Month: January 2024

7 Myths About Contesting Election Night Outcomes in Connecticut

Posted on by Kelly McElroy

    It’s rare, but it happens. And sure enough, it did recently in Bridgeport, Conn.: a court-ordered redo of a mayoral election after allegations of misconduct that led state legislators to consider changes to the voting system.

    Like all states, Connecticut has strict laws regarding elections—and even more stringent laws for contesting election night outcomes. Yet, misconceptions about these laws, fueled by high-profile court cases and media narratives, are widespread in political campaigns or those seeking legal representation in election matters.

    Misinterpretations of election law in Connecticut lead to false impressions and distorted views of the election process and how to best challenge election results. Several already abound. Below are seven myths and the reality of each:

     

    Myth: Uniform Election Processes Across Connecticut

    The notion that election processes, from voting by mail to voter registration, are uniform across Connecticut is a common misconception.

    Connecticut’s 169 cities and towns function independently, leading to varied interpretations and executions of state election laws. The Secretary of the State’s office is responsible for interpreting election law and who’s eligible to vote. Still, local practices can differ significantly, sometimes leading to issues like refusing secure drop box delivery or mismanagement at polling places​​.

     

    Myth: Legal Disputes Always End in Court

    The need for court involvement in election disputes is only sometimes necessary. The American Arbitration Association emphasizes the benefits of alternative dispute resolution (ADR) methods in resolving election-related disagreements, including vote counting and post-election audits. These approaches offer quicker and more cost-effective solutions compared to litigation.

    Campaigns need to explore these alternative avenues of resolution for more minor or technical conflicts.

     

    Myth: Any Voter Can Challenge Results for Any Reason

    In Connecticut, the law does not allow just any voter to challenge election results on any ground. The legal framework specifies that only certain parties—typically candidates, political parties or a group of qualified voters—have standing to contest election results. This limitation is in place to ensure that challenges are severe and have a basis in substantial issues affecting the election’s outcome.

    Restricting who can challenge election results prevents the electoral process from being overwhelmed with frivolous or unsubstantiated claims. Those who challenge results must present legitimate reasons, usually grounded in evidence of irregularities or legal violations. Examples include allegations of fraud, procedural errors or other issues that could have materially affected the election outcome. These challenges are subject to judicial scrutiny, and the burden of proof lies with the person or party making the challenge.

     

    Myth: Recounts Happen Automatically in Close Races

    While Connecticut law provides automatic recounts in certain circumstances, they are triggered only when the results fall within precise and narrow margins. For instance, a recount may be mandated if the vote difference between candidates is less than a certain percentage of the total votes cast. This small number margin is defined by state law and does not apply to every close race.

    This law ensures accuracy in very close elections where minor errors could alter results. Suppose the victory margin is above the threshold. In that case, no automatic recount occurs. Still, candidates or parties can request one through a different process with specific criteria. It’s important to understand these thresholds and the recount process. Misunderstandings can cause unrealistic expectations of a recount, leading to needless disputes and eroding trust in the electoral process.

     

    Myth: Challenges Can Delay Swearing-in Indefinitely

    Legal challenges to election results can delay the certification and swearing-in of elected officials, but they cannot do so indefinitely. Connecticut has legal and procedural frameworks that set timelines and processes for resolving election disputes. These frameworks ensure that protracted legal battles do not unreasonably disrupt governance.

    Election dispute resolution timelines are short to ensure power transitions and term commencements, with courts prioritizing these cases for speedy resolution. Frivolous or unsubstantiated challenges are unlikely to lead to lengthy delays, as courts can quickly dismiss cases that lack merit. This system balances the need to address legitimate concerns with the broader public interest in stable and effective governance.

    Myth: Voter Suppression Claims are Always Valid Grounds for Contesting Elections

    Voter suppression claims can prompt election contests, yet not all claims warrant legal action. In Connecticut, such claims need clear evidence showing a significant effect on election outcomes. Allegations may include restrictive ID laws, few polling places, voter roll purges and misinformation.

    Proving their decisive impact involves showing that suppression of eligible voters happened and that it changed enough votes to alter the election. Courts require detailed, credible evidence to consider these claims.

