New Jersey’s Revised Uniform Limited Liability Company Act – What all owners of New Jersey LLCs Need to Know
What is the New Jersey’s Revised Uniform Limited Liability Company Act?
The Revised Uniform Limited Liability Company Act (“RULLCA”) replaces and expands New Jersey’s Uniform Limited Liability Company Act (“NJ ULLCA”) which was originally put in place to govern limited liability companies in January of 1994. RULLCA was officially enacted on March 18, 2013, and, at least for the next 11 months, applies only to LLCs formed after that date. After March 1, 2014, the RULLCA will apply to all LLCs regardless of the date of formation.
How will the RULLCA affect your LLC?
The following is a brief summary of the most significant changes to the statute that may affect your LLC:
1. Fiduciary Duties
Under the outgoing NJ ULLCA, LLC members owe fiduciary duties to other members. (These are generally the duty of loyalty and the duty of care.) The duty of loyalty often involves avoiding conflicts of interest, however, the members could waive the fiduciary duty in the operating agreement. This framework allows many people to participate in multiple businesses outside an LLC even when those other activities might conflict with the LLC’s business.
RULLCA no longer permits the members to agree to waive certain rights, including fiduciary and other rights that they owe to each other, like the duty of good faith and fair dealing. While this may not have significant impact on the operation of a company in the ordinary course, in disputes between members involving activities outside of the company, this can have a dramatic effect and provides an aggrieved member with significantly improved rights.
Under the RULLCA, the default rule on distributions is that all profit available for distribution will be made to the members on a ‘per capita” distribution, meaning equal shares for each member, unless otherwise agreed to in the operating agreement. This change means that any LLCs that do not have an operating agreement and that have been distributing profit other than on an “equal share” basis, will be required to do so.
Under the NJ ULLCA, upon disassociation a member, absent a contrary provision in the operating agreement, is entitled to be paid the fair value of his or her interest in the company, which can be a financial stress on a business that might prefer to deploy its capital for growth. Under the RUCLLA, a “resigning” member is no longer automatically entitled to receive fair value; instead that person becomes dissociated as a member and assumes the rights of economic interest holder. This change means that the member loses the right to participate in the governance of the company (as well as the potential liability associated with the operation of the company), but retains the rights to receive distributions of profit and of the company’s assets upon liquidation or dissolution. Absent a provision in the operating agreement that requires the sale of the member’s interest upon disassociation, a member will neither be entitled to be bought out nor will the company have the right (or obligation) to do so (note that this can have the effect of enabling a member to cease participating in the business while continuing to profit from it, an outcome typically not desired by the remaining members).
4. Deadlock and Oppression
Under the NJ ULLCA, there are very few rights afforded to a minority member that is oppressed by the majority or, similarly, to resolve a deadlock between members. As such, this issue is typically addressed in the operating agreement to ensure that the members have remedies in the event of oppression or deadlock. The RULLCA provides express remedies for oppressed minority members: the right to seek the dissolution of the LLC or the appointment of a custodian. These remedies give the oppressed minority substantial leverage to obtain a buyout or other relief relating to the operation of the company that it previously did not expressly have under the NJ ULLCA.
While it is good practice to have your LLC operating agreement reviewed every few years to ensure that it is consistent with the intentions and practices of the members, the changes effectuated by the RULLCA make it critical that every company’s operating agreement be updated to make sure that it consistent with the revisions to the law.
New Law Significantly Limits Viability of Certain Shareholder Derivative Suits in New Jersey
On April 2nd, New Jersey Governor Chris Christie signed bill A-3123 into law and in doing so, significantly revised the law in New Jersey regarding shareholder derivative proceedings under N.J.S.A. §14A:3-6, etseq. The stated purpose of the new law is to temper derivative lawsuits brought by shareholders against a corporation, its directors or majority shareholders and to make efforts to curb excessive and unnecessary litigation costs on New Jersey corporations. Beyond this succinct goal, an ancillary intent of the law is to encourage corporations to continue to incorporate in New Jersey by making the state more corporate friendly.
