Today's General Counsel, Winter 2019 by Today's General Counsel

WINTER 2019 VOLUME 1 5 / NUMBER 4 TODAYSGENER ALCOUNSEL.COM

A R E YO U SA F E?

LABOR AND EMPLOYMENT

• Courts and #MeToo at odds • How a no-hire agreement can unravel INTELLECTUAL PROPERTY

• USPTO okaying software patents again CYBERSECURITY

• A patchwork of state and local laws

$199 Subscription rate per year ISSN: 2326-5000 View our digital edition: issuu.com/todaysgc

• Qualifying for SAFETY Act Protection • Ransomware Hits the Legal System • Protecting the Corporate Jewels

Stay ahead of the curve with

speed Gain more traction for the critical legal tasks in front of you today and those just around the corner. Epiq delivers expert matter handling, along with the accuracy and speed you rely on to outperform your competition.

Learn more at epiqglobal.com

AT THE HEART OF BUSINESS TM

Uncommon value for clients who shape our everyday lives.

ATLANTA CALIFORNIA CHICAGO DELAWARE INDIANA MICHIGAN MINNEAPOLIS OHIO TEXAS WASHINGTON, D.C.

btlaw.com

WINTER 20 19 TODAY’S GENER AL COUNSEL

Editor’s Desk

Workers of the world, happy new year — the robots are coming! Artificial intelligence is steadily encroaching into the workplace, write Natalie Pierce and Garry Mathiason in this issue of Today’s General Counsel. They say the projected growth rate for this phenomenon is astounding, making it imperative that at least one in-house attorney in every company become knowledgeable about the issues it raises. Philip R. Voluck takes on another workplace conflict nexus in which change is happening, but he says not fast enough. Courts have ruled that many things the #MeToo movement finds intolerable don’t add up to behavior that is “severe, pervasive and unwelcome” (and therefore illegal). The courts are slowly adopting new norms, according to Voluck. In France, workers have “the right to disconnect,” meaning they can be unavailable for work-related calls and texts for periods of time. According to Julien Haure and Marine Hamon, employers have been fearful about the law, but it seems to have caused few problems. That’s because in most economic sectors — banking is one example — the terms of compliance are negotiated between employers and organizations of workers called “unions” (remember them?) more or less amicably. Joseph I. Lieberman, Clarine Nardi Riddle and Mark J. Robertson remind legal departments to take advantage of the SAFETY Act, which shields companies from liability that could result in the event of failure by security technologies that they develop or deploy. It was part of the homeland security legislation that Senator Lieberman took the lead in getting through Congress after 9-11, which ultimately passed on a narrow bi-partisan vote. Legislators on both sides of the aisle voted for and against it.

Nothing that bipartisan is likely to happen during the next Congress, but Aaron S. Cutler, Elizabeth A. Jose and William M. Burgess have written an article about something that will happen. With the House in the control of Democrats, executives from financial services, pharmaceutical and other industries will be compelled to testify before various committees. They should start preparing now and remember that documents they provide can be made public unless they’ve negotiated a promise of confidentiality.

Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com

Gain the tools you need to conduct internal investigations Elevate Your Skills. Connect with Colleagues.

Comprehensive instruction from initial allegation to the final report

Experienced presenters who know the ins and outs of workplace investigations

Interactive sessions to keep you engaged and solidify material

Attend our

Internal Investigations Workshop June 17 – 19, 2019 | Orlando, FL corporatecompliance.org/investigations Questions? Email beckie.smith@corporatecompliance.org

WINTER 2019 TODAY’S GENER AL COUNSEL

Contents 2

Editor’s Desk

8 | Executive Summaries

COLUMNS

38 | Workplace Issues Stay Competitive While Adopting Transformative Technologies Robots, cobots and biometric wearables. By Natalie Pierce and Garry Mathiason

40 | The Antitrust Litigator Market Share and Market Power Twenty percent isn’t enough, ninety percent is definitive. By Jeffery Cross 64 | Back Page Front Burner New Congress Sure to Launch Probes New committee chairs, new concerns. By Aaron S. Cutler, Elizabeth A. Jose and William M. Burgess

FEATURES

14 | Changing Views on Privacy A cultural shift on consumer protection. By Samantha Green 29 | Protecting the Corporate Jewels BYOD complicates things. By Jim Vaughn 42 | You Should Push for Alternative Fee Arrangements There are many options. By Michael S. Zullo 44 | Simple Steps for Data-Driven E-Discovery Procurement Someone in your supply chain is already measuring your data. By Richard Dilgren 48 | Dispute Trends in the Energy Sector Increased environmental scrutiny, high arbitral awards. By Neil Miller 52 | Design Thinking in Sightline A non-linear process. By Omid Jahanbin 56 | SAFETY Act Decreases Private Sector Risk and Liability Litigation insurance in case technology fails. By Joseph I. Lieberman, Clarine Nardi Riddle and Mark J. Robertson 60 | Transforming Responsive and Privilege Reviews with AI Unsupervised machine outperformed humans. By Brett Tarr

TODAY’S GENER AL COUNSEL WINTER 2019

Contents

L ABOR & EMPLOYMENT

16 | The Right to Disconnect Protecting the work/life balance. By Julien Haure and Marine Hamon 18 | #MeToo and Federal Law: Will the Courts Ever Catch Up? Tacky but legal. By Philip R. Voluck 20 | How a No-Rehire Agreement Unraveled Open competition and mobility must be preserved. By David Rashé and Usama Kahf E-DISCOVERY

22 | Make the Most of Your Relationship with Outside Counsel Ask for more and expect to receive it. By Nishad Shevde

COMPLIANCE

CYBERSECURIT Y

26 | Direct Versus Derivative in Shareholder Litigation Factual or moral inquiry? By Jon Polenberg

34 | Data Privacy Landscape Changing Fast States aren’t waiting for Congress to act. By Debbie Reynolds

INTELLEC TUAL PROPERT Y

32 | Four Years After Alice, Software Patents Making a Comeback New USPTO Director is shaking things up. By Aseet Patel

36 | Ransomware Attacks Hit Legal System A problem that firms don't want to talk about. By Antonio Challita

EDITOR-IN-CHIEF Robert Nienhouse MANAGING EDITOR David Rubenstein

EXECUTIVE EDITOR Bruce Rubenstein

SENIOR EDITOR Barbara Camm

CHIEF OPERATING OFFICER Amy L. Ceisel VICE PRESIDENT, EVENTS TODAY’S GENERAL COUNSEL INSTITUTE Jennifer Coniglio DIRECTOR OF BUSINESS DEVELOPMENT Stephen Lincoln

SVP, MANAGING EDITOR OF EVENTS TODAY’S GENERAL COUNSEL INSTITUTE Neil Signore

DIRECTOR, CONFERENCES & BUSINESS DEVELOPMENT Jennifer McGovern-Alonzo

LAW FIRM BUSINESS DEVELOPMENT MANAGER Scott Ziegler DIGITAL EDITOR Catherine Lindsey Nienhouse

CONTRIBUTING EDITORS AND WRITERS

William M. Burgess Jeffery Cross Antonio Challita Aaron S. Cutler Richard Dilgren Samantha Green Marine Hamon Julien Haure Omid Jahanbin Elizabeth A. Jose Usama Kahf Joseph I. Lieberman Garry Mathiason

Neil Miller Aseet Patel Natalie Pierce Jon Polenberg David Rashé Debbie Reynolds Clarine Nardi Riddle Mark J. Robertson Nishad Shevde Brett Tarr Jim Vaughn Philip R. Voluck Michael S. Zullo

DATABASE MANAGER Matt Tortora

ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC

EDITORIAL ADVISORY BOARD Dennis Block GREENBERG TRAURIG, LLP

SUBSCRIPTION

DECHERT

Robert Profusek JONES DAY

Thomas Brunner

Joel Henning

Art Rosenbloom

WILEY REIN

JOEL HENNING & ASSOCIATES

CHARLES RIVER ASSOCIATES

Peter Bulmer JACKSON LEWIS

Sheila Hollis

George Ruttinger

Mark A. Carter

DUANE MORRIS

CROWELL & MORING

David Katz

Jonathan S. Sack

DINSMORE & SHOHL

James Christie BLAKE CASSELS & GRAYDON

Adam Cohen

WACHTELL, LIPTON, ROSEN & KATZ

Steven Kittrell MCGUIREWOODS

FTI CONSULTING

Nikiforos latrou

Jeffery Cross

WEIRFOULDS

FREEBORN & PETERS

Thomas Frederick WINSTON & STRAWN

Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

Robert Heim

Jamie Gorelick WILMERHALE

Robert Haig KELLEY DRYE & WARREN

Timothy Malloy Mc ANDREWS, HELD & MALLOY

Steven Molo MOLOLAMKEN

MORVILLO, ABRAMOWITZ, GRAND, IASON & ANELLO, P.C.

Victor Schwartz SHOOK, HARDY & BACON

Jonathan Schiller BOIES, SCHILLER & FLEXNER

Robert Zahler PILLSBURY WINTHROP SHAW PITTMAN

Thurston Moore HUNTON & WILLIAMS

REPRINTS For reprint requests, email jkaletha@mossbergco.com Jill Kaletha, Foster Printing at Mossberg & Co

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, witho ut the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published quarterly by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2019 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.

TODAY’S GENER AL COUNSEL SPRING 2018

BACK BY P O PU L A R DEM AND

Thank you to our 2019 sponsors

THE EXCHANGE F E B R U A RY 2 4 - 2 6 , 2 0 1 9 • B E V E R LY H I LT O N Inaugural 2018 sponsors

LEGAL O P E R AT I O N S F O RU M

Join us for a VIP Oscar Watching Networking Party on Feb. 24, followed by TGC’s unique Exchange round-table discussions Feb. 25-26 at the Beverly Hilton.

“The Exchange Legal Ops provides an opportunity to educate GCs on what LegalOps can do for them. It provides a high level overview and discussion of Legal Operations that you don’t necessarily get at ACC or CLOC conferences. Also, the networking opportunities are great.” “This forum provides a unique opportunity to discuss legal operations comprehensively, with perspectives from legal ops practitioners, GCs, senior counsel, law firm and other external providers.” LE A R N MORE

“Time well worth spending.”

TodaysGeneralCounsel.com/Institute @TodaysGC #tgclegalops linkedin.com/groups/8656444

WINTER 2019 TODAY’S GENER AL COUNSEL

Executive Summaries L ABOR & EMPLOYMENT PAGE 16

PAGE 18

PAGE 20

The Right to Disconnect

#MeToo and Federal Law: Will the Courts Ever Catch Up?

How a No-Rehire Agreement Unraveled

By Philip R. Voluck Kaufman Dolowich & Voluck LLP

By David Rashé and Usama Kahf Fisher Phillips

Despite #MeToo’s global impact, the current state of American law is clearly at odds with the cultural changes #MeToo advocates. The law’s concern is much narrower. Recent federal decisions indicate a gradual broadening in the types of sexual harassment cases that courts recognize, but still hold that in order for sexual harassment to become an actionable legal claim it must be severe, pervasive and unwelcome. Courts have found that offensive incidents, including the use of vulgar language, sexual photos, and name-calling are not always pervasive enough to create a hostile work environment. At least one federal court has explicitly referenced #MeToo as it relates to affirmative defenses to sexual harassment claims. That may help change the dynamics in relation to willingness of victims to come forward with complaints of a sexual nature. The court, in excusing an alleged victim’s failure to report, noted that it often came down to the authority the perpetrator wielded over the victim. Despite the challenges posed by folding #MeToo into the workplace, most businesses have taken to the idea that sexual harassment can consist of conduct that may not be severe or pervasive and are modifying their personnel policies and training accordingly. Some change is afoot, as evidenced by the EEOC’s recent initiatives, and at least one reference by a federal court regarding #MeToo. Businesses are wise to maintain their training programs, while supplementing them with #MeToo principles of respect and dignity in the workplace.

Settlement agreements with employees often contain a “no-rehire” clause, stating that the employee waives the right to any future employment with the company, and the company cannot be held liable if it later rejects a job application from that individual. Recently, a federal appeals court held that an overly broad no-rehire provision in a settlement agreement can, in some cases, be an unlawful restraint of trade. In Golden v. California Emergency Physicians Medical Group, the Ninth Circuit voided a settlement agreement between a physician and his former employer because one provision imposed a restraint of trade in violation of California’s strict prohibition on noncompete and related covenants — Business & Professions Code Section 16600. The Ninth Circuit ruled that if a contractual provision is material or significant enough that its enforcement would implicate the policies of open competition and employee mobility that animate Section 16600, it will qualify as a substantial restraint on trade. Employers and businesses should take note of the Golden decision. Settlement agreements that contain overly expansive language or language that is too aggressive can give employees (and courts) more at which to take aim. Such language may provide a legal basis to invalidate the settlement agreement in its entirety. Having a settlement agreement go awry for this reason is an avoidable outcome. Settlement agreements must be carefully crafted. Old templates should not be used without scrutinizing the language of every sentence to ensure continued legality of all the terms.

By Julien Haure and Marine Hamon Mayer Brown

Since January 2017, companies in France have been under the legal obligation to comply with the “right to disconnect,” according to which employees are entitled to remain unavailable outside their working time. The law is meant to enhance protection of a work-life balance. No penalties are incurred by the employer who fails to comply, but employees who challenge their working arrangement in a company where specific measures on the right to disconnect have not been implemented could use it to justify a “burnout” situation and related claims for damages. In the banking sector, many collective agreements have been entered into with union representatives, according to which employees are under no obligation to respond to emails outside their working hours. In the insurance sector, some companies simply invite employees to ponder the right moment to send an email or call a fellow employee. In some tech companies, employees who connect to their professional email address or to the intranet receive an automatic email to inform them that they are about to enter a “resting time period.” The right to disconnect caused more fear than harm. It does not require much from employers and has little impact on the way French employees work. Rather than pushing companies to disconnect all devices as of 6 p.m. every day, it encourages companies to enhance and promote a different type of management and work organization that should be of benefit to all.

TODAY’S GENER AL COUNSEL WINTER 2019

Executive Summaries E-DISCOVERY

COMPLIANCE

INTELLEC TUAL PROPERT Y

PAGE 22

PAGE 26

PAGE 32

Make the Most of Your Relationship with Outside Counsel

Direct Versus Derivative in Shareholder Litigation

Four Years After Alice, Software Patents Making a Comeback

By Nishad Shevde Exterro

By Jon Polenberg Becker & Poliakoff

By Aseet Patel Banner & Witcoff, Ltd.

Earlier this year, the author’s company conducted a survey of professionals at law firms serving corporate clients. It covered a wide range of topics, including client relationship management; project management; and e-discovery services, staffing and technology. The results show that more than half of law firms rely on attorneys to serve as project managers, meaning legal project management still has plenty of room to grow. Law firm e-discovery services have grown significantly over the last five years, with 85 percent of respondents seeing “substantial” or “slight” growth in demand from clients. The survey results suggest that clients should ask for and expect to receive better and more collaborative e-discovery counseling from law firms. Seventy-seven percent of clients are asking for reduced rates or alternative billing arrangements. Half want proactive cost and risk mitigation strategies. While technology-assisted review is relatively common (61 percent) at law firms, artificial intelligence is relatively rare, with 60 percent of law firms using it “rarely” or “never.” A significant minority are embracing technology to provide transparency, even if their other LPM practices are not optimized. Some strategies suggest themselves: Define case goals and strategy clearly. If you dump documents on your law firm with little to no guidance about overall goals, it only makes sense that they’ll have to do more foundational work. Implement defensible collection and preservation. Educate law firms on your IT infrastructure. In summary, be proactive, not reactive, around e-discovery.

When a shareholder brings a claim involving company officers and directors, the court must decide whether the shareholder is suing for harm suffered, and the claim is direct, or the alleged harm is suffered by the company and the claim is derivative. Distinguishing between direct and derivative claims, however, has become complicated. This article analyzes the difference, and as most courts follow similar reasoning, the analysis is instructive for all jurisdictions. In 2004, the Delaware Supreme Court attempted to clarify the distinction between derivative and direct claims in Tooley v. Donaldson, Lufkin & Jenrette, Inc. The court examined three cases and deduced certain principles that were central to the 2017 decision reached in In re Straight Path Communications Inc. Consolidated Stockholder Litigation. The Straight Path decision held that a shareholder’s post-merger claim was direct, despite the fact that the plaintiff would recover in proportion to ownership in the corporation’s stock — what would otherwise appear to be a derivative claim. The direct/derivative distinction for post-merger claims is significant. After a merger, shareholders lose standing to pursue derivative claims once they are no longer shareholders. If the claim is derivative, the lawsuit ends. The evolving standard therefore may spiral into an ad hoc inquiry deciding whether the alleged facts insult the conscience rather than evaluating who suffered the harm and the effect of the remedy. The inquiry should be tied to deciding whether the harm and recovery affect a single shareholder (direct claim) rather than affecting all shareholders in proportion to their ownership (a derivative claim).

Since being sworn in as the new director of the USPTO in February, Andrei Iancu has led the charge to improve predictability of patent-eligible subject matter. In addition to guiding United States patent examiners, Iancu has also tried to eliminate inconsistencies in the interpretation and implementation of the two-part Alice test among different branches of the USPTO. In August, the director created a new post that coordinates between the Patent Trial and Appeal Board of the USPTO and the examining corps. With the Supreme Court seemingly content to stand on the sidelines about subject-matter eligibility issues, some bar associations have joined forces to encourage legislative action. At the annual meeting of the Intellectual Property Owners Association (IPO), Director Iancu noted that IPO committees have been hard at work on a legislative fix to Section 101, and has joined forces with the American Intellectual Property Law Association to propose new statutory language. The legislative effort will take time, but the effort is encouraging. Meanwhile, the USPTO has stepped up its efforts to distribute guidance and educational materials that improve predictability of what is and is not patent eligible under its interpretation of 35 U.S.C. § 101 jurisprudence. Bar associations are also contributing to the effort with proposed legislation to Congress. Increased clarity should improve depressed patent valuations, result in increased patent licensing activity and raise shareholder value. General counsel and chief executives should rethink their company’s patenting strategies to take the changing landscape into account.

WINTER 2019 TODAY’S GENER AL COUNSEL

Executive Summaries CYBERSECURIT Y

FEATURES

PAGE 34

PAGE 36

PAGE 14

Data Privacy Landscape Changing Fast

Ransomware Attacks Hit Legal System

Changing Views on Privacy

By Debbie Reynolds Eimer Stahl LLP

By Antonio Challita CyberSight

The United States has a varied data privacy landscape comprised of a series of federal, state and local laws. Some states have enacted data privacy laws that are outpacing federal legislation with respect to the scope of protections being addressed. Many are wondering if the United States will adopt a consumer data privacy and protection law as strict and far-reaching as the EU’s General Data Privacy Regulation. As of 2018, 50 states have passed data privacy laws. Illinois, with its Biometric Information Privacy Act, and California, with its Consumer Privacy Act, have been in the vanguard. The ruling in the 2018 Supreme Court case Carpenter v. the United States — that law enforcement needs a warrant to search cell phones — was an unexpected win for data privacy advocates, who for many years bemoaned the antiquated laws being applied to cases dealing with digital information. Carpenter v. United States is a high-level case that offers the opinion that evidence in digital form is different and requires special consideration with searches. The Carpenter case will spur discussion about updating laws to deal with handling personal data in criminal and civil matters. In 2019, we are likely to see movement on a national data privacy law, most likely more business than consumer-friendly. This will not stop states from trying to enact more data privacy laws. One issue is whether a national data privacy law, if passed, will be comprehensive enough to quell further state-level legislation.

Ransomware has become the weapon of choice for cybercriminals. A recent report by SonicWall shows that nearly 100,000 ransomware attacks are happening per day in 2018, compared to 4,000 attacks per day reported by the FBI in 2016. There have been several high-profile ransomware attacks specifically targeting the legal sector in the past few years. These attacks include a ransomware attack on the law firm DLA Piper, which was impacted by NotPetya, and an attack on the firm of Moses Afonso Ryan, which as a result sued its insurance company for $700,000 in lost billings. Firms and legal departments are advised to keep software up to date; maintain regular backups stored offline; train employees to be aware of social engineering attacks; and avoid clicking on phishing emails, opening suspicious attachments or clicking on malicious advertisements. They should use least privilege mode and consider using a protection solution that incorporates real-time behavioral analysis and machine learning. Ransomware is a rapidly growing threat for all businesses, but for the legal sector the threat goes beyond the cost of simply paying a ransom. When a law firm or other entity in the legal sector is locked out of its IT for even a short period, it soon finds that it’s unable to meet important client deadlines, complete purchases or pursue court cases. This hasn’t escaped the attention of cybercriminals keen to exploit vulnerabilities in the software of firms that believe a cyberattack will never happen to them.

