Today's General Counsel, November 2021

NOVEMBER 202 1 VOLUME 1 8 / NUMBER 8 TODAYSGENER ALCOUNSEL.COM

Simplifying Data Breach Review With AI

More Titles, Less Privilege FTC Cracks Down On “Made in America” Claims $199 SUBSCRIPTION RATE PER YEAR ISSN: 2326-5000 ISSUU.COM/TODAYSGC

TAKE A CLOSER LOOK AT:

A FLEXIBLE PARTY-CENTERED APPROACH TO INTERNATIONAL DISPUTE RESOLUTION. At the center of every dispute are the organizations and people involved. Our mission is to assist parties in resolving their disputes faster, and more cost-efficiently. That’s why we developed a party-centered suite of resolution services backed by the American Arbitration Association® that minimizes the impact a dispute has on business. See all the reasons to choose the ICDR® at icdr.org.

GLOBAL EXPERTISE Matters. icdr.org

|

+1.212.484.4181

©2021 American Arbitration Association, Inc. All rights reserved.

contents

NOVEMBER 2021 Volume 18 / Number 8

4 EDITOR’S DESK COLUMN / PRIVILEGE PLACE

8 DOUBLE TROUBLE Two hats make privilege claims iffy. By Todd Presnell E-DISCOVERY

10 HOW AI STREAMLINES DATA BREACH REVIEW FOR GCS Smarter forensics tools expedite remediation. By Daniel Sholler

COMPLIANCE

12 THE PITFALLS OF "MADE IN AMERICA" New FTC rules about what qualifies. By Amy Lally and Jacquelyn Fradette

NOVEMBER 202 1 TODAYSGENERALCOUNSEL.COM

3

EDITOR’S DESK

I

t’s fair to say that Donald Trump raised the profile of the Made in America label during his presidency, and because he did the claim of U.S. origin on a product became a bigger selling point. In

this issue of Today’s General Counsel Amy Lally and Jacquelyn Fradette discuss the FTC crackdown on dubious Made in America labels, and how to avoid running afoul of the new rules. Daniel Sholler explains how e-discovery providers are responding to the growing demand for faster post-breach reviews of compromised data, and Todd Presnell presents examples of privilege claims that failed because the in-house attorney who made them held two corporate titles.

Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com

4

TODAYSGENERALCOUNSEL.COM NOVEMBER 202 1

BACK TO CONTENTS

Mass arbitration claims without massive arbitration filing fees Contact us: FedArb has developed an approach that streamlines the mass arbitration process and reduces cost, while maintaining a focus on equitable outcomes for all parties: a Multidistrict Litigation-type panel to deal with issues common to all claims, and respected former jurists to address individual issues as needed.

650.328.9500 info@fedarb.com www.fedarb.com

Benefits of the FedArb Mass Arbitration Approach: • Consolidating common issues of fact and law speeds the process • Minimal front-end filing fees • Online claims submissions • Expedited claims payments to employees • An “opt-out” provision to ensure fairness

Join leading companies in proactively modifying employee arbitration procedures to reduce the cost and expedite mass arbitration claims. Learn more: www.fedarb.com/framework-for-mass-arbitration

EDITOR-IN-CHIEF Robert Nienhouse

MANAGING EDITOR

EXECUTIVE EDITOR

SENIOR EDITOR

David Rubenstein

Bruce Rubenstein

Barbara Camm

CHIEF OPERATING OFFICER

CONTROLLER

Stephen Lincoln

Manuel Rosas

DIGITAL EDITOR

DATABASE MANAGER

Catherine Lindsey Nienhouse

Patricia McGuinness

ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC

CONTRIBUTING EDITORS AND WRITERS Jacquelyn Fradette Amy Lally Todd Presnell Daniel Sholler SUBSCRIPTION Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