Notable changes include the following:
As a precondition to suit, a shareholder must make a written demand to the corporation to take suitable corrective action and allow the corporation 90 days to investigate and respond to the demand unless “irreparable injury to the corporation would result by waiting.” This 90 day waiting period is a akin to a tort claims notice and is intended to give corporations adequate time to remedy potentially minor issues before dealing with the costs and expense of litigation.
In the event that a plaintiff challenges a company’s actions in suit after the demands made in the 90 day letter are rejected, he/she/it must allege with particularity that the decision was improper and show any rejection was in bad faith or not made by “independent directors.” A status as a litigant does not divest a director of independence and unless the independence of the directors is challenged successfully, the plaintiff must show bad faith on the part of the entity.
The law increases the interest requirement that a plaintiff must hold an entity to avoid the posting of security against the possible award of attorney’s fees and costs. If litigant a holds less than 5% of the outstanding shares of any class or series of the corporation, unless the shares have a market value in excess of $250,000, the corporation can require the plaintiff to give security for the reasonable expenses, including attorney’s fees. This will hopefully dissuade minority shareholders from filing suits with questionable merit.
The law requires that a plaintiff remain a shareholder throughout any initiated litigation so that it can adequately and fairly represent the corporation’s interests. Prior to this change, the shareholder merely had to be a shareholder at the time suit was filed.
The law applies to both derivative proceedings brought on behalf of single shareholders as well as class actions.
A corporation can move for dismissal of a suit, after a good faith investigation, and assert that the derivative proceeding is not in the best interest of the corporation on the grounds that its board is independent and acted in good faith. Such a motion will be granted unless the court finds otherwise or the shareholders rebut the corporation’s supporting facts.
The court must stay discovery until ruling on the motion to dismiss, but can order limited discovery if the plaintiff shows a lack of independence or good faith.
The court must approve any settlement or dismissal.
The court can award expenses to the plaintiff if the proceedings result in a substantial benefit to the corporation, or to the defendant if the case was commenced or maintained without reasonable diligence or reasonable cause or for an improper purpose.
For these new provisions to apply, existing corporations must amend their certificate of incorporation and explicitly adopt these provisions.
For more information about this new law and how it may impact your business please contact Olender Feldman LLP, or review our additional business legal resources here.
What is the best way to protect against employee lawsuits?
We recently received an inquiry about the best ways for businesses to protect against employee lawsuits. We’ve found that most employee lawsuits occur due to low morale, unaddressed personality conflicts, disparate productivity between employees and/or failure to give effective performance reviews. Of course, it is always important to have effective, well-drafted legal documents and policies that clearly delineate employee rights and obligations from the outset, which will help your business win lawsuits . However, the easiest way to protect your business from lawsuits is by preventing them in the first place. This means ensuring a good working environment, keeping employees happy, and giving employees recourse to deal with the issues that come up in the workplace, ideally through a dedicated and effective HR representative.
OlenderFeldman LLP Data Protection and Privacy lawyers Michael Feldman and Aaron Messing will attend the International Association of Privacy Professionals (IAPP) Global Privacy Summit, to be held March 6-8 in Washington, D.C.
The event will feature thousands of privacy industry professionals participating in dozens of educational sessions. If you would like to meetup with Michael or Aaron, please send them an email or contact us using the contact form. We hope to see you there.
OlenderFeldman LLP Quoted in 2013 Data Privacy, Information Security and Cyber Insurance Trends ReportMonday, January 28th, 2013
In honor of Data Privacy Day, Cyber Data Risk Managers asked top industry experts their thoughts on what they think, feel and should happen in 2013 as it pertains to Data Privacy, Information Security and Cyber Insurance and what steps can be taken to mitigate risk.
Cyber Data Risk Managers asked many top privacy and data security experts, including Dr. Larry Ponemon, Rick Kam, Richard Santalesa and Bruce Schneier, their thoughts on what to expect in 2013. OlenderFeldman LLP’s information privacy lawyer Aaron Messing contributed the following quote:
2012 was notable for several high-profile breaches of major companies, including LinkedIn, Yahoo!, and Zappos, among others. As businesses move more confidential and sensitive data to the cloud (especially in the aftermath of Hurricane Sandy’s devastation and the havoc it wreaked on businesses with locally-based servers), data security obligations are of paramount importance. Businesses should expect more notable data breaches, more class-action lawsuits, and federal legislation concerning data breach obligations in 2013.
