APR/ MAY 2013 VOLUME 1 0 / NUMBER 2 TODAYSGENER ALCOUNSEL.COM
+ INTELLECTUAL PROPERTY
Trade Secrets and “Friends”
E-DISCOVERY
Multi-Matter Repositories
Tripping the Expert Witness
What You Need to Know about Predictive Coding
Overseas Branding
Checklist for a Hold
NEXT ISSUE:
• Paper Docs • Design Patents as IP Weapon $199 Subscription rate per year ISSN: 1932-9024 View our digital edition: http://digital.todaysgeneralcounsel.com
"BYOD" and Social Media The GC and the Techie Proxy Disclosure Challenges Cross-Border Raids China’s Document Wall What is a “Debt Collector”?
“
As an in-house lawyer who is constantly bombarded from all sides and has very little time to spare, PLC is the service I turn to.
— Bridget K. Marsh, Senior Vice President and Deputy General Counsel, The Loan Syndications and Trading Association (LSTA)
”
Practical law comPany for Law Departments is an online know-how service that gives inhouse counsel a better starting point. Covering 18 different practice areas, our resources include how-to guides, checklists, annotated model policies and contracts and more in an intuitive, easy to use interface. With Practical Law, you can create better first drafts, easily update current policies, and quickly respond to your internal clients with an increased level of confidence.
LEARN MORE OR REQUEST A FREE TRIAL TODAY | www.plclawdepartment.com | 646.562.3405
apr/ may 2013 toDay’s gEnEr al counsEl
Editor’s Desk
Social media law is becoming part of the course work in law schools. It will only grow in importance as the media evolve. Before long graduates who are well-versed in the topic will be recruited heavily, and anyone who aspires to become the chief legal officer of a corporation will need to demonstrate skill in the social media as well as knowledge of the legal implications of its use. Legal departments will budget for intensive social media CLE, lest they be blind-sided by new forms and the problems they create. Meanwhile, social media are already having a big effect, especially with respect to intellectual property. In this issue of Today’s General Counsel, Audra Dial discusses how to keep a trade secret in the social media age. She recalls the well-known PhoneDog v. Kravitz case, in which an employee apparently prevailed (the settlement was confidential). PhoneDog had accused employee Kravitz of misappropriating a company Twitter account and its followers, for which the company claimed trade secret protection. Dial also discusses a more recent case, in which an employer fared better. Trade secret misappropriation was alleged when a former employee took the login information to the company’s MySpace pages. The employer survived a motion to dismiss. The court noted that time and money had been spent to develop the allegedly public list of “friends” that its former employee took, and suggested that such friends are more than names on a list, because each revealed personal information which has value to the company. In the more traditional area of trademark law, Christopher Schulte cautions extra care when branding a product overseas. Protections offered in various countries can differ significantly.
2
Jonah Paransky advises all general counsel to form a close working relationship with their company’s chief information officer. Data security is their mutual concern, and data has become harder to secure because of electronic communication. Paransky notes that by nature the legal department is in possession of documents that must be secure because of their regulatory implications. Teaming with IT is a good way to keep both departments out of trouble.
Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com
4 400+ 50+ reasons Sterne Kessler is the right firm for
PATENT OFFICE LITIGATION
patent reexaminations under our belt
interference proceedings
We literally wrote the book on PTO litigation under the America Invents Act.
PTO litigation is won at the PTO with unique rules different from the courts.
105+ 3 advanced technical degrees
ways to deliver a win
Technical skills make the difference when deconstructing patents for challenge or defense.
Our interdisciplinary teams merge deep technical and PTO expertise with experienced District Court trial lawyers.
M IN D
+ MUSCLE
in washington, dc and at skgf.com
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Features
4
Page 58
54
ENFORCING JURY WAIVER CLAUSES
56
THE GC’S BEST FRIEND
William DeSantis Often better than arbitration.
Jonah Paransky An indispensable collaboration.
58
DEFENDING CHINESE COMPANIES LISTED ON U.S. EXCHANGES
62
YOU MAY BE PERSONALLY LIABLE UNDER THE FDCPA
Neal Marder, Micol Sordina and Andrew Jick Secrecy laws complicate depositions.
Robert J. Emanuel What is a “debt collector”?
More
for your buck . Inside Counsel reports that many companies are looking to increase their use of regional firms for their high-quality legal work, prioritized personal service, and a “faster on their feet” approach. Consistently ranked in Canadian Lawyer’s Top 10 Regional Firms, WeirFoulds is ready to hear from you.
Protect your future. Gain a competitive advantage. WeirFoulds LLP.
416.365.1110 www.weirfoulds.com
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Departments Editor’s Desk Executive Summaries
2 10
INTELLEC TUAL PROPERT Y
18 | Trade Secrets in the “Social” World Audra A. Dial With friends like these ...
22 | Five Tips for Deposing an Expert Witness in Patent Litigation
6
Christopher Scharff and Patricia McGrath Hoist by their own petard.
HUMAN RESOURCES
E-DISCOVERY
28 | International Cloud Computing and the Protection of Personal Data Paul Van den Bulck Is your provider secure?
30 | A Corporate Counsel’s Guide to Predictive Coding Fernando A. Bohorquez, Jr. and Alberto Rodriguez Make them explain.
25 | Inside the Mind of the NonPracticing Entity
32 | Ten Essential Best Practices in Predictive Coding
Christopher D. Bright Their business strategy affects your litigation strategy.
Warwick Sharp The trainer is the key; validate the results.
26 | Take Care with Overseas Branding Christopher J. Schulte Don’t risk losing a lucrative market.
40 | Rewriting Employee Handbook Policies on Social Media Audrey Mross Watch what the NLRB says.
44 | “Bring Your Own Device” Programs Create a Nest of Policy Issues Todd Scherwin and Raul Zermeno Remote delete might work. GOVERNANCE
46 | Companies Want GC To Foresee Risk Richard H. Girgenti and Bryan H. Jones Survey fi nds expanding legal department role in business strategy.
36 | So You Think You’ll Be Sued
48 | Shareholders Challenging Annual Proxy Disclosures
Richard M. Dunn and MaryTeresa Soltis Checklist for litigation holds.
Robert M. Daines and Olga Koumrian Dilution becomes an issue.
38 | Leveraging the Value of a Document with Multi-Matter Repositories
CANADA /CROSSBORDER
Robert Omeljanivk and Eliot Davidoff Recycle for the next lawsuit.
David Gustman Cross-border sulfuric acid sales alleged anticompetitive.
Dawn Raid, Antitrust Charges, Decade of Litigation
Page 36
Global Technology • Local Expertise
CJK TAR The Predictive Coding Tool Proven Effective on Asian Language Data Fast Instantly prioritize review sets Optimized workflow Litigation strategy insight
Defensible Minimize human errors Built-in quality control processes Supported by recent case law
Accurate Excludes irrelevant documents Eliminates tagging discrepancies Identifies 90%+ of relevant documents consistently
Economical Reduce review costs by 60 – 90%
Contact UBIC to discover how you can improve outcomes, save time and money.
New York • Washington DC • Silicon Valley • London Tokyo • Osaka • Nagoya • Seoul • Taipei Tokyo • Hong Kong
877-321-8242 • usinfo@ubicna.com • www.ubicna.com
eDitor-in-chief Robert Nienhouse puBlisher Julie Duffy Managing eDitor David Rubenstein
executive eDitor Bruce Rubenstein
senior vice presiDent & Managing Director, toDay’s general counsel institute Neil Signore art Direction & photo illustration MPower Ideation, LLC vice presiDent of Business DevelopMent Sasha Hefler Business Manager Amy Ceisel contriButing eDitors anD Writers
8
Fernando A. Bohorquez, Jr. Christopher D. Bright Paul Van den Bulck Robert M. Daines Eliot Davidoff William DeSantis, Audra A. Dial Richard Dunn Robert J. Emanuel Richard H. Girgenti David Gustman Andrew Jick Bryan H. Jones Olga Koumrian
Neal Marder Patricia McGrath Audrey Mross Robert Omeljanivk Jonah Paransky Alberto Rodriguez Christopher Scharff Todd Scherwin Christopher J. Schulte Warwick Sharp MaryTeresa Soltis Micol Sordina Raul Zermeno
suBscription subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com
Director of circulation Carol Spach eDitorial aDvisory BoarD Dennis Block GREENBERG TRAuRiG, llP
Thomas Brunner Wiley Rein
For reprint requests, email rhondab@fosterprinting.com Rhonda Brown, Foster printing
suTHeRland, asBill & BRennan
Timothy malloy mc andReWs, Held & malloy
Peter Bulmer
Jean mcCreary
JACKSON lEWiS
nixon peaBody
James Christie Blake Cassels & GRaydon
steven molo mololamken
adam Cohen
Thurston moore
FTi ConsulTinG
HunTon & Williams
Thomas Frederick WinsTon & sTRaWn
Jamie Gorelick WilmeRHale
Robert Haig kelley dRye & WaRRen
Jean Hanson
Ron myrick FinneGan HendeRson
Robert profusek Jones day
art Rosenbloom CHaRles RiveR assoCiaTes
George Ruttinger
FRied FRank
CRoWell & moRinG
Robert Heim
Jonathan s. sack
deCHeRT
dale Heist WoodCoCk WasHBuRn
Joel Henning Joel HenninG & assoCiaTes
reprints
Jerome libin
sheila Hollis duane moRRis
david katz WaCHTell, lipTon, Rosen & kaTz
steven kittrell mCGuiReWoods
moRvillo, aBRamoWiTz, GRand, iason, anello & BoHReR, p.C.
victor schwartz sHook, HaRdy & BaCon
Jonathan schiller Boies, sCHilleR & FlexneR
Robert Townsend CRavaTH, sWaine & mooRe
david Wingfield WeiRFoulds
Robert zahler pillsBuRy WinTHRop sHaW piTTman
all rights reserved. no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (issn 1932-9024) is published six times per year by nienhouse media, inc., 640 park avenue, Hinsdale, il 60521-4644 image source: istockphoto | printed by Quad Graphics | Copyright © 2013 nienhouse media, inc. email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. postmaster: send address changes to: Today’s General Counsel, 640 park avenue, Hinsdale, il 60521-4644 periodical postage paid at Hinsdale, illinois and additional mailing offices.
Prior results do not guarantee a similar outcome. Š 2013 Phillips Lytle LLP 3400 HSBC Center Buffalo, NY 14203 (716) 847- 8400
when it comes to international business, we bring more to the table.
When you partner with Phillips Lytle, you get more experience, more passion and a more pragmatic approach. And that gets winning results. Talk to us about International Law or any one of our 36 practice areas.
phillipslytle.com | NeW yoRK: albany, buffalo, chautauqua, garden city, new york, rochester | caNada: waterloo region | est. 1834
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Executive Summaries INTELLEC TUAL PROPERT Y
10
PAGE 18
PAGE 22
PAGE 25
Trade Secrets in the “Social” World
Five Tips for Deposing an Expert Witness in Patent Litigation
Inside the Mind of the NonPracticing Entity
By Audra A. Dial Kilpatrick Townsend & Stockton LLP
By Christopher Scharff and Patricia McGrath McAndrews, Held & Malloy
By Christopher D. Bright McDermott Will & Emery LLP
Many companies use social media to promote their business, but in doing so they may be putting their trade secrets at risk. In the last year, several lawsuits involving trade secret misuse through LinkedIn, Twitter and MySpace have been filed. More are likely to follow. The most widely publicized of these cases, PhoneDog v. Kravitz, involved the alleged misappropriation of a Twitter account and its followers. PhoneDog sued its former employee, Noah Kravitz, for misappropriating its Twitter followers. The court found the trade secret allegations sufficient to survive a Rule 12 motion, but the case settled before the court weighed in as to whether Twitter followers could be protected as trade secrets. Interestingly, although the settlement was confidential, it appears that Kravitz retained those 17,000 followers and has since then added more. Although social media encourage the kind of information sharing that could be at odds with the protection of trade secrets, using social media and maintaining trade secrets do not have to be incompatible. To avoid problems, implementing consistent policies that define the appropriate use of social media and protect confidential information is critical. Also, taking steps to assert corporate control over social media sites, rather than allowing individual employees to take firsthand responsibility, will ensure “friends” and “connections” are more easily protected as trade secrets. The author suggests several concrete steps to realize the benefits of social media without jeopardizing valuable trade secrets.
With preparation and planning, an effective expert deposition can turn the tide in a patent case. A prepared deposing attorney can draw out inconsistencies in an expert’s opinion, identify deficiencies in the expert’s qualifications, and even get the expert to agree with highly damaging key facts. Armed with the proper information, a party can often exclude some or all of the expert’s testimony, successfully move for summary judgment on the basis of the expert’s damaging testimony, or lock the expert into damning testimony at trial. The authors provide tips, along with Q & A examples of methods for deposing experts. Deposition testimony is most useful, they suggest, if the questions elicit short, pointed answers. Long, rambling answers with caveats and explanations, or testimony that requires reference back to previous questions and answers, is of little use. Opposing experts, they note, will be well prepared to answer important questions in a very narrow context, but may be unprepared to answer essentially the same question asked a different way. An expert witness will often make broad conclusions based on only partial information or after having only analyzed part of an issue. When you dig a little deeper the expert may admit that such opinions are not based on any actual evidence, but on supposition. A good strategy when deposing such an expert is to call out these instances and establish that the expert’s conclusion is based on unproven assumptions or incomplete facts.
As the U.S. economy has become more patent-intensive, non-practicing entities (NPEs) – business entities that do not practice the patents they assert in litigation – have proliferated. According to a 2012 study by PricewaterhouseCoopers, NPEs account for as many as 35 percent of the patent decisions in the most patentactive district courts. It has been estimated that firms spend billions defending against NPE patent assertions. NPEs have a variety of business models. They can be described generally, but there is no strict definition for any of them and no list of models is exhaustive. One NPE business model is a company with a patent portfolio acquired at relatively low cost, perhaps from a non-recognized or non-industry source. This type of NPE tends to seek nuisance settlements early in litigation. Another kind of NPE is a company with a patent portfolio acquired at moderate cost, perhaps from a fairly well recognized industry source. This type of NPE characteristically asserts patent portfolios against a smaller number of companies across a few industries. It seeks significant settlements, and it is often willing to carry some defendants all the way through trial. A third kind of NPE has a patent portfolio acquired at a relatively high cost from a well-recognized source in the affected industry. This type of NPE may have been formed by the company that allegedly invented the subject matter of the patent portfolio for the express purpose of asserting the portfolio.
The Five Stages of the Typical e-Discovery Experience 1. Surprise
2. Anxiety
4. Anger 3. Desperation
5. Regret
It Doesn’t Have to be Like This...I
Let RVM Show You e-Discovery Done Right! 1. Know What to Expect Are you on the edge of your seat during your e-Discovery projects, not knowing what to expect? For each project, RVM’s consultants prepare a detailed workflow. We ensure that we are on the same page as our clients. No surprises.
2. Effective Project Management Not hearing back from your e-Discovery partner leaves you feeling anxious and neglected. RVM’s premier project managers proactively communicate with our clients. Likewise, when clients reach out to us, we respond right away.
4. Unparalleled Client Service Does it take getting angry for you to get a response from your e-Discovery partner? At RVM our clients come first. Our dedicated staff carry out RVM’s commitment to client satisfaction on every single aspect of each project.
5. Repeat Performance At the end of the project life-cycle, you’re left with the impression of your experience. After working with RVM you may feel regret—but only for not having turned to us sooner.
3. Innovative Solutions Feeling desperate and frustrated? We hear you. But you can’t expect different results using the same canned processing tools. That’s why RVM continues to revolutionize e-Data processing through our proprietary software, Revelation™. • • • • • •
Litigation Needs Analysis Consulting ESI Sources Forensics (Data Collection & Analysis) e-Data Processing Online Hosting & Review Enterprise Content Management Solutions
877.358.9180 New York • Chicago • Cleveland
ediscoverydoneright.com
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Executive Summaries INTELLEC TUAL PROPERT Y PAGE 26
PAGE 28
PAGE 30
Take Care with Overseas Branding
International Cloud Computing and the Protection of Personal Data
A Corporate Counsel’s Guide to Predictive Coding
By Christopher J. Schulte Merchant & Gould
12
E-DISCOVERY
The United States is fertile ground for launching brands: Interbrand reported that in 2011, of the 100 most valuable brands world-wide, 49 percent originate here. But branding overseas requires extra care. A brand is considered under law to be a trademark, and trademarks are protectable in other countries, as in the United States. However, there are significant differences that can affect a trademark overseas. First, consider how an English brand name may be translated and the glitches that might result. The most famous example of the potential issue is Chevy’s NOVA brand, which in Mexico translated to “doesn’t go.” A good linguistics company, usually a division of a larger branding or advertising agency, can catch these issues. A brand that is a coined term like XEROX for photocopiers, or arbitrary, like APPLE for computers, will be highly protectable worldwide. In the United States there is common law protection for trademarks that have been used in commerce but not registered with the USPTO, but in most countries a trademark must be registered before the owner can derive any benefit. One useful international strategy is to file in a foreign venue before use has commenced in that country and when it may not for some time. This is known as a defensive filing. International branding is a complex area under trademark law. To avoid problems in the business of selling goods and services overseas, a company should be sure its international trademark approach is sound.
By Paul Van den Bulck McGuireWoods LLP
By Fernando A. Bohorquez, Jr. BakerHostetler and Alberto Rodriguez Columbia Law School
The cloud computing model can be attractive for small and medium-size companies that don’t want to invest in and manage computer platforms or infrastructure. Cloud computing is also of interest because it can enable file synchronisation. But the cloud model entails some risks involving personal data protection. This was highlighted in a 2012 opinion rendered by the group representing personal data protection authorities of the EU, and it’s an opinion shared by the data protection authority in France (the CNIL) and the Information Commissioner’s Office, or the ICO, in Great Britain. These authorities underlined the two main risks related to cloud computing: loss of control of personal data, and lack of transparency by the service provider concerning the processing of personal data. Although the cloud services provider is the best informed about its level of security, the entity or person using the services is primarily liable for compliance with personal data processing regulations. The likely imbalance of power between a small client and a large service provider does not free the client from its liability vis a vis personal data protection. Thus the client must obtain from the service provider, in a written contract, assurance of compliance with personal data protection regulations, especially with regard to data integrity, confidentiality, transparency towards data subjects, data isolation, intervention on behalf of data subjects and portability. The client must also ensure that it has a way of checking the service provider’s compliance.
Predictive coding is computer or technology-assisted review that extrapolates human review decisions from a subset of materials to classify documents in a larger data set. It typically requires selecting and reviewing a control set of documents to measure the tool’s performance. Then training or seed-set documents are selected, reviewed and coded by attorneys. They in turn train the technology to replicate the reviewer’s judgments. It is imperative that the attorneys most knowledgeable about the case be involved from the beginning of the predictive coding review in order to train the system. Understanding the technology and vetting the vendor is critical. Considerations include assessing whether the methods and algorithms used by the technology are accepted in the e-discovery community, and ensuring that the technology has an audit function to review accuracy. Ask the vendor to explain the technology in plain English, because at some point you or your outside counsel may need to defend it to your adversary, your boss, or even the judge. Predictive coding has great potential to help corporate counsel manage the skyrocketing costs of e-discovery, but it doesn’t run on auto-pilot. It is essential to enlist senior counsel to teach the case to the machine. You need to vet reputable vendors with easy to understand and defensible technologies. Use counsel who are comfortable with the workflow and technology, and make sure they understand and can maintain the high level of transparency necessary in disclosing predictive coding protocols.
