500 Series Notices Issued Once Again – The Hits Keep Coming

Due to COVID-19, on May 9, 2020, the 500 series notices were suspended. Now, it seems, the Internal Revenue Service (the “IRS”) has begun to issue the 500 series notices to taxpayers once again. What is a 500 series notice and what is the importunate of the IRS reissuing these notices you may ask?
The 500 series notices include three different types of notices that alert taxpayers about various stages of nonpayment – (1) the CP501, (2) the CP503 and (3) the CP504.

The CP501 Notice alerts taxpayers that they have a balance due to the IRS and their payment options.

The CP503 Notice alerts taxpayers that the IRS has not heard from the taxpayer about the unpaid balance and that the taxpayer’s property may be subject to a lien if they fail to pay.

The CP504 Notice alerts taxpayers that their remains and unpaid balance and that if not immediately paid, the IRS will levy the taxpayers state income tax refunds.

Regardless of the type of 500 series notice you receive, it is imperative that you follow the directions set forth in the notice to dispute the amount owed or to pay the balance due. If you do not successfully dispute the amount owed and you fail to pay the balance due, a penalty will be assessed, and the outstanding balance and penalty will continue to accrue interest until paid. Furthermore, once the IRS has levied your state income tax refund, if there is still a balance outstanding, the IRS will likely send you a notice of its intent to levy your other property, including: wages, bank accounts, business assets, personal assets, and social security benefits.

Now, all is not lost if you receive a 500 series notice, because there are options afforded to you that can reduce or eliminate the penalty and/or balance owed in part or even entirely. If, based on all the facts and circumstances in your situation, there exists reasonable cause for failure to pay the taxes when due, you will generally qualify for relief from penalties. Though lack of funds, in and of itself, is not a reasonable cause for failure to pay, the reason for the lack of funds may meet the reasonable cause criteria. Sound reasons, if established, may include: fire, casualty, natural disaster, pandemics, death, serious illness, incapacitation, and other reasons which establishes that you used all ordinary business care and prudence to meet your obligations. Regardless of the reason, the following facts need to be established in order to determine if the cause was reasonable:
• What happened and when did it happen?
• What facts and circumstances prevented you from paying your tax during the period you did not pay your taxes timely?
• How did the facts and circumstances affect your ability to pay your taxes?
• Once the facts and circumstances changed, what actions did you take to pay our taxes
• In the case of a business or estate, did the affected person or member have sole authority to make the payment?

If you have been financially impacted by COVID-19, you may satisfy the reasonable cause exception and have the penalty waived.

If you have received a 500 series notice and believe that the amount does not accurately reflect what you owe or if you have been impacted by the pandemic, or any other reason, the attorneys of Vandenack Weaver can assist you.

VW Contributor: Justin A. Sheldon
© 2020 Vandenack Weaver LLC
For more information, Contact Us

IT TAKES AN ACT OF GOD

Attorneys drafted force majeure clauses into contracts on the off-chance the parties could not fully perform a contract due to reasons specified in the clause. Until recently, force majeure clauses were overlooked and rarely invoked to cancel or suspend the performance of a contract. As with every other aspect of our lives, this changed, and similarly to how the pandemic spread like wildfire, the invocation of force majeure clauses to cancel or suspend the performance of a contract began spreading across the corporate world like wildfire.

Force majeure clauses are designed and drafted to excuse or suspend both parties from their respective performances of a contract under a certain set of limited circumstances. Because contracts are generally drafted to ensure the enforceability of its performance, courts have historically construed force majeure clauses rather narrowly.

Prior to COVID-19, most force majeure clauses did not include epidemics and pandemics in the boilerplate language of a force majeure clause.

An example of a boilerplate force majeure clause pre-COVID would hold that,

Neither party shall be held liable or responsible to the other party nor be deemed to have defaulted under or breached this Agreement for failure or delay in fulfilling or performing any term of this Agreement to the extent, and for so long as, such failure or delay is caused by or results from causes beyond the reasonable control of the affected party including but not limited to fire, floods, embargoes, war, acts of war (whether war be declared or not), acts of terrorism, insurrections, riots, civil commotions, strikes, lockouts or other labor disturbances, acts of God or acts, omissions or delays in acting by any governmental authority or the other party.¹

The “catchall” in properly drafted force majeure clauses is the “Act of God” provision.

