Negligent Hiring, Retention & Supervision

In today’s hyper-litigious society, employers must perform reasonable investigations of new hires and remain attentive to conduct of tenured employees, to ensure that an employee does not present an unreasonable risk to others.

Types of Claims

Employers have faced claims for negligently hiring a new employee, negligently retaining a bad employee and/or negligently supervising a wayward employee.  A Negligent Hiring claim asserts that the employer did not exercise reasonable care when hiring the new employee, whose dangerous tendencies or incompetence for the job at issue, would have been evident from a reasonable pre-employment investigation of the new employee’s background.  Similarly, a Negligent Retention claim asserts that an employer retained an existing employee who was known by the employer to have dangerous tendencies or be incompetent for the job at issue (e.g., the employer knew from the employee’s work records, prior complaints, disciplinary reports or prior observed misconduct).  A Negligent Supervision claim involves the same elements as a Negligent Retention claim, but typically focuses on misconduct occurring on the employee’s property (e.g., in the store) or under other circumstances where the employer could have exercised direct control over the employee.  All three claims require a showing of injury proximately resulting from the employee’s acts.  See gen. Kwang Bok Yi v. Open Karaoke Corp., No. 2016-11486, 2018 WL 2224984, at *1 (App. Div. 2d Dept May 16, 2018)

These types of claims typically are asserted against an employer by third parties injured by an employee – such as customers or passers-by.  Worker’s Compensation rules generally preclude one employee from asserting such claims against their employer based on conduct by a fellow employee.  Worker’s compensation programs are usually an aggrieved employee’s only remedy against an employer unless the aggrieved employee can show that the employer deliberately sought to cause the injury complained of.  Ferris v. Delta Airlines, 277 F3d 128, 138 (2d Cir. 2001).

Employer’s also have a technical defense that would enable dismissal of a Negligent Hiring, Retention or Supervision claim if alleged injury occurred during the offending employee’s execution of his/her duties (e.g., a company truck driver with a history of driving infractions causes a car accident or a bar bouncer with a criminal assault record breaks a patron’s nose while forcibly removing the patron from the bar).  Where “an employee is acting within the scope of his or her employment … no claim may proceed against the employer for negligent hiring or retention.” Karoon v. New York City Tr. Auth., 241 A.D.2d 323, 324, 659 N.Y.S.2d 27 (1st Dept. 1997); Troy v. City of New York, 160 A.D.3d 410, 70 N.Y.S.3d 842 (2nd Dep’t 2018).  This, however, is of limited practical utility because the employer remains liable for the employee’s conduct under a theory of respondeat superior.  Lara-Grimaldi v. Cty. of Putnam, No. 17-CV-622 (KMK), 2018 WL 1626348, at *24 (S.D.N.Y. Mar. 29, 2018) (citing Karoon., 659 N.Y.S.2d at 29). “[I]f the employee was not negligent, there is no basis for imposing liability on the employer, and if the employee was negligent, the employer must pay the judgment regardless of the reasonableness of the hiring or retention or the adequacy of the training.” Id.

Employer’s Prophylactic Measures
What constitutes reasonable investigation or oversight of an employee (whether pre-employment or continuing supervision) necessarily varies with the nature of the employee’s position.  It stands to reason that the potential for an employee to cause injury depends on the level of authority possessed by the employee, the risk associated with the employee’s position and the extent to which the employee will interact with the public.  The type and comprehensiveness of the investigation of the employee vary accordingly.  Of course, if an employee or potential employee is known to have been involved in an offending incident in the past, the level of scrutiny should increase.  Thus, senior/supervising employees or those with direct and regular public contact require more extensive background checks than laborers who work exclusively in back-office or warehouse roles.  Likewise, a driver who has never had a traffic ticket over the past 5 years, may require less continuing oversight than a similarly positioned driver with a recent road rage conviction.

The employer should take prompt and consistent action to investigate claims of employee misconduct and appropriately punish wrongdoers – including terminating employment if the offense so warrants.  Promptly and appropriate responses to employee bad behavior can help avoid or mitigate third party claims.

The employer should take care to accurately document its background investigation and oversight efforts.  In case litigation arises, it will be helpful to have records showing that the employer acted reasonably under the circumstances.  Conversely, an absence of records or materials showing that the employer ignored “red flags” can be very problematic at trial.

Of course, the employer must be discrete and judicious in the use of information it acquires when conducting an investigation or oversight of employees.  Federal, state and local law limit whether and how an employer may use an employee’s criminal conviction, arrest record, driving record, credit history, past bankruptcy or participation in other litigation.

For further information or assistance with any pending or potential matter, please contact Jonathan Faust, at Wilson Keadjian Browndorf LLP, 212.660.9555 or


Website Accessibility

Businesses must proactively ensure that their commercial websites are easily accessed by people with visual, auditory, motor and/or cognitive impairments or brace for litigation throughout the United States.

A growing number of lawsuits claim that websites that are not reasonably accessed by the disabled violate the U.S. Americans with Disabilities Act (“ADA”).  See e.g., McDonald’s, Kmart, Others Settle Suits Over Website Access for the Blind, Chicago Tribune, Nov. 6, 2017 (describing four lawsuits brought by the same law firm on behalf of the same group of plaintiffs). Accessibility concerns have most commonly been raised regarding public facing websites by which users engage in transactions or receive goods and services.  However, accessibility concerns have also been cited respecting companies’ internal employee intranets and web pages advertising job offerings to the public.

