation/facility is important your
successful operation Ensure that safety requirements are being met
and in use Well-organized facility is indicative of an effective
management team and
efficient overall operation
-
Central Pennsylvania Business Leaders Summit / 25
# 10 - FAMILY ISSUES
Document family members who are not actively involved in your
business but receiving compensation
Eliminate discretionary spending or at a minimum document it
Have a well thought out financial plan outside of the business
-
Central Pennsylvania Business Leaders Summit / 26
UNDERSTANDING THE CHOICES
Succession Choices
Internal External
Employees
Employee Stock Option Plan (ESOP)
Management Buyout
Sale Recapitalized
InfusionFamily
Sale Gift
Combo
-
Central Pennsylvania Business Leaders Summit / 27
Thank you!
-
Central Pennsylvania Business Leaders Summit / 28
LUNCH & KEYNOTE PRESENTATION
-
Central Pennsylvania Business Leaders Summit / 29
THE IMPACT OF THE ELECTION IN THE ECONOMYMatías Vernengo,
Economics Professor, Bucknell University; Co-editor of the Review
of Keynesian Economics
-
Central Pennsylvania Business Leaders Summit / 30
PLAN OF THE TALK
General overview of the macroeconomy;Brief discussion of
possible effects of policy plans and the likelihood that they can
be adopted after the election;What to expect for next year.
-
Central Pennsylvania Business Leaders Summit / 31
SLOW RECOVERY AND STAGNATION
The presidential campaign will offer conflicting narratives
about how the US economy is faring and how well incumbent
policymakers have managed the recovery from the Great Recession;We
are enduring one of the slowest economic recoveries in recent
history, and the pace can be entirely explained by the fiscal
austerity, particularly with regard to spending;Since the
recovery’s trough in June 2009, employment took longer (51 months)
to reach its prerecession peak than in any other of the previous
three recoveries.
-
Central Pennsylvania Business Leaders Summit / 32
EMPLOYMENT RECOVERY
Since the recovery’s trough in June 2009, employment took longer
(51 months) to reach its prerecession peak than in any other of the
previous three recoveries.
-
Central Pennsylvania Business Leaders Summit / 33
FISCAL AUSTERITY
The figure shows the growth in per capita spending by federal,
state, and local governments following the troughs of the four
recessions. Astoundingly, per capita government spending in the
first quarter of 2016—27 quarters into the recovery—was nearly 3.5
percent lower than it was at the trough of the Great Recession. By
contrast, 27 quarters into the early 1990s recovery, per capita
government spending was 3 percent higher than at the trough, 23
quarters following the early 2000s recession (a shorter recovery)
it was 10 percent higher, and 27 quarters into the early 1980s
recovery it was 17 percent higher.
-
Central Pennsylvania Business Leaders Summit / 34
UNEMPLOYMENT
Civilian unemployment is at round 5 percent, which is low and
suggests the economy is doing well. However, broader measures of
unemployment, including part time workers, is almost double that
figure at 9.7 percent. The labor market is less robust than most
people think.
-
Central Pennsylvania Business Leaders Summit / 35
CIVILIAN EMPLOYMENT-POPULATION RATIO
The employment-population ratio that provides a better picture
of the labor market only started to recover in the last couple of
years. In other words, only recently employment growth started to
outpace population growth, and the reason for relatively low
unemployment numbers is that the labor participation rate is still
relatively low.
-
Central Pennsylvania Business Leaders Summit / 36
EXTERNAL BALANCES
The current account deficit, and the more recent appreciation of
the dollar, have also compounded fears related to international
trade and its effects on the US economy.
-
Central Pennsylvania Business Leaders Summit / 37
POLICY PLANS AND IMPLEMENTATION
If we simplify the policy proposals we can say that Mr. Trump is
focusing on cutting taxes, eliminating regulation and ending trade
deals, while Mrs. Clinton, on the other hand, wants to raise taxes
on the wealthy, increase spending on job training and lower taxes
on companies that hire more Americans;There are other issues that
might result from the election, from the rejection of ‘Obamacare’
to the privatization of Social Security, if Republicans win, to the
expansion of health benefits, and the expansion of debt-free
college benefits in the case of a Democratic victory;However, while
a Democratic victory seems (at least now) more plausible,
Republicans are almost certain to retain the House, if not the
Senate. Thus, a Democratic president might encounter the same
gridlock we have had for the last 6 years.
-
Central Pennsylvania Business Leaders Summit / 38
SECULAR STAGNATION
The possibility of expanding demand in the near future are
bleak. Government will be paralyzed by gridlock, and income
inequality might reduce the ability of households to expand
consumption. Investment will be negatively impacted by both trends,
since evidence suggests that the number one driver of business
investment are sales (interest rates cannot be any lower, and might
arguably be higher next year);Productivity figures have also been
disappointing and there is little hope that an expansion of the
supply capacity could lift the economy its current whole;Hope
springs eternal!
-
Central Pennsylvania Business Leaders Summit / 39
FEDERAL TAX POLICY AND LEGISLATIVE UPDATEKevin Anderson,
National Tax Partner, BDO USA, LLP
-
Central Pennsylvania Business Leaders Summit / 40
AGENDA
Recently Enacted Tax Legislation Other Legislative Activity
Other Updates from IRS and Treasury Prospects for Fundamental Tax
Reform Presidential Candidates’ Tax Proposals Questions and
Answers
-
Central Pennsylvania Business Leaders Summit / 41
FEDERAL TAX UPDATERECENTLY ENACTED TAX LEGISLATION
-
Central Pennsylvania Business Leaders Summit / 42
PROTECTING AMERICANS FROM TAX HIKES ACT OF 2015 (“PATH ACT”)
Pub. L. No. 114-113, Div. Q, signed December 18, 2015:• Extended
most expired tax provisions retroactively to the beginning of 2015•
Made many provisions permanent• Phased out other provisions
No effort to offset costs of decreased revenues• Five-year
revenue loss of $396 billion, FY 2016 through 2020• Second
five-year revenue loss of $226 billion, FY 2021 through 2016• Total
ten-year revenue loss of $622 billion
-
Central Pennsylvania Business Leaders Summit / 43
PATH ACT/REVENUE IMPLICATIONS
$- $20,000 $40,000 $60,000 $80,000
$100,000 $120,000 $140,000 $160,000 $180,000
2016 2017 2018 2019 2020 2021 2022 2023 2024 2025
Projected Revenue Loss
$ (Millions)
-
Central Pennsylvania Business Leaders Summit / 44
PATH ACT/RESEARCH AND DEVELOPMENT CREDIT
Principal features of the PATH Act for R&D credits:• Credit
is expanded and made permanent• Enhanced utilization for “eligible
small businesses,” giving the credit
“specified credit” status so as to offset both regular tax and
AMT• Payroll tax offsets for “qualified small businesses,” which
are likely to have
little or no income tax liability
Key definitions and limitations:• “Eligible small business” has
average annual gross receipts not exceeding
$50 million for three preceding taxable years• “Qualified small
business” may offset up to $250,000 of payroll tax liabilities
in each year for up to five years
-
Central Pennsylvania Business Leaders Summit / 45
PATH ACT/BONUS DEPRECIATION
Brief history of bonus depreciation provisions:• Originally
enacted at 30% for property acquired and placed in service
after
September 10, 2001• Increased to 50% for property acquired and
placed in service after May 5,
2003• Allowed to expire effective January 1, 2005 (with certain
exceptions)• Reinstated at 50% for property acquired and placed in
service after
December 31, 2007, temporarily• Increased to 100% for property
placed in service from September 9, 2010,
through December 31, 2011• Further extended at 50% for property
placed in service after 2011 and
through December 31, 2014
-
Central Pennsylvania Business Leaders Summit / 46
PATH ACT/BONUS DEPRECIATION (CONT’D)
PATH Act further temporary extensions:• 50%, for property placed
in service through 2017• 40%, for property placed in service in
2018• 30%, for property placed in service in 2019• Retained a
complex provision to make certain AMT credits refundable if the
taxpayer forgoes bonus depreciation
-
Central Pennsylvania Business Leaders Summit / 47
PATH ACT/OTHER DEPRECIATION PROVISIONS
First-year expensing increased limitations made permanent:•
Annual limitation is $500,000 in fixed assets acquired and placed
in service• Annual limitation is reduced dollar-for-dollar for
total fixed asset additions
in excess of $2 million for the year• Both amounts to be indexed
for inflation beginning in 2016
15-year recovery period made permanent for:• Qualified leasehold
improvements• Qualified restaurant property• Qualified retail
improvements
-
Central Pennsylvania Business Leaders Summit / 48
PATH ACT/OTHER BUSINESS PROVISIONS
International tax provisions:• Active financing exception from
subpart F provisions (permanent)• Subpart F “look-through rule” for
controlled foreign corporations (through
2019)
S corporation provisions made permanent:• Five-year recognition
period for section 1374 built-in gains tax• Favorable stock basis
adjustments for charitable contributions of
appreciated property
Affordable Care Act provisions temporarily suspended:• Medical
devices excise tax suspended for 2016 and 2017• “Cadillac” tax on
high-cost health plans delayed for two years (to 2020)• Health
insurance provider fee suspended for 2017
-
Central Pennsylvania Business Leaders Summit / 49
PATH ACT/OTHER BUSINESS PROVISIONS (CONT’D)
Section 1202 exclusion for small business stock made permanent
at 100%
Extensions through 2019:• Work opportunity tax credit• New
markets tax credit
Variety of other business incentive provisions extended only for
two years, through 2016
Variety of energy incentives extended for varying periods,
through 2019
-
Central Pennsylvania Business Leaders Summit / 50
PATH ACT/INDIVIDUAL PROVISIONS
Variety of personal/individual tax provisions made permanent:•
Deduction for state sales and use taxes in lieu of state and local
income
taxes• American Opportunity Tax Credit• Increased child tax
credit amounts• Above-the-line deduction for up to $250 of
out-of-pocket expenses of
elementary and secondary school teachers• Earned income credit
enhancements• Transit benefits parity• Favorable treatment of
charitable distributions from IRAs
-
Central Pennsylvania Business Leaders Summit / 51
PATH ACT/INDIVIDUAL PROVISIONS
Variety of personal tax provisions extended for two years
(through 2016):• Above-the-line deduction for qualified tuition and
fees for post-secondary
education• Limited exclusion for income from cancellation of
mortgage debt• Deduction of mortgage insurance premiums as home
mortgage interest
-
Central Pennsylvania Business Leaders Summit / 52
OTHER ENACTED TAX LEGISLATION
Pub. L. No. 114-94, signed December 4, 2015:• Fixing America’s
Surface Transportation (“FAST”) Act
Non-highway revenue provision; Act Section 32102 directs the IRS
to:• Enter into qualified tax collection contracts to collect
outstanding inactive
tax receivables;• Establish a program to hire, train, and employ
special compliance personnel
to collect taxes using the automated collection system; and•
Provide a progress report to congressional committees.
