Today's General Counsel, V13 N6, December 2016/January 2017 by Today's General Counsel

DEC/JAN 2017 VOLUME 1 3 / NUMBER 6 TODAYSGENER ALCOUNSEL.COM

The GC’s Role Just Got Tougher

New Governance Challenges Rehearsing a Legal Hold Workplace Harassment as Global Issue “The Wise Counselor” After the Yates Memorandum

Eye on Non-Competes Trade Secret or Patent? Before & After a Data Breach Meshing with Outside Counsel Europe’s Data Rules

$199 Subscription rate per year ISSN: 2326-5000 View our digital edition: digital.todaysgeneralcounsel.com

En garde. We know how crucial your company’s trademarks are. From trademark prosecution and portfolio management to litigation, our approach is the same – aggressive. We guard your trademarks as if your business depends on it. Because often enough, it does.

Uncommon Value

ATLANTA

CHICAGO DALLAS DELAWARE INDIANA LOS ANGELES btlaw.com

MICHIGAN

MINNEAPOLIS

OHIO WASHINGTON, D.C.

dec /jan 20 17 toDay’s gEnEr al counsEl

Editor’s Desk

You can think of this issue of Today’s General Counsel as a time capsule. The articles were written before the election, and the contributors almost certainly shared the illusion that educated people in general were laboring under, that Hillary Clinton would win and the future would be a lot like the past in the legal arena. In certain areas of law it will be. In others, not so much. How sexual harassment suits fare will be a bellwether. The Equal Employment Opportunity Commission investigations that Angela Cummings references in her article on that topic will still be undertaken, but the commissioners who are appointed to the EEOC are likely to be cut from different cloth once the President-elect is doing the appointing. The cases in which a cause for action are found may be fewer. Sexual harassment cases often end up in court, and the courts will be changing too. Title 7 cases might be in for tough sledding. Howard Privette and Wayne Gross note that the DOJ is following the directive in the 2015 Yates Memorandum, which states that the best way to curb corporate misconduct is by holding individuals accountable. Executives would normally be breathing easier about that prospect after a Republican victory, but the President-elect’s populist base has different ideas. We’re starting a new feature in this issue called “Back Page Front Burner,” which will consist of short takes on topics that matter. Kenneth Rashbaum is the author of the inaugural piece. He predicts a big increase in data breach litigation driven by several developments, among them suits over M&A ventures that fail due to undisclosed cyber breaches, and causes of action under the new Defense of Trade Secrets Act. That law is also referenced in Pete Brody and Darryl Stark’s article, which

advises a fresh look into whether patent or trade secret protection is best for your company’s innovations. They suggest that in a close call trade secret protection might get the nod, because the risk of not getting a patent or losing it in a post-issuance proceeding in front of the Patent Trial and Appeal Board is too high.

Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com

Join. Prepare. Perform. NACD EQUIPS BOARDS AND THEIR GENERAL COUNSEL TO FACE THE UNEXPECTED AND THE INEVITABLE.

How can boards anticipate risk and opportunity? How do they ensure theyâ&#x20AC;&#x2122;re performing effectively? How do they get reliable answers to complex questions? NACD provides the information and answers boards need to safely navigate an everchanging business environment. Boards join NACD to prepare and perform strategically.

LEARN MORE ABOUT JOINING NACD AT 202-765-0878 OR JOIN@NACDONLINE.ORG

BUILD A STRATEGIC-ASSET BOARD

NACDONLINE.ORG/JOIN

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Features

CONSUMER AGENCY RULE WOULD END CLASS ACTION WAIVERS Brian A. Berkley Uncertainty until the Supreme Court rules.

56 60

C O LU M N S

By John Kloosterman and Michael Congiu Consumers don’t like companies with human rights issues, but plaintiff lawyers love them.

CHANGING RULES FOR FOREIGN ARBITRAL AWARDS Carrie A. Tendler and Michael A. Sanfilippo Enforcement after a ruling remains problematic.

TWO GOVERNANCE STUDIES CONFIRM EXPANDED ROLE FOR GENERAL COUNSEL

SURVEY: INSIDE/OUTSIDE ATTORNEYS OFTEN NOT ON THE SAME PAGE Robert Hunter, Alfred Paliani and Tripp Haston Agreement to disagree about billing and budgets.

THE ANTITRUST LITIGATOR IP Licensing and Antitrust: The DOJ/FTC Guidelines By Jeffery M. Cross How a license affects competition is key issue.

Michael Peregrine From technical advisor to management partner.

WORKPLACE ISSUES Human Rights Issues in Tech Supply Chains

BACK PAGE FRONT BURNER Data Breach Litigation Wave in 2017 Kenneth N. Rashbaum More data, more lawsuits.

Page 60

Save Money on Review with the FRONTEO ROI Analyzer TM

The FRONTEO ROI Analyzer lets you conduct in-depth planning for your managed review project. See what you can save with FRONTEO Managed Review Services. Now You Are In Control of Your Review

Download your FREE Business Case • Project planning and cost assessment • Understand how to keep costs down by

utilizing FRONTEO Technology Assisted Review and email threading capabilities

• Model varying QC methods • Illustrate in-house document review

vs. FRONTEO document review

• Download a PDF Business Case and

Summary highlighting project parameters and cost savings

usinfo@fronteo.com | www.fronteo.com/usa

SaveMoneyOnReview.com See What You Can Save with FRONTEO Managed Review!

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Departments Editor’s Desk

Executive Summaries

Page 38 6 L ABOR & EMPLOYMENT

16 Wage Issue Before California Supreme Court Felix Shafi r Will state follow federal precedent for “de minimus” claims?

20 Sexual Harassment is Global, Solutions are Local Angela Cummings Prevention comes fi rst.

22 The Recent Scrutiny of Non-Competes Lawrence J. Del Rossi Restrictive covenants for low-wage workers won’t fly.

E-DISCOVERY

CYBERSECURIT Y

COMPLIANCE

26 How General Counsel Can Spur Legal Hold Success

38 Protection Before and After a Data Breach

44 Self-Certifying under the EU-U.S. Privacy Shield

Doug Deems and Russ Stalters Teach employees another way of thinking.

Michael Bruemmer and John Mullen Recent settlements included significant damages.

Karin M. McGinnis, and Suzanne K. Gainey Weigh the pros and cons.

28 Why Emojis Matter in E-Discovery

40 Standing in Data Breach Cases

46 One Year after the Yates Memorandum

Thomas Rohback, Patricia Carreiro and James Goldfeier Hacked but not harmed.

Howard Privette and Wayne Gross In-house counsel face internal investigation dilemma.

Joe Sremack New communication mode cannot be ignored. INTELLEC TUAL PROPERT Y

34 Patent or Trade Secret? Peter Brody and Darrell Stark Look carefully at the tradeoffs.

Do you want a systematic, defensible and cost-eﬀective solution to protect critical business information? LCG’S FORENSIC EXPERTS (NOT SOFTWARE) PROVIDE THE SOLUTION.

Call to learn more about our TENiO™ and Intelligent Protection Framework services.

www.lcgdiscovery.com (832) 251-6600 Consulting > Computer & Financial Forensics > Investigations > Testimony

editor-in-Chief Robert Nienhouse managing editor David Rubenstein

exeCutive editor Bruce Rubenstein

senior viCe president & managing direCtor, today’s general Counsel institute Neil Signore art direCtion & photo illustration MPower Ideation, LLC law firm business development manager Scott Ziegler database manager Matt Tortora Contributing editors and writers

Brian Berkley Peter Brody Michael Bruemmer Patricia Carreiro Michael Congiu Jeffery Cross Angela Cummings Doug Deems Lawrence Del Rossi Suzanne K. Gainey James Goldfeier Wayne Gross Robert Hunter

Tripp Haston John Kloosterman Karin M. McGinnis Alfred Paliani Michael Peregrine Howard Privette Kenneth Rashbaum Thomas Rohback Michael Sanfilippo Joe Sremack Russ Stalters Darrell Stark Carrie Tendler

editorial advisory board Dennis Block GReenBeRG TRAuRiG, LLP

reprints For reprint requests, email rhondab@fosterprinting.com Rhonda Brown, Foster Printing

JOneS DAy

Joel Henning

Art Rosenbloom

WiLey Rein

JOeL HenninG & ASSOCiATeS

CHARLeS RiveR ASSOCiATeS

Peter Bulmer JACKSOn LeWiS

Sheila Hollis

George Ruttinger

Mark A. Carter

DuAne MORRiS

CROWeLL & MORinG

David Katz

Jonathan S. Sack

DinSMORe & SHOHL

James Christie BLAKe CASSeLS & GRAyDOn

WACHTeLL, LiPTOn, ROSen & KATz

Steven Kittrell

MORviLLO, ABRAMOWiTz, GRAnD, iASOn & AneLLO, P.C.

MCGuiReWOODS

victor Schwartz

FTi COnSuLTinG

Jerome Libin

SHOOK, HARDy & BACOn

Jeffery Cross

SuTHeRLAnD, ASBiLL & BRennAn

Adam Cohen

FReeBORn & PeTeRS

Thomas Frederick Jamie Gorelick

Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

Robert Profusek

Thomas Brunner

WinSTOn & STRAWn

subsCription

Dale Heist BAKeR HOSTeTLeR

WiLMeRHALe

Robert Haig KeLLey DRye & WARRen

Jean Hanson FRieD FRAnK

Robert Heim DeCHeRT

Timothy Malloy Mc AnDReWS, HeLD & MALLOy

Jean McCreary nixOn PeABODy

Steven Molo MOLOLAMKen

Thurston Moore HunTOn & WiLLiAMS

Jonathan Schiller BOieS, SCHiLLeR & FLexneR

Robert Townsend CRAvATH, SWAine & MOORe

David Wingfield WeiRFOuLDS

Robert zahler PiLLSBuRy WinTHROP SHAW PiTTMAn

Ron Myrick ROnALD MyRiCK & CO, LLC

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published six times per year by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2016 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.

•

OU N T

Discovery and managed review on an entirely new level.

Seamless Collaborative Thoughtful

Level2Legal.com | 888.561.2330

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Executive Summaries L ABOR & EMPLOYMENT

PAGE 16

PAGE 20

PAGE 22

Wage Issue Before California Supreme Court

Sexual Harassment is Global, Solutions are Local

The Recent Scrutiny of Non-Competes

By Felix Shafir Horvitz & Levy LLP

By Angela Cummings FordHarrison LLP

By Lawrence J. Del Rossi Drinker Biddle & Reath

Decades ago, the United States Supreme Court adopted a “de minimis rule” for lawsuits seeking compensation under the federal Fair Labor Standards Act (FLSA) for “negligible” time worked. The California Supreme Court has not yet passed on the applicability of this doctrine to California wage claims, but it has now agreed to do so in Troester v. Starbucks Corp. Meanwhile a Ninth Circuit panel in Troester indicated that the de minimis rule constitutes a federal standard that is potentially at odds with California labor laws, a premise that suffers from at least two flaws. First, there is little reason to think the de minimis rule is a federal doctrine rather than a generally applicable standard. Although the United States Supreme Court first recognized this rule in an FLSA lawsuit, the Court did so for reasons not tied specifically to the FLSA. Second, even assuming the de minimis rule stemmed from a standard specific to the FLSA, there is every reason to think California courts would, through parallel reasoning, apply the rule to California claims. Federal law has frequently guided California courts’ interpretation of state labor provisions where state law parallels federal law. Additionally, the California legislature’s decision not to modify the statutory scheme for state wage claims to abrogate the de minimis rule in light of the California’s Division of Labor Standards Enforcement’s long-standing administrative practice adopting the rule is a strong reason for courts to follow the DLSE’s lead.

In the U.S., the most common legal basis for asserting sexual harassment claims is Title VII of the Civil Rights Act of 1964. Normally an employee files a charge claiming sexual harassment and/or retaliation for reporting the harassment, and the EEOC conducts an investigation and makes a determination. If there is a “reasonable cause” finding, the agency will “invite” the employer to conciliate and attempt to settle. If the matter is not settled, either the EEOC or the employee may bring suit in federal court. Laws prohibiting sexual harassment in European and Latin American countries are similar to ours, but differ in some particulars. In Brazil, sexual harassment can be a crime for the employee who commits it, but only a civil matter for the employer. In the UK, the Equality Act 2010 prohibits sexual harassment, including unwelcome sexual advances, the display of pornographic images, or sending emails of a sexual nature. Italian law provides that any employment decision concerning an employee who is a victim of sexual harassment is null and void if adopted as a consequence of the employee’s refusal of or subjection to sexual harassment. Both in the United States and abroad, employers must protect their employees from sexual harassment or face potentially costly litigation, and sometimes astronomical jury awards. General counsel and Human Resources professionals will sleep better if they ensure that their organizations take all necessary steps to prevent and control sexual harassment claims.

Non-compete agreements are commonplace in many employment contracts, in a variety of industries and occupations. In March of 2016, the U.S. government began taking direct aim at restrictive covenants in the private sector. The Office of Economic Policy of the U.S. Department of the Treasury issued a report that looks at case studies, theoretical papers and surveys of various professions, to make observations regarding the pluses and minuses of non-competes. Some state government agencies appear to have stepped up their enforcement efforts. The New York Attorney General’s Office issued a press release announcing that a nationwide medical information services provider agreed to stop using non-competes for most of its employees in New York. The Illinois AG’s Office filed a lawsuit against Jimmy John’s franchises “for imposing highly restrictive non-compete agreements on its employees, including low-wage sandwich shop employees and delivery drivers whose primary job tasks are to take food orders and make and deliver sandwiches.” Jimmy John’s previously had reached a deal with the New York Attorney General’s Office and agreed to not use non-compete agreements for most of its workers in New York. Government agencies and legislatures appear focused on companies that require all employees to sign non-competes. Selective use of non-competes may go a long way toward staving off challenges. Make sure to document the business rationale for why employees – including at-will employees who can be terminated for any reason – are required to sign noncompete agreements.

today’s gener al counsel dec/jan 2017

Executive Summaries e-Discovery

intellec tuAl ProPert y

PAGe 26

PAGe 28

PAGe 34

General Counsel Can Spur Legal Hold Success

Why Emojis Matter in E-Discovery

Patent or Trade Secret?

By Doug Deems The Claro Group and Russ Stalters Clear Path Solutions Inc.

By Joe Sremack Berkeley Research Group

One of the biggest challenges posed by legal holds is getting compliance by the employees who are subject to it. Because they are asked to alter their normal handling of information (including emails, documents and papers), the success of a legal hold program may depend on how well an organization implements “change management. “ Among recommended best practices: Make sure your legal hold and preservation policy is unequivocal and simple. Provide concrete examples of compliance behavior. Build a learning, or practice stage, into the legal hold program, one that has employees review how they would comply with the instructions as a part of a drill. And formulate a checklist that helps employees remember the policy and the training they received. There are three things that general counsel, specifically, can do to lead their organizations toward legal hold program excellence. The first is to review the policy with colleagues, incorporate the recommended best practices, and test the revised policy with several nonlegal employees to make sure they fully understand it. Second, form a legal hold program partnership with the CEO or another C-level executive, and provide visible executive sponsorship for the program. Third, communicate the consequences of non-compliance. General counsel have a unique leadership opportunity to influence the efficacy of the legal hold program for their organizations. By ensuring the use of effective change management processes and providing an aspirational goal, they can save their company from costly non-compliance.

Emojis are graphical icons or images used to express concepts, such as an idea or an emotion, that can be used in online communication. Technically they are encodings rendered into a graphic when displayed. Emojis have revolutionized how people communicate online, and their use needs to be addressed in e-discovery. Keyword searching and technologyassisted review have been the primary approaches to managing document collections and review. Practitioners are well versed in developing comprehensive search terms based on applying courtapproved methodologies and facts in cases, but emojis have not been subject to the same requirements. They do not respond to keyword searches. Attorneys who know where emojis are in their document sets have significant advantages. First, they will know whether emojis were properly processed and be better equipped to both defend their own e-discovery process and identify failures in the opposing party’s process. Second, they will be better at finding potentially responsive communications that do not respond to keyword searches. Knowing where emojis are allows attorneys to set up a review process or perform analytics so those messages are not overlooked. Emojis have already been widely adopted in today’s communication platforms, and that means that emojis are found in most e-discovery collections. Where they appear, they alter or augment the meaning of communication in ways that require emoji-specific interpretation and analysis. Therefore, e-discovery practitioners need to be aware of them and understand them, just as they understand keywords in text-based communications.

Peter Brody and Darrell Stark Ropes & Gray

In recent years patent law has undergone drastic change, but trade secret law has also changed substantially. The enactment of the Defend Trade Secrets Act created the first-ever federal civil trade secret law and opened up U.S. district courts to original jurisdiction over cases brought under that statute. In view of these developments, businesses should consider reevaluating their strategies for protecting IP rights for their innovations and other confidential information. Trade secret protection might be more appropriate than patents in certain circumstances. If the determination is made that the information at issue can fall into either category, factors that come into play include how long the protection is needed, whether others in the industry are likely to discover the information independently, and whether the information could be reverse-engineered from a product on the market. To make the determination, first assess the nature of what you want to protect. Information like customer lists or top secret formulas may be protectable under trade secret law, but not under patent law. Innovative methods of doing business or purely softwarerelated inventions may be close calls as to patentability, but would be protectable under trade secret law. On close calls, it may be preferable to protect the innovation as a trade secret because the risk of not getting a patent or losing it in litigation may be too high. The authors provide a flowchart to assist in making decisions like the ones discussed in the article.

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Executive Summaries CYBERSECURIT Y PAGE 38

PAGE 40

PAGE 44

Protection Before and After a Data Breach

Standing in Data Breach Cases

Self-Certifying Under the EU-U.S. Privacy Shield

Michael Bruemmer Experian and John Mullen Mullen Coughlin

COMPLIANCE

With increased action by attorneys general and other regulators, as well as evolving case law, companies cannot afford to ignore the risk of litigation or regulatory action as a result of a data security incident. For example, a trio of California requirements that went into effect this past January clarify the term “encrypted,” create uniform language for breach notifications, and expand the list of notifiable breaches to include loss of username, emails and passwords. Since California is a leader in data breach and privacy laws, the impact of these laws will likely reach beyond the state’s borders. Class action law suits like those brought against Home Depot and P.F. Chang’s have heightened the risk of successful actions and large costs. In the case of Home Depot, the large settlement – reportedly $19.5 million – signals that companies that suffer a data breach could face significant legal exposure for damages. Class members were permitted to recover up to $10,000 for documented “time spent” to resolve issues. As regulations, enforcement, case law and technology continue to evolve, litigation is a growing risk for companies that experience data breaches. Companies should establish solid relationships with regulators. They should be ready to make hard decisions about when to contact regulators, when to go public, and how to communicate the scope of an incident. Precautionary measures – including implementing appropriate risk management and assessment policies, purchasing sufficient cyber insurance and using proven experts – can mitigate data-breach risks.

By Thomas Rohback, Patricia Carreiro and James Goldfeier Axinn Veltrop & Harkrider LLP

Many data breach and cybersecurity cases have faltered for failure to establish concrete harm necessary to support standing when personally identifiable information has been accessed but no actual harm can be demonstrated. It was hoped that the Supreme Court’s decision in Spokeo, Inc. v. Robins would resolve a split in the courts over what injury was sufficient to support Article III standing. Unfortunately, the split has continued. Under separation of powers, the legislative branch cannot create standing out of whole cloth, but it can create a right and provide statutory damages as a remedy. Some courts in post-Spokeo cases have indeed found standing in cases where the claim alleged entitlement to damages based on a statutory violation, but no additional harm. In looking at the standing issue, courts need to examine both the purpose of the statute and the tradition of common law to determine whether the legislature is properly exercising its function or intruding on the judicial branch’s role. General counsel must remain vigilant to the threat of data breach litigation, and that fact remains unchanged after Spokeo. In the context of data breach litigation, where Congress (or a state legislature) has determined that access to, or disclosure of, data, without further proof of misuse and harm has caused a concrete risk of harm, there is a real risk that standing will be found – particularly in light of the common law tradition of a right to privacy.

