PLDW Launches “Powered for Business Success” Information Series

New RI Identity Theft Protection Act Requires Businesses Adopt Cybersecurity Measures

New Law and Regulations Bring Changes for Issuers of Public Debt in RI

Nursing Home Laws Create Extra Challenges – Vigilance is Key to Compliance

Are you Covered by a “Sufficiently Specific” Indemnity Clause?

Quirky Courts & Cases:
Fox News Anchor Harris Faulkner Takes On The Tough Issues,
Like Toy Hamsters

Forming a business enterprise or owning a business comes with challenges and uncertainty. Economic conditions can change overnight and what seemed like the right strategy yesterday, may be wrong tomorrow. On the other hand, the opportunities for business owners can be endless if risks are identified and managed. Within the complexities of risk management are legal matters like business structures, contracts, buy-out options, technology and cybersecurity, and many others.

In a new series to help entrepreneurs and business owners survive and thrive in today’s business environment, PLDW launches its “Powered for Business Success” information series this month. Solving problems before they become disasters is what separates successful companies from those that crash and burn. This series will help prepare those considering business ownership, and those who are already in business, control their destiny by making informed decisions on their path to success. We welcome your comments and questions as we kick off the series with the topic of how best to navigate business formations between friends and family.

When Trust Isn’t Enough: It is not uncommon for friends or family members to form a business. These organizations are shaped in many ways. However, the notion that “we will work it out…” will become the beginning of the end when friendship leads to a business relationship that is not properly documented. Regardless of the reason for joining forces; i.e., to form a large new business, invest in real estate or open an ice cream store, the founding members should always begin the relationship with a carefully crafted binding agreement outlining the scope of the relationship, ownership percentages, control of the enterprise, and how to resolve disputes if the venture does not work out as contemplated.

The agreement should address among other things, “what happens if a third party wants to purchase the business” and “how do we resolve disputes.” These matters should be discussed in detail and memorialized in a binding document executed by the parties when entering into the formation stage of the business. Many individuals tend to overlook or downplay the real possibility of potential conflicts and problems that may arise in the future. Addressing issues such as these when considering starting a business with family or friends will limit risk and uncertainty.

For more information, please contact PLDW Managing Partner Gary R. Pannone, who was named Rhode Island’s 2017 Lawyer of the Year by Best Lawyers for his business law practice, at 401-824-5100 or email

[back to top]

It is not uncommon these days to open the newspaper to reports of businesses fallen victim to cyber attacks. But, while front page news tends to focus on security breaches of companies of the "fortune 500" caliber, cyber attacks waged upon small family and middle market businesses actually occur with greater frequency. In an article published in 2015 by SEC Commissioner Luis A. Aguilar, “The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses," the author notes that the FBI reports that ransomware attacks, standing alone, cost companies around the world more than $1 billion between October 2013 and June 2015. While companies of all sizes have lost money to such schemes, small and medium-sized businesses are believed to be the biggest targets.

In response, the Rhode Island General Assembly adopted the Rhode Island Identity Theft Protection Act of 2015. Effective at the end of July 2016, the law is a consumer protection-based statute, which places new responsibilities upon businesses operating in Rhode Island to protect consumer data and to notify consumers in the event of a security breach. Some of the more critical components of the Act, from the business owner and operator perspectives, are as follows:

  1. The Act now mandates that all businesses, regardless of size or industry, adopt "risk- based" cybersecurity policies and procedures to secure consumer information and to address cybersecurity breaches. The law requires that these procedures - which should be solidified in written policy form- must be bespoke to the business adopting them.  In other words, a businesses’ cybersecurity policy should be one that is appropriate for the size and nature of the business, as well as the information collected and stored. The security policy must also set forth procedures for the safe and timely destruction of consumer personal information, including policies which mandate the retaining of personal information only for such period of time as may be required for the business to provide the goods or services for which it was engaged to provide. 

  2. The Act also provides for expedited notice requirements to consumers in the event of a data breach.  Businesses must now notify consumers of breaches as soon as possible, but no later than 45 days after the breach is discovered. Moreover, businesses who suffer information breaches involving more than 500 Rhode Island residents are required to notify the Office of the Attorney General and major credit card reporting agencies.

  3. The Act has teeth. Rhode Island businesses that suffer a security breach and do not have a security policy in place and/or which fail to meet the notification requirements of the Act, are subject to substantial penalties: $100 per record for "reckless", and $200 per record for "willful" violations. Whereas the predecessor Rhode Island law provided a cap on the amount of damages a business would pay for falling short of statutory requirements in relation to the protection of consumer data ($25,000), the new law removes this finite cap. Accordingly, a substantial data breach, coupled with company noncompliance with the Act could result in business paying substantial penalties. 

The only way to avoid penalties under the Act is to adopt written cybersecurity procedures, and for business to follow the "letter of the law." A business attorney familiar with the Act and the workings of business organizations is likely in the best position to assist in tailoring requisite policies and procedures. If you are interested in learning more about how to protect to business or organization against cyber attacks, contact business lawyer Benjamin L. Rackliffe at 401-824-5100 or email

[back to top]

Rhode Island’s Public Finance Management Board (PFMB), the agency tasked with overseeing public debt in the State, approved amendments to its rules and regulations in response to recent statutory changes that will impact future borrowing by state agencies and local governments. The amendments also broaden PFMB’s oversight and advisory duties to a wider array of public financing instruments and a larger group of governmental entities.