EDITORIAL ADVISORY BOARD Dennis Block

GREENBERG TRAURIG, LLP

Thomas Brunner

WILEY REIN

Peter Bulmer

JACKSON LEWIS

Mark A. Carter

DINSMORE & SHOHL

James Christie

BLAKE CASSELS & GRAYDON

Adam Cohen

FTI CONSULTING

Jeffery Cross

REPRINTS For reprint requests, email Jill Kaletha jkaletha@mossbergco.com Foster Printing at Mossberg & Co

FREEBORN & PETERS

Thomas Frederick

WINSTON & STRAWN

Jamie Gorelick

WILMERHALE

Robert Haig

Thurston Moore

Robert Heim

Robert Profusek

Joel Henning

Art Rosenbloom

Sheila Hollis

George Ruttinger

David Katz

Jonathan S. Sack

Steven Kittrell

Victor Schwartz

KELLEY DRYE & WARREN

DECHERT

JOEL HENNING & ASSOCIATES

DUANE MORRIS

WACHTELL, LIPTON, ROSEN & KATZ

MCGUIREWOODS

HUNTON & WILLIAMS

JONES DAY

CHARLES RIVER ASSOCIATES

CROWELL & MORING

MORVILLO, ABRAMOWITZ, GRAND, IASON & ANELLO, P.C.

SHOOK, HARDY & BACON

Nikiforos latrou

Jonathan Schiller

Timothy Malloy

Robert Zahler

WEIRFOULDS

MCANDREWS, HELD & MALLOY

Steven Molo

BOIES, SCHILLER & FLEXNER

PILLSBURY WINTHROP SHAW PITTMAN

MOLOLAMKEN

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with­out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published ten times per year by Nienhouse Group Inc., 30 S. Wacker Drive, Suite 2200, Chicago, Illinois 60606 Image source: iStockphoto | Copyright © 2021 Nienhouse Group Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information.

STAY CURRENT WITH OUR RESOURCE CENTER  White Papers  Webinars  Product Guides  Case Studies  Industry Analysis  And more!

Visit Today’s GC Resource Center

Click the Resources to tab to visit our library of free downloadable content provided by experts and vendors within the legal industry and stay current in a rapidly changing world.

TODAYSGCRESOURCES.COM @TodaysGC

Follow us

Like us

COLUMN/PRIVILEGE PL ACE

Double Trouble By  TODD PRESNELL

A

s Benjamin Franklin once mused, “If a man could have half of his wishes, he would double his troubles.” In-house lawyers often wish to shoulder more corporate responsibility, including doubling their legal counsel role with businessrelated jobs and titles. Time is precious, so many combine business advice and legal advice in their communications.

8

Courts often take a critical view of in-house lawyers’ privilege claims. Although courts frequently presume that communications between a corporation’s outside counsel and its employees were for legal advice, the same presumption does not hold for in-house lawyers. More than one court has held that when an in-house lawyer’s communication with an internal employee is half

TODAYSGENERALCOUNSEL.COM NOVEMBER 202 1

business and half legal, the presumption should be that it was for a business purpose. That substantially decreases the chances of a favorable privilege ruling. One court’s ruling illustrates this danger. A company’s CEO decided to terminate two professional-level employees, both of whom worked under enforceable employment contracts. To prepare for the termination meeting, BACK TO CONTENTS

the company’s general counsel drafted a memorandum that in part interpreted the employment contracts and in part outlined reasons supporting a termination that the CEO could use in the meeting. The lawyer marked the memo (in boldface) “Confidential Subject to Attorney-Client Privilege.” Following the termination meeting, the employees sued the company and sought the memorandum in discovery. After trying to distinguish between the memo’s legal and business aspects, the court held that the privilege does not apply unless the primary purpose is to solicit or render legal advice. The court further held that when a communication’s purpose is not clearly legal or clearly business advice, then it should conclude that the communication pertained to business advice. In other words, courts tilt a fifty-fifty split between business and legal advice toward business. Applying this standard, and despite the boldface confidential and privileged label, the court held that the general counsel’s memorandum was a talking points script for the CEO to use in executing a business decision. The court ordered the memorandum produced and, in a subsequent bench trial, used it as a partial basis for a punitive damages ruling against the company. This double trouble phenomenon becomes worse when the in-house lawyer also serves in a business role. For example, a company persuaded one of its outside employment law attorneys to transition to an in-house counsel position. She was soon promoted to chief human resources officer (CHRO) but continued to advise on employment matters. While she was serving in this BACK TO CONTENTS