     

    Myth: All Election Challenges are Politically Motivated

    The view that election challenges are solely based on partisan politics is incorrect. They can result from various issues, like procedural errors, and not just partisan motives. Recognizing varied reasons for election challenges is critical to understanding election integrity complexities and advocating a non-partisan approach. Some challenges highlight the need for fair, transparent electoral processes beyond political lines.

    Additionally, these challenges follow strict timelines and rules to resolve disputes quickly to avoid governance disruption. This emphasizes the need for substantial evidence and legal justification in challenging election results.

    A thorough grasp of election law is essential for political campaigns and legal representatives to contest an election outcome. Legal guidance helps maneuver the electoral process and maintain compliance for devising a winning victory. The Bridgeport fallout shows that the waters of electoral disputes are far from still, with more contested outcomes sure to come on the political horizon.

     

    (Joseph M. Pastore III is chairman of Pastore, a law firm that helps corporate and financial services clients find creative solutions to complex legal challenges. He can be reached at 203.658.8455 or jpastore@pastore.net.)

    ESG Data Assurance Requirements: 10 Steps to Prepare for the Legal Implications

    Posted on by Kelly McElroy

      Research shows a substantial percentage of companies are not prepared for the environmental, social and governance (ESG) data assurance requirements. Only 25% of companies feel they have the ESG policies, skills and systems in place to be ready for independent ESG data assurance. This is despite the fact that two-thirds of companies must disclose such data or will soon be expected to do so on a mandatory basis.

      One of the core challenges for companies planning for ESG assurance is a need for more internal skills and experience. Learn how these requirements will impact corporate and financial services companies. Plus, uncover the proactive steps your company can take to prepare for the legal implications of these requirements.

      Impact on Corporate and Financial Services Companies

       

      The ESG data assurance requirements create the following opportunities if handled correctly, in addition to challenges for corporate and financial services companies:

      Opportunities

      • Reduced risk and compliance costs: Proactive data quality management can help avert costly fines associated with regulatory non-compliance.
      • Competitive advantage: Companies prioritizing data assurance can distinguish themselves in the marketplace as trustworthy and reliable partners.
      • Improved decision-making: Trusted data results in better-informed decisions at all organizational levels—from product development and customer service—to risk management and compliance.
      • Enhanced trust and credibility: Strong data assurance processes can build trust with your customers and investors by committing to transparency and data integrity.

       

      Challenges

      • Evolving regulatory landscape: Keeping up with the ever-changing regulatory landscape, especially in areas like ESG reporting, can be exhaustive for your internal resources.
      • Increased costs and complexity: Implementing and maintaining effective data assurance programs requires an investment in technology, personnel and processes, which can be a financial and administrative burden on your company.
      • Lack of talent and expertise: This can have significant consequences for your company, resulting in operational challenges, inaccurate data, and increased costs and inefficiencies. Moreover, finding and retaining skilled professionals with data governance and assurance expertise can take time and effort.

       

      You can gain a competitive edge by preparing and leveraging the potential benefits. Conversely, the implications of non-compliance can be significant and multifaceted, from regulatory fines and penalties to negative brand perception.

      Key Steps to Prepare

      Here are some proactive steps you can take to prepare for the ESG data assurance requirements:

       

      1. Stay informed:Monitor emerging standards for ESG data assurance, including the proposed International Standard on Sustainability Assurance (ISSA) 5000 and legislative developments. Acquaint yourself with relevant regulations in your jurisdiction and industry.

       

      1. Conduct a risk assessment:Find areas where your ESG data collection, management and reporting practices might be vulnerable to legal risks because of possible inaccuracies.

       

      1. Develop robust internal controls:Establish strong data governance policies and internal controls to confirm data accuracy and consistency within your company.

       

      1. Invest in data management systems:Upgrade your technology and data infrastructure to assist in effective and trustworthy data collection, retrieval and storage.

       

      1. Examine disclosure obligations:Recognize your legal responsibilities for ESG data disclosure, both mandatory and voluntary, under stock exchange listing requirements and relevant regulations.

       

      1. Establish ESG reporting policies:Create thorough policies for ESG data collection, verification, aggregating and reporting. Ensure they support recognized standards and best practices.

       

      1. Provide training:Offer training for employees engaged in ESG data collection, management and reporting to guarantee compliance with internal policies and legal requirements.

       

      1. Consider independent assurance:Evaluate the need for independent third-party assurance of your ESG data to enhance stakeholder confidence and mitigate legal risks. Select reputable assurance providers who adhere to relevant standards and ethical codes.