To protect themselves, business should: (i) require that cloud providers and other third-party vendors provide them with a written information security plan containing appropriate administrative, technical and physical security measures to safeguard their valuable information; and (ii) ensure compliance with those obligations by drafting appropriate contractual provisions that delineate indemnification and data breach remediation obligations, among others. In particular, when using smaller providers, businesses should consider requiring that the providers be insured, so that they will be able to satisfy their indemnification and remediation obligations in the event of a breach.
Give the 2013 Data Privacy, Information Security and Cyber Insurance Trends report a read.
We often receive questions about how to choose an attorney or law firm that is suitable for your particular issue or business. Here are some considerations to keep in mind.
There are a number of consideration that go into vetting an appropriate attorney. The first, and arguably most important, is ensuring that your attorney understands business relationships and how companies function. While many lawyers are technically proficient in the law, it is important to ensure that your attorney understands, and craft legal solutions specific to, your business and industry. Your attorney should be practical and be able to develop solutions that not only address your requirements, but also those with whom you wish to do business with or interact with. In the negotiating process, many attorneys make unrealistic demands based on idealistic desired outcomes, or are unwilling to consider strategic compromises in order to make sure an agreement is actually reached. This ultimately works against your ultimate interests, as the job of your attorney is to make sure that your goals are accomplished with a minimum of time, effort and cost.
You should also ensure that your attorney has subject matter experience, both in the industry and specific to the work to be performed. This enables the attorney to work efficiently, and minimize cost and time. This is an important consideration that is often overlooked and bears emphasis. Hourly rates are actually less important than the ability to execute work efficiently. If an attorney is learning “on the go”, they will ultimately end up being more expensive than a lawyer who has experience in the industry and subject matter, even if the inexperienced lawyer’s hourly rates are cheaper.
Finally, you should ensure that the attorney is accessible, and that if work is to be delegated, that your attorney retains constant oversight of subordinates, rather than just handing off the work.
The Federal Trade Commission has proposed revisions that will bring the Children’s Online Privacy Protection Act in line with 21st century technology, largely targeting social networks and online advertisers.
By Alice Cheng
Based on comments solicited last year, the Federal Trade Commission (FTC) has posted proposed revisions to the Children’s Online Privacy Protection Act (COPPA). The Act, which has not been updated since its inception in 1998, may be extended to include social networks and online advertisers.
According to the current regulations, COPPA applies only to website operators who know or have reason to know that users are under the age of 13, requiring the sites to obtain parental consent before any collection of data. In the past decade, an increased ability to harvest consumer information has necessitated revisions. In a FTC staff report conducted earlier this year, the Commission addressed a growing need for app stores and app developers to provide more information regarding their data collection practices to parents. With the proposed changes posted today, the FTC plans to update COPPA to respond to modern concerns surrounding social networking sites, advertising networks, and applications. Under the proposed changes, such third parties may be held responsible for unlawful data collection practices when they know or have reason to know that they are connecting to children’s websites. Mixed audience websites may have to screen all visitors in order for COPPA regulations to apply to users under 13 years of age. Additionally, restrictions on advertising based on children’s online activity may be tightened.
The FTC will be accepting public comment to the proposed rules via the FTC website. Comments will be accepted until September 10, 2012.
Several House lawmakers have sent letters to nine major data broker firms, seeking transparency on data practices.
By Alice Cheng
Last week, eight House members, including Congressional Bi-Partisan Privacy Caucus chairmen Ed Markey (D-Mass.) and Joe Barton (R-Tex.), sent letters to nine major data broker firms, asking for information on how they collect, assemble, maintain, and sell consumer information to third parties.
The letter references a recent New York Times article profiling data broker Acxiom, which may have spurred the lawmakers’ decision to target the firms. Data brokers are large firms that aggregate information about hundreds of millions of consumers, selling them to third parties for marketing, advertising, and other purposes. Oftentimes, profiles of consumers are created to reflect spending habits, political affiliation, and other behavioral information. As the article explains, the issue with these activities is that they are largely unregulated, largely unknown to the general public, and are often be difficult to opt out of.