By Samantha Green Epiq

There is a widespread shift underway in how U.S. citizens view protection of their personal data. Massive data breach scandals are a key cause behind this rising concern about privacy. A 2017 survey found that just nine percent of social media users were “very confident” that social media companies would protect their data. Six-in-ten Americans have said they would like to do more to protect their privacy. Additionally, two-thirds have said current laws are not good enough in protecting people’s privacy, and 64 percent support more regulation of advertisers. California recently passed what is arguably the country’s strongest digital privacy law. It gives people the right to tell companies to delete their data, as well as to not share or sell their personal information, and makes it easier for consumers to sue companies following a data breach. Colorado just passed the “Protections for Consumer Data Privacy,” which significantly tightens reporting requirements for organizations hit by a data breach and requires much firmer measures be taken to protect consumers’ personal information. In May, Vermont passed the country’s first law regulating data brokers — organizations that buy and sell personal information. With states taking the lead, the cultural shift in how we feel about privacy could spur big changes across the country, and even lead to comprehensive privacy legislation. The bottom line: People want more control, and more understanding of how their personal information is being used.

TODAY’S GENER AL COUNSEL WINTER 2019

Executive Summaries PAGE 29

PAGE 42

PAGE 44

Protecting the Corporate Jewels

You Should Push for Alternative Fee Arrangements

Simple Steps for Data-Driven E-discovery Procurement

By Jim Vaughn iDiscovery Solutions

By Michael S. Zullo Duane Morris LLP

By Richard Dilgren Fronteo USA

There are a number of things to consider when using digital forensics for investigating potential theft or improper usage of proprietary data. Bring Your Own Device protocols add complexity to a situation in which corporations already use traditional data sources such as a desktop, laptop, server and corporate email. There are certain electronic data sources that defendants, plaintiffs and forensic neutrals alike should consider for any investigation. These include laptops/ desktops (workstations), email servers, file servers, external media, online repositories, personal email accounts, home computers, smartphones and other mobile computing devices. It is important to understand the types of servers in use and the general terms data custodians and users may utilize when describing them. One way to exfiltrate large amounts of data is through the connection of an external device. It is very easy to mass copy files, disconnect the device, and leave with it. One way to view a user’s activity is through the review of link files, a shortcut on a local drive that may indicate the history of a file being opened from an attached device. With respect to employee-owned devices, in addition to implementing and reinforcing a culture of security and reserving the ability to “wipe” devices if they are lost or stolen, companies should also consider ongoing security training and annual employee acknowledgment, and otherwise set and manage employee expectations about the privacy they will have to surrender in exchange for the convenience of using their personal devices for work.

Billable hours have been around a long time, and inertia presents a hurdle to innovation. Creative attorneys, however, are learning to package their services more like tangible products by seeking efficiencies and exploring volume discounts. The most prominent example of this approach is the alternative fee arrangement, or AFA. AFAs come in many forms — reduced rates, blended rates, fixed fees, annual fees, contingent fees and mixed contingent fees. The best AFAs create value for the in-house lawyer by delivering certainty. This, in turn, helps control and manage the legal budget. There are legitimate fears on both sides, but they can be overcome with a well-drafted letter of engagement. Although big firms don’t have much incentive to take small engagements on a one-off basis, they can be incentivized to take a portfolio of such engagements. Because the services are being provided under an AFA, the client should be able to realize significant savings while dealing with a consolidated list of quality firms that deliver a consistent work product, and have familiarity with the client’s business and risk profile. Outside counsel can use portfolio management to generate revenue streams that they previously might not have been able to competitively service. Some engagements will not work as an AFA. But clients would be remiss if they do not explore these options. Similarly, outside counsel would be wise to invite such discussions, and even wiser to propose such arrangements to their clients.

Evaluating future consumption for the diverse set of services that we lump into the category of “e-discovery services” is a daunting task in organizations with heavy litigation burdens. Luckily, someone else already measured your consumption. Somewhere in the supply chain resulting in you or your outside counsel gaining access to your discovery-focused data, it was measured and recorded. Your internal IT team may serve as your data collector. Often, internal IT functions can provide pre- and post-collection data volume information; and nearly as often, it can provide this information even after the collection function is performed. Your historical outside counsel will have a cross-section of metrics for as long as they maintain your case files. Gather and normalize your data. You will quickly discover that while each group (whether IT, law firm or outside legal services partner) measures, they may measure slightly different things. Think logically about whether your data is representative. Solid but non-representative data will still lead you astray in decision making. Procure through a model that anticipates outliers. The fear of “burst” fees causes organizations to over purchase; and that spending is wasteful. Look for a model that allows you to scale without penalty even if your recognized economies of scale plateau. Outsource the work of data gathering, compare like and meaningful data points, and buy through a flexible, planned model. This common-sense process bridges the gap between your organization and meaningful, data-driven controls on your e-discovery spend.

WINTER 2019 TODAY’S GENER AL COUNSEL

Executive Summaries FEATURES PAGE 48

PAGE 52

PAGE 56

Dispute Trends in the Energy Sector

Design Thinking in Sightline

SAFETY Act Decreases Private Sector Risk and Liability

By Neil Miller Norton Rose Fulbright

Energy sector disputes dominate international arbitration both in number and value, with the highest value arbitral awards in history arising from energyrelated arbitration. Joint venture agreements are very prevalent, and the economic impact of low oil prices has hit participants in production-sharing agreements and joint operating agreements hard, resulting in defaults, budget disputes and royalty disputes. Political regime change has resulted in significant cross-border gas supply disputes and international arbitrations. There have been record high numbers of investor-state disputes. Even where states have terminated bilateral investment treaties, sunset clauses will mean the continuation of claims for years. Energy corporations are facing increased scrutiny of their environmental impact and potential disputes in relation to their contribution to climate change. As a body of climate change case law continues to grow, so too does the risk posed to corporations active in the energy sector, where environmental impact is inevitable. The availability of claimant funding will be a key aspect of this. A multiplicity of new rules, seats and institutions, as well as the revamping of rules between now competitive institutions to attract arbitral business worldwide, brings with it uncertainty that did not previously exist within the tighter arbitral fraternity. In the energy sector, an uncertain political landscape — combined with cross-border investment in energy projects and fluctuating prices — creates the model ecosystem for a whole spectrum of energy disputes to emerge globally, with arbitration remaining a key method of dispute resolution.

By Omid Jahanbin Consilio

Design Thinking is non-linear process, the goal of which is to arrive at the best outcome, given a particular problem or set of challenges, while being mindful of time, cost and complexity. The first stage of the process is to develop an empathetic understanding of the problem. This involves reaching out to legal practitioners and learning more about their concerns by observing and engaging with them. The definition stage consists of analyzing observations to establish features, functions and other elements that will solve problems. During the ideation stage, the product teams start generating ideas. Often the result is a statement of the problem and ideas about solving it. In the prototype phase, the ideas are tested with scaled-down versions of products or features. The goal is to identify the best solution for each problem that was identified during the first three stages. At the testing stage, the complete product is tested using the best solutions identified in the earlier stages. Refinements are still made during this stage, at or after the release of a solution. It is crucial to foster an environment where many ideas can surface — a meritocracy of ideas and execution. Sightline, an e-discovery platform, was created using the Design Thinking process, which continues to be used as Sightline is refined and improved through interaction with users. Innovating without an approach informed by users is a strategy operating in a vacuum, devoid of the real-world impacts and outcomes.

By Joseph I. Lieberman, Clarine Nardi Riddle and Mark J. Robertson Kasowitz Benson Torres LLP

The Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act of 2002 was passed as part of the Homeland Security Act. The SAFETY Act removes a major obstacle for companies to deploy technologies helpful to homeland security — the catastrophic liability that could result if their technology becomes the subject of litigation. Under the SAFETY Act, a firm has protections against civil liability if its product or service failed to perform as intended in the event of a terror attack. The SAFETY Act offers protections up and down the supply chain, in both government and private markets. Users and suppliers of anti-terrorism technologies are protected if their technology has been “Designated” or “Certified” by the Department of Homeland Security (DHS). There are two classes of protection. First, products or services may be designated as a Qualified Anti-Terrorism Technology (QATT). The second class of protection is SAFETY Act certification, which entails a stricter review, provides all the benefits of QATT designation and adds one more layer of liability protection. A “Seller” of a certified QATT is entitled to assert the Government Contractor Defense (GCD) in litigation arising from an act of terrorism. The SAFETY Act is a valuable tool for litigation and risk management for companies developing and fielding security technologies. It furthers private interests to the benefit of the common good by enhancing our nation’s security and resilience against a terror attack. In-house and outside industry counsel can support these goals by promoting the use and understanding of the SAFETY Act.

TODAY’S GENER AL COUNSEL WINTER 2019

Executive Summaries PAGE 60

Transforming Responsive and Privilege Reviews with AI By Brett Tarr Caesars Entertainment

Advancements in the last decade have brought artificial intelligence out of theory and into operation. In the legal arena, the implications of this change may be particularly profound in the areas of privilege and responsive reviews, where challenges are rapidly evolving. That has meant exploring predictive coding and technology assisted review; there are two significant challenges, however, that make it difficult to employ them. Predictive coding requires a subjectmatter expert, typically a senior attorney who is unlikely to have the time to devote to this effort, to hand label documents in order to create a “seed set.” Second, predictive coding is constrained to looking within the four corners of the document, which means that it doesn’t take into account any of the broader ecosystem of documents where valuable context lies. The author designed a test with the AI company Text IQ. He found that AI (unsupervised machine learning, where a system takes on huge scales of unstructured data and makes meaningful deductions that no team of humans could make, given the scale and velocity of the data) could successfully automate privilege review. He then tested its ability to implement substantive responsiveness, or “first-pass review.” AI quickly knocked out 50 percent of the population of documents that were non-responsive, drastically reducing time and money spent on paying attorneys to manually review documents. AI is not only transforming the results of his discovery, it is transforming the way he manages the discovery process itself.

DA ILY NE WS L E T T E R S Daily A.M. newsletters distributed to 35,000 corporate subscribers containing timely substantive legal news and analysis. With extremely high open rates, they provide an unmatched marketing vehicle for those looking to reach the corporate legal and large law communities.

T O A DV ER T ISE, PL E A SE V ISIT T ODAY S GE NE R A L C OUN S E L .C OM /A D V E R T IS E

SPONSORED SECTION

Changing Views on Privacy By Samantha Green

n the digital age, sharing personal information online is a way of life. It’s how we connect with others, gain access to valuable services and information, pay bills, book trips, support causes, buy clothes, view health records and schedule appointments. Practically anything we need to do can be done in a few clicks, or simply by asking Alexa. And throughout each of these common exchanges, companies collect our personal and financial information. Although these practices have been in place for years, there is a widespread shift underway in how United States citizens

view the protection of their personal data. A boilerplate consent form isn’t enough anymore. People want to understand the full scope of how sensitive information is accessed, shared with third parties, used for targeted advertising, and what is being done to safeguard their privacy in the process. BREACH IN TRUST

Massive data breach scandals are a key cause behind this rising concern around privacy. The events that transpired between Facebook and Cambridge Analytica — in which the political analytics firm harvested

personal information of up to 87 million users without their consent — exposed just how much we don’t know about how our personal information is used and exploited. This went far beyond a data breach. It was a breach in trust, one that was detrimental to how our global democracy works. Another recent breach making headlines involved the brand Under Armour. This spring, it admitted that close to 150 million MyFitnessPal accounts were hacked when an unauthorized party acquired data from the app that included usernames, passwords and email addresses. These breaches, among many others, are creating a growing sense of angst among Americans who use social media. Pew Research Center studies have shown that people are anxious about the security of their personal information. A 2014 survey found that 91 percent of Americans “agree” or “strongly agree” that people have lost control over how their personal information is collected and used by various entities. A 2017 survey found that just 9 percent of social media users were “very confident” that social media companies would protect their data. About half of users were “not at all” or “not too” confident that their data were in safe hands. Six in 10 Americans have said they would like to do more to protect their privacy. Additionally, two thirds have said current laws are not good enough in protecting people’s privacy, and 64 percent support more regulation of advertisers. As companies remain under intense scrutiny and user trust wanes, the shift in public opinion is putting pressure on organizations — especially tech giants — to be much more transparent about their privacy policies, and for the government to create new privacy protections. In the United States, there is no single, overarching federal law regulating the collection and use of personal data. There are broad consumer protection laws that prohibit unfair or deceptive practices involving the disclosure of — and security procedures for protecting — personal information, including the Health Insurance Portability and Accountability Act

TODAY’S GENERAL COUNSEL WINTER 2019

(HIPAA), and The Federal Trade Commission (FTC) Act. But we don’t have sweeping legislation like the EU’s General Data Protection Regulation (GDPR). LEGISLATION INTRODUCED

In April, Senators Amy Klobuchar and John Kennedy released the Social Media Privacy Protection and Consumer Rights Act of 2018, a comprehensive bill that would impose strong regulations on companies that collect data on users. Among the provisions, it would require websites to provide their users with a free copy of the data that is being collected on them, as well as information on other parties who have gained access to it. It is unclear where the Act will go from here, or when or even whether it will get a vote, but it’s important to note that there is bi-partisan support for legislation that mirrors the GDPR. The GDPR went into effect across the EU in May. It restricts how companies collect, store and use personal data. The laws require companies to clearly explain how they plan to use and secure people’s personal information, as well as how other entities will access that data. If they don’t comply, they face severe penalties, ranging from up to 10 million, or 2 percent of the worldwide annual revenue of the prior financial year (whichever is higher), or for the most significant violations up to 20 million, or 4 percent of the worldwide annual revenue of the prior financial year (whichever is higher). Supervisory authorities also have more power to monitor and enforce the new law, conduct investigations on compliance, order companies to provide information, and obtain access from companies to all personal data and information that the authorities think they need to perform their tasks. Individuals also have enhanced rights under the law. The political slogan for the GDPR is the “Right to be Forgotten” — a right for individuals to have personal data erased. As United States consumers demand more rights over their personal data and stricter oversight of tech companies, states

and localities are taking matters into their own hands and drafting tougher data protection laws. All 50 United States, as well as the District of Columbia, Guam, Puerto Rico and the United States Virgin Islands, have created breach notification laws that require businesses to notify consumers if their personal information is compromised. Several states take it a step further by requiring companies to be more transparent in how they process consumer data. California recently passed what is arguably the country’s strongest digital privacy law, and many states MASSIVE could be following suit. Echoing DATA key elements of BREACH the GDPR, it SCANDALS grants consumers the right ARE A KEY to know what CAUSE information BEHIND companies are collecting, why THIS it’s being colRISING lected and how CONCERN it’s being shared online. The legAROUND islation, which PRIVACY. goes into effect in 2020, gives people the right to tell companies to delete their data, as well as not to share or sell their personal information. It includes a provision that children under 16 must opt in to allow companies to collect their data. Additionally, the law also makes it easier for consumers to sue companies following a data breach. Colorado just passed the Protections for Consumer Data Privacy Act into law, which significantly tightens reporting requirements for organizations hit by a data breach and requires much firmer measures be taken to protect consumers’ personal information. Organizations must maintain policies for disposing of documents containing consumer data and must notify Colorado residents of any potential personal information exposure no later than

30 days after discovering a data breach — the shortest of any state. In May, Vermont passed the country’s first law regulating data brokers — organizations that buy and sell personal information. It requires them to register with the state government, better inform consumers on the data that’s being collected, provide instructions for opting out of such collection, ensure that their security practices are current and notify authorities when a breach occurs. The GDPR has also inspired recent data protection ordinances in Chicago, where the Personal Data Collection and Protection Ordinance was introduced in June. Amidst countless data breaches and identity thefts, it is clear that the American public demands more from both tech companies and lawmakers to protect their personal information and invaluable right to privacy. With states taking the lead, this cultural shift in how we feel about privacy could spur big changes across the country, and even lead to comprehensive privacy legislation. The bottom line: People want more control, more accountability from companies, more oversight and more understanding of how their personal information is being used.

SAMANTHA GREEN is the Manager of Thought Leadership for Epiq. She serves as a subject matter expert on all aspects of electronic discovery, data privacy and cybersecurity, drawing on her more than 15 years of litigation and consulting experience. As a litigator, she has taken a number of cases from pre-discovery through trial and has handled a broad spectrum of cases, from government investigations (including FCPA and antitrust matters) to HSR second requests and commercial litigation matters. sagreen@epiqglobal.com

WINTER 2019 TODAY’S GENER AL COUNSEL

Labor & Employment

The Right to Disconnect How the French Law Impacts Businesses By Julien Haure and Marine Hamon

ince January 2017, companies in France have been under the legal obligation to comply with the “right to disconnect,” according to which employees are entitled to remain unavailable outside their working time. This new obligation has caused a great stir overseas. Mainstream media relayed to the public that French employees had the right to disconnect as of 6 p.m. daily. Presented that way, it is true that the right to switch off devices could seem very disconnected from business reality. Still, with the overwhelming presence of communication technologies, electronic devices and social media in our daily lives, along with the growing use of telecommuting, it has become difficult to draw a clear line between work and private life. The new law was meant to enhance protection of a work-life balance. The concept of disconnecting from professional electronic devices

is anything but new. Many collective bargaining agreements — notably in the IT sector — included provisions on the right to disconnect long before the 2017 law. Nevertheless, passing a law on that topic showed a clear will to further protect employees’ health. This being said, multi-national companies have a wide range of options to comply with their obligation under this law and still keep business flowing. This article lists some practical tips and examples of measures that have already been taken in various sectors. EMPLOYERS’ OBLIGATIONS

Pursuant to Article L. 2242-8 of the French Labor Code, employers must negotiate each year with trade union representatives on various topics including “the modalities of the employee’s right to disconnect and the implementation in the company of regulatory tools for the use of electronic devices, to ensure the

protection of resting times and private and family life.” If the parties cannot reach an agreement, Article L. 2242-8 also provides for the possibility of the employer implementing a charter of best practices, or a code of conduct, upon consultation with the social and economic committee of the union. In companies with less than 50 employees, or without trade union representatives, the employer can draft a unilateral document to ensure the compliance and protection of the right to disconnect, potentially following a consultation with the social and economic committee, if any. The law also provides for specific measures for employees hired under a “forfait jours” (a flat rate agreement to work a specific number of days per year) working time arrangement. With or without trade unions, in companies where some employees are hired under

TODAY’S GENER AL COUNSEL WINTER 2019

Labor & Employment forfait jours, the company or branchwide collective bargaining agreement allowing for such arrangement must provide for these employees to use their right to disconnect, irrespective of the headcount of the company. Some collective bargaining agreements, such as SYNTEC (a federation of professional unions) for the IT sector, already include provisions on such a right. If that is not the case, the employer is invited to fill the gap by outlining modalities to exercise the right to disconnect in any document that can be brought by any means to the attention of employees. The right to disconnect can be understood as the psychological aspect of the employee’s right to rest at least 35 hours in a row each week (11 hours + 24 hours). If the employee remains available through phone or email, he or she cannot be considered as effectively resting, all the more since many employees working under a forfait jours are also telecommuting. IMPACT IN PRACTICE

Some companies operating globally and on different time zones may fear the negative impacts the right to disconnect could have on their business. In fact, the right to disconnect does not dramatically change the way employees work. Employers were required before, and still are required, to protect the health and safety of their employees, notably by ensuring that their workload is reasonable and that their work-life balance is protected. The new law gives great leeway to trade unions and companies to choose the type of measures they want to implement. No penalties are incurred by the employer who fails to comply with the above-mentioned provisions, but employees who challenge their working arrangement in a company where specific measures on the right to disconnect have not been implemented could rightfully use it to justify a “burnout” situation and related claims for damages. While burnout is not recognized in France as an occupational disease (yet), it nevertheless poses a significant hazard to employees’ health, justifying corrective and preventive actions from the

employer. In any case, failure to prevent burnout situations can justify claims of damages, as it falls within the scope of employers’ strict duty to ensure safety. PRACTICAL TIPS

The right to disconnect can be tailored to match the employee’s activities and schedules. For instance, an employee who works solely with Asia could be allowed to disconnect earlier at night and connect earlier in the morning to be in line with the local time zone. Here is a list of steps companies could take to comply with the right to disconnect: 1. Check whether the national collective bargaining agreement applicable within the company, or any other company-wide collective agreement, provides for measures on the right to disconnect. 2. Conduct an audit of practices on the use of professional devices by employees in the company. 3. Implement tools to enforce the right to disconnect. 4. Provide training to managers. They are the ones assigning work and reaching out to employees. Here are some examples of measures in various sectors of the economy: • At a leading temporary agency, the right to disconnect must also be observed during lunch breaks. Employees are invited to refrain from consulting their emails during meetings or performance reviews. When a manager sends an email to an absent employee (due to sick leave or paid time off), the email is only deemed read once the employee is back at work. • In the banking sector, many collective agreements have been entered into with union representatives, according to which employees are under no obligation to respond to emails outside their working hours. In this respect, a specific disclaimer can be included in their electronic signatures. • In the insurance sector, some com-

panies simply invite employees to ponder the right moment to send an email or call a fellow employee. Rather than posing strict limitations on the use of telecommunications, companies merely remind their employees that they should not use their personal devices to check their professional emails or work outside their working hours. • In some tech companies, employees who connect to their professional email address or to the intranet receive an automatic email to inform them that they are about to enter a “resting time period.” In retrospect, the right to disconnect caused more fear than harm. It does not require much from employers, and has little impact on the way French employees work. Rather than pushing companies to disconnect all devices as of 6 p.m. every day, it encourages companies to enhance and promote a different type of management and work organization that should be of benefit to all. ■