By Karin M. McGinnis, and Suzanne K. Gainey Moore & Van Allen

The European Union formally adopted the EU-U.S. Privacy Shield in July 2016, and by late September about 275 companies had active Privacy Shield certifications. The question for other companies is whether they should self-certify too. The answer is not clear, considering the problems some companies had after the invalidation of the EU/U.S. Safe Harbor (the Privacy Shield’s predecessor) and the threats by some in the EU to challenge the Privacy Shield’s validity. The Privacy Shield is a voluntary self-certification program with the U.S. Department of Commerce. Certain entities (such as financial institutions) that are not subject to the enforcement powers of the FTC, DOT or “another statutory body that will effectively ensure compliance with the Principles” are not covered. Companies that want to self-certify must agree to comply with the Privacy Shield principles and then bring their policies in line with them. There are numerous considerations in deciding whether certifying under the Privacy Shield is the right step for an organization. Some important factors are the volume, frequency and importance of the data at issue for the company, and whether the data falls within any special categories. When the UK exits from the EU and is no longer a party to the Privacy Shield, the Shield will not facilitate transferring data from the UK to the United States. Companies that certify under the Privacy Shield will be subject to increased enforcement and oversight mechanisms, and harsh penalties for non-compliance.

TODAY’S GENER AL COUNSEL DEC/JAN 2017

Executive Summaries COMPLIANCE

FEATURES

PAGE 46

PAGE 54

PAGE 56

One Year After the Yates Memorandum

Consumer Agency Rule Would End Class Action Waivers

Changing Rules for Foreign Arbitral Awards

By Howard Privette and Wayne Gross Greenberg Gross LLP

By Brian A. Berkley Fox Rothschild LLP

By Carrie A. Tendler and Michael A. Sanfilippo Kobre & Kim

In September, 2015, the U.S. Department of Justice issued a policy directive dubbed the “Yates Memorandum,” in reference to its author, Deputy Attorney General Sally Quillian Yates. It declared that “one of the most effective ways to contain corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.” There have since been two notable settlements with executives: a $1 million settlement with the former CEO of Tuomey Healthcare System, and another involving North American Health Care Inc., in which the CEO and a senior vice president of the company agreed to pay $1 million and $500,000, respectively. Companies that learn of potential legal violations in the post-memo era face important decisions about informing authorities. The first steps in an internal investigation often include interviewing executives and employees who potentially possess relevant information. In the past, preliminary interviews might be conducted by in-house counsel, or the company’s regular outside counsel, but the Yates Memorandum’s instruction pertaining to “cooperation credit” raises the potential for conflicts between the company’s counsel and the individuals being interviewed. Counsel need to consider these conflicts from the beginning of an investigation and, where appropriate, arrange separate counsel for the company and for individuals. The DOJ is actively following the directives in the Yates Memorandum, and it is imperative that corporate executives and their counsel understand the potentially high stakes ramifications of these directives in the day-to-day conduct of their business.

In May, the Consumer Financial Protection Board announced a proposed rule prohibiting providers from using a predispute arbitration agreement to block consumer class actions in court. The CFPB’s rule, if enacted, would represent a dramatic shift in arbitration law. Backed by Supreme Court precedent, companies have effectively used class action waivers in arbitration agreements to remove the risks associated with class action claims. The CFPB notes the proposed rule will apply to “most consumer financial products and services that the CFPB oversees.” A challenge will likely reach the Supreme Court, where there is a good chance the rule will not survive, but in the meantime uncertainty will persist. For companies looking to retain some control over the costs and risks associated with class action liability while the rule is adjudicated, two options emerge. The first allows a company to provide consumers the option to litigate class claims in arbitration, where the cost should be cheaper than court. The CFPB specifically endorses this option. A company could also provide consumers with the option to opt out of an arbitration clause that precluded class action claims. Thus, if a consumer did not opt-out but later brings a class action lawsuit, a company could compel arbitration and not only enjoy the potential costs savings of arbitration, but remove the class action liability altogether. The CFPB says the proposed rule will apply to most consumer financial products and services that the CFPB oversees.

Counsel charged with prosecuting or defending against actions involving foreign arbitral awards should be aware of rapidly evolving rule changes that may define foreign arbitration recognition and enforcement law for years to come. The Second Circuit in particular is uncertain. It is fielding a flurry of challenges to the rules governing the recognition and enforcement of such awards. The rulings will likely impact the speed and ease of foreign arbitral award enforcement. In Mobil Cerro Negro Ltd. v. Bolivarian Republic of Venezuela, Mobil filed an ex parte petition in the U.S. District Court for the Southern District of New York after obtaining an award, seeking recognition pursuant to the New York Civil Practice Law and Rules. The petition was signed the same day, converting the award into an enforceable judgment. Venezuela objected to Mobil’s petition, then appealed to the Second Circuit. The parties argued before a panel that appeared skeptical of the ex parte procedure. Micula v. Government of Romania, before the Second Circuit, concerns issues similar to Mobil. Harrison v. Republic of Sudan explores what would happen if the Second Circuit invalidates the ex parte procedure and arbitral award holders are forced to institute a plenary action pursuant to the Foreign Sovereign Immunities Act. Litigants seeking to enforce arbitral awards should stick to the S.D.N.Y. when possible, given the hostility of other districts to the ex parte recognition procedure. An adverse Second Circuit ruling, however, could reset the calculus.

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Executive Summaries FEATURES PAGE 60

PAGE 62

Two Governance Studies Confirm Expanded Role for General Counsel

Inside/Outside Attorneys Often Not on the Same Page

By Michael W. Peregrine McDermott Will & Emery

Within the space of less than one month in 2016, two important commentaries on corporate governance were released by two constituent groups. Both propose thoughtful suggestions on a wide variety of governance elements that are relevant not only to publicly traded corporations, but also to many privately held companies and sophisticated non-profits. Their release is indicative of the increasing level of discussion about corporate governance issues 15 years after Sarbanes-Oxley. The first, released last July, is “Commonsense Principles of Corporate Governance,” prepared by a consortium of leading corporate executives and one shareholder activist. The second commentary was the 2016 edition of the well-known “Governance Principles” series from The Business Roundtable. These two sets of commentaries have implications for the board with respect to the changes they propose from current accepted practice, and what their combined release suggests about the evolving state of corporate governance in America. These are implications that the general counsel is well equipped to address, and the release of these commentaries illustrates the breadth of areas in which today’s general counsel is well qualified to advise corporate leadership. Providing advice on these important governance developments can help confirm, in the mind of the board and senior leadership, the evolution of the general counsel’s role beyond technical advisor, to also include wise counselor and management business partner. This will be particularly important as corporations confront new corporate responsibility concerns arising from increased government oversight and regulation.

By Robert Hunter Altec Inc. Alfred Paliani Quality King Distributors, Inc. Fred “Tripp” Haston Bradley Arant Boult Cummings

The International Association of Defense Counsel recently released its 2016 Inside/ Outside Counsel Relationship Survey. The survey found major differences in how inside and outside counsel perceive some important relationship issues, including how much outsourcing has increased and the relative performances of both in-house counsel and outside lawyers. Both groups expressed major concerns in the areas of billing, budgets and communications. However, both groups did agree on the traits that are most valuable in their working relationships, and regarding what they do best and worst. Results indicate that companies are consolidating more work with a smaller number of law firms. Sixty-one percent of the inside counsel surveyed reported increases in the amount of work they outsourced to law firms over the past year. Thirty-nine percent of outside counsel reported increased work over the same time period. While there were disparities in the perceived effectiveness of inside and outside counsel, the respondents largely agreed on what they did well. Both groups agreed that law firm attorneys were able to collaborate effectively within the in-house departments’ organizational structures. Both groups thought in-house attorneys’ best traits were their responsiveness to questions, feedback and authorization requests. They also agreed that outside counsel are worst at providing timely and realistic budgets, and offering discounted fees or alternative fees when requested. Both cited good communication, responsiveness, and clear project direction and objectives as the primary elements of inside and outside counsel working effectively together.

BEYOND PRINT

TodaysGeneralCounsel.com

IN YOUR INBOX

Digital.TodaysGeneral Counsel.com

E-DISCOVERY CONFERENCES TodaysGeneralCounsel. com/Institute

TODAYSGENERALCOUNSEL.COM

WHAT IF

you could resolve disputes in half the time?

Leverage Navigantâ&#x20AC;&#x2122;s expertise to accelerate resolutions.

At Navigant, we help turn what if into what is.

PROFIT FROM EXPERIENCE Navigant.com/legal

Consulting

Outsourcing

Advisory

Dec/Jan 2017 todayâ&#x20AC;&#x2122;s gener al counsel

Labor & Employment

Wage Issue Before California Supreme Court By Felix Shafir

today’s gener al counsel Dec/Jan 2017

Labor & Employment

ecades ago, in Anderson v. Mt. Clemens Pottery Co., the United States Supreme Court adopted a “de minimis rule” for lawsuits seeking compensation under the federal Fair Labor Standards Act (FLSA) for “negligible” time worked. Consequently, in FLSA actions, employees generally “cannot recover for otherwise compensable time if it is de minimis” (Corbin v. Time Warner, 2016). The California Supreme Court has not yet passed on the applicability of this de minimis doctrine to California wage claims, but it has now agreed to do so in Troester v. Starbucks Corp. In Troester, the plaintiff alleged that his employer violated California law by failing to pay him for certain store closing-time activities. The federal district court granted summary judgment for the employer, holding that “the time spent closing the store was de minimis.” The plaintiff appealed, arguing that the de minimis rule is inapplicable to claims arising under California law. While his appeal was pending, the United States Court of Appeals for the Ninth Circuit issued a published opinion in a different case (Corbin) addressing that very issue.

differently than the California Court of Appeal or the DLSE, the Ninth Circuit must apply the de minimis rule to California wage claims. Ordinarily, where one Ninth Circuit panel construes California law, this previous interpretation of California law is binding on a later Ninth Circuit panel in the absence of any subsequent indication from the courts that the earlier interpretation was incorrect. Nonetheless, one month after the Ninth Circuit decided Corbin, a different three-judge panel of the Ninth Circuit questioned whether the California Supreme Court would adopt the de minimis rule and asked the Supreme Court to take up the issue in Troester. The supreme court granted that request in August 2016. The Ninth Circuit panel in Troester indicated that the de minimis rule constitutes a federal standard that is potentially at odds with California labor laws. This premise suffers from at least two flaws. First, there is little reason to think the de minimis rule is a federal doctrine rather than a generally applicable standard. Although the United States Supreme Court first recognized this rule in an FLSA lawsuit, it did so

De minimis non curat lex is a maxim of ancient origins, and part of the established background of legal principles against which all enactments are adopted, and which all enactments, absent contrary indication, are deemed to accept. Hence, this maxim is a core tenet of California law. Since the de minimis rule derives from a doctrine that ordinarily governs all enactments, including California laws, it is questionable whether this rule can be considered a “federal” standard. Second, even assuming the de minimis rule stemmed from a standard specific to the FLSA, there is every reason to think California courts would - through parallel reasoning - apply the rule to California claims. Both California and federal labor law broadly define the hours worked by employees, and federal law has frequently guided California courts’ interpretation of state labor provisions where state law parallels federal law. Thus, for example, the state supreme court has looked to parallel federal law for guidance in assessing the components that make up California’s definition of “hours worked,” even as that court has disregarded fed-

While federal and California laws differ in certain respects as to what they consider to be “hours worked,” they are parallel in a significant respect: both contemplate that compensation be measured by “hours” worked, rather than by seconds or other increments of time shorter than hours.

Corbin explained that a published California Court of Appeal decision had previously “applied the federal de minimis standard to a state wage claim,” and that California’s Division of Labor Standards Enforcement (DLSE) – the agency charged with enforcing California’s wage laws – had likewise adopted this standard. Corbin held that because there is no convincing evidence that the California Supreme Court would decide

for reasons not tied specifically to the FLSA. Rather, the Court (in Anderson v. Mt. Clemens Pottery Co.) articulated the common sense proposition that, where “only a few seconds or minutes of work” are at issue, “such trifles may be disregarded.” The rule is thus an application of the doctrine de minimis non curat lex (“the law does not take account of trifles”) from another case, Sandifer v. U.S. Steel Corp., in 2014.

eral law where state law openly deviates from it (such as over-compensation for travel time). While federal and California laws differ in certain respects as to what they consider to be “hours worked,” they are parallel in a significant respect: both contemplate that compensation be measured by “hours” worked, rather than by seconds or other increments of time shorter than hours. California

Dec/Jan 2017 today’s gener al counsel

Labor & Employment law requires employees to pay for all of the “hours” worked by employees. The state Labor Code defines compliance with the laws governing itemized wage statements based on “hours worked.” Correspondingly, wage orders require employers to pay the minimum wage “for all hours worked,” set a

That is not to say that wage violations occur only when payment is improperly withheld for more than an hour’s work. Rather, the statutory and regulatory provisions addressing hours worked set a general frame of reference that reflects the practical problem of focusing on time measured in the range

The plaintiff alleged that his employer violated California law by failing to pay him for certain store closing-time activities.

multiplier for overtime pay based on work done in excess of certain “hours,” and define the workday and workweek based on hour-long periods. Likewise, per Ninth Circuit precedent, under the FLSA, “employers must pay employees for all hours worked” (Bamonte v. City of Mesa, 2010).

of a minute, a second, or even milliseconds. Even when a time clock is used, it becomes arbitrary at some point to measure time too finely. If, as the employee walks to the clock punch in or out, the employee trips, drops the time card and must pick it up, do the extra seconds really amount to a

DEC/JAN 2016 VOLUME 1 2 / NUMBER 6 TODAYSGENER A LCOUNSEL.COM

Congratulations TGC!

2 0 1 6 w inne r of the

– 5 3r d – annual

Legal Hold

material difference in the amount of time worked? Taking practical considerations into account, the de minimis rule, as applied under the FLSA, disregards insignificant periods of time beyond the scheduled working hours where they cannot as a practical matter be precisely recorded for payroll purposes, and in the absence of controlling or conflicting California law, California courts generally look to federal regulations under the FLSA for guidance. Notably, California’s DLSE has repeatedly issued opinion letters adopting the de minimis standard under California law. The DLSE’s opinion letters, “while not controlling upon the courts by reason of their authority, do constitute a body of experience and informed judgment to which courts and litigants may properly resort for guidance” (Brinker Rest. Corp. v. Super., 2012). Furthermore, the California Legislature’s decision not to modify the statutory scheme for state wage claims to abrogate the de minimis rule in light of the DLSE’s long-standing administrative practice adopting the rule is a strong reason for courts to follow the DLSE’s lead. Before Troester, two different threejudge panels of the Ninth Circuit concluded that the California Supreme Court would likely apply the de minimis rule to California claims. As California’s high court now takes up the same issue in Troester, it will be interesting to see if these predictions prove to be correct. ■

Avoiding Flotsam in Large Volumes of Data • Ingredients of a Sound Legal Hold • Applying “Moneyball” to the Legal Department • Building a Company-Wide Culture of Compliance

Felix Shafir

awards

$199 Subscription rate per year ISSN: 2326-5000 View our digital edition: digital.todaysgeneralcounsel.com

is a partner at Horvitz & Levy LLP, a firm devoted to civil appellate litigation. He has extensive experience with labor and employment litigation, and he and the firm have handled appeals in a wide variety of employment cases. fshafir@horvitzlevy.com

Our capabilities are global, but our focus is singular.

With a concentration exclusively on employment and labor law, we provide our multi-national clients with a variety of effective strategies and solutions. It’s that specialization that allows us to represent companies all over the world. Managing your legal matters cost-effectively means we’re constantly developing new and innovative ways to solve your employment and labor law needs. We believe when you focus on one thing, and only one thing, experience isn’t just inevitable, it’s invaluable.

littler.com

Dec/Jan 2017 today’s gener al counsel

Labor & Employment

Sexual Harassment is Global, Solutions are Local By Angela Cummings

recent headline could put fear in the hearts of general counsel and HR professionals alike. A restaurant franchisee in Ohio shells out $1.4 million to settle a sexual harassment case brought by the U.S. Equal Employment Opportunity Commission on behalf of multiple women. In that case, EEOC v. E. Columbus Host, LLC, the EEOC claimed a restaurant manager engaged in egregious sexual harassment of 12 female employees. His behavior was said to include pressuring workers as young as 17 for sexual favors, unwelcome touching of female workers, making humiliating remarks about women, and retaliating against female employees who complained. The EEOC, after reaching the substantial settlement, not surprisingly took to the media to underscore its victory and warn other employers that they may

and then in some other major venues worldwide. In the United States, although some states have their own statutes barring sexual harassment at work, the most common legal basis for asserting these claims is Title VII of the Civil Rights Act of 1964. The same Title VII also forbids employers from firing or otherwise retaliating against an employee because he or she complains about discriminatory conduct. A common scenario faced by employers is as follows: An employee files a charge of discrimination with the EEOC, claiming sexual harassment and/or retaliation for reporting the harassment. The EEOC then conducts an investigation, which may include witness interviews and a review of documents. Finally, the EEOC makes a determination. It’s either a “reasonable cause” finding, if the

UK employers can be responsible for the actions of their employees in the course of their employment, even if such actions are taken without the employer’s knowledge or approval.

be next. “‘Rooting out harassment in the workplace has long been a priority for the Commission,” said EEOC General Counsel David Lopez. “We hope that this settlement can serve as a road map to other employers seeking to prevent and eradicate sexual harassment in their workplace.” With that warning in mind, we now take a broader look at workplace sexual harassment, first in the United States

EEOC has reasonable cause to believe that harassment occurred, or a “no reasonable cause” finding. If it’s the former, the agency will “invite” the employer to conciliate and attempt to settle, with the EEOC and the employee. If the matter is not settled, either the EEOC or the employee may then bring suit in federal court. Notably, even if the EEOC makes a no-reasonable-cause determination, the

employee receives a right-to-sue notice and may nonetheless file a lawsuit against the employer. For employers that means that even a win at the EEOC stage is only one victory in what can become a much longer war. In FY 2015, the EEOC received 6,822 charges claiming sexual harassment. Of those charges, more than half were investigated and resulted in a determination of “no reasonable cause.” But, again, that finding often does not let the employer off the hook. Employees and the attorneys who represent them like to bring sexual harassment lawsuits due to their often salacious allegations and the belief that companies will pay to settle in order to keep from having their dirty laundry aired publically in a federal lawsuit. With all this in mind, employers should take the following actions to prevent and remedy sexual harassment in the workplace: • Develop and issue a policy prohibiting harassment, including sexual harassment. • Keep tabs on the company’s culture and environment to ensure that the workplace is professional and free of problematic conduct and language. • Conduct training on sexual harassment for both managers and employees. • Select the appropriate contact person, or persons, for employees who want to report harassment. The contact should be someone whom employees can trust to take the concern seriously. • Have trained persons conduct prompt and thorough investigations of any alleged harassment. • If the conduct is substantiated, take proper remedial action against the alleged harasser.

today’s gener al counsel Dec/Jan 2017

Labor & Employment

• Remind all involved (i.e., the employee who reported the concerns, the alleged harasser, and any supervisor involved) that retaliation is expressly prohibited. Taking these steps is important not only for U.S. companies. Laws in many countries similarly prohibit sexual harassment in the workplace. Statistics indeed indicate that employees overseas do suffer from sexual harassment in the workplace. According

to the United Nations, for example, between 40 and 50 percent of women in European Union countries “experience unwanted sexual advances, physical contact or other forms of sexual harassment at work.” (See the United Nations: Fast Facts: Statistics on Violence Against Women and Girls.) What follows is a brief look at the laws prohibiting sexual harassment in a number of European countries. In Italy, Article 26 of the “Code of