dual role, an employee attempted to obtain Family and Medical Leave Act (FMLA) leave. The company took the position that he had abandoned his job. The CHRO/ in-house lawyer participated in several meetings regarding the employee’s requested leave and potential termination. She took notes at these meetings and labeled some “Attorney Work Product and Privileged.” In the employee’s subsequent FMLA retaliation suit, he sought production of the notes from those meetings. The company refused, citing privilege protection. The CHRO/in-house lawyer submitted a sworn declaration claiming that despite her official title, her role at the meetings was to provide legal advice. The federal court, however, noted that it applies privilege protection “narrowly and cautiously” when the putatively privileged communications involve in-house lawyers, and that caution heightens when company officers mix business and legal responsibilities. Reviewing the challenged meeting notes in camera, the court held that, despite her affidavit to the contrary, the advice provided was routine human resources business advice. As these two examples demonstrate, privilege-related labels are not dispositive, but they certainly add value. Marking a memorandum or other communication as confidential (a critical privilege element) and privileged generates some evidence that the lawyer believed the privilege protected the information. Importantly, the communication’s content or subject matter must evince a primary purpose of seeking or dispensing legal advice. When indecisive about the content’s purpose, or if the

purpose evolves from legal to business in multi-string emails or instant messages, in-house lawyers should create a separate, new communication that focuses on the legal issue. Finally, dual titles simply create another hurdle to privilege success, and a single, business-related title could result in a complete forfeit of the issue. If a company’s licensed lawyer regularly provides legal advice, then give her a legalsounding title so that her privilege claims have a sound foundation. And if that is not feasible, the privilege labels and legal advice content become more imperative. It is difficult enough for in-house lawyers to persuade courts that the attorney-client privilege protects their communications with employees even when they have a sole, legal only role within the organization. These difficulties increase when in-house counsel assume additional, business-related titles, or mix business and legal communications. Diligence in keeping roles separate and proclaiming that separation within communications increases the chances of a privilege victory. On the other hand, failure to take these precautions will double the privilege trouble.

Todd Presnell is a trial lawyer in Bradley’s Nashville office. He is the creator and author of the legal blog Presnell on Privileges, presnellonprivileges. com, and provides internal investigation and privilege consulting services to in-house legal departments. tpresnell@bradley.com

NOVEMBER 202 1 TODAYSGENERALCOUNSEL.COM

9

E-DISCOVERY

How AI Streamlines Data Breach Review for General Counsel By  DANIEL SHOLLER

A

s data breaches increase in frequency and severity, data protection and privacy regulations are requiring organizations to deliver reports to regulators very quickly. With data volumes regularly in the terabytes, delivering accurate reports on time can be very challenging for affected organizations. In the case of the EU’s General Data Protection Regulation, impacted

10

organizations must report the extent of the breach within 72 hours of detection. When a breach occurs, the first step in the remediation process is determining how much data was compromised and what data qualifies as personally identifiable information (PII), personal health information (PHI) or other sensitive data. From a regulatory timeline standpoint, this task can