Julien Haure is the employment law partner in the Paris office of Mayer Brown. He has many years’ experience as an employment law advisor and in complex employment collective matters such as shut down of activity, reorganizations implying reduction in force plans, negotiation with unions and employee representative bodies, implementation of collective agreements, and sensitive litigation. JHaure@mayerbrown.com Marine Hamon is an associate in the Employment & Benefits practice group of Mayer Brown’s Paris office. She advises French and foreign corporations on all matters related to French employment and labor law. She also represents their interests before French courts. mhamon@mayerbrown.com

WINTER 2019 TODAY’S GENER AL COUNSEL

Labor & Employment

#MeToo and Federal Law: Will the Courts Ever Catch Up? By Philip R. Voluck

he #MeToo movement has radically changed the way society views sexual harassment. While it has been a pervasive problem in most workplaces for years, #MeToo has dramatically thrust sexual harassment into a global spotlight. With the public’s attention captured, many silent victims have been prompted to speak out, motivating employers to respond lest they face the wrath of employees and consequences of perceived inaction. Despite #MeToo’s global impact, the current state of American law is clearly at odds with the cultural changes #MeToo advocates. The law’s concern is much narrower. Will these differences persist, or will the federal courts warm to the fact that the protection they offer is not enough? Should they even consider lowering the thresholds to incorporate new codes of civility? It was back in 1986 when the United States Supreme Court unanimously ruled that sexual harassment is a violation under Title VII of the Civil Rights Act of 1964 — the federal law that bans sex discrimination. In 1998, the Court

expanded the law’s reach to cover “same sex” harassment, reasoning that Title VII’s prohibition of discrimination, “because of . . . sex,” protects men as well as women. However, the Court added a cautionary note that liability for sexual harassment will not transform Title VII into a “general civility code for the American workplace,” since Title VII is directed at discrimination because of sex, not merely conduct tinged with offensive sexual connotations. Federal courts consistently apply the high court’s reasoning that the law does not reach genuine but innocuous differences in the ways men and women routinely interact. Indeed, as Justice Anthony Scalia wrote, “petty slights, minor annoyances and simple lack of good manners” are not legally actionable. Another federal court explained, “These standards for judging hostility are sufficiently demanding to ensure that Title VII does not become a general civility code.” As a general rule, incidents must be more than episodic; they must be sufficiently continuous

and concerted in order to be deemed pervasive. A plaintiff must establish that he or she subjectively perceived the environment to be abusive and that a reasonable person would have perceived it as such. #MeToo is now seeking to hold businesses accountable under circumstances that are not currently unlawful. Businesses across the country are now confronted with the reality that #MeToo is part of our culture. Perhaps nowhere is this reality more evident than in the workplace, where the legally viable concepts of sexual harassment and hostile work environment were first born, and are still being litigated. Trying to incorporate the underpinnings of #MeToo — respect, awareness and sensitivity — into the workplace is proving challenging to many businesses. One reason is that governing federal law has not changed to incorporate the teachings of #MeToo. To the contrary, it remains rooted in the strict thresholds of proof required before an actionable claim of unlawful conduct can be brought. Off-color, distasteful and even vulgar remarks usually do not result in liability for employers. Strict evidentiary thresholds focusing on the nature and frequency of the harassment have been in force for decades. SEVERE, PERVASIVE AND UNWELCOME

Recent federal decisions indicate a gradual broadening in the types of sexual harassment cases that courts recognize; but they still hold that in order for sexual harassment to become an actionable legal claim it must be severe, pervasive and unwelcome. Courts have rejected claims of sexual harassment where the victim alleged that the harasser made an appreciative comment about her buttocks and deliberately touched her breasts, or where he

TODAY’S GENER AL COUNSEL WINTER 2019

Labor & Employment repeatedly called the victim a “pretty girl,” and on one occasion simulated masturbation. Courts have found that offensive incidents, including the use of vulgar language, sexual photos and name-calling are not always pervasive enough to create a hostile work environment. Federal law also affords an affirmative defense against hostile work environment claims if the employer takes reasonable steps to address and prevent sexual harassment, such as a written policy and training. There are also varying statutes of limitations for bringing a sexual harassment claim. Contrast this with the passage of so much time before many of the #MeToo victims came forward. In some cases, it was years. EEOC TAKING THE LEAD

Clearly, the desire for the expansion of employee rights and protections is evidenced by the Equal Employment Opportunity Commission’s (EEOC’s) recent announcement that in 2018, it filed 66 harassment lawsuits, including 41 that included allegations of sexual harassment. That reflects more than a 50 percent increase in sexual harassment suits over fiscal year (FY) 2017. In addition, charges filed with the EEOC alleging sexual harassment increased by more than 12 percent from FY 2017. Overall, the EEOC recovered nearly $70 million for the victims of sexual harassment through litigation and administrative enforcement in FY 2018, up from $47.5 million in FY 2017. The EEOC also appears to be leading the way to a more inclusive set of standards regarding what is appropriate behavior in the workplace through its new civility training program, which teaches skills for employees and supervisors. According to the EEOC, “Rather than dwelling on standards and what NOT to do, this training will focus on WHAT TO DO — the words and actions that promote respect and fairness, and participants’ responsibility for contributing to respect in the workplace.” The EEOC budget for FY 2018 increased by $15 million, in large part because of an increase in harassment investigations.

At least one federal court has explicitly referenced #MeToo as it relates to affirmative defenses of sexual harassment claims. That may help change the dynamics with regard to willingness of victims to come forward with complaints of a sexual nature. The court, in excusing an alleged victim’s failure to report, noted that “this appeal comes to us in the midst of national news regarding a veritable firestorm of allegations of rampant sexual misconduct that has been closeted for years, not reported by the victims. It has come to light, years later, that people in positions of power and celebrity have exploited their authority to make unwanted sexual advances. In many such instances, the harasser wielded control over the harassed individual’s employment or work environment. In nearly all of the instances, the victims asserted a plausible fear of serious adverse consequences had they spoken up at the time the conduct occurred.” Although the court acknowledged its case precedent routinely found the passage of time, coupled with the failure to take advantage of the employer’s antiharassment policy, to be unreasonable, it said that “mere failure to report one’s harassment is not per se unreasonable. Moreover, the passage of time is just one factor in the analysis.” Specifically, the court observed that workplace sexual harassment is highly circumstance specific. Will other federal courts follow? Turning back decades of firmly entrenched legal precedent would be difficult, and certainly could not be accomplished without the intervention of the United States Supreme Court. The thresholds required in persuading the Court to hear a dispute are extraordinarily difficult to overcome. Certainly, the court of public opinion is not enough to invoke its jurisdiction. Many commentators have pointed to the Trump administration as fostering an employment law climate with less federal regulatory oversight. Yet, any near-term change is likely to focus on easing the reporting requirements for victims, and limiting the scope of non-disclosure agreements in informal settlements. A number of states have enacted new

prohibitions against sexual harassment in the workplace that incorporate some of #MeToo’s teachings. Washington State enacted legislation that makes void and unenforceable any provision in an employment contract or agreement requiring an employee to waive the right to publicly file a cause of action under state or federal antidiscrimination laws, or to publicly file a complaint with state or federal anti-discrimination agencies. The New Jersey Senate introduced a bill that would make unenforceable provisions in private employer employment contracts or settlement agreements prohibiting current or former employees from disclosing details of discrimination, retaliation or harassment claims. Despite the challenges posed by folding #MeToo into the workplace, most businesses have taken to the idea that sexual harassment can consist of conduct that may not be severe or pervasive and are modifying their personnel policies and training accordingly. Whether such modifications are enough to become the norm remains to be seen. Some change is afoot, as evidenced by the EEOC’s recent initiatives, and at least one reference by a federal court regarding #MeToo. Otherwise, businesses are wise to maintain their training programs while supplementing them with #MeToo principles of respect and dignity in the workplace. ■

Philip R. Voluck, comanaging partner of the Pennsylvania offices of Kaufman Dolowich & Voluck LLP, co-chairs the Labor and Employment Law practice group and concentrates his practice in the area of employment practices liability defense, with a particular emphasis on handling claims of employment discrimination, retaliation and wrongful discharge. pvoluck@kdvlaw.com

WINTER 2019 TODAY’S GENER AL COUNSEL

Labor & Employment

How a No-Rehire Agreement Unraveled By David Rashé and Usama Kahf

ettlement agreements with employees often contain a “norehire” clause. Generally, it states that the employee waives the right to any future employment with the company, and the company cannot be held liable if it later rejects a job application from that individual. It is understandable that employers do not want to work with someone who previously sued them; not only has the trust between them eroded beyond repair, but there is legitimate concern that any person rehired after a lawsuit has been settled may feel untouchable and deflect any criticism or negative action with accusations of retaliation. But the legality of these types of provisions is an open question. Few court decisions have addressed the extent to which a no-rehire clause in a settlement agreement is enforceable, likely because most employees want nothing to do with the former employer they sued and are

unlikely to seek re-employment with the same company. But, recently, a federal appeals court held that an overly broad no-rehire provision in a settlement agreement can, in some cases, be an unlawful restraint of trade. In Golden v. California Emergency Physicians Medical Group, the Ninth Circuit Court of Appeals voided a settlement agreement between a physician and his former employer because one provision imposed a restraint of trade in violation of California’s strict prohibition on non-compete and related covenants. Business & Professions Code Section 16600 provides that “every contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void.” Section 16600 applies to any “restraint of a substantial character,” not just those found in standard noncompetition agreements. Although there are certain limited exceptions to

this prohibition, none are applicable in Golden v. California Emergency Physicians. A physician worked for a partnership of doctors that formed a network of nearly 2,000 physicians across 11 states and in 160 medical facilities in California alone. After the physician was terminated, a legal dispute arose between him and the medical group. The parties came to an oral agreement to settle, but when the agreement was reduced to writing, the physician refused to sign due to what he considered to be a broad no-rehire provision. The provision provided that the physician (1) could not work or be reinstated at any facility owned or managed by the medical group; (2) could not work at any facility contracted by the medical group; and (3) could be terminated by the medical group if it ever came to provide services to, or acquire rights in, a facility in which the physician was currently working as an emergency room or hospital physician. The physician refused to sign the agreement, his attorney withdrew, intervened in the proceedings, and sought to enforce the agreement in order to collect the fee for his services. The district court ordered the physician to sign the agreement. The Ninth Circuit reversed on the ground that the district court improperly construed Section 16600. On remand, the district court once again ordered the physician to sign the agreement after finding that the no-rehire provision did not impose a “restraint of substantial character.” On appeal, the Ninth Circuit found that the provision at issue constituted a “restraint of substantial character” in two ways. First, it clarified that, for purposes of Section 16600, a restraint of trade is “substantial” if it “significantly or materially impedes a person’s lawful profession, trade, or business.” To reach this conclusion, the court took a cue from an early California Supreme Court decision, the 1916 case of Chamberlain v. Augus-

TODAY’S GENER AL COUNSEL WINTER 2019

Labor & Employment tine. Quoting that case, the Ninth Circuit explained that Section 16600 “makes no exception in favor of contracts only in partial restraint of trade.” The court also analyzed a case from 1965, Muggill v. Reuben H. Donnelley Corp., which applied Section 16600 to invalidate a provision of a pension

The Hassey court upheld the provision because the contract did not prevent the officer from taking other employment, so Section 16600 did not apply. Golden expressed some skepticism over Hassey in light of the later Edwards decision, given that the requirement to repay training costs could be viewed as an

Law Dictionary, which defines the term “substantial” as “relating to, or involving substance; material.” Thus, if a contractual provision is material enough or “significant enough that its enforcement would implicate the policies of open competition and employee mobility that animate Section 16600,” it will qualify

The California Court of Appeal upheld a provision requiring an employee to repay the cost of an employer-sponsored education program if he left his post during his first 30 months. plan that called for the forfeiture of the employee’s pension if he worked for a competitor after he retired. The Muggill court reasoned that the forfeiture constituted a penalty and the penalty rose to the level of a “substantial” restraint on trade. California courts have continued to confront the task of defining the outward limits of Section 16600. For example, in 2008, the California Supreme Court made clear that Section 16600 is a broad proscription evincing California’s rejection of the common law “’rule of reasonableness,’ which generally permits professional restraints that are reasonable in relation to the legitimate business interests at stake” (Edwards v. Arthur Andersen LLP). TWO DECISIONS THAT WEREN’T REVIEWED

Two appellate-level decisions provide additional insight, but employers should rely on them with some degree of caution. As the court in Golden pointed out, the California Supreme Court denied review of these decisions, so “we do not have a definitive answer as to whether those cases correctly state California law.” The first case, Oakland v. Hassey, involved a provision in a police officer’s employment contract requiring the officer to reimburse the City of Oakland $8,000 in training costs if he left the city’s police force within five years.

obstacle to employee mobility. The second decision dispelled this concern. In USS-POSCO Industries v. Case, the California Court of Appeal upheld a provision requiring an employee to repay his employer for the cost of an employer-sponsored education program if he left his post during his first 30 months. Critical to that conclusion was the nature of the benefits. The court explained: “Repayment of the fronted costs of a voluntarily undertaken education program, the benefits of which transcend any specific employment and are readily transportable, is not a restraint on employment.” The Ninth Circuit reasoned that, together, Hassey and USS-POSCO stand for the proposition that the cost of training may be pushed onto an employee through a reimbursement provision because training is likely to increase an employee’s competitiveness in the job market, thus having a nonrestrictive effect on trade. In sum, California courts have found that agreements can violate Section 16600, even if reasonable and especially where the agreement imposes a monetary penalty, forfeiture of a benefit, or a short-term promise not to compete or solicit clients. Further, there is a good argument for treating the costs of training or educational opportunities paid for by an employer differently under Section 16600. The Ninth Circuit turned to Black’s

as a substantial restraint on trade for purposes of Section 16600. The Ninth Circuit doubled down, adding “…it will be the rare contractual restraint whose effect is so insubstantial that it escapes scrutiny under Section 16600.” TWO OUT OF THREE

Returning to the facts of the Golden case, the Ninth Circuit found all three restrictions included in the settlement agreement to be impediments on the doctor’s ability to practice medicine. However, only the second and third restrictions — that he could not work at any facility contracted by the medical group and could be terminated if the group ever came to provide services to or acquire rights in a facility where the physician was currently working — rose to the level of a “restraint of substantial character” in violation of Section 16600. The court stated that the great size of the medical group’s business in California was a persuading factor in finding these restrictions to have a substantial effect on his medical practice. The first restriction — that he could not work or be reinstated at any facility owned or managed by the medical group — was found to be permissible, mainly because it only dealt with the doctor’s future employment with a specific entity. Thus, it simply stated the obvious axiom that a worker does not have an absolute continued on page 25

WINTER 2019 TODAY’S GENER AL COUNSEL

E-Discovery

Make the Most of Your Relationship with Outside Counsel By Nishad Shevde to this understanding. We’ll wrap up with some thoughts on what these findings mean for in-house legal teams.

arlier this year, we conducted a survey of professionals at law firms serving corporate clients. The survey covered a wide range of topics, including client relationship management; project management; and e-discovery services, staffing and technology. Looking at the data, there were many granular insights worth sharing. To wit: • Only 4 percent of clients expect to pay more for services year over year, presumably meaning the legal services sector should be exempt from inflation. • More than half of law firms (53 percent) rely on attorneys to serve as project managers, meaning legal project management (LPM) still has plenty of room to grow. • Law firm e-discovery services have grown significantly over the last five years, with 85 percent of respondents seeing “substantial” or “slight” growth in demand from clients.

However, the risk with survey reports such as this one is that readers don’t see the forest for the trees. Taken as a whole, the message of the survey results is quite compelling: Clients should ask for and expect to receive better and more collaborative e-discovery counseling from law firms. Three key trends in the data contributed to this interpretation. Let’s look at each of these points in turn, attempting to answer why we came to these conclusions and which data points contribute SURVEY QUESTION

Which services are your clients asking more of?

Reduced rates/alt. billing arrangements

77%

Proactive cost/risk mitigation strategies

50%

Increased collaboration with in-house teams

27%

Improved project transparency

41%

Other

1. Clients want customized strategies for solving e-discovery challenges from their law firms. • Seventy-seven percent of clients are asking for reduced rates or alternative billing arrangements. The pressures unleashed by the Great Recession haven’t disappeared in the legal industry; they are the new normal. ` • Fifty percent of clients want proactive cost and risk mitigation strategies. Vague promises of efficiency aren’t enough for corporate clients; law firms have to have a plan for how to save time and money. • Client demands for improved processes and technology are driving change at law firms. Sixty-two percent of respondents cited clients’ requests as the motivator for change, while fewer firms cited market pressure (51 percent) or management initiatives (46 percent) as playing a role. • While technology-assisted review is relatively common (61 percent) at law firms, artificial intelligence is relatively rare, with 60 percent of law firms using it “rarely” or “never.”

TODAY’S GENER AL COUNSEL WINTER 2019

E-Discovery

SURVEY QUESTION

The demand for law firm e-discovery services has over the past five years.

Increased substantially

41%

Increased slightly

44%

Remained the same

13%

Decreased slightly

Decreased substantially

2. Clients should expect e-discovery expertise from their law firms when navigating litigation issues, based on the increasing demand for these services. • Eighty-five percent of respondents think the demand for law firm ediscovery services has increased over the past five years. Although we often hear of the rise of alternative legal service providers (ALSPs), a real phenomenon no doubt, the reality is that law firms still hold a disproportionate share of the e-discovery services market. That’s not to say there’s no threat to law firms in the e-discovery space. After all, this is existing business that law firms want to retain by continuing to provide value to clients. • Sixty percent of law firms are planning on increasing e-discovery services to clients over the next two years. Although most (52 percent) only plan on increasing services “somewhat,” ever-increasing data volumes and data types are forcing law firms to provide e-discovery services or risk losing business. SURVEY QUESTION

3. Most law firms still use informal discussions to meet client needs for project management, but many firms are doing more.

What separates law firm e-discovery services from traditional e-discovery service providers?

Depth of client relationship

78%

Link to case strategy requirements

68%

Quality of service and expertise

41%

Efficiency of service

43%

No real difference

• Depth of client relationship (78 percent) and the link to case strategy requirements (68 percent) distinguish law firms’ e-discovery offerings from those of other providers. When compared to quality (41 percent) and efficiency (43 percent) of ediscovery services, these are logical differentiators for law firms, who don’t want to compete with ALSPs on commoditized legal services. • The most requested e-discovery services aside from review are processing (24 percent), collection (20 percent), project management (15 percent) and production (21 percent). The right side of the e-discovery reference model (EDRM) dominates law firms’ e-discovery offerings, which makes sense given their role in the litigation process and the prevalence of in-house solutions for identification and preservation.

• Law firms use informal conversations about budgeting (80 percent), project management (64 percent) and staffing (61 percent) to assess and improve client satisfaction. It makes sense that informal conversations should be part of the mix of project management strategies, but with the rise of LPM on in-house legal teams, this could be a sign of trouble brewing. If clients know more than law firms about efficient LPM principles, it’s only natural that they’re pushing for reduced costs and risk mitigation. • Only 44 percent of law firms use formal review and strategy discussions; 40 percent use post-matter assessments; and fewer than 30 percent use formal client interviews and surveys. The fact that less than half of law firms are using formal project management techniques may be linked to the data point that 53 percent of law firms rely on lawyers for LPM. After all, attorneys’ training focuses on the practice of law, not managing legal projects for maximum efficiency. • With 32 percent of law firms using shared technology platforms to update clients on project status, a significant minority are embracing technology to provide transparency, even if their other LPM practices are not optimized. Perhaps these firms are making a conscious choice to embrace technology platforms that enhance collaboration and visibility into legal matters rather than changing staffing by bringing on more legal project managers. Given these trends in the data, what can law firms’ clients do to ensure they get maximum value out of their relationships with outside counsel? Inhouse legal departments can implement multiple strategies to reduce e-discovery costs when working with law firms. Of the strategies proposed by respondents to Exterro’s survey, three stand out above the others: 1. Define case goals and strategy clearly. Seventy-two percent of respondents recommended this strategy, and it

WINTER 2019 TODAY’S GENER AL COUNSEL

E-Discovery

SURVEY QUESTION

What initiatives does your firm employ to assess and/or increase client satisfaction?