See IR-2016-125 for recent implementation.
-
Central Pennsylvania Business Leaders Summit / 53
OTHER ENACTED TAX LEGISLATION (CONT’D)
Pub. L. No. 114-239, signed October 7, 2016:• United States
Appreciation for Olympians and Paralympians Act of 2016
Key provisions:• Exempts from income tax the value of medals and
prize money received for
competing in Olympic Games or Paralympic Games• Not available to
individuals with adjusted gross income exceeding $1 million
for the taxable year• Effective for prizes and awards received
after December 31, 2015
-
Central Pennsylvania Business Leaders Summit / 54
FEDERAL TAX UPDATEOTHER LEGISLATIVE ACTIVITY
-
Central Pennsylvania Business Leaders Summit / 55
THE APPROPRIATIONS CALENDAR
Federal Government’s fiscal year ends on September 30 Pub. L.
No. 114-223, signed September 29, 2016:
• Continues appropriations for all government operations at
prior levels, with approximately ½% across-the-board reductions
• Expires December 9, 2016 Principal “hot button” spending
issues
• Zika funding• Emergency relief for Louisiana flooding• Water
resources (Flint, Michigan, and elsewhere)
-
Central Pennsylvania Business Leaders Summit / 56
CONGRESS AND THE IRS/PROPOSED LEGISLATION
H.R. 3724• Prevents the IRS from rehiring any individual who was
previously discharged
due to misconduct
H.R. 4890• Prevents the IRS from paying any bonuses to employees
until it has adopted
a comprehensive customer service strategy
H.R. 1206• Prevents the IRS from hiring any employee until the
Secretary of the
Treasury certifies that no employee has seriously delinquent tax
debt
-
Central Pennsylvania Business Leaders Summit / 57
CONGRESS AND THE IRS/PROPOSED LEGISLATION (CONT’D)
H.R. 5053, Preventing IRS Abuse and Protecting Free Speech Act•
Prevents the IRS from requiring a section 501(c) organization to
provide any
donor information, with two limited exceptions
H.R. 4885, IRS Oversight While Eliminating Spending (OWES) Act
of 2016• Requires all IRS user fees to be deposited into the
general fund of the
Treasury
-
Central Pennsylvania Business Leaders Summit / 58
OTHER CHALLENGES FOR THE IRS
Continued budget pressures• Agency annual appropriations reduced
by $900 million since 2010• Total headcount down 17,000 since 2010,
2,000 in last year alone• Audit coverage at historic lows
Increasing demands from new tax legislation Section 501(c)(4)
investigations Glimmers of hope
• Following supplemental appropriation of $290 million
specifically for taxpayer service, identity theft, and
cybersecurity, hired 1,000 employees to staff phone lines
• Near-term plans to hire 600 to 700 employees in enforcement
areas
-
Central Pennsylvania Business Leaders Summit / 59
STILL ANOTHER CHALLENGE
Rep. Jason Chaffetz (R-Utah) has introduced a resolution to
impeach Commissioner John Koskinen
Joined by 18 House Oversight Committee members, it alleges that
the Commissioner:• Engaged in a pattern of conduct that is
incompatible with his duties as an
Officer of the United States;• Engaged in a pattern of deception
that demonstrates his unfitness to serve
as Commissioner;• Has acted in a manner inconsistent with the
trust and confidence placed in
him as an Officer of the United States; and• Has failed to act
with competence and forthrightness in overseeing the
investigation into IRS targeting of Americans.
May 24 House Judiciary Committee hearings
-
Central Pennsylvania Business Leaders Summit / 60
FEDERAL TAX UPDATEOTHER UPDATES FROM IRS AND TREASURY
-
Central Pennsylvania Business Leaders Summit / 61
SIGNIFICANT REGULATORY DEVELOPMENTS
Section 385 regulations• Proposed April 4; finalized (mostly)
October 13• Imposes new documentation requirements on related-party
debt• May recharacterize significant related-party debt as
equity
Proposed Section 2704 regulations• Would significantly reduce
the use of valuation discounts in making gifts of
closely-held business interests• Public hearing scheduled for
December 1; finalized before January 20, 2017?
-
Central Pennsylvania Business Leaders Summit / 62
FEDERAL TAX POLICY AND LEGISLATIVE UPDATEPROSPECTS FOR
FUNDAMENTAL TAX REFORM
-
Central Pennsylvania Business Leaders Summit / 63
FACTORS MOTIVATING TAX REFORM
Nominal corporate tax rates (highest or nearly highest)
International competitiveness Treatment of foreign investment by
U.S. businesses
• Deferral (generally) if in foreign subsidiaries• Subpart F
income• Repatriation of earnings• Reinvestment in United States
property• Foreign tax credits• Transfer pricing (arm’s length)
standards
-
Central Pennsylvania Business Leaders Summit / 64
FACTORS MOTIVATING TAX REFORM (CONT’D)
Complexity of the Internal Revenue Code Frequent changes to tax
provisions Continued reliance on temporary/expiring tax provisions
Compliance burdens resulting from complexity Use of Internal
Revenue Code to achieve certain social and economic
goals (substitute for grant programs)• Retirement and investment
incentives• Treatment of health care benefits, including Affordable
Care Act provisions• Education incentives• Adoption
incentives/subsidies• Capital gains incentives
-
Central Pennsylvania Business Leaders Summit / 65
GOP “BETTER WAY” TAX REFORM PROPOSALS
1986-style tax reform consisting of:• Reduced tax rates• Broaden
the base by eliminating or reducing a wide variety of tax
benefits
for business and individual taxpayers
Overview of tax rates and proposals:• Top corporate tax rate of
20% (compared with current 35%)• Individual split top rates of 25%
and 33% (compared with current 39.6%)• Eliminate need for itemized
deductions for approximately 95% of individual
taxpayers• Significant reform of international taxation
-
Central Pennsylvania Business Leaders Summit / 66
THE “DYNAMIC SCORING” DEBATE
“Static” vs. “dynamic” estimates of changes in revenues:• A
“static” estimate takes expected behavioral changes into account
but not
macroeconomic changes• A “dynamic” estimate takes expected
macroeconomic changes into account,
including growth in jobs and in the economy (GDP)
The “Better Way” blueprint is said to be revenue neutral using
dynamic scoring
-
Central Pennsylvania Business Leaders Summit / 67
PRINCIPAL BUSINESS/CORPORATE TAX PROPOSALS
Reduce corporate tax rate to 20% Repeal section 199 (domestic
production) deduction Full expensing of capital improvements No
current deduction for “net investment interest” Modify (but retain)
the research credit Permit net operating losses to be carried
forward indefinitely
-
Central Pennsylvania Business Leaders Summit / 68
PRINCIPAL BUSINESS/CORPORATE TAX PROPOSALS (CONT’D)
Retain last-in, first-out (“LIFO”) inventory methods Repeal
corporate alternative minimum tax Provide for lower rate of tax on
business income taxed to individuals,
e.g., sole proprietorships, S corporations, and partnerships
-
Central Pennsylvania Business Leaders Summit / 69
PRINCIPAL INTERNATIONAL TAX PROPOSALS
Switch from world-wide to territorial system:• Border adjustment
system taxes sales to United States customers, whether
the taxpayer is foreign or domestic• Conversely, the system
exempts sales to foreign customers are exempt,
whether the taxpayer is foreign or domestic
Represents move toward consumption tax The “toll tax” has two
parts:
• An 8.75% tax on accumulated foreign earnings held in cash or
cash equivalents; and
• A 3.5% tax on other accumulated foreign earnings.