The ubiquity of internet searches in everyday life means that the disabled often encounter frustrating websites.  In addition to those persons genuinely aggrieved by a difficult website experience, there are many recurring “career plaintiffs” (and a growing cottage industry of lawyers) who look to manufacture litigation in order to effectuate change and/or extract settlement payments.  Such plaintiffs quickly file cookie-cutter complaints, often targeting entire industry sectors.  While the current litigation has tended to target large, well-known retailers, business should expect these lawsuits to proliferate and reach small and mid-market companies.

Significantly, under current law, businesses can be sued for website accessibility violations without prior notice. In other words, a business might first find out about an ostensible accessibility concern with its website upon receiving a demand letter or even a formal legal complaint filed against it.  Reacting to an existing legal claim means that, in addition to the expense and distraction of litigation, accessibility issues get resolved with plaintiff’s counsel’s oversight, and on the plaintiff’s timeline.  The bad publicity associated with such litigation can also expose a business to secondary issues — such as generalized customer relations concerns and/or potential government enforcement actions.

Besides avoiding the many problems attendant to litigation, there are compelling business reasons for a company to promptly and proactively take steps to make its websites more accessible to the disabled.  Indeed, making it easier for more customers to find, engage and buy from the business is often its own reward.  Likewise, it is easier for a business to retain customers as they age if the company website is accommodating to those with diminished eyesight, hearing and motor skills.  Implementing enhanced website accessibility standards might also improve search engine optimization, making the company’s website higher profile during routine internet searches.  In addition, pre-emptively ensuring website accessibility can reinforce a business’ reputation as a good corporate citizen.

Business can take pre-emptive action by modifying their websites to add: (i) captions and transcriptions of multimedia content on the site for hearing impaired users; (ii) spoken descriptions of photos to assist the visually impaired; (iii) options to navigate online pages point-to-point using keyboard commands (not a mouse) to access different levels of headers and text for those with fine motor skills impairment; and (iv) features, such as “alt text” in the code that enable the website to work with mass-market screen readers. Addressing web accessibility proactively, and before any lawsuit arises, lets the business take charge — and means that website reconfiguration (and/or replacement with a site that is “accessible by design”) and attendant issues such as testing, training, and maintenance, can be appropriately budgeted, staffed and planned within the business and financial structures of the company, and not based on imperatives set by a court or plaintiff.

Currently, there is no single, formal web accessibility standard that has been formally endorsed legislatively or judicially.  However, the World Wide Web Consortium (“W3C”) sponsors the Web Accessibility Initiative (“WAI”), which provides a widely respected and generally accepted set of website accessibility guidelines, technical reports, educational materials and other documents that relate to different components of web accessibility.  Many private litigation settlement agreements provide that the offending website that is the subject of the dispute should be reconfigured to meet the WAI guidelines. Accordingly, website owners should consider proactively redesigning their sites to conform to WAI guidelines. The link to the W3C guidelines is:

Skilled counsel can assist you in evaluating your situation, controlling the cost of any website reconfiguration or lawsuit, and making tactical decisions on how to comply with web accessibility concerns.  Proactive attention to website accessibility should result in reduced litigation and compliance risk, lower long-term costs, and increased business from customers.  If you have questions or concerns about web accessibility, please contact Jonathan Faust at (212) 660-9555 or by email at

Wilson Keadjian Browndorf, LLP Welcomes Jonathan J. Faust as New Partner

NEW YORK, NY, April 20, 2018 – Wilson Keadjian Browndorf, LLP is pleased to announce that Jonathan J. Faust will join the Firm as Partner and move his practice to the Firm’s New York office.

Mr. Faust is a veteran litigator and enhances the Firm’s capabilities with his wide-ranging experience as a general commercial litigator and accomplished business advisor. His practice includes civil disputes of every size and nature, across industries as varied as Fashion & Apparel, Construction, Information Technology, Real Estate, Banking and Waste Management. As representative examples of the breadth of his practice: (i) Mr. Faust successfully defended a foreign sovereign central bank against a putative class action pending in Federal Court in Illinois, involving complicated claims based on international law in which the plaintiffs sought damages that exceeded 40% of Hungary’s GDP; (ii) he regularly handles mid-sized contract, employment, discrimination, restrictive covenant, landlord-tenant and intellectual property disputes; and (iii) he cost-effectively represents the individual principals of clients in smaller, personal matters pending in New York Civil Court.

“I’m looking forward to working with such a talented group of professionals whose goals align with mine when it comes to client offerings,” said Mr. Faust. “My job is to be a problem solver and facilitator, helping my clients achieve their goals in a practical, effective, and cost-efficient manner.”

“Jon adds incredible skillsets to the Firm’s talent pool. In addition to being a tremendous lawyer, Jon is also greatly admired for his unique achievements,” said Michael Keadjian, Managing Partner of Wilson Keadjian Browndorf, LLP. “Jon’s experience advising sophisticated clients in a broad range of corporate matters will make him a great addition to our New York team and a sought-after resource for clients. This is an exciting time as we commit to building a dynamic, thriving legal practice in this amazing city.”

Mr. Faust earned his J.D., from Columbia Law School. He graduated summa cum laude from the University of Michigan with a B.A.


