NBA Fines And Non-Compliance Lessons for SMBs

Image of an arrangement with money, gavel, calculator, and contract illustrating the consequences of non-compliance with laws, rules, and regulations.

NBA Fines And Non-Compliance Lessons for SMBs

Regulations on the local, state, and federal levels are on the rise and this is putting a lot of pressure on compliance efforts of Small and Medium-sized businesses (SMBs) and exposing the fact that these organizations can only avoid costly fines and/or lawsuits for non-compliance by maintaining strict compliance throughout their information management processes.

I found the fines levied by the National Basketball Association (NBA) on players including the likes of the late Los Angeles Lakers Great, Kobe Bryant, and Mark Cuban, the owner of the Dallas Mavericks basketball team, among others, as a good lesson on the cost of non-compliance.

The NBA has consistently fined players who were in non-compliance of its rules and these violations range from the serious to what one could argue is the absurd – like kicking a ball in frustration or throwing a basketball into the stands in celebration of a win.

Indeed, as NBC Sports, Bay Area noted, “The NBA doesn’t hold back when it comes to fines for players and teams that violate league policies.”

Examples of Non-Compliance Violations

Here is a sample of violations that could get an NBA entity in trouble:

  • Derogatory slurs,
  • Flagrant fouls,
  • Speaking out against or complaining about poor officiating,
  • Altercations during a game,
  • Making comments about the collective bargaining negotiations,
  • Violating team rules,
  • Contact between NBA personnel and underclassmen,
  • Receiving 16,18 and 20 technical fouls in one season (note: a player could be automatically suspended for 1 game for his 16th, 18th, 20th etc. technical foul in the regular season).
  • Shoving another player in the face during a game,
  • Escalating an altercation,
  • Throwing a ball at a referee during a game,
  • Missing a shoot-around,
  • Fighting with a teammate,
  • Verbally abusing a referee.
  • Leaving the court during a game,
  • Improper conduct toward a referee (whatever that means),
  • Conducting illegal draft workouts,
  • Failing to leave the court in a timely manner following an ejection (seriously).
  • Removing jersey on the court,
  • Asking publicly to be traded or released,
  • Throwing a basketball into the stands during games.

Article 35(c) of the NBA Constitution gives the league’s commissioner broad discretion to fine players whose “act or conduct […] has been prejudicial to or against the best interests of the Association or the game of basketball.”

Notable NBA fines for Non-Compliance include:

  • $100,000 by the late Kobe Bryant of the Los Angeles Lakers for using a derogatory slur on a referee during a basketball game.
  • $50,000 by Joachim Noah, then with the Chicago Bulls for directing a derogatory slur at a fan during a game in Miami.
  • $500,000 by Dallas Mavericks owner Mark Cuban for repeatedly criticizing the league’s officiating.
  • $75,000 by former Lakers coach Phil Jackson after he spoke to reporters about ongoing collective-bargaining negotiations.
  • $3.5 million by the Minnesota Timberwolves basketball team (in addition to five first-round draft picks) for making an under-the-table deal with forward Joe Smith.
  • $5 million by Ron Artest who served an 86-game suspension because of his role in the mega-brawl among players and fans at an Indiana Pacers-Detroit Pistons match.
  • $100,000 by Cleveland Cavaliers owner Dan Gilbert for calling LeBron James’ decision to play for the Miami Heat a “cowardly betrayal” and a “shocking act of disloyalty.”

NBA fines generate a lot of debate because it is claimed that they happen “in the heat of the game” where the players were either reacting to what they felt were bad calls or were being heckled by a fan of the opposing team, and the player “just got caught up”. And as a fan commented, “The … slur is probably uttered a dozen or more times on the court during a game and nothing happens. These two incidents were simply caught on camera. A couple of fines are not going to change a culture that was years in the making. Get real.”

Laws and Regulations Relating to Non-Compliance

These are the laws that lay down rules or regulations that could lead to fines:

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA): enacted to improve efficiency in healthcare information delivery by standardizing electronic data interchange.
  • Health Information Technology for Economic and Clinical Health Act (HITECH): which imposes data breach notification requirements for unauthorized uses and disclosures of unencrypted Personal Health Information (PHI) among other things.
  • Stored Communications Act (SCA): addresses voluntary and compelled disclosure of email and other digital communications stored on the internet by third-party internet service providers.
  • Sarbanes Oxley Act (SOX): holds the CEO and CFO accountable for maintaining effective internal controls over financial and operational processes. Failure to comply can result in significant fines and even criminal penalties.
  • Payment Card Industry Data Security Standard (PCI DSS): a worldwide standard that includes specific technical requirements, such as data encryption, user access controls, activity monitoring and event logging systems for the protection of cardholder information. Non-compliant companies risk losing their ability to process credit card payments and being audited and/or fined.
  • Gramm-Leach-Bliley Act (GLBA): comprised of several components related to the collection, disclosure, and protection of consumers’ nonpublic personal information including: the Financial Privacy Rule, the Safeguards Rule, and Pretexting Protection.
  • UK Data Protection Act of 1998: Organizations that do business in the United Kingdom must comply with the broad-sweeping Data Protection Act of 1998. This legislation that governs the security of personal data—defined as any data about a living and identifiable individual.
  • General Data Protection Regulation (GDPR) of the European Union: This is one of the toughest privacy and security laws in the world. It applies to any organization that processes or collects data of EU citizens or residents or offers goods or services to them. It imposes harsh fines, penalties, and obligations on data controllers, processors, and subjects. Learn the history, scope, key definitions, and principles of GDPR compliance.