TODAY’S GENER AL COUNSEL APR/ MAY 2013
Executive Summaries E-DISCOVERY PAGE 32
PAGE 36
PAGE 38
Ten Essential Best Practices in Predictive Coding
So You Think You’ll Be Sued
Leveraging the Value of a Document with Multi-Matter Repositories
By Warwick Sharp Equivio
By Richard M. Dunn and MaryTeresa Soltis Cozen O’Connor
This article outlines emerging best practices in the application of predictive coding to e-discovery, which is now approved by multiple courts in the United States and abroad. Although the classification technologies that underlie predictive coding applications in e-discovery have been used in a broad range of industrial and scientific settings for decades, stringent defensibility requirements in e-discovery make best practice procedures necessary. Predictive coding technology will encode either correct or incorrect guidance from the trainer. Thus, the first best practice is to give due consideration to choosing a trainer. This person needs to be a knowledgeable attorney, with the authority to make review decisions that are likely to have a significant impact on the outcome of the case. Validate results. As emphasized in a recent court decision that the author references, quality assurance is a key component of predictive coding. The objective of quality assurance is to provide transparent validation of the results generated by the application. One key test is to verify culling decisions. Predictive coding is a dynamic and rapidly developing arena, and best practices will continue to evolve. In documenting them as they have taken shape over the past year or so, the author’s intention is not to define a universal textbook template for the generic predictive coding project, but rather to provide a platform from which it will be possible to develop, refine and create new and better practices, as the e-discovery industry continues to assimilate the technology.
Companies use the cloud, share points, drop boxes, databases, websites, and “E-rooms” to store data. This volume of potentially relevant information is far greater than the discovery a company is likely to receive from an injured party when notice of an accident or an employment related claim becomes a lawsuit. The authors provide a checklist to navigate this asymmetrical e-discovery situation. They note that discovery of ESI is a fact of life in most litigation. Federal Rules require that it be addressed as early as the Rule 16 Conference. These rules place affirmative duties on counsel to preserve and produce potentially relevant information. They also apply to third parties responding to subpoenas. You must issue a litigation hold whenever you are or should be reasonably aware of anticipated litigation. Notice of an accident or claim or an administrative agency’s issuance of a right to sue are all events that trigger the obligation to issue a hold. In the process you will need the help of a knowledgeable member of your company’s IT department and/or an outside forensic consultant. By the time you are producing documents, you are more knowledgeable about your company’s data sources than your adversary is. Use that knowledge to come to agreements limiting what will be reviewed and how; and what, when and in what format you will produce ESI. Be flexible and willing to re-evaluate your e-discovery strategy at key points to ensure efficiency, effectiveness and defensibility.
By Robert Omeljanivk and Eliot Davidoff FTI Consulting
When a legal action arises, the worth of a document becomes clear. The document accrues value as it flows through the costly progression of collection, processing, review and production characteristic of e-discovery. Although technology-assisted review and other strategies have emerged to make these processes more efficient, the cost remains unavoidable. The key at that point is to remember the document is no longer just a document. It has become work product. Legal professionals, working with litigation technology providers, are now learning how to preserve and reuse documents or document features from matter to matter, thereby retaining the value of work product. As companies work to perfect this process, a few features have emerged as keys to a successful multi-matter repository. The first is scalable database architecture. The repository’s e-discovery software should be capable of storing not only a large number of individual documents, but also each piece of metadata associated with those documents. A multi-matter repository system also needs to be adaptable and able to handle the variety of configurations that different sets of matters may require. Some companies choose to create multiple databases that communicate with one another through controlled interactions. Reusing data creates value. Costs and time efficiencies result when document processing and review become a singular event. Building a system that allows companies and their counsel to reuse work product in an intelligent and strategic fashion decreases costs, saves time, reduces risk and ensures high quality results.
13
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Executive Summaries HUMAN RESOURCES PAGE 40
PAGE 44
PAGE 46
Rewriting Employee Handbook Policies on Social Media
“Bring Your Own Device” Programs Create a Nest Of Policy Issues
Companies Want GC to Foresee Risk
By Audrey Mross Munck Wilson Mandala, LLP
14
GOVERNANCE
Employer policies that address employee behavior and communications, including via social media, are regulated by the National Labor Relations Board, under the National Labor Relations Act. Section 7 of that law, which gives employees the right to selforganize, is particularly relevant with respect to social media. The author describes recent unfair labor practice complaints involving social media and how they have been decided, and she offers some advice for rewriting handbooks based on those decisions. First and foremost, she suggests, confirm whether the NLRA applies to your company. If you are a multi-state operation it almost certainly does. If your workers fall into one of the excluded categories, such as public sector employees or independent contractors, it doesn’t. Train your management team about the NLRB and other employment law basics. This is especially important in organizations where employment decision making is decentralized and there is no HR and/or legal department safety net to identify and stop risky choices. Any policy that broadly bans discourteous conduct poses a risk, because constructive criticism is protected. Expressly state that your policies do not apply to situations where two or more employees are discussing their employment in a manner that does not violate company policy relating to disclosure of confidential information, discrimination or harassment. Keep an eye out for new state or federal law that would prohibit employers from asking for or demanding social media page passwords from job applicants and employees.
By Richard H. Girgenti and Bryan H. Jones KPMG LLP
By Todd Scherwin and Raul Zermeno Fisher & Phillips LLP
There is a new trend in the workplace: the bring your own device (BYOD) program. An employer permits employees to use their own laptops, tablets, smartphones, etc. to connect to company servers and access company information. For an employer, a BYOD program may reduce expenses, as it obviates the need to purchase and maintain some expensive companyissued devices. It also can increase productivity, as employees will gain access to company information, including emails, from virtually anywhere at anytime. But it also brings potential legal challenges for employers, in such areas as privacy, wage-and-hour issues and trade secrets, and the need to address some critical policy issues. A company should first clearly identify which if any employees should be granted access to company servers, based on an employee’s job duties and responsibilities. A well written BYOD policy informs employees of their responsibility to keep their device secure at all times; notes that all workplace policies extend to use of the device for business purposes; notes that the employee does not have an expectation of privacy for any company information created, transmitted, downloaded, received, reviewed or stored in a company’s network; and explains company procedure if the device is stolen or lost, or if the employee is terminated. Consider implementing a remote data removal, or “remote-wipe,” option. This enables the employer to remotely delete its stored information on the device in case the device is lost, or upon the employee’s termination.
This article is an analysis based on a KPMG International survey entitled “Beyond the Law: KPMG’s Global Study of How General Counsel are Turning Risk unto Advantage.” The survey ascertained from general counsel worldwide how their firms are using their skills. The authors found a trend for the GC to become more involved with decisions and strategic planning that anticipates regulatory issues and heads off risk. Traditionally, the role of the GC was detached from business goals in order to give robust, independent legal advice. Now, to expand their role and help their organizations achieve strategic objectives, general counsel must engage in commercial decision-making, while still remaining the organization’s “legal conscience.” Nevertheless, many general counsel still feel they are seen as the last stop for approval – or worse, as a “necessary evil,” a phrase used by about a third of those interviewed. Less than a third were currently focusing on anticipation of risk as one of their top three tasks. The authors observe that boards expect the GC to be commercially aware and to combine this awareness with legal knowledge and experience; to balance commercial and legal decisions; and to speak in a language that can be understood across the organization. Regulatory change, business relationships, dispute management and risk to reputation are seen as areas where general counsel can add value beyond legal expertise. The GC now has opportunities to turn risk assessment into competitive advantage.
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Executive Summaries GOVERNANCE
16
CANADA /CROSS-BORDER
PAGE 48
PAGE 50
PAGE 54
Shareholders Challenging Annual Proxy Disclosures
Dawn Raid, Antitrust Charges, Decade of Litigation
Enforcing Jury Waiver Clauses
By Robert M. Daines Stanford Law School and Olga Koumrian Cornerstone Research
By David Gustman Freeborn & Peters LLP
In 2012, plaintiff attorneys filed a wave of lawsuits challenging annual shareholder proxy votes and disclosures of executive compensation. This litigation may increase during the 2013 proxy season. It does not challenge the actual compensation, but only requests more detailed disclosures. Initially, these cases focused on sayon-pay disclosures and increases in the number of shares authorized for equity compensation plans. The say-on-pay disclosure claims were largely unsuccessful, but plaintiffs had more success with the argument that an increase in the number of shares available to stock compensation plans dilute share value for existing shareholders. The authors argue that, although any additional information can be valuable to shareholders, the benefits can be offset by the costs incurred to supply the data, and a too-expansive requirement that companies provide additional compensation data may reduce, rather than expand, the opportunity for shareholders to vote on executive compensation. If the DoddFrank Act were interpreted to encourage costly disclosure lawsuits and challenges, without otherwise changing outcomes, firms would rationally seek to avoid these costs by limiting such votes to the statutory required once in three years, instead of the annual vote that many firms hold today. The authors note that while all the 2012 litigation was filed by a single plaintiff law firm, two more firms have announced similar investigations in 2013. These three firms announced a combined total of 16 investigations of public companies in December of 2012 and an additional 17 companies in January of 2013.
After nearly 10 years of litigation, the Seventh Circuit Court of Appeals recently affirmed a judgment for the defendants in the consolidated nationwide class action, In Re Sulfuric Acid Antitrust Litigation, (7th Cir. 2012). It began when the Canadian and U.S. agencies in charge of antitrust law enforcement in both countries launched a raid against several large mining and chemical companies, seizing documents in Canada and interviewing potential witnesses in the United States. The DOJ conducted its criminal investigation for more than five years before closing it without bringing charges. This didn’t protect the companies from the pain and expense of defending against the follow-on multi-district antitrust class action in the United States. A mutual legal assistance treaty between Canada and the United States allows coordination and sharing of information obtained in investigations with international implications. This kind of arrangement is not confined to the United States and Canada. Many other countries now coordinate investigations. The author advises counseling key executives about cross-border antitrust investigations and lining up experienced counsel in each jurisdiction. Counsel should have a plan to obtain copies of seized documents or data, and to deal with privilege issues. They must coordinate their efforts carefully, because the investigative agencies are certainly coordinating theirs. In respect to obtaining counsel, keep in mind that the interests of the company and employees involved in the investigated conduct may diverge. Separate counsel to advise on potential individual criminal liability may be necessary.
By William DeSantis Ballard Spahr LLP
If a business has the potential for many small claims, it may seek to minimize liability by entering into pre-dispute contracts that require arbitration. However, there may be certain industries where a business is better served by a pre-dispute jury waiver. As a general rule, contractual jury waivers are enforced if the waiver was knowing and voluntary. Because the right to a jury trial is fundamental, many courts have held that there is a presumption against a waiver and that jury waiver provisions should be construed narrowly. On the other hand, most courts recognize that parties have freedom to contract as they please, and that jury waivers are not contrary to public policy. Courts will look at several factors to determine whether a jury waiver is enforceable, including the opportunity to negotiate, the relative bargaining power of the parties, and whether the contract was reviewed by counsel. Each jury waiver provision is considered case-by-case. Opponents of arbitration are working to limit the use of pre-dispute arbitration agreements. While the enactment of legislation may be unlikely, there is the possibility of a regulatory response from the Consumer Financial Protection Bureau. In fact the CFPB is presently undertaking a required study of consumer arbitration provisions. Given the possibility of restrictions on arbitration clauses, a prudent business should include a jury waiver clause in all contracts, in the event the arbitration clause is not enforced.
?
TODAY’S GENER AL COUNSEL APR/ MAY 2013
Executive Summaries
?
PAGE 56
PAGE 58
PAGE 62
The GC’s Best Friend
Defending Chinese Companies Listed on U.S. Exchanges
You May Be Personally Liable Under the FDCPA
By Neal Marder, Micol Sordina and Andrew Jick Winston & Strawn
By Robert J. Emanuel Much Shelist
In recent years, there has been a number of regulatory investigations and securities fraud class actions instituted against Chinese companies listed on U.S. stock exchanges. Many have become involved in litigation in U.S. courts. Such companies find themselves in a legal quandary. Compliance with document subpoenas and discovery requests seeking information located in mainland China may violate the People’s Republic of China (PRC) laws on state secrecy protection, archive management and national security (collectively referred to as “the Secrecy Laws”). Under PRC law, state secrets are broadly defined to include matters relating to national security and interests, including national economic and social development. PRC laws governing protection of commercial secrets also may be violated when such information is provided to a foreign recipient. The PRC government can grant exceptions, but it has proven to be conservative and generally reluctant to do so. Sanctions can include hefty fines, lengthy prison sentences and deportation. The authors provide some tips on advising Chinese companies faced with an SEC investigation or U.S. class action. They suggest ascertaining the company’s connection to the government and whether it operates in a “sensitive” or highly-regulated industry; and whether any of the documents sought have been identified as secret or involve sensitive categories, including national defense, foreign affairs, economic and social development, or science and technology. Taking the deposition in Hong Kong mitigates the risks for U.S. citizens, but not for citizens of the PRC.
The Fair Debt Collection Practices Act was enacted to deter abusive practices by third-party debt collectors. Violation can result in civil liability or enforcement action by the Federal Trade Commission. Damages can amount to hundreds of thousands of dollars. In order to prevail on an FDCPA claim, a plaintiff must establish that the defendant is a debt collector and has engaged in one of the practices prohibited by the statute. Lack of clarification about who fits within the definition of a “debt collector” is a lingering issue. The FDCPA defines a debt collector as any person who uses “interstate commerce or the mails in any business, the principal purpose of which is the collection of any debts” that are owed to another. However, the law excludes various individuals and entities, including officers or employees of a creditor seeking to collect debts on behalf of the creditor. The Seventh Circuit has a narrow definition of a debt collector and has rejected attempts to hold owners, officers and employees of debt collectors personally liable. However, most courts have reached contrary conclusions. The Sixth Circuit and district courts in the First, Second, Third, Ninth, and Tenth Circuits have held that owners, officers and employees of a debt collector can be personally liable for the FDCPA violations of their companies. The author opines that ambiguities in the FDCPA’s language have resulted in unforeseen consequences, and that it’s important that the courts provide some clarification.
By Jonah Paransky LexisNexis CounselLink
Problems related to electronic communications and web-based interactions can have major legal implications. Therefore general counsel and chief information officers need to form close working relationships. The author cites research indicating that data security has become the number one area of concern for a large number of legal officers and corporate directors. By virtue of the kinds of information it routinely handles, the corporate legal department has a key role in data security discussions, and in many organizations the GC is taking on increasing responsibilities for managing organizational risk. The legal group has an endless variety of documents related to matters from litigation, contract negotiations, legal holds, government investigations and comparable areas, plus items associated with corporate legal spending and the use of outside counsel, research, and other legal expenses. The fact that some of these data and documents have regulatory implications complicates data security, and the GC’s task. Organizations that handle and store critical confidential information should maintain a formal process for managing and protecting it. With third-party vendors, look for references to SSAE 16 attestations. They encompass a number of data security best practices, maintaining formal control environments and regular internal and external audits of their effectiveness. If your internal IT organization is not certified, it should have formal documentation of policies and procedures for the management of critical and confidential information. Consider active monitoring of your electronic infrastructure. Routine third-party audits and ongoing internal testing are suggested.
?
?
? 17
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Intellectual Property
18
TODAY’S GENER AL COUNSEL APR/ MAY 2013
Intellectual Property
Trade Secrets in the “Social” World By Audra A. Dial
M
any companies use social media to promote their business, but in doing so they may be putting their trade secrets at risk. Since Facebook began in 2004, the number of social media sites and users has grown rapidly. Platforms like Facebook, MySpace, Twitter, YouTube, LinkedIn, and Pinterest, which began as ways for individuals to connect, are now frequently used by companies to market to their customers. These online tools can be an important aspect of a company’s business and marketing strategy, but the possibility of disclosing valuable trade secrets arises when employees are using social media. In the last year, several lawsuits involving trade secret misuse through LinkedIn, Twitter, and MySpace have been filed. It’s likely that that more will follow. The PhoneDog, Eagle and Christou cases involve a familiar scenario – alleged trade secret theft by a former employee. They raise interesting new questions about whether social media accounts and the various followers, friends or connections made through them can themselves constitute protected trade secrets. The most widely publicized of these cases, PhoneDog v. Kravitz, involved the alleged misappropriation of a Twitter account and its followers. PhoneDog sued its former employee Noah Kravitz for misappropriating its Twitter followers. While an employee of PhoneDog, Kravitz used the @PhoneDog_Noah handle to promote PhoneDog’s services and gained approximately 17,000 followers. When he left PhoneDog, Kravitz refused to transfer the handle to PhoneDog and instead changed it to @ noahkravitz and continued tweeting to the same 17,000 followers. In its complaint in the Northern District of California, PhoneDog alleged that both its Twitter password and followers were its trade secrets. Kravitz argued that neither the list of followers nor the login information could be a trade secret because the
followers were publicly available and the password to the account had no independent economic value. The court found the trade secret allegations sufficient to survive a Rule 12 motion, but the case settled before the court weighed in on whether Twitter followers could be protected as trade secrets. Interestingly, although the settlement was confidential, it appears that Kravitz retained those 17,000 followers and has thereafter added even more. A little more than a month later, a judge in the Eastern District of Pennsylvania dismissed a trade secrets case involving a LinkedIn account. In Eagle v. Morgan, Dr. Linda Eagle and her former employer, the financial services training firm Edcomm, became embroiled in litigation in which each made allegations ranging from securities fraud to violations of the Computer Fraud and Abuse Act. One of Edcomm’s claims was that Dr. Eagle had misappropriated the company’s connections on a LinkedIn account that she had established while an employee. The court dismissed the trade secrets claim because LinkedIn connections are publicly available, are capable of being derived easily from public information and do not hold independent economic value to others. MORE THAN JUST FRIENDS
The most recent opinion on the interplay between social media and trade secrets came from the District of Colorado in March of last year. In Christou v. Beatport, a consortium of nightclubs sued their former employee, Bradley Roulier, alleging that he misappropriated their trade secrets when he took the login information to their MySpace pages upon his departure. On a motion to dismiss and again on a motion for summary judgment, the court refused to dismiss the trade secrets claim, despite the defendant’s argument that the public list of MySpace friends could not qualify as a trade secret. Because the plaintiffs had restricted access
19
apr/ may 2013 today’s gener al counsel
Intellectual Property
20
to the MySpace friend pages and spent time and money to develop this social media site, the MySpace friends could be a protected asset. Interestingly, the court suggested that MySpace friends constituted more than just a list of names because being someone’s “friend” provided access to personal information such as their interests and preferences, contact information, and a built-in means of private, direct communication. Although the defendant could attempt to recreate the “friends” list, he would not be able to get such personal access without this social media connection to them. These cases are the harbinger of a new era for trade secret law. Although certain information may be somewhat public, knowing one’s customers on a deeper level is not equally public. This trend in protecting somewhat public information (such as “friends”) is similar to the protection of customer lists, particularly when those lists have more detail than just names, addresses and phone numbers. Given that individual preferences and views are more often expressed through Facebook and MySpace and more limited information is shared in LinkedIn, there may be a differentiation in whether “friends” are more protectable than “connections,” as these cases have suggested. These cases raise important ownership issues. Depending on why the account was created, whose name is on the account, who has decision-making control, the terms of use of the social media site and what type of information is disseminated, the company may not really “own” its alleged trade secret and may have difficulty seeking to protect it. OTHER POTENTIAL PITFALLS
Although recent cases have focused on social media accounts purportedly owned by companies and run for the benefit of the business, there are a number of other ways in which company trade secrets could be misused through social media. Specifically, trade secrets could be compromised through intentional or unintentional disclosure by employees engaged in discussions over social media. Platforms like Facebook and Twitter
encourage users to provide frequent status updates. In doing so, employees could make comments about what they are doing such that they inadvertently disclose confidential company work. Check-ins using applications like Foursquare or real-time photos via Instagram could present the possibility for even broader confidentiality breaches. If employees are involved in conversations with confidential prospective clients or business partners, revealing their location alone may be enough to compromise that confidential information. Employees making connections with customers via Facebook or LinkedIn could make something like a previously confidential customer list considerably more public. Such confidentiality concerns and potential for disclosure can be so grave that companies will go to extreme lengths to avoid breaches. For example, when Marissa Mayer interviewed with Yahoo for its top spot, Yahoo held her interviews at different locations, including a law firm, to protect the confidentiality of those discussions. One inadvertent tweet by an employee could have revealed those negotiations well before they were intended to be public. STEPS TO PROTECT TRADE SECRETS
Social media and information sharing are integral to today’s business world. These tools have been used successfully to further companies’ business objectives, and now companies must ensure their trade secrets are protected from misuse. Steps you can take now to protect the company’s trade secrets in the “social” world include the following: • If creating corporate social media accounts, enter into agreements with employees who will manage those accounts. These agreements should make clear that the accounts and login credentials are company property, not the individual employee’s. • Keep access to these accounts restricted to specific employees with a need to know, and make clear the types of information that should and should not be communicated on these sites.
