Author Archives Ann Caresani

About Ann Caresani

Ann Caresani focuses her practice on employee benefits, ERISA, ESOPs, and executive compensation. She counsels employers on the design, administration, and termination of their employee benefit programs, including tax-qualified retirement plans, health and welfare plans, and executive compensation arrangements.

Yahoo’s data breach costs general counsel his job

Posted By
on March 3, 2017
Comments Off on Yahoo’s data breach costs general counsel his job

Well this is unsettling – the person responsible for the massive data breaches at Yahoo was its general counsel? CorporateCounsel speculates about what this means for in-house counsel: are their jobs at risk over cybersecurity? And I wonder – what if a company does not have in-house counsel, or has turnover in IT? Who else will be held accountable for data breaches?

Various privacy laws are potentially applicable to businesses, employers and sponsors of employee benefit plans, not the least of which is the Health Insurance Portability and Accountability Act (HIPAA). While the specifics of the laws vary, certain basic principles apply across the board. One key principle is that security incidents do not arrive packaged with a pretty bow, and a notice stating “hundreds of millions of your user accounts were just affected.” Incidents can appear innocuous or minor until fully investigated, and it may be challenging to draw distinctions between business decisions and legal decisions. The committee that reviewed the Yahoo matters concluded that the relevant legal staff had sufficient information to warrant substantial further inquiry, but failed to do so. Subsequently, general counsel resigned.

Anyone who could possibly be held accountable for the handling of data breaches should be asking tough questions about data security practices and procedures, including the incident response plan. Don’t know what an incident response plan is, and who is responsible for it? It’s time to find out.  It costs a lot less to work with your privacy and data security attorneys to establish good practices and procedures than it does to deal with the aftermath of a hack and insufficient investigation, and your job may depend on it.

Read More

ERISA Express Preemption Superpower Beats Iowa Pharmacy Benefits Manager Law

Posted By
on January 23, 2017
Comments Off on ERISA Express Preemption Superpower Beats Iowa Pharmacy Benefits Manager Law

Last year, the U.S. Supreme Court gave ERISA’s express preemption provision back its superpower, in Gobeille v. Liberty Mutual Insurance Company. This year, in Pharmaceutical Care Management Association v. Gerhart, the Eighth Circuit applied Gobeille to reverse the dismissal of the claims of the pharmacy benefits manager (“PBM”) association. Ruling in the association’s favor, the Court held that ERISA expressly preempts an Iowa law that imposes substantial regulations on PBMs operating in Iowa.

Read More

Employee Benefit Plan Limits – Reference Chart for 2017 and Prior Cost-of-Living Adjustments

Posted By
on November 9, 2016
Comments Off on Employee Benefit Plan Limits – Reference Chart for 2017 and Prior Cost-of-Living Adjustments

The Internal Revenue Code sets forth various dollar limitations on benefits, contributions, compensation under employee benefit plans. The IRS has announced limits for 2017 tax years, with few changes from 2016. For your reference, the Summary of Employee Benefit Plan Limitations – 2017 summarizes these dollar limitations, as modified by the IRS for cost-of-living adjustments, for 2017 and prior years.

Read More

SHRM Online Quotes Ann Caresani on Preapproved Retirement Plans

Posted By
on April 15, 2016
Comments Off on SHRM Online Quotes Ann Caresani on Preapproved Retirement Plans

pixabay_clock-650753_1280_cropped2Tick tock: April 30, 2016 is the deadline for restatement of many retirement plans. If you maintain a defined contribution plan that was preapproved by the IRS and adopted before January 1, 2016, and you haven’t signed (or even seen) your restatement, you need to check with your document provider. If you maintain a plan and don’t know whether it falls within this category, we encourage you to ask the question. 

On April 13, Ann Caresani was quoted in “Deadline for Updating Preapproved Retirement Plans Draws Near,” published on SHRM Online, regarding preapproved retirement plans and the importance of reviewing restatement documents carefully.

Read More

Defined Benefit Pension Plans: Hungry Octopus Just Took a $4.5 Million Bite out of Private Equity (Sun Capital)

Posted By
on April 11, 2016
Comments Off on Defined Benefit Pension Plans: Hungry Octopus Just Took a $4.5 Million Bite out of Private Equity (Sun Capital)

10813650_croppedWhen asked to explain a defined benefit pension plan and its risks to a business owner or new potential investor, I compare it to the beautiful yet predatory octopus.  Octopuses are known for their intelligence, their ability to squeeze into small spaces, their ability to blend into their surroundings, their jet propulsion, and their ability to release a cloud of black ink that allows them to escape to live to see another day. An octopus catches prey with its arms, and kills prey by biting it with its tough beak, paralyzing the prey with a nerve poison. As carnivores, they eat a variety of prey, even prey with very tough shells. A distressed octopus may eat its own arm.

Read More

DOL Final Rule: ‘Fiduciary’ Definition; Conflict of Interest Rule for Retirement Investment Advice

Posted By
on April 7, 2016
Comments Off on DOL Final Rule: ‘Fiduciary’ Definition; Conflict of Interest Rule for Retirement Investment Advice

The Department of Labor has rolled out its final ERISA fiduciary rule and related guidance, and our friends at BenefitsLink.com have done a great job aggregating links to 1,045 pages of regulations and other documentation.  Not a typo: 1,045 pages.  Click to link here.

Of course we will have plenty to say about the new guidance, and what it means to you.  But first, we have a little light reading to do.