About Jonathan J. Faust

Jonathan J. Faust will serve as Partner of Wilson Keadjian Browndorf, LLP’s New York office. After 25 years as a successful general commercial litigator at an Am-Law 100 law firm, Mr. Faust brings to WKB extensive trial and appellate experience, in both state and federal court.  His practice also includes mediation and arbitration.  He is an accomplished business advisor, who serves as the outside general counsel and sounding board to clients — helping them navigate through volatile currents to clear seas no matter the nature of their concerns.   Mr. Faust’s legal and business insights are burnished by his additional experience as the Senior Counsel to the Claims Resolution Tribunal in Zurich, Switzerland; as General Counsel to Fast Track Nutrition; and as a Special Assistant District Attorney with the Manhattan District Attorney’s Office.

Mr. Faust is a well-known and respected thought leader, having lectured generations of future movers and shakers at Columbia Law School in New York, the University of Michigan Law School and at Eötvös Loránd University in Budapest, Hungary.

At his prior firm, Mr. Faust was the partner directly responsible for recruiting recently graduated law students and integrating them into permanent associate positions. He also was a partner member of that firm’s Attorney Retention Committee tasked with identifying and improving quality-of-life issues.

Mr. Faust’s dynamic leadership, energy and “can-do” attitude carries over into his other pursuits.  He is the Commissioner of, and a volunteer firefighter (Lieutenant) in, the Greenville Fire District.  He is also a member of the Edgemont Union Free School District School Board, one of the country’s top performing public schools.  Mr. Faust plays soccer and softball, and trains in combat sports.

When Mr. Faust takes on a matter, his clients reap the benefit of his considerable knowledge, experience and intense personal investment.  Mr. Faust has a consistent track record of success and cost-effectively realizing his clients’ goals.


About Wilson Keadjian Browndorf, LLP

WKB is a full-service law firm, offering its clients the energy, efficiency, and creativity of a smaller more flexible firm, with the skills and experience of a larger firm. WKB’s attorneys’ experience is as diverse as their client base and includes significant experience in traditional industries such as finance, project development, construction, intellectual property, media and real estate, as well as emerging areas such as automation, e-mobility, and life sciences. The Firm’s model allows it to provide the same type of professional results as the larger firms but at far more competitive rates.


Media Contact

Danny Kim

Social Media Contacts

Facebook @WKBLLP

LinkedIn @WilsonKeadjianBrowndorf

Facebook’s Data Practices Saga

As we all know, the personal data of about 87 million Facebook users have been “shared” without their knowledge with Cambridge Analytica (“CA”), a firm linked to Donald Trump’s 2016 political campaign.  Seemingly, Facebook knew of this incident in December of 2015, but Facebook users only found out this past March 17 when the New York Times reported it.  In commenting on this latest scandal, the Economist was quick to point out the Company’s “morphing, porous privacy policies and … a cavalier approach to oversight.”

When Mark Zuckerberg testifies in Congress today, U.S. lawmakers will be sure to focus on this breach’s effects on the election process and the identity of those posting news. This highlights the dramatic differences in how personal data is viewed between the U.S. and the European Union. Facebook and other data collectors fully believe that they have the right to use personal data as they deem fit. EU constituencies expect the opposite, and the new Regulation places all control over personal data in the hands of data holders. Given the global reach of any online information, uniform rules and approaches to protecting personal data would be of benefit, but given these conflicting views, we are more likely to see different data practices in the U.S. and in Europe, with data collectors applying a different treatment to U.S. data than EU personal data.


Leslie Williams, partner Wilson Keadjian Browndorf LLP

© 2018 Leslie Williams

This article is current as of April 10, 2018

German Court Curbs Facebook User Terms

On January 16, 2018, and in another step toward reigning in Facebook’s data practices in Europe, a Berlin district court issued a 250,000 judgment against Facebook Ireland Ltd. and ordered the company to change many of its terms of use for German users of the social network.[1]

Here are a few of the main points:

Facebook cannot require German users to register using their true name.  Users can register under an anonymous or pseudonymous name. This is an issue which was raised at least as early as 2012 by the Federation of German Consumer Organizations (VZBV), but remain unresolved until now.[2]

Current Facebook practices in which certain privacy settings are pre-set or set by default are not permitted. Users of the mobile app must be able to opt in to sharing their location.  Users must also consent expressly to:

  1. Use of sites such as Google to show a user’s profile in search results;
  2. Facebook’s use of user names and profile for commercial, sponsored or other applications; and
  3. any transfer of personal data to the U.S.

Facebook opposed the decision and plans to appeal. Nevertheless, the Plaintiff, VZBV, welcomed the ruling as an overall success for users.  The VZBV is also expected to appeal on the points it lost, such as the finding that Facebook’s advertising its service as “free and always will be” is admissible and not confusing.

For any U.S. companies which collect, use, or process personal data of data holders resident in the EU, the means of showing compliance, disclosures, and consents to be obtained from the data holders has increased, become more restrictive, and the enforcement of data protection rules will become more stringent by this coming May when the EU General Data Protection Regulation[3]  becomes effective.

For more information see

[1] AZ 16 O 341/15:


[3] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (OJ L 119, 4.5.2016, p. 1–88)

Europe’s Data Protection Regulation and the EU -U.S. Privacy Shield-the New Normal for Everyone?