Equal Opportunities” defines sexual harassment as “unwanted conduct of a sexual nature expressed in any way which violates, or is intended to violate the dignity of an employee or which creates an intimidating, hostile, degrading, humiliating or offensive working environment.” This law also provides that any agreements or decisions concerning the employment contract of an employee who is a victim of sexual harassment continued on page 25

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Labor & Employment

Recent Scrutiny of Non-Competes By Lawrence J. Del Rossi

on-compete agreements (also referred to as restrictive covenants, or “covenants not to compete”) are common in many employment contracts in a variety of industries and occupations. Often they’re found in the retail, insurance, healthcare, financial services, technology, engineering and life sciences sectors throughout the United States. At their core, these agreements

restrict workers from engaging in certain business-related activities for a fixed period of time within a specific geographic area, in return for privileges and benefits given to them by their employer. Non-competes, creatures of English common law, have been around for centuries. Private businesses in the United States have used them in one form or another to protect their legitimate business

interests, such as long-standing customer relationships, business goodwill, investment in specialized training, or development of trade secrets and other intellectual property. They can bring tremendous value to a business enterprise and are often critical to protecting a company’s “secret sauce.” Typically, employers require employees to sign non-competes as a condition

today’s gener al counsel Dec/Jan 2017

Labor & Employment of employment when they are first hired. In addition to continued employment, some employers give additional monetary incentives or “consideration” to secure employee agreement and commitment. Covenants not to compete might be part of a sale of a business. They also might be included in a stock purchase agreement and other equity incentive contract. If an employer discovers a breach, the company might seek monetary and non-monetary injunctive relief from a court or an arbitrator, including an order that would literally stop the employee from engaging in the prohibited activity. One major challenge for national companies is that enforcement of noncompetes varies from state to state, and there is no uniform standard. State legislatures and state courts have limited their use in certain industries, jobs and professions. California, for example, prohibits them in most industries – unless exceptions apply. New Jersey prohibits them for attorneys. Some states, including Tennessee, prohibit them for doctors, unless exceptions apply. New York state courts generally disfavor non-competes that simply prevent an employee from taking a job with a competitor when the employee was involuntarily terminated “without cause,” such as a companywide reduction in force. When a court is reviewing an application to enforce a non-compete, the judge generally will apply a rule of “reasonableness” to determine whether the employee should or should not be restricted. Private factors such as the nature of the employer’s business interests, the circumstances related to the employee’s departure (i.e., involuntary layoff vs. voluntary resignation), and the employee’s ability to earn a living elsewhere are considered. In addition, courts consider public policy factors, such as the need for the goods or services at issue. No single private or public factor is dispositive. It is a balancing test, which can make enforceability unpredictable and expensive. Some courts will not enforce any aspect of a restrictive covenant if one or more provisions are found to be unreasonable. However, many judges can “blue

pencil” them if the restrictions are found to be broader than would be necessary to protect an employer’s legitimate business interests. Other courts might decline to stop the worker from joining a competitor, but allow the employer’s claims to continue against the employee and the competitor, giving the employer the opportunity to recover monetary damages at a trial. Historically, federal and state enforcement agencies have generally stayed out of regulating or challenging private businesses’ use and enforcement of noncompetes. However, a recent uptick in government enforcement activity suggests a new wave of challenges is on the horizon for employers. If employers are not prepared to respond to these challenges,

House, with the title “Non-Compete Agreements: Analysis of the Usage, Potential Issues, and State Responses.” This document outlines state efforts to curtail the use of non-competes, and announces that “[i]n the coming months, as part of the [Obama] Administration’s efforts to support competition in consumer product and labor markets, the White House, Treasury, and the Department of Labor will convene a group of experts in labor law, economics, government and business to facilitate discussion on non-compete agreements and their consequence.” The goal is to identify “key areas where implementation and enforcement of non-competes may present issues,” to examine “promising practices in states,”

A major challenge for national companies is that enforcement of non-competes varies from state to state.

their ability to protect their business interests could be severely compromised. In March 2016, the federal government began taking direct aim at restrictive covenants in the private sector when the Office of Economic Policy of the U.S. Department of the Treasury issued a report entitled “Non-Compete Contracts: Economic Effects and Policy Implications.” This document looks at case studies, theoretical papers, and surveys of different professions, to make observations regarding the benefits and detriments of non-competes. According to the report, an estimated 18 percent of all workers, or nearly 30 million people, have non-compete agreements in some form or another, in a variety of industries. The report discusses the effects of these agreements on worker mobility, wages and economic growth, and it recommends greater transparency and better communication with employees. Another report two months later, in May of 2016, came from the White

and to put forward a set of best practices and call to action for state reform. Apparently hearing the White House call to action, some state government agencies appear to have stepped up their enforcement efforts. In August of 2016, the New York Attorney General’s Office issued a press release announcing that a nationwide medical information services provider agreed to stop using non-competes for most of its employees in New York. These non-competes had prohibited all employees, including “rank-and-file workers,” from working for competitors after their employment ended, regardless of whether they had access to trade secrets or other sensitive information. In June, 2016, the Illinois Attorney General’s Office filed a lawsuit against Jimmy John’s franchises “for imposing highly restrictive non-compete agreements on its employees, including lowwage sandwich shop employees and delivery drivers whose primary job tasks

Dec/Jan 2017 today’s gener al counsel

Labor & Employment are to take food orders and make and deliver sandwiches.” The Complaint alleges that Jimmy John’s has engaged in unfair conduct in violation of the Illinois Consumer Fraud and Deceptive Business Practices Act, seeks a declaration invalidating the non-competes and money damages in the amount of $50,000 per violation.

former employee reminding him of his 18-month post-termination noncompete obligations. The Board found this non-compete was a mandatory term of employment, and therefore that the union should have been notified and given the opportunity to bargain prior to its implementation. Without addressing the company’s legitimate

that require all employees, regardless of skill level or whether they have access to trade secrets or other sensitive information, to sign post-termination non-competes. In light of the recent focus on non-competes, particularly the emphasis on low wage and low skill workers, employers should evaluate the scope and structure of their agree-

Government agencies appear focused on companies that require all employees, regardless of skill level or whether they have access to trade secrets or other sensitive information, to sign post-termination non-competes.

Jimmy John’s previously had reached a deal with the New York Attorney General’s Office and agreed not to use non-compete agreements for most of its workers in New York. In August, 2016, Illinois enacted the “Illinois Freedom to Work Act,” which starting on January 1, 2017, will render non-compete restrictions with “low-wage employees” (those earning less than $13.00 per hour) illegal and void. Other states that currently allow but generally disfavor the use of noncompetes in the private sector could follow. In addition to the uptick in state enforcement activities, the National Labor Relations Board recently issued its own eye-opening decision regarding private sector non-competes. In July of 2016, a three-member panel of the NLRB found that steel product company Minteq International, Inc. had violated federal labor law by requiring new employees to sign non-compete and confidentiality agreements as a condition of their employment, without giving Local 150 of the International Union of Operating Engineers the opportunity to bargain on the issue. Local 150 had filed an unfair labor charge after Minteq sent letters to a

need for having non-competes, the Board concluded that Minteq’s unilateral imposition of the non-compete as a condition of employment violated Section 8(a) of the National Labor Relations Act. So what should employers consider in determining whether to implement non-competes, modify existing ones, or eliminate them altogether for some or all of their employees? To begin with, consider whether all employees within the company should have non-competes. Look carefully, for example, at C-suite vs. rank and file, technical vs. non-technical, and sales vs. internal staff. A one-size-fits-all approach is probably not necessary to protect legitimate business interests. Other considerations include whether the employee has access to the company’s trade secrets, and whether the employee requires special job training to complete a unique task tailored to the company’s core business. Also consider: Does the employee’s job duty include establishing or maintaining key customer relationships? And did these relationships begin before or after the employee signed the non-compete? Government agencies and legislatures appear focused on companies

ments. Selective use of non-competes may go a long way toward staving off challenges. Finally, be sure to document the business rationale for requiring employees, including at-will employees that can be terminated for any reason at any time, to sign any non-compete. ■

Lawrence J. Del Rossi is a partner in Drinker Biddle’s National Labor & Employment Practice. He defends and counsels clients on a variety of civil complex business disputes and a full spectrum of employment matters. lawrence.delrossi@dbr.com

today’s gener al counsel Dec/Jan 2017

Labor & Employment Sexual Harassment continued from page 21

are null and void if they are adopted as a consequence of the employee’s refusal of, or subjection to, the sexual harassment. Emanuela Nespoli, a partner at the law firm of Toffoletto De Luca Tamajo e Soci, advises that in Italy, much like in the United States, employers have a duty to prevent and punish sexual harassment occurring in the workplace. Employers must adopt all necessary measures to guarantee a safe working environment for all employees, and an employer should take swift remedial action against an employee who is found to have committed sexual harassment, including dismissal of that employee. In Germany, the definition of sexual harassment is similar to Italy’s. The German General Equal Treatment Act defines sexual harassment as any unwanted, sexually motivated conduct (including unwanted sexual acts and demands to perform such acts, sexually motivated physical contacts, sexual remarks, as well as unwanted display and visible posting of pornographic images) which occurs with the purpose of violating the dignity of the affected person, in particular by creating an intimidating, hostile, degrading, humiliating or offensive environment for that person. According to this Act, and similar to law in the United States, the employer is obligated to take measures to protect employees against sexual harassment. Alexander Ulrich, a partner at the law firm of Kliemt & Vollstädt, Germany, notes that when harassment has been substantiated, employers should provide written warning documentation to the harasser, relocate the harasser – or, in the case of an employee who has already been found to have harassed in the past or where the harassment is severe – terminate the harasser. Ulrich notes that the employer’s reaction to harassing behavior will depend on the circumstances of the particular case, including its severity. In general, he says, the employer has a duty to investigate every complaint of sexual harassment and take appropriate

actions to protect employees. At the end of every harassment investigation in Germany, the employer must inform the employee about the results of the investigation. In the United Kingdom, the Equality Act 2010 similarly prohibits sexual harassment, which is defined as conduct of a sexual nature that has the purpose or effect of violating the victim’s dignity, or creating an intimidating, hostile, degrading, humiliating or offensive environment. Examples might include making unwelcome sexual advances, displaying pornographic images, or sending emails with material of a sexual nature. Hannah Price, a partner at the law firm of Lewis Silkin, notes that UK employers are responsible for the actions of their employees in the course of their employment, even if such actions are taken without the employer’s knowledge or approval. However, if the employer can demonstrate that it took all reasonable steps to prevent the employee’s discriminatory action, it will have a successful defense. Accordingly, Price notes, employers in the United Kingdom are well-advised to have in place clear anti-harassment policies, to make all employees aware of these policies, and to provide training and deal effectively with any complaints of harassment, including by taking appropriate disciplinary action against the perpetrator. In Latin America generally, sexual harassment laws also require that employers provide harassment-free workplaces. In Brazil, sexual harassment can be a crime for the employee who commits it, but only a civil matter for the employer. José Carlos Wahle, a partner at the law firm of Veirano Advogados in Brazil, says that judges in Brazil take accusations of harassment very seriously, but they also take seriously false claims of harassment that damage the accused: According to Wahle, the alleged harasser may sue if he or she was terminated from the company even though the sexual harassment was unsubstantiated and if the company failed to keep the process confidential. Mexico also prohibits sexual harassment in the workplace. Legislation

enacted in 2012 levies fines ranging from $1,000 to $20,000 against employers who tolerate it. Jorge G. De Presno and Alvaro Gonzalez-Schiaffino, partners at the law firm of Basham, Ringe y Correa S.C. in Mexico, advise Mexican employers to assess their existing harassment prevention policies and procedures, as well as the forms used for internal investigations, to determine whether the employer is providing the appropriate tools for preventing harassment and handling grievances. They also suggest that companies provide training to employees charged with conducting internal harassment investigations to ensure they are handled appropriately. Both in the United States and abroad, employers must protect their employees from sexual harassment or else face potentially costly litigation, and at times astronomical jury awards. In the United States, such an award was imposed recently, when a jury in Texas awarded a woman $7.65 million after finding that a restaurant manager had sexually assaulted her as a minor and that her employer had failed to protect her from this harassment (S.V.Z. v Solis). In the face of such awards, both general counsel and HR professionals will sleep better at night if they ensure that their organizations take all necessary steps to prevent and control sexual harassment claims. ■

Angela Cummings is a partner with FordHarrison LLP. FordHarrison is the sole U.S. member of Ius Laboris, a global alliance of labor, employment and pension law firms. All attorneys quoted in this article are also from firms that are members of Ius Laboris. acummings@fordharrison.com

Dec/Jan 2017 today’s gener al counsel

E-Discovery

How General Counsel Can Spur Legal Hold Success By Doug Deems and Russ Stalters

egardless of the technology and process used for notification and tracking of legal holds, getting compliance by the employees subject to the hold is a major challenge. They are being asked to alter their normal day-today handling of information, including emails, documents and papers, and to implement a different process. Thus the success of a legal hold program may well depend on how well an organization addresses “change management.” The weakest link often consists of one or more employees who choose to ignore directives from the legal group. Indeed, available data suggests that those responsible for implementing legal holds in their organizations are less than confident about the level of compliance. For example, key findings from the

“Legal Hold and Data Preservation Benchmark Survey 2015,” conducted by The Steinberg Group, LLC for Zapproved, include: • 56 percent of respondents consider their organization to be at risk when it comes to legal holds. • When evaluating efforts to create a culture of compliance through training, 75 percent of participants say their organization offers training in data preservation, but only 36 percent feel custodians understand their responsibilities. Comparing the successes and failures of legal holds with an organization’s success or failure in implementing positive change management is instructive.

The seminal book on the people side of change by researchers Chip and Dan Heath, “Switch: How to Change When Change is Hard,” identifies a list of 12 common problems that people encounter as they try to change, along with advice for overcoming them. The number one problem is characterized as, “People don’t see the need to change,” followed closely by “People simply aren’t motivated to change. Some other indications of why change programs often fail come from the recently published “Prosci® Best Practices in Change Management 2016 Edition.” In each of Prosci’s nine benchmarking studies, “effective executive sponsorship” was consistently identified as the top contributor to success.

today’s gener al counsel Dec/Jan 2017

E-Discovery

Conversely, the lack of active and visible sponsorship was more than twice as often identified as the obstacle to successful change programs. Study participants reported lack of effective executive sponsorship as the top obstacle to successful change management. BEST PRACTICES

There are best practices to address change management challenges and ensure that an organization has the right tone at the top. Following are several that are highly recommended. • Look closely at your legal hold and preservation policy and make sure it is clear, unequivocal and, above all, simple. After reading the policy, it should be crystal clear how people are expected to act and remain in compliance. This is one of the hardest and most important aspects of a good policy. • Move beyond generalities by providing concrete examples of compliance behavior. As a leader, you may be tempted to advise your people generally to “comply with the hold instruction,” but explicit instructions and good examples are vital to a successful program. Use specific examples (e.g., “Do not delete voicemails on both mobile and desk phones”), including examples of prohibited behaviors (e.g., saving work to home computers or home backup drives, and saving work files to consumer solutions like DropBox). • Build a learning or practice stage into the legal hold program. Besides training materials and employee training sessions, the training team could include the use of test legal hold notices. Have employees review how they would comply with the instructions as a part of a drill. Corporate cybersecurity teams are successfully implementing this tactic when they send test email messages to help employees learn how to recognize email phishing attacks and emails with viruses. • Consider using a robust checklist. In his book “The Checklist Manifesto: How to Get Things

Right,”Atul Gawande discussed taking his experience – getting his surgical teams to reduce deaths and post-surgical complications with checklists – to the World Health Organization. They agreed to work with his thesis, bringing the checklist concept to eight hospitals around the world. During the next six months, deaths fell by 47 percent and complications dropped by 36 percent. Creating a checklist can serve as a shield from failure because it functions as a cognitive safety net when memory and judgment are unreliable. (“How long was it since we conducted legal hold training?”) This simple tool can improve compliance by providing employees with an aide-memoire – a recollection of the training they received in a way that is easily digestible. ACTIONS GENERAL COUNSEL CAN TAKE

As general counsel, there are three things you can do immediately to lead your organization toward legal hold program excellence: First, review the legal hold policy with your team and incorporate some of the recommended best practices above. Test the revised or updated policy with several non-legal employees to make sure they fully understand it and know exactly what behaviors are expected of them. Second, form a legal hold program partnership with the CEO or one of the other C-level executives and provide visible executive sponsorship for the program. Make sure you then enroll the rest of the senior leadership team, department heads and managers, and ensure that they understand the objectives of the change. Demonstrating compliance from the top is the best way to help improve change management in any organization. Third, communicate the consequences of non-compliance. Make clear that the policies are not optional and will be enforced. This goes beyond company policies and includes legal consequences that could impact the bottom line, and even the viability of the company. Consider moving from

“compliance with the policy and legal hold instruction” to emphasizing what the business outcomes are for compliance and non-compliance. The act of complying may not completely motivate employees, but having the company achieve zero issues with e-discovery orders, and zero dollars in sanctions or fines, may get results, especially with consistent reinforcement from the leadership team. General counsel have a unique opportunity to influence the efficacy of the legal hold program for their organizations. By building senior leadership support, creating clarity, ensuring effective change management processes and providing an aspirational goal, they can be instrumental in saving their companies from costly non-compliance events. ■

Doug Deems is the general counsel and a founding member of The Claro Group, a privately owned financial and management consulting firm. With 30 years of experience in complex insurance claims development, valuation and negotiation, he is responsible for handling all Claro legal matters. ddeems@theclarogroup.com

Russ Stalters is CEO of Clear Path Solutions, Inc. Prior to founding Clear Path as Director of Information & Data Management and Chief Architect, he led a 150-member team at BP, where he conceived the data management strategy, designed the applications to manage a petabyte of information and data from the BP Deepwater Horizon incident, and directed the response to requests for ESI in litigation. russ.stalters@clearpathsolutionsinc.com

Dec/Jan 2017 today’s gener al counsel

E-Discovery

Why Emojis Matter in E-Discovery By Joe Sremack

mojis have revolutionized how people communicate online, and that revolution has arrived in e-discovery. Emojis are a type of visual ideograph that can be used in online communication. They are frequently found in social media and mobile device platforms, such as Facebook, Twitter, Instagram, and SMS/MMS messages. Emojis can also be used in professional collaboration tools, such as Slack, to facilitate communication and integrate with other emoji-friendly tools. Data from these platforms and tools are regular components of e-discovery collections for various types of cases. Over six billion emojis are sent every day on mobile devices alone. According to digital advertising company Emogi, 92 percent of online users report using

with a graphical representation. They do not respond to keyword searches. This is despite the fact emojis, because of their uniqueness and semantic value, are finding their way into courts. Over the past two years, emojis have played a central role in understanding key communications in both criminal and civil cases. Perhaps the most widely known matter involving emojis is the criminal case brought against Ross Ulbricht for his involvement in Silk Road, the online black market site. During the proceedings, a message from Ulbricht was read aloud, but the smiling-face emoji found in the message was not mentioned. This omission led to an objection, with Judge Katherine Forrest ruling that all emojis be considered evidence.