       

      1. Conduct due diligence with suppliers and partners:Assess the ESG practices of your suppliers and partners to ensure alignment with your commitments and avoid reputational risks.

       

      1. Partner with legal experts: Consult with legal professionals specializing in ESG and sustainability to guarantee compliance with relevant laws and regulations and navigate potential legal risks associated with your ESG data disclosures. For legal inquiries, please contact us at Pastore LLC.

       

      By taking these proactive steps, you can begin to prepare for the evolving ESG data assurance requirements. The legal landscape is dynamic, so staying updated and adapting your strategies is crucial.

       

      This article is intended for informational purposes and does not constitute legal advice.

       

      (Julie D. Blake, JD, LLM, CIPP, CIPM, is an experienced commercial litigator and data privacy expert with expertise in cybersecurity, data privacy breaches, risk assessment and data privacy policy review.)

      Navigating the New Cybersecurity Rules: What Companies Need to Know

      Posted on by Kelly McElroy

      Public companies must report their cybersecurity risk management, governance and strategy on their annual filings for fiscal years ending on or after Dec. 15, 2023, to comply with the recently imposed Securities and Exchange Commission (SEC) rules.

      In the U.S., almost all publicly traded companies with a focus on consumers and a large number of financial services corporations have experience in cybersecurity. This results from cybersecurity regulations being implemented by various federal agencies and all states. Specifically, the Safeguards Rule in Gramm-Leach-Bliley (GLB) requires the following types of  financial institutions to address cybersecurity to establish extensive measures:

       

      • Banks
      • Savings and loans
      • Insurance companies
      • Broker-dealers
      • Investment advisers

      The SEC implemented a prior set of disclosure rules for reporting firms to give investors the necessary data to evaluate the impact of a cyberattack. Further, many other registered firms have enacted cyber procedures on their own initiative, based on responsible legal guidance.

      As a result, following the introduction of the new law, financial services firms, consumer-oriented reporting firms and businesses that have independently implemented cyber policies shouldn’t have any significant implementation issues. However, those that haven’t will have a considerable undertaking to address these new requirements. Therefore, the 10K revisions will have an extensive impact on these companies.

      The rule’s provisions will likely sanction those failing to comply with the change. This could involve letters of caution, fines and suspension.

       

      Navigate the Cybersecurity Requirements by Taking Steps

      Here are some steps to help your company navigate the new cybersecurity requirements:

      Ensure a written information security policy (WISP) is in place. This creates a framework for cyber management and typically calls for creating and upkeeping a risk assessment manual and a written asset inventory.

      The WISP also includes procedures addressing access controls, identity and access management, entitlement transparency, and other important topics listed below:

       

      Access to Entitlement Transparency

      Human Resources (HR) should be able to provide immediate access to your company’s entitlement transparency structure, including a complete listing of access by each employee to the firm’s system from initial employment to departure.

      Upon employee advancement or transfer, the employee’s new superior, HR and an appropriate senior techie should reassess the employee’s access. This should be an established firm procedure and not a one-off. If an employee has been reprimanded in any way or has a questionable employment history, this should be maintained in their file.

       

      Departure/Termination Procedures

      Creating definitive procedures that can be immediately implemented upon termination plays a significant role in your company’s cybersecurity. These procedures should include immediate notification company-wide of an announced departure, especially if it’s a termination for cause.

      Upon notification of an employee’s departure, immediately implement access restrictions. Upon departure, execute an immediate and complete access shutdown. It’s important to understand that current employee’s access to a former employee’s HR files is often a critical factor in illegal intrusions into the firm’s systems. In all of this, consider when a current or former employee is involved in a breach and what you would want to know about him/her to evaluate the situation properly.

       

      Password Protection Policy

      A strong password protection policy is mandatory for access security and should incorporate a requirement for multi-factor verification, including a user code and a password. The password should have eight alphanumeric characters with at least one symbol, should be changed every 90 days and not repeated for at least six months. Three errors in an attempted entry should suspend use for at least an hour and be reported to IT.


      Data Loss Protection

      One of WISP’s primary functions is to ensure that your company’s designated information requiring security is adequately protected in accordance with its degree of risk.