-
Central Pennsylvania Business Leaders Summit / 70
PRINCIPAL FEATURES OF INDIVIDUAL TAX PROPOSALS
Reduce tax rates across the board• Maximum tax rate of 33% (down
from 39.6%)• Lower tax rates for business income taxable at
individual rates
Repeal individual alternative minimum tax Permit a 50% deduction
for net capital gains, dividends, and interest
income Larger standard deduction and enhanced child and
dependent tax
credit—replaces five current provisions Continue earned income
tax credit
-
Central Pennsylvania Business Leaders Summit / 71
PRINCIPAL FEATURES OF INDIVIDUAL TAX PROPOSALS (CONT’D)
Simplify benefits for higher education Retention/modification of
other tax benefits:
• Mortgage interest deduction• Unspecified incentives for
charitable giving• Tax incentives for savings and retirement
Repeal other exemptions, deductions, and credits Repeal the
estate tax
-
Central Pennsylvania Business Leaders Summit / 72
INDIVIDUAL INCOME TAX RATES FOR 2016
Married Filing Jointly or Qualifying Widow(er)
If taxable income is: The tax will be:Not over $18,550 10% of
taxable income
Over $18,550 but not over $75,300 $1,855 plus 15% of the excess
over $18,550
Over $75,300 but not over $151,900 $10,367.50 plus 25% of the
excess over $75,300
Over $151,900 but not over $231,450 $29,517.50 plus 28% of the
excess over $151,900
Over $231,450 but not over $413,350 $51,791.50 plus 33% of the
excess over $231,450
Over $413,350 but not over $466,950 $111,818.50 plus 35% of the
excess over $413,350
Over $466,950 $130,578.50 plus 39.6% of the excess over
$466,950
-
Central Pennsylvania Business Leaders Summit / 73
INDIVIDUAL TAX RATE COMPARISONS
Current Law The GOP “Better Way”
10%0%/12%*
15%
25%25%
28%
33%• 25% on “small business income”• 33% on other income35%
39.6%
*Treats increased standard deduction as an effective 0% tax
rate
-
Central Pennsylvania Business Leaders Summit / 74
LARGEST TAX EXPENDITURES, 2014-2018
$1,245 $805
$633 $421 $405
$353 $350
$316 $286
$209
$- $200 $400 $600 $800 $1,000 $1,200 $1,400
HealthcareRetirement savings
Dividends/LTCGCFC deferral
Mortgage interestEITC
Medicare benefitsState and local tax
Child tax creditsSoc. Sec. benefits
Source: Joint Committee on Taxation Dollar amounts in
billions
-
Central Pennsylvania Business Leaders Summit / 75
FEDERAL TAX POLICY AND LEGISLATIVE UPDATEPRESIDENTIAL
CANDIDATES’ TAX PROPOSALS
-
Central Pennsylvania Business Leaders Summit / 76
PROJECTED EFFECTS ON FEDERAL DEBT
Category Clinton Trump
Unfunded policies $ 150 $ 100
Tax cut 4,500
Interest on debt 50 700
Totals $ 200 $5,300
All numbers are in billions of dollars.
-
Central Pennsylvania Business Leaders Summit / 77
PROJECTED EFFECTS ON FEDERAL DEBT
$2.1T
$6.8T
$2.25T
$1.5T
$200B new debt
$5.3T new debt
CLINTON TRUMP
Savings/ New taxes
Spending/ tax cuts
$2T
0
-2
-4
-6T
Source: The Washington PostNote: Numbers may not add to total
due to rounding.
-
Central Pennsylvania Business Leaders Summit / 78
“DISTRIBUTIONAL” EFFECTS OF TAX PLANS
-
Central Pennsylvania Business Leaders Summit / 79
CORPORATE TAX PROPOSALS—TRUMP
Reduce corporate tax rate from 35% to 15%:• Lower rate
presumably applies to business income otherwise taxed at
individual rates• Deemed repatriation of foreign earnings at 10%
tax rate
Retains research credit; repeals most other corporate tax
expenditures Potential (elective) full expensing of improvements by
manufacturers:
• Taxpayer must give up deduction for interest• Otherwise, may
keep depreciation and interest expense deductions
-
Central Pennsylvania Business Leaders Summit / 80
INDIVIDUAL TAX PROPOSALS—TRUMP
Across-the-board rate reduction:• Similar to GOP “Better Way”
plan, with rates of 12%, 25%, and 33%• Generally retains structure
of capital gains tax rates (0%, 15%, and 20%)• Presumably offers
15% maximum tax rate on business income available to
corporations
Limit overall deductions to $100,000 for single filers and
$200,000 for married couples
Standard deduction increased to $15,000 for single filers and
$30,000 for married couples
-
Central Pennsylvania Business Leaders Summit / 81
INDIVIDUAL TAX PROPOSALS—TRUMP (CONT’D)
Replace deduction for personal exemptions with child-care tax
benefits Eliminate the alternative minimum tax Tax carried interest
as ordinary income Repeal estate tax
• In exchange, carryover basis at death will apply to estates
valued over $10 million
Disallow contributions of appreciated assets to private
charities established by decedent or related persons
-
Central Pennsylvania Business Leaders Summit / 82
INDIVIDUAL TAX PROPOSALS—CLINTON
Add another marginal tax rate for high-income taxpayers (taxable
income in excess of $5 million):• Increase from 39.6% to 43.6%•
Maximum capital gains tax rate would increase from 20% to 24%
Enact the “Buffett Rule” tax, a minimum 30% on individuals with
adjusted gross income of $1 million or more
Restore the estate tax to 2009 parameters:• Maximum tax rate of
45% (up from 40%); and• Exemption of $3.5 million per estate (down
from $5.45 million).