When the pandemic began to spread like wild fire, we saw that supply chains were being disrupted, people were unable to go into work, and it became unsafe to do things that we wouldn’t have given a second thought to doing less than one year ago; which brings me to the crux of this blog. Is a pandemic an Act of God? And, if so, can a party suspend or cancel the performance of a contract by invoking this provision?

To properly invoke the force majeure clause, it must be drafted in such a way that would allow the clause to be reasonably construed to include pandemics. Many scholars believe that although case law is scant when it comes to interpreting a pandemic as an Act of God, it is reasonable to construe a pandemic as an Act of God, and as such able to excuse the performance of a contract drafted prior to COVID-19.² However, the Act of God language must be included in the force majeure clause to invoke the catchall provision.

Even then, if a contract contains the Act of God language in a force majeure clause, it is not guaranteed that a party can invoke it to cancel or suspend its performance of a contract. The party wishing to cancel or suspend the performance of a contract must also show that despite the Act of God, the party still tried to perform its contractual duties.

Furthermore, to properly cancel or suspend the performance of the contract by invoking the clause, the party invoking it must demonstrate that the Act of God actually impacts its performance of the contract.³ That is to say, a party may not simply invoke an Act of God provision to relieve the party of its contractual duties; the party must shoulder its burden to demonstrate that there is a link between the Act of God and that party’s ability to perform the contract.

For more information, please contact: info@vwattys.com

¹https://www.lawinsider.com/clause/force-majeure

²https://www.stanfordlawreview.org/online/contracts-and-covid-19/

³Beardslee v. Inflection Energy, LLC, 798 F.3d 90, 93 (2d Cir. 2015)

VW Contributor: Leslie E. Mueller
© 2020 Vandenack Weaver LLC
For more information, Contact Us

IRS Releases Part 4 and 5 of a Five-Part Security Summit Tips for Tax Professionals during COVID-19

This article wraps up the last of the ​Security Summit’s​ five-part series called Working Virtually: Protecting Tax Data at Home and at Work. ​As a refresher, the Security Summit is made up of the Internal Revenue Service (“IRS”), state tax agencies, and private-sector tax industry officials. The impetus for releasing this five-part series was to equip ​tax practitioners with specific strategies to assess and secure their home and office data, due to the fact that many tax professionals are not working from home.​ ​This article explains the fourth and fifth tips that the Security Summit issued. The fourth tip reminds tax practitioners to be alert of and avoid phishing scams. The fifth tip reminds tax professionals that federal law requires them to have a written information security plan. The Security Summit further recommends that practitioners create an emergency response plan if they experience a data theft.

Tip 4: Avoiding Phishing Scams
What should tax practitioners be on the lookout for to spot potential phishing scams? First, phishing emails can have an urgent message. For example, cybercriminals can send an email impersonating human resources or an administrator asking for the recipient to update their password or other personal information by clicking on a link. The link will then take the individual to a fake site that feigns the appearance of a trusted source requesting them to insert personal information. Or, the email could contain an attachment for the recipient to click on that instead downloads malware on their computer. Now cybercriminals are capitalizing on COVID-19 fears ​by presenting themselves as providers of face masks or personally protective equipment in short supply. Tax professionals should beware of emails from criminals posing as potential clients. Tax practitioners should thus stay vigilant in scanning all emails and urge on the side of caution rather than clicking on any email attachment or any link in an email. When in doubt, taxpayers and tax preparers can forward suspicious emails posing as the IRS to phishing@irs.gov.

Lastly, because phishing scams are commonplace, and often successful, the Security Summit urges tax professionals to educate all office personnel about the dangers and risks of opening suspicious emails – especially during the COVID-19 period.

Tip 5: Make a Plan for Protecting Data and Reporting Theft
The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley ACT, requires that tax professionals have a written security plan in place to safeguard their client’s tax data. This federal law is administered and enforced by the Federal Trade Commission (“FTC”). The FTC underscores that a tax preparer’s security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. Therefore, a security plan for a solo tax practitioner would differ from a global firm’s security plan. On the other hand, the FTC does have requirements that apply to all tax companies, irrespective of their size and complexity.

Each tax institution must:
● Designate one or more employees to coordinate its information security program;

● Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate its effectiveness of the current safeguards for controlling these risks;

● Design and implement a safeguards program, and regularly monitor and test it;

● Select service providers that can maintain appropriate safeguards, making sure the contract requires them to maintain safeguards, and oversee their handling of customer information; and

● Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

Failure to have a data security plan may result in an FTC investigation. The IRS may also treat a violation of the FTC safeguards rule as a violation of the IRS Revenue Procedure 2007-40 which stipulates the rules for tax professionals participating as an Authorized IRS e-file Provider.