      This review should be based on:

       

      • Guidance from National Institute of Standards and Technology (NIST) releases and guidelines
      • Relevant industry guidelines
      • Operational manuals
      • Data maps
      • Audits (internal and external)
      • Testing (internal and external)
      • Other appropriate mechanisms

       

      Finally, determine if the company’s personal identifiable information (PII) and other designated data are being properly identified, maintained and protected within the firm’s systems.

       

      Security Devices and Review

      To accomplish compliant, sophisticated protection, the company should employ technology such as encryption, firewalls, intrusion detection and protection systems, as well as monitoring and auditing devices. One approach is to institute a defense-in-depth strategy using the devices above layered within the firm’s systems. This review’s determination is vital to your company and should be documented and maintained in the WISP Manual.

      After an incident, the entire team should conduct follow-up reviews to make recommendations for corrective and remedial action, and it should then oversee and approve this action.

       

      Training

      In conjunction with legal, IT and outside IT forensic vendors, your company should develop cybersecurity training programs, including mock and tabletop sessions. Develop and provide regular cybersecurity awareness training for all personnel and regularly update this to reflect current risks.

      The chief compliance officer (CCO), in conjunction with the chief information security officer (CISO), should conduct follow-up reviews. To establish an effective training program, they should work with legal and IT and outside legal and IT advisers.

      Training should also discuss the appropriate handling of customer’s requests for username and password changes, wire transfers and identity verification—particularly those involving large money transfers to an overseas location or third parties. This should include sound practices regarding opening e-mail attachments and links, including using simulated phishing campaigns where the firm identifies and retests employees who failed the exercise.

       

      Vendor Selection and Management

      Vendors play an essential role in a company’s business and, as a result, have a significant involvement in cybersecurity. Vendors and employees are two major risk factors in cybersecurity breaches.

      As such, have an established due diligence process for the selection of vendors, which should focus on cybersecurity awareness. As a part of your cybersecurity program, develop a strong vendor management plan. Finally, ensure all vendor contracts contain pertinent provisions and employ regular oversight practices.

       

      Cyber-Insurance

      Check your existing policies for their cyber insurance coverage. If appropriate, discuss with your insurer to address any areas requiring additional coverage. You don’t necessarily need to obtain a separate cybersecurity policy if you have proper coverage otherwise. Also, the employment of a WISP can significantly assist a firm in evaluating the need for and securing appropriate insurance.

       

      Phishing

      No U.S. business, small or large, can escape phishing attacks. These can result in the loss of substantial sums of money, often in six and seven figures, and valuable, susceptible company information. As a result, phishing problems can be reduced through training and testing, which includes demonstrations of various attacks experienced by peer firms. Although there’s no easy solution, regular and informed testing and training can effectively address this problem.

       

      Testing

      Regular testing is required of all WISPs and involves internal testing by firms and independent outside vendors. Most testing aims to ensure that key controls, systems and procedures of a WISP meet established standards.

      One of the most important types of testing is third-party penetration testing. Penetration testing is an essential element in any cybersecurity program. It simulates an internal or external attack on a company’s computer network to detect its vulnerabilities and evaluate your firewall system’s effectiveness.

      In conjunction with legal, compliance and a trusted outside vendor, IT should develop cybersecurity training and testing programs, including mock and tabletop sessions. These tests should be administered periodically (annually, quarterly and when necessary) by capable internal or outside technology experts and can be invaluable to your cybersecurity program.

       

      Incident Response Plan

      Lastly, a major element of a WISP is its Incident Response Plan, which provides a procedural structure for your company to respond to a cybersecurity incident expeditiously. The plan should contain specific policies and procedures for responding to a cyber incident with specific provisions.

       

      The plan should require the firm to establish an incident response team (IRT) responsible for addressing all cyber incidents. Depending on the company and the cyber incident, the IRT can comprise members from IT, compliance, legal, HR and other relevant departments. Each member should be a seasoned officer sophisticated in the firm’s technical systems and operations.

       

      Partner with Legal Experts for Assistance

      A law firm with a sophisticated cybersecurity group can assist with all the undertakings described above and do so expeditiously and cost-effectively. Pastore LLC has a sophisticated group of seasoned counsel who can direct the development and completion of a WISP and be crucial players in effectively advising on any cyber incident.

       

      This article is intended for informational purposes and does not constitute legal advice.