-
Central Pennsylvania Business Leaders Summit / 83
INDIVIDUAL TAX PROPOSALS—CLINTON (CONT’D)
Impose a sliding scale maximum long-term capital gains tax rate,
based on holding period:• Two years or less at ordinary income tax
rates• More than two years, up to three years, 36%• More than three
years, up to four years, 32%• Reduced by four percentage points for
each additional year• Lowest rate is 20% at more than six years•
All rates increased by 4% for high-income taxpayers
Caps the value of all itemized deductions at 28% Tax carried
interest as ordinary income
-
Central Pennsylvania Business Leaders Summit / 84
QUESTIONS & ANSWERS
For Additional Questions Please Contact:
BDO USA, LLP — Washington, D.C.Kevin D. AndersonPartner,
National Tax Office(202) [email protected]
mailto:[email protected]
-
Central Pennsylvania Business Leaders Summit / 85
CYBERSECURITY BREAKOUT SESSIONS
-
Central Pennsylvania Business Leaders Summit / 86
DON’T BE THE NEXT HEADLINE: AVOIDING LEGAL LIABILITY FOR DATA
BREACHESDevin Chwastyk, J.D., CIPP/US, Chair, McNees Privacy &
Data Security Group, Of Counsel, McNees Wallace & Nurick
LLC
-
Central Pennsylvania Business Leaders Summit / 87
THE COSTS OF INFORMATION SECURITY BREACHES
Average cost incurred by a business for each lost or stolen
record is $150 Victims spend an average of 25 – 175 hours
to resolve problems caused by identity theft, together with $50
- $2,000 (excluding attorney's fees)
Direct costs to businesses may pale in comparison to
reputational damage, which can be very expensive in terms of lost
consumer trust and brand loyalty
ALFA International 2015 Client Seminar Poll:• Has your
organization experienced a data
breach? Yes (32%); No (68%)
• Does your organization have a written data breach response
policy? Yes (45%); No (55%)
• Do you have cyber liability insurance? Yes (52%); No (48%)
• Do you believe your organization is well prepared to respond
to a data breach? Yes (31%); No (69%)
-
Central Pennsylvania Business Leaders Summit / 88
THE COSTS OF INFORMATION SECURITY BREACHES
A list of products/services offered in the principal black
markets:
Credit card information• CVV (name and address, card number,
expiration date, and CVV2): less than $10
• Dumps: magnetic stripe information: $20-80
Fullz• Name, address, credit card information,
social security number, date of birth, and more: $100
Paypal/Ebay account records: $2 and up
Source: InfoSec Institute
-
Central Pennsylvania Business Leaders Summit / 89
WHAT WE TALK ABOUT WHEN WE TALK ABOUT "PERSONALLY IDENTIFIABLE
INFORMATION"
In the U.S., Personally Identifiable Information ("PII") is
generally defined as: First name, or first initial, and last
name
of an individual in combination with: 1. SSN; 2. Driver's
license number or state ID number; 3. or, financial account, debit,
or credit card
number in combination with security code or password
Outside the U.S., "Personal Information" is defined more
broadly: Any information relating to an identified
or identifiable natural person• "Direct" or "indirect"
identification, i.e.,
Devin Chwastyk, or, the McNees lawyer who lives on Boas
Street
• Broadly drawn to encompass website cookies, IP addresses,
factors specific to physical, physiological, mental, economic,
cultural or social identity
"Sensitive personal data" afforded extra protection:• Data
relating to racial or ethnic origin,
political opinions, religious or philosophical beliefs,
trade-union membership, and health or sex life
-
Central Pennsylvania Business Leaders Summit / 90
TYPES OF DATA EXPOSURE EVENTS
Electronic intrusions: Hacking (unauthorized access to a
network)• Insiders and outsiders
Ransomware Malware Skimming (POS attacks)
Physical loss of control: Theft or loss
• Unencrypted hardware• Laptops, hard drives, backup tapes,
mobile
devices
• Paper records Employee error/negligence Vendor
error/negligence
-
Central Pennsylvania Business Leaders Summit / 91
APPLICABLE PRIVACY LAWS
1. State data breach notification laws2. State data security
requirements3. Federal Trade Commission – unfair trade practices4.
Federal laws (industry specific)
a. HIPAA/HITECH Act (health care providers/insurers)b. Privacy
Act and Federal Information Security Management Act (public
sector)c. Family Educational Rights and Privacy Act (education
institutions)d. Gramm-Leach-Bliley Act (financial institutions)
5. Payment Card Industry Data Security Standard (PCI-DSS)6.
Approximately 109 foreign data privacy laws and regulations
a. Examples:1. GDPR and Privacy Shield (EU)2. Data protection
regulations (European states)3. PIPEDA (Canada)
7. Contractual liability
-
Central Pennsylvania Business Leaders Summit / 92
PENNSYLVANIA BREACH OF PERSONAL INFORMATION NOTIFICATION ACT
An entity that maintains, stores or manages computerized data
that includes personal information shall provide notice of any
breach of the security of the system following discovery of the
breach of the security of the system to any resident of this
Commonwealth whose unencrypted and unredacted personal information
was or is reasonably believed to have been accessed and acquired by
an unauthorized person.
"Breach of the security of the system" means the unauthorized
access and acquisition of computerized data that materially
compromises the security or confidentiality of personal information
maintained by the entity as part of a database of personal
information regarding multiple individuals, and that causes (or the
entity reasonably believes has caused or will cause) loss or injury
to any PA resident. 47 states have similar breach notification laws
Laws vary as to notification requirements and
whether reasonable likelihood of harm is required to trigger
notification
-
Central Pennsylvania Business Leaders Summit / 93
STATE DATA SECURITY REQUIREMENTS
Beyond notification laws, some states impose affirmative data
security requirements on entities collecting
personally-identifiable information of their residents At least 12
states—Arkansas, California,
Connecticut, Florida, Indiana, Maryland, Massachusetts, Nevada,
Oregon, Rhode Island, Texas and Utah—have imposed broader data
security requirements
Many impose obligations to dispose of physical and electronic
records when no longer needed for business purposes by burning,
shredding, erasing
Some states impose general requirement that organizations
implement "reasonable safeguards" (e.g., California)
Massachusetts requires organizations implement a WISP (written
information security program)• Plan must address 10 specific
topics
including with regard to use of vendors and employee
discipline
• Imposes specific technical requirements, including access
controls, firewalls, encryption, and training
New York Department of Financial Services in October issued new
regulations applicable to banks, insurers, and vendors who contract
with those entities
-
Central Pennsylvania Business Leaders Summit / 94
FEDERAL TRADE COMMISSION: UNFAIR TRADE PRACTICES
FTC v. Wyndham: 3rd Circuit decision (August 2015)
Repeated hacking of Wyndham Hotels' system had exposed the
personally identifiable information (including payment card
information) of more than 619,000 consumers, resulting in more than
$10.6 million in fraud
FTC alleged this failure amounts to an "unfair or deceptive act
or practice" under FTC Act
Wyndham argued it was mere negligence
Third Circuit holding: A company does not act equitably when
it
publishes a privacy policy to attract customers who are
concerned about data privacy, fails to make good on that promise by
investing inadequate resources in cybersecurity, exposes its
unsuspecting customers to substantial financial injury, and retains
the profits of their business.
Upheld FTC standing to bring enforcement actions
-
Central Pennsylvania Business Leaders Summit / 95
PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS
Industry regulation (VISA, MasterCard, Discover, AmEx, JCB)•
Requires organizations that handle
credit/debit cards to conform to security standards and follow
testing/reporting requirements
• Applies to merchants, payment processors, POS vendors,
financial institutions
• Entities that fail to comply face fines ($5,000 - $25,000),
increases in transaction fees, and revocation of authorization to
accept credit/debit transactions
PCI-DSS Requirements:• Build and maintain a secure network•
Protect cardholder data• Maintain a vulnerability management
program• Implement strong access control measures• Regularly
monitor and test networks• Maintain an information security
policy
-
Central Pennsylvania Business Leaders Summit / 96
EU GDPR AND PRIVACY SHIELD
The EU-US "Safe Harbor" is gone• Schrems v. Data Protection
Commissioner
(October 6, 2015)• European Court of Justice finds that U.S.
law
does not afford adequate protection to personal data
• Safe Harbor thrown out entirely• Any company exporting data
out of the EU
potentially liable for violations of the Data Privacy Directive•
Fines can be assessed by any member state
up to 2% of "global gross income" of the organization
New EU-U.S. "Privacy Shield"• Companies collecting data of EU
residents in
the EU and exporting that data must satisfy EU laws
• Privacy Shield is a compliance mechanism• Requires
certification filed with U.S.
government• Privacy Shield will still be challenged in
European courts on same grounds as Schrems
-
Central Pennsylvania Business Leaders Summit / 97
EU GDPR AND PRIVACY SHIELD
Privacy Shield imposes safeguards on privacy of personal
information of EU residents • Notice: clear/conspicuous notice: of
types
of data collected and purposes for collection; of all third
parties involved; of right to access/control; of recourse
mechanisms
• Choice: readily available opt out for personal data• Opt-in
requirement for data related to health,
racial or ethnic origin, political and religious opinions, trade
union membership, or revealing an individual's sex life
Organizations must take reasonable measures to protect data from
loss, misuse, unauthorized access; measures must be appropriate to
the risks involved and nature of the personal data
Data collection limited to data "relevant for the purposes of
processing"
Organization remains bound indefinitely when data is collected
under the Shield
Individuals must be permitted access to data and opportunity to
correct, amend, or delete information that is inaccurate
Complaints may be made to third party resolution bodies in U.S.
or EU
-
Central Pennsylvania Business Leaders Summit / 98
EU GDPR AND PRIVACY SHIELD
EU’s new General Data Protection Regulation will take effect in
2018• Under the GDPR, "personal data" is defined
as "any information relating to an individual, whether it
relates to his or her private, professional or public life."
• Encompasses data related to genetic, mental, economic,
cultural, or social identity• Name, a photo, an email address, bank
details,
posts on social networking websites, medical information, or a
computer’s IP address.