During a September of 2014 Intellectual Property Law Conference in Duesseldorf, Germany[1], Birgit Sippel, a member of the European Parliament informed the audience that the Parliament overwhelmingly supported far greater restrictions on collector and processors of personal data than currently provided and regardless of where they were situated. Ms. Sippel went on to state that the Parliament would swiftly adopt a 2012 proposal to establish an EU wide regulation, bolstering the rights of EU data holders and creating data protection agencies authorized to handle complaints against data collectors or processors.

At that time, I commented in a blog that U.S. firms doing business with EU customers in which they collect, use or process personal data could not expect that their U.S. data processing practices could continue in the EU without specific attention to the EC Directive and related data protection rules. Several months prior, in May of 2014, the European Court of Justice (ECJ) had held in a case involving a Spanish citizen and Google, that not only did EU rules apply to data collectors which sell advertising space in the EU, regardless of where the server was located, but the data holder has the right to request removal of links with personal information under specific circumstances and require the collector to comply.[2] Google lost the case, and the so-called “right to be forgotten” was incorporated into the EU data protection rules that were adopted in December of 2016, largely in line with the Ms. Sippel’s position.

After the Google ruling, an Austrian citizen filed a complaint with the Irish Data Protection Commissioner against Facebook, which is incorporated in Ireland, challenging Facebook’s transfer of his personal data to the U.S. on the grounds of inadequate protection in the U.S. The complainant’s appeal in Ireland was stayed until the ECJ ruled, with the Court finding that the then-applicable decision of the EU Commission on adequacy with regard to the U.S. data protection standards was invalid. This Court decision from October of 2015[3] thus upended the existing framework permitting U.S. processors to transfer EU data holder information to U.S. servers.

The EU Commission returned to the negotiating table with its U.S. counterparts to address the Court’s concerns with respect to U.S. companies’ data practices, and in August of 2016, a new bilateral agreement, the EU-U.S. Privacy Shield framework, came into effect, replacing its predecessor Safe Harbor framework.

Then, at the end of 2016, the EU adopted the General Data Protection Regulation or so called “GDPR” (the “Regulation”),[4] which replaces the current EU Directive 95/46 on data protection, and is to be fully implemented by the EU Member States by May of 2018.

What the Regulation protects

The Regulation protects the use of personal data of individuals by data processors which collect, use, or process such data in any manner for commercial purposes.While the EU data regulatory framework is far more comprehensive than the Regulation and includes additional laws related to health care data, law-enforcement,[5]institutional use and other areas, the Regulation and the accompanying EU-US Privacy Shield framework represent the core data protection rules which affect U.S. businesses.

The Regulation covers personally identifiable data of any data holder with an address in any of the 28 EU countries, the EEA countries of Norway, Iceland, and Liechtenstein, and Switzerland, and accords rights and safeguards to them, regardless of where the data collector or processor is located.

Under the Regulation, the data holder is the owner of his or her data. The holder is entitled at all times to -and must consent to- third party use of his or her data. The holder may revoke his consent to use or may require erasure or removal of data to which the holder previously agreed. As a result, data collectors must ensure that the data holder:

  1. has one or more means or giving consent to the processor’s use of the holder’s data in a clear, affirmative way. (opt in, not opt out);
  2. is able to request access to the holder’s data, and access must be made easy and available to the holder at reasonable intervals;
  3. may object to the continued use of his or her data, request that it be rectified or have it erased or removed, even if the data holder previously agreed to use.

How data holders’ rights are enforced

The Regulation institutes simplified administrative and judicial remedies for complaints and their resolution. The data holder may submit complaints to a single supervisory authority in each Member State or to one of several agencies in the United States in the case of complaints against a U.S. data processor.

All data processors which process information of EU data holders are required to designate a representative to act on behalf of the processor and with regard to the Member State’s supervisory authority, to cooperate with that authority to ensure its compliance with the Regulation, and in the event of a breach, to be subject to enforcement proceedings. U.S. controllers or processors without an establishment or presence in the EU must also designate a representative to act on behalf of the processor with respect to a Member State’s supervisory authority, and in the event of any breach of the Regulation’s rights to data holders, expect that complaints will be processed by the authority.  A data holder is also entitled to judicial remedies against an administrative ruling of the authority or in the event the authority fails to carry out its duty to process a complaint in accordance with the Regulation’s dictates.

The data holder’s remedies cover “material or non-material damage”, which occurs from a processor’s proven infringement of the holder’s rights, and in either case, the holder is entitled to compensation.

The EU-U.S. Privacy Shield and U.S. Processors

Under the predecessor directive to the Regulation, the EU Commission was authorized to decide on the adequacy of legal protections in countries outside of the EU, including the U.S., prior to permitting transfers of personal data of EU data holders outside of the EU for processing. Although the Commission had instituted the Safe Harbor framework, in the wake of additional case law (see Schrems Decision), it was compelled to reform the framework, which in turn lead to the Privacy Shield[6] and a system of certification to ensure ongoing compliance.

Under the certification system, U.S. processor companies commit to the U.S. Privacy Shield principles and voluntarily apply for certification through the Department of Commerce, FTC or DoT, depending upon the authority responsible for the particular industry in which the processor operates. In exchange for this certification, processors are permitted to transfer or continue transferring data of EU holders outside of the EU for processing. Certification is subject to annual review and renewal by the agencies involved and to these agencies’ enforcement powers. EU data holders are able to submit complaints to the data protection authority in the holder’s Member State of residence or to the U.S. agency concerned for handling. If need be, resolution through alternative dispute resolution, such as arbitration, is further provided.

