Conventional wisdom has long advised against introducing politics into professional settings. For many years, that approach seemed sensible. People hold a range of viewpoints, and avoiding contentious topics generally helped build business relationships and productive workplaces.
At this moment in our history, I no longer find this tenable.
As businesses integrate artificial intelligence in their operations (including goodcounsel, which we’ve written about here), state legislatures are taking steps to regulate its use, particularly when there are civil rights and consumer protection implications. Much of the early focus has been on preventing algorithmic discrimination in areas such as hiring, housing, and lending. These regulations aim to ensure that automated systems do not produce biased outcomes that disproportionately affect protected groups.
Recent statutes are focused on the risks when generative AI tools interact directly with consumers. For example, Utah’s Artificial Intelligence Policy Act (as amended) requires companies to program AI chatbots to disclose to users that they are interacting with artificial intelligence (rather than a human) at the outset of an interaction, if the interaction involves (1) the collection of “sensitive personal information” such as financial, health or biometric data, and (2) the provision of personalized recommendations or advice “that could reasonably be relied upon to make significant personal decisions,” including the provision of financial, legal, medical or mental health advice. There is no private cause of action under the statute, but Utah’s Division of Consumer Protection may impose administrative fines of $2,500 per violation, in addition to injunctions, disgorgement, and other relief. California and Colorado have their own statutes addressing AI disclosures and disclaimers in consumer interactions.
This year, Alabama, Hawaii, Illinois, Maine, and Massachusetts introduced bills that would make failing to provide the required AI notification an “unfair or deceptive act or practice” (UDAP) violation under The Federal Trade Commission Act. These bills, when passed, would expose companies that use AI in consumer communications to investigation or enforcement by Attorneys General and, potentially, private actions.
Please contact us if you need help knowing which states’ AI laws apply to your business, and how to comply with them.
Five years ago, we wrote a blog post about how Illinois was a pioneer in passing a comprehensive statute protecting biometric information, and how other states were following suit. Illinois’ Biometric Information Privacy Act (BIPA), enacted in 2008, protects these biometric identifiers: fingerprints, retina scans, iris scans, hand geometry scans, voiceprints, and face geometry scans.
Illinois still distinguishes itself in that it is the only state that grants consumers the right to sue for monetary damages when their biometric data rights are violated. Other states, such as Texas and Washington, do not provide a private right of action; enforcement is typically reserved for the state attorney general.
Last August, Illinois amended BIPA so that an individual whose rights were violated under BIPA is entitled to only one recovery ($1,000 for a negligent violation and $5,000 for an intentional or reckless violation, along with reasonable attorneys’ fees and injunctive relief), regardless of the number of times the company disclosed, redisclosed, or otherwise disseminated the same biometric identifier or biometric information of the same person to the same recipient. Before the amendment, individuals could seek $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.
This amendment comes as a big relief to companies that collect biometric information from Illinois residents. Perhaps you remember hearing about what at the time was the largest privacy-related cash recovery in the U.S.: in January 2020, Illinois class action plaintiffs succeeded in getting Facebook to establish a $650 million fund for users whose BIPA rights were violated by “Tag Suggestions,” Facebook’s facial recognition feature. (Since then, Meta, Facebook’s parent company, has agreed to even larger data privacy settlements.)
Reach out to usif your business collects biometric information. We can help ensure that you are complying with applicable state law.
I am fortunate to be in Europe for a couple of weeks. It’s always striking to see the quality of public infrastructure here. The Paris Metro is a marvel—beautiful, fast, and extensive. (Why the Metro operates so much better than the NYC Subway, given its smaller operating budget, is a story for another time.)
This morning, I took the Metro to one of Paris’s several grand train stations, Gare du Nord, and boarded the Eurostar train to Antwerp via Brussels, where I am sitting right now. Even in second class, the train car was comfortable, quiet, and very well-maintained. Traveling at speeds as high as 185 mph (a speed that American trains only dream about), we completed the 164-mile segment to Brussels in about an hour and 20 minutes.
As is often the case with President Trump, the corruption is out in the open. As a lawyer, it sickens me that the president continues to get away with this. Are people okay with this?
I noted this in my longer blog post this evening, but to post quickly here: two opinion pieces I wrote have now been published: one in the Chicago Tribune and the other, co-written with my wife, in the Philadelphia Inquirer. (These pieces may be paywalled, but I will post PDFs here in the coming days.) I hope you find them interesting.
Update: The Securities and Exchange Commission has reviewed and substantially revised the BOIR rule. Under the updated rule, domestic companies are now exempt. Only companies formed in foreign jurisdictions that domesticate with U.S. secretaries of state are required to file a BOIR, and only with respect to beneficial owners who are not U.S. citizens
Do not despair if your business hasn’t filed its Beneficial Ownership Information Report (BOIR) yet — FinCEN has provided a new deadline.
