Category: The PT Law Blog

Posted on

Can Cuba Afford to Pay?

Forbes Magazine used to list both Castro brothers on its list of the top 100 richest people in the world. Forbes later removed the Castro brothers from the “Top 100” after the Cuban government objected, indicating those Swiss bank accounts in both Fidel and Raul’s names are held by the Castro brothers on “behalf of the Cuban people.”

The Paris Club recently announced that they are entering into negotiations with the Cuban government to restructure the $15 billion debt arising for a 1986 default by Cuba. Financial experts have opined that the Paris Club creditors believe Cuba and the US may normalize trade relations and would give Cuba more revenue to start paying the Paris Club.

The World bank estimates that Cuba’s GDP, based on its population of 11.38 million people and the last reported Cuban government figures of 2013, is estimated to be $77.15 billion. According to these statistics, the per capita income of $5,880; however, we know that this money is kept by the state and the government officials who run the Cuban economy.

To these facts we need to add the biggest fact of all, the lifting of the US embargo on Cuba. We need to remember that the US embargo was first created because Cuba refused to pay for taking American property. To this day Cuba still represents the largest taking of American property in the world. The bi-lateral negotiations will most likely include the US agreeing to lift the embargo if Cuba agrees to pay these certified claims, among other conditions that the Congress will likely require of such an arrangement.

Once that embargo is lifted, economic activity and trade in Cuba will increase and Cuba will be in a much better position to pay its debts. That being the case, if Cuba were unable to come up with all of the money to pay, Cuba could finance the $8 billion it needs to settle the American certified claims before lifting the embargo.

Even with the devastated state of the Cuban economy resulting from decades of central planning, according to Forbes, Cuba is still able to generate $8 billion a year from its medical industries. Once Cuba is free, the economy will generate a great deal of income from tourism, medicine research development, and much more.

There is no good reason for the US to settle for anything less than the full payment of the certified claims, with interest, just as the United States did with American claims against Vietnam and Germany. There is no reason to give Cuba a free ride. The world needs to see that Cuba is ready to rejoin the global arena of trading nations and that it is prepared to pay its bills and will keep doing so.

We should remember also that for the majority of those American families in Cuba 1959, they lost everything, and were completely devastated. They have been waiting for 55 years for justice and to be paid for what was taken from them. It is crucial for the world to see that the US will look out for its own people otherwise we will have a repeat of Cuba.

Posted on

Cyber Security Month

Every business needs to be proactive and make sure that customer data is safe and secure when it is stored and used electronically. The preliminary steps in this process include: 

  1. Assessing the type of information that you are storing;
  2. Developing a data privacy policy;
  3. Implementing the policy; and, 
  4. Review.

Assessing the information that you are storing requires you to evaluate the following issues, but not limited to: the type of information that you are storing; who needs to have access, whether to use encryption or passwords, how long will you need to have this information, and how will you destroy the information when it is no longer needed.

Developing a data privacy policy for your company is the next step. Developing a data privacy policy is more than corporate rules that answer the questions from the previous step. It needs to reflect the needs of your company and the technology that your company is using. You would need to be familiar with the applicable state and/or federal data privacy statutes and regulations. Finally, the data privacy policy needs to include the procedures that the company will take in the event that your company is hacked. 

The third step is the implementation of your policy. Implementation of your policy requires training. Also, a policy is of no use, if it is not followed. 

The fourth and final step is reviewing your data privacy policy. Reviewing your data policy should be done at least twice a year. The reason for this is not only technologies changing nature, but as your company grows, your data privacy needs will change with it. 

Although this may appear to be daunting, note that the average data breach costs a business $3.8 million dollars. Not only is it costly, but bad publicity does not help and can even generate reputational damage to a business.   

Learn more today how you can secure your customer data as well as how we can help you with developing or assessing your data privacy policies and procedures.

Posted on

Congressman Jeff Duncan Urges US Delegation to UN to Uphold US Sovereign Law

Chairman Duncan makes clear in his letter that it is the responsibility of the Obama Administration to uphold the laws of the United States and defend the Nation’s interests at the UN.

As a member of the Western Hemisphere Subcommittee, Duncan has participated in several hearings regarding the policy shift towards Cuba, and concludes that “the new Cuba policy has failed to extract any noteworthy, sustained concessions on democracy, human rights, or justice for the nearly 6,000 American claimants whose property was stolen by the Castro regime.”