As of this September, a significant number of large U.S. data collectors and processors have certified with the Department of Commerce. Moreover, the Privacy Shield framework is subject to ongoing review, monitoring and enforcement by the EU Commission, and be updated or changed to address new issues as they arise. Thus, it is not a one-time compliance issue, but an ongoing one with the prospect of increased supervision or restriction.

Take Aways for Data Holders and Processors

Well before 2014, European laws and attitudes towards the collection and use of personal data have been more restrictive than in the U.S. The Regulation is built upon decades of precedent and represents the next level in ensuring stricter standards and uniform application of the law’s provisions to all EU and EEA countries, plus Switzerland.

The EU Data Holder Wields the Power

Most U.S. data processors have based their operation on the premise that personal data made available to the processor is for use at the service provider’s discretion, and that once given, the processor has few restraints other than to protect again hacking or other security breaches that may affect specific transactions such as credit card processing, credit reporting which involve financially sensitive data. Once disclosed to the processor, the data holder is not given control over current or future use, nor the means to take specific affirmative action to restrict or correct the data disclosed. A very different model applies in the EU. The European personal data holder is the owner of his or her data and is entitled to affirmatively consent or “opt in” to specific uses by the data processor. At any time, the data holder may revoke, amend or request removal of data, and the processor must comply. Noncompliance has the consequences of answering to a data protection agency and potential liability for compensation.

While to date there may not have been much debate in the U.S. over the rights of the data holder, European thinking on personal data and privacy may prompt more vigorous discussion over the power that large U.S. data processors exercise in the U.S. market, in great part due to the personal data they have collected. One recently dissenting voice is that of University of Southern California’s (USC) communications professor, Jonathan Taplin. In Taplin’s book, “Move Fast, Break Things”,[7] he makes the case that firms such as Google, Facebook, and Amazon have immense influencing power over our daily lives because of the personal data which U.S. holders have unwittingly provided. In turn, such data control has helped to give rise to monopolies each online service now has in search (Google), social media integration and messaging (Facebook), and books and other items (Amazon).

European influence on Data Operations in America?

Historically U.S. firms and American institutions have played a major role in influencing commercial practices, policy and culture well beyond U.S. borders. Under the Privacy Shield, the EU Commission decides what data can be collected, used and processed with regard to EU data holders and whether the policies and practices in the U.S. are adequate to permit data transfer to the U.S. As the data protection rules are subject to ongoing review and will evolve as cases are tried and complaints heard, U.S. processors can expect that collection, processing and transfer operations will continue to be monitored and to be subject to higher standards and restrictions. The new normal in EU data collection and processing can be likened to a nonexclusive license granted by the data holder to the processor, which the holder may revoke, amend, or request be entirely removed at any time, rather than a one-time transaction where the holder makes the disclosures to the processor and the processor is free to use the data as it sees fit.

To the extent a data collector or processor does not provide mechanisms which ensure that the data holder’s rights are ensured and provide the measures to enforce them, the processor’s business model, means of operation or management practices will need to be adapted to do so. This is very likely to result in additional costs to institute affirmative consent or closer interaction mechanisms with data holders and to accommodate requests to rectify or remove data. Indeed, a recent PwC Survey found that among large American processors, the most frequently implemented compliance measures included certification under the Privacy Shield and instituting binding corporate rules, at an investment cost of more than $1 million.[8]

If these compliance mechanisms are put in place for EU data holders, why not offer such protections to all data holders, including those in the U.S.? Even if data processors are not considering this from the standpoint of simplifying commercial operations, it seems that U.S. data holders ought to be asking this question for themselves.

What the future may bring

U.S. data holders may presume that the ease and convenience in the services which data processors provide is not only worth the data holder’s consent to wholesale use of the holder’s personal data, but that this bargain initially struck with any processor is not open for discussion. Europe, in contrast, acknowledges the data holder’s rights to value and control personal data, regardless of convenience of service, and is compelling U.S. companies to adapt their current business models and systems to comply with more comprehensive levels of data protection required by the Regulation.

The debate in America on data security has been sparked by security breaches at Yahoo, Equifax, and with regard to Uber’s recent announcement of a hacking of its site that has only recently come to light. However, it is the EU data protection authorities that are taking action to investigate Uber’s breach. The ride share service’s breach is now subject to an investigation by the Dutch data protection authority under Holland’s rules which are quite stringent, the Netherlands being the site of Uber’s European operations. Austria and Poland are launching separate investigations of the potential breach, and the U.K. and Italy may join. This has prompted the EU to consider launching a EU probe. Such an EU investigation would not, however, negate the imposition of sanctions at the Member State level at least until the Regulation takes effective next May, and Holland’s maximum fines are high, up to 820,000 Euro.[9]

U.S. data holders’ ire over hacking and companies maintaining secrecy about breaches has not yet lead to a vigorous debate as to who is in control of personal data and what individual rights and remedies a data holder has. The Regulation and Privacy Shield should prompt a far deeper reexamination of how we view our personal data and what we require of the businesses making use of it. Do we want the rights to erase, remove, or change the data we give, and to have links removed so as to “be forgotten”? What should be the consequences to processors if U.S. data holders’ rights are breached or adversely affected? It may be time for a simplified process to file complaints, and seek redress administratively or judicially without the costs outweighing the benefits. And if, as with Uber, a large number of customers are affected, why shouldn’t sanctions or fines apply? We’ve imposed them for antitrust violations and intellectual property infringement. Why wouldn’t we consider them for egregious breaches of personal data?