GDPR requires notice and valid consent for all data collected
(opt-in only; consent may be withdrawn)• In case of a data
breach:
• EU data authorities must be notified "immediately" of a
breach;
• Individuals must be notified if an "adverse impact" is
determined;
• No de minimis exception
Sanctions from warning to fines up to the greater of $20m EUR or
4% of annual global gross income • GDPR provides for
extraterritorial
enforcement; jurisdictional questions are certain to arise
-
Central Pennsylvania Business Leaders Summit / 99
CONTRACTUAL LIABILITY
By agreement, a party can obligate another to safeguard
information provided in the course of their contractual
relationship• Parties also contractually can place
limitations on liability for a data breach• In commercial
contracts, assignments and
limitations of liability can conform to cyber insurance
coverage
For consumers, a company’s outward-facing privacy policy governs
the company’s collection, storage, and use of consumer data•
Lawsuits (including class actions) have
alleged the failure to protect data deprives the customer of the
“benefit of the bargain,” entitling the customer to a partial
refund of price/fees paid for goods/services• Such claims do not
require the customer to
show actual harm resulting from the exposure of their data
-
Central Pennsylvania Business Leaders Summit / 100
THE LIABILITY LANDSCAPE
Any publicized data breach is a target for plaintiffs' lawyers
and class action litigation• Claims for negligence, breach of
implied
contracts, violations of state privacy laws,
misrepresentation
• Offer of credit monitoring will not avoid lawsuits
The key issue is standing: have the class members suffered some
cognizable harm?• Mere fear of future harm? Or real financial
impact?
U.S. Supreme Court decisions:• Clapper v. Amnesty International
USA: 2013
ruling by U.S. Supreme Court regarding challenge to government
wiretapping• Plaintiff’s contention that communications
likely would be intercepted in the future was not sufficient to
establish standing
• Alleged injury was hypothetical, future harm vs.
injury-in-fact
• Spokeo Inc. vs. Robins: 2016 decision regarding FCRA claim
with no consequential harm, only statutory violation• An
“injury-in-fact” must be both concrete and
particularized
-
Central Pennsylvania Business Leaders Summit / 101
THE LIABILITY LANDSCAPE
Post-Spokeo, courts have struggled to interpret
"injury-in-fact"• Some courts have found that alleged
"imminent threat of identity theft" is insufficient to sue
• Other courts have found harm not speculative where data has
been stolen by criminals even where no actual misuse has
happened
• Allegations of "tangible harm" (fraudulent charges, fees,
costs of identity monitoring) have been more successful
• Spokeo not a "magic bullet" for defendants: in 3 months
post-Spokeo, 32 decisions addressed standing: 22 allowed the case
to proceed
A finding of standing in a class action can result in
significant liability• In re: Target Data Breach Litigation:
court
found consumers had standing; Target quickly settled out for $10
million with consumer class and more than $50 million with
Visa/MasterCard issuing banks
• Estimated that Target spent $300 million on breach response
and litigation costs
U.S. Court of Appeals for the Third Circuit presently
considering Storm et al. v. Paytime, Inc.
Pennsylvania’s Superior Court recently heard oral argument in
Dittman v. UPMC
-
Central Pennsylvania Business Leaders Summit / 102
AVOIDING LIABILITY FOR DATA BREACHES
McNees counsels clients to be "compromise ready"• Assessment:
proactive risk & security
monitoring• Protection: security policies
• Training for Staff
• Response Planning• Outside Counsel and IT Vendors
• Risk Transfer• Cyber insurance policies• Vendor contracts
• Limitations of liability• Indemnification
Risk & Security Assessments• What data exists? Where? Who
has access?
What safeguards? What laws are applicable?• Penetration testing
& compromise
assessments • Assess security of the resources,
susceptibility
to attacks in any number of areas • Penetration testing –
attempting to gain access
to your own systems through unapproved means.
• Vulnerability Testing – identifying areas that may be
vulnerable to an attack
-
Central Pennsylvania Business Leaders Summit / 103
AVOIDING LIABILITY FOR DATA BREACHES
Data Security Policies• Designate a senior responsible person
to
coordinate data security efforts• Policy elements to address
compliance with
all applicable laws• Regulate the handling, storage, and
protection
of PII and confidential business information• Limit access to
records to employees• Incorporation of other
policies/procedures
• Electronic Resources policies, BYOD policies, etc.
Data Security Policies• Procedures for IT staff support
• Proactive security: anti-virus, anti-spyware, firewalls,
monitoring, patching, encryption
• Backup and disaster recovery plans• Review of vendors and use
of cloud technology• Limit use of unencrypted information and
portable devices/storage media• Continue and upgrade regular
training modules
-
Central Pennsylvania Business Leaders Summit / 104
AVOIDING LIABILITY FOR DATA BREACHES
Data Security Policies• Require training and impose
disciplinary
steps• Start simple: explain the ramifications of
a data breach; start with the basics (password policies, risks
of opening emails)
• Impose rules for various documents (access controls) based on
sensitivity
• Signed acknowledgment of responsibility• Do your employment
agreements need to
be updated?
Data Breach Response Plans• Designate key decision makers,
including
board of directors, key employees, inside legal, outside
counsel, IT staff, and IT vendors • Get together the incident
response “team” and
practice• Identify and include outside counsel and IT
vendors in advance to preserve privilege throughout any incident
response
-
Central Pennsylvania Business Leaders Summit / 105
AVOIDING LIABILITY FOR DATA BREACHES
Data Breach Response Plans• Provide a decision tree
addressing:
contacting outside counsel; investigating and remediating the
breach; determining notification obligations; documenting response
steps; contacting law enforcement; addressing public relations
Data Breach Response Plans• Five Stages For Data Breach
Response
1. Verification of the breach• Forensic investigator to conduct
forensic
investigation2. Containment and mitigation3. Investigation and
analysis
• Qualified security assessment• McNees has IT vendors to which
we can refer
these stages of work and can coordinate the forensic response as
necessary
4. Notification of required parties• State data breach
notification laws• Coordinate with FBI, Secret Service, local
police as necessary5. Post-response review to improve
processes
-
Central Pennsylvania Business Leaders Summit / 106
AVOIDING LIABILITY FOR DATA BREACHES
Risk Transfer• Cyber Insurance
• Traditional insurance coverage is inadequate: insurance
industry denies coverage claims related to cyber attacks under
traditional insurance policies
• Cyber liability policies will cover the costs of forensic
analysis, repair of systems, data breach notifications, offers of
credit monitoring, and, if necessary, legal defense of claims
arising from a breach. • Application process is critical • Aimed at
assessing an applicant's cyber-
related exposures and IT security practices• Claims will be
denied if inaccurate or
fraudulent data is supplied on application
Risk Transfer• Vendor Contracts
• Indemnification• Limitations on liability
• Any potential liability pursuant to contract should be matched
with cyber insurance coverage
• 35% of security violations involve contracted third parties
(call centers, IT consultants)
• Include protections in contracts before permitting access to
physical office spaces, computer systems, or stored information,
and attempt to negotiate indemnification for any negligence (or
intentional acts) that expose data
-
Central Pennsylvania Business Leaders Summit / 107
QUESTIONS?
-
Central Pennsylvania Business Leaders Summit / 108
MCNEES’S PRIVACY & DATA SECURITY PRACTICE GROUP
We develop data security policies and procedures in compliance
with laws and industry standards
We assist clients in meeting their legal obligations and
avoiding liability when a data breach occurs
Collaborative multi-disciplinary team with varying
specialties
Includes attorneys with backgrounds in litigation, business
counseling, financial services, intellectual property, and health
care practices
-
Central Pennsylvania Business Leaders Summit / 109
CYBERSECURITY: WHAT COMPANIES SHOULD BE DOING TO
PREPAREChristopher Mellen, BDO Consulting Director, BDO USA,
LLP
-
Central Pennsylvania Business Leaders Summit / 110
WITH YOU TODAY
CHRISTOPHER MELLEN
BDO Consulting Director
+1 215-636-5589 [email protected]
-
Central Pennsylvania Business Leaders Summit / 111
AGENDA
Today’s Landscape Cybersecurity Risk Management Overview
Understanding Your Risk Regulatory Requirements Cybersecurity
Mitigation Conclusion
-
Central Pennsylvania Business Leaders Summit / 112
TODAY’S LANDSCAPE
-
Central Pennsylvania Business Leaders Summit / 113
CYBERSECURITY TODAY
Internal actors were responsible for
43% of data loss, half of which is intentional, half
accidental.