One of the major changes to the statute and regulations is the imposition of a fee, payable to PFMB by the lead underwriter or purchaser of debt of “all state departments, any city or town, any state, municipal and regional authorities, agencies, boards, commissions, public or quasi-public corporations, and fire districts and other special districts.”  Previously, the fee was only required for debt issued by state agencies, while municipal issuers and special districts were exempt from the fee unless they requested the advice or assistance of PFMB.  Additionally, the fee is now required for issuances of taxable debt and re-fundings whereas, prior to the amendments, only the issuance of new money tax-exempt debt would trigger the fee.  The rate of the fee will remain unchanged at one-fortieth of one percent (1/40%) of the issued principal amount of the issue.

Furthermore, the amendments have added potential penalties of up to $250 per day for issuers who fail to submit the requisite report of proposed debt (no later than thirty days prior to the sale) and report of final sale (within thirty days after closing). Issuers are also now required to submit annual reports to PFMB within ninety days after the end of each fiscal year, which describe the issuer’s outstanding debt and use of bond proceeds during that year. 

The amendments also explicitly broaden PFMB’s oversight over additional types of debt instruments—including Grant Anticipation Revenue Vehicles (GARVEE) bonds or notes, various types of conduit debt, and financing leases—and now explicitly authorize supervision over additional governmental entities, such as fire and special districts. Finally, the amendments require PFMB to undertake a biennial debt affordability study and grant the Board authority to issue non-binding advisory opinions.

For more information on these changes or other matters concerning public or 501(c)(3) financing, contact attorney David DiSegna at 401-824-5100 or

[back to top]

In 1987, the Nursing Home Reform Act (“NHRA”) was passed to ensure that residents of nursing homes would receive quality care at all times in order to achieve and maintain their “highest practicable” physical, mental and psychosocial well-being. With the law came significant challenges for nursing home owners to stay in compliance with the NHRA and state regulations regarding resident care, admission and reimbursement. For instance, nursing homes are subject to a certification process, which includes unannounced surveys such as resident interviews at irregular intervals at least once every 15 months. State authorities may also conduct more targeted surveys or investigations in response to complaints against nursing homes. If a survey or investigation reveals that a nursing home is out of compliance, the nursing home may be subject to penalties or other actions depending upon whether a deficiency subjects a resident to immediate jeopardy. The penalties or sanctions may also be different depending upon whether the deficiency that has been discovered is an isolated incident or part of a pattern or a widespread practice.

The complexity of the NHRA can lead to misunderstanding and miscommunications. Ever-changing state and federal regulations can add an extra burden for nursing home owners to stay in compliance. Owners must be vigilant and stay on top of new developments in multiple areas like the admission process, care planning, accommodating resident preferences, Medicare and Medicaid distinctions, reimbursement practices and transfer/discharge procedures. To help nursing home owners through the maze, PLDW Managing Partner Gary R. Pannone and health care attorney Jillian N. Jagling have co-authored an advisory, Challenges for Nursing Homes, that provides details of compliance issues faced by nursing homes. The article also includes an outline of “myth vs. reality” in this complex area of the law.  If you have questions or would like more information, please contact attorneys Pannone or Jagling at 401-824-5100 or email or

[back to top]

In a recent Rhode Island Superior Court case, the court once again addressed the question of whether a contractual indemnity clause was “sufficiently specific” to be enforceable. The case arose out of a situation wherein a nursing home had contracted for a landscaping company to provide ice management and snow removal services for the nursing home’s walkways and parking lots.  With regard to one particular snow storm, the company performed plowing, sanding, shoveling, and ice melting services at the nursing home on the day of the storm. Then, the following day, the landscaper returned to the nursing home, but failed to apply any ice melt. 

Unfortunately, a pedestrian slipped and fell on ice that had formed on the nursing home’s walkway.  The pedestrian filed suit against the nursing home, who then filed an action against the landscaping company based upon the indemnity clause it had in its contract with the company.

The court determined that the harm that was suffered by the pedestrian was a direct result of the landscaper’s failure to provide the ice melt services.  The court further determined that the indemnity clause, which held the landscaper liable for a “breach of any contractual duty,” was sufficiently specific to cover the circumstances of the case.  The court determined that the landscaping company was required to indemnify the nursing the home.

When drafting indemnification clauses, it is important to remember that such clauses have to be “sufficiently specific,” and that courts are instructed to construe the clause against the party alleging the right to contractual indemnity.  In many cases, courts have determined that the use of generalized language did not cover the circumstances of the case.  Accordingly, a party seeking contractual indemnity would be wise to specifically set forth the specific parameters of an indemnification clause to the greatest extent possible.  This may avoid a court construing general terms against a party when it seeks to be indemnified, as well as the unpredictable results that might follow. For more information on this issue or other legal matters, contact Attorney Patrick J. McBurney at 401-824-5100 or email

[back to top]

Thank you for reading our newsletter. For further information about the firm and the Corporate & Business and Health Care Teams, please visit our website at or contact PLDW Managing Partner Gary R. Pannone at or 401-824-5100. We welcome your inquiry and appreciate your feedback. If you feel you have received this email in error, or would no longer like to receive this newsletter, please click here to unsubscribe. Thank you.

Attorney Advertising