Leslie Williams, partner Wilson Keadjian Browndorf LLP

© 2017 Leslie Williams

This article is current as of December 4, 2017

[1] German Intellectual Property Law Association (GRUR) Annual Conference September 2014, (

[2] Judgment of the Court (Grand Chamber), 13 May 2014. Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González. ECLI:EU:C:2014:317.

[3] Judgment of the Court of 6 October 2015 Maximillian Schrems v Data Protection Commissioner Request for Preliminary Ruling from High Court Ireland; C-362/14 ECLI: EU:C 2015.650 (hereafter “Schrems Decision”).

[4] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1–88). The Regulation replaces its predecessor Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31).

[5] Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data and repealing Council Framework Decision 2008/977/JHA.

[6] Commission Implementing Decision (EU) 2016/1250 of July 12 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on adequacy of protection provided by EU-US Privacy Shield (C 2016 4176; O J L 207, 1.8.2016 p 1-112).

[7] Move Fast and Break Things: How Facebook, Google, and Amazon Cornered Culture and Undermined Democracy, Taplin, Jonathan, MacMillian 2017.

[8] “GDPR Compliance Top Data Protection Priority for 92% of US Organizations in 2017, According to PwC Survey”, PwC. 23 January 2017,

[9] “EU considers investigation into Uber Hack”, Financial Times, 23 November 2017,

Wilson Keadjian Browndorf, LLP Adds Mark Peroff and Darren Saunders as Partners in the Intellectual Property Practice Group in the Firm’s New Times Square Office

NEW YORK, NY, July 31, 2017: Wilson Keadjian Browndorf, LLP (“WKB”) announced that Mark I. Peroff and Darren W. Saunders have joined the firm, representing the next step in the firm’s expansion of its New York intellectual property practice. Both lawyers have practiced together for over 15 years and join from Manatt, Phelps & Phillips, LLP, where they served as partners.

Mark Peroff will serve as Managing Partner of the New York office and Chair of the Intellectual Property Practice Group. Darren Saunders will serve as Partner of the New York office. The powerhouse duo will operate out of WKB’s newly acquired professional space located in Times Square at 114 West 47th Street, 18th Floor, New York, NY 10036, which will accommodate additional legal support staff and new attorneys as the firm continues to grow.

“With clients facing increasingly complex IP challenges as a result of growing global competition and converging technologies, it’s become more important for us to invest in our ability to serve all our clients’ needs in managing, acquiring and leveraging their IP assets,” said Matthew C. Browndorf, Managing Partner of Wilson Keadjian Browndorf, LLP. “Mark and Darren are powerful additions in the strategy of growing our intellectual property practice in New York. Their expansive knowledge and experience tremendously amplifies our intellectual property practice capabilities, which will enhance our existing core practice areas and help accelerate our growth.”

Mark Peroff said “Early in my career I served clients in a small firm setting and focused on delivering higher quality IP services at a reasonable price for a few industries. During the past decade I practiced in large law firms offering an array of legal services for my large clients, but I missed the collegiality and friendliness of the small law firm environment. I had many options after I decided to relocate my practice to a small law firm and found Wilson Keadjian Browndorf to have the perfect combination of collaborative culture and dedication to clients in an entrepreneurial environment. Matt Browndorf has created an exciting environment in which lawyers can thrive by concentrating solely on the practice of law.”

Darren Saunders added “Working with Mark Peroff on cutting edge complex, high-profile IP litigation matters during the past decade has been a pleasure. Working in this new entrepreneurial environment will be exciting.”

New Professional Space

The new space boasts 5,535 square feet – an increase of over 4,000 square feet from the firm’s prior location – and will feature a contemporary environment filled with natural light and glass partitions to promote an open work environment and foster teamwork. In-line with the firm’s goal of incorporating cutting-edge technology into its practice, the new office will be equipped with VoIP communication devices, interactive media tools and modern workstations furnished with a set of collaborative software suites so individuals at each WKB office can maintain communication, work on the same projects, at the same time, in real-time.

“Expanding our presence in New York was a logical step in our growth strategy,” stated Matthew C. Browndorf, Managing Partner of Wilson Keadjian Browndorf, LLP. “After adding two well-known and experienced IP litigators from prestigious law firms to our rich and diverse talent pool, we saw an opportunity to further expand staffing in our legal, administrative and support departments, thereby increasing our ability to provide quality legal service to current and future markets.”

The move to a larger office will allow WKB to attract and recruit top talent in the IP space. With the new office and support staff, WKB will be better positioned to serve and efficiently handle increasing caseloads while continuing to provide superior legal services.


Mark I. Peroff previously served as partner with Manatt, Phelps and Phillips, LLP, and before that, served as co-chair of Hiscock Barclay’s branding, trademarks and copyrights practice. For over 35 years he has counseled clients on procuring, maintaining, and enforcing or defending their intellectual property rights in the US and abroad, focusing on trademark, copyright and domain name protection. His practice includes counseling clients in litigation; licensing and assignments; development/implementation of anti-counterfeiting enforcement programs; due diligence in acquisitions and divestitures; opposition/cancellation proceedings before the US Patent and Trademark Office; and administrative tribunals under the Uniform Domain Name Dispute Resolution Policy, Digital Millennium Copyright Act Notice and Taken Down Procedure. Mark Peroff has also been recognized as one of the top filers of trademark applications (7,500+) in the US.