This year, companies that haddata breaches involving less than
10,000 records, the average cost of data breach
was $4.9 million and those companies with the loss or theft of
more than 50,000 records had a cost of data
breach of $13.1 million.
2016 Data Breach Study: United States, Benchmark research
sponsored by IBM Independently conducted by Ponemon Institute
LLCJune 2016
Intel Security Report, Grand Theft Data: Data exfiltration
study: Actors, tactics, and detection
-
Central Pennsylvania Business Leaders Summit / 114
CYBERSECURITY TODAY
Intel Security Report, Grand Theft Data: Data exfiltration
study: Actors, tactics, and detectionIntel Security Report,
Dissecting the Top Five Network Attack Methods: A Thief’s
Perspective
-
Central Pennsylvania Business Leaders Summit / 115
CYBERSECURITY TODAY
1.5 million Cyber attacks each year(approx. 4,000 per day)
16,856 Cyber attacks on businesses each year
$2.1 trillion Predicted global cost of data
breaches by 2019
$1 trillion+Predicted global spending on
cybersecurity 2017-2021
$74 billion Current annual spending on
cybersecurity
500 million Yahoo user accounts
hacked
AGC New York, “Keeping Your Transactions Safe”
-
Central Pennsylvania Business Leaders Summit / 116
CYBER INTRUSIONS INCREASING
Rate of breaches increasing since 2005
Cross-industry impact: healthcare, retail, insurance,
technology, financial services
Multiple types of breaches/threats
Hottest breaches – phishing and ransomware
-
Central Pennsylvania Business Leaders Summit / 117
LIVE THREAT MAP
-
Central Pennsylvania Business Leaders Summit / 118
CYBERSECURITY RISK MANAGEMENT OVERVIEW
-
Central Pennsylvania Business Leaders Summit / 119
WHAT IS “CYBERSECURITY RISK MANAGEMENT PROGRAM”?
Integrated set of policies, processes, technologies and controls
that minimize vulnerabilities and protect against threat to
support
Confidentiality – information kept private and secure
Integrity – data not inappropriately modified, deleted or
added
Availability – systems/information available to whom requires
them
-
Central Pennsylvania Business Leaders Summit / 120
A HOLISTIC APPROACH
-
Central Pennsylvania Business Leaders Summit / 121
UNDERSTANDING YOUR RISK
-
Central Pennsylvania Business Leaders Summit / 122
A set of scenarios based on impacts to Assets by potential
Threats and their ability to leverage Vulnerabilities
-
Central Pennsylvania Business Leaders Summit / 123
Three Principles of Digital Asset Valuation
1. Consider who gets value from the asset2. Understand the role
your digital assets play in creating economic value / generating
revenue3. Look forward – valuing your digital assets requires an
outward view (previously invested costs to
create the asset are “sunk”)
Understanding the Value of Digital Assets
Intrinsic – Critical element that allows the digital asset to
exist in the first place (e.g. the person, binary data, physical
object, legal contract etc.)
Extrinsic – Opportunities to leverage the digital asset making
it more useful to prospective users Sum it up – Metadata defines
the extrinsic value of your digital assets, informing their
value
-
Central Pennsylvania Business Leaders Summit / 124
Identify
PlanClassify
Act
Create classification framework
Develop protection profiles
Review and analyze report(s)
Readjust framework and re-classify data as needed
Data assets Data custodians
-
Central Pennsylvania Business Leaders Summit / 125
MOTIVATIONS AND INCENTIVES
-
Central Pennsylvania Business Leaders Summit / 126
VULNERABILITIES
-
Central Pennsylvania Business Leaders Summit / 127
REGULATORY REQUIREMENTS
-
Central Pennsylvania Business Leaders Summit / 128
Laws imposing civil or criminal liability for hacking
Laws requiring implementation of security measures
Contractual duties re: security and/or breach notification
Regulator enforcement consent decrees, and related
requirements
Laws requiring notification of security breaches
Regulator and industry standards, guidelines, and frameworks
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCM3ZvfSt6sYCFQsckAodRncEXw&url=http://money.cnn.com/2013/11/11/technology/security/fight-hackers/&ei=kkCtVc3ILou4wATG7pH4BQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHaCSJDJZ2j0Dpdd0a5kNhV4U5sQA&ust=1437503691092566http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCM3ZvfSt6sYCFQsckAodRncEXw&url=http://money.cnn.com/2013/11/11/technology/security/fight-hackers/&ei=kkCtVc3ILou4wATG7pH4BQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHaCSJDJZ2j0Dpdd0a5kNhV4U5sQA&ust=1437503691092566http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCPKB_YOu6sYCFcGUkAodWooF7w&url=http://www.tech-coffee.net/category/security/&ei=s0CtVbLcD8GpwgTalJb4Dg&bvm=bv.98197061,d.Y2I&psig=AFQjCNE2M-bwvagVSsMVX5MzCGyu_reynw&ust=1437504046206052http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCPKB_YOu6sYCFcGUkAodWooF7w&url=http://www.tech-coffee.net/category/security/&ei=s0CtVbLcD8GpwgTalJb4Dg&bvm=bv.98197061,d.Y2I&psig=AFQjCNE2M-bwvagVSsMVX5MzCGyu_reynw&ust=1437504046206052http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMylkqyu6sYCFQeTDQodGBcAWA&url=http://www.afscmelocal88.org/2014/11/tentative-agreement-reached-on-contract/&ei=B0GtVYyGHoemNpiugMAF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHwU8Rnqlsjh1suCpm_IzHFT3akjA&ust=1437504120413500http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMylkqyu6sYCFQeTDQodGBcAWA&url=http://www.afscmelocal88.org/2014/11/tentative-agreement-reached-on-contract/&ei=B0GtVYyGHoemNpiugMAF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHwU8Rnqlsjh1suCpm_IzHFT3akjA&ust=1437504120413500https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRxqFQoTCKyGtuav6sYCFYOggAodkv4GWA&url=https://commons.wikimedia.org/wiki/File:US-SecuritiesAndExchangeCommission-Seal.svg&ei=jkKtVayHCYPBggSS_ZvABQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNFoK9wjlRS0ndk3XAJw4yy7P2fngA&ust=1437504514530595https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRxqFQoTCKyGtuav6sYCFYOggAodkv4GWA&url=https://commons.wikimedia.org/wiki/File:US-SecuritiesAndExchangeCommission-Seal.svg&ei=jkKtVayHCYPBggSS_ZvABQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNFoK9wjlRS0ndk3XAJw4yy7P2fngA&ust=1437504514530595https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCN34rJau6sYCFQPigAodCfoASA&url=https://www.iconfinder.com/icons/46847/mailbox_postbox_icon&ei=2UCtVZ2oMIPEgwSJ9IPABA&bvm=bv.98197061,d.Y2I&psig=AFQjCNHOsZGfVp7-C705POZOTk6Ndkxyzw&ust=1437504082161540https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCN34rJau6sYCFQPigAodCfoASA&url=https://www.iconfinder.com/icons/46847/mailbox_postbox_icon&ei=2UCtVZ2oMIPEgwSJ9IPABA&bvm=bv.98197061,d.Y2I&psig=AFQjCNHOsZGfVp7-C705POZOTk6Ndkxyzw&ust=1437504082161540http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=&url=http://www.clker.com/clipart-envelope.html&ei=CEKtVb-BKMfFwATuibjwBQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHj9V3SdDxMWYJkaYW5C9aXuPPH3g&ust=1437504392899852http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=&url=http://www.clker.com/clipart-envelope.html&ei=CEKtVb-BKMfFwATuibjwBQ&bvm=bv.98197061,d.Y2I&psig=AFQjCNHj9V3SdDxMWYJkaYW5C9aXuPPH3g&ust=1437504392899852http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLry6eOu6sYCFcmVDQodYLQAWQ&url=http://mindfulsecurity.com/2009/02/03/policies-standards-and-guidelines/&ei=fEGtVbrEEMmrNuDogsgF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHLzMpvbMgiR1ziDMTTBrY2jWmHDQ&ust=1437504242473432http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLry6eOu6sYCFcmVDQodYLQAWQ&url=http://mindfulsecurity.com/2009/02/03/policies-standards-and-guidelines/&ei=fEGtVbrEEMmrNuDogsgF&bvm=bv.98197061,d.Y2I&psig=AFQjCNHLzMpvbMgiR1ziDMTTBrY2jWmHDQ&ust=1437504242473432
-
Central Pennsylvania Business Leaders Summit / 129
KEY GUIDANCE PROVIDED
-
Central Pennsylvania Business Leaders Summit / 130
EXISTING AND FORTHCOMING GUIDANCE
Presidential Policy Directive (PPD) on Cyber Incident
Coordination
FinCen FAQs on Customer Due Diligence Requirements for Financial
Institutions
Proposed Cybersecurity Disclosure Act of 2015
BDO along with the other Big 8 Audit Firms have been working
with AICPA as part of the ASEC Cybersecurity Working Group to
develop the Cybersecurity Attestation Guideline which will
establish a new audit service in the market place.