And many others.

Lessons for Small and Medium-Sized Businesses About Non-Compliance

What does this teach us about non-compliance? A lot of pain and suffering. But the critical factor here is that they were fined because they got “audited” if you will.

Can anyone deny that players use very raw language all the time? Even during a game, I have heard people say “oh, he used a bad word” when a player misses a shot, or a team loses a game. The X-Factor here is that in the case of  these NBA players, they had TV cameras on them to “capture the evidence” when the “violations” happened. If we take the individuals or teams that were fined as small business owners and the TV cameras as auditors, a fine resulting from non-compliance can be devastating and can lead to a lot of hurt. Granted the players and teams affected will hardly miss the “chicken change” called fines, but I bet you they will miss the money when a player must sit out an entire season due to suspension or give up a draft spot as will a small business that may be forced to cough up millions of dollars due to a violation.

The lesson for small and medium businesses are that while they may think they are “too small” to worry about compliance issues, when the auditors (TV cameras) put the spotlights on them, it won’t matter whether the cat made away with a compliance policy or that the security team “planned” on encrypting PII data “soon”. It does not make a difference if your violation was due to the dog eating your paperwork, or whether your kid used your laptop as a Frisbee, you are going to be fined.

Did any player mean any harm by what they said, I believe it is safe to say “No”. But they knew the rules and agreed to be bound by the rules and regulations of the “Association”.

Examples of the Cost of Non-Compliance

There are many examples of organizations and individuals paying fines for non-compliance with laws, rules, and regulations. For example, here’s what HIPAA violations can do to you:

  • A fine of up to $50,000, or up to 1 year in prison, or both; (Class 6 Felony)
  • If the offense is committed under false pretenses, a fine of up to $100,000, up to 5 years in prison, or both; (Class 5 Felony)
  • If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine up to $250,000, or up to 10 years in prison, or both.  (Class 4 Felony)
  • HIPAA also provides for civil fines to be imposed by the Secretary of DHHS “on any person” who violates a provision of it.
    The maximum is $100 for each violation, with the total amount not to exceed $250,000 for all violations of an identical requirement or prohibition during a calendar year.  (Class 3 Felony)

An argument can also be made that the biggest consequence of noncompliance with the law are lawsuits. They are expensive, time-consuming, and morale killers.

For example, a group of pipefitters refused to install a weaker and cheaper valve in a line for a nuclear power plant. One of the pipefitters got some more expensive and stronger valves that would hold the pressure, these were installed. Instead of receiving praise for their work, they were laid off by the management of the company. The employees sued, claiming retaliation for blowing the whistle on the company and management for the use of the weaker and cheaper valve. The jury of 12 awarded the pipe fitters with $4.7 million.

Another example is the Health Information Technology for Economic and Clinical Health (HITECH) Act that was enacted in 2010 which among other things improved and expanded current Federal privacy and security protections for health information. The new law ensures that new entities that were not contemplated when the Federal privacy rules were written, as well as those entities that do work on behalf of providers and insurers, also known as “business associates”, are subject to the same privacy and security rules as providers and health insurers.

Challenges of Non-Compliance

One sector that will face non-compliance challenges under the HITECH Act is the legal sector in that whereas the focus of HIPAA privacy compliance in law had previously been limited or quasi-restricted to legal entities who handle health-related information (typically HR), lawyers are now bound by the same HIPAA security and privacy guidelines as healthcare providers, including penalties for data security breaches and/or non-compliance with Federal regulations. They are now required to implement all the HIPAA Security Rules for all client-related electronic protected health information (ePHI).

So, while many of us may understand that Kobe and Joachim committed their non-compliance violations in the heat of the moment and that they did not mean any harm, they agreed to abide by the rules and policies of the NBA just like a health care provider agreed to abide by the rules of HIPAA. They were aware of the consequences of any violations.

If you are a small or medium business out there without a boatload of cash to handle a case of non-compliance, the best bet is to start now. Review the regulations that impact your organization and make sure your organization stays up to date with constantly changing rules to help stay compliant. According to an Iron Mountain report on “Best Practices for Records Management” which encompassed a diverse, broad-based sample of nearly 3,500 organizations across almost every vertical market:

  • 13% of all organizations surveyed managed electronic records in compliance with a records retention schedule.
  • 29% of all respondents said they had no written employee notification procedure should there be a need to cease disposal of records related to actual or anticipated legal actions, investigations, or audits.
  • 63% of all respondents did not have a records training program.

Next step

If you own a small business in the Austin area, get in touch with us at Tech Prognosis to see how you can get started with compliance risk assessment. We can review your current environment to see where you may need help. Call us today at 512-814-8044.

(Original Article Date: May 8, 2011/Updated December 25, 2023 to improve the reader experience)