While Unicode does not provide a standard definition for emojis, it does provide defined names, keyword annotations and graphic representation for every emoji. The names and keyword annotations are generally fairly descriptive, such as the name “smiling face with sunglasses,” with the corresponding keywords – smiling, sunglasses, sun, glasses, sunny, cool, and smooth. Unicode also provides a graphical representation of the emojis as examples, although the emojis can be graphically represented differently across different tools. Graphical depictions of emojis can vary by software platform. Software developers can devise their own representations of the Unicode emojis, meaning that the graphical representation differs

Whether attorneys are responsible for producing content with emojis or receive productions that should contain emojis, they need to make sure that emoji content has not been lost due to improper processing or data storage.

emojis, and 64 percent of online users report using emojis daily or weekly. These figures are expected to grow larger as emojis continue to replace text-based communication in many communication tools. E-discovery practitioners have not been addressing emojis, as keyword searching and technology-assisted review have been the primary approaches to managing document collections and review. Practitioners are well versed in developing comprehensive search terms based on applying court-approved methodologies and facts in cases, but emojis have not been subject to the same requirements, since they are encodings

What exactly are emojis? They are graphical icons or images used to express concepts, such as an idea or an emotion. Technically they are encodings rendered into a graphic when displayed. The majority of emojis used in communications are defined by the Unicode Consortium, a nonprofit organization responsible for developing standards to represent text and emojis for use in modern software products. Currently, Unicode has defined over 1,800 emojis. In addition to the Unicode emojis, custom emojis called bitmojis have been released by companies and celebrities, and software exists for individual users to create their own bitmojis.

across implementation. For example, Apple recently changed its gun emoji to a squirt gun, whereas Google Android still uses an image of a real gun. This means that someone sending the gun emoji on an Apple device will see a squirt gun, while a user on a Google Android device will see an actual gun. This variance can alter the meaning. The meanings of emojis can vary based on other factors, as well, not just the software platform. Emojis are used worldwide, and meanings of certain emojis can vary by region. Meaning can also – like the meaning of a word – vary depending on context. Also, like online memes, emojis can go in and out

today’s gener al counsel Dec/Jan 2017

E-Discovery

of fashion and take on new meanings based on shared online usage. An example is the “thinking face” emoji, which is a contemplative face rubbing its chin. This emoji is now commonly used to express a sarcastic opinion, which differs from its defined meaning. Messages in emoji-enabled tools and platforms can include both words and emojis, and emojis can affect the meaning of messages depending on how they are combined with words. An emoji can also replace a word. For example, a heart emoji can replace the word “love,” and a fire emoji can replace words such as “hot.” Emojis can also be used to alter or reinforce the meaning of words, to make a gesture or to reinforce, alter, or even negate the meaning of the bare text. A wink, for example,

can be used to negate meaning. The way emojis are processed matters in e-discovery. Not all software properly supports Unicode, and even software that does support Unicode may not work with emojis, especially so-called surrogate-pair emojis that extend beyond the standard two-byte character encoding size. Whether attorneys are responsible for producing content with emojis or receive productions that should contain emojis, they need to make sure that emoji content has not been lost due to improper processing or data storage. This is analogous to the production of non-Latin character sets. Attorneys need to be mindful that text in Arabic

or Cyrillic is not lost due to improper processing of Unicode data. That could have significant ramifications. Attorneys who know where emojis are in their document sets have a significant advantage over those who do not. First, they will know whether emojis were properly processed and be better equipped to both defend their own e-discovery process and identify failures in the opposing party’s process. Second, they will be better at finding potentially responsive communications that do not respond to keyword searches. Messages with a “thumbs up” emoji or an emoji that constitutes harassment may not respond to keyword searches. Knowing where those emojis are allows attorneys to set up a review process or perform analytics so those messages are not overlooked. Emojis can be just as vital as words in a review process and they can serve as powerful evidence when presented to a jury. Because they convey meaning in a succinct way, when presented as evidence they can provide a subtle but powerful visual that words alone might not. For example, a “thumbs up” emoji can stand for approval or agreement, but it can also be interpreted to represent a cavalier attitude or finding humor about a situation. It matters how an emoji is presented, and attorneys need to take this into account. They can be displayed graphically based on the emoji set used for the sender and/or recipient, by using a standard emoji library, or they can be represented with text value replacements. The choice on how to display the emoji depends on the nature of the emojis and the case.

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

E-Discovery

The meanings of some emojis, like a flag or the “100” emoji, may be less dependent on how it is presented. Other emojis are more subject to interpretation, and the meaning can change depending on how it is presented. Attorneys need to consider these kinds of factors, as well. New tools to manage emoji data are on the market, but they have not been

and produce emoji content. One can expect that the e-discovery market will better adapt to emoji content as courts and e-discovery professionals begin to regularly encounter emoji data and understand its value. Emojis have already been widely adopted in today’s communication platforms, and that means that emojis are

Emojis have already been widely adopted in today’s communication platforms, and that means that emojis are found in most e-discovery collections.

widely adopted. Several of them, including UniSearch Pro, provide e-discovery capabilities. Other tools offer analysis capabilities. Meanwhile, ad hoc processes can be used to properly process, search,

found in most e-discovery collections. When used, they alter or augment the meaning of communication in ways that require emoji-specific interpretation and analysis, and that means e-discovery

practitioners need to be aware of them and understand them, just as they understand keywords in text-based communications. ■

Joe Sremack is a director in the Washington, D.C., office of Berkeley Research Group, where he develops and implements technology solutions to assist corporate and legal clients in matters involving complex technology issues and investigations. He is a Certified Fraud Examiner and author of Big Data Forensics, a handbook for conducting Big Data investigations. jsremack@thinkbrg.com

TO D AY S G E N E R A L C O U N S E L . C O M

Spec I aL a dve rT ISIng S ec T Ion

Super Lawyers, a part of Thomson Reuters, is the only lawyer-ranking service with a patented selection process.* How do we do it? The infographic on the right shows, at a very high level, the steps we go through to vet the attorneys selected to our list each year. Because of our rigorous selection process, and the fact that our selection is limited to no more than 5 percent of the attorneys in any state or region, you can rely on us as one of your sources for finding an attorney who exhibits excellence in the practice of law.

This issue continues the unique partnership between Todayâ&#x20AC;&#x2122;s General Counsel and Super Lawyers. In each issue, you will learn about lawyers and firms that have passed muster with Super Lawyers. We honor attorneys in commercial and consumer practice areas, and the focus with our partnership will be on those selected in a business-related practice area. If you find yourself in need of legal services, whether for your business or personally, start your search with Super Lawyers. For more information on our selection process or to find a lawyer in a specific region or practice area, please visit SuperLawyers.com. learn more

SuperLawyers.com/SelectionProcess

Questions?

SL-Research@thomsonreuters.com

visit SuperLawyers.com Search for an attorney by practice area and location, and read features on attorneys selected to our lists.

*U.S. Pat. No. 8,412,564

DISCLAIMER: The information presented in Super Lawyers is not legal advice, nor is Super Lawyers a legal referral service. We strive to maintain a high degree of accuracy in the information provided, but make no claim, promise or guarantee about the accuracy, completeness or adequacy of the information contained in this special section or linked to SuperLawyers.com and its associated sites. The hiring of an attorney is an important decision that should not be solely based upon advertising or the listings in this special section. No representation is made that the quality of the legal services performed by the attorneys listed in this special section will be greater than that of other licensed attorneys. Super Lawyers is an independent publisher that has developed its own selection methodology. Super Lawyers is not affiliated with any state or regulatory body, and its listings do not certify or designate an attorney as a specialist. State required disclaimers can be found on the respective state pages on superlawyers.com.

specia l a dve rtis in g s ec t ion Dec/Jan 2017 today’s general counsel

Katherine L. FeLton

Lewis e. hudneLL, iii

701 Millennium tower, 719 second avenue, seattle, Wa 98104 Tel: 206-985-9770 • Fax: 206-985-9790 klf@maflegal.com www.maflegal.com

800 West El Camino Real, Suite 180, Mountain View, CA 94040 Tel: 650-564-7720 • Fax: 347-772-3034 lewis@hudnelllaw.com www.hudnelllaw.com

environmentaL Litigation environMentAl And nAturAl resources Business litigAtion

inteLLectuaL ProPerty Litigation Business litigAtion intellectuAl property

Katherine Felton is a founding partner of Murphy Armstrong & Felton LLP. She is enthusiastic about working with industry, institutions and individuals throughout the Northwest to address and resolve their litigated and regulatory compliance matters and agency enforcement actions under federal and state environmental laws (CERCLA, OPA, MTCA, Oregon Superfund Act). She has advised clients on hazardous waste regulation, environmental investigation and remediation, cost-recovery and contribution actions, consent decree challenges, and natural resource damages claims. She also represents clients in business disputes involving claims of product defect, employer liability, fiduciary liability and consumer protection (Fair Debt Collection and Fair Credit Reporting Acts) and under the Federal Debt Collection Procedures Act.

Mr. Hudnell is an intellectual property attorney specializing in patent litigation. He is committed to providing outstanding client service and to helping clients achieve favorable results in complex patent disputes. Mr. Hudnell has served as lead counsel on numerous patent lawsuits in federal court. He has successfully represented clients at trial and has obtained numerous settlements and dismissals in his clients’ favor. He has also successfully represented clients in proceedings before the Patent Trial and Appeal Board. Mr. Hudnell earned a B.S. from Cornell University and a J.D. from the University of Pennsylvania. He is registered to practice before the United States Patent and Trademark Office and is rated AV preeminent by Martindale-Hubbell in the area of patent litigation.

PauL d. suPniK

KendaLL B. wiLLiams

9401 Wilshire Boulevard, Suite 1250, Beverly Hills, CA 90212 Tel: 310-859-0100 • Fax: 310-388-5645 pds@supnik.com www.supnik.com

8263 South Saginaw Street, Suite 6, Grand Blanc, MI 48439 Tel: 810-695-7777 • Fax: 810-695-9549 kwilliams@thewilliamsfirm.com www.thewilliamsfirm.com

inteLLectuaL ProPerty intellectuAl property litigAtion entertAinMent & sports

emPLoyment & LaBor

Paul Supnik practices trademark, copyright, and entertainment law. He advises businesses in the selection and use of brand identities, protects trademarks through registration strategies, enhances value through licensing, and litigates trademark and copyright disputes. Paul has spoken on these subjects in the U.S. and internationally. Industries represented include: Internet, apparel, cosmetic, restaurant, advertising, sporting goods, software, financial, arts, and media. As a bar association leader, Paul has served as president of the Los Angeles Copyright Society, chair of both the Entertainment and IP Law and International Law Sections of the Los Angeles County Bar, and chair of the Los Angeles Lawyer magazine editorial board.

Kendall B. Williams, J.D., is President of The Williams Firm, P.C., a law firm that specializes in labor and employment law. The firm represents businesses in the private and public sectors. Attorney Williams advises several corporate boards regarding governance and policy issues and holds the status of governance fellow with the National Association of Corporate Directors. A 1977 graduate of the University of Michigan Law School, Attorney Williams is a member of several professional associations including the American Bar Association, the Michigan Bar Association, and the National Bar Association. He is a member of the Labor and Employment Law Section of the State Bar of Michigan and a former member of the Michigan Attorney Grievance Commission.

Murphy ArMstrong & Felton llp

lAw oFFice oF pAul d. supnik

hudnell lAw group p.c.

the williAMs FirM, p.c.

s p eci al adv ertising sec t i o n todayâ&#x20AC;&#x2122;s general counsel Dec/Jan 2017

Dec/Jan 2017 today’s gener al counsel

Intellectual Property

Patent or Trade Secret?

Two Ways to Protect Your Valuable IP By Peter Brody and Darrell Stark

n recent years patent law has undergone drastic change. For example, patents are increasingly subject to challenge for covering ineligible subject matter under 35 U.S.C. § 101. In addition, the rise of post-issuance proceedings in front of the U.S. Patent & Trademark Office’s Patent Trial and Appeal Board (PTAB) has resulted in the invalidation of many issued patents. While patents offer certain advantages for protecting innovations, another important type of IP protection is also generally available: trade secret protection. Trade secret law has also changed drastically this year, as a result of the enactment of the Defend Trade Secrets Act (DTSA), which created the first-ever federal civil trade secret law and opened up U.S. district courts to original jurisdiction over cases brought under that statute. In view of these developments, businesses should consider reevaluating their strategies for protecting IP rights in their innovations and other confidential information. Trade secret protection might be a more appropriate avenue than patents in certain circumstances. This article will help companies decide between seeking a patent for an innovation and maintaining the innovation as a trade secret, when both forms are viable means of protection.

TYPES OF PrOTEcTablE INFOrMaTION

An innovation that seeks a patent must be disclosed to the public, and it must be novel and non-obvious. A patent can be granted on “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof.” Laws of nature, natural phenomena and abstract ideas are not patent-eligible. On the other hand, trade secrets can very broadly comprise all forms and types of information – financial, business, scien-

tific, technical, etc. – whether tangible or intangible, and no matter how it is stored or memorialized. It has to derive independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by, another person who can obtain economic value from its disclosure or use. Under the DTSA, trade secret information must be subject to “reasonable measures to keep [the] information secret.” Thus, a business can take advantage of trade secret protection for almost any type of valuable information, whereas patent protection, though still quite broad, is limited to specific types of discoveries. Because of the confidential nature of trade secrets compared to the public nature of patents, a choice must be made to pursue one or the other. The primary benefit of a U.S. patent is the right to exclude everyone else from making, using, selling, offering to sell, and importing the patented innovation within the United States. Protection for patents lasts, in general, 20 years from the filing date. The patent owner has the right to license the patent to others, but if another party practices the invention in the United States without a license the patent owner can sue for infringement, regardless of whether the other party intended to infringe, or even knew about the patent. A key benefit to a trade secret is that the information is uniquely known, and thus uniquely valuable, to the owner. Others, especially market competitors, cannot take advantage of the information. Moreover, the trade secret can receive perpetual IP protection as long as it remains secret (and retains its independent economic value). The owner has the right to license use of the trade secret

to others, as long as proper restrictions on its confidentiality are in place – e.g., through non-disclosure agreements. If a trade secret is disclosed or used without consent, the owner has the right to sue for misappropriation. Unlike patent infringement, this recourse is not limited to the United States. On the other hand, in contrast to patent infringement, misappropriation requires guilty intent (mens rea). There is no such thing as “innocent” patent infringement. Many of the same remedies are available for both types of IP. In both patent and trade secret law, compensatory damages in the form of reasonable royalties or lost profits, enhanced damages, injunctions and attorneys’ fees, are available when warranted. There are, however, important differences in the types of damages or fees that can be sought and how to prove they are warranted. For example, trade secret owners can seek disgorgement of the

today’s gener al counsel Dec/Jan 2017

Intellectual Property defendant’s profits, while patent owners cannot. Preliminary and permanent injunctions also are available in both types of cases. A newly-fashioned remedy unique to the DTSA, and unavailable under patent law, is an ex parte seizure order. This procedure – conducted without the defendant’s knowledge or participation – is available at the initial filing of a complaint “to prevent the propagation or dissemination of a trade secret that is the subject of the action.” The trade

secret owner must provide an affidavit or verified complaint explaining why a noticed injunction proceeding would be inadequate, establishing likely success on the merits, showing that irreparable harm will occur without seizure and that harm to the trade secret owner substantially outweighs harm to any third party. The trade secret owner can be held liable for a wrongful or excessive seizure. Courts have issued ex parte seizure orders in a very small number of DTSA

cases. It is difficult to know whether that means courts are frequently denying such relief, or the relief is not routinely being requested. OBTAINING AND ENFORCING RIGHTS

Obtaining a patent requires prosecuting the application before the Patent Office. There is no guarantee that a patent will issue because, among other reasons, the purported innovation may not be patent-eligible under § 101, or it may

Deciding Whether to Patent, or Protect as Trade Secret Type of Information No Is the information a “technological” innovation? Maybe Is the innovation significantly more than just an abstract idea or discovery of a law of nature or physical phenomenon?

Consider Trade Secret

Yes

Is 20 years long enough protection?

Maybe

Yes

Is it likely that others will also discover the information independently?

Maybe

Yes

Is the information easy to reverse engineer from a product on the market?

Maybe

Yes

Will the information be widely distributed throughout the company? Maybe

Consider Patent

Consider Either

Dec/Jan 2017 today’s gener al counsel

Intellectual Property not be novel or non-obvious. Even if the patent issues, a court or the PTAB may strike it down in litigation. Patents are increasingly being invalidated as directed to ineligible subject matter. Furthermore, even a valid and enforceable patent is not always easy to enforce because it is not necessarily known who is infringing. A patent owner may need to expend substantial resources to investigate the infringement.

limiting the distribution of confidential information, employee training for identifying trade secrets and monitoring employees to prevent improper disclosure, are some of the safeguards companies should consider. The difficulty of deciding between patent or trade secret protection is heightened by the fact that once the decision is made to patent, and thus publicly disclose, an innovation, trade secret protection is no longer available. In light of relatively recent A trade secret is information that developments in both patent and trade secret is uniquely known, and thus uniquely law, it is worth giving these types of IP protection determinations a valuable to the owner. fresh look in order to decide if trade secret Defending trade secrets is compliprotection may be more beneficial. cated as well. Courts typically require First, assess the nature of what you plaintiffs to define an alleged trade sewant to protect. Information like cuscret with specificity. That is not always tomer lists or top secret formulas may easy to do. Information in a document be protectable under trade secret law, stamped “confidential” and kept under but not under patent law, which typically lock and key may be easily described, concerns “technological” innovations. but information shared within a comOther types of valuable information, pany may not meet the requirement such as innovative methods of doing of having been subject to reasonable business or purely software-related efforts to maintain its confidentiality. inventions may be closer calls as to patWhen information is, for instance, only entability under § 101, but would again maintained in a few employees’ heads, still be protectable under trade secret it can be difficult to articulate what law. In patent law terms, the innovation the trade secret is (as opposed to the must be significantly more than just an employees’ general knowledge or mere “abstract idea” or discovery of a law of “tradecraft”), especially if those few nature or physical phenomenon (e.g., employees become former employees a purely mental process, mathematical seeking to earn a living elsewhere. algorithm, scientific truth, etc.). On close Furthermore, loss of “secret” status calls, it may be preferable to protect the through disclosure to or use by competiinnovation as a trade secret because the tors or the public through “proper means” risk of not getting a patent or losing it in will defeat the enforcement of the trade litigation may be too high. secret. Trade secret status will also be lost If the determination is made that the if proper means were used to discover the subject information can fall into either secret through reverse engineering or inde- category, additional factors come into pendent derivation. (By contrast, reverse play, including how long the protecengineering or independent derivation is tion is needed, whether others in the no defense to patent infringement.) Furindustry will discover the information thermore, even if “improper means” were independently, whether the informaused to disclose a trade secret – especially tion could be reverse engineered from a publicly – it may be impossible to “unproduct on the market, and whether the ring the bell,” once the secret nature of the information will be widely distributed information has been lost. or accessible throughout the company. Trade secrets can be safeguarded. If 20 years of protection is long Non-disclosure agreements, policies enough, e.g., because the industry

innovates rapidly and the technology will become obsolete in a few years, patenting may be the right call. If industry competitors are all racing to find the same information (a solution to the same problem), independent discovery may be inevitable and trade secret protection may not last long enough, whereas patenting would provide the 20-year protection. On the other hand, if the information would likely not be independently discovered and is unlikely to be reverse engineered, or would take a long time to do so, trade secret protection is an attractive option. It is also a good option if the information can be limited within the company on a need-to-know basis, rather than distributed to all employees. While many other potential considerations come into play, the flow chart on the previous page provides a roadmap for making an informed decision based on the factors discussed above. ■

Peter Brody, a partner at Ropes & Gray in Washington, D.C., is a member and former chair of the Ropes & Gray intellectual property litigation group. He has litigated patent, copyright, trade secret, trademark, and false advertising suits, as well as a wide range of constitutional, administrative, and contract disputes. Peter.Brody@ropesgray.com Darrell Stark is an intellectual property litigation associate at Ropes & Gray in Washington, D.C. His practice focuses on intellectual property trial and appellate litigation in federal district courts, the Court of Appeals for the Federal Circuit, the International Trade Commission and the Patent Trial and Appeal Board of the U.S. Patent & Trademark Office. Darrell.Stark@ropesgray.com

Advanced Discovery makes sure you Get Answers Now™

WHEN IT COMES TO eDISCOVERY, YOU WANT A TEAM THAT GETS YOU WHERE YOU NEED TO BE With Advanced Discovery, you get an expert guide, an experienced team and access to enhanced versions of the best tools available. Get the answers you need when you need them without sacrificing quality for speed.