-
Central Pennsylvania Business Leaders Summit / 131
CYBERSECURITY MITIGATION
-
Central Pennsylvania Business Leaders Summit / 132
BDO CYBERSECURITY FRAMEWORK
-
Central Pennsylvania Business Leaders Summit / 133
LIFE CYCLE OF DATA PRIVACY AND PROTECTION
Creation / Collection
Storage
UseDuration
Disposition
-
Central Pennsylvania Business Leaders Summit / 134
INCIDENT RESPONSE
IDENTIFICATION CONTAINMENT ERADICATION RECOVERY LESSONS
LEARNED
Location of the incident
How was it discovered?
Other areas compromised?
Scope of the impact
Have sources been identified?
Business impact
Short-term containment (is problem isolated / are systems
isolated?)
System-backup (evidence collection, imaging)
Long-term containment (system off-line)
INCIDENT RESPONSE AND REMEDIATION
Re-image and update patches, harden system(s)
Removal of malware and artifacts from system(s)
When can system(s) come back online?
Have systems been prepared to thwart future attacks?
What testing, monitoring solutions are going to be used for
future?
How can we prevent this in the future?
Incident Report • Who?• What?• Why?• How?• Where?• When?
Implement Preventative Measures
-
Central Pennsylvania Business Leaders Summit / 135
CYBER INSURANCE
Once the risk profile is determined and a Cybersecurity program
has been established, there is a need to understand residual risk
and transferring part of it to insurance. Cybersecurity insurance
allows companies to transfer part of their residual financial and
legal risk.
Key Policy & Process IT Security Policy and Operational Plan
Incident Response and Business Continuity Plans Understanding of
ongoing IT security initiatives Relevant current insurance policies
(e.g.,
property, cyber)
Interviews Cybersecurity Legal Counsel Risk Management
Information Technology
Outcomes Initial observations Recommendations for
improvements
Discovery & Analysis
Scenario Development Based on the Discovery phase, develop
appropriate Cybersecurity scenarios to test
Typical Costs Digital investigation, containment and
eradication costs Crisis Management Notification Costs Credit
Monitoring Restoration of data Settlements and judgments Defense
costs Punitive costs Business interruption Internal Labor costs
Overhead Lost productivity
Test & Document Identify exposures and costs associated
with
Cybersecurity events and breaches
Scenario Testing
Residual Risk Develop understanding of residual risk and
probability to provide underwriters with appropriate
information
Determine if progress over the last 12 months has made material
impact to reducing the probability of an event/breach to occur
Draft claim protocols and best practices following a cyber
breach and the insurance claim process
Reevaluate the policies and procedures that had been reviewed in
Phase I and also assess if additional procedures need to be
developed.
Insurance Plan
-
Central Pennsylvania Business Leaders Summit / 136
CONCLUSION
-
Central Pennsylvania Business Leaders Summit / 137
BDO’S CYBERSECURITY SERVICES
Cyber Risk Management Strategy & Program Design
Cyber Risk Assessment & Security Testing
Data Privacy & Protection
Security Architecture & Transformation
Incident Response Planning
Business Continuity Planning & Disaster Recovery
Digital Forensics & Cyber Investigations
Cyber Insurance Claim Preparation & Coverage Adequacy
Evaluation
-
Central Pennsylvania Business Leaders Summit / 138
SPEAKER BIO
CHRISTOPHER MELLENBDO Consulting Director
Direct: +1 215-636-5589 [email protected]
Christopher Mellen is a Director in BDO Consulting’s Technology
Advisory Services practice, leading data privacy and protection
with more than 20 years of experience serving in the United States
government and the private sector in various roles in Information
Security with top secret clearance. Christopher also has a strong
financial services background.
Previously the Director of Information Risk Management of the
Executive Office of the President of the United States of America,
Christopher was responsible for assisting the CIO with the overall
leadership, IT policy and procedures, and management of EOP-wide
information security. He has significant experience with SOCs,
threat intelligence, Identity Access Management (IAM), including
mainframe security administration (ACF2), active directory
administration, CyberArk (Password vaulting) and Oracle Identity
Manager (OIM) administration.
Prior to joining BDO, Christopher was an SVP for Strategic
Security Initiatives, Information Security for PNC Financial
Services Group, and Director of Professional Services at SAIC.
Christopher is an experienced consultant in technology companies
including AccessData, Guidance Software and DDK Technology Group.
He is also a veteran of the United States Marine Corps.
-
Central Pennsylvania Business Leaders Summit / 139
RECENT DEVELOPMENTS IN EMPLOYMENT LAW THAT EVERY EMPLOYER SHOULD
BE AWARE OFEric Athey, Labor & Employment Member and Co-Chair,
McNees Wallace & Nurick LLC
-
Central Pennsylvania Business Leaders Summit / 140
REGULATORY UPDATE: BRIEF OVERVIEW OF FINAL FLSA REGULATIONS
Significant increase to $455 weekly minimum salary requirement•
$913 a week or $47,476 a year beginning December 1, 2016• Automatic
annual updates to minimum salary requirement every three years to
reflect• Number of salaried employees currently qualifying for
white-collar OT exemptions will decrease by
over 50%
Increased total annual compensation requirement needed to exempt
highly compensated employees to $134,004
No Changes to Duties Tests
-
Central Pennsylvania Business Leaders Summit / 141
TAKEAWAYS
Let's look on the bright side
Will give HR and in-house counsel opportunity to make issue a
compliance priority Will give employers "cover" to make changes to
employees' exempt status without
conceding potential misclassification Prospective conversion to
non-exempt status does not automatically mean greater wage
costs• Can be managed
-
Central Pennsylvania Business Leaders Summit / 142
REGULATORY UPDATE: THE NEW PROTECTED CLASSES
Oncale v. Sundowner Offshore Svcs., (S. Ct. 1998): recognition
that same sex sexual harassment is unlawful under Title VII
7/16/15: EEOC rules that denial of promotion based on sexual
orientation is equivalent to sex discrimination under Title VII
-
Central Pennsylvania Business Leaders Summit / 143
REGULATORY UPDATE: THE NEW PROTECTED CLASSES
3/1/16: EEOC files two federal lawsuits alleging unlawful sexual
orientation discrimination on the part of Scott Medical Center (PA)
and Pallet Cos. (MD)
Pallet Cos. settled for $202,200 in June 2016
What will the court do with Scott Medical Center? (Oncale vs.
Legislature)
-
Central Pennsylvania Business Leaders Summit / 144
TAKEAWAYS
Gender identity and orientation issues are not new
28 states have employment laws relating to gender ID or sexual
orientation
Federal contractors may not discriminate based on gender ID or
sexual orientation
Title VII link is gender stereotyping
-
Central Pennsylvania Business Leaders Summit / 145
REGULATORY UPDATE: MANDATORY PAID SICK LEAVE RULES
OFCCP final rules issued September 2016; take effect June
2017
7 days of paid leave for own illness, doctor’s appointments,
sick family absences, absences related to domestic violence
Narrower than expected: impacts only Procurement construction
contracts under Davis Bacon Service contracts covered by Service
Contract Act Concessions contracts on federal property Contracts in
connection with land or property leases
-
Central Pennsylvania Business Leaders Summit / 146
WHAT'S NEXT: MEDICAL MARIJUANA IN PENNSYLVANIA
Medical marijuana law effective May 17, 2016
Legalizes the use of marijuana for certain enumerated medical
conditions
Requires medical certification
-
Central Pennsylvania Business Leaders Summit / 147
WHAT'S NEXT: MEDICAL MARIJUANA IN PENNSYLVANIA
Employment Provisions
Anti-discrimination and retaliation provisions for certified
users Does not require accommodation for use on the premises or
property of the employer Permits discipline for those "under the
influence" in the workplace Permits discipline where use causes
employee's performance to "fall below the standard
of care normally accepted" for the position Prohibits employees
from performing safety sensitive jobs
-
Central Pennsylvania Business Leaders Summit / 148
WHAT'S NEXT: MEDICAL MARIJUANA IN PENNSYLVANIA
Employment Provisions
Anti-discrimination and retaliation provisions for certified
users Does not require accommodation for use on the premises or
property of the employer Permits discipline for those "under the
influence" in the workplace Permits discipline where use causes
employee's performance to "fall below the standard
of care normally accepted" for the position Prohibits employees
from performing safety sensitive jobs
-
Central Pennsylvania Business Leaders Summit / 149
WHAT'S NEXT: MEDICAL MARIJUANA IN PENNSYLVANIA
Law was effective May 17, but . . .