Congressman Duncan’s letter can be found below or at his congressional website.

Posted on

Data Security and Breach Notification Act of 2015

  1. Who is covered by the legislation?
  2. What is personal data?
  3. What is the standard of care for data security?
  4. What happens when there is a breach?
  5. Which agency has jurisdiction?
  6. What about state notification laws?

Who Is Covered By The Legislation?

The legislation defines covered entities to include “all sole proprietorship, partnership, corporation, trust, estate, cooperative, associations, or other entities in or affecting commerce that acquires, maintain, stores, sells, or otherwise uses data in electronic form (i.e. computers, cloud, recordable tapes, and other electronic mass storage devices) that includes personal information over which the Federal Trade Commission has authority.” This includes common carriers and non-profit organizations.

The bill does provide an exemption for entities covered under Health Insurance Portability and Accountability Act (HIPAA) (45 CFR 160.163) and brokers, dealers, investment companies, investment adviser or persons engaged in providing insurance that are subject to Gramm-Leach-Bliley (GLBA) (15 U.S.C. 6801, et seq.)

What Is Personal Information?

Personal Information is “any information or compilation of information in electronic form that includes the following:

An individual’s first and last name or first initial and last name in combination with any one of the following data elements: driver’s license or passport number, or alien registration number.

Any two of the following: Home address or telephone number, Mother’s maiden name, Month, day, and year of one’s birth.

A financial account number, or credit card, or debit card number or other identifier, in combination with any security code, access code, or password that is required for an individual to obtain credit, withdraw funds, or engage in a financial transaction.

A unique account identifier, electronic identification number, biometric data unique to an individual, user name or routing code in combination with any associated security code, access code, biometric data unique to an individual or password that is required for an individual to obtain money, or purchase goods, services, or any other thing of value.

A non-truncated social security number.”

The bill also states that information that is encrypted or rendered unusable and information that is publically available (government records or a new publications) as not being classified as personal data.

What Is The Standard of Care For Data Security?

The proposed bill defines that an entity shall “implement and maintain reasonable security measures and practices to protect and secure personal information in electronic form against unauthorized access as appropriate for the size and complexity of such covered entity and the nature and scope of its activities.”

This standard of care will be determined on a case-by-case basis. It will focus not only on the industry practice, but also on the entities’ size and method of information storage. Also, note that the word “practice” has particular importance. Practice might include how an entity is proactive in reviewing its data security system. Having a security system in place without conducting any assessments will not protect you from liability if this bill becomes law.

Here is the link to a previous blog post addressing the issue of being proactive, Data Privacy – How Proactive Are You?

What Happens When There Is A Breach?

To answer this question we will need to address what a breach is? When will the notification take place? And how will the notification take place?

The statute describes a breach as a “compromise of the security, confidentiality, or integrity of, or loss of data in electronic form that a result in, or there is a reasonable basis to conclude…in the unauthorized access of personal information.”

Concerning the question of when the notification must take place, the bill states that the covered entity must notify the Federal Trade Commission of the breach, or the Secret Service or the FBI, if the breach exceeds 10,000 victims or potential victims of identity theft. The covered entity must notify the victims or potential victims within “thirty days after the breach has been discovered and [steps have been taken] to determine the scope and restore the reasonable integrity, security, confidentiality of the data system.”

If a third party was contracted to store, process, or maintain personal data, the third party must contact the covered entity of the breach or it must provide the notification to those affected by the breach if that issue was covered in a contract between the covered entity and the third party. If a service provider discovers a breach, the service provider must contact the covered entity.

It is interesting to note that non-profits have a different set of protocols for a security breach.

Finally, the notification process, as previously stated, must be done within thirty days after the breach has been discovered and corrected. The bill provides an extension of that time in the event that there is an ongoing criminal investigation or there is a threat to national security. The agency requesting the delay must put this request in writing not only to the affected entity, but also to the Federal Trade Commission. Notification can be done via U.S. mail or via email.

The content of the notification must include information of the data that was breached or reasonably breach, a toll free number that the person may contact to discuss the matter with the company, a toll free number for a consumer reporting agency (i.e. credit reporting), and a toll free number and internet website for the Federal Trade Commission to receive information regarding identity theft.

In the event that the contact information for more than 500 individuals is out of date or insufficient, the covered entity can provide substitute notice either through an email or a notice on the covered entity’s website.