• • • • • •

Information Management Forensics & Investigations ESI Processing & Hosting Managed Document Review Analytics & Predictive Coding Managed Services

For more information visit www.advanceddiscovery.com

Dec/Jan 2017 today’s gener al counsel

Cybersecurity

Protection Before and After a Data Breach By Michael Bruemmer and John Mullen

ccording to the Ponemon Institute, 86 percent of companies understand the importance of planning for a data breach and have an incident response plan in place. Despite their awareness, however, many companies do not feel confident in their ability to secure data and manage a data privacy event. Notably, 73 percent of security officers are not confident about their organization’s ability to minimize the financial and reputational consequences of a material data breach. Given the changing nature of the legal landscape, this is not unreasonable. With increased action by attorneys general and other regulators, as well as evolving case law, companies cannot afford to ignore the growing risk of

The following are some issues that companies should consider as they develop their incident response plans and continue to address data security risk. Increased attentIon from aGs and reGulators.

Regulators and attorneys general nationwide are focusing on this issue. From advocating for new legislation to joining multi-state investigations, they are working to enforce data security and privacy, particularly when personally identifiable information is involved. California is a notable example, with its evolving legislative action geared to consumer protection. A recently enacted California law increases protection of personally identifiable information, and a trio of

Communicating about a data breach is a balancing act involving regulatory requirements, protecting the company’s ongoing business operations and safeguarding consumers. litigation or regulatory action as a result of a data security incident. While these risks have not changed the fundamentals of incident response, they do drive home the need for companies to prepare for potential litigation or investigation. Companies must realize that incident response plans cannot just sit on a shelf, but rather must be living documents that are continually updated based on new technology, business relationships, regulation, enforcement and case law. The best incident responses, regardless of the size or type of incident, should anticipate these changing dynamics.

California requirements that went into effect this past January provide guidance to both public and private organizations that deal with electronically stored personal information. That legislative package clarifies the term “encrypted,” creates uniform language for breach notifications, and expands the list of notifiable breaches to include loss of username, emails and passwords. Taken together, these new requirements mean that companies possessing California residents’ data will need to be more transparent in their reporting of more incidents. Since California is a

leader in data breach and privacy law, the impact of these developments will likely reach well beyond the state’s borders. As for attorneys general, a number of them are now joining multi-state investigations and resolutions. This actually can be beneficial for companies, because it streamlines the process, may reduce costs, and it can lead to a resolution that is more complete. Increased attention from regulators means companies need to build solid relationships with these regulators. Proactively meeting with them to learn about concerns and areas of interest can be very helpful. Companies also need to prepare for an incident by implementing data security policies and response programs that will clearly demonstrate to regulators how they handle personal information in a responsible manner. During an incident it’s important that companies, at the appropriate time, reach out to regulators. Along with meeting the explicit requirements to disclose breaches to regulators, it’s generally a best practice to provide them with a detailed account of how the company is managing the incident. If done effectively, this can both reduce the potential for investigations and clear up misunderstandings in the public statements regulators make regarding the incident. communIcatInG the scope of an IncIdent.

Determining when and how – or whether – to share significant detail regarding the scope of an incident is an issue that can make any company uneasy. When communicating about a breach, companies face many hard decisions about such matters as business continuity, legal ramifications and public relations. Some companies jump before the public eye too quickly, with too much detail. In the process they may provide

TODAY’S GENER AL COUNSEL DEC/JAN 2017

Cybersecurity

incomplete, inaccurate and overly reassuring accounts of how they are managing a breach event. It’s also possible to err in the other direction, by announcing a scope or event scale that subsequently proves to be an overstatement. Communicating about a data breach is a balancing act that involves addressing regulatory requirements, protecting the company’s ongoing business operations and safeguarding consumers. Companies should resist the urge to communicate specific facts until forensics are finalized, and even then the company may have reason not to divulge some details. In many cases the best practice is to share the fact that there is, or may be,

a privacy event and the event is under investigation, guided by expert cyber counsel and forensics. MORE CLASS ACTIONS, LARGER SETTLEMENTS.

Class action lawsuits like those brought against Home Depot and P.F. Chang’s have opened the door to increased risk of successful class action litigation, and major costs. In particular, the reported $19.5 million settlement in the Home Depot case may signal that companies that suffer a data breach face significant damages exposure. Thirteen million dollars of the Home Depot settlement was set aside to fund losses and expenses

for the class members, permitting them to recover up to $10,000 each, including compensation for up to five hours for “time spent” to resolve issues, if documented. As a result of this case, plaintiffs may demand larger settlements for time spent mitigating any future risk of identity theft. Given the large number of class members in these cases, that means defendants are at risk for enormous damages. This time-spent-mitigating damages formula was reinforced by the Seventh Circuit’s decision in the P.F. Chang’s class action. The court ruled that class continued on page 43

Dec/Jan 2017 todayâ&#x20AC;&#x2122;s gener al counsel

Cybersecurity

Standing in Data Breach Cases By Thomas Rohback, Patricia Carreiro and James Goldfeier

today’s gener al counsel Dec/Jan 2017

Cybersecurity

he issues of cybersecurity and data breach have skyrocketed to the top of the list of litigation concerns that keep general counsel up at night. Many of the cases filed thus far have faltered for failure to establish concrete harm necessary to support standing when personally identifiable information (PII) has been accessed but not used to cause harm under the Constitution, Article III. It was hoped that the Supreme Court’s May 2016 decision in Spokeo, Inc. v. Robins would resolve a split in the courts over what injury was sufficiently concrete to support Article III standing. Unfortunately, the split has continued. Relying on Spokeo, the Eighth Circuit in Braitberg v. Charter Communications, Inc., reconsidered some of its prior precedents in holding that a statutory violation alone could not support Article III jurisdiction. In that case, the court found “a bare procedural violation, divorced from any concrete harm,” in the context of

of the Ninth Circuit in pre-Spokeo Krottner v. Starbucks, where plainiffs had also enrolled in credit monitoring after a data breach in which the data was stolen but not misused, the Sixth Circuit held that the costs incurred by the plaintiffs were “a concrete injury suffered to mitigate an imminent harm, and satisfy the injury requirement of Article III standing.” The most significant challenge to the continued viability of the defense based on lack of concrete harm and standing is the prospect of class actions based on statutory damages. While some hypertechnical infraction unrelated to the purpose of the statute cannot create the concrete harm necessary to establish standing, where the statutory damage is intended as the remedy for the right created by the statute, standing should be found, even without a showing of separate injury. In the context of data breach litigation, where Congress (or a state legislature) has determined that

concrete harm when the bank failed to timely record a mortgage satisfaction notice. The statutes imposed monetary penalties for the alleged violations, but the plaintiff did not allege that she suffered any additional harm beyond the failure to timely record the mortgage satisfaction notice. The Bellino court agreed with the reasoning in another SDNY case, Jaffe v. Bank of America Corp, N.A., that the late filing of a mortgage satisfaction notice constituted the intangible injury sufficient to provide Article III standing. The cases recognized that a state statute (as well as a federal statute) could create a right and identify a concrete injury for the purposes of Article III standing based on a violation of that statute. Those cases rejected arguments that the late filing was merely a harmless technicality of the sort mentioned by Justice Alito in the Spokeo opinion. Rather, the court in Bellino explained that the New York Legislature recognized the “the

Recently, courts in a number of post-Spokeo cases have found standing where the claim alleged entitlement to damages based on a statutory violation, but no additional harm.

the Cable Communications Policy Act where the defendant allegedly retained PII longer than it should have. A few days later, the Sixth Circuit reached the opposite conclusion in Galaria v. Nationwide Mutual Insurance Co. In Nationwide, the Sixth Circuit found after a data hack that plaintiffs had alleged a concrete injury sufficient for standing, even absent an allegation of misuse of the data. The Sixth Circuit explained that although it might not be “literally certain” that plaintiffs’ data would be misused, there was a sufficiently substantial risk of harm that incurring mitigation costs was reasonable. Echoing the finding

access to, or disclosure of, data, without further proof of misuse and harm, has caused a concrete risk of harm, standing should be found under Spokeo. Recently, courts in a number of post-Spokeo cases have found standing where the claim alleged entitlement to statutory damages based on a statutory violation, but no additional harm. In September 2016, the Southern District of New York issued a decision that found standing, in Bellino v. JP Morgan Chase Bank, N.A. Here, the court denied JPMC’s motion for summary judgment that challenged standing by arguing that the plaintiff (and the putative class) had not alleged, and could not show, any

interest mortgagors have in a public record cleared of encumbering mortgages bearing their names.” The decisions held that the statutes created a right, the invasion of which created a legal injury. Moreover, both decisions held that it was “of no moment” that the plaintiffs may not have sustained, additional economic injuries. Even so, another judge in the Southern District of New York reached the opposite conclusion in looking at the same New York property law. In Villaneuva v. Wells Fargo Bank, N.A., the court found that the plaintiffs had alleged nothing more than “bare procedural violations . . . rather

Dec/Jan 2017 today’s gener al counsel

Cybersecurity

than alleging that they have suffered the concrete harm [the] statutory provisions [were] intended to address.” To be sure, under Separation of Powers, the legislative branch cannot create standing out of whole cloth, but it can create a right and provide statutory damages as a remedy. As the Spokeo decision explained, in looking at the standing issue, courts need to examine both the purpose of the statute and the American and English tradition of common law to determine whether the legislature is properly exercising its function or intruding on the judicial branch’s role in identifying a concrete case or controversy for establishing jurisdiction. In Bellino, the court looked at the legislative history and found that the New York legislature intended “to elevate the harm associated with a mortgagee’s delayed filing of a satisfaction of mortgage to a concrete injury.” The court also determined that no additional injury was needed because the legislature did

III standing based on a data breach based on allegations that CareFirst had “violated a host of state laws,” noting that plaintiffs had not sufficiently demonstrated a substantial risk of future harm. One case that will likely affect the data breach cases yet to come is Thomas v. FTS USA, LLC. In this well-reasoned decision from the Eastern District of Virginia, the court found that Spokeo did not preclude Article III standing based solely on statutory damages. The court looked at the Fair Credit Reporting Act that required disclosure and written consent from a consumer before providing a credit report. The defendants argued that the plaintiffs alleged technical procedural violations that caused no concrete harm, pointing out that only statutory (and not actual) damages were sought. Rejecting the need for any other type of injury, the court analyzed the legislative history and found that with

determined that access to or disclosure of data, without further proof of misuse and harm, has caused a concrete risk of harm, there is a real risk that standing will be found – particularly in light of the common law tradition of a right to privacy. ■

Thomas Rohback is a partner at Axinn Veltrop & Harkrider LLP. An appellate and class action lawyer, his cases have involved areas of the law ranging from antitrust to anti-terrorism litigation. Industries in which he has represented clients include manufacturing, financial services, insurance, utilities and telecommunications. trohback@axinn.com

The court noted that common law had long recognized a cause of action to “quiet title” or to remove a “cloud” where no other injury was required.

not indicate that the purpose was to avoid “duplicative payments.” Further, the common law had long recognized a cause of action to “quiet title” or to remove a “cloud” where no other injury was required. However, an alleged statutory violation was insufficient for standing in Charter. The DC Circuit held in Hancock v. Urban Outfitters, Inc. that “allegations that defendant violated certain statutes by requesting customers’ zip codes in connection with credit card purchases [were] not a concrete Article III injury.” The DC District Court in Attias v. CareFirst, Inc. found no Article

“computerized data banks,” it was the intent of Congress to make sure a person knew when his or her data was being disclosed. With ramifications for many data breach cases, the court noted the “firmly-rooted principles of Anglo-American law, which has long allowed nominal damages where actual damages are too small or difficult to quantify.” General counsel must remain vigilant to the threat of data breach and data breach litigation. This remains unchanged after Spokeo. In the context of data breach litigation, where Congress (or a state legislature) has

Patricia Carreiro, an associate at Axinn Veltrop & Harkrider, practices in the firm’s Litigation group and has appeared before both courts and administrative agencies. She has experience in a broad range of civil litigation, including commercial, employment and insurance disputes. pcarreiro@axinn.com

James Goldfeier is an associate at Axinn Veltrop & Harkrider, working primarily in the antitrust practice group. jgoldfeier@axinn.com

today’s gener al counsel Dec/Jan 2017

Cybersecurity

Data Breach

entering into contracts that address the full suite of data privacy issues.

members should have a chance to show they spent time and resources tracking down potential fraud, changing automatic payments and replacing credit cards. This decision signals that courts in the Seventh Circuit may routinely find that “time spent” damages is sufficient to confer standing. If so, every individual that receives a notice letter of a data breach is a potential class representative. With these risks in mind, companies must ensure they are responding to incidents properly, with appropriate resources and experts, both legal and forensic. This is where cyber insurance is critical, by providing funds and access to seasoned experts who can immediately manage the response process and address looming regulatory and litigation risk. Historically, companies have been successful in dismissing data breach litigation due to lack of standing, but that

New INterNatIoNal Data Breach laws

continued from page 39

As European companies prepare for the General Data Protection Regulation (GDPR) to go into effect in 2018, and as Canadian organizations adjust to the new federal Digital Privacy Act, U.S. companies maintaining information about residents of those jurisdictions need to assess how they will respond to breaches that impact residents outside the United States. The GDPR will require European based-companies, companies that operate in Europe, and companies maintaining protected information of European residents, to notify authorities within 72 hours of confirming a breach. While not as strict on notification time, the Canadian Digital Privacy Act will require companies to disclose breaches to affected individuals as soon as feasible, and to provide individuals with sufficient information to understand the event’s significance and steps Plaintiffs may demand larger they can take to protect themsettlements for time spent mitigating selves. U.S. companies any future risk of identity theft. are more prepared than ever for a data breach, but these and other has become more difficult. In instances new regulations outside of the United where a motion to dismiss doesn’t end States add another level of complexthe litigation, discovery comes next. ity that needs to be addressed by an Responding to discovery in data breach effective response plan. A global breach litigation can be extremely costly and brings new factors into play, including rarely improves the defense posture of multiple languages, varying notificathe case. tion laws, diverse cultures and differing Companies must be sure that vendors views of privacy enforcement. As with brought in to assist in responding to an solely domestic breaches, companies in event (forensic, public relations, mailings/ these matters need to engage with the call center and credit/identity monitorright resources as early as possible. This ing) are properly retained by expert means working with expert attorneys outside counsel, to ensure that the vendor who understand the legal and regulawork is privileged and not discoverable tory frameworks, as well as how, when by plaintiffs. Moreover, at the outset, and to whom they must provide notice. companies should protect themselves in Companies should ensure notification their vendor relationship to the extent partners can handle multi-language they have sufficient leverage to do it, by notifications.

As regulations, enforcement, case law and technology continue to evolve, litigation will remain a growing risk for companies that experience data breaches. The silver lining is that by taking precautionary measures – including implementing risk management and assessment policies, purchasing sufficient cyber insurance, and using proven experts – entities can mitigate the risk of poor response and the litigation and regulatory actions that can follow. ■

Michael Bruemmer is vice president with the Experian Data Breach Resolution group. He has more than 25 years in the industry, with broad experience in addressing issues related to identity theft and fraud resolution, including pre-breach and breach response planning and delivery, notification, call center and identity protection services. He is a member of the Ponemon Responsible Information Management (RIM) Board, the Information Security Media Group (ISMG) Editorial Advisory Board and the International Association of Privacy Professionals (IAPP) Certification Advisory Board. Michael.Bruemmer@ experianinteractive.com

John F. Mullen, Sr. is partner and co-founder of Mullen Coughlin. Formerly he was the managing partner in the Philadelphia office of Lewis Brisbois and chair of the firm’s Data Privacy and Network Security Practice. His practice is focused on assisting insureds in preparing for and responding to data privacy and network security events. jmullen@mullen.legal

Dec/Jan 2017 today’s gener al counsel

Compliance

Self-Certifying Under the EU-U.S. Privacy Shield By Karin M. McGinnis, and Suzanne K. Gainey

he European Union formally adopted the EU-U.S. Privacy Shield in July, 2016. As of late September 2016, about 275 companies had active Privacy Shield certifications (list available at www.privacyshield.gov/ list). The question for other companies is whether they should self-certify too. The answer is not clear, considering the problems some companies had after the invalidation of the Privacy Shield’s predecessor, the EU/U.S. Safe Harbor, and the threats by some in the EU to challenge the Privacy Shield’s validity. This article will identify some key considerations for companies deciding whether to jump on the Privacy Shield bandwagon.