On July 10, 2019, the IRS created this ​youtube video​ to reiterate that all tax preparers must have a written security plan. The video also reiterates the basic requirements for how tax preparers can safeguard taxpayer data. And, as an additional tool, you can revisit the “Taxes-Security-Together” Checklist​ the Security Summit rolled out during the 2019 summer as a starting point for analyzing office data security. You can also look at IRS ​Publication 4557, Safeguarding Taxpayer Data (PDF)​, which details critical security measures that all tax professionals should enact. Finally, the Security Summit noted that the FTC is currently re-evaluating the Safeguards Rule and has proposed new regulations. Therefore, tax preparers should be alert to any changes in the Safeguards Rule and its effect on the tax preparation community.

Creating a Data Theft Response Plan; Report Data Thefts to the IRS
The Security Summit also recommends that all tax practitioners create a response plan so that they have steps in place should they experience a data theft. If a client or the tax firm are the victim of data theft, the Security Summit states that they should immediately:

● Report it to the ​local IRS Stakeholder Liaison​. ​Stakeholder Liaisons will notify IRS Criminal Investigation and others within the agency. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients’ names and will assist through the process.

● Email the Federation of Tax Administrators at statealert@taxadmin.org. ​Get information on how to report victim information to the states. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.

Cyber attackers could also steal a tax practitioner’s identity too. Tax practitioners should
regularly check their IRS e-Services e-File Application to see a weekly count of tax returns filed with their Electronic Filing Identification Number (“EFIN”). Excessive filings are a sign of data theft. E-file applications should also be kept up to date. Circular 230 practitioners also can review weekly the number of tax returns filed using their Preparer Tax Identification Number (“PTIN”). Excessive filings are also a sign of data theft.

As always, tax professionals should take advantage of the additional resources the IRS provides related to security recommendations and questions in ​Publication 4557 Safeguarding Taxpayer Data​ (PDF), as well as the National Institute of Standards and Technology (NIST’s) Small Business Information Security: The Fundamentals​ (PDF).

VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us

IRS Releases Part 2 of a Five-Part Security Summit Tips for Tax Professionals

On July 28, 2020 the Internal Revenue Service (IRS), in partnership with the Security Summit, issued the second part of their five-part series providing tips for tax professionals to thwart off cyber-security attacks during COVID-19. The second tip is for tax professionals to use multi-factor authentication to protect client accounts. The notice also provides a reminder that beginning in 2021, all tax software providers will be required to offer multi-factor authentication options on their products that “meet higher standards.”

Multi-factor authentication, sometimes referred to as two-factor authentication, allows for additional authentication factors than just entering in a password to verify a user’s identity. Two-factor authentication requires the user to provide their password and an additional step to access their account. Sometimes, a user will receive a text message with a one-time password, or perhaps the user is asked a knowledge-based question that they previously set up, such as “what is your mother’s maiden name.” However, given the sophistication of cyber-criminals ability to exploit known weaknesses in passwords, the two-factor authentication is not always full-proof. An example of a stronger multi-factor authentication process would be where the user has to input their password and then has to provide biometric sign-in solution, such as scanning their fingerprint, voice recognition, or facial recognition. In this second example, the multi-factor authentication creates a more robust defense against unauthorized access due to the uniqueness of the biometric authentication.

Part two in this series also references easy ways for tax professionals to download authentication apps offered through Google Play and the Apple Store. Use a search engine for “Authentication apps” to learn more. The guidance reminds tax professionals to incorporate multi-factor authentication with all accounts, including cloud storage providers, as well as social media outlets.

Lastly, tax professionals should take advantage of the additional resources the IRS provides related to security recommendations and questions in Publication 4557 Safeguarding Taxpayer Data (PDF), as well as the National Institute of Standards and Technology (NIST’s) Small Business Information Security: The Fundamentals (PDF).

VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us

Important Return-to-Work Guidance Under the Families First Coronavirus Response Act: What Employees and Employers Need to Know

Last week, we reported on the U.S. Department of Labor’s (DOL) changes to streamline optional-use forms for workers to use when requesting FMLA leave. Most recently, on July 20^th of this week, the DOL has published additional guidance for workers and employers regarding the Fair Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), and the Families First Coronavirus Response Act (FFCRA) and their affect in the workplace during the coronavirus.