• As a matter of policy, change passwords and login credentials for such sites after employees leave or job functions change. • Educate employees about the types of confidential information to which they are exposed and make them aware of the ways in which they might inadvertently disclose these secrets through their personal use of social media. • Routinely monitor social media sites to determine if your company’s secrets have been compromised. The recent cases involving social media and trade secrets confirm that the use of social media poses risks to companies’ trade secrets. Although social media encourages the kind of information sharing that could be at odds with the protection of trade secrets, using social media and maintaining trade secrets do not have to be incompatible with each other. But consistent policies that define the appropriate use of social media and protect confidential information are critical. Also, taking steps to assert corporate control over social media sites, rather than allowing individual employees to take firsthand responsibility, will ensure “friends” and “connections” are more easily protected as trade secrets. By taking protective steps and remaining vigilant, the benefits of social media can be realized without jeopardizing valuable trade secrets. ■
Audra Dial is a partner in the Patent Litigation and Technology Litigation teams at Kilpatrick Townsend & Stockton LLP. Her practice is focused on complex federal court litigation involving trade secrets, patent disputes, restrictive employment covenants and complex business disputes involving intellectual property. adial@kilpatricktownsend.com
2013 FALL MEETING REGISTER TODAY
The 2013 Fall Meeting is a “Must-Attend” meeting for lawyers with a practice or interest in international legal issues.
WHAT WILL ATTENDANCE AT THE 2013 FALL MEETING OFFER YOU? • Over 60 substantive concurrent continuing legal education sessions with world-class speakers; • Cutting edge programming on the latest international legal and ethics issues; • Networking opportunities with counterparts, decision makers and potential clients from around the world who are active in international practice areas; • An entire year’s worth of CLE credits; and • Special programming for young lawyers, law students, and legal educators.
OUTSTANDING NETWORKING OPPORTUNITIES! • Tuesday, Welcome Reception at the House of Lords; • Wednesday, Opening Reception at the Honourable Society of the Middle Temple; • Thursday, Reception at the Tate Britain; and • Friday, Chair’s Closing Reception at the London Hilton on Park Lane.
LEARN, NETWORK, PARTICIPATE • Learn the latest from top experts and receive information that is relevant to you in your international law practice area; • Network with the best and brightest international lawyers throughout the meeting particularly at our twice daily networking breaks, evening events and ticketed luncheons; • Participate in specialized meetings with colleagues who share your areas of interest by attending committee working business meetings, division breakfasts and committee dinners; and • Visit exhibitors of dynamic products and services for the legal profession.
Join us at the crossroads of the world for a spectacular FALL Meeting!
For more information and to register, please visit ambar.org/ilfall2013
The London Hilton on Park Lane October 15-19
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Intellectual Property
FiveTips for Deposing an Expert Witness in Patent Litigation By Christopher Scharff and Patricia McGrath out inconsistencies in an expert’s opinion, identify deficiencies in the expert’s qualifications, and even get the expert to agree with highly damaging key facts. Armed with the proper information, a party can often exclude some or all of the expert’s testimony, successfully move for summary judgment on the basis of the expert’s damaging testimony, or lock the expert into damning testimony at trial. Below are five effective tips for obtaining powerful expert witness testimony during patent litigation. (1) Strive for sound bites. Deposition testimony is most useful if you can easily and clearly quote the questions and answers in a brief or read it at trial for impeachment purposes. A long, rambling answer with multiple caveats and explanations, or testimony that requires reference back to multiple questions and answers, is of little use. When asking an expert a question at a deposition, avoid vague formulations that give the expert an opportunity to ramble or cloud the issues. Stick to short, pointed questions. If necessary, ask a follow-up question that can tie together or summarize a line of questioning into a concise and quotable sound bite.
22
H
igh-stakes patent litigation often devolves into a battle of the experts whereby each side presents a parade of renowned physicians, scientists, economists or statisticians. The opinions of these experts often constitute the most important evidence of liability or damages. Indeed, they may be the primary way that a party presents and explains its side of the client’s story. It is therefore surprising – and unnerving – that many patent litiga-
tors place so little importance on the pretrial depositions of experts. They wrongfully believe that an opponent’s expert will be too smart to give up any damaging admissions, or that their explanations will be too verbose or equivocal to be useful. Because of this belief, expert depositions often turn into a frustrating and pointless exercise. However, with preparation and planning, an effective expert deposition can turn the tide in a patent case. A prepared deposing attorney can draw
Q. Dr. Smith, the technology of the plaintiff’s patent relates to a component for a knee implant, correct? A. Yes, that is correct. Q. Has any of your own scientific research involved knee implants? A. No, I haven’t done any research specifically on knee implants. My research has related more to hip implants. Q. Have you worked on the development of any knee implants? A. No, I haven’t.
today’s gener al counsel apr/ may 2013
Intellectual Property Q. So your experience does not relate specifically to knee implants. Is that accurate? A. Yes, that would be accurate. (2) Incrementally, get the expert to agree with your position. One of the purposes of any deposition is simple discovery – to learn more about the facts and the opposing party’s theories. That does not mean, however, that a deposition should just be an open-ended fishing expedition. If nothing else, the deposition testimony will lock the expert into a position he or she cannot change during the trial. Indeed, a good deposition transcript will make later cross examination an easy task. Moreover, you can often get an expert to agree, bit-by-bit, with facts or theories that are helpful to your case (while the attorney defending the deposition cringes in the corner). A deposing attorney should seek testimony to use offensively, even if it is just on a minor point. Q. Dr. Jones, the patent-in-suit relates to an infusion pump, correct? A. Yes, that is accurate. Q. Dr. Jones, were infusion pumps known in the art before 2003? A. Yes, they were. They have been known since the 1960’s. Q. And an infusion pump with a separate reservoir and pump was known in the art before 2003, too, is that right? A. Yes, that was known. Q. And a flow control valve for an infusion pump was known before 2003, too. Correct? A. Yes, that element was known, too, but in a different pump. Q. So each of the elements of (a) a reservoir, (b) a pump and (c) a flow control value – each of these elements was known for infusion pumps prior to 2003, is that accurate? A. Yes, that is accurate. Each of those components was known. (3) Come at important issues from a different angle. Experts will be well
prepared to answer important questions in a very narrow context, and they will also be on the lookout for “red-flag” questions. Often, however, the expert will be unprepared to answer essentially the same question if you ask it in a different way. For example, in a patent case, an expert will usually be ready for questions about key terms in the patent. So instead of putting the patent in front of the expert right off the bat, think about how you can ask the same questions without ringing an alarm. You might be able to establish enough foundation through the witness’s experience or knowledge of products to simply jump right in and ask questions using patent terms without the expert realizing their importance. Here is a poor line of questioning that raises a red flag with the expert: Q. Dr. Jones, I am going to walk you through Exhibit A, the 111 patent. Turning to claim 1, one of the elements is a “computer printer in operable communication with a wireless transmitter.” Does Defendant’s accused product have that element? A. Yes, in my opinion. The printer can be hooked up to, for example, a laptop that has a wireless transmitter. Here is a better line of questioning that comes at the issue a different way: Q. Dr. Jones, you are familiar with Defendant’s accused computer printers, correct? A. Yes, I studied them. Q. The accused computer printers do not contain a wireless transmitter, do they? A. That’s accurate, the printers themselves do not have a transmitter. Q. The printer alone, if it is not connected to a computer, is not capable of wirelessly transmitting anything, is it? A. Yes, that is technically true. (4) Call out holes in any assumptions. An expert witness will often make broad conclusions based on only partial information or after having
only analyzed part of an issue. For example, the expert may have inferred from circumstantial evidence that a party did something unlawful or that an individual had bad intent. An expert may conclude that a defendant must have willfully infringed a patent or that a patent owner intentionally misled the Patent Office when obtaining a patent. When you dig a little deeper the expert may admit that such opinions are not based on any actual evidence, but only on supposition. A good strategy when deposing such an expert is to call out these instances and establish that the expert’s conclusion is based on unproven assumptions or incomplete facts. Q. Dr. Brown, you provide an opinion that Mr. White must have intended to deceive the Patent Office by withholding the ABC reference, correct? A. Yes, that is correct. Q. But you do not cite any evidence in your report of Mr. White’s actual intent, do you? A. No, I draw that inference from the other evidence. Q. Isn’t it possible that Mr. White simply overlooked the ABC reference rather than actively intending to withhold it from the Patent Office? A. It is possible I suppose. Q. And Dr. Brown, you are an expert on GPS technology, not psychology, isn’t that right? A. Yes, you are correct, I am not an expert on psychology. (5) Establish what the expert did not consider or analyze. Expert witnesses will generally be limited at trial to offering opinions and relying on documents and evidence that are contained in their report. It is often useful, therefore, to identify facts and evidence that the expert should have, but did not, consider. For example, the expert may have ignored key documents or evidence that contradict his or her opinions, failed to perform an important test or experiment, or ignored issues raised by your own experts. Some of the most powerful
23
apr/ may 2013 today’s gener al counsel
Intellectual Property testimony from an expert is testimony that establishes what the expert did not consider or analyze. Q. Dr. Black, in your opinion, Defendant’s method of synthesizing XYZ infringes the patent-in-suit, correct? A. Yes, that is correct. Q. Now Defendant’s method of synthesizing XYZ involves joining X to YZ using an enzyme catalyst, is that correct? A. Yes, that is right. Q. Dr. Black, did you analyze the prosecution history of Plaintiff’s patent? A. No, I didn’t.
24
Q. So you did not consider whether Plaintiff told the Patent Office during the prosecution of its patent that joining X to YZ using an enzyme catalyst does not fall within the claims of its patent?
Christopher Scharff is a shareholder at McAndrews, Held & Malloy in Chicago. His practice includes patent, trademark, antitrust and unfair competition litigation, as well as counseling clients on patent and trademark matters for mergers and acquisitions. csharff@mcandrews-ip.com
A. No, I did not consider what Plaintiff told the Patent Office. Q. Dr. Black, I am going to show you Exhibit X, one of Plaintiff’s internal documents. It states on page one “joining X to YZ using an enzyme catalyst is another very different approach to synthesis from what we have chosen to pursue.” Did you consider that statement in that document
Patricia McGrath is a shareholder at McAndrews, Held & Malloy in Chicago. Her practice includes patent, trademark, antitrust and unfair competition litigation, as well as counseling clients on patent and trademark matters for mergers and acquisitions. pmcgrath@mcandrews-ip.com
in arriving at your opinions? A. No, I did not consider that document. As these examples illustrate, using these five tips can result in powerful deposition testimony. At your next expert witness deposition be organized and prepared, and you might be able to catch an expert off guard – and obtain powerful evidence for your case. ■
today’s gener al counsel apr/ may 2013
Intellectual Property
Inside the Mind of the Non-Practicing Entity By Christopher D. Bright
I
ntellectual property is vitally important to the U.S. economy today. According to the U.S. Department of Commerce (IP Report, March 2012), IPintensive industries have accounted for as many as 40 million jobs, or 27.7 percent of all jobs in the economy. Put in other terms, these IP-intensive industries accounted for about $5.06 trillion in value added, or 34.8 percent of U.S. GDP. Between 2010 and 2011, there was 2.3 percent growth in patent-intensive industries, more than double the growth in nonIP-intensive industries. This growth coincides with the increase in patents issued by the U.S. Patent and Trademark Office. Thus the United States has progressed to a more IP-intensive economy, particularly a more patent-intensive economy. As the U.S. economy has become more patent-intensive, non-practicing entities, or NPEs – entities which do not practice the patents that they assert in litigation – have proliferated. According to a 2012 study by PricewaterhouseCoopers, NPEs have accounted for as much as 35 percent of patent decisions in the most patent-active district courts. It has been estimated that firms spend billions defending against NPE patent assertions. NPEs have a variety of business models, which can be described in broad strokes. But there is no strict definition for any of them, and no list of these models is exhaustive. One kind of NPE business model is a company with a patent portfolio acquired at a relatively low cost, perhaps from a non-recognized or non-industry source. This “Type 1 NPE” tends to acquire and assert patent portfolios against a large number of companies across several industries, with low affected revenues. Typically, the Type 1 NPE seeks nuisance-type settlements, early in the litigation. Another kind of NPE business model, the Type 2 NPE, is a company with a
25
patent portfolio acquired at a moderate cost, perhaps from a fairly well recognized industry source. The Type 2 NPE characteristically acquires and asserts patent portfolios against a smaller number of companies across a few industries. The Type 2 NPE tends to seek more significant settlements, and is often willing to carry at least some defendants all of the way through trial. Another business model, the Type 3 NPE, is a company with a patent portfolio acquired at a relatively high cost from a well-recognized source in the affected industry. The Type 3 NPE may have been formed by the company that allegedly invented the subject matter of the patent portfolio, and for the express purpose of asserting the portfolio It is important to understand how NPE’s operate and what makes their business models successful or unsuccessful, in order to effectively defend against them, set expectations for company management and identify strategic exit points from litigation consistent
with the company’s business goals. Companies considering forming NPEs can also better manage and leverage their own patent portfolios when they understand their NPE business model, the applicable legal framework, and the advantages and disadvantages of the NPE business model for asserting patents. ■
Christopher D. Bright is a partner in the law firm of McDermott Will & Emery LLP. He litigates U.S. patent cases and counsels clients regarding U.S. patents. He has successfully tried numerous patent cases, examining both expert and fact witnesses at trial and arguing at patent claim construction hearings. He has also argued before the Board of Patent Appeals and Interferences in the U.S. Patent and Trademark Office. cbright@mwe.com
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Intellectual Property
Take Care with Overseas Branding By Christopher J. Schulte
26
U
nited States companies are selling goods and services overseas at a record pace, as they continue to explore new foreign markets. Much of what is sold overseas is branded, carrying a name that helps consumers in other countries recognize, wherever they see it, that it derives from one familiar source. Thus hungry and thirsty consumers from London to Shanghai recognize that when they eat at a McDonald’s restaurant or drink a Coca-Cola, they are receiving, subject to minor local menu variations, the same quality and experience as other customers around the world. This franchising and global distribution of U.S.-branded products and services have made them some of the most valuable assets in the world. In 2012, the Coca-Cola brand was deemed by
the branding consultancy Interbrand to be the single most valuable brand in the world, coming in at almost $78 billion. McDonald’s was number seven at more than $40 billion. It is important to remember that this ranking is not the value of the companies, but rather the value of the brand used in connection with the goods or services. The United States is fertile ground for launching brands: Interbrand reported that in 2011, of the 100 most valuable brands world-wide, 49 percent originate here. Branding overseas, however, requires some extra care to be sure the effort is not wasted. A brand is considered under law to be a trademark, and trademarks are protectable in other countries, as they are in the United States. However, there are significant differences that can
affect a trademark overseas. First, consider how an English brand name may be translated and the glitches that might result. The most famous example of this is Chevy’s NOVA brand, which in Mexico translated to “doesn’t go.” Then there was Kentucky Fried Chicken’s “Finger Lickin’ Good,” which entered the Chinese market translated as “Eat Your Fingers Off.” A good linguistics company, usually a division of a larger branding or advertising agency, can catch these issues in the early stages. U.S. trademark law is somewhat unique in that trademarks that are not “inherently distinctive” can nevertheless be protected. A distinctive trademark is most easily protected everywhere. So a brand that is a coined term like XEROX for photocopiers, or
TODAY’S GENER AL COUNSEL APR/ MAY 2013
Intellectual Property
is arbitrary, like APPLE for computers, will be highly protectable worldwide. Trademarks that are more descriptive because consumers immediately understand the nature of the goods they represent (COASTER-CARDS for direct mailing coasters, for example) are inevitably less distinctive and therefore harder to protect, especially overseas. The best bet is to try to employ a trademark that is distinctive. As with any new brand, a new trademark to be used overseas should be checked for availability. Counsel in the United States can order and briefly review a “knock-out” search, to see if identical trademarks are registered elsewhere in the world. But in order to interpret these results, trademark lawyers in the relevant countries at issue must be retained. While U.S. litigation
over trademarks can seem uncertain at times, litigation overseas is much more problematic. Most countries do not employ a jury system, and their trademark laws can be very parochial at times. A proper clearance can reduce the risk of overseas litigation. Another important distinction is that in the United States there is common law protection for trademarks that have been used in commerce but not registered with the USPTO, whereas in most countries a trademark needs to be registered before the owner can derive any benefit. Too many brand holders have realized after shipments have started that someone else has filed to register their trademark for the same goods or services. This can be disastrous, as once a trademark is registered in a country it can be used at customs to preclude infringing imports.
However, the United States is party to treaties that are helpful on this issue. For example, the Paris Convention allows a U.S. trademark owner to file in other countries for up to six months from the date of its U.S. filing and still claim priority as of that U.S. filing date. This means a company can wait up to six months to file an application overseas, at which point the foreign trademark office will treat it as if it were filed on the U.S. filing date. One useful international strategy is to file in a foreign venue when use has not commenced in that country and may not do so for some time. This is known as a defensive filing. Unlike the United States, most other countries do not require intent on the part of the applicant to eventually use the trademark on actual goods and services. Moreover, given the fact that most countries use a first to file system, a defensive registration can hold a trademark owner’s place for a number of years and provide a basis to attack infringements exported from such countries. The language in which to file can be a consideration. The best approach is to file in English and in the local language, because unlike the United States, some countries do not consider them equivalent. International branding is a complex area under trademark law. To avoid problems in the potentially lucrative business of selling goods and services overseas, a U.S. company should take steps to be sure its international trademark approach is sound. ■
Christopher J. Schulte is a partner with Merchant & Gould in Minneapolis. He assists clients in the United States and overseas with trademark issues related to global portfolio management, clearance, registration and enforcement. cschulte@merchantgould.com.