It was in 1994 that the European Union adopted the EU Data Privacy Directive. Under the Directive, transfers of EU citizens’ personal data are permitted to non-EU countries in limited circumstances. Those circumstances include if there is express consent of the data subject; if both the entity exporting the data from the EU and the entity receiving the data from the EU sign approved standard contractual clauses; if the entity desiring to transfer personal data from the EU to an entity within the company group has approved Binding Corporate Rules (BCRs) providing for adequate protection of the data; and – importantly – if the country to which the data is transferred ensures an

adequate level of privacy protection for personal information. Unfortunately, the EU does not think the U.S. is a country that ensures an adequate level of protection for the personal data of EU citizens. However, in 2000, the European Commission and the U.S. Department of Commerce agreed on the EU/US Safe Harbor, by which U.S. companies subject to oversight by the Department of Commerce or the Department of Transportation could certify compliance with seven privacy principles and be allowed to transfer personal data from the EU. The Federal Trade Commission, among other governmental entities, was tasked with enforcing compliance with

today’s gener al counsel Dec/Jan 2017

Compliance

the Safe Harbor. Although the FTC pursued some companies who falsely promoted themselves as being Safe Harbor certified, some in the EU believed the FTC was less aggressive in enforcing the Safe Harbor than it should have been. Worse, the June 2013 Edward Snowden leaks regarding U.S. surveillance led an Austrian law student, Max Schrems, to question whether the Safe Harbor provided adequate protection of his personal data transferred to the United States by Facebook. In October 2015, the European Court of Justice sided with Schrems and invalidated the Safe Harbor, and thousands of U.S. companies that relied on the Safe Harbor wondered how to legally transfer data from the EU to the United States. Many turned to standard contractual clauses. Some started the extensive process of adopting binding corporate rules. Some did nothing, and faced fines from the European Data Protection Authorities. THE PRIVACY SHIELD

After months of negotiations, the United States and the EU adopted the Privacy Shield. Like the Safe Harbor, the Privacy Shield is a voluntary self-certification program with the U.S. Department of Commerce. Certain entities (such as

violations for EU citizens, and (3) more “robust” protection obligations on U.S. companies that sign onto the Privacy Shield. “Supplemental Principles” provide additional requirements for HR data, pharmaceutical and medical products, and other sensitive data. The Privacy Shield incorporates a number of principles, and companies that want to self-certify must agree to comply with these principles and bring their policies in line with them. These principles are: • • • •

Notice Choice Onward Transfer Data Integrity and Purpose Limitations • Access • Security • Recourse/Enforcement/Liability Notice includes notice that the company is participating in the Privacy Shield, as well as the types of information collected, the purposes for which it’s collected, the identities of third parties to whom it is disclosed, the data subject’s right to access the information, the data subject’s right to limit the company’s use and disclosure of the information (and

The Snowden leaks led an Austrian law student to question whether the Safe Harbor provided adequate protection of his personal data transferred to the U.S.

financial institutions) that are not subject to the enforcement powers of the FTC, DOT or “another statutory body that will effectively ensure compliance with the Principles” are not covered. The Privacy Shield is similar in its operation to the Safe Harbor, but it includes: (1) additional limitations on U.S. government surveillance, (2) additional means of redress for privacy

how to exercise that right), the company’s dispute resolution process, and how to complain to the company and the government agency with authority over the company with respect to the Privacy Shield. Choice includes giving data subjects the right to opt out of the company’s disclosure of personal information to a non-agent third party or to use the

information for a purpose materially different from the reason the company collected it in the first place, as well as the right to opt in for such disclosure or a use involving sensitive information (such as medical information, or the data subject’s race, political opinions, or involvement in a trade union). Onward Transfer governs how the company transfers personal information collected from a data subject to third parties, and it requires a contract between the company and the third party by which the third party confirms compliance with the Principles, and it imposes greater diligence and oversight of company agents to whom the information is transferred. Security means taking reasonable and appropriate measures to protect information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Data Integrity and Purpose Limitations means taking reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete and current. Access refers to the right of the data subject to correct, amend, or delete information if it is inaccurate or processed in violation of the Principles, unless the burden and expense to the company of providing such access is disproportionate to the privacy risk to the individual or would violate others’ rights. Recourse, Enforcement and Liability requires companies to provide expeditious, no-cost investigation and resolution of disputes. Companies are required to address a complaint by a data subject within 45 days. Thereafter, the data subject can turn to a “recourse mechanism” designated by the company for resolution of the complaint. Acceptable recourse mechanisms include the FTC, a panel made up of European Data Protection Authorities (required for transfers of HR information) or private third parties. This principle also provides a detailed arbitration procedure for resolving disputes that have not been resolved directly with the company or through the designated recourse mechanism. Importantly, EU continued on page 49

Dec/Jan 2017 today’s gener al counsel

Compliance

One Year After the Yates Memorandum By Howard Privette and Wayne Gross

n September 2015, to great fanfare, the U.S. Department of Justice issued a policy directive entitled “Individual Accountability for Corporate Wrongdoing.” This was the so-called “Yates Memorandum,” in reference to its author Deputy Attorney General Sally Quillian Yates. The Yates Memorandum declared that “one of the most effective ways to contain corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.” With this premise, DOJ instructed its criminal prosecutors and civil enforcement attorneys to “focus on individuals” in all cases involving allegations of corporate fraud and misconduct. These instructions were summarized in six policies set forth in the Memorandum:

• To be eligible for any credit for cooperating with a government investigation, a corporation must provide the government with “all relevant facts about the individuals involved in corporate misconduct.” • Both criminal and civil corporate investigations by government attorneys should focus on individuals starting from the inception of the investigations. • Criminal and civil attorneys handling investigations for the government should be in routine communication with each other. • Except in “extraordinary circumstances,” no settlement or other resolution by a corporation will be allowed to provide protection for any individuals from criminal or civil liability. • Investigations and cases involving corporations should not be resolved without a clear plan by government attorneys to resolve related individual cases. • Civil attorneys for the government should consistently focus on individuals as well as the corporation, and they should evaluate whether to file a lawsuit against an individual

based on considerations beyond that individual’s ability to pay. Over a year has passed, and so far the impact of the Yates Memorandum has been mixed. Observers have questioned, for example, whether or not there has been a material change in the incidence of criminal prosecutions of individual corporate executives. The seeming lack of change led Deputy Attorney General Yates herself to take to the podium, in

corporate executives, DOJ announced a $1 million settlement with the former CEO of Tuomey Healthcare System. This followed closely on another settlement, announced in September of 2016, one involving North American Health Care Inc. (NAHC), in which the CEO and a senior vice president of the company agreed to pay $1 million and $500,000, respectively. Tuomey, which ran a hospital, was informed by some specialty physician

Companies that learn of potential legal violations face important decisions about whether and how to inform the relevant authorities. May of 2016, to give a speech explaining that while it is critical to hold individuals accountable, DOJ’s “intensified focus on individuals from the inception of an investigation is not expected to result in a flurry of individual indictments overnight.” Certainly, however, the individual responsibility rhetoric coming from the highest echelons of DOJ leadership has continued unabated over the past year, including in a speech by William J. Baer on September 27, 2016. Baer is the Principal Deputy Associate Attorney General, making him the third-highest-ranking official in the DOJ. In his speech, Baer emphasized that DOJ’s focus on corporate executive culpability is at least as significant in the civil enforcement context as it is in criminal cases. Indeed, two recent DOJ civil settlements illustrate the potential for increased personal liability for those in the c-suite. TWO FALSE CLAIMS ACT SETTLEMENTS

On the same day that Baer gave his speech about the civil liability of

groups that they planned to perform surgical procedures in-office instead of at Tuomey’s hospital. In the face of losing this lucrative outpatient business, the CEO allegedly caused Tuomey to enter into contracts that required the physicians to refer their outpatient procedures to Tuomey. In exchange, Tuomey allegedly agreed to pay the physicians compensation far in excess of market value, including money received from Medicare. After a trial against the company, the jury determined that Tuomey’s arrangements violated federal law prohibiting hospitals from engaging in kickback schemes. Specifically, the jury found that Tuomey had filed more than 21,000 false claims with Medicare, resulting in a judgment against the company under the False Claims Act for $237.4 million. The DOJ later settled this judgment with the company for $72.4 million, but did not agree to forego proceeding against the CEO. This is consistent with the policies stated in the Yates Memorandum, which instructs DOJ attorneys that no settlement or resolution with a corporation will be allowed

today’s gener al counsel Dec/Jan 2017

Compliance

to provide protection for any individuals from criminal or civil liability, except in “extraordinary circumstances.” Not surprisingly, DOJ then turned its attention to Tuomey’s CEO, who ultimately agreed to pay $1 million to settle the claims against him personally. The CEO also agreed to a prohibition from participating in federal health care programs for four years. The NAHC case was based on allegations that the company’s CEO and senior vice president of reimbursement violated the False Claims Act by billing government health care programs for medically unnecessary rehabilitation therapy services. Not only did NAHC agree to pay $28.5 million, its CEO paid an additional $1 million, and its senior vice president paid $500,000.

The settlement, ominously, excluded any other individuals from the release of liability. Moreover, the company and both individuals agreed to cooperate fully with the DOJ in its continuing investigation of individuals and entities not released by the settlement. This echoes another key aspect of the Yates Memorandum, which requires corporations to provide the government with “all relevant facts about the individuals involved in the corporate misconduct” in order to be eligible for cooperation credit when resolving a matter. EFFECT ON INTERNAL INVESTIGATIONS

Although the Yates Memorandum may not have resulted – yet – in an appreciable increase in the number of actions

taken by DOJ against corporate executives, behind the scenes the impact of the memorandum has been felt by corporations confronting the necessity for internal investigation of alleged misconduct. In this context, the first policy set forth in the Yates Memorandum (re providing the government with “all relevant facts about the individuals involved in corporate misconduct”) is likely the most relevant to corporations and their counsel. Companies that learn of potential legal violations face important decisions about whether and how to alert and inform the relevant authorities. Even before the Yates Memorandum, existing policies of DOJ and the SEC, for example, would allow companies that self-report violations to receive

Dec/Jan 2017 today’s gener al counsel

Compliance

credit for cooperation when decisions are later made about whether and how to bring charges or to seek penalties and damages for those violations. Under the Yates Memorandum, however, a company will not receive any credit from DOJ unless it first “completely disclose(s) to the Department all relevant facts about individual misconduct.” This policy requires the company to “identify all individuals involved in or responsible for the misconduct at issue, regardless of their position, status or seniority, and provide to the Department all facts relating to that misconduct.” Indeed, Deputy Attorney General Yates was quite blunt about the new policy in a speech delivered the day after issuing her memorandum: “It’s all or nothing. No more picking and choosing what gets disclosed. No more partial credit for cooperation that doesn’t include information about individuals.” In light of this policy, corporate counsel confronting the need to conduct an internal investigation or to respond

counsel to consider these conflicts from the very beginning of an investigation and, where appropriate, consider independent counsel both for the company and for individuals. Indeed, recent guidance in DOJ speeches has served to bring lurking constitutional concerns into even sharper focus. In her May 2016 speech, Deputy Attorney General Yates tried to allay concerns that the DOJ’s new policies will require expensive investigations into every potential issue, explaining that investigations should be “tailored to the scope of the wrongdoing.” She also said that a company will not be disqualified from receiving cooperation credit “simply because it didn’t have all the facts lined up on the first day it began talking with us.” Yates’ explanation of DOJ’s expectations, however, raises the specter of turning the corporation into a “state actor,” i.e., effectively turning the corporation into an investigatory deputy of the government. If a corporation is deemed a state actor because the government is

The Yates Memorandum’s instruction pertaining to “cooperation credit” raises the potential for conflicts between the company’s counsel and the individuals being interviewed. to a government inquiry must be particularly cognizant of potential conflicts within the company. The first steps in an investigation often include interviewing key executives and employees who potentially possess relevant information. In the past, preliminary interviews might be conducted by in-house counsel, or the company’s regular outside counsel, to assess the scope of the issues and consider next steps. The Yates Memorandum’s instruction pertaining to “cooperation credit,” however, raises the potential for conflicts between the company’s counsel and the individuals being interviewed. It is critical for

directing the conduct of an internal investigation, for example, the Fifth Amendment right against self-incrimination or the Sixth Amendment right to counsel might be triggered by the corporation’s actions just as if the government itself were conducting the investigation. In this regard, in her May 2016 speech, Deputy Attorney General Yates declared that “we expect that cooperating companies will continue to turn over the information to the prosecutor as they receive it.” And while the “determination of the appropriate scope and how to proceed is always case specific ... if a company’s counsel has

questions regarding scope, they should do what many defense lawyers do now – contact the prosecutor directly and talk about it.” Yates noted that already, “based on reports on the ground, firms are doing just that.” Under the circumstances, corporate executives (and corporate counsel) should take no solace in observing that a wave of prosecutions has not occurred since the Yates Memorandum. The DOJ is actively following the directives set forth in the memorandum, and it is imperative that corporate executives and their counsel understand the potentially high-stakes ramifications of these directives in the day-to-day conduct of their business. ■

Howard Privette, a partner at Greenberg Gross LLP, represents U.S. and global clients in a wide range of complex business disputes, including trade secrets, privacy and cybersecurity, false claims act, whistleblower issues and notably in the area of shareholder and fiduciary duty litigation. hprivette@ggtriallaw.com

Wayne Gross, a partner at Greenberg Gross LLP, has served as lead counsel in cases involving the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Federal Trade Commission, the Federal Deposit Insurance Corporation, and the Food and Drug Administration, as well as class actions, cases alleging unfair business practices, and health care litigation. wgross@ggtriallaw.com

today’s gener al counsel Dec/Jan 2017

Compliance

EU-U.S. Privacy Shield continued from page 45

data protection authorities can raise complaints about a company directly with the U.S. government. HOW TO SELF-CERTIFY

Self-certification should begin with a review of the Principles to ensure that your company is able to comply. The self-certification process is voluntary, but once you self-certify you’re responsible for maintaining compliance with the Principles. Non-compliance may then be considered an unfair or deceptive trade practice under the FTC Act. Once your company decides to selfcertify, you must update your privacy policy in order to conform. The privacy policy should be written using language that is concise, easy to understand and addresses the Principles, as discussed above. The privacy policy must also link to the Department of Commerce Privacy Shield website and refer to

and it will notify you if any necessary information was omitted. If the Department of Commerce has all necessary information, self-certification is complete and you can make public your revised privacy policy. Remember that you must verify your compliance with the Principles and self-certify that compliance annually with the Department of Commerce. DECIDING WHETHER OR NOT TO SELF-CERTIFY

There are numerous considerations in deciding whether certifying under the Privacy Shield is the right step for your organization. They include: 1. What data do you transfer from the EU? The volume, frequency and importance of the data to your company, and whether the data falls within any special categories (such as HR data), are key factors. If the volume, frequency and importance of the data transferred is

that self-certify under the Privacy Shield must have their vendor agreements in compliance when they certify. 3. Do you transfer data only from the UK? When the UK exits from the EU and is no longer a party to the Privacy Shield, it will not be an adequate means for transferring data from the UK to the United States. If you anticipate continuing transfers from the UK beyond the next year or so, certification under the Privacy Shield can only be a short-term fix. 4. Do you have mechanisms for ensuring compliance with the Privacy Shield Principles? The Privacy Shield is clear that companies that certify under its provisions will be subject to increased enforcement and oversight mechanisms, and harsher penalties for non-compliance. Self-certification requires vigilance in ensuring that the promises made in the company privacy notice and the self-certification remain accurate. ■

Companies are required to address a complaint by a data subject within 45 days.

the independent recourse mechanism selected. If you choose a private sector entity as your dispute resolution mechanism, you may also be required to submit the privacy policy to that entity for approval. You should also disclose the internal or third party verification mechanism for ensuring on-going compliance. Additionally, you must designate an individual to act as the contact person for any questions, complaints or other issues related to your company’s compliance with the Privacy Shield. Once these steps are complete, you can complete the self-certification process on the Department of Commerce website (www.privacyshield.gov). The Department of Commerce will review the information you submit to ensure that you provided all required materials

high, then the cost and time required for binding corporate rules may be worth it. Companies engaged in one-time or infrequent transfer of data may be better off using standard contractual clauses or obtaining consent. Companies transferring HR information should also consider the additional requirements discussed above for the transfer of such information under the Privacy Shield. 2. How quickly can you bring vendor contracts into compliance with the Privacy Shield? The Privacy Shield imposes specific obligations with respect to vendor contracts and requires greater oversight of vendors than would otherwise be needed. Unless the Department of Commerce extends the grace period for bringing vendor agreements into compliance, companies

Karin McGinnis, a member of Moore & Van Allen, is a Certified Information Privacy Professional (CIPP US). She has handled a variety of privacy and data security matters for her clients, with a special emphasis on issues in the workplace. karinmcginnis@mvalaw.com

Suzanne Gainey is an associate at Moore & Van Allen, where she serves on both the Commercial & Technology Transactions and Privacy & Data Security teams. suzannegainey@mvalaw.com.

dec /jan 20 17 todayâ&#x20AC;&#x2122;s gener al counsel

work pl ace issues

Human Rights Issues in Tech Supply Chains By John Kloosterman and Michael congiu

ersonal electronics and similar technologies play an important role for most of us. Portions of this article were drafted on a laptop computer, with music playing in the background on a smartphone and a portable speaker. Other portions were drafted on a tablet device while traveling on an airplane that would be hard-pressed to fly without electronic avionic and guidance systems. Even if it had been

John Kloosterman 50

is a shareholder at Littler Mendelson and co-chair of the Business and Human Rights Practice Group. A member of the U.S. delegation to the International Labour Organization (ILO), he regularly counsels clients on international labor and employment issues, international labor standards, labor-management relations and complex litigation, including arbitration. jkloosterman@littler.com

Michael congiu is a shareholder at Littler Mendelson and co-chair of the Business and Human Rights Practice Group. He has a broad labor and employment litigation and counseling practice, which includes employee benefits litigation, international labor standards, and business and human rights litigation and counseling. mcongiu@littler.com

drafted with pen and paper, someone would have scanned and transcribed it using electronic devices. But where do the processors and other components at the heart of these devices come from? What are they made of? How are they assembled? Who assembles them? Our favorite tech devices are the product of supply chains made up of suppliers and workers in Africa, China, Southeast Asia, California and a host of other locations before reaching our pockets and desks. Those supply chains have come under increasing scrutiny

in the past several years, mostly over whether they utilize forced labor, including through human trafficking. There are many reasons for this increased attention. Among them: Media coverage of tragedies involving suppliers to U.S.-based companies (for example the Rana Plaza fire in Bangladesh in 2013); governmental and private-sector responses to Rana Plaza and similar tragedies; legislation, such as the California Supply Chains Act, the UK Modern Slavery Act and the Dodd-Frank Actâ&#x20AC;&#x2122;s conflict minerals provisions; and international quasi-legislative efforts

today’s gener al counsel dec /jan 20 17

from the International Labour Organization and other United Nations agencies, including the UN Global Compact. All of those have placed multi-national supply chains squarely in the crosshairs of a wide variety of regulators. MODERN SUPPLY CHAINS

A supply chain is simply a company’s suppliers, but because we call it a “chain” it is commonly thought to be linear, with each supplier being a link. In real life, however, most modern

Look to the California Supply Chains Act as a roadmap of things to do to keep tabs on your supply chain. supply chains more closely resemble a tangled heap of chain than a linear progression of links. That tangle is made up of a company’s suppliers, plus the suppliers’ suppliers, those second-level suppliers’ suppliers, and so on. The chain becomes snarled rather than linear because the end company often does not know who the suppliers of their suppliers’ are, and what practices they employ. The processors at the heart of our favorite mobile devices start out as minerals. Gold, cassiterite (tin), tungsten and coltan (tantalum) are all used in processors. Those minerals are mined mostly in Africa, with many coming from portions of the Democratic Republic of Congo that are controlled by militias that use mining operations to finance local conflicts. That’s why those minerals are called “conflict minerals.” The mining itself is often carried out by victims of forced labor, including children. Once extracted, the minerals pass through the hands of several trading houses and other middlemen, before being sold to an exporter who ships the minerals to a refinery, where they are

made into metal. Once they are refined into metal, tracing the source of the minerals is impossible. Before the refining, tracing the origin of the minerals is theoretically possible, but practically impossible because of the number of traders and exporters involved. The metals are sold to manufacturers that make a component and sell it to other manufacturers or assemblers, to be assembled into the finished smartphone. Much of the manufacturing and assembling takes place in China and Southeast Asia, in countries where forced labor and child labor problems reportedly exist. The processor in your smartphone passed through several dozen links in the supply chain on its journey from mineral to finished product. While the end manufacturer may know the final dozen or so suppliers, it may not understand where the minerals, metals and components are sourced. WHAT CAN COMPANIES DO ABOUT IT?

It’s good business to do your best to make sure there’s no forced labor in your supply chain – investors don’t want to invest in companies with forced labor issues and consumers don’t want their goods. Plaintiffs’ lawyers, on the other hand, think about ways to bring claims against companies that may have forced labor problems. Here are our recommendations to help avoid these issues:

Do not make grandiose statements in your Code of Conduct about your human rights practices, which encompass those of your suppliers, their suppliers, et al. It is likely that you will encounter a problem somewhere in that snarled chain. Similarly, do not adopt ILO standards or agree to follow voluntary international standards (like the UN Global Compact) unless you really understand what you are doing. Too many well-intentioned companies have agreed to abide by international standards of one type or another without knowing what they were agreeing to, and plaintiffs may be able to use those statements against you.