The Wage and Hour Division (WHD) published updated guidance and materials for both employees and employers as well as answers to commonly asked questions about paid sick and expanded family and medical leave under the FFCRA. The FCRA provides emergency paid sick leave, and paid family leave under the FMLA for certain workers affected by COVID-19. Employers of fewer than 500 employees are required to grant up to 80 hours of paid six leave to workers exposed to COVID-19, required to quarantine, or unable to work or telework because of the closure of their child’s school or place of care.

The recently issued guidance states that if an employee was eligible for extended FMLA leave, and used four weeks of leave before being furloughed, they are still entitled upon their return to work to the remaining eight weeks of leave. That means that the period of time the employee was on furlough does not count against their FFCRA/FMLA leave entitlement.

The guidance provides that while employees returning to work after paid FFCRA leave are entitled to be restored to their same or equivalent position, an employer can bring the employee back to work in a position requiring less interaction with co-workers, or require them to telework.

Another highlight from the updated guidance is the fact that employers shall not discriminate or retaliate against employees for their use of FFCRA leave. Employers may not use the anticipated need for FFCRA leave upon reopening as a negative factor in an employment decision.

You can access the following materials using the links below:

• Fact sheet for employees
• Fact sheet for employers
• Questions and answers about paid sick and expanded family and medical leave
• Guidance poster for federal workers
• Guidance poster for all other employees
• Questions and answers about for employers regarding FFCRA notice, and
• Graphic outlining quick benefits tips to determine how much paid leave the FFCRA allows workers to take.

As more employees are returning to the workforce, it is critical that both workers and employers understand common issues they will be faced with when responding to COVID-19, its effects on wages and hours worked under the FLSA, as well as job-protected leave under the FMLA.

With more guidance on the way, it is important for employers to seek counsel given the complexity of these federal regulations and their impact on state and local laws. Please call Vandenack Weaver to speak with an attorney at 402-504-1300 or info@vwattys.com for guidance.

VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us

U.S. DEPARTMENT OF LABOR ANNOUNCES ENHANCEMENTS TO ASSIST EMPLOYEES, EMPLOYERS AND OTHER STAKEHOLDERS IN USE OF FAMILY AND MEDICAL LEAVE

Today the U.S. Department of Labor’s Wage and Hour Division (WHD) announced significant steps to streamline optional-use forms that workers can use to request, and employers can use to coordinate leave under the Family Medical Leave Act (FMLA). Cheryl Stanton, the WHD administrator, stated that “The improvements we announced today reflect the ongoing commitment of the U.S. Department of Labor’s Wage and Hour Division to support workers’ families and those who employ them at a time when they need it most.”

The WHD’s new forms include more questions that users can answer by checking a response box and now feature an electronic signature to reduce physical contact and help mitigate the risk of COVID-19 transmission. These revisions were influenced by substantial public input and will hopefully reduce the time users spend providing information, as well as improve communications between leave applicants and administrators.

In general, the FMLA entitles eligible employees of covered employers to take up to a total of 12 workweeks of job-protected, unpaid leave, or to substitute accrued paid leave, during a 12-month period for the following reasons:

• The birth of the employee’s child;
• The placement of a child with the employee for adoption or foster care;
• To care for the newborn or newly-placed child;
• To care for the employee’s spouse, parent, son, or daughter with a serious health condition;
• When the employee is unable to work due to the employee’s own serious health condition; or
• For any qualifying exigency arising out of the fact that the employee’s spouse, son, daughter, or parent is a military member on covered activity duty.

The new Families Care First Coronavirus Response Act (FFCRA), which ensures that workers are not forced to choose between their paychecks and taking appropriate precautions by way of health and safety measures, includes temporary amendments to the FMLA. This expanded family and medical leave entitlement became effective April 1, 2020 and will expire on December 31, 2020.

The Department of Labor (DOL) is also seeking information from the public regarding the regulations implementing the FMLA. This Request for Information (RFI) will enable the DOL to gather information concerning the effectiveness of the current regulations. The current RFI does not include comment on the FMLA protections under the FCRA. Current information about the FCRA can be accessed here. If interested, you can submit comments on the Federal eRulemaking Portal. All comment submissions must include the agency name and Regulatory Information Number (RIN 1235-AA30) for this RFI.

VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us

 

State of Nebraska Expands Options for Grants to Small Businesses Affected by COVID-19 Pandemic – New Deadline of July 17

Nebraska has re-opened and expanded its program by which certain small businesses will be eligible for grants from the state to help address the impact of the COVID-19 pandemic.  Businesses can begin applying immediately with a deadline of July 17, 2020.

