Today's General Counsel, V14 N5, Fall 2017 by Today's General Counsel

FALL 2017 VOLUME 1 4 / NUMBER 5 TODAYSGENER ALCOUNSEL.COM

The Well-Managed Workplace Security Measures for Employee-Owned Devices The EEOC Under Trump Managing Extremism in the Workplace Avoiding Workplace Sex Discrimination • • • • •

AI For IP AI For In-House Workflow Cybersecurity for SEC Regulated Companies E-Discovery Q&A Conducting Privileged Internal Investigations $199 Subscription rate per year ISSN: 2326-5000

View our digital edition: digital.todaysgeneralcounsel.com

ediscovery & review case study

When costs increase, an experienced partner makes you stronger. A large hospital system faced a Hart-Scott-Rodino (HSR) Second Request related to a major acquisition. Accelerated timeframes and large data volumes threatened to spiral costs out of control. Consilio was quickly engaged to provide end-to-end eDiscovery and Document Review capabilities. By employing Consilio’s Immediate Case Assessment (ICA™) and analytics capabilities, project teams removed 93% revie uncovered “hot” of the documents prior to review, documents to aid in reviewer training and devised a defensible search strategy based on a comprehensive search term analysis. With over 6 million pages produced before the deadline, Consilio’s tight integration between project management and outside counsel and deployment of advanced analytics saved the client up to $2.5 million in estimated costs. Read the full case and explore how Consilio can make your organization stronger at www.consilio.com.

EDISCOVERY CONSULTING & SERVICES DOCUMENT REVIEW LAW DEPARTMENT MANAGEMENT INFORMATION GOVERNANCE

Action, meet results. Too many law firms mistake activity for action. As they churn away on unnecessary tasks, your matters drag on. At Barnes & Thornburg, we are focused on keeping things moving and helping your business grow. Delivering results you can count on.

Uncommon Value

ATLANTA

CHICAGO

DALLAS

DELAWARE

INDIANA

LOS ANGELES btlaw.com

MICHIGAN

MINNEAPOLIS

OHIO WASHINGTON, D.C.

fall 20 17 toDay’s gEnEr al counsEl

Editor’s Desk

The pioneering ride-share company Uber has been in the news for so many transgressions recently that a Wall Street Journal article revealing that it is being investigated for Foreign Corrupt Practices Act violations went virtually unnoticed. Too bad, because many law departments would find Uber’s problems instructive. Uber’s profile — a small company that grew and began doing cross-border business — is one shared by many enterprises. It is also the kind of company most at risk for running afoul of the FCPA. In this issue of Today’s General Counsel, Sarah Walters and Katrina Rogachevsky discuss a pilot program the DOJ is offering to incentivize self-reporting of potential FCPA violations, and suggest some best practices for companies that want to take advantage of that opportunity. There are upsides and downsides, they caution, and it’s smart to keep legal defenses in mind even when taking steps to avoid appearing in court. Craig Smith discusses a cross-border risk of another kind — customs searches of attorneys’ electronic devices that can reveal confidential client information. He offers tips, including two-step authentication, for protecting your devices when those searches occur. Todd Presnell has some advice about maintaining the attorney-client privilege when an internal investigation is undertaken by in-house legal staff. Not every whistleblower complaint or government subpoena requires retention of outside counsel, but if you choose to conduct an internal inquiry, then be careful to protect the results from discovery in any subsequent litigation. Artificial Intelligence can boost the efficiency of legal departments considerably, according to Erik Severinghaus, but employing AI solutions is a costly and time-consuming process that will require full buy-in from senior executives. Once in

place, an internal culture that is receptive to AI needs to be established, so for all its advantages, legal departments will find making use of this new technology challenging. Rob Davey discusses how AI is already transforming trademark research, but its success serves to underline the continuing necessity for human expertise. Trademark specialists can rest easy, though. Bots won’t be replacing them any time soon. They’ll just be making their work faster and more accurate.

Bob Nienhouse, Editor-In-Chief

bnienhouse@TodaysGC.com

fall 2017 today’s gener al counsel

Features

Lessons from a Pr Disaster

ConDuCting PriviLegeD internaL investigations

using DigitaL tooLs in Litigation

ai Can maximize in-House effiCienCy

Cost ComParison for finanCing Litigation

using CLouD teCHnoLogy in m&a Due DiLigenCe

tHe Power of aCCountabiLity to aCHieve Diversity anD inCLusion

enforCing unenforCeabLe ContraCt Provisions in bankruPtCy

Mark Irion A nonpology won’t cut it.

Todd Presnell Request and direct the investigation.

Joshua S. Reisberg Deposing in the cloud.

Erik Severinghaus It’s expensive and takes a culture change, but may be worth it.