Client surveys

27%

Formal client interviews

30%

Post matter assessments

40%

Client-specific risk assessments

40%

Industry research strategy, and thought leadership

41%

Regular formal review and strategy discussions

44%

Client industry groups and events

50%

Staffing conversations with clients

61%

Project management conversations with clients

64%

Budgeting conversations with clients

80%

makes good sense. Law firms want to satisfy their clients, and it’s easier to do so when the clients are explicit about their goals and expectations. If you dump documents on your law firm with little to no guidance about overall goals, it only makes sense that they’ll have to do more foundational work, increasing your costs and extending your project timeline. Whether you derive insight from a first-pass review in-house or an early case assessment to determine case strategy, you’re saving yourself time and money by completing as much in-house as possible and then defining clear goals for your partners. 2. Implement defensible preservation and collection processes. Sixty-four percent of respondents identified these preventive measures as another big cost saver. There’s really no reason not to have defensible processes for their own value (e.g., avoiding the risk of sanctions, reducing data volumes for review), but there’s added value in terms of managing law firm relationships. They set your

legal team up for success in both defining e-discovery parameters and defending against potential objections — and that translates into lower costs. 3. Educate law firm professionals on your IT infrastructure. At 43 percent, this strategy comes in significantly lower than the first two, but its potential savings are very real. With Federal Rules of Civil Procedure (FRCP) Rule 26(f) “meet and confers” taking a more prominent role in e-discovery matters, attorneys need to be conversant with and prepared on the specifics of your IT systems. What data sources will be discoverable? What are your policies around preservation and defensible disposition of data? Were these processes followed? Informing your law firm saves you from potential rework, as well as potential sanctions. In summary, these recommendations are really all about being proactive, not reactive, around e-discovery. And that’s

a lesson almost everyone — whether you’re at a law firm or a client — can agree on. ■

Nishad Shevde is the Managing Director of Client Operations at Exterro. He has built sustainable discovery response programs for large corporations and has managed some of the largest standalone matters of the past decade in the financial services and pharmaceutical industries. nishad.shevde@exterro.com

TODAY’S GENER AL COUNSEL WINTER 2019

Labor & Employment No-Rehire Agreement continued from page 21

right to work for an employer without that employer’s consent. In contrast, the second and third restrictions differed because they dealt with the physician’s current and future employment that included working with third parties. The physician also worked at four other facilities contracted by the medical group. If he signed the settlement agreement, the medical group would have the right to terminate him, as opposed to refusing to hire him. The court found this to be a restraint of substantial character. Moreover, if the doctor signed the agreement, he could be terminated from working at a medical facility at which the medical group later acquired an interest after the doctor’s employment had already begun. The broad nature of this language was critical to the court’s decision to invalidate both provisions. However, the Ninth Circuit went one

step further. Because the parties did not dispute that the no-rehire provision was material to the settlement agreement itself, the court voided the entire settlement agreement. Employers and businesses should take note of this decision. A settlement agreement is an employer’s opportunity to secure peace of mind that all potential legal disputes are being foreclosed. A properly worded settlement agreement should contain language providing for a broad release of the employee’s claims. However, settlement agreements that contain overly expansive language or language that is too aggressive can give employees (and courts) more at which to take aim. As this case demonstrates, such language may provide a legal basis to invalidate the settlement agreement in its entirety if it offends Section 16600 by imposing an unlawful restraint on the employee’s ability to practice their profession. Having a settlement agreement go awry for this reason is an avoidable outcome. The Golden decision highlights the

An overly broad no-rehire provision in a settlement agreement can, in some cases, be an unlawful restraint of trade.

importance of having employment counsel draft settlement agreements to resolve employee-related disputes once and for all, and avoid the legal fees and time devoted to resolving a legal battle that could have been obviated by a carefully crafted settlement agreement. Old templates should not be used without scrutinizing the language of every sentence to ensure continued legality of all the terms. ■

David Rashé is an associate with labor and employment law firm Fisher Phillips in Irvine, California. He represents employers in a variety of employment cases, including claims for harassment, discrimination, retaliation, wrongful termination, and in wage and hour disputes. drashe@fisherphillips.com Usama Kahf is a partner with Fisher Phillips. He represents employers of all sizes in matters of workplace privacy, data security, unfair competition, and trade secret theft and corporate espionage, both on the plaintiff and defense side. ukahf@fisherphillips.com

VISIT T ODAYS G ENER AL C OUNSEL.COM FOR THE LATEST NEWS, ANALYSIS, COMMENTARY FOR GCs AND OTHER IN-HOUSE COUNSEL. PLUS, RECENT JOB OPENINGS & CAREER OPPORTUNITIES.

WINTER 2019 TODAY’S GENER AL COUNSEL

Compliance

Direct Versus Derivative in Shareholder Litigation Is It an Ad Hoc Inquiry? By Jon Polenberg

henever a shareholder brings a claim involving the company’s officers and directors, the court must decide whether the shareholder is suing for harm suffered individually, and the claim is direct — or if the alleged harm is suffered by the company, and the claim is derivative. Distinguishing between direct and derivative claims, however, has become complicated. The following analysis is instructive for all jurisdictions, as most courts follow similar reasoning. In 2004, the Delaware Supreme Court attempted to clarify the distinction between derivative and direct claims in Tooley v. Donaldson, Lufkin & Jenrette, Inc. The Tooley court examined three cases — Kramer v. W. Pac. Indus., Inc., Grimes v. Donald and Parnes v. Bally Entm’t Corp. It first evaluated who had suffered the injury in Kramer because, in its words, “the stockholder must allege something other than an injury resulting from a wrong to the corporation.” When the claim arises from mismanaging corporate assets, as in Kramer, it is determined to be derivative. The Tooley court then addressed Grimes, reasoning that after evaluating the nature of the claim, the decision is based on whether the shareholder is seeking to recover damages for injury to the corporation. If not, then the claim is direct. Next, the Tooley court examined Parnes. It found that the injury claimed by the shareholder must be independent from the injury suffered by the corporation. At its core, the standard involves two questions that determine whether claims are direct or derivative: (1) Who suffered the alleged harm — the corporation or

the individual shareholder bringing the suit? and (2) Who receives the benefit from any recovery or other remedy — the corporation or the individual shareholder? THE STANDARD APPLIED

This standard was central to the 2017 decision reached in In re Straight Path Communications Inc. Consolidated Stockholder Litigation, holding that a shareholder’s post-merger claim was direct despite that the plaintiff shareholder would recover pro rata in proportion to the ownership in the corporation’s stock — what would otherwise appear to

merger at issue has been consummated.” To maintain a direct claim, therefore, a shareholder must challenge the merger’s validity. The merger standard as applied here distinguishes between challenges to the merger itself and challenges to alleged wrongs associated with the merger. The standard seems to have departed from evaluating who suffers the harm and benefits from the remedy. In the Parnes case, the CEO notified potential buyers that his consent was necessary for any transaction, and the price for that consent was money and assets from the company. Several potential buyers declined; they believed it was

The Straight Path court decided that the alleged facts support a reasonable inference that the controlling shareholder improperly diverted merger proceeds that otherwise would have gone to the shareholders. be a derivative claim. It is important to note that the direct/derivative distinction for post-merger claims carries greater significance because, after a merger, shareholders lose standing to pursue derivative claims once they are no longer shareholders. Hence, if the claim is derivative, the post-merger lawsuit ends. In the merger context, the Parnes court stated, “A stockholder who directly attacks the fairness or validity of a merger alleges an injury to the stockholders, not the corporation, and may pursue such a claim even after the

illegal for the CEO to require payment for his consent. But one buyer ceded to the CEO’s demands. After the parties consummated the merger, shareholders challenged it, and the Delaware Supreme Court held that the claims alleged were direct because the shareholder challenged the process’s fairness and the price obtained in the merger. The Parnes analysis exposed a subtle distinction with Kramer. In Kramer, the shareholder alleged that two directors breached their fiduciary duty by diverting money from the merger proceeds into stock options and golden parachutes,

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL WINTER 2019

Compliance

as well as extracting excessive or unnecessary fees and expenses for work performed to consummate the merger. The Kramer shareholder did not allege that the directorsâ&#x20AC;&#x2122; favorable transactions made the merger price unfair or tainted the sales process. Although the shareholder alleged that the challenged transactions reduced the amount paid for the shares, the allegations amounted to claiming that the directors mismanaged the corporation, resulting in wasting assets. The claim in Kramer was thus derivative. SUBSTANTIVE BASIS FOR EVALUATION

Consideration of the Parnes decision distinguished Kramer, based on the

particular facts of the case. In Golaine v. Edwards, the Delaware Chancery Court has attempted to synthesize those two cases into a substantive basis for evaluating whether a claim is derivative. Under Parnes, the question is whether the shareholder has alleged that the purported side transactions caused harm by diverting money to an officer or director. In a rather formulaic way, Golaine interpreted Parnes to mean that the shareholder must allege facts showing any side payment that diverted merger proceeds would, if the directors or officers had acted properly, result in additional money for the shareholder. The analysis has thus shifted from examining the harm to an

individual shareholder to shareholders as a group. Straight Path involved a complicated merger after the company had entered into a Consent Decree that required it (1) to forfeit 20 percent of its licenses, (2) sell its remaining licenses within one year and (3) give up 20 percent of the sales proceeds to the government when the company was sold. The licenses, for the most part, constituted Straight Pathâ&#x20AC;&#x2122;s assets. Straight Path also held a right to indemnity from another entity, IDT. The indemnity right enabled Straight Path to recover, among other things, the 20 percent it would pay the government after completing a sale. Both Straight Path and IDT had in

WINTER 2019 TODAY’S GENER AL COUNSEL

Compliance

common at least one shareholder, and he held a controlling interest in both entities. The challenge to finding a buyer was the need to address the indemnity claim against IDT, and how to assign and value that claim. To sell Straight Path, the shareholders decided they would preserve the indemnity claim

pre-merger talks in which a company’s fiduciaries had made poor business decisions, reducing the merger consideration paid to the shareholder. Therefore, the controlling shareholder procured side benefits from the sales process directly related to the merger. The claims alleged were thus direct, not derivative.

The courts seem to find the alleged claims are derivative when the person who owed the duty breached it from the seller’s side of the transaction.

for themselves or else they would lose one fifth of the merger proceeds after paying the government. Recognizing the financial consequences, Straight Path approved creation of a litigation trust into which it would transfer the indemnity claim so that, after the merger, the trust could pursue IDT. From the merger, Straight Path shareholders would receive the merger proceeds and an interest in the trust proportionate to each shareholders’ interest in Straight Path. The controlling shareholder for Straight Path and IDT therefore had a lot to lose when the trust sued IDT, and used his voting leverage to force the company to settle IDT’s indemnity obligations below fair value. The Delaware Chancery Court decided that the alleged facts support a reasonable inference that the controlling shareholder improperly diverted merger proceeds that otherwise would have gone to the shareholders. Specifically, the shareholders would not receive the benefit of the transaction structured to provide for the merger proceeds, minus the 20 percent penalty paid to the government, which was recoverable under the indemnity claim against IDT. Instead, the controlling shareholder benefitted from the forgiven debt owed by IDT, manipulating the merger process to secure benefits for IDT and himself at Straight Path’s expense. The Straight Path court reasoned that the alleged claims did not involve

But the concern with the reasoning employed in Straight Path is that the analysis evaluates the duty owed by the controlling shareholder to other shareholders. The duty inquiry thus begs the question: Would the claim be derivative if Straight Path and IDT shared no common equity interests? The answer is probably yes. IDT could have still attempted to negotiate the indemnity claim pre-merger to mitigate its future risks. Straight Path could have made its decision to settle the indemnity claims, and scrutiny for the decision would likely turn on whether the decision met the business judgment rule. However, the court could have decided that the claim was derivative because the actions alleged reduced the amount Straight Path shareholders received from the merger voted on by all shareholders. The direct/derivative analysis does not ordinarily evaluate the nature of the duties allegedly breached. The analysis has instead focused on who suffered the harm, and who benefits from the recovery. Asking those questions in Straight Path shows that the shareholders suffered the alleged harm collectively and would all benefit from the recovery in proportion to their pro rata share in the equity. Such allegations amount to a derivative claim. But in Parnes, Kramer, Golaine, and Straight Path, the courts direct/ derivative analysis examined the alleged

facts regarding the purported wrongful conduct. For example, the courts seem to find the alleged claims are derivative when the person who owed the duty breached it from the seller’s side of the transaction (i.e., charging excessive fees to the company, securing beneficial postmerger compensation and benefits). On the other hand, the courts seem to find that the claims are direct when the alleged wrongful conduct affected the way the buyer structured the transaction, or when the transaction involved third parties who injected themselves into it to extract money or property (i.e., carving out money and assets from the merger transaction in favor of the officer or director, forcing a third-party settlement in order to consummate the merger). The evolving standard therefore may spiral into an ad hoc inquiry deciding whether the alleged facts insult the conscience rather than evaluating who suffered the alleged harm and the effect of the remedy. The inquiry should be tied to deciding whether the harm and recovery affect a single shareholder (a direct claim) rather than affecting all shareholders in proportion to their respective ownership (a derivative claim). ■

Jon Polenberg is a shareholder at Becker & Poliakoff. He litigates in state and federal courts, as well as pursuing alternative dispute resolution methods such as arbitration on behalf of his clients. Before becoming an attorney, he pursued a business management career. jpolenberg@beckerlawyers.com

SPONSORED SECTION

Protecting the Corporate Jewels DIGITAL FORENSICS IN TRADE SECRET AND OTHER EMPLOYMENT INVESTIGATIONS By James Vaughn

he amount of communication in today’s commercial environment is astronomical. The ubiquity of Bring Your Own Device (BYOD) protocols adds complexity to a situation in which corporations already use traditional data sources such as a desktop, laptop, server and corporate email. This article is intended to be a helpful reminder, perhaps new information for some, on things to consider when using digital forensics for investigating potential theft or improper usage of proprietary data. Given the changing landscape of technology, I’d be remiss if I didn’t suggest consulting a forensic and legal professional before making any decisions. ELECTRONIC STORAGE AREAS AND DEVICES

There are certain electronic data sources that defendants, plaintiffs and forensic neutrals alike should consider for any

investigation. They include laptops/desktops (workstations), email servers, file servers, external media, online repositories, personal email accounts, home computers, smartphones and other mobile computing devices. Collection from some of these sources is self-explanatory, but others may not be as straightforward. Examples of the nuances that you may encounter include email and file servers. Email servers can be configured multiple ways. Some keep a copy of all emails on only the server, while others allow for a synchronization with other devices (e.g., Outlook). Alternatively, a server may allow a user to download and keep the only copy of the email on their local devices. This is an important distinction to understand, so as not to assume that the email will all be located on a desktop or laptop. One technique may be to synchronize the email to the desktop or laptop

before creating a forensic image of that device, which may save you the need to collect the email from the email server. For servers, it is important to understand the types of servers in use and the general terms data custodians and users may utilize when describing them. Take a file server, for example, a server where individuals or members of certain groups can store a myriad of document types, even email archives. It is often referred to as a “private network folder” or “home directory” for individuals, and as a “group share” (e.g., accounting group share, engineering group share) for members of certain groups that have a common area for sharing documents. Analysis Considerations: Data can leave a company in a variety of ways. One way to exfiltrate large amounts of data is through the connection of an external device. It is very easy to mass copy files, disconnect the device, and leave with it. So what artifacts should one consider if you want to see that kind of activity on your commonly used Microsoft Windows-type workstation? One way to view a user’s activity is through the review of link (LNK) files. A LNK file is a shortcut on a local drive that may indicate the history of a file being opened from an attached device. Clients often ask me why I cannot give them a list of files that were copied to an external device. It’s not that simple. Windows does not create a log, audit trail or record of files that are simply copied to an external device via the drag-and-drop method. Absent having the actual device that the files were copied to, you must rely on other artifacts, such as LNK files, to show or infer that this activity occurred. For example, I have a document saved to a USB removable device named

SPONSORED SECTION

tradesecret.doc (the target file). If I save and close that document, then go back to my Windows Start Menu and select the Microsoft Word program, I get a list of recent documents (including tradesecret. doc) that I can choose to open. This method of opening one of those documents creates what is known as a “shortcut.” A shortcut exists on the computer because a document was “opened.” Shortcuts contain metadata, including the path of the target file. The path may be an external device that left the company with the departed employee. The shortcut may also contain dates and times that the shortcut itself was created, as well as the creation, modification, and access dates of the actual target file. This shortcut metadata can tell you when a file was copied to a removable device and whether it was modified on that device. Keep in mind that locating a copy of the same named file on the computer hard drive does not mean it has the same content as the copy that was identified on the external device. The only true way to identify a complete list of files and their content is to analyze the external device. THE CLOUD

Online repositories are areas that are “in the cloud.” Programs like OneDrive, Carbonite, Dropbox, SugarSync, Hightail, Mozy and ShareFile are but just a few of the hundreds, if not thousands, of online repositories. Although each may vary slightly in how they are used, in the end they all allow a user to store and access files. Looking for the installation and usage of these programs on a workstation may prove valuable. Visiting these sites may also create a record in your Internet history files. Some of these sites even record detailed audit logs of file activity (uploads, downloads, deletions, etc.). Keep in mind that you may have to act fast because these audit logs can be as short as 30 days. Mobile Devices: In addition to making calls and sending text messages, mobile devices and smartphones can store files. With today’s advancement in app tech-

nology, it is possible to retrieve, open, edit and re-save a document back to a mobile device or to the cloud-based repository from which the document was retrieved. Another example of how sensitive data can be stored on mobile devices is SIM cards, which can maintain contact lists and can be moved from one phone to another compatible phone with ease.

SHORTCUTS CONTAIN METADATA, INCLUDING THE PATH OF THE TARGET FILE. In some matters, the mere copying of a contact list can be very significant, as it could be a client list. Let’s not overlook backup files from BlackBerrys, iPhones/iPads, and other mobile devices. They may prove to be valuable to show ownership or usage of a device that has not been produced for inspection — especially in today’s BYOD world, where the device may be privately owned but where usage allowed at the company has resulted in corporate data being on the device. On the subject of BYOD, be familiar with the company policies and rules for these hybrid devices. Does your company have well-written policies, such as whether the employer can remotely “wipe” the device of business data if it is lost, or if the employee and the company part ways? Have you considered how to deal with that issue before it happens? I’ve seen situations all too often in which a client by default remotely wiped an employee’s mobile device upon departure, and then wanted evidence, which no longer existed, from that device. In addition to implementing and reinforcing a culture of security and reserving the ability to “wipe” devices if they are lost or stolen, companies should also consider ongoing security training and annual employee acknowledgements, and otherwise set and manage employee expectations about the privacy they will have to surrender in exchange for the convenience of using their personal devices for

work. This can help avoid some awkward conversations when you need to examine somebody’s personal device. Should that need arise, what are some of the artifacts one could look for to ensure confidential company data has not been taken, or no longer resides on a departed employee’s device? You may want to know about geopositional information (GPS data), which can indicate where the device was at a particular date/time. Examples of some user activity to investigate include attachments that have been broken apart from an email and saved to the device, installed software allowing a direct connection to a company computer that may bypass a particular security protocol, names of file attachments that may exist within personal email accounts on the device, pictures that may have been taken of a trade secret document in lieu of taking the actual file, and Internet history and/or text messages. These are just a few; there are many more. The data on the actual device may differ from the last backup, especially if the device is used more frequently and more recently than the last backup. In summary, it is important to be educated or surrounded by people who will keep you informed. Getting a jump on the investigation, knowing that evidence will be perishable and preserving what is needed, even if it is put on ice, will put you ahead of the game.

JAMES D. VAUGHN, a Managing Director at iDiscovery Solutions, is a certified forensic examiner and testifying expert. He has given live testimony in cases involving topics such as evidence preservation, documentation of events, and computer forensic methodologies and procedures. He has 16 years’ law enforcement experience, and has co-developed digital forensic courses for the California Department of Justice. jvaughn@idisinc.com

WINTER 2019 TODAY’S GENER AL COUNSEL

Intellectual Property

Four Years After Alice, Software Patents Making a Comeback By Aseet Patel

his is the second of two articles in Today’s General Counsel intended to encourage companies to recognize that the pendulum has noticeably swung back since the United States Supreme Court decision in Alice Corp. Prop. Ltd. v. CLS Bank Int’l. The first article, “Software Patents Still Valuable After Alice,” discussed the two-part Alice test for determining patent eligibility in accordance with 35 U.S.C. § 101 of United States patent laws, and its detrimental effect on the patent eligibility of many computer and software related patents. In spite of the challenges, cybersecurity patent powerhouse, Finjan, Inc., successfully navigated Alice to extract massive licensing revenue from its patent portfolio. Technology companies should

be encouraged by the Finjan decision because it makes more predictable the types of software inventions that should pass muster after Alice. This second article predicts more certainty for patent-eligibility determinations in the future. Like Finjan, other recent events foretell that the Alice pendulum has noticeably swung back toward center: a changing of the leadership at the United States Patent and Trademark Office, several favorable Court of Appeals for the Federal Circuit (CAFC) holdings, some sharp dissents and patent bar associations’ calls for legislative reform. General counsel and chief executives should rethink their company’s patenting strategies in this changing landscape. Since being sworn in as the new

director of the USPTO in February, Andrei Iancu has led the charge to improve predictability of patent-eligible subject matter. In his speech at the annual meeting of the Intellectual Property Owners Association in Chicago in late September, the director told the IPO’s membership that the USPTO is “contemplating revised guidance to help categorize the exceptions [to patent eligibility], and indeed to name them, and instruct examiners on how to apply them.” Nevertheless, because the CAFC is outside of Iancu’s direct purview, some patent attorneys are skeptical whether the director’s effort to create more predictable guidelines will help patent applicants and patentees withstand subject-matter eligibility challenges at the CAFC.