Darren W. Saunders previously served as partner at Manatt, Phelps & Phillips, LLP. His practice focuses on trademark litigation, copyrights, patents, IP licensing transactions, advising clients on IP-related bankruptcy issues, domestic and international anti-counterfeiting enforcement, unfair competition and false advertising. He has represented clients at the trial and appellate levels and in administrative proceedings before the US International Trade Commission and the US Patent and Trademark Office.

About Wilson Keadjian Browndorf, LLP

Wilson Keadjian Browndorf, LLP, is a mid-size full service law firm, offering its clients the energy, efficiency and creativity of a small, growing firm with the skills and experience of a larger firm. The firm serves the unique needs of the mid-sized market including advice on the internationalization of mid-size firms.  WKB’s attorneys’ experience is as diverse as its client base, and includes significant experience in traditional industries such as finance, project development, construction, intellectual property, WKB leverages its strengths to provide the same type of professional results as the larger firms but at far more competitive rates.

Media Contact
Danny Kim

Social Media Contacts
Facebook @WKBLLP
LinkedIn @WilsonKeadjianBrowndorf

Wilson Keadjian Browndorf, LLP Welcomes Andrew Corcoran as New Partner

WASHINGTON, DC, July 17, 2017 – Wilson Keadjian Browndorf, LLP is pleased to welcome the addition of Andrew Corcoran as Managing Partner of the Firm’s Washington, DC office. Mr. Corcoran is licensed as an attorney in New York and the District of Columbia and will operate out of the Firm’s Maryland office. Mr. Corcoran is not licensed to practice in Maryland. Prior to joining WKB, Mr. Corcoran practiced at the international law firm of Skadden, Arps, Slate, Meagher & Flom, LLP, for nearly 12 years.

“We are excited to have a partner of Andrew’s caliber join the firm and his personality fits our culture like a glove,” said Matthew C. Browndorf, Managing Partner of Wilson Keadjian Browndorf, LLP. “He is an extremely effective litigator with sound judgement, and he is a great communicator. We look forward to a dynamic collaboration.”

Mr. Corcoran is a veteran litigator and enriches the Firm by adding fresh perspective to a growing pool of extremely talented attorneys. Some highlights from his career include: representing a Fortune 500 institutional bank in a civil litigation matter concerning terms of more than $1 billion commercial mortgage securitizations; resolving a highly complex dispute regarding damages for the destruction of industrial equipment valued in the millions; defending against class action lawsuits and RICO actions; defending against alleged securities violations; and setting precedent with a landmark case focused on enforcement of foreign judgments in the state of New York.

About Wilson Keadjian Browndorf, LLP

WKB has offices strategically located in California, New York, New Jersey, Nevada, Pennsylvania, Maryland, Illinois, Indiana, Wisconsin, Cologne, Germany (non-affiliate office); and London, England, with over 30 attorneys specializing in a comprehensive array of legal matters including administrative law, commercial litigation, intellectual property, information technology, mergers and acquisitions, real estate, structured products, and private equity.

Media Contact
Danny Kim

Social Media Contacts
Facebook @WKBLLP
LinkedIn @WilsonKeadjianBrowndorfLLP

Summary of the US Delegation trip to Germany (May 5-8, 2017)

During a five-day trip to Germany in early May, the members of Senate of the Economy, Inc.’s Delegation met with their German counterparts. Attending from the United States were Leslie Williams, partner of Wilson, Keadjian, Browndorf LLP, her cofounder of the Senate, John Gosch of Prager, Metis, Jack Holcomb, a Los Angeles lawyer and cochair of the American Council on Germany, and the Senate’s President, Michael Rolland.

The Delegation first met on May 5 in Ludwigsburg, near Stuttgart, to attend a daylong conference on “Best Practices of World Market Leaders from Baden Wurttemberg.” This Conference, sponsored by the Academy of World Market Leaders and the German Senat der Wirtschaft, included as key speakers Robert Friedmann, board member of Wuerth Group, Dr. Mark Hiller of Recaro Aircraft Seating AG, and Oliver Blume of Porsche AG. Of the best practices discussed were how the leaders entered foreign markets and not only maintained their presence there but grew. At the end of the Conference, Dr. Norbert Lammert, President of the German Parliament, addressed the attendees, providing his perspective on the current economic and political climate in Europe.

The following day, the Delegation traveled to Hamburg to meet members of the German Senat and the former Vice President of the EU Commission, Günther Verheugen, for a discussion on Transatlantic Relations under the new Trump Presidency. In the evening, 50 members of the German Senat, all heads of companies, and the Delegates took an evening tour of the harbor in celebration of Hamburg’s Harbor Day.

On the final stop of the trip on May 8 in Berlin, the Delegates held an afternoon meeting with the Economic Minister of Rheinland-Pfalz, Dr. Volker Wissing to exchange of thoughts on prospects for trade and investment between this German state and the West Coast, notably in smart farming and biotechnology.