27
apr/ may 20 13 toDay’s gEnEr al counsEl
E-Discovery
International Cloud Computing and the Protection of Personal Data By Paul Van den Bulck
C
28
loud computing is often presented as an opportunity for companies to reduce their investment costs in computer infrastructure by paying an external provider for actual services used. Cloud computing services vary, and may include online processing and storage infrastructure (remote data centers), online software (e.g., messaging software or file management) and online application development platforms. The cloud computing model can be especially attractive for small and medium-size companies that do not wish to, or lack the means to, invest and manage computer platforms or infrastructure. Cloud computing is generally of interest because it can enable file synchronisation, as well. Along with the potential financial benefits, the cloud model entails some risks involving personal data protection. This was highlighted in a July, 2012, opinion rendered by the group representing personal data protection authorities of the EU states, and it’s an opinion shared by some European national authorities as well, including the French data protection authority (CNIL) and the Information Commissioner’s Office, or the ICO, in Great Britain. In substance, all these authorities underlined the two main risks related to cloud computing: loss of control of personal data, and lack of transparency by the cloud computing service provider concerning the processing of personal data. CLIENT REMAINS LIABLE
Although the cloud computing services
its obligations by the use of subcontractors. This requires contractually ensuring that subcontractors are identified and that the service provider requires them to comply with all obligations that the service provider itself is subject to. TRANSFERS ABROAD
provider itself is the most informed about its own level of security, its client – the entity or person using the cloud computing services – remains primarily liable for compliance with personal data processing regulations. In fact, it is the client that decides on the purpose and means of personal data processing, while the provider is in principle considered a subcontractor. The likely imbalance of power in negotiations between a small client and a large service provider does not free the client from its liability vis a vis personal data protection. Thus the client must obtain from the service provider, in a written contract, assurance of compliance with personal data protection regulations, especially with regard to data integrity, confidentiality, transparency towards data subjects, data isolation, intervention on behalf of data subjects and portability. The client must also ensure that it has a way of checking – by means of an audit, for example – the service provider’s compliance. In addition, the client must ensure that the service provider does not dodge
Cloud computing infrastructures are generally spread out geographically, and thus data they handle may be transferred across borders. This does not cause problems within the European economic area (the European Union, Norway, Iceland and Liechtenstein), or when the transfers take place to other countries presumed to offer adequate data protection. When transfers involve any other countries, it may be another matter. In such cases, a client should insure that its cloud computing service provider is bound contractually or by strict company rules that ensure adequate protection. ■
Paul Van den Bulck is a partner at McGuireWoods LLP, in the Brussels office. His practice is focused on technology law, data privacy and security, intellectual property, media and entertainment law, and fair trade practices. He advises clients on all aspects of international and domestic data privacy and security. pvandenbulck@mcguirewoods.com
The Exchange The premier provider of interactive E-Discovery Conferences for the Corporate Market
CHICAGO | JUNE 11-12
NEW YORK | JULY 17-18
Discuss with Top Industry Leaders The Major E-Discovery Challenges Facing Organizations Today!
The only conference that provides an open dialogue and dissection of the entire E-Discovery process with real-life experiences. — Brandon L. Reeder, K&N Engineering, Inc.
Register Online todaysgeneralcounse l.com/ Today! ins titute
Visit www.todaysgeneralcounsel.com/institute
Corporate $125 • Law Firm $250 USE CODE TGCI50
2013 Program Sponsors
California CLE Accredited
2013 SCHEDULE Chicago June 11-12 • New York July 17-18 Houston Sept 17-17 • Los Angeles Dec 11-12
Todaysgeneralcounsel.com/institute Getting your CLE doesn’t have to be boring. For more information on this or one of our upcoming programs please contact: Nsignore@todaysgc.com mobile (201) 560-6591 office (201) 857-3841
MEDIA SPONSOR
APR/ MAY 20 13 TODAY’S GENER AL COUNSEL
E-Discovery
A Corporate Counsel’s Guide to Predictive Coding By Fernando A. Bohorquez, Jr. and Alberto Rodriguez
30
P
redictive coding. You’ve heard the press and sat through the panels, and you may even have read a case or two. As corporate counsel, at some point soon, if the moment hasn’t arrived already, you will be asked by your boss, outside counsel or maybe even a judge: “Is this the right case for using that ‘predictive coding’?” With today’s volume of electronically stored information and the ballooning expense of reviewing and processing it, any tool that can help manage e-discovery costs – the single largest
component of any litigation – makes sense. Predictive coding, we have been told, can do that. But before taking the plunge, here are a few considerations to keep in mind. • The “predict” in predictive coding is driven by human review and analysis. Predictive coding is computer-assisted or technology-assisted review that extrapolates human review decisions from a subset of materials – a sample or “seed” set – to classify documents in a larger data set.
Most of us have used something similar to predictive coding technology for years. Pandora and iTunes’ Genius are applications that select new music based on music already in your library or music we “like.” These applications predict playlists according to prior preferences. Predictive coding is based on the same technology, but with algorithms that determine relevant documents based on documents a lawyer has previously determined as relevant or not relevant. Another concept to keep in mind is predictive coding’s “iterative” work
toDay’s gEnEr al counsEl apr/ may 2013
E-Discovery
flow. Predictive coding typically requires first selecting and reviewing a control set of documents to measure the tool’s performance. Then training or seed-set documents are selected, reviewed and coded by attorneys. The attorneys in turn train the technology to replicate the reviewer’s judgments across the entire data population, to identify relevant and irrelevant documents based on algorithms. After train-
documents for which relevance determinations are typically more complex. Corporate counsel should understand that predictive coding may therefore require a substantial up-front investment in technology and lawyer time. As in many situations, saving money down the road requires investing time early on, and in the case of predictive coding that comes in the form of billable hours from senior lawyers most knowledge about the case.
then move on, because at some point down the line you or your outside counsel may need to defend the technology to your adversary, your boss or even the judge. The price of predictive coding’s defensibility may ultimately be transparency with your adversary and the court. Given the deluge of non-responsive data common to most litigation, co-
Ask the vendor to explain the technology in plain English. If it can’t, then move on, because at some point down the line you or your outside counsel may need to defend the technology to your adversary, your boss or even the judge. ing the system, the predictive coding decisions are tested against the control set with coding decisions made on this control set by lawyers. The process is repeated until the computer’s “understanding” of relevance is consistent with the attorney’s, and the predictive coding tool can be applied to the larger document population. Predictive coding is essentially the process of counsel teaching computers how to think like a team of lawyers when reviewing documents. It is therefore imperative that the attorneys most knowledgeable about the case be involved from the beginning of the predictive coding review. This means that senior associates or even partners may have to roll up their sleeves, do the document review and train the system. The process cannot be delegated to lawyers who are not subject matter experts on the case. In the old document review model, if an associate mistakenly coded a document, that error was likely limited to that document or group of documents the associate reviewed and corrected during the QC process. In the predictive coding paradigm, a coding error could slow the training of the software – which is tied to nuanced decisions about
Predictive coding technologies are not the same and vendors are not created equal. Don’t trust, just verify. One of the biggest concerns expressed by counsel and the courts is the “black box” nature of predictive technology. Understanding the technology and vetting the vendor is therefore critical. A tutorial on the statistical methodology and algorithms used by specific predictive coding technologies or vendors is outside the scope of this article, but that said here are some practical considerations for selecting a predictive coding vendor and technology: • Determine how established the vendor is in the e-discovery community and consider its reputation. • Assess whether the statistical methods and algorithms used by the technology are accepted in the e-discovery community. • Request demonstrations and conduct your own internal testing of the technology. • Ensure that the technology has an audit function to review accuracy and can generate reports that can be shared with opposing counsel and if necessary, the court. • Ask the vendor to explain the technology in plain English. If it can’t,
operation among counsel has become a cornerstone of modern discovery practice, and an important element of cooperation is transparency. In the groundbreaking DaSilva case, Magistrate Judge Andrew Peck made clear that the producing party’s transparency “allow[ed] the opposing counsel (and the Court) to be more comfortable with computer-assisted review, reducing fears about the so-called ‘black box’ of the technology.” The court recommended that “counsel in future cases be willing to at least discuss, if not agree to, such transparency in the computer-assisted review process.” If you are hesitant about disclosing your internal e-discovery protocols in a particular case, then predictive coding may not be right for you. Motion practice, judicial intervention and costs ensue when parties dispute the use or even the parameters of predictive coding. If past is prologue, any cost savings may be offset by motion practice costs if the parties do not cooperate up front and agree early on to predictive coding protocols. Hand in hand with transparency is defensibility. It is vitally important when using a new technology like predictive continued on page 35
31
APR/ MAY 20 13 TODAY’S GENER AL COUNSEL
E-Discovery
Ten Essential Best Practices in Predictive Coding By Warwick Sharp
T
32
his paper outlines emerging best practices in the application of predictive coding to e-discovery. Having moved past its early experimental stages, this technology is now approved by multiple courts in the United States and abroad and has become the most talked about topic in e-discovery worldwide. The classification technologies that underlie predictive coding applications in e-discovery have been used in a broad range of industrial and scientific settings for decades. Some of the best practices that have developed in these settings are analogous to those in the e-discovery setting. However, due to stringent defensibility requirements in e-discovery, it has been necessary to develop and define best practices that address the application of predictive coding technology. specifically to e-discovery. (1) Choose the expert with due consideration. Despite the marketing hype, predictive coding is not magic. It is a smart piece of software, one that can be trained to imitate the criteria used by a human being to evaluate a document’s relevance. In a sense, the software is encoding the intelligence and knowledge of an experienced attorney. But here’s the catch: predictive coding is a garbage-in, garbageout application. With quality input,
TODAY’S GENER AL COUNSEL APR/ MAY 2013
E-Discovery
predictive coding applications can generate outstanding results. But the technology will also encode “incorrect” guidance from the trainer. Thus, the first best practice is to give due consideration to the choice of the trainer. Commonly referred to as “the expert,” this person needs to be a knowledgeable attorney, with the authority to make review decisions that are likely to have a significant impact on the conduct and outcome of the case. (2) Begin with collaborative training. Collaborative training uses a team of two or three experts to train the system together. The collaborative approach is typically used for the first 500 or 1,000 documents. The rule is that the attorneys training the system are required to reach consensus on the relevance designation for each document. Tests using this approach show that at the outset of the training process, the attorneys will disagree on well over 50 percent of the documents. After a few hours, disagreement rates are close to zero. The process taking place here is that the group is progressively refining the concept of relevance that underlies the case. The distillation of a well-defined, well-bounded concept of document relevance helps ensure the quality of the system training. (3) Tag by “application-accessible” data. Most predictive coding systems in the e-discovery market focus their analysis on document content, rather than external metadata, such as date or custodian. It is important to instruct the expert to tag documents based on the data that can be accessed by the system. For example, if the predictive coding system captures only document
content, the expert should be instructed to tag documents based on document content only, regardless of metadata. Consider, for example, a document whose content is apparently responsive, but which falls outside the relevant date range of the case. Were this document to be tagged as not-relevant, the predictive coding application would be misled into “thinking” that the document content itself is not relevant.
issues might be North, South, East and West, with separate review teams specializing in each individual issue. (5) Separate control documents from training documents. To ensure the statistical validity and defensibility of the predictive coding process, it is critical that the “control” documents be kept separate from the “training” documents. The control set comprises a random, representative sample of documents
Be aware the technology will also encode “incorrect” guidance from the trainer.
The best approach is to cull by metadata prior to training the predictive coding application, thus avoiding any potential tagging errors. (4) Understand the distinction between the “super-issue” and individual or sub-issues. The super-issue, or master issue, relates to whether the document is relevant or not to the case, and is used to construct the review set. Documents with scores above the relevance cut-off score for the super-issue are passed on to review, while documents with scores below the cut-off are culled. Within the set of review documents, the individual issue scores are used solely to organize the review set and assign documents to the relevant review teams. For example, if the superissue is “Navigation,” the individual
from the collection. The expert tags the control documents as relevant or not. The control set then serves as the gold standard against which the results of the predictive coding system are tested. (6) Build control before training. The control set serves as an independent yardstick for measuring the performance of the predictive coding system. It is important to create the control set prior to training. This approach is in contrast with earlier methodologies, where the control set was created after training. The “control-first” approach facilitates use of the control set as an independent tool for monitoring of training. Rather than relying on intuition or arbitrary measures, the control-first strategy equips the user with an objective,
33
apr/ may 20 13 toDay’s gEnEr al counsEl
E-Discovery
concrete measure of the training process, along with a clear indication of when training can be terminated. (7) Use manual training mode. Automatic training refers to a training technique in which document relevance tags, generated by a team of reviewers in a standard review process, are fed into the predictive coding system. For example, for a collection of one million documents, re-
sions, to verify that input is consistent. For example, if two very similar documents are encountered in training and the expert tags one as relevant and one as not, best practice would dictate that this potential inconsistency be flagged for verification. Past its early experimental stages, this technology is now approved by multiple courts in the United States and abroad and has become the most talked
of the results generated by the application. One key test is to verify culling decisions. For example, using the distribution of relevance scores, the user may decide that documents with scores above 24 will be submitted for review, and documents with scores of 24 and below will be culled. An emerging best practice is to “test the rest” – that is, test documents below the cut-off line to double-check
Validate results. Review and tag a representative random sample from the cull zone and, based on the results, confirm or modify the cut-off point accordingly.
34
view may have been completed for 10,000 documents. Automatic training would use the relevance tags from these 10,000 documents to train the system to assess relevance in the remaining documents. In manual training scenarios, a reviewer is assigned to train the predictive coding system as part of an intensive, dedicated training effort. As opposed to the designations from a standard review, manual training tends to yield better quality input for predictive coding training. This is because the “expert” is very aware of the training process and the significance of each document to the overall outcome. In addition, training input from a single senior reviewer often tends to be more consistent than input from a large review team. Nonetheless, automatic mode can be a useful option in certain situations, such as plaintiff scenarios or internal investigations, where there is no onus to produce documents to opposing counsel. Howver, for document productions, where defensibility is paramount, the preferred approach is manual training. (8) Track training consistency. The need to track the consistency of the expert’s training input derives from the garbage-in garbage-out risk discussed earlier. Ideally, the predictive coding application monitors the expert’s input across various dimen-
about topic in e-discovery worldwide. (9) Use graduated relevance scores. Predictive coding systems typically generate, for each document, either a graduated relevance score (for example, on a scale of 0 through 100) or a binary designation (relevant or non-relevant). The graduated relevance score has a number of advantages. Most importantly, the graduated approach enables the user to intelligently control the volume of documents to be passed on to review. This is a key e-discovery business decision, which needs to be based on criteria of reasonableness and proportionality. These criteria vary from case to case, reflecting the strategic and financial significance of the case and the mix of risk and cost that the client is willing to bear. In addition, the graduated scores enable the implementation of new models in ediscovery, such as prioritized review (starting with the most relevant documents and working back) and stratified review (where high scoring documents are assigned for inhouse review, and low scoring documents are assigned for low-cost contract review). (10) Validate results. As emphasized in Judge Andrew Peck’s opinion in the Da Silva Moore case, quality assurance is a key component of the predictive coding process. The objective of quality assurance is to provide transparent validation
that the cull zone does in fact contain a very low prevalence of relevant documents. The expert will review and tag a representative random sample from the cull zone and, based on the results, confirm or modify the cut-off point accordingly. In conclusion, it should be noted that predictive coding is a dynamic, rapidly developing arena. The best practices described here will undoubtedly continue to evolve. In documenting them as they have taken shape over the past year or so, the intention is not to define a universal textbook template for the generic predictive coding project, but to provide a platform from which it will be possible to develop, refine and create new and better practices as the e-discovery industry continues to assimilate the game-changing technology of predictive coding. ■
Warwick Sharp is a co-founder of Equivio, where he leads marketing and business development.
toDay’s gEnEr al counsEl apr/ may 2013
E-Discovery
Guide to Predictive Coding continued from page 31 coding to establish its defensibility under the Federal Rules of Civil Procedure. This means understanding the technology well enough to explain what was done and being able to prove that the process produced responsive documents with reasonably high recall and precision.
Nolan urged the parties to compromise, the plaintiffs withdrew the motion to compel the use of predictive coding. Most recently (October of 2012), in EOHRB Inc. v. HOA Holdings (aka the “Hooters case”), the Delaware Chancery Court ordered from the bench that the par-
in small-stakes cases where a linear, more traditional approach may be more effective. Predictive coding has great potential to help corporate counsel manage the skyrocketing costs of e-discovery, but it is not a silver bullet, and it doesn’t run on auto-pilot. Keep in mind the essentials: It’s
Predictive coding is generally not helpful in small-stakes cases where a linear, more traditional approach may be more effective. Courts have tentatively given a green light to predictive coding, but little direction. Last year, several courts weighed in to varying degrees on predictive coding. However, only one decision, DaSilva, in the Southern District of New York in February of last year, really explained what predictive coding is and why it was defensible in that particular case, where notably the parties had already agreed to the use of the technology and the dispute was over the protocols. In that case, Judge Peck set the predictive coding stage with a comprehensive opinion holding that “computer-assisted review is an acceptable way to search for relevant ESI in appropriate cases.” If you are serious about predictive coding, then as corporate counsel you should read that case. On the heels of DaSilva, in April of 2012, came Global Aerospace, the first and still the only case ordering the use of predictive coding over plaintiff’s objection. In January of this year the Global Aerospace court approved the results of defendants’ predictive coding protocol, which identified 173,000 relevant documents for production, culled from a data set of 1.3 million documents. Another 2012 case, the much touted Kleen Products case in the Northern District of Illinois – essentially pitting predictive coding against keyword searches – ended up being more about cooperation than predictive coding. After several hearings where Judge
ties show cause as to why they should not use predictive coding. Notably, the transcript reveals both sides were surprised, as neither had raised discovery concerns, much less concerns about predictive coding. Aside from DaSilva, perhaps the most interesting predictive coding precedent is not a decision at all, but rather a discovery order in a multi-party federal litigation (In re: Actos (Pioglitazone) Products Liability Litigation, July of 2012). In that case, parties agreed on a detailed case management plan with a comprehensive predictive coding protocol. Predictive coding is more appropriate for some cases – and for some uses – than others. When determining whether to invest in predictive coding, it is important to consider the size of the litigation. Predictive coding is most appropriate for cases with substantial volumes of ESI or documents (100,000 or more) and where the cost of manual review or keyword searches would be prohibitively costly. It can also be used effectively in class actions and regulatory matters requiring a quick response, in that it can efficiently prioritize documents for human review while simultaneously eliminating irrelevant documents. It can also be used to sift through “document dumps” in the other side’s production to find responsive documents early in the case. On the other hand, predictive coding is generally not helpful
essential to enlist knowledgeable – and costly – senior counsel to teach the machine the case. You need to vet reputable vendors who can bring online easy to understand and defensible technologies. Use counsel who are comfortable with the workflow and technology, and make sure your corporate counsel understand and can maintain the high level of transparency necessary in disclosing predictive coding protocols. ■
Fernando A. Bohorquez, Jr., is a litigation partner with BakerHostetler in New York. He represents corporate and institutional clients in a broad range of matters, including business, bankruptcy commercial litigation and intellectual property disputes. He is a member of the firm’s E-Discovery Advocacy and Management Team. fbohorquez@bakerlaw.com
Alberto Rodriguez is lawyer in government practice in New York and an adjunct professor at Columbia University School of Law. alberto1120@yahoo.com
35
APR/ MAY 20 13 TODAY’S GENER AL COUNSEL
E-Discovery
So You Think You’ll be Sued A Practical Checklist By Richard M. Dunn and MaryTeresa Soltis
M
36
any have been there. Your department receives notice of an accident, a copyright dispute arises, or an employee files a claim with your local employment commission as precursor to a claim for benefits or discrimination. Your first thoughts are, “Will we be sued, and what is the likelihood of success?” But developments over the past few years make additional questions necessary: What electronic data may be relevant? Where is it stored? How am I going to effectively and defensibly preserve and produce it? Today, just about everyone uses electronic devices to create and store data. Additional data is stored on the cloud, through the use of share points, drop boxes and social media sites. Companies use databases, websites, and “eRooms.” Compare this volume of potentially relevant information with the paucity of electronic discovery you are likely to receive from the injured party when that notice of an accident becomes a lawsuit. If thinking of this asymmetrical situation leaves you inclined to settle, fear not. In the spirit of Letterman’s Late Show, we offer these Top Ten Things You Should Know About Electronic Discovery. Number 10: Know your responsibilities. The discovery of ESI is a fact of life in most litigation. Federal Rules require that it be addressed as early as the Rule 16 Conference. These rules place affirmative duties on in-house and outside counsel to preserve and produce potentially relevant information. They apply with equal force to third parties responding to subpoenas. The key is to get in the game and be on the offense long before the Rule 16 Conference – as early as notice of a potential lawsuit.