TODAY’S GENER AL COUNSEL WINTER 2019

Intellectual Property In addition to guiding United States patent examiners, Iancu has also tried to eliminate inconsistencies in the interpretation and implementation of the twopart Alice test among different branches of the USPTO. In August, the director created a new post that coordinates between the Patent Trial and Appeal Board (PTAB) of the USPTO and the examining corps. He installed former Chief Judge of the PTAB, David Ruschke, to that post. Iancu aims to make the patent system more consistent and predictable, particularly regarding patent eligibility. Companies seeking to recalibrate their patent strategy should monitor and timely review any guidance materials the USPTO releases in the coming months. Furthermore, the CAFC is doing its part to build a 35 U.S.C. § 101 jurisprudence with improved predictability for patent applicants and patent owners. As it did in Finjan, the judges of the CAFC have released several favorable holdings and sharp but favorable dissents. Many, including Iancu, applauded the CAFC. In particular, Iancu praised Judge Linn and Judge Plager for their sharp dissents. The director shared Judge Linn’s sentiment that “the abstract idea test is ‘indeterminate and often leads to arbitrary results.’ ” Judge Linn’s dissent in Smart Systems Innovations, LLC v. Chicago Transit Authority et al. noted that some of today’s most important inventions in artificial intelligence, the Internet of Things (IoT) and computing are in grave danger of being left unprotected if we do not get the Alice test right. Moreover, Judge Plager, a 29-year veteran of the CAFC, noted that we currently have an incoherent body of doctrine. In his fifteen page dissent in Interval Licensing LLC v. AOL, Inc. et al., Judge Plager noted that the two-part Alice test creates unwanted uncertainty about whether an invention is patent eligible and identified a need for a single, succinct, usable definition of “abstract idea.” The CAFC is actively laying the groundwork for what should eventually cause either the United States Supreme Court or Congress to intercede and clarify the judge-made exemptions to subject-matter eligibility. The United States Supreme Court

has given little indication that it will move the subject-matter eligibility needle during its current session, which started on the first Monday of October. The Court has already denied certiorari in two cases that could have expanded the Alice jurisprudence — Smartflash LLC v. Samsung Electronics America, Inc. et al. and Cleveland Clinic Foundation et al. v. True Health Diagnostics LLC. Smartflash could have been the Court’s opportunity to explain its views on what role the evidence of “undue preemption” should play in determining patent eligibility under 35 U.S.C. § 101. Cleveland Clinic could have been an opportunity for the Court to resolve the CAFC’s seemingly fractured approach to Section 101 issues. In its briefs, petitioner Cleveland Clinic argued that “[t]he Federal Circuit’s fractured approach to handling Section 101 issues has created confusion in the industry and chilled innovation because inventors and investors cannot predict whether new discoveries in this field will ultimately be protected.” Its briefs positioned CAFC Judges Reyna, Wallach and Lourie on one end of a spectrum because they advocate expedient resolution of patent-eligibility issues at the pleadings stage of litigation. Meanwhile, on the other end of the spectrum, it noted that CAFC Judges Moore, Taranto, Stoll and Newman do not treat patent eligibility as a pure question of law, but rather evaluate the invention in light of the scientific and historic facts. In any event, the CAFC is creating a body of jurisprudence that the district courts, the PTAB, and United States patent examiners are obligated to follow. With the Supreme Court seemingly content to stand on the sidelines about subject-matter eligibility issues, some bar associations have joined forces to encourage legislative action. Director Iancu noted at the IPO annual meeting: “I know that IPO committees have been hard at work on a legislative fix to Section 101. Indeed, IPO and the American Intellectual Property Law Association have joined forces recently and proposed new statutory language… As we all know, however, any legislative

effort takes a long time, and the result is uncertain.” In any event, the efforts of bar associations to further certainty are admirable, and their coordinated efforts have not been unnoticed. In spite of Alice, companies continue to innovate in the fields of AI, machine learning (ML), cloud computing, and the IoT. At the Black Hat USA conference earlier this year, cybersecurity companies stressed that AI and ML will play an important role in the security aspects of future products of all types, including the industrial Internet of things, self-driving cars and financial trading products. Furthermore, many — including some CAFC judges — have noted that inventions in the fields of AI, ML and the IoT are too important to society and cannot be left simply unprotectable. Meanwhile, the USPTO has stepped up its efforts to distribute guidance and educational materials that improve predictability of what is and is not patent eligible under its interpretation of 35 U.S.C. § 101 jurisprudence. Bar associations are also contributing to the effort with proposed legislation to Congress. While each has its shortcomings, the widespread coordinated efforts bode well for patent owners and applicants of software innovations. The increased clarity should improve depressed patent valuations, result in increased patent licensing activity and raise shareholder value. General counsel and chief executives should rethink their company’s patenting strategies to take the changing landscape into account. ■

Aseet Patel is a principal shareholder in the Chicago office of Banner & Witcoff, Ltd. He concentrates on patent prosecution and litigation matters primarily in the electrical, computer and business method arts. He also provides intellectual property counseling services to clients, including various types of clearance opinions on patents and copyrights. apatel@bannerwitcoff.com

WINTER 2019 TODAY’S GENER AL COUNSEL

Cybersecurity

Data Privacy Landscape Changing Fast By Debbie Reynolds

he United States has a varied data privacy landscape comprised of a series of federal, state and local laws. Federal data privacy laws have developed into a patchwork of regulations that cover specific consumer data such as financial information and social security numbers (Fair Credit Reporting Act), health information (Health Insurance Portability and Accountability Act, or HIPAA) or online protection of minor children (Children’s Online Privacy Protection Act). Some states have enacted data privacy laws that are outpacing federal legislation with respect to the variety and scope of protections being addressed. The United States does not yet have a comprehensive national law to harmonize data privacy activity occurring at the federal, state and local levels. In contrast, the EU recently enacted the

General Data Protection Regulation (GDPR), a groundbreaking consumer law that has become the standard by which other data privacy laws around the world will be measured. With the EU’s enhanced focus on consumer data privacy and protection legislation, many are wondering, will the United States adopt a consumer data privacy and protection law like the GDPR? Significant developments in such areas as data breach notification, state leadership on consumer data privacy and the recent Carpenter v. the United States Supreme Court ruling may be precursors to the passage of federal consumer data privacy legislation. COMPLIANCE WITH GDPR A C-SUITE ISSUE

The GDPR created a huge ripple effect internationally in the consumer data privacy world when it went into full

enforcement in May 2018. It mandates protection of EU citizen’s data regardless of where it is in the world. Because of the hefty fines and penalties for non-compliance, companies had been preparing since 2016 when the GDPR became law to assure that their business practices and technologies complied. For example, the maximum fine could be up to four percent of a company’s worldwide revenue annually. The high price tag has made compliance with this law a C-suite issue. In addition to businesses paying closer attention to the GDPR, news about the EU regulation has garnered attention from consumers, who are comparing it with data protection laws in the United States. The GDPR is unusual due to its extraterritorial reach. It governs data protection of people in the EU regardless of where their data resides. Businesses in

TODAY’S GENER AL COUNSEL WINTER 2019

Cybersecurity

the United States and around the world had to adjust to its rigorous rules to continue doing business related to the handling of EU citizen’s data. Privacy in the EU has been deemed a fundamental human right for decades, while privacy in the United States has been based on the types of consumer data the companies use about individuals — a very different concept. Also, the definitions of personal and private data found in the GDPR go far beyond the current United States view of what is personal or private. For example, in the EU being a member of a particular club or even the numerical IP address of your computer could be considered personal or private data. STATE DATA PRIVACY LAWS

In 2003, California enacted the first state data breach notification law in the United States. As of 2018, 50 states have passed such laws. Although this is significant progress, it is problematic because each state has its own interpretation of what information businesses must report about data breaches, differing times by which data breaches must be reported and different requirements about to whom companies must report. This inconsistency is creating headaches for businesses that have to understand and comply with potentially 50 different data breach notification requirements. As a result, businesses are lobbying actively for legislation that will harmonize data breach notification requirements and time frames through federal regulation. Currently, states like Illinois, with its Biometric Information Privacy Act, and California, with its California Consumer Privacy Act, have been in the vanguard on consumer data privacy. Illinois was the first state to enact a consumer protection biometric data law covering the consumer’s rights to control the use of their likeness, voice, and so forth, when companies have possession of this data and use it for profit. The law is groundbreaking because it embodies the idea that individuals have a fundamental right to control their biometric data and companies must protect this data accordingly. It has reporting requirements as well as data protection

requirements, and an individual right of action if any harm can be proven. The state of California enacted a wide-ranging consumer data privacy law that is scheduled to go into effect in 2019. Many have called California’s data privacy law the “GDPR of the United States” due to its broad definitions of what is considered personal and private consumer data. It exceeds

different, and requires special consideration with searches. Although this may seem like a minor point, it highlights the fact that new technologies in digital form are different from physical objects with respect to how the data is accessed and used for legal purposes. The Carpenter case will open the door for discussion about updating antiquated laws such as the Stored Communications Act to deal

Privacy in the EU has been deemed a fundamental human right for decades. privacy definitions in current federal privacy laws. Although not as rigorous as the GDPR, it does have some similar features, including the idea that privacy is a fundamental human right. Many impacted businesses are lobbying heavily for more business-friendly aspects of the law before its final implementation. This includes narrowing the broad definition of protected consumer data. As with the Illinois law, the California law has a private right of action if a consumer can prove harm. This is the boldest step yet of a state to enact a comprehensive data privacy framework, although many changes will be made to this legislation before it is eventually put into full effect in 2019. Because there has not been any significant movement on consumerfriendly data privacy laws on the federal level, many states are looking to trailblazers such as California and Illinois as examples. Divergent laws make compliance challenging, and most companies prefer a federal data privacy law to create a ceiling. CARPENTER V. THE UNITED STATES

The ruling in the 2018 Supreme Court case Carpenter v. the United States — that law enforcement needs a warrant to search cell phones — was an unexpected win for data privacy advocates, who for many years bemoaned the antiquated laws being applied to cases dealing with digital information. Carpenter v. United States is a high-level case that offers the opinion that evidence in digital form is

with the legal challenges that result from rapid advances in technology, and questions about the handling of personal data in criminal and civil matters. In 2019, we are likely to see movement on a national data privacy law, although the pressure for this law is primarily coming from the business sector. Due to the high priority on commerce, it most likely that any national data protection legislation will be more business than consumer friendly. Although the United States is likely to consider creating federal data privacy legislation, this will not stop states from trying to enact more data privacy laws. One issue is whether a national law, if passed, will be comprehensive enough to quell further state-level legislation. It will be interesting to watch as the United States comes to terms with demands for more robust data privacy and laws start to take into account existing and emerging technologies. ■

Debbie Reynolds is a Data Privacy Officer and eDiscovery Director at Eimer Stahl LLP. She advises companies on data privacy and electronic evidence handling in high-stakes litigation. She is an Adjunct Professor at the Georgetown University and Cleveland Marshall College of Law. dreynolds@eimerstahl.com

WINTER 2019 TODAY’S GENER AL COUNSEL

Cybersecurity

Ransomware Attacks Hit Legal System By Antonio Challita

ansomware has become the premier weapon of choice for cybercriminals. While some claim that ransomware attacks are slowing down, the data shows otherwise. A recent report by SonicWall shows that nearly 100,000 ransomware attacks are happening per day in 2018. This is a whopping 25 times higher than the previous number of 4,000 attacks per day that was reported by the FBI in 2016.

From a cybercriminal’s perspective, the motivation to continue launching ransomware attacks remains high. This is due to a number of factors. 1. Effort: Ransomware is easy to obtain through Ransomware-as-aService providers, many of which offer variants that are undetectable by an antivirus. 2. Distribution: Ransomware is one of the easiest forms of malware to

distribute, shared primarily through phishing emails, remote desktop connections and compromised websites. 3. Payment: Ransomware payouts are at an all-time high, with some campaigns — such as the infamous SamSam — generating $5,900,000 and counting for the authors. 4. Traceability: Cryptocurrency grants cybercriminals some anonymity and helps them evade law enforcement. 5. Risk: The risk of launching ransom-

TODAY’S GENER AL COUNSEL WINTER 2019

Cybersecurity

ware attacks for cybercriminals is relatively low, particularly outside the United States. It is cost prohibitive for many companies to replace their older PCs and servers with newer, more secure systems. It’s also difficult to keep the

somware attack? Or evidence for a crime scene getting encrypted? Ransomware attacks not only make such critical documents inaccessible, but the attackers can threaten to release sensitive information to the public if payment is not made in a timely fashion. Law firms that fall victim to ransomware

Ransomware attacks in the legal sector are vastly underreported, since firms don’t want to sully their reputation or reveal weaknesses. PCs and servers up to date with the latest software. Legacy systems and outdated software have well-known and well-documented vulnerabilities. In fact, known vulnerabilities were exploited in both the WannaCry and NotPetya ransomware attacks in 2017. LEGAL SECTOR A TARGET

We’ve seen several high-profile ransomware attacks specifically targeting the legal sector in the past few years. These attacks include a ransomware attack on the law firm DLA Piper, which was impacted by NotPetya; the Montgomery County (Alabama) Court Systems, which were forced to pay over $40,000 to regain access to their data and spent an estimated $250,000 in the months following the attacks to upgrade their security capabilities; and the City of Atlanta, which was impacted by the SamSam ransomware variant, causing its Police Department to lose years of dash cam video evidence. When it comes to law firms and other entities in the legal system — courts, court reporters, evidence departments, patent offices and city offices — ransomware attacks become increasingly harmful due to the sensitive nature of the data and documents that each entity handles and stores. The documents are often confidential, personal and sometimes irreplaceable. Can you imagine a document containing a proprietary patent-pending invention for a business being rendered inaccessible due to a ran-

not only have to address recovering and safeguarding sensitive data, they also face a direct hit to their incoming revenue as they spend time negotiating with cybercriminals and getting their systems back online. Ransomware attacks in the legal sector are vastly underreported, since firms don’t want to sully their reputation or reveal weaknesses. One recent attack on a law firm in Rhode Island gives an idea of just how damaging a ransomware attack can be to a firm’s bottom line. LAW FIRM PAID RANSOM, LOST $700,000 IN BILLINGS

The firm, Moses Afonso Ryan, recently sued their insurance company for $700,000 of lost billings as the result of a ransomware attack. The firm was hit with ransomware after one of its lawyers opened an attachment with malware, which locked up all of its documents and information, effectively shutting down the workflow and leaving 10 lawyers unproductive. Moses Alfonso Ryan ultimately agreed to pay the cybercriminals $25,000 to unlock its files, but the process took three months. Terms were negotiated, a bitcoin account was established, then the deal had to be re-negotiated and additional bitcoins paid after the first set of decryption tools failed to work. Given the prevalence of ransomware attacks in the legal sector, how can firms protect themselves? The key

is to implement a defense-in-depth, layered security approach. Here are some tips that can help firms gain an advantage over adversaries: • Keep the software up to date on PCs, servers, browsers, plugins and Internet-facing applications. • Maintain regular backups, ideally with the backup devices stored offline and disconnected from the main local area network. • Train employees to be aware of social engineering attacks and to avoid clicking on phishing emails, opening suspicious attachments or clicking on malicious advertisements. • Use least privilege mode. Provide employees with user accounts, not admin accounts. Limit which accounts can access servers. Close down open ports (such as Remote Desktop Protocol), and mandate the use of strong passwords. • Consider using a behavioral-based ransomware protection solution that incorporates real-time behavioral analysis and machine learning. This helps protect against polymorphic and zero-day ransomware variants that antivirus solutions cannot detect. Ransomware is a rapidly growing threat for all businesses, but for the legal sector the threat moves beyond the potential cost of simply paying a ransom. When a law firm or other entity in the legal sector is locked out of its IT for even a short period, it soon finds that it’s unable to meet important client deadlines, complete purchases or pursue court cases. This hasn’t escaped the attention of cybercriminals keen to exploit vulnerabilities in the software of firms that believe a cyberattack will never happen to them. ■

Antonio Challita serves as the Director of Product Management at CyberSight. achallita@cybersight. com

WINTER 2019 TODAY’S GENER AL COUNSEL

WORKPLACE ISSUES

Stay Competitive While Adopting Transformative Technologies By Natalie Pierce and Garry Mathiason

R 38

obotics and Artificial Intelligence (AI) are quickly becoming business imperatives. We have witnessed the unstoppable march of disruptive technologies transforming the workplace and redefining how work is performed. A recent World Economic Forum Report estimated that by 2022, 90 million workers will be displaced; however, the article claims that the same technology will bring with it new roles and jobs for a net gain of nearly 60 million positions.

Natalie Pierce is a San Francisco-based Shareholder with Littler. She is a trial attorney who represents start-ups to global corporations on all aspects of the employer-employee relationship. Pierce Co-Chairs Littler’s Robotics, Artificial Intelligence and Automation Practice Group. NPierce@littler.com Garry Mathiason is a senior partner with Littler Mendelson. He originated and co-chairs Littler’s Robotics, Artificial Intelligence (AI) and Automation Practice Group, providing legal advice and representation to the robotics industry, as well as employers deploying this technology in the workplace. His robotics and AI practice includes workplace safety standards, privacy requirements, robot collaboration and human displacement, anti-discrimination law, and legislative and regulatory developments. GMathiason@littler.com

Still, many employers are slow to adopt available innovations and introduce tailored retraining and AIempowered enhancement programs to prepare their workforce for the new positions that will come with advanced technology. We find this delay is often due to uncertainty, not just with the impact and need for change but also with the regulatory vacuum created as technology outpaces existing guidelines and established standards. With uncertainty comes fear. When fear leads to inaction, companies can fall behind in this 24/7, global on-demand economy. A company’s entire leadership team, including the general counsel, needs to

develop short and long term plans to accelerate the introduction of advanced technologies and overcome barriers to change. Perhaps most importantly, they must assess existing workers’ skill sets, analyze re-skilling options and identify lifelong learning programs to maximize the shift of displaced workers into many of the new positions required by the robotics and AI revolution. Although introducing advanced technologies is a business necessity, the prospect of job loss can be traumatic. Fortunately, several employers have demonstrated why automation and job loss need not be synonymous. In the six years since Amazon acquired Kiva Systems

TODAY’S GENER AL COUNSEL WINTER 2019

and added more than 100,000 robots to fulfillment centers, Amazon increased its number of employees fivefold. Accenture automated 17,000 back office jobs with minimal layoffs by choosing to elevate, rather than eliminate, employees through a careful planning and communications strategy. When AT&T realized that its existing workforce lacked the skill sets to fill future jobs needs, and recognized that the cost of filling those future jobs would be enormous, it invested in educating its existing workforce to fill those voids. So far, the plan is working. The compound annual growth rate forecasts of robotics and AI are astounding, with good reason. Robots and collaborative robots are increasingly dexterous, “smarter” when ingrained with AI, easily re-programmable, more affordable and more widely accepted by their human co-workers. Similarly, human enhancement tools — such as exoskeletons, exosuits, biometric wearables, and telepresence and telemanipulation devices — are helping increase worker safety and productivity. The companies outperforming competitors and creating greater workplace equities are utilizing data and machinelearning tools to ask predictive model questions such as: How do we identify diverse new talent from non-traditional sources? Which applicants are most likely to be the best performers? Which employees are the most adaptable to change, or the most critical to the organization? COMMUNICATIONS STRATEGY

With nearly half of all jobs changing through rapid automation, success often depends on businesses understanding how to integrate robots and an AI strategy into the workplace, and having clear leadership alignment at the top. Leaders must agree on timelines, employee communications, the resources that will be used and the main goals of automation. To stay competitive and in step with advancing technologies: • Break down existing jobs and analyze tasks within each role to determine

which can be automated to increase employee productivity and morale. • Analyze worker skill sets and future skills gaps. Look for mass online learning opportunities, elearning podcasts, or augmented reality training

and, eventually, new legislation arrive. Advancing technology is inevitable, and equally inevitable is workers’ fear of the unknown. The most successful companies are transparent in communicating with employees about which transformative technologies will be used, the timing of their introduction, retraining opportunities and the impact on employee roles. This transparency helps minimize legal risk. For example, because robots and biometric devices — such as wearable wristbands and even exoskeletons — can collect and transmit data, privacy can be violated absent proper notice and consent. Employers must minimize risk by following privacy requirements, which vary by state and country. Other ways to help reduce risk include:

Avoid wholesale replacement of discretion with algorithms. opportunities to help bridge that gap and customize retraining experiences to fit learners’ needs. • Develop long-term strategic plans to meet employee questions with transparent dialogue instead of fear-invoking silence or inconsistent responses. • Focus on the positive — elimination of dirty, dangerous, and mundane tasks — and emphasize how automation will create a better user interface for customers, enhance worker capabilities and cut bottom-line costs. LEGAL HAS ESSENTIAL ROLE

Although the general counsel is by definition a member of the leadership team, it is essential that the full resources of the legal department are available when planning for technological change. At least one department attorney or other professional needs to become knowledgeable about employment and labor law issues, and compliance solutions associated with the introduction of robotics and AI in the workplace. We recommend advocating that a representative of the legal department or HR be assigned to each new technology project. Too often, these professionals are falsely viewed as unnecessary, or even as obstructionists. Ironically, early-issue identification and practical compliance solutions accelerate change. Anticipating regulatory requirements and avoiding legal landmines reduces the uncertainty and fear associated with technology outpacing existing law. It leads to greater confidence, faster decisions and fewer do-overs, as regulation, case law

• Ensure that a person is responsible for carefully vetting and pilot-testing applications. • Educate management-level decision makers to be informed consumers. • Integrate data-scientific approaches into decision-making processes, but avoid wholesale replacement of discretion with algorithms. • Ensure that multiple data sources are examined and cross-validated. Test and re-test. • Avoid creation of “smoking gun” documents: Data is not protected by attorney-client privilege. Nor are reports that are generated internally in the ordinary course of business. Strategic planning when implementing workplace robotics and AI applications includes understanding where the industry is going, how and why it is changing, what is causing those changes and how they will affect the workforce. ■

WINTER 2019 TODAY’S GENER AL COUNSEL

THE ANTITRUST LITIGATOR

Market Share and Market Power By Jeffery M. Cross

his past summer, I was a member of a trial team that tried a patent antitrust jury trial in federal court in Chicago. The judge permitted the jury to ask questions. At the close of our expert economist’s testimony, one of the jurors asked what amount of market share is necessary to establish a monopoly. The judge gave the expert the chance to hedge his answer, adding his own comment that he supposed the expert would say, “It depends.” The expert chuckled and said, “Yes, it’s standard to state that the answer depends on various factors.” But he went on to say there was a famous antitrust decision by Judge Learned Hand stating that a market share over 90 percent established a presumption of market power. The judge and the expert were actually closer to the truth with their light-hearted comments that “it depends” than perhaps they intended. Many courts and litigants focus on market share as establishing a presumption of market power. But it is well established that market share alone cannot create an inference of market power. The use of market share to infer market power should be viewed from the perspective of what it is trying to establish.