Most businesses with 75 or fewer employees will be eligible.  The number of employees is based on head count and not full-time equivalents.  The initial program was limited to businesses with at least five and no more than 49 employees, so businesses with fewer than five and from 50 to 75 employees should reexamine the option of applying. Certain classes of businesses are excluded (see below). Applicants must be able to demonstrate a negative economic impact due to the pandemic.

Sole proprietors (one employee) are eligible so long as the business has withheld taxes for said employee as of March 13, 2020.

Funds can be used for working capital and for operating expenses not otherwise covered by insurance or other assistance programs.

Businesses excluded include:

• Mining
• Utilities
• Finance and Insurance
• Management of businesses
• Education
• Public administration
• Lobbying
• Businesses delinquent on Nebraska taxes
• Businesses debarred or suspended from federal programs

The grants will not be awarded competitively but will be awarded to eligible applicants on a first-come first-serve basis.  It is anticipated that each eligible business will receive a minimum of $12,000.

The website for the program is here.  Frequently asked questions are here.  The application process can be begun here.

Please call your Vandenack Weaver attorney at 402-504-1300 or info@vwattys.com for more information.

© 2020 Vandenack Weaver LLC
For more information, Contact Us

COVID-19 and Contract Enforcement: Illinois Bankruptcy Court holds that Force Majeure Provisions Excuse some Obligations Under Contract

One of the legal questions that has risen out of the COVID-19 pandemic is what obligations do parties of a contract have when one of the parties is unable to perform under the terms of the contract due to COVID-19?  Many contracts typically include a force majeure provision, or a clause that essentially frees both parties from the liabilities or obligations of the contract when an extraordinary event or circumstance beyond either parties’ control occurs.  Due to the rapid and widespread health and economic impact of COVID-19, such force majeure provisions are becoming a contested legal area as parties grapple with the unforeseen consequences of the pandemic.

On June 3^rd, the United States Bankruptcy Court for the Northern District of Illinois interpreted a force majeure provision in the case of In re Hitz Restaurant Group.  This case is one of the first applications of a force majeure provision due to COVID-19.  The Hitz Restaurant Group filed for bankruptcy protection under Chapter 11 and argued that an Illinois state executive order that restricted dine-in restaurant operations due to COVID-19 excused the Group from being required to pay post-bankruptcy petition rents until their lease is assumed or rejected.  The Group’s landlord argued that the force majeure provision did not apply.

The contested force majeure clause read:

“Landlord and Tenant shall each be excused from performing its obligations or undertakings provided in this Lease, in the event, but only so long as the performance of any of its obligations are prevented or delayed, retarded or hindered by . . . laws, governmental action or inaction, orders of government . . . Lack of money shall not be grounds for Force Majeure.”

The landlord argued that the force majeure clause should not apply for three primary reasons: (1) the banking and mailing system was still functioning so the debtor could still transmit payment to the landlord, (2) the debtor’s inability to pay was due to a “lack of money” and therefore not grounds for force majeure, and (3) the debtor chose to forgo applying for a loan under the SBA Paycheck Protection Program voluntarily waived its ability to meet rent obligations.

The Bankruptcy Court rejected all three arguments. The Court cited the first argument regarding the functioning mailing system as being unresponsive to the actual reason the debtor could not meet its rent payments.  The second argument regarding the “lack of money” clause was rejected by the Court, again, for not being the debtor’s argument for the enforcement of the provision; it was not “lack of money” that the debtor couldn’t pay the landlord, but the executive order shutting down all “on-premises” dining as the proximate cause of the debtors inability to generate revenue and pay rent.  Finally, the Court rejected the landlord’s third argument as there was no language in the force majeure provision to order or borrow money to counteract governmental action or orders, just that such actions or orders impact the landlord and tenant’s abilities to perform under the lease agreement.

The Court concluded that the debtor was not completely off the hook, however, for the missed payments and could have taken actions to protect the landlord’s interest in the leasehold given that only 75% of the square footage of the restaurant was unusable due to the executive order and the remaining 25% of the kitchen could have been used for take-out.  Thus, the Court required 25% of the post-bankruptcy petition rents.  The full post-bankruptcy petition rent was not owed due to the Court upholding that COVID-19 was cause to enact the force majeure provision of the lease agreement.   This ruling is likely the first in a line of force majeure provision cases in light of COVID-19.