Who Has Jurisdiction?

The Federal Trade Commission has jurisdiction regarding issues over data security and data breaches. Failure to comply with either standard of data security or data breaches will fall under the Commission’s unfair or deceptive acts or practices.

The fines for not complying with data security are set at $11,000 per day with a cap of $2,500,000. The fines for not complying with data breach notification are $11,000 per failure to notify a person with a maximum fine of $2,500,000. The fines are adjusted upon inflation. When issuing the penalties, the Commission “will review the degree of culpability, prior conduct, ability to pay, and any other matters” concerning the compromise in security.

What About State Notification Laws?

The bill does intend to preempt state law on those entities that are covered by this bill. Although there is preemption, state attorneys can file lawsuits on behalf of its citizens to enforce this law. However, if the Federal Trade Commission is pursuing an administrative action against a covered entity, then the states are preempted to file any litigation against the covered entity. The legislation does not allow a right to private action.

In conclusion, the Data Security and Breach Notification Act is a step forward in Congress’ attempt to provide a standard for data security and data breach notification. The bill also recognizes and incorporates other data security laws that are currently in place (i.e. HIPAA and GLBA). Since the bill is in its draft form, we can expect changes to this legislation.

Stay tuned for updates regarding this bill and other pending data privacy legislation that Congress will be reviewing in the near future. Please do not hesitate to contact us to discuss how we can help you be ahead of the curve before Congress passes new legislation.

Posted on

CLIENT ALERT — United States Government Publishes A List of Goods and Services that May Be Imported to the United States from Cuban “Cuentapropistas”

In addition to creating flexibility for certain travel and financial transactions, the CACR amendments announced by the Obama administration on January 16 also allow Americans to send unlimited amounts of money to individual Cubans, not tied to the government, in support of private businesses and independent non-governmental organizations. And in a rather somewhat historic move, the U.S. is also allowing persons subject to U.S. jurisdiction to engage in certain micro-finance activities, entrepreneurial training, and development projects in Cuba. 

This carve-out or exception to U.S.-Cuba sanctions allow persons and companies subject to U.S. law to export items to Cuba including building materials, equipment, tools, and supplies for use by Cuban “private sector,” and not any entity owned or operated by the Cuban government. Cuba’s “private sector” remains a very small percent of the overall Cuban economy, subject to significant regulation and monitoring by the state. It will present special compliance challenges for Americans, and other persons subject to U.S. law. 

Under Cuban Law and Decrees, “Self-Employment” is Akin to License, A Slight Exception to the Cuban Communist’s Party’s Official Role in the Economy 

Earlier efforts by the Communist Party, the only legal political party in Cuba, to create “self-employment” (Decree Law 14, July 1978), failed for political, ideological, and economic reasons.  However, there has been pressure to change this for many years because the centrally planned system has been failing for decades and is in desperate need of funds to support government-run social and other programs. 

“Self-employment” in Cuba, if it can be called that, has been legal since the early 1990s when on Decree Law 141 went into effect on September 9, 1993. Decree Law 141 lists, among other things, more than 100 occupations that would qualify for the new license for a person in Cuba do business on their own. These are the people that the United States wishes to assist with the recent regulatory changes to the CACR.

Self-employment in Cuba, known as  “trabajadores por cuenta propia”  (“TCP”) or “cuentapropistas” should not, for compliance purposes, be viewed in the same was as self-employment is categorized in the United States. The Communist Party decides what “jobs” will qualify for the TCP special exception to the Cuban Socialist Constitution and they add occupations to the list as needs warrant. 

Ultimately, and as a matter of law, Cuban workers, even TCPs, work for the benefit of the state and it remains to be seen if this opening in the Cuban economy will continue or if, as it has happened in the past, will be shut down by the government on a haphazard basis or when it suits them for political reasons to do so.

Compared to the overall as well as potential labor pool, the number of TCPs is minuscule. Cuba’s workforce of approximately 4 million people, works overwhelmingly for the state. According to recent data from Cuba as well as U.S. sources, about 93% of the Cuban work force is employed by the government. As of 2014, there are roughly just 450,000 TCPs. These TCPs are mainly home-run family restaurants and persons operating taxi or car services for tourists. The data is hard to come by. Because of the fees and regulations imposed by the state on TCPs, many potential and official TCPs prefer to operate in Cuba’s thriving black market or underground economy. 