Jeffery Cross is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com

Every plaintiff in a private treble damage antitrust case must establish an anti-competitive effect. Anti-competitive effect is an element of the plaintiff’s prima facie case in a structured, burdenshifting approach to the Rule of Reason, or in balancing between pro-competitive benefits and anti-competitive effects in a full Rule of Reason analysis. It is also necessary in a per se case where anticompetitive effect is generally presumed to establish liability. A plaintiff seeking damages must still show that it has been injured by an effect on competition. Anti-competitive effect can be shown by direct evidence or circumstantial

evidence. Market power is circumstantial evidence of anti-competitive effect. In turn, it can be proven by direct or circumstantial evidence. If the latter is used, a double inference is required to establish anti-competitive effect. Market power is traditionally defined by economists as the ability to raise prices or reduce output without losing so much market share that the price increase is unprofitable. Even a monopolist faces a downward-sloping demand curve. When a monopolist raises prices, it will lose customers who decide to go without the product or service. The monopolist calibrates its

TODAY’S GENER AL COUNSEL WINTER 2019

price at the level where the increased revenues from the price increase are greater than the lost revenues from the customers who go without. Market shares do play a role in the propensity of firms to try to exercise market power. If a firm’s market share is large, the market price will rise proportionally more for a given reduction in output. This makes it less costly for a dominant firm to bring about a significant increase in price. A firm with a large

that “ninety [percent market share] is enough to constitute a monopoly; it is doubtful whether sixty or sixty-four percent would be enough; and certainly thirty-three percent is not.” (The terms “market power” and “monopoly power” are often used synonymously). Other courts have stated that a market share below 50 percent is rarely evidence of market power; a share between 50 percent and 70 percent can occasionally show market power;

As noted, a high market share cannot establish market power unless there are barriers to entry. These barriers include not only evidence that new rivals are barred from entering the market but also that existing competitors lack the capacity to expand their output in response to an anti-competitive price increase or reduction in output. Entry barriers are often defined as additional long-run costs that are not incurred by incumbent firms but must be incurred by new entrants.

A low market share can establish a safe harbor that may end any inquiry under the Rule of Reason. market share thus has an incentive to try to raise price or reduce output as an exercise of market power. In addition, a large market share suggests that competitors do not have enough capacity to expand output in response to an attempt by a dominant firm to raise prices above competitive levels. Nevertheless, it is well established that market share alone is not enough to establish market power. A high market share would be circumstantial evidence of market power only if there are barriers to firms outside of the market entering the market, or barriers to firms within the market expanding output to counter a defendant’s attempt to raise prices or reduce output. This is the “it depends” aspect of the comments by the court and the economist in my trial. Indeed, it is possible that a firm could have 100 percent of the market and still not have market power. If potential competitors have an infinite ability and willingness to respond to a price just above the price charged by the subject firm, the latter would have no market power. Notwithstanding that high market shares alone do not permit an inference of market power, many decisions include statements regarding the necessary levels of market shares. The most famous was that of Judge Hand, who stated

and a share above 70 percent is usually strong evidence of market power. Some courts have held that a minimum of between 70 to 80 percent of the market is necessary to infer market power. On the other hand, courts have noted that even market shares below 50 percent could establish market power depending on other factors, such as other companies’ elasticity of supply. Nevertheless, a low market share can establish a safe harbor that may end any inquiry under the Rule of Reason. My own rule of thumb is that a share below 20 percent of the market is sufficiently low to act as such a safe harbor.

SUBSCRIBE TO

The main sources of entry barriers are legal license requirements, control of an essential or superior resource necessary for new entrants to compete, entrenched buyer preferences, capital markets imposing higher capital costs on new entrants, and economies of scale. Market share has always played a significant role in antitrust analysis. However, the response of the expert economist to the juror’s question in my trial suggests that plaintiffs and defendants alike should be aware that it depends on other factors, such as barriers to entry, before high market shares can infer market power. ■

I refer to the magazine often and the information is useful in my daily work. Informative and worth reading.

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

You Should Push for Alternative Fee Arrangements OUTSIDE COUNSEL SHOULD GIVE THEM TO YOU By Michael S. Zullo

W 42

orrying about your legal budget is killing you, whether it is concerns about controlling costs or dealing with the inherent unpredictability of the legal spend, or both. If your company is similar to most, “legal” can be a fourletter word that business counterparts associate with pessimism, obstruction, and worst of all, cost centers. Most sophisticated executives know they need their legal departments, but few are excited dealing with legal budgets and litigation costs. So what is an in-house attorney to do? The better question is, “What can your outside counsel do to help?” The answer, from at Michael S. Zullo least some outside is a partner in the trial group of Duane counsel, is plenty. Morris LLP. He represents banks, broker dealers, financial advisors and other financial services firms in a wide array of matters. He has worked extensively with clients on alternative fee arrangements and large litigation portfolio management. He is a member of the International Association of Defense Counsel. MSZullo@duane morris.com.

ALTERNATIVE FEES

The death of the billable hour has been foretold for years, but it’s still prevalent. There are many reasons for this. Lawyers do not make a product that is susceptible to more efficient manufacturing processes

or supply chain pricing discounts. Instead, as Abraham Lincoln succinctly stated many years ago: “[a] lawyer’s time and advice are his stock in trade.” Billable hours have been around a long time, yet inertia presents a huge hurdle to innovation. However, it does not have to be so. Creative attorneys are adapting to the changing business climate and learning to package their services more like tangible products by seeking efficiencies and exploring volume discounts. The most prominent example of this approach is the alternative fee arrangement, or AFA. AFAs come in many forms. These are examples: • Reduced hourly rates: The most common example. A firm agrees that all engagements for a client will receive a discount on regular hourly rates. This usually comes with a certain volume threshold. • Blended banded rates: A variation on reduced hourly rates. It means a firm creates brackets of attorneys, based on years of experience, and then assigns fixed hourly rates to each bracket. • Fixed fees: A firm sets a price for an engagement regardless of hours spent. • Capped fees: A firm agrees that fees for an engagement will not exceed a certain price. • Annual Fees: Firm agrees to a set fee for a fiscal year that covers all legal services provided during that year,

billed in equal monthly increments. • Mixed contingent fees: Firm agrees to a lower up-front fee for an engagement and builds in a “kicker” that can be a percentage or flat number earned at the end of an engagement based on its success. • Phased billing: Firm breaks an engagement into phases and sets a fixed or capped fee for each phase, billed as each phase passes. • Hourly Volume Discounts: Firm discounts hourly rates after an agreed threshold number of hours has been crossed. • Failed Deal Rebates: Firm discounts its rates if the transaction it has worked on fails to close. Attorneys on the cutting edge are using some or all of these tools, separately and together, to create a clear value proposition for their clients and realize revenue for their firms. If outside counsel are reluctant to engage in discussions about AFAs with their in-house counterparts, they are not fulfilling their role as business partners. The best AFAs create value for the in-house lawyer by delivering certainty. This, in turn, helps control and manage the legal budget. In-house counsel surely would love to shed the angst that comes at the beginning of each month from worrying that the incoming bills will contain unforeseen, budget-busting costs. In-house attorneys surely have better things to do with their time than continued on page 47

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL WINTER 2019

SPONSORED SECTION

Simple Steps for Data-Driven E-Discovery Procurement By Richard Dilgren

ow do I measure the e-discovery services my company consumes? How much value should I realistically expect if I analyze data to consume in bulk instead of on an ad hoc basis? How much does the way my law firm prefers to work affect my procurement model? I spoke on a panel with national law firm business unit leaders last year focused on exactly these questions. Despite our collective focus and experience, we agreed

that the greatest value we could provide to our diverse audience was to frame the objective and help refine the process through which our similar end clients, legal services consumers, capture and assess the information about their businesses. Each of the questions above represents a challenge in evaluating whether it makes sense for a corporation to procure e-discovery services directly. Service partners in our space frequently talk about empowering corporations to take control

of their data and their costs. Only a small minority have the necessary information to do so. This doesnâ&#x20AC;&#x2122;t mean corporations always miss the opportunity to save money; they often make structured procurement decisions and receive some benefit from the economy of scale. Fractional savings are usually better than none at all. But e-discovery is a data-driven business, and modeling your usage for planned consumption shouldnâ&#x20AC;&#x2122;t be an intimidating undertaking.

TODAY’S GENERAL COUNSEL WINTER 2019

In this article, we will address each of these questions and look at a simple fourstep process for gathering data, evaluating it and procuring e-discovery services in a structured model. How do I measure the e-discovery services my company consumes?

Evaluating future consumption for the diverse set of services we lump into the category of “e-discovery services” is a daunting task in organizations with heavy litigation burdens. Whether the discovery demands in your organization are large in scale or occurring frequently, the result is an overwhelming data aggregation project at procurement time. That challenge is largely psychological. Corporate legal and procurement departments are not staffed with sage clairvoyants. Looking into the future to understand what you will need is impossible: Look to the past. I have good news for you. Someone else probably already measured your consumption. Somewhere in the supply chain resulting in you or your outside counsel gaining access to your discovery-focused data, your data was measured and that measure was recorded. Your internal IT team may serve as your data collector. IT departments are among the most data-driven business units in most organizations. Often, internal IT functions can provide pre- and post-collection data volume information; and nearly as often, every internal team can provide this information, even after the collection function is performed. Your historical outside counsel will have a cross section of metrics for as long as they maintain your case files. To effectively provide your organization with legal services, your law firm performs some level of planning as they ingest the information your data contains and prepare to address your challenge and/or wield it against your opponent. As part of this planning and execution process, they will receive reporting containing useful figures including how much data must be searched (in file size or count), how

many files needed to be reviewed (to plan for document review), and how many needed to be produced (representing the corpus of responsive, useful data.) Your e-discovery service partners are another rich and potentially untapped source of historical information. Even if you currently have a flat rate services arrangement in place, your consumption is being measured. No matter the model or price arrangement through which you consume services, suppliers must evaluate their margins, validate and quality control their deliverables, and plan for their own

YOUR INTERNAL IT TEAM MAY SERVE AS YOUR DATA COLLECTOR.

licenses and hardware purchasing. Your data handlers and e-discovery partners are capturing information and comparing data volume and service consumption metrics constantly. That brings us to the first of our four steps in data-driven e-discovery services procurement: Step 1. Identify who has already gathered the data points you need. Don’t start with the consumers of e-discovery services in your organization, but with the providers of the services. Service providers not only gather these metrics in performing their core functions, but (this from experience) they are generally more than willing to demonstrate that they are effective partners whose goals align with yours. Identifying who stores information about the volume of data you put through e-discovery services, for example, the number of hours spent handling that data and the number of consulting and review hours to analyze it may reveal another challenge. Not everyone stores the same key metrics. Now we undertake the second step in our process:

Step 2. Gather and normalize your data. You will quickly discover that while each group (whether IT, law firm or outside legal services partner) measures, they may measure slightly different things. Your legal services partners may, for example, measure and store early information about your compressed data size, expanded data size or both. If you directly compare data handling costs pegged to compressed size with those to expanded size, your conclusions will be skewed. Similarly, your law firm may measure document count while your service partner stores file volumes. Ask your partners for either averages or reasonable rules of thumb, and convert the numbers you receive. Compare apples to apples. How much value should I expect if I realistically consume in bulk instead of on an ad hoc basis? Is this data analysis and structured purchasing really worth it?”

Almost certainly. Imagine the very simplest example. You routinely consume widgets; and because of your purchasing power, you receive a low, flat per-unit rate. If you can purchase in lots of 250 instead of lots of 5000, your spending is more efficient. You may waste 249 widgets, but you will not waste 4999. Until you measure your consumption, you cannot optimize your purchasing. Consider also that predictable revenue has a greater value to most organizations than peaky project-based revenue for a host of reasons including growth planning, resource alignment and valuation. The exact amount you should expect to save — if your procurement is structured to avoid identifiable risks and aligned with your consumption — still depends on how you currently and historically purchase. If your procurement encompasses the full range of services, it’s not uncommon to realize savings upward of 70 percent. Included in any solution that approaches that level of savings are a collected data reuse program, technology solutions to reduce documents for human review, and leveraging of previous attorney work

SPONSORED SECTION

product on duplicate data. Savings in programs not including review-oriented solutions are typically lower, which only makes sense given that most industry estimates peg document review at or above

greatest single direct risk is procuring through a model that does not account for outlier consumption years. A common feature of structured consumption models is a “burst” fee for unit consump-

UNTIL YOU MEASURE YOUR CONSUMPTION, YOU CANNOT OPTIMIZE YOUR PURCHASING. 70 percent of the cost of e-discovery. The next step in our process is as follows:

Step 3. Think logically about whether your data is representative. Solid but non-representative data will still lead you astray in decision making. If you are only able to collect one year of consumption data from your internal team and partners, look at the litigation profile in that year. Do you see unusual litigation that drove up your numbers? Were you obligated to conduct a far-reaching internal investigation during the year? If so, eliminate the cost associated with these items from your baseline planning. Your procurement model needs to stretch to accommodate these needs, not assume they are recurring annual burdens. This leads to the final step: Step 4. Procure through a model that anticipates outliers. In procuring e-discovery services directly through a structured arrangement, the

tion (whether data volume, licenses or service hours) beyond the guaranteed contract volume. The fear of burst fees causes organizations to overpurchase. That spending is wasteful. Look for a model that allows you to scale without penalty even if your recognized economies of scale plateau. Buying surplus to avoid painful “burst” fees produces the same wasteful spending as failing to eliminate outliers from your data in the first place.

metadata-based filtering, make that clear to any internal or external party who consumes e-discovery services through your contract. Assign the initial burden of explaining your intended process to your service partner. Require notification when parties elect to work outside that process, and make sure the participating parties clearly understand that you are monitoring the cost implications. Outsource the work of data gathering, compare like and meaningful data points, and buy through a flexible, planned model. This common sense process bridges the gap between your organization and meaningful, data-driven controls on your e-discovery spend.

RICHARD DILGREN joined Fronteo USA (formerly known as Evolve Discovery) in 2010 to found the Data Science & Strategy consultancy.

How much does the way my law firm prefers to work affect my procurement model?

The greatest indirect risk (risk arising outside the procurement function) to cost-saving procurement is that services will be consumed in a fashion you did not anticipate. Service consumption must align with your organization’s assumptions during the procurement process. If you buy through a model that charges little or nothing for early search and

He is a frequent industry speaker and a Relativity Assisted Review certified specialist. He oversees the development of custom solutions, and with his group consults on the application of advanced analytics including predictive coding and workflow design. Previously he spent five years in counsel with the U.S. Army Corp of Engineers where he managed a diverse portfolio of legal matters. rdilgren@fronteo.com

TODAY’S GENER AL COUNSEL WINTER 2019

Alternative Fees

continued from page 42 tracking monthly spends against yearly budgets for the sake of determining which actions to authorize and which to sit on. And they have better things to do than spending hours every month reviewing hundreds of bills from their outside counsel and haggling over staffing, time spent on various tasks, and whether outside counsel have complied with billing guidelines. This is not a pipe dream. It is obtainable for both the in-house lawyer and outside counsel. One of the many virtues of AFAs is their simplicity. For example, if an engagement has a fixed fee, neither party has to devote energy to the mundane and time-consuming task of reviewing bills. Because the fee has been set, the bill can take on a more straightforward form, similar to a simple purchase order “for services rendered.” This eliminates much of the administrative, non-productive time spent by outside counsel preparing the bills, and the corresponding time spent by the in-house lawyer approving the bills. Another benefit of most AFAs is that the in-house lawyer does not have to worry about being billed for “training” younger associates or for excessive time spent on tasks. To the contrary, any excessive time will be borne by outside counsel, which incentivizes outside counsel to be more efficient, and to staff cases with experienced attorneys who can manage an engagement. Similarly, the cost certainty of an AFA makes budgets on both sides of the relationship easier to manage. Once an AFA has been agreed to, the in-house lawyer can budget accordingly, knowing what the spend on a particular engagement will be. Outside counsel, in turn, can focus on executing strategy and not letting costs concerns dictate approaches. Of course, the simplicity of the AFA is also cause for consternation for outside counsel. Many may refuse to provide

AFAs, or will do so begrudgingly, worrying about leaving money on the table. “Litigation is unpredictable” or “deals can go sideways” are common refrains. These are legitimate concerns, but they are concerns that a well-crafted AFA can account for. The key, as with any good engagement letter, is to precisely define the scope and assumptions of the AFA and set forth clear exceptions. In-house counsel will not expect the AFA to be without flexibility where circumstances complicate an engagement beyond anything foreseen by either side. This is where a well-defined

Creative attorneys are learning to package their services more like tangible products by seeking efficiencies and exploring volume discounts. scope, and a list of clear exceptions, will serve to assuage anxiety and avoid awkward/unpleasant conversations if things take an unexpected turn. In some instances, it may even be possible to have a secondary set of AFAs covering tasks beyond the scope — an a la carte menu, so to speak. Put simply, many fears of overcommitting to the unknown can be tempered with thoughtful drafting up front.

PORTFOLIO MANAGEMENT

Most companies have categories of legal needs. There are bet-the-company cases and run-of-the-mill matters — the major M&A or financing deals and the routine transactions. Which firm to retain is a decision likely driven by the nature of the case/transaction. Certainly, it would not make sense to retain a white shoe

firm for routine matters. The economics would not justify it. But what if companies could have their cake and eat it too? More likely than not, the routine engagements comprise a large portion of most company’s legal spend. If so, volume discounts can be a powerful tool. Put another way, if a company has a predictable stream of high-volume but low-dollar matters, it should seek to consolidate the spend on such matters to fewer outside counsel at discounted AFA rates. Savvy attorneys recognize that, just as with supply chain purchasing, volume can justify discounts. And while big firms don’t have much incentive to take small engagements on a one-off basis, they can be incentivized to take a portfolio of such engagements. The results can be dramatic for the client and the outside counsel. The client and its in-house attorneys can move away from dealing with numerous firms of varying quality to a consolidated list of quality firms that deliver a consistent work product and have familiarity with the client’s business and risk profile, as well as with the in-house counsel team’s styles and expectations. Because the services are being provided under an AFA, the client should be able to realize significant savings. On the other side of the deal, outside counsel can use portfolio management and AFAs to generate revenue streams from engagements that they previously might not have been able to competitively service. This will likely require some creative staffing and efficient case management; but if done well, outside counsel can scale it to increase their bottom line while delivering discounts to the client. There is no one size fits all approach to AFAs and portfolio management. Some engagements just will not work as an AFA. But clients would be remiss if they do not explore these options. Similarly, outside counsel would be wise to invite such discussions, and even wiser to propose such arrangements to their clients. ■

WINTER 2019 TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL WINTER 2019

DISPUTE TRENDS IN THE ENERGY SECTOR

A Global Overview By Neil Miller

hilst flying back from the Middle East in the early 1990s, with the price of Brent oil floating around $20 a barrel, I sat next to an oil broker who argued that, in 10 years, a barrel of Brent would be worth over $100, and it would not drop below that level. We disagreed, so he handed me his business card and a $10 bill on which he wrote the current oil price and told me to send the bill back to him when he was proven right. That bill has changed hands between us several times over the years. Accurately identifying future trends is likely as difficult or futile as predicting oil prices. If history offers us any certainty, it is that there will not be one defining trend for energy arbitration. Instead, we should anticipate that new types of energy arbitraNeil Miller specializes in dispute resotion will emerge, lution in the energy, whereas others trading and shipping may decline. industry sectors. He There is no heads Norton Rose denying that Fulbrightâ&#x20AC;&#x2122;s London dispute resolution disputes across team, which focuses the energy secon arbitration and littor continue to igation in the energy, dominate internainfrastructure, trade tional arbitration and transport sectors. He also heads both in number up the emergency/ and value, with crisis 24-7 response the highest value unit for energy arbitral awards industry clients. in history arising neil.q.miller@norton rosefulbright.com from energy-

related arbitration; and that seems to be unchanging. Upstream, the fallout from low oil prices over the past few years has resulted in a reduction of exploration and development, with projects put on hold or even terminated. Joint venture agreements are very prevalent in the energy sector; and the economic impact of low oil prices has hit participants in production-sharing agreements and joint operating agreements hard, resulting in defaults or Authorization for Expenditure (AFE)/ budget disputes. These results have led to an increasing number of operator/ non-operator disputes over license obligations, as well as royalty payment disputes as operators struggle with their cash flows to continue financing and operating. Conversely, a reduction in active projects has resulted in fewer employer/contractor disputes. The number of new bankruptcies for exploration and production by midstream and oilfield service companies has been decreasing. Disputes will still shadow the historic insolvencies as, by entering insolvency, these companies are likely to have defaulted on any number of contractual obligations, resulting in counterparty claims. In turn, as more complex, challenging and high-cost projects (onshore or deep water) come back, operational issues and disputes will likely increase. Whilst tighter margins have caused their fair share of downstream disputes, most by their domestic nature tend to end up in litigation in national courts, as opposed to domestic or international arbitration.