Privacy advocates, lawmakers, and often the Federal Trade Commission have made continued moves towards increased transparency of the activities of data brokers. A statement explains that, in sending the letter to the nine firms, the lawmakers in the Bi-Partisan Privacy Caucus seek to obtain information on the brokers relating to “privacy, transparency and consumer notification, including as they relate to children and teens.”
Survey finds that only 61.3% of apps have privacy policies, reflecting perceived need for increased app privacy regulations.
By Alice Cheng
The FPF credits the consumer privacy efforts of various groups, including the Federal Trade Commission and the California Attorney General. The FTC has made continuous efforts to develop companies develop best consumer privacy practices, and has been involved in battling privacy violations. In February, California Attorney General Kamala Harris persuaded six major companies with mobile platforms (including Apple, Microsoft, and Google) to ensure that app developers include privacy policies that comply with the California Online Privacy Protection Act. More recently, Harris also announced the formation of the Privacy Enforcement and Protection Unit to oversee privacy issues and to ensure that companies are in compliance with the state’s privacy laws.
National Telecommunications and Information Administration (NTIA) Holds Public Meeting on Mobile PrivacyFriday, July 13th, 2012
The NTIA’s first multistakeholder meeting on mobile privacy focused on ways to improve the transparency of the privacy practices of mobile apps.
By Alice Cheng
On Thursday, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) held a public meeting in Washington, D.C., to discuss mobile privacy. After taking public comment in March on consumer data privacy, the NTIA decided to address mobile app transparency in its first privacy multistakeholder process. The discussion is part of the Obama administration’s push for companies to abide by a consumer privacy “bill of rights,” and is an issue that has been recently tackled by the Federal Communications Commission as well.
As smartphone use continues to grow rapidly, concerns about mobile app access to consumer data have also grown. Through the devices, mobile apps may be able to access sensitive personal information regarding users, such as geographic location. Additionally, privacy advocates have pushed fervently for regulation on digital advertising. The prevalence of digital advertising on apps is not only a nuisance, but can at times be downright aggressive (i.e., ads pushed onto notification bars and phone desktops).
During the meeting, audience members were asked how greater mobile app transparency could be achieved. Suggestions ranged from software that notified users of what information was shared, to the use of icons indicating privacy concepts in lieu of lengthy privacy policies. Others proposed that broader fair information practices should be addressed, as transparency itself would not be helpful without regulations.
While the NTIA’s next steps are unclear, keep in mind that privacy policies should still be as clear as possible. Effective privacy policies let users know how and for what purpose information is collected and used. Privacy lawyers and advocates generally recommend an opt-in approach is where possible, as it allows users to choose what information they would like to share.
Pending approval by Governor Christie, New Jersey will adopt a new set of laws pertaining to the formation and operation of limited liability companies.
By Joseph Olender
In 2011, the New Jersey Assembly proposed Bill No. 1543, which would change the way that limited liability companies (LLCs) in the state are created and operate. The bill was created in an attempt to fill gaps in New Jersey law regarding the operation of LLCs, as well as to update existing law that had become outdated.
The bill passed unanimously through the Assembly on May 24th and the Senate on June 21st, needs only the signature of Governor Christie to become law. This bill, a version of the Revised Uniform Limited Liability Company Act (RULLCA), effectively repeals the New Jersey Limited Liability Company Act (NJLLCA), and replaces it with a modern regulatory scheme for the creation and operation of limited liability companies in New Jersey.
The RULLCA, as developed by the National Conference of Commissioners on Uniform State Laws (NCCUSL), is a significant advancement and common sense approach to the governing of limited liability companies. New Jersey is one of many states to propose a bill which would adopt a version of the RULLCA. The bill would significantly impact the way LLCs do business, and assemblymen hope that it will boost job growth potential in the state. The bill is designed to change some aspects of the law currently in place via the NJLLCA, and also deal with areas of the law that New Jersey has not yet covered.
The bill would mandate some significant changes including:
- Perpetual Duration. Eliminates the default rule that LLCs have a limited life. As is already the case with New Jersey corporations, New Jersey LLCs would have perpetual duration.
- Permissible form of operating agreement. Permits operating agreements to be oral, written or implied based on the way the LLC is operated.