Finally, Cuban TCPs, unlike workers in the United States and other nations, do not enjoy or possess legal rights to things such as private property or, ironically, strong labor rights.  Americans considering engaging in these new transactions in Cuba should also understand that dispute resolution mechanisms, due process of law, and other well established concepts in business and law are not widely available or simply not well-known in Cuba’s nascent “official” business culture. 

The Cuban government’s claims that there are changes coming in these and other related areas, but even if that were true, I have talked with lawyers on the island who say these proposed reformas are, at this juncture, more aspirational than reality. In fact the State Department says on its website that “[w]e cannot predict what the Cuban government will or will not allow, but we sincerely hope that it makes this and other new opportunities available to Cuba’s nascent private sector.”

Special Considerations for Americans and Other Persons Subject to U.S. Law

The new U.S. import rules are are authorized pursuant to what is known as a “general license,” (no special forms or application is needed); however, these transactions are still subject to many provisos, exceptions, and record-keeping requirements. Express prohibitions remain in place that ban persons subject to U.S. law from engaging in transactions in a wide array of situations that include, but are not limited to, transactions with Cuban government agencies, high-ranking Cuban officials and family members, human rights abusers, and individuals trafficking in properties that are subject to a U.S. certified claim. 

The “Section 515.582 List” published today include goods and services produced or provided by independent Cuban entrepreneurs — TCPs — that are imported into the United States directly from Cuba, except for goods specified in several sections/chapters of the Harmonized Tariff Schedule of the United States (HTS). 

According to the U.S. government, persons subject to U.S. jurisdiction engaging in import transactions involving goods produced by an independent Cuban TCPs pursuant to 31 C.F.R. § 515.582 must obtain documentary evidence that demonstrates the entrepreneur’s independent status, such as a copy of a license to be self-employed issued by the Cuban government or, in the case of an entity, evidence that demonstrates that the entrepreneur is a private entity that is not owned or controlled by the Cuban government. On this point of documentary evidence, the State Department says:

The Cuban government issues licenses to private individuals for self-employment or to operate small private businesses. Evidence that the entrepreneur holds this license, such as a copy of the license, is one way that a person subject to U.S. jurisdiction can show that the entrepreneur that provided the goods/services intended for importation holds independent status. However, third party verification by an independent organization may also suffice in the future. 

In other words, what constitutes “documentary evidence” is a work in progress.  

Finally, U.S. persons subject to the CACR should also be aware that there are express prohibitions in U.S. law that ban what is known as “trafficking” in Cuban properties that are subject to claims under U.S. law. 

During the early years of the Cuban Revolution, the Cuban government confiscated properties, businesses, or refused to honor debts and its other financial obligations of held by hundreds of thousands of American citizens and Cuban nationals.  Although legally-required to do under Cuban as well as well-established international law norms,  the Cuban government never paid compensation for any of these unlawful confiscations. The current value, for example, of U.S. Certified claims alone is close to $8 billion. Without U.S. government approval, rare in these cases, persons subject to U.S. law are prohibited from engaging in transactions in Cuba if a property that is subject of a claim is part of a transaction.

While some of these policy changes are historic, I’m sticking with what I told the Wall Street Journal February 2 and caution that there still remains a great deal of ‘irrational exuberance’ about what these changes will mean for Americans, and to a certain extent, Cuban TCPs. If you plan to engage in transactions with TCPs, you should strongly consider retaining counsel familiar with U.S. laws, regulations, and policy , as well as some knowledge Cuban laws and realities on the ground in Cuba. 

It will be interesting to see in the weeks and months ahead how the United States government deals with questions of potential trafficking in properties in Cuba, as well as the other potential legal minefields that certainly lay ahead. We will be publishing updates and additional analysis on this matter in the near future. The “Section 515.582 List” can be accessed at the State Department website.

In the meantime, if you would like more information about this or other trade security issues related to Cuba or other countries or programs, please give us a call. 

Client Alerts are provided for informational purposes only and should not be relied on for legal advice. Client Alerts are summaries and may be considered an advertisement for certain purposes; they are not full analyses of the matters presented. Unless otherwise indicated, they do not represent the views of our clients or the firm. Please contact a Poblete Tamargo lawyer, or your counsel, for specific legal advice for your particular matter. For more information visit our website at www.pobletetamargo.com or e-mail us at info@pobletetamargo.com