TODAYSGENERALCOUNSEL.COM NOVEMBER 202 1

be next to impossible to fulfill without automation and massive internal resources, so organizations typically outsource to a law firm or legal subject matter expert that specializes in handling data breaches. Yet even outsourcing doesn’t necessarily address the challenges of quickly reviewing vast amounts of data, due to the lack of a comprehensive technology solution to BACK TO CONTENTS

support these efforts. Historically, outsourced service providers have built or assembled a portfolio of forensic tools combined with review technology that they were already using in their e-discovery practices. The resulting patchwork solution requires strenuous manual efforts, a vast number of employees, and workarounds to achieve sufficient performance and scalability. Due to the costs, organizations have been forced to increase spending.

how many manual reviewers are needed. It saves costs, cuts down time and creates efficiencies. Our company recently launched an AI-powered detection and review solution specifically designed to rapidly discover PII and PHI in compromised data, and associate that information with individual subjects. It enables speedy review to meet tight regulatory deadlines and can support hundreds of manual reviewers simultaneously.

There is growing demand for better forensics tools and remediation processes that quickly identify certain classes of data. As a result, there has been growing demand for better forensics tools and remediation processes that quickly identify certain classes of data, and postbreach data review services that quickly review compromised data and accurately correlate that data with specific identities. This ensures that legal professionals can craft a better breach response. The emergence of this nextgeneration AI technology reflects an urgent need within legal departments for smarter, more independent methods to respond to data security incidents and data breaches. Legal teams increasingly recognize that firms and legal service providers need to deploy these AI tools to help determine if, and to what extent, a manual review is needed. The end result is an accurate picture of the security incident, who it impacted, and associated organizational jurisdiction. This helps corporations decide how to proceed with reporting and notification, and positions them to understand BACK TO CONTENTS

With the increasing embrace of AI and machine learning among general counsel, the industry appears ready to dramatically accelerate core legal processes, including breach review. Legal departments whose associated law firms or service providers implement this type of AI can now conduct a rapid first-pass review of a data breach and map a compliant response. In the end, this yields a more effective and less expensive process to remediate data breaches while mitigating legal risk for general counsel and their partners.

Daniel Sholler spent many years as a Gartner analyst and has worked throughout the software industry building and delivering data solutions and strategies. He is currently Product Marketing Manager at Exterro. daniel.sholler@exterro.com

READ TODAY Digital Magazine TABLET + DESKTOP + MOBILE

INSTANT ACCESS

LATEST LEGAL NEWS, ANALYSIS AND COMMENTARY

CURRENT BUSINESS DEVELOPMENTS FOR GCs AND IN-HOUSE COUNSEL

ISSUU.COM/TODAYSGC NOVEMBER 202 1 TODAYSGENERALCOUNSEL.COM

11

COMPLIANCE

The Pitfalls of “Made in America” By  AMY LALLY AND JACQUELYN FRADETTE

“M

ade in the USA” claims on products, also known as country-of-origin claims, have been a hotbed for litigation and regulatory enforcement for decades. In the 1990s, the Federal Trade Commission (FTC) developed a working definition of what constituted a false or misleading Made in the USA claim. But until recently, the FTC did not issue any regulations to codify a particular definition.

12

That changed on July 1, 2021, when a new rule was finalized, which the FTC claims “will crack down on marketers who make false, unqualified claims that their products are Made in the USA.” While the FTC does not substantively depart from longstanding enforcement policy, by enacting the new rule as a regulation it now has more power to issue substantial penalties for what it deems to be a misuse of the term. Thus, the FTC’s new final rule could

TODAYSGENERALCOUNSEL.COM NOVEMBER 202 1

represent a sea change in this area and have downstream effects. Under the rule, companies are prohibited from including unqualified U.S.-origin claims on labels unless: 1. Final assembly or processing of the product occurs in the United States. 2. All significant processing for the product occurs in the United States. 3. All or virtually all of the product’s ingredients or components BACK TO CONTENTS

are made and sourced in the United States. Critically, all three of these elements must be met. If they are not, the FTC has now deemed such uses of Made in the USA to be a per se unfair or deceptive practice or act under Section 5 of the FTC Act. The final rule also forecloses attempted work arounds by prohibiting synonyms to “made” such as built, produced, created or crafted in the United States or in America. Importantly, the FTC’s new rule applies to claims on labels. But what constitutes a label may not be as straightforward as that word suggests. The rule covers any mail order catalog or mail order promotional material that includes a seal, mark, tag or stamp labeling a product “Made in the USA.” And it expansively defines a mail order catalog to include anything “used in the direct sale or direct offering for sale of any product or service, that are disseminated in print or electronic means, and that solicit the purchase of such products.” In explaining what this