- Distributions. Unless otherwise agreed upon, distributions are made to members on a per capita basis.
- Statements of authority. It allows an LLC to file statement s of authority with the Division of Revenue in the Department of the Treasury, authorizing certain individuals or entities to bind the LLC.
- Disassociation of a member. This would eliminate a major pitfall for the unwary practitioner forming an LLC in New Jersey. A resigning owner is no longer entitled to receive the fair value of his or her LLC interest as of the date of resignation. Rather, upon, resignation, the resigning member is disassociated as a member and only has the rights of an economic interest holder.
- Remedies for deadlock and oppression. It extends many of the traditional remedies available at common law or pursuant to statute to LLCs. It permits a member to seek a court order dissolving the company on the grounds that the managers or those members in control of the company have acted or are acting in manner that is oppressive and was, is, or will be directly harmful to the member. It also permits a less drastic form to resolve deadlock in the form of an appointed custodian.
If signed by Governor Christie the bill will become effective after 180 days and will govern all LLCs formed after its effective date. Following the first day of the 18th month following the bill’s enactment, it will apply to all New Jersey LLCs.
If your password looks something like “123456,” you might want to change it.
By Alice Cheng
Late Wednesday evening, hackers successfully breached Yahoo! security published a list of unencrypted emails and passwords. The list exposed the login information of more than 450,000 Yahoo! users. The hackers, who call themselves the D33D Company, explained that they obtained the passwords by using an SQL injection vulnerability—a technique that is often used to make online databases cough up information. The familiar method has been employed in other high-profile hacks, including of Sony and, more recently, LinkedIn.
However, unlike other malicious attacks, the D33D hackers claim that they only had good intentions: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”
The attempted wake-up call is apparently much needed, though often ignored. An analysis of the exposed Yahoo! passwords revealed that a large number were incredibly weak— popular passwords in the set ranged from sequential numbers to being merely “password.”
In a statement, Yahoo! apologized and stated that notifications will be sent out to all affected users. The company also urged users to change their passwords regularly.
If you are a Yahoo! user, you may want to change your account password, as well as any accounts with similar login credentials. It will also be well worth your time to heed to the wake-up call and incorporate better password practices. Use a different password for each site, and create long passwords that include a mix of upper- and lower- case letters, numbers, and symbols. To help keep things simple, password management software (such as LastPass and KeePass) is also available to help keep track of the complex passwords you create.
Data Breach Prevention and Remediation: How to Protect Your Company from Hackers and Internal Threats and Ensure Your Customer’s PrivacyThursday, July 12th, 2012
All companies, big and small, are at risk for data breaches. Most companies have legal obligations with respect to the integrity and confidentiality of certain information in its possession. Information privacy and security is essential to protect your business, safeguard your customers’ privacy, and secure your company’s vital information.
Recently, hackers gained access to Yahoo’s databases, exposing over 450,000 usernames and passwords to Yahoo, Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com accounts. This breach comes on the heels of a breach of over 6.5 million LinkedIn user passwords. With these embarrassing breaches, and the widespread revelation of their inadequate information security practices, Yahoo and LinkedIn were added to the rapidly growing list of large companies who have suffered massive data breaches in recent years.
While breaches at large companies like Yahoo and LinkedIn make the headlines, small businesses are equally at risk, and must take appropriate measures to keep their information safe. Aaron Messing, an information privacy attorney with OlenderFeldman LLP, notes that most businesses networks are accessible from any computer in the world and, therefore, potentially vulnerable to threats from individuals who do not require physical access to it.A recent report by Verizon found that nearly three-quarters of breaches in the last year involved small businesses. In fact, small business owners may be the most vulnerable to data breaches, as they are able to devote the least amount of resources to information security and privacy measures. Studies have found that the average cost of small business breaches is $194 per record breached, a figure that includes various expenses such as detecting and reporting the breach, notifying and assisting affected customers, and reimbursing customers for actual losses. Notably, these expenses did not include the cost of potential lawsuits, public embarrassment, and loss of customer goodwill, which are common consequences of weak information security and poorly managed data breaches. For a large business, a data breach might be painful. For a small business, it can be a death sentence.