Number 9: Know when to issue a litigation hold. You must issue a litigation hold whenever you are, or should be, reasonably aware of anticipated litigation. Notice of an accident or claim or an administrative agency’s issuance of a right to sue letter are all events that trigger the obligation to issue a hold. Number 8: Know what a litigation hold should cover. A litigation hold is a legal obligation to preserve documents relating to current or impending litigation. The audience receiving that document is often made up of non-lawyers who may be more likely to place it in the circular file than they are to read it, let alone understand the implications should something be lost or destroyed. Your obligation is to preserve potentially relevant documents. Since you are relying on your employees to identify and preserve these documents, describe the litigation in plain language, give examples of the types of data to be considered and preserved, and identify one point person for preservation-related questions. You should also explain the consequences of non-compliance and officially suspend any document destruction policy. Number 7: Know your custodian. Often, these are individuals who were involved in the claim, the accident investigation, or who may have received complaints or reports regarding the person, product or vehicle at issue. These individuals should participate in a custodian interview and acknowledge their understanding and willingness to comply with the hold. Number 6: Know your sources of potentially relevant information. How much ESI are you dealing with, and in what form? Where is that informa-
tion, and how can you effectively and economically preserve it? The answers are found in the custodian interview, a “sit down” with your identified custodians. This is often your first chance to learn about key players in the litigation. Use your time with them to learn “who, what, when, where and why” with respect to the custodians and their potentially relevant ESI. This information will allow you to make informed and strategic decisions as to what needs to be preserved and how to preserve it. It will also give you a good idea of potential issues and problems. Number 5: Know your IT department: The collection and preservation of ESI is not a one or two person
TODAY’S GENER AL COUNSEL APR/ MAY 2013
E-Discovery
job. You need the help and input of a knowledgeable member of your company’s IT department and/or an outside forensic consultant. Involve them early so that you have a clear understanding of the company’s systems and data sources. Having an IT professional with you during the custodian interview and preservation process is crucial to your ability to develop strategic protocols that make good business sense and are defensible in court. Number 4: Know your preservation and review protocols. You may be hearing that there is so much information involved that it makes more sense to settle the case. Not so fast! Remember, your duty to preserve potentially relevant information is broader than your duty to produce information that is relevant or reasonably expected to lead to the discovery of admissible information. Once your custodian interviews are conducted, your litigation holds are signed off (and periodically updated) and the information you have identified is preserved, your efforts – aside from your continuing duty to monitor compliance with the hold – are complete, unless and until suit is filed. Resist the urge to review and produce any more than is absolutely necessary. Choose a collection and review tool that makes sense for your review team and the company. Do not review everything you have preserved. You are now in litigation, you know the case theories and issues, and your review should be tailored to those points. Educate your litigation counsel (who, in turn, should educate your adversary) as to the volume and types of information involved. A litigant will often issue broad discovery requests with no concept of how much information is involved, only to later complain that he/she was the victim of a “document dump.” Be willing to engage the other side before review and production and set parameters on the production of ESI. Finally, develop review protocols that are specific to each data source. For example, certain databases are searchable, but only by certain fields.
Certain custodians may archive their emails while others may not. And you may not need to review all of the information on the company’s shared drive if you have (from your custodian interviews) the screen paths to the specific folders in which the preserved ESI is located. Number 3: Know when to seek court intervention. The standard is not that you must preserve, review and produce everything. Proportionality is key. By the time you are reviewing and producing documents, you are much more knowledgeable about your company’s system and data sources than your adversary. Use that knowledge to your advantage to come to agreements limiting what will be reviewed, and how, what, when and in what format you will produce ESI. Use that same knowledge to seek the court’s intervention, to educate the judge as to the undertaking and your efforts, and to continually control the scope, timing and cost of producing ESI. Number 2: Know the consequences of non-compliance. This is one of the easy ones. There are plenty of horror stories about the consequences of failing to properly preserve and produce ESI. We are not only talking about the loss of the proverbial “smoking gun.” A gap in production or a failure to search certain sources of potentially relevant ESI can be just as fatal. The courts have wide latitude to impose sanctions and consider the fault (or lack thereof) of the party who destroyed or failed to preserve relevant evidence; the extent of prejudice to the opposing party; and whether a less severe sanction is available that will deter future conduct. If you are faced with a spoliation allegation, your work on the front end of the e-discovery process should go a long way to defeat or reduce the severity of the sanction sought. Number 1: Know thyself. The most fundamental advice we can offer on this topic is to know your company and the types of ESI it produces and
stores. Know your custodians of potentially relevant information, many of whom are likely to be witnesses should your case proceed. Know your review protocols and processes for the preservation, collection and review of ESI. Know where your good and bad documents are, so you can assess and reassess your strategy, and work toward a favorable outcome. Be flexible and willing to re-evaluate your e-discovery strategy at key points to ensure efficiency, effectiveness and defensibility. Finally, be transparent. Tell the other side, and the court if necessary, what you are doing and why. Document your efforts, your decisions and your reasoning, anticipating that a judge and/or the public may one day read about them. ■
Richard Dunn is the managing partner of Cozen O’Connor’s Miami office. He focuses his practice on complex business litigation, including aviation and maritime defense, construction defect, products liability/complex tort, insurance coverage and employment litigation. He is chair of the International Association of Defense Counsel’s Transportation Committee. rdunn@cozen.com
MaryTeresa Soltis is a member in Cozen O’Connor’s Commercial Litigation group and an active member of the firm’s E-Discovery Task Force. Her practice is focused on litigating product liability and complex tort matters, including those related to aviation and construction accidents and food-related illnesses. She practices in the firm’s Philadelphia office msoltis@cozen.com
37
apr/ may 20 13 toDay’s gEnEr al counsEl
E-Discovery
Leveraging the Value of a Document with Multi-Matter Repositories By Robert Omeljanivk and Eliot Davidoff
38
C
onsider the worth of a document. To the employees, managers and executives who send and receive countless documents each week, it may represent an abstract sort of value – a directive expressed, a factor considered, a decision made. Still, few pause to consider that they have created value each time they hit “save” or “send.” When a legal action arises, however, the worth of a given document often becomes clear. As each email message or file that pertains to the matter becomes subject to e-discovery, it
accrues value as it flows through the routine and costly progression of collection, processing, review and production. The company will need to bring in specialists to collect the document, extract its metadata and index it to make it searchable. Attorneys will then enter the picture, combing through the content to make determinations on responsiveness and privilege. Although technology-assisted review (TAR) and other software solutions have emerged to make these processes more efficient, the cost remains unavoidable. By this point, the amount of money
put into the document has skyrocketed, but its value to the company has consequently been established. It is no longer just a document. It has become work product, and to discard that work product at the end of a matter is to throw away valuable information that the company has created at considerable expense. Much of it, in fact, is reusable, because companies tend to encounter similar themes and witnesses across multiple matters. Increasingly, legal professionals, in conjunction with litigation technology providers, are
toDay’s gEnEr al counsEl apr/ may 2013
E-Discovery
exploring how best to preserve and reuse documents or features of documents from matter to matter, thereby retaining the value of work product, whether it concerns an email or any other relevant document type. BUILDING A REPOSITORY
The cornerstone of any data-reuse initiative is the development of a multimatter repository to hold documents and associated data that are potentially
e-discovery software should be capable of storing not only the tens of millions of individual documents the repository may hold, but also each piece of metadata associated with those documents. For example, some SQL database offerings (the software underlying many e-discovery platforms) can store billions of rows of information when properly designed. But repositories consisting of tens of millions of documents will have associated quantities
matter repository may comprise databases that serve three separate tiers of use: • Early Case Assessment (ECA): This would allow the search of all available documents for purposes of fact-gathering, search term and TAR testing, and isolating document subsets for review. • Review: The review tier may consist of a single database or, as the number and types of matters and level of
To discard e-discovery work product at the end of a matter is to throw away valuable information that the company has dedicated considerable expense to create.
pertinent to multiple actions or investigations. The cost of creating such a system is nominal compared to the value and savings it can return. The first step in creating a functional multi-matter repository is identifying a set of existing or prospective matters with enough shared themes or custodians to make the effort worthwhile. For instance, one corporation may face multiple product liability lawsuits with shared traits, or one senior executive may be a custodian of data relating to every intellectual property action brought against an organization. In order to identify appropriate opportunities for deploying a multi-matter repository, companies and their outside counsel should maintain organized, up-to-date records, and they should take a big-picture view of a company’s litigation portfolio, so as to be able to draw connections between matters. CONFIGURING A REPOSITORY
As companies work to perfect this process, a few features have emerged as key to a successful and useful multimatter repository. The first is scalable database architecture. The repository’s
of metadata – the To, From and CC entries on emails, for instance – that will quickly push technical limits unless the e-discovery platform is designed and implemented correctly. Before choosing any system, understand its limitations and plan accordingly, so that unexpected setbacks do not arise while multiple matters are active. A multi-matter repository system needs to be adaptable and able to handle the variety of configurations that different sets of matters may require. It may be possible to store, review, and produce as many collected documents in one database as the software allows, but running an excess of concurrent reviews through a single database can present logistical and performance challenges for legal teams and administrators. The software should account for different security views and restricted access by select users, although it can only go so far in managing an ever-growing web of user interactions across multiple matters. Instead, some companies are choosing to create multiple databases that communicate with one another through controlled interactions. For example, a multi-
complexity of the various reviews rise, it may become more appropriate to establish multiple review databases. • Production: Whether a single production database or set of databases, company-produced data and other parties’ productions would require similar analysis. Here, however, larger numbers of matters would lend more to a single production database to facilitate reproduction of data from one matter to another. Once an initial matter is identified, discussions between a company’s counsel and e-discovery provider should focus on identifying both the best way to configure the repository to facilitate the future reuse of the company’s data and the type of data that can be reused. With adaptable and scalable e-discovery software, it is possible to begin with single matter configurations and then switch to a multi-matter repository as the need arises. However, when counsel is armed with enough information regarding pending litigation, identifying the need to create a multi-matter repository early on can provide a valuable head continued on page 43
39
apr/ may 2013 today’s geneR al counsel
Human Resources
Rewriting Employee Handbook Policies on Social Media By Audrey Mross
40
today’s geneR al counsel apr/ may 2013
Human Resources
A
s a former HR professional, before practicing law, I can recall when employee handbooks were largely a creative writing exercise. Employers penned work rules that fit their business, and so long as they were applied consistently and without regard to the employee’s race, age, religion and the like, they were OK. Those days are gone, and the cause of your next dispute with an enforcement agency is probably lurking in your employee handbook. Savvy employers, especially those with multi-state operations, know that employment actions are regulated at the federal, state and even local level. Access to personnel files, meals and breaks, smoking, time off for jury duty or for other reasons, the timing of final paychecks and many more issues are governed by law and not by employers’ preferences or past practices. The latest additions to this list are policies that address employee behavior and their communications, whether at work or after hours and off premises – including those done via social media. This interest by the National Labor Relations Board will catch some employers off guard, since they mistakenly believe the NLRB’s jurisdiction is limited to employers that have labor unions or are involved in an election process. But unless your workers fall into one of the statutory exclusions, such as air and rail services employees covered under the Railway Act, you will be subject to the National Labor Relations Act. Within the NLRA is section 7, which gives employees the right to self-organize; to form, join and assist a union; to bargain collectively with the employer via their union rep; and “to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection” (and to refrain from these activities). Section 8 of the NLRA goes on to deem it an unfair labor practice (ULP) for an employer to “interfere with, restrain, or coerce employees in the exercise of” their section 7 rights. How can a social media or other policy that mandates respectful conduct
toward others be construed to run afoul of section 7? The trend in this regard began with a November, 2010, ULP filed against an ambulance company, American Medical Response of CT, Inc. An unhappy worker called her supervisor a “scumbag” on her Facebook page, and some of her co-worker “friends” posted their agreement, prompting further discussion about the workplace. The employer discovered the Facebook post and fired the worker for violating the company’s Internet use and blogging policies. These policies prohibited employees from making “disparaging, discriminatory or defamatory comments when discussing the company or the employee’s superiors, co-workers and/or competitors.”
Any policy that broadly bans discourteous conduct poses a risk.
The NLRB’s position was that the discussion between the employee and her co-workers about their employment was protected, making the termination unlawful. The parties settled the matter, with the employer agreeing to revise its policy, while the terms of settlement with the individual remain confidential. In August, 2011, the NLRB’s Acting General Counsel posted the first of three memoranda focused on social media policies. Each summarizes about a dozen cases, mostly leaving employers flummoxed as to where the line had been drawn between protected and unprotected employee activity via social media.
September of 2011 brought the first decision, Hispanics United of Buffalo, Inc., requiring back pay and the rehire of employees who had been fired for their collective Facebook grousing about who worked hard and who did not. Another case decided that same month was more useful, as it contrasted a reason to terminate employment that withstood NLRB scrutiny to one that did not. In Karl Knauz Motors, Inc., a BMW dealership hosted a sales event to showcase the new Series 5 cars. The sales team was mightily displeased with the hot dogs (“over cooked wiener and a stale bun”), chips, a cookie platter and bottled water served to prospective buyers of the luxury vehicles. A few days later, there was a mishap at the Range Rover dealership next door, involving a 13-year old boy who was allowed to take the driver’s seat. He mistakenly hit the gas, ran over his dad’s foot and launched the expensive vehicle into a pond, tumbling a sales rep into the drink from the passenger seat. The two dealerships had common ownership. One of the BMW sales reps posted pictures on his Facebook page and made mocking comments about both the lowbrow chow and the water-logged Range Rover. Friends, including co-workers, added their comments. The employer became aware of the posts through complaints of other Land Rover dealerships and fired the salesman. When the case was heard, the discharge was upheld to the extent it was based on the humiliating comments directed toward the Range Rover customer with the errant kid, and not the community kvetching over substandard food. See the difference? To be protected, the activity must be concerted, which means it involves discussion among at least two co-workers, and the subject of the discussion must be terms and conditions of employment. Since the sales team’s Facebook responses and some other discussion expressed concern that sales commissions would be negatively impacted by the serving of less-than-stellar food, those discussions met both of those tests. But the gleeful post of pictures of a doleful teenager, a drenched
41
apr/ may 2013 today’s geneR al counsel
Human Resources
42
sales rep and a ruined Range Rover – with snarky comments like “Oops” – had nothing to do with pay, benefits, and other working conditions and did not prompt co-worker discussion of the same. There have been two additional memoranda from the NLRB’s acting GC about social media cases, and the last one includes a revised social media policy that has been blessed by the agency. All three memoranda are available on the NLRB’s website. Several states (including California, Delaware, Illinois, Maryland, Missouri and New Jersey) have banned employers from asking for job applicant and employee social media passwords, and similar bills are pending in other states. In 2012, two U.S. Senators drafted legislation to create a federal ban, and they also asked the Equal Employment Opportunity Commission and the Department of Justice to opine as to whether employer password demands violate federal anti-discrimination and computer privacy laws. To muddy the waters, a September 2012 case involving Costco includes holdings that contradict the advice in the acting GC’s three memoranda, including the effect of a so-called “savings clause.” The acting GC says a savings clause – which tells employees that the employer’s ban does not apply to the extent it conflicts with applicable law – will not save an overbroad policy. The court in the Costco case recommended inclusion of a savings clause in policy statements. It does not appear that the NLRB will dial back its position, despite employers’ protests. It claims that it is simply applying a well-established standard to a new means of communication – ignoring the fact that person-to-person discussions generally do not have the potential to spread like wildfire, the way that a Facebook post or Twitter tweet does. Furthermore, when seeing and/or listening to a complainant, the listener can evaluate the credibility of the speaker by observing body language, hearing an edge in the voice, or by just knowing the person through workplace contact and reputation. Those who partake in social media often
have no direct contact with or knowledge of the originating party, especially when the message has been shared to the point of “going viral.” And once harmful messages about co-workers, the management team, customers, the company’s products or services and the company itself are out, there is little hope of effectively containing or controlling them. Employers may get a temporary respite via the D.C. Circuit Court of Appeals decision in Noel Canning v. NLRB (January, 2013). That case held that the January 4, 2012, recess appointments of three NLRB members (Sharon Block, Terence Flynn and Richard Griffin) were unconstitutional and called into question hundreds of decisions in which they participated, including the Costco and Karl Knauz decisions, which therefore may be invalid due to lack of a quorum. Until these cases percolate into the judicial system, where a court may find the NLRB has misinterpreted sections 7 and 8, here is what employers can do:
1
Confirm whether or not the NLRA applies to your company. Do your workers fall into one of the excluded categories, such as public sector employees or independent contractors?
2
Review your handbook policies on communications and personal conduct. Any policy that broadly bans discourteous conduct poses a risk. In the Karl Knauz case, the Board decided a courtesy rule violated section 8 based on one sentence. The policy said “Courtesy is the responsibility of every employee. Everyone is expected to be courteous, polite and friendly to our customers, vendors and suppliers, as well as to their fellow employees. No one should be disrespectful or use profanity or other language which injures the image or reputation of the Dealership.” The last sentence, the Board concluded, did not leave room for protected, constructive criticism.