FinCEN just announced that a company formed before 2025 has until March 21, 2025, to file its BOIR, and a company formed after December 31, 2024, has until March 21, 2025, or 30 days from the filing date (whichever is later).
Filing deadlines have changed due to conflicts between injunctions issued by federal circuit courts and appeals by the Department of Justice. While the new deadline gives businesses more time, don’t wait too long—noncompliance comes with substantial penalties.
Wait, what’s a BOIR Again?
Under the Corporate Transparency Act (CTA), most U.S. businesses – especially small and privately-held companies – are required to report details to FinCEN about their “beneficial owners” (people who own at least 25% of the company or have substantial control).
The goal? To crack down on fraud, money laundering, and shell companies hiding illicit activities.
If your business falls under this requirement and hasn’t filed yet, now’s the time to act.
If you want more information, you can check out our previous blog post here, but disregard the deadline dates!
Who Needs to File?
Most LLCs, corporations, and other registered business entities must file a BOIR. Some companies, like publicly traded businesses, large operating companies, and certain financial institutions, are exempt.
Not sure if your business qualifies? We can help.
What Happens If You Don’t File?
Ignoring the BOIR requirement isn’t an option. If you miss the deadline, you could face:
Fines up to $500 per day for ongoing violations
Criminal penalties of up to $10,000 and possible jail time for willful violations
Even though FinCEN extended the deadline, the penalties remain the same—so it’s best to take care of this sooner rather than later.
What Should You Do Now?
If you haven’t filed yet, here’s your game plan:
Check if your business needs to file – Review FinCEN’s reporting requirements.
Gather ownership details – Identify anyone who owns 25% or more or has significant control.
Submit your BOIR before the deadline – March 21, 2025, for pre-2025 entities, or the latter of March 21, 2025, or within 30 days of formation.
Stay updated – The CTA and BOIR requirements are still evolving, so keep an eye on any further changes.
Need Help? goodcounsel Has You Covered
If the BOIR process feels overwhelming, you don’t have to tackle it alone. We’re here to help.
We can walk you through the process, ensure everything is filed correctly, and keep your business compliant—with minimal stress.
📩 Get in touch today, and let’s ensure you meet the deadline hassle-free.
Protecting proprietary software is critically important for many technology startups. Proprietary software can potentially be protected as a trade secret or by copyright or patent law – there are pros and cons to each approach. For example, some companies prefer going the trade secret route because, unlike with copyrights and patents, it requires no filings or disclosures; generally, all that is required is for the company to take reasonable measures to keep the trade secret confidential.
A company may lose its competitive advantage if a competitor “reverse engineers” its proprietary software. Reverse engineering software is the process of analyzing, disassembling, or experimenting with the software to discover its structure, design, or source code. Successful reverse engineering may enable a competitor to create a substantially similar or duplicate product. It may surprise you that reverse engineering software — even when it is copyrighted or protected as a trade secret — is generally lawful under federal and state law, unless theft, fraud, bribery, espionage, or other improper means are involved.
Fortunately, there are steps a business can take to minimize the risk of reverse engineering, such as contractually prohibiting business partners, licensees, and others with access to the proprietary software from reverse engineering it – with a breach of this obligation resulting in liability for breach of contract and trade secret appropriation.
Contact goodcounsel if you have concerns that your proprietary software is not adequately protected.
Jared Montney, an intern and 4th-year student at the University of Chicago, provided substantial assistance researching, drafting, and editing this blog post.
Today – June 6, 2024 – is the 80th anniversary of D-Day – the Allied landing in Europe to liberate the continent from Hitler and Nazism. Every June 6, I pause to think about those who fought and the many who died on the beaches of Normandy and during the campaign that followed, and I always experience a deep sense of gratitude.
Following the trend of many states that have severely limited or prohibited employee noncompetes, the FTC announced in April a final rule prohibiting noncompete provisions in agreements with workers. The FTC rule, which will become effective on September 4, 2024 (assuming it withstands legal challenges) will, if nothing else, bring uniformity and clarity to the now-fragmented national landscape of noncompete regulation.
The rule prohibits employers from entering into, attempting to enter into, or maintaining noncompete clauses with any workers (whether employees or contractors) and requires notice to certain workers that their noncompetes are now unenforceable. With respect to noncompete clauses entered into prior to the effective date, enforceability depends on the seniority level of the employee – senior executive noncompetes, narrowly defined, are grandfathered.
Although legal challenges are pending, it is crucial for businesses to prepare for compliance by reviewing and adjusting their current employee agreements, assessing all outstanding noncompete agreements, and preparing notifications to the extent required by the rule.
If you need help understanding how this rule applies to your business or any other guidance on next steps, please do not hesitate to contact us.