 

 

Read More

The Next PPACA Constitutional Hurdle: Employer Due Process vs. Taxpayer Privacy

Posted By
on March 10, 2016
Comments Off on The Next PPACA Constitutional Hurdle: Employer Due Process vs. Taxpayer Privacy

iStock_000006193434_SmallThe Patient Protection and Affordable Care Act (“PPACA”), on its face, acknowledges a constitutional issue with employer shared responsibility: protecting employers’ due process rights, while protecting employees’ taxpayer privacy rights. Recognizing the potential enormity of this hurdle, the drafters directed the Secretary of the Department of Health and Human Services (“HHS”) to address this issue in a report to Congress by January 1, 2013, and to work with the Department of Treasury and other agencies to establish an advance notice and appeal process in compliance with employees’ and employers’ rights. HHS and the Department of Treasury have not cleared this hurdle, which may prevent the Department of Treasury from collecting employer shared responsibility excise taxes for failure to provide affordable coverage. Will HHS belatedly step up to resolve this issue, or will we be back in the U.S. Supreme Court? 

Read More

Ann Caresani Quoted in SHRM Online on Why the U.S. Supreme Court’s Decision on Vermont’s Health Care Data Reporting Statute is So Important

Posted By
on December 4, 2015
Comments Off on Ann Caresani Quoted in SHRM Online on Why the U.S. Supreme Court’s Decision on Vermont’s Health Care Data Reporting Statute is So Important

Ann Caresani was quoted in the Society for Human Resource Management (SHRM) on ERISA’s effect on the collection of health claims data. The U.S. Supreme Court heard oral arguments on December 2 in a case to decide if ERISA prohibits the state of Vermont from requiring self-insured health plans to submit claims data, a costly practice for both insurers and employers. 

Read More
  • Recent Decisions Shine Light on Employer Liability for Data Breaches of Employee Personal Information

    An employee improperly accesses his employer’s computer network and steals the names, birthdates, and social security numbers of his fellow employees to use for illegal financial gain. A criminal hacks into that same network for similar illegal purposes. Because employers regularly obtain, store, and use confidential employee personally identifiable information (“PII”) as part of their business operations, they are targets for this kind of activity. But what legal responsibility do employers have to their employees when PII is misappropriated by an employee, or stolen by hackers in a data breach? Two Pennsylvania courts have recently shined some light on this issue. In both cases, which involved large-scale data breaches affecting thousands of employees, the courts absolved the employers of any potential liability because either (1) they owed no duty in tort to their employees to protect PII against data breaches or (2) the employer had no express or implied contractual obligation to protect the PII.
    Read more

    HIPAA Phase 2 Audits Are Here. Are You Ready?

    Phase 2 of the U.S. Department of Health and Human Services Office for Civil Rights’ (“OCR”) HIPAA audit program is in process. Unlike OCR’s initial Phase 1 Pilot audits, which addressed only Covered Entities, Phase 2 also focuses on Business Associate compliance with HIPAA’s Privacy, Security, and Breach Notification Rules. These audits seek to enhance industry awareness of HIPAA compliance obligations and the information obtained will be used to develop OCR’s permanent audit program. All Covered Entities and Business Associates are eligible to be audited.
    Read more

    Yahoo’s data breach costs general counsel his job

    Well this is unsettling – the person responsible for the massive data breaches at Yahoo was its general counsel? CorporateCounsel speculates about what this means for in-house counsel: are their jobs at risk over cybersecurity? And I wonder – what if a company does not have in-house counsel, or has turnover in IT? Who else will be held accountable for data breaches? Various privacy laws are potentially applicable to businesses, employers and sponsors of employee benefit plans, not the least of which is the Health Insurance Portability and Accountability Act (HIPAA). While the specifics of the laws vary, certain basic principles apply across the board. One key principle is that security incidents do not arrive packaged with a pretty bow, and a notice stating “hundreds of millions of your user accounts were just affected.” Incidents can appear innocuous or minor until fully investigated, and it may be challenging to draw distinctions between business decisions and legal decisions. The committee that reviewed the Yahoo matters concluded that the relevant legal staff had sufficient information to warrant substantial further inquiry, but failed to do so. Subsequently, general counsel resigned. Anyone who could possibly be held accountable for the handling of data breaches should be asking tough questions about data security practices and procedures, including the incident response plan. Don’t know what an incident response plan is, and who is responsible for it? It’s time to find out.  It costs a lot less to work with your privacy and data security attorneys to establish good practices and procedures than it does to deal with the aftermath of a hack and insufficient investigation, and your job may depend on it.
    Read more

    ERISA Express Preemption Superpower Beats Iowa Pharmacy Benefits Manager Law

    Last year, the U.S. Supreme Court gave ERISA’s express preemption provision back its superpower, in Gobeille v. Liberty Mutual Insurance Company. This year, in Pharmaceutical Care Management Association v. Gerhart, the Eighth Circuit applied Gobeille to reverse the dismissal of the claims of the pharmacy benefits manager (“PBM”) association. Ruling in the association’s favor, the Court held that ERISA expressly preempts an Iowa law that imposes substantial regulations on PBMs operating in Iowa.
    Read more

    Department of Labor’s New Overtime Rule Blocked, For Now

    Late yesterday, a federal judge in Texas issued a nationwide injunction and blocked the U.S. Department of Labor’s (DOL) new federal overtime rule from taking effect on December 1. The new rule would have raised the minimum salary for most exempt employees from $23,660 to $47,476. The court granted a preliminary injunction requested by 21 states that claim the DOL exceeded its rulemaking authority by dramatically raising the salary threshold to more than double its prior level and by adding a provision that would allow for automatic adjustments to the salary threshold every three years. The preliminary injunction issued by the court is temporary and preserves the status quo under the existing overtime regulations until the court either makes a final decision regarding the DOL’s authority to implement the final rule or dissolves or modifies the injunction. For now, the minimum salary remains at $23,660. In a statement, the DOL defended the new regulations, stating that it was “considering all of our legal options” to respond to the setback.
    Read more