Innovators Can Sleep at Night if Their Trade Secrets Are Well Protected

Trade secrets are considered the oldest form of intellectual property in the world, and in the 21st century trade secret assets may become the largest, most lucrative driver for the United States in a world that largely tolerates theft of innovation. The motto “Don’t Innovate, Imitate” need not be an issue, though, when trade secret assets are well-protected.

Depending upon the type of trade secrets case, plaintiffs’ outcome may be more favorable when they elect to file in State courts, because of the “Uniform Trade Secrets Act” UTSA and its flexibility.

The UTSA has been a great success, with 99 percent of US states implementing its provisions. However, the Uniform Act does not encompass remedies for criminal prosecution. This has led to some jurisdictions adopting their own criminal law in respect to trade secrets.

By example, the adoption of criminal sanctions by California of the Penal Code § 499c, covers criminal prosecution for misappropriation of trade secrets.

Protection for misappropriation of trade secrets differs substantially between the California penal code and the recent “Defense of Trade Secrets Act” (DTSA) – Defend Trade Secrets Act. For example, Cal. Penal Code § 499c does not provide for the protection of trade secrets in the course of prosecution. Whether in practice California courts will protect the confidentiality of a trade secret, is dependent upon pursuit of protective relief from the Court.

In contrast, the DTSA requires the court to “take such . . . action as may be necessary and appropriate to preserve the confidentiality of trade secrets,” and creates a right of interlocutory appeal from any decision or order authorizing or directing the disclosure of a trade secret for the United States Government when prosecuting theft of trade secrets. Further, section 1835 of the DTSA as amended, additionally prevents courts from directing the disclosure of any information the owner asserts to be a trade secret without first allowing the owner to submit under seal a description of their interest in keeping the information confidential, and explicitly dictates that “the provision of information relating to a trade secret to the United States or the court in connection with a prosecution under that chapter shall not constitute a waiver of trade secret protection.”

In California, offenders convicted of theft of trade secrets under section § 499c of the penal code are guilty of theft, which (assuming the value of the secret(s) stolen is above $950). It can be a felony punishable by imprisonment up to three years (pursuant to the sentencing guidelines codified in Cal. Penal code § 1170h) and required restitution (Cal. Penal code 487). Further, § 499c codifies specific penalties, including imprisonment not exceeding one year (pursuant to the sentencing guidelines codified in Cal. Penal code § 1170h), or fines up to $5,000, or both, for those who induce another to misappropriate a trade secret.

The DTSA provides for significantly steeper penalties: imprisonment up to ten years, or fines up to $250,000 (18 U.S.C. § 3571), or both, or for organizations that engage in theft of trade secrets, fines (recently increased by the DTSA) up to the greater of $5,000,000 or three times the value of the trade secret to the organization (includingthe avoided cost of research and development).

DTSA further provides explicit immunity from criminal liability for whistle blowers, while Cal. Penal Code 499c has no such provision. The language of the elements of trade secret theft in § 499c is drafted in such a way as to appear to leave open to criminal prosecution of someone who acts with the intent to appropriate a trade secret even if they do so exclusively for the use of a law organization or other appropriate enforcement entity in the event of a “whistle blower” scenario. The Federal statute is explicitly applicable to foreign acts.

And, the DTSA dictates that §§ 1831-39 apply to conduct occurring outside the United States if the offender meets the following criteria: is a U.S. citizen or permanent resident alien, or a corporation organized in the U.S., or if an act in furtherance of the offence was committed in the U.S. Cal. Penal Code § 499c is subject to the limitations of the extraterritoriality of California criminal law generally.

Key Differences Between the Federal Criminal Statute and the California Statute Relating to Theft of Trade Secrets

Accordingly, the key differences between the federal criminal statute and the California statute dealing with criminal conduct is that the federal statute provides a procedure which is efficient and, at the same time, protects the confidentiality of the trade secret. Further, the procedure against criminal conduct is stricter with DTSA.

Under the DTSA federal courts operates under a single, national standard for trade secret misappropriation and a transparent set of procedural rules, offering predictability and ease of use. Second, federal courts provide nationwide service of process and a unified approach to discovery, enabling quick action by trade secret owners even when confronted with actors in multiple jurisdictions. Third, as a result of their extensive experience with complex cross-border litigation involving intellectual property, federal courts would be able to resolve jurisdictional issues quickly and applications for injunctions or seizures fairly. Fourth, their generally more predictable discovery procedures will serve the legitimate needs of trade secret plaintiffs, who typically must develop most of the facts to prove their case through defendants and third parties.

Finally, while the DTSA is not preemptive and would allow litigants a choice to sue in state or federal court, the opponents fail to explain why having that choice should be deemed undesirable “forum-shopping,” any more so than in other areas, such as trademark and securities law, where concurrent state and federal jurisdiction has long existed.

If you’re looking for protection outside criminal acts, then the UTSA offers, essentially, reliably case law that can be highly beneficial to companies that operate across state lines and that have relied upon established commercial trade secrets standards. Thus, the trade secret protections that have been enacted for many years under the uniform trade secrets act provide reliable safeguards for the majority of trade secret disputes.

However, if is a plaintiff is seeking criminal sanctions, it may be prudent to proceed under the DTSA.


Uniform Trade Secrets Act (UTSA)

Defend Trade Secrets Act (DTSA, 18 usca)

Cal Penal Code section § 499c