3
If you have a broad policy, or no policy, the fix is to narrowly define the kind of conduct that will result in disciplinary action. It could be, for example, disclosure of
the company’s confidential information (or that of its customers), or discrimination/harassment that violates your EEO policy.
4
Based on the Costco case, include a savings clause. Expressly state that the policy does not apply to situations where two or more employees are discussing their terms and conditions of employment in a manner that does not violate the company’s policies that relate to disclosure of confidential information, discrimination or harassment.
5
Pull up a copy of the Acting GC’s third (May 30, 2012) memorandum from the NLRB website and use the attached “scrubbed” social media policy as your guide.
6
At this point, there is no federal requirement to inform your employees of their rights under the NLRA. The NLRB wants to mandate a workplace poster to do that, but enforcement of the mandate has been enjoined since April of 2012 by a district court in South Carolina.
7
Train your management team about the NLRB and other employment law basics. This is especially important in organizations where employment decision-making is decentralized and there is no HR and/ or legal department safety net to identify and stop risky choices.
8
Keep an eye open for new state law and, potentially, federal law that prohibit employers from asking for or demanding social media passwords from job applicants and employees. ■
Audrey Mross is senior partner and chair of the Labor & Employment section at Dallas-based Munck Wilson Mandala, LLP. amross@munckwilson.com
toDay’s gEnEr al counsEl apr/ may 2013
E-Discovery
Multi-Matter Repositories continued from page 39 start. In-depth communication between company, counsel and the technology provider can help identify such scenarios as they appear on the horizon. A DATA-REUSE WORKFLOW
After deciding to build a multi-matter repository, companies should look at what features of documents are reusable. Under a three-tier configuration as described above, the ECA tier will present a ready repository to reuse the basic features of processed documents, such as their content and extracted metadata for searching and analysis. Moving into the review tier, the ideal approach would be to map out the review schedule for multiple matters and completely finish one matter before beginning another. Under such a scenario, all coding decisions from the first matter can be automatically transferred to the duplicative documents in the second matter. However, complete coordination and tidy closed-off cases are unlikely, so it is important for companies to choose the right pieces of coding to transfer and the appropriate points in time at which to execute the transfers. While responsiveness criteria can often differ between cases, privilege determinations tend to remain uniform – fortunately, because typically this is the most costly step in e-discovery on a per-document basis. Privilege calls are readily reusable between matters, generating the most return on investment in the development of a system to reuse data. To successfully leverage coding decisions across matters, counsel should commit to using consistent criteria and coding choices. Establishing a universal protocol at the outset and applying it to each matter will make the work product easily transferrable and avoid costly and time-consuming reconciliation later on. That said, some reconciliation will always be required as part of a sound quality control regimen. Timing and synchronization of coding across matters are important fac-
tors. Propagating every coding decision, even those that may soon be changed or overruled by senior members of the review team, will likely lead to confusion and discrepancies. Therefore, reusing coding among live cases should be restricted by a finalization process. For instance, coding may only be eligible for reuse once documents have been produced or placed on privilege logs. At the production tier, establishing a single consolidated database for all outgoing and incoming productions ensures that each case team can access all the possible related production documents for fact-gathering purposes. This repository also offers a means to leverage the full power of produced documents, in which a great deal of time and money has been invested. Documents produced in one matter that meet production eligibility for another matter can be exported for production directly, without having to retread prior processing and multi-tier review steps. Under this approach, documents that lawyers coded and confirmed in previous matters gain additional value as “seeds” for new matters. Moving forward, legal teams have the opportunity to combine the multi-matter repository approach with computer-assisted review, visual clustering, and other approaches to multiply the value of the reused work product by applying it to similar documents that have not yet been subjected to review. Each time this cycle repeats, the existing data becomes increasingly valuable, lessening the time and cost burden of meeting future production obligations. The value of reusing data takes multiple forms. The most obvious are the costs and time efficiencies that result when document processing and review become a singular event. Privilege and issue coding decisions have already been made, and this work can be reduced or avoided entirely for subsequent matters where the document is in issue.
Importantly, this approach increases consistency and accuracy across different legal teams and different matters. Reusing privilege coding across matters can reduce the likelihood of inadvertently producing privileged material or inconsistently applying production criteria. Across related matters, such discrepancies may become an embarrassment – or worse, a material issue of contention. Building a system that allows companies and their counsel to reuse work product in an intelligent and strategic fashion decreases costs, saves time, reduces risk and ensures high quality results. ■
Robert Omeljanivk is a managing director in the FTI Technology practice, based out of New York. He leads consulting projects in complex litigations, investigations and transactions, specializing in defensible e-discovery strategies for corporate and legal clients. His recent engagements include construction oversight of multi-matter corporate repositories containing tens of millions of documents for multiple concurrent active matters. robert.omeljanivk@fticonsulting.com
Eliot Davidoff is a director in the FTI Technology practice, based in San Francisco. For the past five years, he has consulted with Fortune 500 companies and their outside counsel on e-discovery issues, partnering with legal teams on approaches to document review and production. He has particular expertise in FTI’s Ringtail document review platform. eliot.davidoff@fticonsulting.com
43
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Human Resources
44
TODAY’S GENER AL COUNSEL APR/ MAY 2013
Human Resources
“Bring Your Own Device” Programs Create a Nest of Policy Issues By Todd Scherwin and Raul Zermeno
I
t seems like only yesterday that company-issued cell phones were the norm. It was very common to see employees carrying two cell phones, one for personal use and one for business. Those days are long gone. We are now seeing a relatively new trend in the workplace – commonly referred to as a bring your own device (BYOD) program – whereby an employer permits employees to use their own device (laptop, tablet, smartphone, etc.) to connect to company servers and access company information. Whether or not to allow employees to use their personal devices for work purposes is an issue that virtually every company will need to address in the near future. Without a doubt, a BYOD program brings many benefits to both the employee and the employer. For an employer, a BYOD program may reduce expenses, as it obviates the need to purchase and maintain some expensive company-issued devices. And it can increase productivity, as employees will gain access to company information, including emails, from virtually anywhere at anytime. But it also brings potential legal challenges for employers, in such areas as privacy, wage and hour issues and trade secrets, and the need to address some critical policy issues. When considering a BYOD program, a company should first identify which employees, if any, should be granted access to company servers. Of course the criteria should be based on an employee’s job duties and responsibilities, and not legally protected categories, such as gender, race, or religion. A blanket BYOD program whereby all employees have access may not be advisable. It may not make sense for a fast-food restaurant chain to allow its cashiers access to company information on their cell phone, but the company may decide to provide access to a district manager of ten stores. That’s an extreme example, but it illustrates the importance of the first step: Identify precisely which employees will be provided access to a company’s server through their personal device. Taking this initial step will enable the company to clarify its preventative measures to ensure compliance with company policy. continued on page 53
45
apr/ may 2013 today’s Gener al counsel
Governance
Companies Want GC to Foresee Risk By Richard H. Girgenti and Bryan H. Jones
46
I
n our current economic landscape, two significant factors for companies are heightened sensitivity to risk and the demands of regulation. At the same time, organizations around the world are seeking strategies to grow the top line revenue in stagnant or slow-growth economies, as they work to position their operations for success over the long term. These demands make the role of corporate general counsel more important than ever and are motivating companies to define that role in new ways. It is not enough for the GC to become involved at checkpoints on an operational project. The GC needs to be acting continuously
to help the organization foresee risk. Intrigued by the effects of heightened sensitivities to risk and regulation in today’s business environment, KPMG International conducted research to understand how firms around the world are using the skills of their general counsel. Beyond the Law: KPMG’s Global Study of How General Counsel are Turning Risk to Advantage solicited input from 320 general counsel in 32 countries, covering major industry sectors and organizations operating in both mature and high-growth markets. In more than 300 interactions with GC, one of the most prominent themes
was a profound concern about the outsized impact of regulation. More than 90 percent of respondents said that regulatory volume and complexity constitute the “greatest risk” to their organizations. Within these broad concerns, the top regulatory issues over the next five years are expected to be competition and antitrust, consumer protection and anti-bribery/corruption. Overall, 59 percent of GC expect more regulatory disputes, and 52 percent expect more disputes in competition/anti-trust. This business landscape requires more adept risk management. The GC, therefore, must be closely involved in decision making and strategic planning, in order to
today’s Gener al counsel apr/ may 2013
Governance
foresee any potential to stem regulatory disputes and head off risk. Nonetheless, today many general counsel feel that they are still seen as the traditional last-stop for approval – or worse, as a “necessary evil,” a phrase used by about a third of those interviewed. Our research showed that fewer than one-third of GC are currently focusing on anticipation of risks as one of their top three tasks. Traditionally, the role of the GC was detached from business goals in order to enable robust, independent legal advice. Now, to expand their role and help their organizations to achieve strategic objectives, GC must engage in commercial decision-making — yet still remain the “legal conscience” of the business. Rather than just saying, “No” when they think business proposals are contrary to legal interests, leading GC understand their organizations’ objectives and help plan in advance a route to achieving them with legal risks in mind. According to one general counsel, “You can’t have perfect future vision, you have to take certain calculated risks, and the company relies heavily on its lawyers in helping to evaluate and measure those risks and to see as far into the future as we can.” Still, many GC today feel they are not as involved in business strategy as they would like to be. Some progress is being made on this front, with more than 67 percent of GC surveyed saying they have become more involved in business decisions than they were five years ago. But there is work to do: A third of respondents acknowledge their organizations still see the legal department simply as reactive. Eighty percent of general counsel said that early involvement of their departments in operational activity can pre-empt future legal issues, while 79 percent agreed that companies can excel when they involve legal teams early in the commercial decision-making process. In North America, 96 percent of respondents felt that way. However, only 74 percent say they are more involved than they five years ago. The role many GC envision moves beyond reacting to events, and includes anticipation of risks at an earlier stage.
In order to anticipate problems and find solutions, however, GC said that it’s necessary to have a deep understanding of the business earlier in the strategic process. As one attorney put it, “Pure legal decision making and just managing a legal process is not going to cut it anymore. We really need to understand the context.” To appreciate the full impact of new risks and issues, GC must develop new skills, striking a balance between full involvement in decision-making and sufficient independence. The acquisition of those skills can begin with greater interaction with boards. Just over 38 percent of GC reported that they are members of the main board in their organizations, with 43 percent reporting directly to or participating in the board and a sizeable minority, 19 percent, reporting indirectly through other channels. Better integration into board proceedings will provide access to a range of business concerns and allow GC to assess risk more effectively, from both the legal and commercial sides. Another strategy is for lawyers to work alongside business managers. In our survey, GC indicated that to address the risks they face, they need to develop close working relationships with other parts of the organization. The top two areas cited were Finance (61 percent of respondents) and Internal Audit (59 percent of respondents). Sales and Marketing was a close third (55 percent of respondents). Embedding teams of lawyers in business units is becoming more common for in-house lawyers as an increasingly important way of developing influence, knowledge and personal relationships and improving legal risk management. A critical tool is language. Our survey found that where GC have successfully expanded their role, they have learned to present legal and regulatory knowledge in the powerful, practical, commercial terms that their boards and other groups in the organization recognize and appreciate. It is important when working with other business leaders to figure out their concerns and goals before trans-
lating any plan into legal terminology. A company president commented that the strategic purpose of the legal department is to “anticipate and protect the company from potential risks because the world is changing and that creates more risk. GC should make us aware of what we should be doing and tell us in a straightforward manner, not in complex legal language.” KPMG’s Beyond the Law report captures the new dynamics and directions for GC, as they move from a traditionally narrow role of legal adviser towards a broader position as strategic adviser and a barometer for the business. Boards expect GC to be commercially aware and to combine this awareness with their legal knowledge and experience. They expect GC to navigate the balance between commercial and legal decisions and speak in a language that can be understood across the organization. The issues faced in regulatory change, business relationships, effective management of disputes, and risks to reputation are areas where GC can add value beyond their legal expertise. By making the right changes, GC have opportunities to turn risk assessment into competitive advantage. n
Richard H. Girgenti is a principal at KPMG LLP, the U.S. audit, tax and advisory firm. He leads Forensic Services in the United States and the Americas. rgirgenti@kpmg.com
Bryan H. Jones is a partner at KPMG LLP. He leads Dispute Advisory Services for KPMG in the United States and globally. bhjones@kpmg.com
47
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Governance
Shareholders Challenging Annual Proxy Disclosures By Robert M. Daines and Olga Koumrian
48
I
n the last three years, plaintiff attorneys have challenged nearly every large merger on behalf of shareholders. Moreover, in 2012, plaintiff attorneys active in shareholder merger and acquisition (M&A) litigation filed a wave of lawsuits challenging annual proxy votes where no merger was even being considered. Like the complaints alleging inadequate disclosures in merger votes, this newest spate of lawsuits asked the courts to enjoin annual shareholder votes because of allegedly insufficient disclosures about executive compensation and employee stock compensation plans. The number of these lawsuits increased as 2012 progressed, from two in the first quarter to 12 in the last quarter. This litigation did not challenge the actual compensation, but only requested more detailed disclosures. Some call these newer suits an unintended consequence of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which included provisions for increased accountability to shareholders, such as requiring firms to hold non-binding advisory votes on executive pay (say-on-pay votes). Initially, these cases focused on sayon-pay disclosures and increases in the
number of shares authorized for equity compensation plans, but the say-on-pay disclosure claims were largely unsuccessful. The courts expressed skepticism about the plaintiffs’ ability to demonstrate irreparable harm to shareholders resulting from advisory votes. Plaintiffs may have had more success with the argument that an increase in the number of shares available to stock compensation plans dilute share value for existing shareholders. As a result, recently announced investigations have focused on claims related to increasing the number of shares, both those available to equity compensation plans, and the firms’ total authorized shares (in votes to amend certificates of incorporation). PLAINTIFFS’ INITIAL SUCCESSES
In April 2012, the Superior Court of California, County of Santa Clara, granted a preliminary injunction in Knee v. Brocade Communications, which was followed by a quick settlement for additional disclosures and $625,000 in plaintiff attorney fees. The court approved this settlement in October 2012. Several quick settlements in other cases followed. In these, defendant companies provided additional disclosures
and agreed to pay plaintiff attorney fees, reportedly ranging from $125,000 to $450,000. These included: Martha Stewart Living Omnimedia, in May 2012; WebMD Health Corp., in August 2012; Microchip Technology Inc., in August 2012; H&R Block, in August 2012; NeoStem Inc., in October 2012; and Applied Minerals, in November 2012. These lawsuits challenging annual proxy votes are modeled on the suits targeting mergers of public companies. However, the M&A cases have very different economic risks and legal contexts than the newer lawsuits. In the economic framework of cost-benefit analysis, the value of disclosures related to a shareholder vote depend in part on the expected impact of the vote on shareholder value. A decision to accept or reject an M&A bid can affect shareholder value much more than the outcome of advisory votes on executive pay or voting on employee compensation policies that are targeted in some of the annual proxy lawsuits. In other annual proxy lawsuits, plaintiffs argue that additional share authorization for an employee compensation plan dilutes the value of existing shareholders’ interest in the company. The term “dilution” typically means that the ratio of
today’s Gener al counsel apr/ may 2013
Governance
a firm’s short-term profits per share is lowered if the firm issues new shares. Plaintiffs argue that shareholders can suffer irreparable harm unless the vote is enjoined until additional disclosures are made. However, in our view this argument often does not withstand closer scrutiny: Shareholders are concerned with the value of their shares and not simply whether there is an increase in the number of shares outstanding. Share value is not determined just by current earnings, but rather is based on the present value of all future cash flows. While stock-based compensation is a cost to an employer, it also generates offsetting benefits to the firm. Stock-based compensation plans align managers and employees’ incentives with those of shareholders. They provide incentives for managers or employees to exert effort to increase firm value. Broad-based stock compensation plans help select employees valuable to the company. The fact that executives and employees accept these compensation packages provides investors with valuable inside information that employees consider this a high-quality firm. Stock-based compensation also makes it easy to adjust pay to market rates. When the industry performs well, employees’ outside options improve, but so does their compensation. Finally, companies also adopt stockbased compensation plans due to their favorable tax or accounting treatments, or to lower compensation costs. The key question is whether the compensation cost of additional shares is offset by an increase in employee productivity or cost savings. The net value of a stock incentive plan is an issue of optimal compensation design that involves complicated cost-benefit analysis and access to detailed (and often confidential) information about employee compensation that shareholders do not possess. It would be impractical to provide shareholders with all the knowledge and data necessary in such an analysis. Any additional information can be valuable to shareholders, but the benefits can be offset by the costs incurred to supply the data. We have found disclosures challenged in several of the annual proxy lawsuits to be very similar to those provided by
defendants’ peer companies. To enforce plaintiffs’ claims that shareholders should not vote without the additional requested disclosures, one would need to enjoin the votes of numerous firms that follow the same disclosure standard. This would likely impose additional costs on many firms and introduce uncertainty about which disclosures were actually required if customary disclosures were to be held inadequate. Moreover, a too-expansive requirement that companies provide additional compensation data may actually thwart the policy aims of the Dodd-Frank Act and reduce, rather than expand, the opportunity for shareholders to vote on executive compensation. If Dodd-Frank were interpreted to encourage costly disclosure lawsuits and challenges, without otherwise changing outcomes, firms would rationally seek to avoid these costs by limiting such votes to the statutory required once in three years, instead of the annual vote that many firms practice today. Nor would we expect additional disclosures about broad-based employee compensation to be valuable in addressing management conflicts of interest. Employee stock compensation plans do not usually create conflicts of interest between management and shareholders. Managers are in a good position to weigh the costs and benefits of additional disclosure about employee compensation and to make a choice that maximizes shareholder value. When management interest is aligned with shareholder interest, there is less need to require disclosure or to think that the requested disclosures are necessary or valuable. Consistent with this view of costs and benefits of an injunction in these lawsuits, the courts have denied most motions for preliminary injunction after Brocade. These denials have included Ultratech, Inc., AAR Corp., Symantec Corp., Clorox Co., Globecomm Systems, and Hain Celestial Group, Inc. We know of only one injunction request (other than Brocade) that was granted, and that only in part, in a lawsuit challenging the proxy of Abaxis Inc. Plaintiffs also voluntarily dismissed several lawsuits, including challenges to proxies filed by Accuray Inc., Amdocs Inc., Angiodynamics, Lifevantage, and Microsoft.