Unclear when dispensaries will be up and running Unclear when
certifications will be issued
Regulations with additional guidance to be issued
What constitutes under the influence? Who decides? What about
medical marijuana use prescribed out of state?
-
Central Pennsylvania Business Leaders Summit / 150
WHAT'S NEXT: MEDICAL MARIJUANA IN PENNSYLVANIA
Looking ahead, policies may need to be updated
Anti-discrimination and retaliation policies Americans with
Disabilities Act policy? Drug and Alcohol testing policies?
-
Central Pennsylvania Business Leaders Summit / 151
WHAT'S NEXT: JOINT EMPLOYER STATUS FOR EVERYONE
Faush v. Tuesday Morning, Inc.Retail employer utilized service
of temporary staffing agency to provide temporary employees from
time-to-time
African American temps assigned back room cleaning work
allegedly due to theft concerns
Temp terminated shortly after complaining
-
Central Pennsylvania Business Leaders Summit / 152
WHAT'S NEXT: JOINT EMPLOYER STATUS FOR EVERYONE
Faush v. Tuesday Morning, Inc.Temp brings claim against
temporary staffing agency and retailer
Retailer objects: temps are not our "employees" under Title
VII
-
Central Pennsylvania Business Leaders Summit / 153
WHAT'S NEXT: JOINT EMPLOYER STATUS FOR EVERYONE
Faush v. Tuesday Morning, Inc. (3rd Cir. 2015):Factors for
"joint employment" status:
Supervision, determining and paying wages, skill required for
job, location of work, right of company to assign additional
projects, duration of relationship, method of payment, employee
benefits
-
Central Pennsylvania Business Leaders Summit / 154
WHAT'S NEXT: JOINT EMPLOYER STATUS FOR EVERYONE
Faush v. Tuesday Morning, Inc. (3rd Cir. 2015):Joint employment
exists here because:
Company indirectly pays wages; Company can demand replacement
workers; Company assigned and supervised workers; Company provided
all training and equipment; Company set work schedule
-
Central Pennsylvania Business Leaders Summit / 155
TAKEAWAYS
Joint employer status is becoming the focus of many state and
federal agencies and plaintiff's counsel
NLRB, DOL, EEOC, etc.
Could arise in a number of situations:
Temporary employees, contractors, etc.
A contract alone will not win the day: all facts and
circumstances will be evaluatedNow is the time to conduct the
cost-benefit analysis
-
Central Pennsylvania Business Leaders Summit / 156
WHAT'S NEXT: NEW WAYS A MOBILE PHONE WILL GET EMPLOYEES IN
TROUBLE
Commonwealth v. SpenceAn employee is called into the office to
talk to his boss about an ethics complaint that he made
He sees the complaint on the desk and activates the "Voice
Notes" app on his IPhone
-
Central Pennsylvania Business Leaders Summit / 157
WHAT'S NEXT: NEW WAYS A MOBILE PHONE WILL GET EMPLOYEES IN
TROUBLE
Commonwealth v. SpenceThe boss finds out and the employee is
charged with violating the Pennsylvania Wiretap Act
The employee files a motion to have charges dismissed
-
Central Pennsylvania Business Leaders Summit / 158
WHAT'S NEXT: NEW WAYS A MOBILE PHONE WILL GET EMPLOYEES IN
TROUBLE
The trial court held that the recording was lawful because the
recording fell within the telephone exemption to the Wiretap
Act
On appeal, the Superior Court held that the recording was
unlawful, because the result, the surreptitious recording, was the
same no matter the type of recording device utilized
-
Central Pennsylvania Business Leaders Summit / 159
WHAT'S NEXT: NEW WAYS A MOBILE PHONE WILL GET EMPLOYEES IN
TROUBLE
As a result, the employee's conduct did in fact violate the
Wiretap Act
Further appeal expected
Stay tuned on our blog!
-
Central Pennsylvania Business Leaders Summit / 160
CASE LAW UPDATE: WRONGFUL DISCHARGE?
Stewart v. Fed Ex (Pa. Super 2015):Facts: Company policy
prohibits weapons "on company property“
Employee has license to carry firearm
Co-worker discovers Employee's pistol in glove compartment of
Employee's car (while on Company property) and Employee is
terminated
-
Central Pennsylvania Business Leaders Summit / 161
TAKEAWAYS
2nd Amendment applies only against government Public Sector
caveat
20 states have laws protecting employees' rights to store in
vehicles
Employers free to enforce rule in Pennsylvania
-
Central Pennsylvania Business Leaders Summit / 162
QUESTIONS?
Visit us:
www.palaborandemploymentblog.com
-
Central Pennsylvania Business Leaders Summit / 163
BDO is the brand name for BDO USA, LLP, a U.S. professional
services firm providing assurance, tax, advisory and consulting
services to a wide range of publicly traded and privately held
companies. BDO USA, LLP, a Delaware limited liability partnership,
is the U.S. member of BDO International Limited, a UK company
limited by guarantee, and forms part of the international BDO
network of independent member firms. BDO is the brand name for the
BDO network and for each of the BDO Member Firms. For more
information please visit: www.bdo.com.
Material discussed is meant to provide general information and
should not be acted on without professional advice tailored to your
firm’s individual needs.
© 2016 BDO USA, LLP. All rights reserved.
Central pennsylvania�business leaders summitUpcoming eventsEvent
DetailsMERGERS & ACQUISITIONS��Joseph Burke, Transaction
Advisory Services Partner, BDO USA, LLP� �Nicole Stezar
Kaylor, Of Counsel, McNees Wallace & Nurick LLC��Bob McCormack,
Founder & Managing Partner, Murphy McCormack Capital
Advisors� �Moderator: Michael Hund, Member, McNees Wallace
& Nurick LLC�ARE YOU PREPARED TO TRANSITION YOUR
BUSINESS?��Vance Antonacci, Member, McNees Wallace & Nurick
LLC��Joe Burke, Transaction Advisory Services Partner, BDO USA,
LLP��Katie Smarilli, Partner, Murphy McCormack Capital
AdvisorsagendaKey Business Transition Facts�Key Business Transition
Facts (continued)�Consider Your Transition Options Now�Plan for
unexpected contingencies�Have you Protected your FAMILY’s
WEALTH�PREPARATION TO MAXIMIZE VALUE�Building value10 Steps You
Should Take Now �to Prepare for Transitioning Your Business#1 -
Getting Started -“Taking Stock”�#2 – Know The value of your
company�#2 – Know The value of your company�#3 – Will your
leadership team transfer the value of your company?�#4 - Quality
Financial Reporting�#5 - Articulate a Strategy for the future of
your company�#6 - Customer Concentrations�#7 - Working Capital�#8 -
Capital Expenditures�#9 – IS your ‘house’ in order?�# 10 - Family
Issues�Understanding The Choices��LUNCH & KEYNOTE
PRESENTATIONTHE IMPACT OF THE ELECTION IN THE ECONOMY��Matías
Vernengo, Economics Professor, Bucknell University; Co-editor of
the Review of Keynesian Economics�Plan of the talkSlow recovery and
stagnationEmployment recoveryFiscal austerityUnemploymentCivilian
Employment-Population RatioExternal balancespolicy plans and
implementationSecular stagnation�FEDERAL TAX POLICY And legislative
UPDATE��Kevin Anderson, National Tax Partner, BDO USA,
LLP��AgendaFEDERAL TAX UPDATE�Recently Enacted Tax
Legislation�Protecting Americans From Tax Hikes Act of 2015 (“PATH
Act”)PATH Act/Revenue ImplicationsPATH Act/Research and Development
CreditPATH Act/Bonus DepreciationPATH Act/Bonus Depreciation
(Cont’d)PATH Act/Other Depreciation ProvisionsPATH Act/Other
Business ProvisionsPATH Act/Other Business Provisions (Cont’d)PATH
Act/Individual ProvisionsPATH Act/Individual ProvisionsOther
Enacted Tax LegislationOther Enacted Tax Legislation
(Cont’d)FEDERAL TAX UPDATE�Other Legislative Activity�The
Appropriations CalendarCongress and the