VW Contributor: Ryan Coufal
© 2020 Vandenack Weaver LLC
For more information, Contact Us

 

Regulatory and Privacy Concerns Related to Mental Health and Wellness Apps During COVID-19 and Beyond

It’s no surprise that in the last few years startups have been keen to cash in on the burgeoning consumer demand for mental health and wellness apps, but what are the regulatory and privacy concerns that users should be aware of? Marketplace Tech recently came out with a podcast highlighting how COVID-19 has opened the flood gates to consumer demand for remote online therapy. Mobile app analytics companies report that downloads of mental health and wellness apps are up almost 30% since COVID-19. However, what are the privacy and regulatory concerns related to the use of these apps? There are thousands of mental health apps for consumers to download. For example, there are apps where you can engage in therapy with a robot or download an app that can help monitor your side effects to particular medications. How should these apps be regulated? Should we care that these apps are effective before they’re allowed to be put out on the market? And what privacy rights have users relinquished by using these wellness apps?

Many apps related to health and wellness do not require pre-market review because they are not categorized as “medical devices,” as determined by the Food and Drug Administration (FDA). Rather, they are categorized as “general wellness products” that are seen as low-risk products that promote a healthy lifestyle are not deemed to be a “medical device.” However, the Federal Trade Commission (FTC) has recently issued warning letters to apps that made false advertising claims related to their products’ effects on preventing or treating COVID-19. Section 5 of the FTC vests in the FTC the authority to ensure that business practices are free from unfairness, deception, unsubstantiated claims, false advertising, and anti-competitive activities. Under the FTC, any and all health-related claims an app makes must be substantiated by “competence and reliable scientific evidence.” Testimonies from consumers who have used the app will not qualify as a substantiated claim. Recently, the FTC issued forty-five letters to companies making COVID-19 prevention, treatment, or cure claims. For example, Musical Medicine received a letter requiring that it immediately cease making claims that its use of music at a specific frequency range would help consumers resist the Coronavirus, while boosting consumers’ immune systems. All general wellness apps, as well as wellness products, must substantiate their claims. Testimonies and user ratings will not meet the “competent and reliable scientific evidence” standard.

In addition to the general efficacy of these health and wellness apps, the privacy rights consumers give up when they use these apps are equally concerning. A study published in March of 2019 in the British Medical Journal revealed that nineteen out of twenty-four of the most popular health apps in the Google Play marketplace transmitted user data to at least one third-party recipient. Woebot’s privacy policy, the app mentioned above where an individual can engage in therapy with a robot, admits that in addition to the information provided by a consumer, it also may obtain information about that consumer from third-party services, including social networking sites. Woebot also discloses that they may use Google Analytics and other service providers to collect information regarding visitor behavior and visitor demographics on the app. While the app confirms it does not sell consumers’ personal information to third parties, absent special circumstances, it does acknowledge that users who access Woebot through Facebook Messenger are subject to Facebook’s privacy policy too.

Some apps that collect personal information from users and sell it to third parties include this disclosure in their Privacy Policies. However, such disclosures are usually written in size eight font, buried amidst paragraphs upon paragraphs, written in jargon that the average user would not understand. Apps also need to consider whether this type of disclosure will hold up against the California Consumer Privacy Act (CCPA), which goes into effect July 1. Under the CCPA, apps that interact with California residents must clearly disclose in their privacy policy the fact that they transfer consumers’ data to third parties, and that the purpose of this transfer is for marketing purposes. Below is an example of Amazon’s explicit provision related to third-party advertisers, from Amazon’s Privacy Notice.

” Third-Party Advertisers and Links to Other Websites: Amazon Services may include third-party advertising and links to other websites and apps. Third-party advertising partners may collect information about you when you interact with their content, advertising, and services. For more information about third-party advertising at Amazon, including interest-based ads, please read our Interest-Based Ads policy. To adjust your advertising preferences, please go to the Advertising Preferences page.”

Users should question the extent to which the use of certain health and wellness apps is worth the trade off in which they give up their personal, and sometimes even sensitive health information, to marketing and pharmaceutical companies. Moreover, the regulations under the Health Insurance Portability and Accountability (HIPAA) that require patient-doctor confidentiality do not extend to general health and wellness apps. This is even more concerning because if an insurance company, for example, pays for data from an app developer, the insurance company could deduce whether a user is eligible for insurance or poses too great of a risk depending on the amount of personal and sensitive information a user discloses. The bottom line is that individuals who use certain health and wellness apps should think twice before disclosing their medical and mental information. And, at the very least, it is a best practice for individuals to comb through an apps’ privacy policy to ensure their personal information is not sold to third parties.

VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us