Proactive security and privacy planning is always better than reactive measures. “While there is no sure-fire way to completely avoid the risk of data breaches,” says Aaron Messing, an information privacy lawyer with OlenderFeldman LLP, “steps can be taken, both before and after a breach, to minimize risk and expense.” To preserve confidential communications and to obtain advice on possible legal issues related to your company, consulting with privacy attorneys about your specific requirements is recommended. OlenderFeldman recommends the following general principles as a first step towards securing your business.
Second, although external breaches from hackers gain the most publicity, the vast majority of data breaches are internal. Accordingly, physical security is one of the most important concerns for small businesses. Informal or non-existent business attitudes and practices with regards to security often create temptations and a relatively safe environment for an opportunist within to gain improper or unauthorized access to your company’s sensitive information. Mitigating this risk requires limiting access to company resources on a need to know/access basis and restricting access to those who do not need the access. Theft or damage of the system hardware or paper files presents a great risk of business interruption and loss of confidential or personal information. Similarly, unauthorized access, use, or disclosure, whether intentional or unintentional, puts individuals at risk for identity theft, which may cause monetary liability and reputational damage to your company.
Third, be vigilant about protecting your information. Even if your company develops a secure network, failure to properly monitor logs and processes or weak auditing allows new vulnerabilities and unauthorized use to evolve and proliferate. As a result, your company may not realize that a serious loss had occurred or was ongoing. Develop a mobile device policy to minimize the security and privacy risks to your company. Ensure that your technology resources (such as photocopy machines, scanners, printers, laptops and smartphones) are securely erased before it is otherwise recycled or disposed. Most business owners are not aware that technology resources generally store and retain copies of documents that have been printed, scanned, faxed, and emailed on their internal hard drives. For example, when a document is photocopied, the copier’s hard drive often keeps an image of that document. Thus, anyone with possession of that photocopier (i.e., when it is sold or returned) can obtain copies of all documents that were copied or scanned on the machine. This compilation of documents and potentially sensitive information poses serious threats of identity theft.
Finally, in the event of a breach, consult a privacy lawyer to determine your obligations. After a breach has been discovered, there should be a forensic investigation to determine what information was accessed and whether that information is still accessible to unauthorized users. Your business may be legally obligated to notify customers or the authorities of the breach. Currently, there are no federal laws regulating notification, but 46 states and the District of Columbia have enacted data breach notification laws, which mandate various breach reporting times, and to various authorities.
Employee Who Read and Printed Coworker’s Emails Found Not Guilty of Violating the Stored Communications ActThursday, July 5th, 2012
A New Jersey court recently held that a teacher who accessed and printed a co-worker’s personal email after the coworker left the computer without signing out of her account was not guilty of a crime.
By Alice Cheng
In Marcus v. Rogers, 2012 WL 2428046 (N.J.Super.A.D. June 28, 2012), a New Jersey court held that a defendant was not in violation of any laws when he snooped through the emails of a coworker who had forgotten to sign out of a shared computer.
The defendant, a teacher who was involved in a salary dispute with the school district he worked for, sat down to use a computer in the school’s computer room when he accidentally bumped the mouse of the computer next to him. The screen of the adjacent computer came alive to show the Yahoo! email inbox of a member of the education association he was in dispute with, which included two emails that clearly mentioned him. He then clicked on the emails, printed them out, and used them at a meeting with the education association as evidence that they had not bargained in good faith.
The individuals who were copied on the email conversations filed suit, claiming that the defendant had violated New Jersey’s version of the Stored Communications Act (N.J.S.A. 2A:156A-27), which reads in pertinent part:
A person is guilty . . . if he (1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or [an] electronic communication while that communication is in electronic storage.
The court found that the defendant did not “knowingly access [the facility] without authorization” as it was the previous user who had logged into the account. The judge then let the jury decide whether or not he “exceed[ed] an authorization to access that facility” when she failed to close her inbox and log out of her account. The jury found that did not, as he had “tacit authorization” to access the account. On appeal, the court affirmed.
While there is no clear answer to the question of whether snooping emails is illegal (as always, it depends), always remember to log out of public computers. Similarly, all mobile devices, such as smartphones or laptops, should be password protected. As for the email snoopers, be forewarned that snooping may nevertheless carry major consequences, if hacking or unauthorized access is found.