WINTER 2019 TODAY’S GENER AL COUNSEL

THE GAS SECTOR

Political regime change has resulted in significant cross-border gas supply disputes and international arbitrations. In addition, as many liquified natural gas (LNG) contracts were traditionally indexed to oil, there have been a significant number of high-value LNG price review arbitrations over many years. Dynamic markets, matched with volatile prices, led buyers or sellers under longterm supply contracts to try taking advantage of price review provisions to adjust the LNG price, depending on changing market conditions. Arbitration is generally the forum for resolving such disputes. As LNG price review disputes arise from a party’s attempt to negotiate based on a contractual right and result in an arbitral tribunal enforcing such a right, they are unlike other commercial disputes. For this reason, their prevalence has carved out a whole new brand of energy arbitration. If any sector is in the running for winning the competition for highest value commercial arbitrations globally, then LNG price review disputes are likely to remain a good bet. The value of these cases can reach the billion-dollar mark. In Europe, however, with wholesale gas contracts now more frequently linked to hub indexation and not much left to argue that has not already been argued, that particular roadshow has quieted down. It may re-emerge in Asia-Pacific and other regions where LNG contracts remain indexed to oil.

INVESTOR-STATE DISPUTES

In recent years, a number of developing states have either threatened or completed the termination of their bilateral investment treaties (BITs); and the number of new BITs being entered into is decreasing. This is likely to impact the energy sector, where foreign investment in emerging markets is critical. Concerns as to the legitimacy of investorstate dispute settlement (ISDS) have also been raised. The United Nations Commission on International Trade

Law’s (UNCITRAL’s) working group on the subject flagged inconsistency, lengthy duration, extensive cost and lack of transparency as just a few of its issues with ISDS. There may be scope for reform in the future. Last year, the UNCITRAL Secretariat produced the note “Possible Reform of investor-State dispute settlement”; and the EU’s submission to the working group proposed the establishment of a multilateral investment

energy projects have contributed to these statistics, in particular with Spain being challenged over tax reforms for solar project investments. The scale, complexity and cost of both solar and offshore wind projects are likely to give rise to investment, regulatory, and operational issues, therefore resulting in more disputes. Of course, one cannot ignore the Trump factor. Right or wrong, the United States President’s determination to

Energy corporations are facing increased scrutiny of their environmental impact and, consequently, potential disputes in relation to their contribution to climate change. court as an alternative to investor-state arbitration. The judgment by the Court of Justice of the EU (CJEU) in Slovak Republic v Achmea BV has also created much debate among arbitration practitioners, as the CJEU has effectively put an end to investment treaty arbitration based on a BIT between EU member states (the so-called Intra-EU BITs). Notwithstanding this skepticism, there have been record high numbers of investor-state disputes. Even where states have terminated BITs, sunset clauses will mean the continuation of claims for a number of years. Likewise, any reform or replacement of the ISDS system will develop very slowly. There is also no sign of decline in the number of cases invoking the Energy Charter Treaty (ECT). Although Russia and Italy withdrew from the treaty in 2009 and 2015, respectively, no other states have yet followed suit. Since the first case was registered in 2001, the Energy Charter Secretariat has tracked 114 publicly known investment arbitration cases where the ECT has been invoked. Despite their relative youthfulness in the disputes sector, renewable

deregulate the United States energy industry and achieve energy independence is having far-reaching consequences for the global energy sector. Protectionism through steel tariffs and the Iranian sanctions have yet to play out. It has been over a year since the Trump administration decided to withdraw from the Paris Agreement (although its withdrawal will not take place until 2020). As the Paris Agreement does not impose binding obligations on its signatories, the United States will not face trade sanctions from other contracting states. However, its withdrawal may lead to treaty arbitration claims for failure to meet international policy in relation to climate change. The Trump administration is also showing skepticism towards ISDS. In the course of its NAFTA re-negotiations, it posed the possibility of opting out of that treaty’s ISDS provisions. The power that international arbitral tribunals can wield over the United States does not sit well with the Trump administration’s consistently nationalistic rhetoric. Finally, as large numbers of state companies, national oil companies (NOCs)

TODAY’S GENER AL COUNSEL WINTER 2019

or otherwise, spread their wings outside of their home states and look to invest and participate in international markets, the possibilities for a wider range of disputes cannot be ruled out.

CLIMATE-RELATED DISPUTES

Energy corporations are facing increased scrutiny of their environmental impact and, consequently, potential disputes in relation to their contribution to climate change. There is a broad range of cases that could be defined as climate change disputes, and these may involve private entities, states or both. Due to the public policy element, most cases in which climate change policy is the sole purpose of the dispute have been brought to the national courts. However, where climate change is but one point of dispute amongst many, arbitration can play a part. As a body of climate change case law continues to grow, so too does the risk posed to corporations active in the energy sector, where environmental impact is inevitable. The availability of claimant funding will be a key aspect of this, whether provided by specialist vehicles or even by crowdfunding. A notable crowdfunded case to watch is that of Peruvian farmer Saul Luciano Lliuya, who is suing an energy company before the German courts for its alleged contribution to climate change, which is threatening his Andean home.

BELT AND ROAD INITIATIVE

Another focal point for energy arbitra-

tion will be the People’s Republic of China’s “Belt and Road Initiative.” This vast spread of projects focuses on infrastructure, energy and transport across the land-based Silk Road Economic Belt and the ocean-based Maritime Silk Road. The aim is to connect China with the rest of Eurasia. The initiative encompasses more than 70 countries and has attracted investment of an estimated $900 billion in projects planned or already in progress. With developers, contractors and investors involved globally on such an ambitious scale, the scope for commercial disputes is vast. As these projects get underway, predominantly in developing markets, construction disputes will inevitably arise. The International Chamber of Commerce has identified this prospect and, in March 2018, announced that it would be launching a commission purely to address Belt and Road disputes. Similarly, the Hong Kong International Arbitration Centre (HKIAC) has established an advisory committee and website to assist parties to Belt and Road projects and related disputes. Finally, international arbitration itself is slowly changing. International arbitration — arbitral appointments, tribunals, seat and process — can no longer be regarded as a Western game. Arbitration is opening up to new players and participants across Asia, India and Africa. In Africa, for example, international investors have traditionally chosen London, Geneva or Paris as their preferred

View our digital edition for instant access on your tablet or desktop I S S U U. C O M /

T ODAY S GC

seat for Africa-related disputes. However, over the last few years, there has been considerable growth in the number of arbitral centers across the continent; and many African governments and national companies are beginning to insist on African seats and Africa-based arbitration centers. This multiplicity of new rules, seats and institutions, as well as the revamping of rules between now competitive institutions to attract arbitral business worldwide, brings with it uncertainty that did not previously exist within the tighter arbitral fraternity. There will also be a learning curve as they grow and develop. If the quality of process is safeguarded, including a pro-arbitration approach of local courts, then these developments should be welcomed. As always in the energy sector, an uncertain political landscape — combined with cross-border investment in energy projects and fluctuating prices — creates the model ecosystem for a whole spectrum of energy disputes to emerge globally, with arbitration remaining a key method of dispute resolution. That’s how I see things; but, of course, I could be completely wrong. Special thanks to India Furse, Associate, for her contribution to this article. ■

SPONSORED SECTION

Design Thinking in Sightline By Omid Jahanbin

he explosion of data — coupled with complex global issues involving data and privacy regulations, technology, trade, and intellectual property — make the practice of law more demanding worldwide. These demands are frequently manifested in the need for agility in the midst of rapid change and deft cross-border operational expertise. Technology, beyond the current state of the art, can help practitioners excel in this challenging environment — to make better judgments that deliver improved outcomes, manage risks effectively and make progress possible. We believe we have an important role to play in developing technological innovations to achieve solutions and results for our users. Design Thinking, one of the key processes we use to define and refine our solutions, helps us employ empathy when developing ideas and testing assumptions. We first implemented Design Thinking five years ago in the process of conceiving Sightline, the latest iteration of our global e-discovery platform. It has proven so successful that we’ve incorporated it

into nearly every technology solution we develop. UNDERSTANDING DESIGN THINKING

Design Thinking is non-linear process, the goal of which is to arrive at the best possible outcome given a particular problem or set of challenges, while being mindful of time, cost and complexity. There are

five stages in this process, all of which we follow when exploring new products or enhancements. Empathize. The first stage of Design Thinking is to develop an empathic understanding of the problem. This involves reaching out to legal practitioners and learning more about their areas of concern by observing and engaging with them. It helps in understanding their experiences and motivations, as well as immersing the team in the physical environment in which they work in order to gain a deeper understanding of the issues involved. For example, let’s imagine a review manager, Sally, who works a 14-hour day on average, answers e-mails at nearly all hours, and is stressed that her latest large review isn’t going so well. We use the empathy stage to understand the context behind Sally’s interactions with a process and/or system. Empathy for Sally, and other users, is crucial to a human-centered design process such as Design Thinking. It allows the team to set aside their own assumptions to gain insight into the users and their needs.

Design a (series of) prototype(s) to test all or part of your solution

Clearly articulate the problem you want to solve

IDEATE

EMPATHIZE

PROTOTYPE

DEFINE Develop a deep understanding of the challenge

Engage in a short-cycle testing process to refine and improve your solution

Brainstorm potential solutions, select, and develop your solution

TEST

continued on page 54

SPONSORED SECTION

Design Thinking

continued from page 52

Define. During this stage, the information that has been gathered in the Empathize stage is put together. Observations are analyzed and synthesized in order to define core problems, e.g., “Sally finds it difficult to get reports to her managing partner at a reasonable hour.” Early insights tell us whether the initial assumptions are on track or need refinement. The product team gathers ideas to establish features, functions and any other elements that will allow us to solve the problems or, at the very least, let users resolve issues themselves with minimum difficulty. Ideate. In the Ideate stage, the product teams are ready to start generating ideas. By this point, we understand our users and their needs, and have analyzed and synthesized our observations. Often we end up at a human-centered statement of the problem, such as, “Sally and other personnel who manage large reviews have difficulty getting visibility on review efficiency.” These statements allow us to objectify the problems clearly and begin developing ideas to address them. We believe it is key to develop an environment where many ideas or problem solutions can surface — a meritocracy of ideas and execution.

Prototype. Ideas are worthless without execution. In the Prototype stage, these ideas are put to work, producing a number of inexpensive, scaled-down versions of the product or specific features found within the product, so the problem solutions generated in the previous stage

Test. This is the final stage in the iterative process. The teams test the complete product using the best solutions identified in the earlier stages. The results generated are often used to redefine one or more of the problems and inform an understanding of the users. Refinements are still made

WE IDENTIFIED SEVERAL KEY APPROACHES TO CREATE A MORE PRODUCTIVE EXPERIENCE FOR TEAMS OR INDIVIDUALS MANAGING LARGE VOLUMES OF SMALLER MATTERS.

can be investigated. Prototypes may be shared and tested within the team itself, or with a small subset of people outside the team. The aim here is to identify the best possible solution for each of the problems identified during the first three stages. As ideas develop through this process, they are investigated, accepted, improved, and re-evaluated or rejected on the basis of users’ experience. The goal is to have a solid idea of the constraints of the product and the problems present, while developing a refreshed perspective of how real users would behave, think and feel when interacting with the end product.

COMPOSE QUERY

SMART RESULTS

during this stage, at or after the release of a solution, to derive as deep an understanding of the product and its users as possible. Achieving Results with Design Thinking: Productivity and Quality of Work in Sightline

We leveraged the Design Thinking process for Sightline and identified several approaches to create a more productive experience for teams or individuals managing large volumes of smaller matters. Our Search functionality allows the user to break apart a larger search query into smaller parts, e.g., by issue, then

ACTION

Your Search Results

Visualize the terms of your compound search to better understand if your query is properly constructed.

1076

2857

508

3036

Docs That Met Your Criteria

Family Members

Near Duplicates

Threaded Documents

Conceptually Similar

Receive and act on results beyond traditional “pure hits” to enable more efficiency downstream.

TODAY’S GENERAL COUNSEL WINTER 2019

directly into the platform. Design Thinking is thus an iterative part of refining solutions as they mature and grow with users. Innovating without an approach informed by users is a strategy operating in a vacuum, devoid of the real-world impacts and outcomes necessary to make forward progress possible. Although the global legal climate is unlikely to become less SIGHTLINE SUGGESTS OTHER NEAR DUPLICATE, THREADED DOCUMENTS OR FAMILY MEMBERS FOR EFFICIENCY complicated, we intend to develop select results for action. Those same capabilities in Sightline to be scheduled innovations that help our users advance search results also include optional near and sent to internal or external parties. In the practice of law in demanding times. duplicate, threaded, family member, and addition, users can leverage our Categorizaconceptual-match documents to enable tion feature and key exemplar documents more efficient downstream batching, to “find more like these” amongst a larger OMID JAHANBIN is review or exports. If the user forgets to data set — helpful for hot document analythe Vice President of include threaded docs, near duplicates or sis to quality control on coded documents. Product Experience family members, the platform provides and Global Marketa gentle reminder to include them when Where Design Thinking Can Go from Here ing at Consilio. He taking actions. Design Thinking is one of the key processes works closely with a Using Design Thinking, we had an employed to interact with users: We empaglobal team to envision, early opportunity to shape how Sightline thize and learn from users’ challenges, and develop and market solutions for law firm and can improve the quality of work and develop technological innovations to solve corporate clients. life of users throughout the e-discovery them. As an example, the latest iteration for omid@consilio.com workflow. Sightline’s notifications system Sightline introduced the ability to directly can alert the user to jobs that are taking drag, drop and process data directly in the longer than expected (such as generating platform, including processing for textual large reports). Managing and reporting analytics at no additional charge. For users on reviewer productivity was key to uspreferring a more supported experience, ers, so we developed all of the reporting our project managers can map datasets

WINTER 2019 TODAY’S GENER AL COUNSEL

SAFETY Act Decreases Private Sector Risk and Liability By Joseph I. Lieberman, Clarine Nardi Riddle and Mark J. Robertson

L 56

itigation stemming from the October 2017 Las Vegas mass shooting incident has brought renewed attention to the Support Anti-Terrorism by Fostering Effective Technologies (SAFETY) Act, the 2002 federal legislation that was intended to encourage the development and deployment of technologies to counter terrorist threats and to make organizations more resilient against a terror attack. However, recent media coverage has not adequately described the SAFETY Act or explained the important role it plays in the United States’ overall homeland security efforts. In-house counsel and risk managers should consider securing SAFETY Act approval (which provides for protection against civil liability for companies deploying approved anti-terrorism technology) in the face of evolving terrorist threats, particularly cyber threats. This is the case especially among critical infrastructure owners and operators, including energy, industrial manufacturing, real estate, healthcare and financial services firms. Given the complexity of the SAFETY Act and confidentiality concerns related to applying for SAFETY Act protection, companies should consult a practitioner with experience in SAFETY Act applications. The following provides an overview of the SAFETY Act and serves as a reference to those considering whether to seek SAFETY Act approval.

Origins of the Safety Act The SAFETY Act of 2002 was passed by Congress as part of the Homeland Security Act, the legislation that created

the Department of Homeland Security (DHS). The SAFETY Act removes a major obstacle for companies to develop and deploy technologies helpful to homeland security: the potentially catastrophic liability that could result if their technology becomes the subject of litigation following a terror attack. A firm with DHS approval under the SAFETY Act would have protections against civil liability if, in the event of a terror attack, its product or service failed to perform as intended. A SAFETY Act approval of technology provides important liability protections not only for a company manufacturing and selling the approved technology but also for a company that purchases and deploys the approved technology if it fails to perform as intended following a terror attack. DHS has to date issued over 1,000 SAFETY Act approvals, encouraging the deployment of security technologies that protect Americans and make United States institutions more resilient. There is evidence that the SAFETY Act’s risk management and litigation management provisions are encouraging greater investment in innovative technologies that increase our collective homeland security. Commercially, SAFETY Act approval may aid in marketing a security product or service by indicating a substantial level of government review and assessment of a technology’s safety and effectiveness. Changes to the Federal Acquisition Regulations (FAR) integrate the SAFETY Act into the Federal acquisition process, effectively extending advantages

TODAY’S GENER AL COUNSEL WINTER 2019

Senator Joseph I. Lieberman, Senior Counsel at Kasowitz Benson Torres LLP, represents clients in independent and internal investigations and advises them on a wide range of public policy, strategic and regulatory issues. During his tenure as United States Senator, he helped shape legislation concerning national and homeland security, and served as Chairman of the Homeland Security and Government Affairs Committee. jlieberman@ kasowitz.com

The Hon. Clarine Nardi Riddle, Counsel at Kasowitz Benson Torres LLP and Chair of the firm’s Government Affairs and Strategic Counsel Practice Group, provides legal, strategic and policy advice to clients on matters where law, business and public policy intersect. Formerly Attorney General of Connecticut, she also worked on homeland security policy issues as Senator Lieberman’s Chief of Staff. cnriddle@kasowitz. com

WINTER 2019 TODAY’S GENER AL COUNSEL

Mark J. Robertson, Special Counsel at Kasowitz Benson Torres LLP, represents clients in an array of government regulatory, enforcement and public policy matters, and advises clients with interests arising from national security and homeland security efforts. He played a central role in the development of the regulations implementing the SAFETY Act and served in several senior positions focusing on homeland security technology within the Department of Homeland Security. mrobertson@ kasowitz.com

to SAFETY Actapproved technologies. Entities that procure and utilize homeland security technologies are increasingly insisting that technology providers obtain SAFETY Act coverage. Approval under the SAFETY Act thus provides a relatively inexpensive insurance policy against catastrophic risk.

Protections

The SAFETY Act offers liability protections up and down the supply chain, in both government and private markets. Users and suppliers of anti-terrorism technologies are covered by SAFETY Act protections if the technology they are fielding has been “Designated” or “Certified” by DHS. Before the SAFETY Act — excluding government indemnification for unusually hazardous risks pursuant to Public Law 85-804 — the majority of technologies could access liability protections only when sold to the United States military and when their designers complied with strict government requirements. These protections led to incentives for the defense industry to meet the Department of Defense’s (DOD’s) technological requirements. After September 11, 2001, Congress recognized that similar incentives did not exist for technologies that could protect United States civilian populations. Technologies designed for DOD use could not be brought to the civilian market without losing critical liability protections.

The homeland security community has recognized that the government alone cannot fully defend the nation from a terror attack. The role of the private sector in homeland security is crucial, especially in light of the fact that as much as 85 percent of the nation’s critical infrastructure is privately held. The SAFETY Act allows the movement of existing defense and homeland security technologies from federal agency use to the broader civilian marketplace — transportation hubs, stadiums, office towers, shopping malls, and manufacturing and chemical facilities — that have immediate security needs. SAFETY Act protections are available to both newly developed and existing technologies, regardless of whether they have been specifically developed for antiterrorist purposes. Under the SAFETY Act, the “Seller” of an “anti-terrorism technology” (which includes any person, firm, or other entity that sells or otherwise provides antiterrorism or homeland security-related technology to any customer) may apply to DHS for protection from civil liability alleged after a terrorist attack. SAFETY Act approval has been awarded to an array of technologies ranging from video surveillance systems to explosive detection technology, from software and cyber security applications to infrastructure protection and physical security programs. Protection is available to virtually any product or service that can effectively deter, mitigate or help respond to a terrorist attack. The definition of antiterrorism technology for SAFETY Act purposes is expansive and includes “any product, equipment, service (including support services), device, or technology (including information technology) or any combination of the foregoing.” Furthermore, the definition specifies that a variety of services relevant to homeland security may be deemed a technology under the SAFETY Act. The SAFETY Act provides two potential classes of protection for approved anti-terrorism technologies.