It is still too early to tell how much plaintiff law firms will expand this litigation during the 2013 proxy season. On one hand, we have observed an increase in the number of announced investigations of potential breaches of fiduciary duties related to annual shareholder votes and the number of plaintiff law firms that pursue these cases. While all the 2012 litigation was filed by a single plaintiff law firm, two more firms have recently announced similar investigations. These three firms announced investigations of 16 public companies in December 2012 and of an additional 17 companies in January 2013, an increase over the average number in the prior three previous months. On the other hand, actual lawsuit filings of this type have declined from the October 2012 high. ■
Robert M. Daines is the Pritzker Professor of Law and Business and CoDirector of the Rock Center on Corporate Governance at Stanford. His research focuses on the intersection between law and finance, including CEO pay, corporate governance, mergers and acquisitions, mandatory disclosure regulations, IPOs, shareholder voting and takeover defenses. Before entering academia, he was an investment banker at Goldman Sachs. Daines@stanford.edu
Olga Koumrian is a principal at Cornerstone Research. She has more than ten years of experience providing economic analysis in commercial litigation matters. She has worked on corporate transaction cases involving mergers, acquisitions, leveraged buyouts, venture capital investments, assets sales, spinoffs, and dividend payments. okoumrian@cornerstone.com
49
APR/ MAY 2013 TODAY’S GENER AL COUNSEL
Canada/Cross–Border
50
Dawn Raid, Antitrust Charges, Decade of Litigation By David Gustman
S
hortly before the close of business on an otherwise average day, the Royal Canadian Mounted Police arrive at your client’s Canadian offices. Based on claims made by a disgruntled competitor, the Mounties have a warrant to seize broad swaths of your client’s files. At the same time, FBI agents in the United States are arriving unannounced at the homes of your top sales and marketing personnel, asking for the opportunity to “ask just a few questions.”
today’s gener al Counsel apr/ may 2013
Canada/Cross–Border The so-called “dawn raid” – jointly coordinated by the Antitrust Division of the U.S. Department of Justice and the Canadian Competition Bureau - has begun. This is not a hypothetical. The Canadian and U.S. agencies in charge of enforcement of antitrust laws in both countries in fact did launch a raid against several large mining and chemical companies, seizing documents in Canada and interviewing potential witnesses in the United States. The DOJ conducted its criminal investigation
Although the treaties vary in their specifics, they generally provide for assistance such as in the conduct of searches, taking of witness testimony and service of documents. The United States also has less formal agreements with other countries. This cooperation has been described by the DOJ’s Deputy Assistant to Attorney General for Criminal Antitrust Enforcement as a “pick-up-the phone” attitude toward cooperation with his foreign counterparts. Although in some instances it is
tial damages in a follow-on civil case. But even the best compliance programs may not protect your company from a dawn raid. As with any other crisis, the best strategy is a planned response. In addition to its compliance program, any company with cross-border dealings should work with experienced counsel to develop a dawn raid contingency plan. It should be clear who will direct the planning process for the company. Among other things, this plan should include a primer for
Any company with cross-border dealings should work with experienced counsel to develop a dawn raid contingency plan. for more than five years before closing it without bringing any charges. Of course, this did not protect the companies from the pain and expense of defending against a follow-on multidistrict antitrust class action in the United States. After nearly 10 years of litigation, the Seventh Circuit Court of Appeals recently affirmed a judgment for the defendants in the consolidated nationwide class action, In Re Sulfuric Acid Antitrust Litigation. You too could be faced with this scenario. In recent years there has been an increased focus on international enforcement of antitrust and competition laws, and greater coordination among international agencies. A mutual legal assistance treaty between Canada and the United States (known as MLAT) allows coordination and sharing of information obtained in investigations with international implications. This phenomenon is not confined to the United States and Canada. Many other countries are now coordinating their investigations. As of January, 2012, the United States had MLATs with about 70 other countries for the provision of mutual assistance in criminal enforcement matters.
restricted by confidentiality rules, cooperation includes the sharing of leads and background information about the relevant industry and actors, notification of the initial investigative actions, and coordination of inspections and interviews. If you find yourself on the receiving end of a dawn raid, how do you handle the immediate aftermath and what is sure to be years to follow of criminal investigation and possible civil class action litigation? Several lessons can be learned from the Acid Antitrust Litigation saga. First, successful results begin with implementing and maintaining a rigorous antitrust and competition law compliance program. These programs can help avoid antitrust violations in the first instance. And if a rogue employee does nevertheless commit an antitrust violation, a robust compliance program can promote early detection of that violation. This may allow the company to take advantage of leniency programs now in place in over 50 countries, many of which allow companies and their officers to avoid criminal prosecution. In the United States, participation in the DOJ’s leniency program dramatically reduces the poten-
key employees on how to handle the unexpected appearance of government agents at their front door, or at their office seeking to seal off records and conduct interviews, as well as how to respond to telephone calls from government investigators. The anxiety and, in many cases, panic that naturally accompanies encounters like these is not conducive to thoughtful responses, and the result can be confusion and the communication of misinformation. Your key executives should not have to grapple with these issues for the first time when staring through the peephole at an FBI agent. Counseling should include education on the potential dangers of these encounters, including the natural inclination to prove on the spot that they have done nothing wrong. It is also critical when faced with a cross-border antitrust investigation to have experienced antitrust litigation counsel lined up in each jurisdiction. Counsel should have in place a plan to obtain copies of any seized documents or data and to deal with the inevitable privilege issues. They must coordinate their efforts as carefully as the investigative agencies are coordinating theirs. With respect to obtaining counsel,
51
apr/ may 2013 today’s gener al Counsel
Canada/Cross–Border
52
keep in mind that the interests of the company and employees involved in the investigated conduct may diverge. Separate counsel to advise on any potential individual criminal liability may be necessary. In the aftermath of the dawn raid, after your inside and outside counsel have completed their own investigation, the company must decide whether and how to approach the government authorities to discuss the company’s position. If the challenged conduct is defensible, the company should consider presenting the company position to the investigating agencies. Even if the company avoids criminal prosecution, the risk of civil litigation remains. The criminal investigation into the sulfuric acid industry did not become public for several years, which allowed the companies to deal with the government authorities without interference of civil litigation. But once the investigation became public, civil class actions were filed in the United States almost immediately. Ultimately, the cases were consolidated
– the sale of low-cost acid produced in Canada to U.S. producers who decided to buy the Canadian acid rather than continue to produce their own acid – was per se illegal, or should be evaluated
The interests of the company and employees involved in the investigated conduct may diverge. Separate counsel to advise on potential individual criminal liability may be necessary.
for its competitive effects under the Rule of Reason. The plaintiffs had prepared the case from the outset as though the conduct was per se illegal, but the defendants argued the conduct had plausible pro-competitive justifications that should be presented to a jury.
Your key executives should not have to grapple with these issues for the first time when staring through the peephole at an FBI agent.
into a multi-district nationwide class action, now pending in federal district court. Civil class action litigation in antitrust cases is often protracted, time consuming and expensive. Expert economic testimony is often necessary to address the question of antitrust impact or “fact of damage.” Most cases involve challenges to the expert testimony under Daubert and its progeny. In many circuits, including the Seventh Circuit, Daubert issues must be resolved before the court can render a decision on class certification. In the Sulfuric Acid case, after costly and extensive discovery, the principal issue was whether the challenged conduct
against them so they could appeal. The Seventh Circuit, however, affirmed, agreeing with the district court that the conduct should have been evaluated under the Rule of Reason.
The determination of which test applies is critical in an antitrust case. If conduct is per se illegal, the defendants are generally limited to denying that the conduct occurred and defending against damage claims. If the conduct is not per se illegal, the question is whether the anti-competitive effects of the conduct outweigh its pro-competitive benefits. Prior to trial, the Sulfuric Acid defendants requested that the court determine which standard applied. Rejecting the plaintiffs’ argument, the trial court selected the Rule of Reason. The plaintiffs, unprepared for a trial under the Rule of Reason, allowed judgment to be entered
Notably, the conduct at issue in the civil litigation, which the Seventh Circuit concluded had plausible procompetitive justifications, was the same conduct that the DOJ had targeted before closing its investigation without bringing charges. Beginning with the dawn raid, this plausibly pro-competitive conduct had been the subject of criminal and civil proceedings that lasted more than a decade. International antitrust investigations and follow-on civil actions like this one present daunting challenges to those managing them. But in the current enforcement environment, it is a great advantage if your company has a contingency plan in place to deal with the initial dawn raid and an experienced cross-border defense team available on short notice. ■
David Gustman, a senior partner at Freeborn & Peters, LLP, heads the firm’s Litigation Practice Group. He is an experienced trial lawyer who has handled class actions, antitrust, finance, insurance, real estate and securities cases in the United States. dgustman@freeborn.com
today’s geneR al counsel apr/ may 2013
Human Resources
BYOD Policy Issues continued from page 45 A well written BYOD policy is key. Although it is debatable whether all employees should be provided such a policy at the commencement of their employment, best practice is to make sure everyone receives one and is fully aware of the policy. Entry level employees may not be given access to the company server through their personal devices when they are first hired, but a future promotion may allow them access, so the policy will be necessary. A well written BYOD policy accomplishes four main goals: (1) It informs employees of their responsibility to keep their device secure at all times. (2) It notes that a company’s Equal Employment Opportunity Policy, it’s Policy against Harassment and all other workplace policies extend to the employee’s use of their devices for business purposes. (3) It notes that the employee does not have an expectation of privacy for any company information created, transmitted, downloaded, received, reviewed or stored in a company’s network. (4) It explains company procedure in the event the device is stolen, lost or if the employee is terminated. It is recommended that a company have its BYOD policy reviewed annually to ensure it is compliant with all applicable laws at the same time it provides the greatest possible protection for the company. No “reasonable expectation of privacy” has been common in the employment context for information stored and/or transmitted through employer devices, such as company computers and company-issued cell phones and laptops. However, now that BYOD programs are being implemented, this once unwavering claim by employers has been weakened. An employee does have a reasonable expectation of privacy on his or her own device. Therefore, if a company chooses to implement a BYOD policy, it must take affirmative steps to ensure that its trade secrets and confidential proprietary information are not disclosed to a third party. First, the BYOD policy should require that all devices used by an employee for business purposes be password protected. This will provide some protection should the device be stolen or lost.
Companies should also consider implementing a remote data removal, or “remote-wipe,” option. This feature enables the employer to remotely delete its stored information on the device in the event it has been lost, stolen, damaged, or upon the employee’s termination. However, this also deletes all the employee’s personal contacts, pictures and all other information saved on the device and could result in liability. Thus it is imperative that, upon hiring, an employer obtain consent for this procedure in writing and that it become part of the employee’s personnel file. The consent form should be reviewed by counsel to ensure compliance with all applicable laws. Companies also must be cognizant of pay issues related to employees who have access to company information at home through their devices. Only individuals who are exempt from overtime under state and federal law should have such access. Otherwise a company will face substantial wage-hour risks. The termination of an employee often creates an increased risk for disclosure of confidential information, but especially if the confidential information is stored on the employee’s own device. Therefore a company should implement specific policies that address termination of an employee who has access to the company’s server. Immediately before the company informs the employee of termination, the company should disable all accounts and access privileges. Where appropriate, the company should change all passwords, including remote access passwords. Prior to the termination, the company should decide if it will use the remote deletion capability for this particular employee. Before doing so, it should review the employee’s personnel file to ensure he or she has provided written consent for the remote data removal. If consent is confirmed, the company should contact its IT department to schedule a time for this deletion to occur. The deletion should occur after the employee is notified of his/her termination, but time at this point is of the essence. An
employee who has just been terminated may attempt to transfer company files from the personal device to an external hard drive or email. Whether the employee’s termination is communicated during a meeting or via correspondence, the employee should be reminded of his/her obligations to refrain from disclosing any confidential information obtained during employment with the company. It is also important to inform the employee that the company takes these matters very seriously and will vigorously prosecute a claim should the employee decide to divulge such information. Lastly, an employee should be required to return all confidential/proprietary information that he/she may have on a personal computer, handheld device or in hard copy. A document should be executed by the employee, affirming that all confidential/proprietary information has been returned. ■
Todd Scherwin is a regional managing partner in the Los Angeles office of Fisher & Phillips LLP. He represents employers in various aspects of labor and employment law, including employment discrimination, harassment, state and federal wage-hour matters, including class actions, employment handbook preparation and trade-secret protection. tscherwin@laborlawyers.com
Raul Zermeno is an associate in the Los Angeles office of Fisher & Phillips LLP. He represents management in all aspects of employment law, including discrimination, harassment, wrongful termination and wage and hour claims. rzermeno@laborlawyers.com
53
By William DiSantis
enforcing jury waiver clauses By William DeSantis
A
54
ny attorney who has tried a case to a jury will testify to the high level of stress experienced while the jury deliberates before reaching a verdict. This anxiety can be even greater if the client is a substantial company that jurors may view as a “deep pocket.” If a business has the potential to be targeted with many small claims, it may seek to minimize liability by entering into pre-dispute contracts that require arbitration and waive the right to participate in class actions. The enforcement of such agreements was made more likely with the 2011 landmark decision of the Supreme Court in AT&T Mobility v. Concepcion. Nonetheless, there may be certain industries where a business is better served by a pre-dispute jury waiver rather than an arbitration provision. A business may include a contractual waiver of the right to a jury trial – which results in a bench trial – for some of the same reasons that businesses prefer arbitration: namely to lessen the possibility of an excessive jury verdict and because it is less expensive than a jury trial. However, a business may actually prefer a bench trial over an arbitration in order to retain the right to appeal and to increase the possibility of the dismissal of a claim without merit, by motion to dismiss or summary judgment. Also, some businesses believe that the ease of instituting an arbitration may actually increase the number of claims against the company. Although the Seventh Amendment guarantees the right to a trial by jury, there is no doubt that this right, like other constitutional rights, may be waived by agreement. As a general rule, pre-dispute contractual jury waivers are enforced if there was a knowing and voluntary waiver. Because the right to a jury trial is fundamental, many courts have held that there is a presumption against waiver and that jury waiver provisions should be construed narrowly. On the other hand, most courts recognize that parties have freedom to contract as they please and
THE MAGA ZINE FOR THE GENER AL COUNSEL, CEO & CFO apr/ may 2013
that jury waivers are not contrary to public policy. Courts will look at the following factors to determine whether a jury waiver is enforceable: the opportunity to negotiate; the conspicuousness of the waiver provision; the relative bargaining power of the parties; the sophistication of the party opposing waiver; and whether the contract was reviewed by counsel. The result is that jury waiver provisions are considered case-by-case. Pre-dispute jury waiver clauses have been enforced in numerous contracts, including financing or loan agreements, commercial leases, employment agreements, franchise agreements and equipment leases. In industries where there is significant exposure to personal injury claims, and where there is an opportunity to avoid a jury trial with a pre-dispute agreement, there may be an increased opportunity to avoid jury trials after the February 2012 Supreme Court decision in Marmet Health Care Center, Inc. v. Brown. Unlike Concepcion and other Supreme Court cases, Marmet involved personal injury and wrongful death claims based on allegations of nursing home negligence. Relying on boiler plate language in the admissions agreements, the nursing home sought to compel arbitration. The Supreme Court of Appeals of West Virginia, relying on a state statute, had held that public policy under West Virginia law precluded the enforcement of any pre-dispute agreement which required that personal injury or wrongful death claims be arbitrated. The West Virginia court criticized the Supreme Court’s rulings on arbitration as “tendentious” and “created from whole cloth.” The state court further observed that “Congress did not intend for the Federal Arbitration Act (“FAA”) to be, in any way, applicable to personal injury or wrongful death suits.” The Supreme Court summarily reversed the state court in a brief and unanimous per curiam opinion. The Court stated that the state court’s interpretation of the FAA was incorrect and obviously inconsistent with the plain language of the FAA which “includes no exception for personalinjury or wrongful-death claims.”Even before Marmet, other courts had enforced pre-dispute arbitration clauses in personal injury cases. A plaintiff’s personal injury attorney might argue that Marmet and the other recent Supreme Court decisions do not support the enforceability of a pre-dispute jury waiver clause because these holdings were based on the FAA and public policy favoring arbitration. There is, of course, no statute or public policy favoring bench trials. However, a proponent of jury waivers could argue that the recent Supreme
Court decisions which enforced arbitration agreements, and which necessarily resulted in the loss of the right to a jury trial and the right to judicial review, also support jury waiver provisions. In IFC Credit Corp. v. United Business and Industrial Federal Credit Union, Judge Frank H. Easterbrook, Chief Judge of the Seventh Circuit, observed that an agreement to a bench trial “cannot logically be treated less favorably than agreement to confess judgment, or arbitrate, or litigate in a forum that will not use a jury.”
as a general rule, pre-dispute contractual jury waivers are enforced if there was a knowing and voluntary waiver. 55 Based on this reasoning, businesses that want to avoid jury trials for personal injury claims may be able to successfully argue that pre-disputes agreements to waive a trial by jury are in fact enforceable. There is a final reason why businesses should consider the inclusion of a jury waiver clause – namely that opponents of arbitration are working to limit the use of pre-dispute arbitration agreements. They have tried, although without much success, to devise legal arguments to narrow the holding of Concepcion. They have also urged Congress to enact the Arbitration Fairness Act, which bans pre-dispute arbitration agreements in employment, consumer, or civil rights disputes. The enactment of such legislation is unlikely, but there is a greater possibility of a regulatory response from the Consumer Financial Protection Bureau, which is authorized by the Dodd-Frank Act to prohibit or limit the use of pre-dispute arbitration agreements in consumer financial products or service contracts. In fact, the CFPB is presently undertaking a required study of consumer arbitration provisions before acting on this issue. Given the possibility of legislative or regulatory restrictions on arbitration clauses, a prudent business should include a jury waiver clause in all contracts, in the event the arbitration clause is not enforced. n
William J. DeSantis is of counsel in the Litigation Department at Ballard Spahr. He focuses on complex civil litigation with an emphasis on commercial, contract, personal injury and redevelopment litigation. He is certified by the Supreme Court of New Jersey as a Civil Trial Attorney. desantis@ ballardspahr.com
s ’ C G The
d n e i r F st e B nsky By Jonah Para
56
THE MAGA ZINE FOR THE GENER AL COUNSEL, CEO & CFO apr/ may 2013
A
ll general counsel looking after the interests of their companies are encouraged to form a close working relationship with their newest best friend and partner, the chief information officer. Data security issues – from cyber threats to process mistakes and unplanned business continuity episodes – are the catalyst for this recommendation. Expert help is needed when tackling these issues. They are too big, too complex and too risky to be faced alone. Research conducted jointly by FTI Consulting and Corporate Board Member validates the point. In their 12th annual Law and the Boardroom Study issued last year, data security was identified as the number one concern for by the survey participants: 1,957 general counsel and 11,340 corporate directors. While data security has been a hot topic on everyone’s list for years, of late the level of concern has grown significantly. The rank of data security has doubled in the past four years, and now, in the latest survey, it’s number one on the list. This is no surprise. There are ample opportunities for security compromises given today’s electronic communications and web-based interactions, with network connections that extend, with nationwide or global reach, far beyond corporate environments. Unfortunately, these threats go beyond casual hackers whose main interest is pitting their skills against your safeguards. Today much industry discussion concerns so-called Advanced Persistent Threats , or APTs. These are a new breed of targeted attacks coming from sophisticated, well-funded and highly-organized groups focused on obtaining information of strategic or economic importance. When the Department of Defense commits $500 million to cyber security R&D, you can take that as a measure of how serious the issue has become. By virtue of its legal work product and the kinds of information it routinely handles, the corporate legal department earns a front row seat at data security discussions, and the center chair is reserved for the GC, who is taking on increasing responsibilities for managing organizational risk. The legal group has an endless variety of documents related to specific matters pertaining to litigation, contract negotiations, legal holds, government investigations and comparable areas. Add to that mix items associated with corporate legal spending and the use of outside counsel, research, and other legal expenses. The fact that some of this information has regulatory implications tied to HIPAA, PCI and the like, further complicates the situation and the GC’s task. Faced with a monumental amount of sensitive material, a high potential for risk and a signifi-
cant degree of technical complexity, you need experienced partners on your side. Your CIO is the logical place to start building a team. Chances are good that your company and IT department already have an aggressive data security plan in place, one that includes a written security policy, detailed data protection measures and a documented business continuity plan with data recovery procedures. Today, these are fairly standard company best practices. But if you’re not aware of the current plans to protect sensitive corporate data from being compromised, by all means ask. Talk with your newest best friend and partner, and get up to speed on the best ways to safeguard the critical and confidential information entrusted to your care. When materials are confined to your own corporate legal department, you can probably do an admirable job protecting items from attack, compromise or loss. However, as a normal part of your workflow process, sensitive data eventually will leave your hands heading for the IT department, third-parties involved in specific matters, outside legal counsel and other external vendors. In that chain, where are the weak links that compromise the situation and introduce risk? How is your corporate legal information going to be inventoried, stored, monitored, protected and secured once it leaves your direct control and an environment that is set up for proper data handling? Answering these questions has little to do with the law and a lot to do with information technology. Working together in partnership, the GC and CIO can outline all the security issues to explore, pose the right kinds of questions with various groups and vendors, and gain the reassurance and peace of mind that comes with knowing data and associated risks are being well managed. As a starting point for identifying the weakest links, here is a list of five important issues to explore with the IT staff and external suppliers: 1. Make certain there’s a formal process in place for protecting critical information. Organizations that handle and store critical confidential information should maintain a formal process for managing and protecting those items. Usually, third-party certifications are a good sign of organizational maturity in that regard. Look for some of the standard credentials that identify the better controlled environments. For example, with third-party vendors you should see references to SSAE 16 attestations. This is a statement of standards developed by the continued on page 64
57
DEFENDIN G C H INESE COMPANI ES LISTED ON U.S. EX C H By Neal Mar A N G der, Micol So E S rdina and An drew Jick 58
A
Chinese company listed on a U.S. stock exchange and faced with an SEC investigation or litigation in U.S. courts finds itself in a legal quandary. Specifically, compliance with document subpoenas and discovery requests seeking information located in mainland China may violate People’s Republic of China laws on state secrecy protection, government archive management and national security (collectively referred to as “the Secrecy Laws”). Under these laws, unless approved by the Chinese government, sensitive information may not be provided to a foreign recipient, particularly where such information involves PRC “state secrets,” national security or substantial state interests. PRC laws governing protection of commercial secrets may also be violated when such information is provided to a foreign recipient. Sanctions for violation of these laws can include hefty fines, lengthy prison sentences, and even deportation. In recent years, there has been an increasing number of regulatory investigations and securities fraud class actions instituted against Chinese companies listed on U.S. stock exchanges. According to one study, more than one-fourth of all securities fraud class actions filed in the first half of 2011 involved Chinese companies.