Look to the California Supply Chains Act as a roadmap of things to do to keep tabs on your supply chain. The Supply Chains Act is a very misunderstood piece of legislation, although it is the basis for the UK Modern Slavery Act and legislation pending in the EU. It is a “name and shame” law, requiring companies that fall within its ambit to report on their websites what, if anything, they are doing in these five areas: (1) Third-party verification of supply chains to evaluate the risk of forced labor and trafficking. (2) Conducting independent, unannounced audits of suppliers. (3) Requiring suppliers to certify that materials incorporated into the product comply with local laws on forced labor and human trafficking. (4) Maintaining internal accountability standards and procedures for employees and contractors regarding trafficking and forced labor. (5) Providing training on trafficking and forced labor issues to employees with responsibility for supply chain management. The Supply Chains Act doesn’t require companies to do any of these things. It just requires them to say what they are doing, if anything. Many companies do not understand this and think that the law mandates these things. We also have seen many companies that are subject to the Supply Chains Act try to require their suppliers to comply with it too. That’s pointless, as the law just requires a website posting, no more. However, you can and should use the law’s five substantive areas as a means to keep tabs on your supply chain and those of your suppliers. Companies that take action in these five areas should have a better understanding of where their supply chains might contain forced labor and be able to outline an action plan for dealing with it. If you want to tie suppliers to the Supply Chains Act, require them to tell you what they are doing regarding those five substantive areas so you can analyze each supplier’s impact on your operations. ■

dec /jan 20 17 today’s gener al counsel

T H E A N T I T R U S T L I T I G AT O R

IP Licensing and Antitrust: The DOJ/FTC Guidelines By Jeffery M. cross

I 52

ntellectual property drives innovations that are becoming common in our daily lives, including smart phones, self-driving cars, talking refrigerators, drones and robots. In this regard, the intellectual property behind these innovations has become increasingly valuable, and licensing is a way to unlock that value. Licensing, of course, can raise antitrust issues. Indeed, my practice has increasingly focused on the intersection of IP and the antitrust laws. It is not surprising then, that in August 2016 the Department of Justice and the Federal Trade Commission issued a proposed update of their jointly issued “Antitrust Guidelines for the Licensing of Intellectual Property” to replace guidelines last issued in 1995. In light of the importance of intellectual property and licensing to today’s economy, it is valuable to consider some of the ideas set forth in these guidelines. The guidelines follow three general principles: (1) the agencies will apply the same antitrust analysis as they would apply to conduct involving other forms

Jeffery cross, is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com.

of property, (2) the agencies do not presume that intellectual property provides its owner with monopoly power, and (3) most licensing of intellectual property is pro-competitive, and therefore the agencies will generally apply the Rule of Reason. In terms of the first principle, the agencies recognize that intellectual property law gives IP owners the right

to exclude others. However, the right to exclude is in many respects similar to the rights enjoyed by other forms of property. As with other forms of property, certain types of conduct with respect to intellectual property may be anticompetitive. At the same time, the agencies do recognize that intellectual property has important characteristics that

today’s gener al counsel dec /jan 20 17

distinguish it from other forms of property. One of the key characteristics identified in the guidelines is the ease of misappropriation. The agencies believe that such characteristics can be taken into account in the standard antitrust analysis. In the 1995 guidelines, the agencies took the position that intellectual property did not necessarily confer monopoly power on the holder of that property. More than eleven years later, the U.S. Supreme Court reached the same position, and the revised guidelines continue this view. The agencies recognize that there may be products that do not infringe the intellectual property, but accomplish the same thing. Consumers are able to substitute such other products in response to an

Consistent with this, the guidelines articulate a structured Rule of Reason that initially applies a type of market power screen – a form of “quick look” to exonerate – and then applies a stepwise analysis that considers whether there are plausible pro-competitive justifications for any restraints that are part of the license. The guidelines articulate the following approach: First, the agencies will consider whether the restraint is likely to have anti-competitive effects. If so, the agencies will proceed to a second step, determining whether the restraint is reasonably necessary to achieve procompetitive benefits. If the agencies find plausible benefits, then step three is to determine whether those benefits outweigh the anti-competitive effects.

In terms of the likelihood of a restraint having anti-competitive effects, the agencies will consider whether the restraint is horizontal, in that it is among companies that offer products or services that are substitutes, or among those that are vertical in that the restraint is among companies that offer complementary products or services. The guidelines note, however, that whether the relationship is horizontal or vertical does not by itself determine if there is likely an anti-competitive effect. Rather such identification is an aid in determining whether there may be such effects from the licensing arrangement. In contrast to the “quick look to exonerate” if there do not appear to be anti-competitive effects, the guidelines also employ a “quick look to condemn”

The agencies recognize that intellectual property has important characteristics that distinguish it from other forms of property.

attempt by the owner of the intellectual property to raise prices above competitive levels. The owner’s attempted price increase would be unprofitable and by definition it would not have monopoly power. As to the third principle, the agencies approach the licensing of intellectual property from the perspective that it generally will have pro-competitive benefits, and therefore the Rule of Reason is the default mode of analysis. The agencies’ framework for applying the Rule of Reason takes into account a recent trend in antitrust law, distancing it from a full Rule of Reason analysis in which the litigants present every possible supporting fact or theory irrespective of the minimal light it may shed on the basic antitrust question. Rather, this trend is to apply a more flexible approach, where the quality of proof required varies with the circumstances.

The guidelines note that if there is no efficiency-enhancing integration of economic activity with the license restraint, and the restraint is the type that is traditionally accorded per se treatment, the agencies will apply the per se rule. The guidelines note that the restraints that had been held per se unlawful are “naked” price-fixing, output restraints, and market divisions among horizontal competitors, as well as certain group boycotts. Note the guidelines’ use of the term “naked” to describe a licensing restraint. A “naked” restraint is a restraint without a plausible pro-competitive justification. The guidelines also apply a “quick look to exonerate.” They state that, if a restraint has no likely anti-competitive effects, the agencies will treat it as reasonable without elaborate analysis of market power or justifications.

if the restraint appears to be of a kind that always or almost always functions to reduce output or increase prices, and it is not reasonably related to efficiencies. If these conditions are met, the guidelines indicate that the agencies will likely challenge the restraint without elaborate analysis of particular industry circumstances. Although the guidelines reflect how the DOJ and the FTC will approach restraints in the licensing of intellectual property, they provide a valuable framework for the overall analysis of application of the anti-trust laws to this important aspect of today’s economy. ■

Consumer Agency Rule Would End Class Action Waivers

By Brian A. Berkley

he Consumer Financial Protection Bureau wants to eliminate class action waivers. After a years-long study of arbitration, on May 5, 2016 the CFPB announced a proposed rule designed to prohibit companies from using a pre-dispute arbitration agreement to block consumer class actions in court. This rule, if enacted, will affect most contracts relating to consumer financial products and services. The stakes are high. Backed by supporting Supreme Court precedent, companies have effectively used class action waivers in arbitration agreements to remove the risks associated with class action claims. Removing this protection will potentially expose companies to millions of dollars of costs and liability. As a result, the CFPBâ&#x20AC;&#x2122;s proposed rule has sparked a huge backlash. The CFPB has already received thousands of comments from the public, and the rule will certainly be challenged in court. Itâ&#x20AC;&#x2122;s likely to reach the Supreme Court, where there is a good chance it will not survive. In the meantime, uncertainty will persist. For companies looking to retain some control over the costs and risks associated with class action liability, two possible courses of action emerge. The first allows a company to provide consumers with the option to litigate class claims in arbitration, where,

today’s gener al counsel dec/jan 2017

theoretically at least, the cost of litigation should be cheaper than it would be in court. The CFPB specifically endorses this option. While this procedure does not remove class action liability altogether, it potentially reduces litigation costs. The second strategy is not supported by the CFPB, which makes it riskier, but the payout is larger. A company could provide consumers with the option to opt out of an arbitration clause that precludes class action claims. Thus, if a consumer did not opt-out but later brings a class action lawsuit, a company could compel arbitration and not only enjoy the potential costs savings available in arbitration, but remove the class action liability altogether. The courts generally find these clauses to be acceptable under state law unconscionability doctrine. The CFPB, however, contends its proposed rule also bans arbitration agreements with opt-out provisions. Countervailing federal law promoting arbitration will be a challenge for the CFPB. THE PROPOSED RULE The CFPB refers to class action waivers as “contract gotchas” that are typically used to prevent consumers from getting their day in court. Relying on a study it released in March of 2015, the CFPB argues that consumers rarely bring individual actions. According to the CFPB, class actions provide a more effective means of challenging problematic company practices, and its rule is designed to remove the contract gotchas. The CFPB’s proposed rule has three components. First, it will prevent companies from putting mandatory arbitration clauses that prevent class action lawsuits in new contracts. Second, it will require companies to explicitly state the clause cannot be used to stop consumers from being part of a class action in court. Third, companies with arbitration clauses must submit to the CFPB claims, awards and other related material as a way of permitting the CFPB to monitor consumer finance arbitrations. According to its press release, the CFPB notes the proposed rule will apply to “most consumer financial products and services that the CFPB oversees, including those related to the core consumer financial markets that involve lending money, storing money, and moving or exchanging money.” FEDERAL ARBITRATION ACT VS. CFPB Section 1028(b) of the Dodd-Frank Act authorizes the CFPB to issue regulations that would “prohibit or impose conditions or limitations on the use of an agreement between a covered

person and a consumer for a consumer financial product or service providing for arbitration of any future dispute between the parties” if doing so would be “in the public interest and for protection of consumers.” The CFPB argues this section authorizes its proposed rule. That, however, will be challenged. The CFPB’s rule runs headlong into the more than 90 year-old Federal Arbitration Act (FAA). Passed in 1925, the FAA embodies a federal “liberal policy favoring arbitration.” At the time of its passage, courts were hostile to arbitration agreements and often refused to enforce them. The purpose of the FAA is to put an end to such hostility and place arbitration agreements on equal footing with other kinds of agreements. Under the FAA, in recent years, starting with AT&T Mobility LLC v. Concepcion, the Supreme Court has upheld class action waivers in arbitration agreements. The Court has noted that to hold otherwise would permit the type of hostility to arbitration agreements that the FAA seeks to preclude. The Supreme Court has sided with class action waivers and the FAA even when doing so appeared to conflict with another federal statute. For instance, in American Express Co. v. Italian Colors Restaurant, the FAA appeared to conflict with the federal antitrust statutes. The issue before the Court was whether an arbitration clause precluding class action claims effectively barred an antitrust claim, because to prove an antitrust claim as an individual would be cost prohibitive. The court said no, noting that there was no contrary congressional command that required the Court to reject the waiver of class arbitration. The FAA’s protection of arbitration agreements, even agreements with class action waivers, was not in conflict with the antitrust statutes. According to the Court, the fact that you have the right to bring an antitrust claim does not entitle you to an affordable procedural path to enforcement. The CFPB will argue that, unlike the antitrust laws, Section 1028(b) specifically commands it to regulate arbitration agreements for the public interest, and thus embodies a contrary congressional command to the FAA’s protection of arbitration agreements with class action waivers. There is a lot of water that argument needs to hold. It would mean Congress intended to limit the FAA’s more than 90-year liberal federal policy promoting arbitration when it passed DoddFrank. The Supreme Court does not take lightly the suggestion that Congress in one statute sought to rewrite another, particularly when Congress continued on page 59

DEC/JAN 2017 TODAY’S GENER AL COUNSEL

Changing Rules for Foreign Arbitral Awards By Carrie A. Tendler and Michael A. Sanfilippo (No. 14 121), will likely impact the speed and ease with which holders of foreign arbitral awards can enforce them.

ounsel charged with prosecuting or defending against actions involving foreign arbitral awards should be aware of rapidly evolving rule changes that may eviscerate “streamlined” recognition procedure and define the contours of foreign arbitration recognition and enforcement law for years to come. Companies holding such awards face an increasingly unsettled situation, making it difficult to assess the potential time and cost involved in enforcement. This can inform decisions about settlement, budgeting, and the potential sale of an award. The Second Circuit is especially uncertain, as it is fielding a flurry of challenges to the rules governing the recognition and enforcement of such awards. Three important decisions, Mobil Cerro Negro Ltd. v. Bolivarian Republic of Venezuela (No. 15 707), Micula v. Government of Romania (No. 15 3109), and Harrison v. Republic of Sudan

MOBIL This case concerns a $1.6 billion International Centre for Settlement of Investment Disputes (ICSID) award to Mobil as compensation for Venezuela’s 2007 nationalization of Mobil assets in a heavy crude project in Venezuela’s Orinoco region. After obtaining the award, Mobil filed an ex parte petition in the U.S. District Court for the Southern District of New York, seeking recognition of the award pursuant to the New York Civil Practice Law and Rules (CPLR). Judge J. Paul Oetken signed the petition the same day, converting the award into an enforceable judgment. Mobil made this “streamlined” petition under the ICSID Convention, which provides for “mechanistic” recognition of awards by courts of the 150-plus contracting states. ICSID awards may not be challenged by national courts. It was designed to eliminate many hurdles facing award holders and to remove the discretion that courts might have under other regimes, such as the New York Convention. An ICSID award is accordingly entitled to the same “full faith and credit” as a final judgment of a U.S. state court. The Southern District of New York has recently held that because ICSID’s enabling statute does not specify how an award is to be recognized – as opposed to enforced, a distinct concept – state law “fills the gaps.”

today’s gener al counsel dec/jan 2017

In this case, state substantive law is CPLR Article 54, which permits creditors to file an ex parte petition to convert an award into a final judgment. A creditor must provide notice to the debtor within 30 days by mail and need not commence a plenary action or follow Foreign Sovereign Immunities Act (FSIA) conventions on service, personal jurisdiction, or venue. This significantly streamlines judgment recognition and can accelerate recovery by months or even years. Unsurprisingly, Venezuela objected to Mobil’s petition. Venezuela first struck out at the S.D.N.Y., where Judge Paul Engelmayer held that the CPLR applied. The court reasoned that “Congress, like the ICSID Convention that it was implementing, intended that ICSID awards be expeditiously recognized, free from substantive review” and that “the streamlined recognition procedure in CPLR Article 54 effectuates the policy interests underlying the ICSID enabling statute.” The opinion’s breadth anticipated a contentious appeal and signaled that the S.D.N.Y. was a preferred venue for such actions. Indeed, other federal courts, such as the District of Columbia, have largely proven less amenable to the ex parte approach. The parties argued before Second Circuit Judges Peter Hall, Susan Carney and Rosemary Pooler in January 2016. The panel appeared skeptical of the ex parte procedure, noting that the United States may not want such a rule applied reciprocally. After argument, the Second Circuit took the unusual step of asking the U.S. State Department to weigh in. In an amicus, U.S. Attorney Preet Bharara took Venezuela’s side, arguing that the FSIA provides “the sole basis for obtaining jurisdiction over a foreign state in our courts.” The State Department argued that, if ICSID’s enabling statute had a “gap,” the FSIA must fill it. But that is circular: (i) the FSIA applies unless there is an exception; (ii) the exception at issue, 28 U.S.C. ‘1604, which carves out pre existing treaties (like ICSID) from the FSIA’s reach applies state law to recognize awards; and (iii) state law is nonetheless the FSIA, because it provides the exclusive vehicle for actions against foreign sovereigns. That position falters when the FSIA’s carve out for preexisting treaties is taken into account. The State Department’s position likewise ignores the policy behind ICSID. Foreign sovereigns sign treaties or ratify arbitration agreements in order to promote trade within their borders. When a wronged investor obtains an arbitration award, the underlying conventions contemplate fast recognition and enforcement.

Moreover, as Judge Engelmayer recognized in his S.D.N.Y. opinion, Congress was familiar with the CPLR recognition procedure when it passed ICSID’s enabling statute. Applying the FSIA to recognition would bizarrely provide sovereigns more latitude than the New York Convention provides, which Congress specifically rejected when it joined ICSID.

ICSID permits award holders to combat this delay by allowing almost immediate discovery into the debtor’s assets.

As the S.D.N.Y. recognized, ruling otherwise would collapse the difference between “recognition” and “enforcement.” This is not a procedural or academic distinction. Judgment enforcement is essentially a zero sum game. Sovereigns, like all judgment debtors, often delay and impede award holders so that they settle for some percentage of the ultimate award. The “automatic” recognition provided by ICSID permits award holders to combat this delay by allowing almost immediate discovery into the debtor’s assets, which often involves penetrating obtuse asset protections schemes. Timely discovery is often the difference between recovering or not. The State Department’s argument that using the FSIA to recognize an ICSID award is “not an overly burdensome process” belies reality. Not only will an award holder need to meet the onerous FSIA service requirements, but it will also have to deal with any purported “defenses” a recalcitrant debtor may raise in the plenary action, contrary to the purpose of ICSID.

MICULA A similar issue is before the Second Circuit in Micula. In the 1990s, Swedish nationals Ioan and Viorel Micula invested in a business in Romania based on economic incentives Romania provided. When Romania ascended to the EU in 2005, the country revoked those incentives. In late 2013, the Miculas obtained an award from ICSID pursuant to a treaty between Romania and Sweden. The EU opposed the award as illegal pursuant to retroactively enacted EU bylaws. In the United States, Viorel filed a petition in the DDC seeking award recognition. The DDC deferred for more than a year, then denied it on

dec/jan 2017 today’s gener al counsel

Carrie A. Tendler

is a lawyer at Kobre & Kim. She focuses her practice in the area of international judgment enforcement and cross-border asset forfeiture and recovery. She also has extensive experience in complex commercial litigation, insolvency and debtorcreditor disputes, and deal, joint venture and partnership related matters. carrie.tendler@ kobrekim.com

Michael Sanfilippo is a lawyer at Kobre & Kim. He focuses his practice on international commercial engagements, including corporate, joint venture and partnership disputes, as well as financial services litigation. michael.sanfilippo@ kobrekim.com

grounds that a plenary action was required. context, because service was addressed to the Five days later, Ioan filed his own ex parte right person, the place was less relevant. As long petition in the S.D.N.Y. Judge Lorna Schofield as the complaint was directed to the minister granted the petition that day, relying heavof foreign affairs via the local embassy, not to ily on Mobil and brushing aside Romania’s the local embassy as an entity itself, the pleadforum shopping arguments by noting that the ing “could reasonably be expected to result in court “disagrees with the District of Columbia delivery to the intended person.” Court’s decision, which is not binding here.” Following the adverse ruling, Sudan sought a Romania appealed, arguing that the ex parte rehearing en banc. In an amicus for Sudan, the proceeding was invalid because the FSIA provides the exclusive path for Sovereigns, like all judgment debtors, such actions. The European Commission (EC) submitted an amicus arguing that the S.D.N.Y. was “juroften delay and impede award holders isprudentially imprudent” and “had no competence” to rule because the so that they settle for some percentage EC had asserted that the ruling was incompatible with EC rules. It furof the ultimate award. ther argued that comity and the act of state doctrine dictated abstention. The EC, like the U.S. State Department, ignored the ICSID convention and the policy judgments behind it, and focused State Department argued against the U.S. sailors instead entirely on its own interest that the underon behalf of a foreign government alleged to lying ICSID award not be enforced. have supported an attack on those sailors. The State Department’s position is especially puzHARRISON zling because it seems to be a real exercise in Harrison explores what would happen if the legal gymnastics. In contrast, as the panel noted, Second Circuit invalidates the ex parte proceembassies are “extensions of the foreign state” dure and arbitral award holders are forced to and should be amenable to service of pleadings. institute a plenary action pursuant to the FSIA. Moreover, there appears to be little risk that the In Harrison, victims of the year 2000 USS Cole foreign state will not actually receive notice if bombing in Yemen sought to enforce a $315 this method is adopted. Indeed, the State Departmillion judgment against Sudan related to its ment conceded that it often fields such suits but alleged role in the attack. “consistently rejects” service on U.S. overseas In a novel procedural move, the victims served embassies. It clearly receives notice and responds the complaint on Sudan’s minister of foreign to the potential litigant, so failure to abide by the affairs at Sudan’s embassy in the United States, subpoena is little more than abusing a loophole instead of at the ministry in Sudan. The court that the court should close, allowing the United found service proper and entered a default judgStates to effect service on the embassies of nations ment after Sudan failed to respond. The plainthat have taken deliberate steps to frustrate valid tiffs then sought to enforce the judgment in the lawsuits. The presence of the United States in that United States. Sudan objected on grounds that group should give it pause. service at its U.S. embassy did not comport with In the short term, litigants seeking to enforce the FSIA or the Vienna Convention. On appeal, such awards should stick to the S.D.N.Y. when Sudan argued that service at its U.S. embassy inpossible, given the hostility of other districts to fringed on its immunity “from the host’s civil and the ex parte recognition procedure. Of course, administrative jurisdiction,” and that Khartoum an adverse Second Circuit ruling may reset the (Sudan) was the only proper service location. calculus. Moreover, if the Second Circuit invaliA panel comprising Judges Denny Chin, dates service on a minister of foreign affairs via Gerard Lynch, and Edward Korman upheld the a domestic embassy, potential litigants should be ruling that service was proper, reasoning that, aware of the risks of such service and prepare to “if Congress had wanted to require that the follow the more onerous service requirements mailing be sent to the head of the ministry of laid out elsewhere in the FSIA. ■ foreign affairs in the foreign country, it could have said so.” The panel found that, in this