The FTC now has more power to issue substantial penalties for misuse of the term. covers, the FTC stated that “digital and physical labels are functionally equivalent, especially with the growth of e-commerce, and a failure to cover labels in print or electronic mail order catalogs or promotional materials would leave consumers without muchneeded protection.” This expansive definition sparked a dissenting statement from BACK TO CONTENTS

one of the FTC’s commissioners, Christine S. Wilson, who expressed the concern that this broad definition, in fact, “could be read to cover all advertising, not just labeling.” In her view, it is not supported by the plain language in the statute giving the FTC the authority to promulgate the rule, which limits such rulemaking to labels only. Although the FTC assures the public that this is just a restatement rule that affirms longstanding guidance and legal precedent with respect to Made in the USA labels, there are several reasons why companies should proceed with caution. First, although the final rule tracks the enforcement policy the FTC has been using for Made in the USA claims for several years, it adds significant new authority to issue stricter sanctions and penalties against violators that it could not issue before. Most critically, it enables the FTC to seek up to $43,280 per violation in civil penalties. Second, with a codified FTC definition, there also comes an increased risk of downstream litigation from state attorneys general, industry competitors under the Lanham Act, class action plaintiff lawyers and enforcement from the National Advertising Division of the BBB National Programs, all of whom often look to FTC regulations as guides to impose state or private civil liability and damages. The FTC’s three-pronged rule could serve as a roadmap for bringing state consumer class actions under such statutes as the California Unfair Competition Law and California’s analogous Made in the USA statute. It remains to be seen how courts will interpret the new rule and what the FTC’s own enforcement

practices using this rule will reveal about its scope. This is particularly true in light of the dispute among the commissioners over the scope of the term “label” and whether that definition was within the FTC’s authority. All of this brings a new element of uncertainty and, as a result, any company should err on the side of caution with respect to making a Made in the USA claim on its packaging or advertising, or on the product itself.

Amy Lally is a partner at Sidley Austin LLP and practices in all areas of litigation, including class actions, contract dispute litigation and real estate litigation. She also serves as a global co-leader of Sidley’s Consumer Class Actions practice and is a member of the firm’s COVID-19 task force. alally@sidley.com Jacquelyn Fradette is an associate at Sidley Austin LLP and works in both the Commercial Litigation and Disputes and White-Collar practice groups. She represents clients in all areas of trial litigation, particularly in commercial and class action litigation. jfradette@sidley.com

NOVEMBER 202 1 TODAYSGENERALCOUNSEL.COM

13

Join our upcoming webinars

HOW TO SIMPLIFY THE LEGAL HOLD PROCESS NOV

18

12PM CDT

Register for Webinar

Download an on-demand webinar

PANEL DISCUSSION: EVOLVING EMPLOYMENT CHALLENGES AND SOLUTIONS IN M&A Download Webinar

2021 LEGAL TECHNOLOGY ROUNDTABLE – EXPERTS EXAMINE TRENDS, NEW TECH Delivering high-quality content and topics that are valuable to increasing your business acumen. Listen/view at your own pace, and download substantive materials related to the topics.

Download Webinar

AVOID LAWSUITS, CITATIONS & FINES – MANAGE THE RETURN TO THE WORKPLACE

View more On-Demand Webinars

Download Webinar

TODAYSGENERALCOUNSEL.COM/ WEBINARS @TodaysGC

Follow us

Like us