       

      (Jack Hewitt is a securities lawyer and focuses on securities litigation and regulatory advice and counsel to broker-dealers, investment banks and investment advisers. His work involves virtually every aspect of the federal and state securities laws, including equity, fixed income and derivatives trading, market manipulation, net capital, short-selling, suitability, record retention, insider trading, cybersecurity and registration issues.)

      What Standard of Care Applies When Engaged in Fitness Activities?

      Posted on by Kelly McElroy

      The fitness industry, while promoting health and wellness, is not immune to legal challenges. Businesses in this sector, particularly in states like Connecticut, need to be vigilant about potential litigation, especially concerning negligence and contract breaches. This article aims to guide fitness facility operators on how to mitigate these risks, incorporating real case examples and legal principles.

      Understanding the Risks: Negligence  

      Negligence forms the core of many lawsuits in the fitness industry. Cases often revolve around personal training, where trainers may fail to consider clients’ medical conditions, provide unsuitable exercises, or inadequately supervise workout sessions. These oversights and decisions can lead to severe injuries, ranging from fractures to more serious conditions like heart attacks or strokes due to overexertion.

      In Connecticut, the standard of care in fitness-related injuries can vary based on the nature of the activity. Importantly, Conn. Gen. Stat. § 52-572h makes clear that a participant’s assumption of the risk does not bar recovery in negligence actions in Connecticut and instead, the standard of “comparative negligence” applies.

      The Connecticut Supreme Court in Jaworski v. Kiernan (1997) established that the duty owed to a participant in a sport where physical contact is inherent or expected is not to engage in reckless or intentional conduct, rather than the ordinary standard of acting in a reasonable manner under the circumstances.

      However, this heightened standard of care does not always apply.  In Jagger v. Mohawk Mountain Ski Area, Inc. (2004), the court found that, in non-contact sports like skiing, participants are expected to engage in the sport reasonably and appropriately. This “ordinary” standard of care has also been applied in evaluating whether providing standard fitness safety equipment (in the form of a yoga mat) was actionable conduct Schmus v. Davis (2021) and even in sporting activities where physical contact seems unavoidable – like boxing – where the plaintiff, as a trainee, enlisted the defendant trainer, as a trainer for instruction in fitness boxing. They were not co-participants in an athletic contest. Robles v. Dean (2017).

      Practical Steps to Mitigate Risks

      1. Regular Equipment Maintenance and Safety Checks: Regularly inspect and maintain equipment to prevent accidents.
      2. Qualified Personnel: Employ qualified trainers and ensure they are well-versed in handling diverse client needs and health considerations. This reduces the risk of injuries due to inappropriate training methods.
      3. Effective Use of Waivers: Develop comprehensive and specific waivers, clearly outlining the risks involved in various fitness activities. Remember, the clarity and specificity of a waiver can be pivotal in legal defenses.
      4. Emergency Protocols and Staff Training: Establish clear procedures for handling injuries and emergencies. Ensure all staff members are trained to respond effectively and document incidents thoroughly.
      5. Insurance Coverage: Maintain adequate insurance to cover potential claims. This not only provides financial protection but also ensures compliance with legal standards.
      6. Legal Consultation: Regularly consult with legal experts to ensure that all operational practices, contracts, and waivers align with current laws and regulations.
      7. Client Communication and Education: Educate clients about the risks associated with fitness activities and the importance of acknowledging their health conditions and limitations.

      By addressing these key areas, fitness facilities can significantly reduce the risk of litigation. It’s not just about legal protection; it’s also about creating a safe and responsible environment for clients to pursue their health and fitness goals.

       

      This article is intended for informational purposes and does not constitute legal advice.

      (Paul Fenaroli is an Associate Attorney at Pastore admitted in Connecticut and the District of Connecticut. He provides private companies with a full range of business law services covering formations, mergers, acquisitions, corporate governance, securities offerings and litigation)

      Pastore Files Federal Complaint in AI Venture Capital Dispute

      Posted on by Kelly McElroy

      Pastore has been retained by the author of the leading text used at Harvard in the “Starting a Private Investment Firm” course to pursue business torts committed by his former AI Venture Capital Fund General Partner and its affiliated individuals. The defendants, spanning Colorado and Texas, are alleged to have purposefully manipulated the client to build the AI fund, and then cut him out of the carry and returns. The case is pending in the District of Connecticut.