First, products or services may be designated as a Qualified Anti-Terrorism Technology (QATT). In its evaluation, DHS considers a number of factors to determine whether the technology is safe and effective at countering terrorist threats. DHS has broad discretion in determining whether to designate a particular technology as a QATT. The DHS Under Secretary for Science & Technology has discretion to give greater weight to certain factors over others. Upon such designation, the seller and all users of the approved QATT enjoy the benefits of the system of risk management and litigation management established by the SAFETY Act. Together, the risk and litigation management provisions provide the following protections: (1) A limitation on the liability of sellers of QATTs to a pre-determined amount; (2) A prohibition on joint and several liability such that sellers can only be liable for a percentage of noneconomic damages proportionate to their responsibility; (3) A complete bar on punitive damages and prejudgment interest; (4) The reduction of a plaintiff’s recovery by the amount of collateral source compensation, such as insurance benefits or government benefits the plaintiff receives; and (5) Exclusive jurisdiction in federal court for suits against the sellers of “Qualified Anti-Terrorism Technologies.” The second class of protection is SAFETY Act “Certification,” which entails a stricter level of review by DHS, provides all the benefits of QATT designation and adds one layer of liability protection. A “Seller” of a certified QATT is entitled to assert the Government Contractor Defense (GCD) in litigation arising from an act of terrorism involving SAFETY Act Certified technology. SAFETY Act certification of a QATT creates the rebuttable pre-

TODAY’S GENER AL COUNSEL WINTER 2019

sumption that the GCD applies and can only be overcome if a plaintiff proves that the seller acted fraudulently or with willful misconduct in applying for SAFETY Act protections. The GCD, which has been a judicial construct under the Supreme Court’s Boyle line of cases, immunizes from liability contractors who supply goods to the government, provided they have met certain conditions. It has been relied on primarily by military contractors in cases involving allegations of defective military equipment. Certification under the SAFETY Act entitles the seller to assert the affirmative GCD, thus serving as important protection against potential liability.

Designation v. Certification The SAFETY Act mandates that the stricter review culminating in a technology’s certification must be “comprehensive,” and must allow the Secretary [of Homeland Security] to determine “whether it will perform as intended, conforms to the Seller’s specifications, and is safe for use as intended.” The SAFETY Act codifies the GCD, and DHS has taken a firm stance as to the application of the GCD in the

courts would apply SAFETY Act protections in the event they are tested following a terrorist attack. DHS stated: The best reading of [the SAFETY Act], and the reading the Department has adopted, is that (1) Only one cause of action exists for loss of property, personal injury, or death for performance or nonperformance of the Seller’s QATT in relation to an Act of Terrorism, (2) Such cause of action may be brought only against the Seller of the QATT and may not be brought against the buyers, the buyers’ contractors, downstream users of the QATT, the Seller’s suppliers or contractors, or any other person or entity, and (3) Such cause of action must be brought in federal court. Importantly, the SAFETY Act is the first time that GCD protections have been expanded to non-military situations, and applies even where the government is not a party to any transaction involving the technology. The protections are available not only

Approval under the SAFETY Act provides a relatively inexpensive insurance policy against catastrophic risk. SAFETY Act context: “The Act does not permit judicial review of the Secretary’s exercise of discretion in this context. When the Secretary determines that a Certification is appropriate, that decision creates a rebuttable presumption that the Government Contractor Defense applies. This presumption may only be rebutted by clear and convincing evidence showing that the Seller acted fraudulently or with willful misconduct in submitting information to the Department during the course of the consideration of such Technology.” In the SAFETY Act final rule, DHS offered its interpretation of how the

to federal government contractors but also to those who sell to state, local and tribal governments, as well as to the private sector. To increase flexibility, DHS now also provides for Developmental Testing and Evaluation Designations (DT&E) for companies with unproven technologies. Their incorporation makes it possible to grant SAFETY Act protections to anti-terrorism technologies that are still in the development process, so that, for example, promising technologies that have yet to be field tested can qualify for the SAFETY Act’s risk management and liability protections.

Following the SAFETY Act final rule, the government amended the FAR to align SAFETY Act applications and the government procurement process. The FAR now require agencies across the federal government, not only in the homeland security arena, to determine whether the technology or service they are procuring may be eligible for SAFETY Act coverage.

Application Process SAFETY Act applications require the submission of detailed data, some of which may be deemed proprietary if it includes confidential technical or business information. Such data can be extremely sensitive, both for commercial and security purposes. DHS has stated that information submitted, whether ultimately a part of a successful application or not, will be kept confidential to the fullest extent of the law. Given these confidentiality concerns, applicants should consult a practitioner with experience in SAFETY Act applications, before applying for SAFETY Act protection. DHS information requests can be expansive, and applicants may confront various obstacles on the road to receiving designation or certification. Experienced counsel can help manage the exchange of information with DHS and limit potentially costly and timeconsuming delays. The SAFETY Act is a valuable tool for litigation and risk management for companies developing and fielding security technologies. By providing companies with the assurance they need to develop and deploy cost-effective homeland security technologies, the SAFETY Act has expanded the number of counter-terrorism technologies available. The SAFETY Act furthers private interests to the benefit of the common good by enhancing our nation’s security and resilience against a terror attack. Inhouse and outside industry counsel can support these goals by promoting the use and understanding of the SAFETY Act. ■

SPONSORED SECTION

Transforming Responsive and Privilege Reviews with AI By Brett Tarr incorporating AI tools, but only 7.5 percent have actually begun to use them. At the same time, 72 percent of respondents believe that the pace of change in the profession will only continue to increase. REDISCOVERING DISCOVERY

“AI

” is a lofty term that doesn’t have a universal definition. And in fact, AI is not even new. The field of research in artificial intelligence was established at Dartmouth College in 1956. The term “machine learning” was coined three years later by Arthur Samuel, who taught a computer to play checkers. What is new is that a “perfect storm” convergence of advancements in the last decade — better algorithms, increased computing power, sophisticated processing techniques and the advent of big data — has brought AI out of theory and into

operation. The result is that industry after industry is being transformed. Last year, the AI researcher Andrew Ng announced that “AI is the new electricity,” and he joked that the only industry to be unaffected by AI might be hairdressing. Mr. Ng has since been proven wrong by L’Oreal, which recently launched a 3D hair color simulation app powered by AI. Legal leaders are left trying to sort through all the generalized AI hype so it can be put to work in practical ways. The adoption is happening slowly. Last year’s study from Altman Weil found that 29 percent of firms are exploring their options for

The implications of this change may be particularly profound in the areas of privilege and responsive reviews — areas where challenges are rapidly evolving. Electronically stored information (ESI) is appearing in huge scales and a proliferation of forms. With this growing volume, turnaround times become impossible without employing armies of reviewers. Ever since Judge Andrew J. Peck accelerated the adoption of technologically assisted review from the bench in Da Silva Moore v. Publicis Groupe, litigators and corporate counsel have been exploring what it means to introduce technology to discovery. For many of us, that has meant exploring predictive coding and technologyassisted review. However, this technique has two significant challenges that make it difficult to employ in practice. First, predictive coding requires a subject-matter expert to hand label documents to create a “seed set.” Typically, this expert is a senior attorney with practical matter experience who is unlikely to have the time to devote to this effort. Second, predictive coding is constrained to looking within the four corners of the document, which means that it doesn’t take into account any of the broader ecosystem of documents where the most valuable context lies. At Caesars Entertainment, where I serve as Chief Counsel for E-Discovery continued on page 62

SPONSORED SECTION

Reviews with AI

continued from page 60

and Information Governance, I have been searching for opportunities to test the most advanced technology available so we can continue to balance our growing legal risk against ever-growing volumes of electronic data. I designed an experiment with the AI company Text IQ, which traverses huge scales of unstructured text to find sensitive information, such as privilege, responsive information, Personally Identifiable Information (PII), reputationally damaging information and code words. In my experiment, I gathered all the 80,000 responsive documents that a team of humans had caught in a highly contentious litigation that we’d completed. In this case, we employed our proven-skilled, human-managed review process to review 80,000 documents specifically for privilege. Of these, 1,200 went to second level privilege review. I gave the same 80,000 documents to Text IQ, along with a list of attorney names, and the names and domains of outside counsel that we used in the manual review. This is the same supporting documentation that was given to human reviewers in the control portion documents as potentially privileged. Text IQ also produced “reason reports” to explain why its AI had identified each document as privileged. The next question was, how much of what the human found did the AI find? The answer was that there was a 1:1 correlation. Every document that humans found, the AI found — plus 600 more. Accompanying each of these documents, Text IQ produced a “reason report” to explain why its AI had identified each document as privileged. Text IQ also reported on the “shadow network” of attorneys and law firms that it had found in the data set that were not originally listed as known inputs. For about a year, I replaced our largescale first pass privilege review with the Text IQ system. At the same time, I continued to run our standard human review process in parallel to identify responsive

privileged documents, knowing that only a fraction of what these attorneys uncovered would turn out to be responsive. Having seen success in terms of speed and accuracy, I looked to expand my use case for this technology within our discovery process. If AI could automate privilege review, one of the most challenging stages of litigation, then what else could it automate? FROM PREDICTIVE CODING TO TRUE AI

I applied technology from Text IQ in a pilot to test substantive responsiveness, or “first-pass review,” running side by side with human review. The results amazed me. The AI quickly knocked out 50 percent of the population of documents that were non-responsive, allowing me to drastically reduce time and money spent on paying attorneys to manually review documents. Text IQ also assigned scores to each document to enable the determination of sampling and cutoff. The reason for success is that AI can address the two biggest challenges with predictive coding that limit its effectiveness in practice. First, predictive coding systems rely on relatively less powerful machine learning techniques than true AI. Even the most advanced predictive coding technologies begin with a small seed set of labeled documents. Because of its size and its predefined labels, this seed set will have biases, blind spots and idiosyncrasies that only become magnified as the resulting algorithms are applied to a large-scale set of real data. To clarify, when I use the term “AI,” I’m referring to unsupervised machine learning, where a system takes on huge scales of unstructured data and makes meaningful deductions that no team of humans could make, given the scale and velocity of the data. The second practical challenge with predictive coding is that it is confined to the four corners of individual documents. Even a human being will find it difficult to take a document in isolation and decide whether it’s sensitive. That’s because so much of what makes a document sensitive has to do with the relationships between the people who are communicating, the

context of the document within its larger ecosystem, and all the non-obvious connotations and subtexts that our language carries based on the social network we’re communicating with. AI goes beyond the four corners of the document and incorporates context and relationships between parties, and concepts within the document. Imagine an email where someone says: “I talked to Becky, and she said we need to ‘be careful how we proceed.’” AI can combine Natural Language Processing with a deep understanding of the underlying social networks in order to deduce that “Becky” is “Rebecca Schmidt,” an attorney, and she is referencing a known legal risk in moving forward with a new land development deal because of the tricky regulatory environment in that jurisdiction. As AI becomes embedded, it gains an “organizational fluency” that increases its accuracy over time. The result is that I can better manage latent risk while also reducing time and costs. I’ve even begun to deploy Text IQ in order to contemporaneously run my firstpass review with my responsive review on certain cases where we have ultra-short turnaround times that would not have been manageable under my traditional consecutive workflows. Ultimately, AI is not only transforming the results of my discovery, it is also transforming the way I manage the discovery process itself.

BRETT TARR is Chief Counsel, E-Discovery & Information Governance for Caesars Entertainment, and leads the e-discovery, information governance and privacy functions for the organization. He joined the law department at Caesars Entertainment in 2012 to develop in-house capabilities and defensible workflows for e-discovery, information governance, legal operations and data privacy. btarr@caesars.com

TODAY’S GENER AL COUNSEL WINTER 2019

Congress to Launch Probes continued from page 64

needs and all applicable laws, keeping in mind that preservation obligations attach once litigation or an investigation is reasonably anticipated. And train all employees to operate as if anything put in writing could be quoted to your CEO at a congressional hearing — including “casual” emails and texts. • Retain outside counsel with experience in congressional investigations. Companies should not wait for a congressional subpoena to retain outside counsel. Expertise is key for the high stakes of congressional investigations. Choose outside counsel who can seamlessly blend expertise in government relations (including Capitol Hill relationships and political insights) and litigation (including narrowing the investigations’ scope and positioning the company for success in related litigation). Here is a checklist of what to do and consider if you receive a congressional inquiry request: • Determine the committee’s end game. Understanding the committee’s purpose for issuing the request (seeking support for legislation? scoring political points

for re-election?) will shape the company’s strategy for responding to the request. • Negotiate scope and timing of response. A congressional letter may contain dozens of requests calling for narrative responses, compiling information and producing “all documents” A congressional letter relating to the requests may contain dozens within an of requests calling for unrealistic narrative responses. two-week deadline. Outside counsel will work to limit the burden on the company by narrowing the scope of the company’s response and extending the time to respond. • Confidentiality of document production is not assured. Although outside counsel will seek to negotiate confidentiality agreements for the documents produced to the committee, ultimately Congress is free to publicly release any document that it receives. • Privilege considerations. The attorneyclient and work-product privileges are not formally recognized in congressional investigations and are generally treated as a matter for the committee’s discretion, which outside counsel will work to protect to the fullest extent possible. ■

Will Burgess is a litigation associate at Hogan Lovells with experience managing complex productions of sensitive documents. william.burgess@ hoganlovells.com

Statement of Ownership. 1. Publication Title: Today’s General Counsel. 2. Publication No.: 1932-9024. 3. Filing Date: 11/9/2018. 4. Issue Frequency: 4X/year. 5. No. of Issues Published Annually: 4. 6. Annual Subscription Price: Free to qualified subscribers/all others $199. 7. Complete Mailing Address of Known Office of Publication: 20 N. Wacker Dr., 40th Fl., Chicago, IL 60606. Contact Person: Robert Nienhouse. Telephone: 800-208-3244. 8. Complete Mailing Address of Headquarters or General Business Office of Publisher: 20 N. Wacker Dr., 40th Fl., Chicago, IL 60606. 9. Full Names and Complete Mailing Addresses of Publisher, Editor and Managing Editor: Publisher: Robert Nienhouse, 20 N. Wacker Dr., 40th Fl., Chicago, IL 60606. Editor: Bruce Rubenstein, 20 N. Wacker Dr., 40th Fl., Chicago, IL 60606. Managing Editor: David Rubenstein, 20 N. Wacker Dr., 40th Fl., Chicago, IL 60606. 10. Owner: Nienhouse Media, Inc., 20 N. Wacker Dr., 40th Fl., Chicago, IL 60606. 11. Known bondholders, mortgages and other security holders owning or holding 1% or more of total amount of bonds, mortgages or other securities: None. 12. Tax Status: For completion by non-profit organizations authorized to mail at special rates: Not applicable. 13. Publication Title: Today’s General Counsel. 14. Issue date for circulation data below: Fall 2018. 15. Extent and nature of circulation: 15a. Total Number of Copies (Net Press run): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 16,557. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 18,599. 15b(1). Legitimate Paid and/or Requested Distribution (By Mail and Outside the Mail): Outside-County Paid/Requested Subscriptions Stated on PS Form 3541 (include direct written request from recipient, telemarketing, and internet requests from recipient, paid subscriptions including nominal rate subscriptions, employer requests, advertiser’s proof copies, and exchange copies.). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 13,706. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 11,613. 15b(2). Legitimate Paid and/or Requested Distribution (By Mail and Outside the Mail): In-County Paid/Requested Subscriptions Stated on PS Form 3541 (include direct written request from recipient, telemarketing, and internet requests from recipient, paid subscriptions including nominal rate subscriptions, employer requests, advertiser’s proof copies, and exchange copies.). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 0. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 0. 15b(3). Legitimate Paid and/or Requested Distribution (By Mail and Outside the Mail): Sales Through Dealers and Carriers, Street Vendors, Counter Sales and Other Paid Distribution Outside USPS. Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 0. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 0. 15b(4). Legitimate Paid and/or Requested Distribution (By Mail and Outside the Mail): Requested Copies Distributed by Other Mail Classes Through the USPS (e.g., First-Class Mail). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 0. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 0. 15c. Total Paid and/or Requested Circulation [Sum of 15b (1), (2), (3) and (4): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 13,706. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 11,613. 15d(1). Non-requested Distribution (by Mail and Outside the Mail): Outside-County Non-requested Copies Stated on PS Form 3541 (include sample copies, requests over 3 years old, request induced by a premium, bulk sales and requests including association requests, names obtained from business directories, lists and other sources). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 1,573. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 5,651. 15d(2). Non-requested Distribution (by Mail and Outside the Mail): In-County Non-requested Copies Stated on PS Form 3541 (include sample copies, requests over 3 years old, request induced by a premium, bulk sales and requests including association requests, names obtained from business directories, lists and other sources). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 0. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 0. 15d(3). Non-requested Distribution (by Mail and Outside the Mail): Non-requested Copies Distributed Through the USPS by Other Classes of Mail (e.g., First-Class Mail, non-requestor copies mailed in excess of 10% limit mailed at Standard Mail or Package Services rates). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 0. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 0. 15d(4). Non-requested Distribution (by Mail and Outside the Mail): Non-requested Copies Distributed Outside the Mail (Include pickup stands, trade shows, showrooms and other sources). Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 876. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 662. 15e. Total Nonrequested Distribution (Sum of 15d (1), (2), (3) and (4)): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 2,449. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 6,313. 15f. Total Distribution (Sum of 15c and 15e): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 16,155. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 17,926. 15g. Copies Not Distributed (See Instructions to Publishers #4 (page #3)): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 403. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 673. 15h. Total (sum of 15f and 15g): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 16,558. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 18,599. 15i. Percent Paid and/or Requested Circulation (15c divided by 15f times 100): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 84.8%. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 64.8%. 16. Electronic Copy Circulation: 16a. Requested and Paid Electronic Copies: Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 0. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 0. 16b. Total Requested and Paid Print Copies (Line 15c) + Requested/Paid Electronic Copies (Line 16a): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 13,706. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 11,613. 16c. Total Requested and Copy Distribution (Line 15f) + Requested/Paid Electronic Copies (Line 16a): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 16,155. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 17,926. 16d. Percent Paid and/or Requested Circulation (Both Print & Electronic Copies) (16b divided by 16c x 100): Avg. No. Copies Each Issue During Preceding 12 Months (Last 5 Issues): 84.8%. No. Copies of Single Issue Published Nearest to Filing Fall 2018: 64.8%.

WINTER 2019 TODAY’S GENER AL COUNSEL

BACK PAGE FRONT BURNER

New Congress Sure to Launch Probes Preparing for Congressional Investigations By Aaron S. Cutler, Elizabeth A. Jose and William M. Burgess

M 64

idterm victories put the Democratic Party in control of the House of Representatives. With that control comes investigative and subpoena power, including the power to call company executives to testify before Congress. As the chair of the House Committee on Financial Services, Representative Maxine Waters (D-CA) is expected to launch a broad range of investigations aimed at financial services companies, particularly relating to consumer-facing issues. Waters has introduced a bill titled The Megabank Accountability and Consequences Act, which as written would require regulators to break up any big firm found to have repeatedly harmed consumers. Equifax and Marriot Corp. are likely to find themselves under scrutiny by the Financial Services Committee because of Aaron Cutler is data breaches; Deutsche a partner in the Government RelaBank, with its private tions and Public wealth management Affairs practice at office’s reputed ties to Hogan Lovells. He the Trump organization, lobbies Congress in will likely be called as energy and natural resources; banking well. Representative Eliand financial services; jah Cummings (D-MD) and technology, has stated publicly that media and telecom he is considering issuing sectors. Previously, subpoenas to pharmahe served as senior advisor for Policy ceutical companies over and Outreach to rising drug prices when former House he becomes chair of the Majority Leader House Oversight and Eric Cantor (R-VA). Government Reform aaron.cutler@ hoganlovells.com Committee. Other

committees are expected to launch a number of investigations. Companies that are likely to be called before these committees should start preparing now. Here are what those preparations should include:

Elizabeth Jose is a litigation counsel at Hogan Lovells who represents clients facing highprofile congressional • Prepare key response inquiries by various points for expected House and Senate areas of inquiry. Com- committees. She mittee staff largely has experience in base the topics of their responding to docuinvestigations on public ment requests, preparing witnesses for sources. Research the congressional hearpublic record with an ings and interviews, eye towards the issues and negotiating the scope of requests most likely to attract with committee staff. committee attention. elizabeth.jose@ The company should hoganlovells.com

then work with stakeholders to prepare factual response points and key messages for each expected area of inquiry. • Prepare executives to testify before Congress with a mock hearing. A “murder board” or mock congressional hearing is a valuable exercise for any executive likely to be called to testify before Congress so that he or she can refine this unique skill set not found in typical executive-level situations. • Execute a smart records retention and email policy. On hot-button issues, Congress will request a wide range of business documents and communications. Implement a records retention policy that complies with business continued on page 63

ATTEND LOCALLY. T WIT TER @TodaysGC

CONNECT GLOBALLY.

LINKEDIN FOLLOW US linkedin.com/ company/ today’s-generalcounsel

TODAY’S GENERAL COUNSEL

delivers best practices via Today’s General Counsel magazine, e-newsletters, webinars, and “The Exchange”.

FACEBOOK

It all comes together on our Twitter, LinkedIn, and Facebook pages. Follow us today for continued content, exclusive event discounts, and the ability to connect with peers and experts through the educational resource for in-house counsel and the legal community: Today’s General Counsel.

LIKE US facebook.com/ TodaysGeneral Counsel

T O D AY S G E N E R A L C O U N S E L . C O M @TodaysGC

Like us

YOU NEED AN ARBITRATOR WHO UNDERSTANDS INTELLECTUAL PROPERTY. WE HAVE THE EXPERTISE. Our panel is composed of accomplished arbitrators and mediators–attorneys, former federal and state judges, and business owners specializing in a diverse range of domestic and international subjects. Each brings a lifetime of experience in fields including IP, healthcare, cyber-security, aerospace, energy and more. When resolving your dispute requires industry expertise, trust the American Arbitration Association® and the International Centre for Dispute Resolution®.

adr.org

| +1.800.778.7879

Today's General Counsel, Winter 2019

Articles inside

Changing Views on Privacy