today’s gener al counsel dec/jan 2017

Class Action Waivers continued from page 55

does not expressly say so. The CFPB’s argument would also effectively gut the Court’s ruling in Italian Colors, which came after the passage of Dodd-Frank. Given the current trend of Supreme Court arbitration precedent, the CFPB’s proposed rule will have a difficult row to hoe. MITIGATING RISKS AND COSTS One thing companies can count on is that uncertainty will reign until the Supreme Court rules. In the meantime, there are at least two options that may allow companies to thread the needle between CFPB compliance and class action cost protection. The CFPB expressly permits the first option. In a report to the CFPB’s director from its Small Business Review Panel, the CFPB notes its proposal “would permit an arbitration agreement that allows for class arbitration, provided a consumer could not be forced to participate in class arbitration instead of class litigation.” Thus, a company’s arbitration agreements could offer the consumer the choice between litigating class action claims in court or in arbitration. If one believes that arbitration is more costfriendly than court, this option may reduce costs. Of course, the effectiveness of this option hinges on (1) arbitration actually delivering on its promise of being cheaper, which any practitioner will tell you is far from guaranteed, and (2) the consumer, in fact, choosing class arbitration. Note too that only costs associated with the litigation – not class action liability itself – may be reduced through this option. The second option is to include an opt-out provision in the arbitration agreement. This means a consumer can choose to opt out of individual arbitration and instead choose to litigate any claims in court. Under this option, unlike option one, if a consumer did not opt out of the arbitration clause, then the consumer could not bring class action claims at all. Thus, not only does the company possibly reduce the cost of litigation, but the company also could potentially reduce class action liability altogether, at least in those instances where the consumer bringing the claim did not choose to opt out of the arbitration clause. The courts have upheld this option in the employment context. Uber Technologies, Inc. has scored a series of victories this year against challenges to its class action waivers in agreements with its drivers. In its agreements, Uber

provides each driver the option to opt out of an arbitration clause that would otherwise prohibit the driver from bringing class action claims. The opt-out provision is conspicuous, Uber informs the driver of the legal consequences associated with choosing arbitration, and Uber makes clear the driver will not be adversely affected for not choosing to opt out. Federal courts throughout the country have upheld these agreements against claims of unconscionability, including in Maryland and Florida. Most recently, in September 2016, the Ninth Circuit ruled that Uber’s delegation clause – which required an arbitrator to determine the validity of the arbitration agreement – was not unconscionable because the arbitration agreement allowed the driver to opt out altogether. Under Ninth Circuit precedent and California state law, an arbitration agreement is not a contract of adhesion if it provides an opportunity to opt out. Because Uber provided such an opportunity, which other drivers had in fact successfully chosen, Uber’s arbitration agreement and its delegation clause survived scrutiny. Employment law and consumer protection law share the same concern – the imbalance of power between the employee or consumer and the company. The CFPB seeks to impose its proposed rule for the purpose of remedying this perceived imbalance. It wants to remove the “contract gotchas.” But, if an arbitration clause provides a consumer with a meaningful, well explained opt-out provision, then the CFPB’s proposed rule should not apply. The CFPB will certainly disagree with that. Indeed, in its report to Congress, the CFPB said that it studied the effectiveness of opt-out provisions and found the provisions did not adequately protect consumers. That argument will run headlong into the FAA and its promotion of arbitration. If faced with an opt-out arbitration agreement that, as a matter of law, is not considered a contract of adhesion, a court asked to square the CFPB’s authority under Dodd-Frank with the FAA will have a difficult time striking the opt-out arbitration agreement. Meanwhile, until the Supreme Court clarifies this issue, a company seeking to navigate this uncertainty should consider its options for mitigating its class action risk and costs. Class arbitration and opt-out provisions are two possible options. ■

Brian A. Berkley is counsel at Fox Rothschild LLP. He represents Fortune 500, midsize companies and startups in lawsuits involving software technology, health care, mortgage banking, commercial real estate and financial services. bberkley@ foxrothschild

Two Governance Studies Confirm Expanded Role for General Counsel BY MICHAEL W. PEREGRINE

he general counsel is well positioned to advise the board of directors with respect to major corporate governance developments that arose in the summer of 2016. Within the space of less than one month, two important commentaries on corporate governance were released by two different constituent groups. Both propose thoughtful suggestions on a wide variety of governance elements that are relevant not only to publicly traded corporations, but also to many privately held companies and sophisticated non-profits. The near simultaneous release of these two commentaries is noteworthy. It is indicative of the increasing level of discussion about corporate governance issues 15 years after Sarbanes-Oxley, and the enhanced concept of corporate responsibility that came with it. These commentaries present an opportunity for the general counsel to assist the board of directors, and possibly its governance committee, to consider the need for governance change and refinement. They also underscore the increasingly important role of the general counsel as primary

board advisor on corporate governance matters. The first commentary, released last July, is titled “Commonsense Principles of Corporate Governance.” It was prepared by a twelve-member consortium of leading corporate executives (from JP Morgan, Berkshire Hathaway, GE, GM and Verizon, among others), asset managers (e.g., from BlackRock, Vanguard Group and State Street) and one shareholder activist (ValueAct Capital Management). The second commentary, released in August, was the 2016 edition of the well-known “Governance Principles” series from the Business Roundtable (BRT), an association of CEOs of leading U.S. companies. The purpose of the BRT is “to promote sound public policy and a thriving U.S. economy. Its fundamental business model is to apply the capabilities of its chief executive officer members (through research and advocacy) to major economic and competition issues facing the nation. Each of these commentaries comes from a different context. On the one hand, BRT has long had a keen interest in corporate governance. Like

today’s gener al counsel dec/jan 2017

earlier editions, the 2016 release is detailed – almost 30 pages long – illustrated, and rendered in an easy to read format. The Commonsense Principles, on the other hand, is a one-off presentation styled as an open letter. It’s nine pages long, with no indication that the consortium that wrote it will gather in the future for additional commentary. These differences in style, detail and background notwithstanding, the commentaries share several common themes. First, they both reflect a fundamental concern with matters of shareholder responsibility and accountability, and the overarching need for governance to focus on longterm, sustainable value. Second, they cover many of the same basic topics (albeit with differing degrees of detail), such as board responsibilities, roles of key corporate actors, committee responsibilities, and other elemental governance concerns historically treated by the organization. These include board composition, individual director responsibilities, shareholder rights, public reporting, board leadership, management succession planning, and management compensation. Both commentaries offer several controversial/ progressive recommendations. For example, the Commonsense Principles promote the increased use of outside advisors and experts in making board education presentations; a pure, undiluted executive session practice; “unfettered” board access to the entire management team; and talent development practices that allow for direct board exposure to key company employees. They also encourage the board to act promptly to address situations where the company does not have “the appropriate CEO” (suggesting a much broader evaluation perspective than non-performance). While both commentaries contribute to the ongoing discourse on diversity standards, BRT goes “all in,” recommending that boards “develop a framework for identifying appropriately diverse candidates that allows the nominating/governance committee to consider women, minorities and others with diverse backgrounds as candidates for each open board seat.” Neither the Commonsense Principles nor the BRT Principles characterizes itself as representing “best practice,” per se. Neither presents itself as a one-size-fits-all or an absolute. Rather, they are intended as guides for developing the structures, practices and processes that are “appropriate” given the unique perspectives of individual corporations. And that’s where the general counsel comes in. These two sets of commentaries have implica-

tions for the board not only with respect to their individual substance, but also with respect to the changes they propose from current accepted practice and what their combined release suggests about the evolving state of corporate governance in America. These are implications that the general counsel is well equipped to address, given the GC’s roles as technical advisor, wise counselor and business partner to management. In other words, the release of these governance commentaries illustrates the breadth of areas in which today’s general counsel is well qualified to advise corporate leadership. The guidelines and recommendations set forth in the commentaries directly implicate legal matters relating to board structure and the exercise of fiduciary duties by board and committee members. These are matters that are traditionally addressed on behalf of the board by the general counsel. Indeed, since the enactment of Sarbanes-Oxley, governance committees have increasingly turned to the general counsel for advice on how board practices are affected by state and federal law and regulation, judicial decisions and principles of corporate responsibility. Of course, the general counsel can make no claim to being the exclusive staff advisor to the board and its governance committee. These constituencies greatly benefit from the thoughts and perspectives of a diverse set of experienced governance advisors. The general counsel can comfortably work as part of a team of advisors, supporting board and committee members on governance developments of the sort represented by these commentaries. Nonetheless, it should be clear that the general counsel should have an important seat at the table in these discussions, given how they directly relate to law and legal responsibilities. The recent release of two important corporate governance commentaries helps set an appropriate near-term agenda item for the board’s governance committee. The company’s general counsel, working in coordination with other advisors, is well positioned to advise the committee in this regard and can provide significant value in doing so. From a long term perspective, providing advice on these important governance developments can help confirm, in the mind of the board and senior leadership, the evolution of the general counsel’s role beyond technical advisor to also include wise counselor and management business partner. This will be particularly important as corporations confront new corporate responsibility concerns arising from increased government oversight and regulation. ■

Michael W. Peregrine, a partner in McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer/ director liability issues. mperegrine@mwe.com

dec/jan 2017 today’s gener al counsel

Survey: InSIde / OutSIde AttOrneyS Often nOt On the SAme PAge By Robert Hunter, Alfred Paliani and Tripp Haston

he International Association of Defense Counsel (IADC) recently released its 2016 Inside/Outside Counsel Relationship Survey. Like the inaugural 2015 survey, its purpose was to “better understand current trends in outsourcing legal services, and to gauge how in-house counsel and outside lawyers are getting along,” said John T. Lay, Jr., IADC President and a shareholder at Gallivan, White & Boyd, P.A. “The survey results demonstrate that both sides still require greater understanding and support in certain key areas.” The survey indicated major differences in how the two groups perceive some important relationship issues, including how much outsourcing has increased and the relative performances of both in-house counsel and outside lawyers. Both groups expressed major concerns in the areas of billing, budgets and communications. However, both groups did agree on the traits that are most valuable in their working relationships, and regarding what they do best and worst.

Robert D. Hunter is a former president of the International Association of Defense Counsel. He is currently senior vice-president and general counsel of Altec Inc. rob.hunter@altec.com

mOre wOrk tO fewer fIrmS Survey results indicate that companies are consolidating more work with a smaller number of law firms. “That’s a trend that is having a significant impact on our industry,” said Andrew Kopon, Jr., IADC president-elect and a founding member of Kopon Airdo, LLC. Sixty-one percent of inside counsel surveyed reported increases in the amount of work they outsourced to law firms over the past year, while only 39 percent of outside counsel reported increased work over the same time period. Additionally, more than half of inside counsel stated that they expect continued increases in the amount of work they contract out to law firms. Some in-house departments have launched

programs specifically to reduce the number of law firms they use. Others are not expressly planning to reduce the number of law firm partners they have in place, but clearly prefer law firms that can demonstrate that they really understand a company’s business. As legal work becomes more concentrated, it will be increasingly important for outside counsel to fully understand their clients’ business models and operations to remain competitive. These results indicate that corporate legal departments are looking for law firms that can mesh with existing in-house attorneys and invest in their client relationship. It’s clear that law firms can help develop an ongoing partnership with clients by understanding their objectives and communicating clearly throughout the case management process. PerCePtIOnS At OddS The 2016 survey reveals that inside and outside lawyers are out-of-sync when it comes to perceptions of their effectiveness. Respondents were asked to rate themselves and their counterparts on a variety of metrics, including responsiveness, expertise and ability to collaborate. The results showed inside counsel rate their outside counsel significantly lower in almost all categories than outside lawyers rate themselves. Outside counsel, in turn, rate inside counsel significantly lower in every category than inside counsel rate themselves. For example, 57 percent of in-house respondents gave themselves high marks for implementing reasonable staffing limitations, while only 28 percent of outside counsel gave their in-house colleagues the same ratings. On the flip side, 72 percent of outside counsel rated themselves highly for providing clear, detailed

today’s gener al counsel dec/jan 2017

invoices, while only 50 percent of inside attorneys would give that rating. AREAS OF AGREEMENT Notwithstanding disparities in their mutually perceived effectiveness, the respondents largely agreed on what they did well. Inside and outside counsel agreed that law firm attorneys were able to collaborate effectively within the in-house departments’ organizational structures. They also agreed outside lawyers contributed helpful expertise. Both groups thought in-house attorneys’ best traits were their responsiveness to questions, feedback and authorization requests. They also agreed that outside counsel are worst at providing timely and realistic budgets, and offering discounted fees or alternative fees when requested. The most negative ratings and comments from survey respondents centered on billing and budgets. Both groups’ primary complaints centered on aspects of billing and compensation. In-house also had low ratings from outside counsel for metrics on staffing restrictions and reasonable market billing rates. Survey respondents’ comments reflected that divide. For example, an outside counsel respondent suggested that in-house counsel should “eliminate budget requirements when a case is new and remove absurd billing guidelines.” On the other hand, an in-house attorney complained that outside counsel “put multiple partners on the same matter; exceed budgets; do not offer fee arrangements that are linked to value.” These issues reflect a new reality in the legal profession. The recession has made in-house legal departments more cost-conscious. Finding creative ways to keep costs predictable with less day-to-day monitoring from inside lawyers is a priority. In-house lawyers will continue to seek firms that constantly look for new efficiencies and manage their services well. The comments section of the survey revealed that both groups shared concerns about communication, though they center on different aspects of it. A law firm attorney criticized legal departments’ upfront communication, stating that they did not communicate “regularly and clearly on what the objectives are and the methods to be used for achieving those objectives.” In-house attorneys complained about communications during a matter, noting that law firm attorneys did not return phone calls and emails quickly, failed to inform the in-house teams about case changes and developments, and would take steps “without first securing clearance from the legal department.”

Another kind of reported communication problem is failure to deliver timely constructive criticism. That leads each side to believe it is meeting expectations and to persist in unhelpful practices. The issues cited in the survey comments could likely be resolved with a little more time invested early. The dissatisfactions expressed seem to be mostly a byproduct of ineffectiveness in setting objectives and expectations. At the outset of a matter or client relationship, in-house counsel and law firm attorneys should take the time to develop clear performance expectations, guidelines and objectives. Both groups should put in the work required to identify case management and case objective questions, so they can raise those issues early. In-house counsel need to be knowledgeable about their company and well-versed in its functions. They should take the time to make sure outside counsel understand the structure and procedures of the company. They should also provide contacts and processes for obtaining information. Outside attorneys need to take the time to develop a deep understanding of their client’s business, and to deliver accurate risk assessments, a detailed budget and thorough reporting of what documents and information will be needed. Making decisions or setting expectations without involving the other side creates some of the gaps in understanding revealed in the survey. Planned periodic exchanges of feedback throughout a case and open communication on what each side needs are essential elements of successful working relationships. Performance evaluations should be ongoing throughout a matter, not just a single event after resolution. WHAT BOTH GROUPS VALUE The 2016 survey results were quite similar to those in 2015, suggesting certain problems are not going away. However, despite some conflicting perceptions and ongoing issues, the comments section of the survey also revealed widespread accord on what both groups value. Good communication, responsiveness, and clear project direction and objectives were cited by both as the primary elements of a good working relationship. That these elements are considered important across the board is not surprising, and it bodes well for resolving the issues that the survey points up. Both sides are looking for similar things and value the same qualities. To resolve the gaps in perception and understanding, in-house and outside lawyers just need to find ways to better implement shared values in day-to-day working relationships. ■

Alfred R. Paliani is a former board member of the International Association of Defense Counsel. He is general counsel of Quality King Distributors, Inc. and its affiliated corporate group. fpaliani@qkd.com

Fred “Tripp” Haston is a partner at Bradley Arant Boult Cummings and co-chair of the firm’s Life Sciences Industry Team. He is a former president of the International Association of Defense Counsel. thaston@bradley.com

dec /jan 20 17 today’s gener al counsel

B A C K PA G E F R O N T B U R N E R

Data Breach Litigation Wave in 2017

By Kenneth n. rashbaum

famous scenes in the movie “Jaws,” the shark of the title pops its head up way too close to a small fishing boat, flashes an inestimable number of huge teeth, then swims by the boat, revealing all 25 feet and two tons of shark. Police chief Martin Brody, played by Roy Scheider, turns and deadpans, “You’re gonna need a bigger boat.” As a result of the exponential increase in digital data that will occur in 2017 from e-commerce personal communication, including social media, and increasing attacks on those communications, those who sail the digital seas are certainly going to need a much larger boat, in order to avoid being swamped by the following categories of claims: In one of the most

Federal Trade Commission Proceedings: The FTC has been very active in the privacy and security areas, and it recently indicated that it would proceed under its Section 5 authority against enterprises that do not accurately indicate to consumers how they use protected information, such as healthcare data. The Third Circuit upheld the FTC’s authority to bring law suits related to cybersecurity representations in the Wyndham Worldwide Corp. case, in 2015. Look for many more complaint proceedings and even litigation by the FTC.

Kenneth n. rashbaum is a partner at Barton LLP. He advises multinational corporations and healthcare organizations in the areas of privacy, cybersecurity and e-discovery. He is an Adjunct Professor of Law at Fordham University School of Law and was formerly a member of the Adjunct Faculty at the Maurice A. Deane School of Law at Hofstra University. krashbaum@bartonesq.com

Litigation Over Mergers or Acquisitions Undone by Undisclosed Cyber Breaches: The recent Yahoo data breach, said to involve over 500,000,000 accounts, took place well before the negotiations for the acquisition by Verizon began. Did Yahoo appropriately reveal the breach in response to due diligence questions? Did Verizon ask the right questions? Issues such as these will be at the heart of claims over a deal unwound because of a data breach. Defense of Trade Secrets Act: This statute, passed in 2016, gave employers a new federal cause of action against employees who take or send company data in certain categories without authorization (by email, text, social media, or otherwise). There are nuances Those who sail to the potential claims and a number of defenses. the digital seas There is little case law on this new cause of action, are going to but that will change as the statute is tested in litigation. need a much Cyber Risk Insurance Coverage Litigation: larger boat. Cyber risk coverage is a relatively new product, and there is no standardization in policy terms or language. As one might expect with an increase in claims, denials or rescissions of coverage are up. Courts across the country have issued inconsistent decisions on notice, consequences of inaccurate security representations made in the insurance applications, covered events and covered entities, “spoofing” attack coverage (on which the 8th Circuit ruled in Bank of Bellingham v. Bancnsure, in May 2016), and scope of exclusions (demonstrated most clearly in the case of P.F. Chang’s v. Federal Insurance Co. case, also in May 2016). Look for more such disputes in 2017, as the maturation process of cyber risk insurance continues. Many firms are supplementing their cybersecurity practices in anticipation of the cyber litigation wave cresting higher in 2016. They are wisely, as Wayne Gretzky famously said, skating to where the puck will be, not where it is. ■

LOOK NO FURTHER.

THE AAA® JUDICIAL PANEL The AAA has a long-established Judicial Panel capable of efficiently handling even the most complex and contentious arbitrations and mediations. Composed of over 300 former State, Federal Magistrate, and Appellate judges throughout the United States, the AAA’s Judicial Panel can provide the legal knowledge, process skills and decisiveness to move your case expeditiously through the process; resolving your conflict while controlling cost. When your client’s dispute calls for the expertise only a former judge can provide, trust the American Arbitration Association®.

adr.org/judicial

| +1.800.778.7879