Many of these companies entered the U.S. securities market through “reverse mergers,” a process whereby a Chinese company is acquired by a shell company already listed on a U.S. stock exchange, in exchange for control of the U.S. public company. Although perfectly legal, reverse mergers allowed these companies to bypass some of the regulatory scrutiny companies normally face when undergoing an initial public offering. Such companies are generally set up as holding companies incorporated in the United States, with principal places of business in China. This set-up requires such companies to comply with both U.S. and Chinese laws – laws that may conflict with each another in many respects. Secrecy issues that may arise during the course of SEC investigations and U.S. lawsuits, therefore, will become increasingly important for Chinese companies listed on U.S. markets. Under PRC law, state secrets are broadly defined to include any matters relating to national security and interests, including national economic and social development. Authority is given to the PRC government in the first instance to determine whether a document contains state secrets. Under the law, the PRC government has considerable discretion in enforcement. Some government documents are clearly demarcated as containing state secrets. That a government document is not identified as containing state
59
Neal R. Marder is a partner in Winston & Strawn’s Los Angeles office and chair of the firm’s consumer class actions practice. He handles complex business and commercial litigation, white collar, securities, internal investigations, and antitrust, with an emphasis on the defense of class actions. He has experience defending PRC Companies in all aspects of U.S. litigation. nmarder@winston. com
apr/ may 2013 today’s gener al counsel
60
Micol O. Sordina is a senior litigation associate in Winston & Strawn’s Los Angeles office, concentrating her practice in complex commercial litigation, financial services litigation, securities and derivative litigation, and internal investigations. She regularly represents PRC Companies and their auditors in connection with securities fraud and shareholder derivative class actions. msordina@winston. com
secrets, however, is not dispositive. Under the PRC Supreme People’s Court’s interpretation of the Secrecy Laws, information not designated as a state secret is nevertheless subject to secrecy protection if the persons concerned know or should know that such information is relevant to state security and interests. Other broad categories of documents can qualify as state secrets. Cases involving major state-owned enterprises, or SOEs, operating in “sensitive industries” (such as oil and gas, steel, or banking); cases attracting a great deal of public attention (because, for example, they involve famous individuals, companies, or government officials); and cases where a Chinese company actively resists providing sensitive information to foreign regulators or courts, are likely to involve documents and information potentially subject to the Secrecy Laws. In particular, the PRC restricts the ability of Chinese companies listed on overseas stock exchanges to disclose financial information to foreign regulators or securities service providers. Under the “Provisions Regarding Strengthening Confidentiality Protection,” passed in 2009, audit work papers for Chinese companies listed in foreign jurisdictions must be kept in mainland China, and, when responding to inquiries from foreign investigators, Chinese companies must obtain prior consent from the government before providing information involving potential state secrets. If there is any doubt whether a document involves state secrets, a prior determination must be obtained before that information can be divulged to foreign investigators. In practice, the PRC government has proven to be conservative and generally reluctant to allow Chinese companies to provide information to foreign securities regulators. Recently it was reported that China has agreed to allow U.S. authorities to observe official auditor inspections in China. It remains to be seen, however, how this agreement will be implemented and what guidance the PRC government will give to Chinese companies requested to provide information to U.S. securities regulators. These restrictions apply with equal force to Chinese companies confronted with a securities fraud class action in U.S. courts. When served with a discovery request by plaintiffs, Chinese companies may find themselves in a difficult position. If they refuse to produce relevant documents (and, in particular, if they violate a court order), they risk imposition of severe sanctions, including terminating sanctions. On the other hand, if Chinese companies cannot obtain
permission to produce documents, they risk violating the Secrecy Laws, and thereby incurring potentially severe civil and criminal penalties. In addition to China’s secrecy laws preventing Chinese companies from sending documents to foreign litigants and regulators, PRC law prohibits the collection of evidence by foreign lawyers within the country. It would be illegal, for example, for an American lawyer to take documents out of the PRC for use in U.S. litigation. In addition, not only would it be impossible to compel the deposition of a Chinese witness in China, it would be illegal for a U.S. lawyer to depose even a willing Chinese citizen within the country’s borders. The PRC government is known to enforce these laws. We are aware of instances in the past where American lawyers have been detained in China for attempting to collect evidence in contravention of these rules. Lawyers defending Chinese companies in U.S. litigation or an SEC investigation may attempt to seek recourse through the Hague Convention on the Taking of Evidence Abroad in Civil or Commercial Matters, to which the United States and the PRC are signatories. Under the Hague Convention, U.S. litigants seeking to obtain documents from a PRC citizen or company must file formal document requests through the country’s central authority. It is then the country’s responsibility to serve those requests on its citizens. In practice, however, filing formal document requests through the Hague Convention is a slow and cumbersome process, and the PRC government historically has been uncooperative with such requests. In addition, even if such a request were granted, the process of evidence collection implemented by the PRC government can be costly and time-consuming. Thus, most U.S. courts deciding this issue have held that the Hague Convention does not provide an adequate alternative means for plaintiffs in U.S. litigation to obtain documents from Chinese companies. Moreover, U.S. courts have generally recognized that the United States interest in adjudicating disputes involving companies that have listed their shares in the United States, and whose actions have harmed U.S. investors and capital markets, outweighs the PRC’s interest in secrecy. For these reasons, these courts have rejected Chinese companies’ objections to producing documents under the federal rules, and their requests to force plaintiffs to request documents under the Hague Convention, on the basis of Chinese secrecy laws.
THE MAGA ZINE FOR THE GENER AL COUNSEL, CEO & CFO apr/ may 2013
It would be Illegal, for example, for an amerIcan lawyer to take documents out of the prc for use In u.s. lItIgatIon. In addItIon, not only would It be ImpossIble to compel the deposItIon of a chInese wItness In chIna, It would be Illegal for a u.s. lawyer to depose even a wIllIng chInese cItIzen wIthIn the country’s borders.
There are no easy solutions to these problems. However, when advising Chinese companies faced with an SEC investigation or U.S. class action, there are certain practices that may help lawyers and advisers to navigate the complex issues involved in collecting and producing documents from the PRC. • Talk to the Company. First, determine whether some or even all of their documents clearly are not subject to the Secrecy Laws. For this purpose, sending the company a detailed questionnaire can be an effective way to focus its attention on the issue and gather pertinent information. Through discussions with the company (or a questionnaire, if you opt to use one), you should seek to determine the following information: • Whether and to what extent the company owns, directly or indirectly, any equity interests in or maintains business relationships with the PRC government (including as customer, supplier, or partner in a joint venture). • Whether the company operates in a “sensitive” or highly-regulated industry, or competes with the PRC government or SOEs in its industry. • Whether any of the documents sought have been identified as secret or involve sensitive categories, including national defense, foreign affairs, economic and social development, or science and technology. • Whether and to what extent any of the documents relate to the PRC government or have been filed with the PRC government. • Whether any of the documents involve business secrets or matters subject to confidentiality agreements.
This list is not exhaustive, and depending on the answers you receive you may need to inquire further. If the answer to all of these questions is “No,” there should not be a great concern about producing these documents in U.S. litigation or to the SEC. If even one answer is “Yes,” however, attorneys advising the company should delve further into the issue. • Try Hong Kong. To the extent possible, attempt to obtain documents and depose witnesses in Hong Kong rather than mainland China. With the proper immigration clearance, U.S. lawyers can take the deposition of willing witnesses in Hong Kong, including depositions of Chinese citizens willing to make the trip. Hong Kong has a legal system independent of mainland China’s, and it does not have the same stringent secrecy laws. However, for PRC nationals, a violation of the PRC’s Secrecy Laws, even outside the country, may still result in criminal prosecution by the PRC government. • Approach the PRC Government. If all else fails, attorneys advising Chinese companies in U.S. litigation can try asking the PRC government to make a determination that the requested documents do not implicate secrecy issues and to authorize the company to send those documents to the United States for use in an investigation or litigation. As noted, however, the PRC government is conservative in granting such requests. As U.S. litigation and investigations targeting Chinese companies increases, companies operating in China should familiarize themselves with these risks, and they should consider partnering with counsel experienced in both U.S. and Chinese litigation procedures to help guide them through the potential minefield created by Chinese secrecy laws. n
61
Andrew S. Jick is a litigation associate in Winston & Strawn’s Los Angeles office, concentrating his practice on complex business and commercial litigation, including securities litigation and class action defense. ajick@winston.com
You May Be Personally Liable Under the FDCPA By Robert J. Emanuel
?
?
62
? ? ?
THE MAGA ZINE FOR THE GENER AL COUNSEL, CEO & CFO apr/ may 2013
T
he Fair Debt Collection Practices Act ( FDCPA) was enacted in 1977 to deter abusive practices by third-party debt collectors. Violations can result in civil liability or enforcement action by the Federal Trade Commission (FTC), and damages can amount to hundreds of thousands of dollars. While the FDCPA was created with good intentions, lack of clarity about who fits within the definition of a “debt collector” – and therefore could be held personally liable – remains an important issue.
In order to prevail on an FDCPA claim, a plaintiff must establish that the defendant is a debt collector and has engaged in a practice that the law prohibits. The FDCPA defines a debt collector as any person who uses “interstate commerce or the mails in any business, the principal purpose of which is the collection of any debts” that are owed to another. However, it excludes a number of individuals and entities as debt collectors. For example, it excludes creditors (i.e., individuals that extend credit or to whom a debt is owed), as well as officers or employees of a creditor seeking to collect debts on behalf of the creditor. This is not surprising, as a creditor’s officers and employees should already be protected from liability by the entity’s corporate form. The FDCPA is silent in reference to owners, officers, and employees of a debt collector, and the courts have differed on whether these individuals are considered personally liable. The Seventh Circuit has a narrow definition of a debt collector, and has rejected attempts to hold owners, officers and employees personally liable. In Pettit v. Retrieval Masters Creditors Bureau, Inc., Pettit sued the debt collector and its president (who was also its largest shareholder). The court affirmed dismissal and emphasized that individual owners and employees are not subject to personal liability under the FDCPA. In reaching its conclusion, the court stated that “[b]ecause such individuals do not become ‘debt collectors’ simply by working for or owning stock in debt collection companies, we held that the Act does not contemplate personal liability for shareholders or employees of debt collection companies who act on behalf of those companies, except perhaps in limited instances where the corporate veil is pierced.” However, most courts have reached contrary conclusions. The Sixth Circuit and district courts in the First, Second, Third, Ninth, and
Tenth Circuits have all held that owners, officers and employees of a debt collector can be personally liable for the FDCPA violations of their companies. For example, in Schwarm v. Craighead, a California District Court held that the chief executive officer of a debt collector was personally liable for FDCPA violations, “regardless of whether the plaintiff can pierce the corporate veil.” The court found “personal, not derivative liability” as a result of the CEO’s over[seeing] the collection of debts, holding “final authority” over the form of collection letters, and “develop[ing] the automated software that the debt collector used to maintain its accounts.” Simply by supervising his employees, the CEO was found to be personally liable for the debt collector’s FDCPA violations. In Schwarm, the court relied on commentary from FTC staff, who interpreted the FDCPA as applying to, “[e]mployees of a debt collection business, including a corporation, partnership, or other entity whose business is the collection of debts owed to another.” However, the law itself does not state that it applies to owners, officers, or employees of a debt collector. Also, nowhere in the FDCPA does it suggest that Congress intended it to supplant state corporate law, which generally shelters owners, officers, and employees from personal liability from similar legal claims. The FDCPA is often described as a misdirected and poorly drafted statute. It contains numerous ambiguities and has resulted in unforeseen consequences. Litigation in this area will continue, as debt collection activity is unlikely to slow given the current economic climate. When and why an owner, officer, or employee of a debt collector will be subject to personal liability under the FDCPA, even in the absence of facts to support piercing the corporate veil, needs to be clarified. n
63
Robert J. Emanuel is a principal in the Litigation and Dispute Resolution; Creditors’ Rights, Insolvency and Bankruptcy groups; and in the Consumer Financial Services Litigation practice at Chicago-based Much Shelist. He concentrates his practice on the defense of banks, mortgage lenders and servicers, and related industry clients in consumer financial services litigation. remanuel@ muchshelist.com
apr/ may 2013 today’s gener al counsel
The GC’s Best Friend
continued from page 57
64
Jonah Paransky is vice president and managing director of LexisNexis CounselLink, which addresses matter management, e-billing and legal hold issues for corporate legal departments. jonah.paransky@ lexisnexis.com
American Institute of Certified Public Accountants (AICPA) to audit and examine the internal controls of service organizations. SSAE 16 encompasses a number of data security best practices, maintaining formal control environments and regular internal and external audits of their effectiveness. If your internal IT organization is not certified, it should have its own formal documentation of policies and procedures for the management of critical and confidential information. Another hallmark of a mature program with good standards is alignment with the information security best practices outlined in ISO 27001. Additional third-party security certifications worth noting include the eTrust Privacy Certification, Trustwave, TrustE and HIPAA/HiTech certification. 2. Discuss the need for regular audits with your security partners. It’s important to have routine audits conducted by third parties who will subject your internal IT organization and any outside vendor’s data security infrastructure and posture to rigorous independent testing. Consider this requirement a necessary step in information security best practices for protecting critical confidential information. These kinds of assessments, which typically require frequent independent audits of the control environment, are a common part of achieving compliance with PCI Data Security Standards and other industry standards. 3. Conduct ongoing internal tests of your security posture and plan. Ask if there’s an internal audit team in place at either the vendor’s organization or within your internal IT group. Outside third-party assessments at specific intervals are a crucial part of the process. But complementing that effort with internal teams who are responsible for testing protocols, carrying out simulated data attacks and staging disaster recovery operations is equally important and a reassuring sign of organizational maturity. These internal tests should occur regularly and randomly. They offer a clear feedback mechanism to address weaknesses in the control environment or possible loopholes in data security measures. 4. Take a critical look at your information security technology and infrastructure. Work with your IT team and any outside vendors to understand the maturity, sophistication and capabilities of their information security infrastructures.
In the course of this activity, there are lots of questions to ask and elements to inspect. Are the applications and systems being used designed with information security in mind? Are teams diligent about regularly updating software to safeguard against known compromises? To demonstrate best practices for security infrastructures, what active forms of protection are used? How is confidential information protected on company computers and employee laptops? How often are infrastructure security controls updated to protect against new threats? 5. Consider active monitoring of your electronic infrastructure. Routine third-party audits and ongoing internal testing are a great “onetwo punch” to hit the data security topic hard. The follow-up is a third step that helps vendors and IT groups reach a best-practice phase: Deploy a proactive monitoring strategy. Keeping a watchful eye out for potential system compromises can be handled in two ways. You can either build an internal team of security analysts to conduct 24/7 infrastructure monitoring, or engage a third-party managed security services vendor that specializes in monitoring information systems and looking for problems. There are advantages to each approach, but the primary objective is to have some sort of active monitoring around the clock. If a compromise is detected, you can have a plan and process in place to ensure that you are quickly notified. The bottom line goal on all these steps is to gain a better understanding of the information and data security measures currently in place across all links in your chain. If you’ve done that exploration in partnership with your CIO, you’ve probably asked the right questions and are already making plans to work together to correct any deficiencies you have uncovered. Of course, the reality is that not even the best data security measures can guarantee no compromises will occur. The landscape and the threats are constantly changing, and even information security vendors are not immune from problems and difficulties. As computer security expert Gene Spafford is reputed to have said: “The only truly secure computer is the one unplugged from the wall and locked in a vault.” The key is to be smart about the threat. Take proactive steps to address the issue and partner with the groups, internally and externally, that can add their specialized knowledge to your legal interests in minimizing risks and protecting the company’s sensitive and confidential information. ■
iP Frontline IP & TECHNOLOGY MAGAZINE
IP NEWS
# 1 READ IP MAGAZINE - FREE thousands of searchable articles many new articles daily real time patent statistics weekly newsletter and more
JOIN US online at www.ipfrontline.com
ENTIRELY NEW IN NOVEMBER
Who’s Got Money to Burn?
Do you want 80% of your eDiscovery for 20% of the cost? Are you spending your litigation budget on external consultants and overpriced software to process and review data such as email and documents? Intella’s® cutting edge technology now enables your legal team to review and analyze data in-house. Uncover key information simply and cost effectively for all litigation matters. If you and your staff can use email and Google Search then you can use Intella®! For as little as $895 you can bring your eDiscovery in-house and stop burning through your litigation budget.
Download your FREE trial of Intella® at https://www.vound-software.com/DIY-Data AMERICA america@vound-software.com +1 (888) 291-7201
ASIA asia@vound-software.com
The future of Forensic Search technology
www.vound-software.com
EUROPE europe@vound-software.com