Aviva Will It might solve some bookkeeping problems.

Josh Kirk Working in a virtual data room.

Christopher A. Pickett Client pressure works.

Amir Gamliel and Sara Chenetz The debtor benefits.

C o lu m n s

workPLaCe issues the eeoC under trump

tHe antitrust Litigator restraints Justified to Prevent free riding

baCk Page front burner seC is serious about Cybersecurity Compliance

Barry A. Hartstein Title VII LGBT coverage will vigorously be debated.

Jeffery M. Cross They can’t simply restrain competition.

Jeffrey Taft, Matthew Rossi, and Amy Ward Pershkow A risk alert has been issued.

EXPERIENCE A DIFFERENT CONFERENCE

COLLABORATE ON THE LATEST CYBER DETECTION AND DEFENSE WITH PEERS AND THOUGHT LEADERS

UPCOMING IN 2018

DATA PRIVACY AND CYBERSECURIT Y FORUM SAN FRANCISCO MARCH

BOSTON APRIL

NEW YORK MAY

WASHINGTON, D.C. NOVEMBER

DALLAS NOVEMBER

LOS ANGELES DECEMBER

“The Exchange” Event Series is a think-tank of interactive brainstorming in an all-inclusive discussion format, outside the traditional panel presentation with PowerPoint. REGISTER TODAY SPECIAL RATES AVAILABLE THROUGH FEBRUARY 2018

USE CODE MAG2018

T O D AY S G E N E R A L C O U N S E L . C O M / I N S T I T U T E @TodaysGC

fall 2017 toDay’s gener al counsel

Departments Editor’s Desk

Executive Summaries

Page 16

L abor & EmpLoymEnt

16 Drafting BYOD Policies Christopher Cox and John Stratford Don’t let the benefits blind you to the risks.

18 A Global Look at Managing Extremism in the Workplace Robbin Hutton Balancing tolerance with providing a safe workplace.

22 “Sex” in Title VII Chris Meyers Either/or doesn’t work any more.

E-DiscovEry

cybErsEcurit y

compLiancE

24 Managing Corporate Data in the Era of Mobil Tech and the Internet of Things

28 Protecting Client Data When Traveling

32 Self-Reporting FCPA Violations

Craig R. Smith Border searches of electronic devices are common.

Sarah Walters Don’t forget it could backfire.

Jeff Kerr How an asset can quickly become a liability.

26 Q&A on E-Discovery Peter Ostrega Information governance is discretionary, litigation isn’t.

intELLEc tuaL propErt y

30 Combine AI and Human Expertise for Effective Trademarking Rob Davey Bots are faster but they aren’t smarter.

IdentIfy and MItIgate RIsk

CollaboRate on key CoMplIanCe stRategIes

upcoming in 2018

CoMplIanCe & ethICs housTon april

washInGTon, d.C. may

ChICaGo october

“The Exchange” Event Series is a think-tank of interactive brainstorming in an all-inclusive discussion format, outside the traditional panel presentation with powerpoint. RegIsteR today speCIal Rates avaIlable thRough febRuaRy 2018

use Code Mag2018

T o d ay s G e n e r a l C o u n s e l . C o m / I n s T I T u T e @TodaysGC

Editor-in-ChiEf Robert Nienhouse Managing Editor David Rubenstein

ExECutivE Editor Bruce Rubenstein

sEnior Editor Barbara Camm

ChiEf opErating offiCEr Amy L. Ceisel viCE prEsidEnt, EvEnts today’s gEnEral CounsEl institutE Jennifer Coniglio dirECtor, ConfErEnCEs & BusinEss dEvElopMEnt Jennifer McGovern-Alonzo

svp, Managing Editor of EvEnts today’s gEnEral CounsEl institutE Neil Signore

aCCount ExECutivE Frank Wolson

dataBasE ManagEr Matt Tortora

law firM BusinEss dEvElopMEnt ManagEr Scott Ziegler

digital Editor Catherine Lindsey Nienhouse

art dirECtion & photo illustration MPower Ideation, LLC ContriButing Editors and writErs

Sara Chenetz Chris Cox Jeffery Cross Rob Davey Amir Gamliel Barry Hartstein Robbin Hutton Mark Irion Jeff Kerr Josh Kirk Christopher Meyers Peter Ostrega

Amy Ward Pershkow Christopher A. Pickett Todd Presnell Joshua Resiberg Katrina Rogachevsky Matthew Rossi Erik Severinghaus Craig Smith John Stratford Jeffrey Taft Sarah Walters Aviva Will

suBsCription Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

Editorial advisory Board Dennis Block GREEnBERG TRAuRIG, llP

rEprints

Ron Myrick ROnAlD MyRICK & CO, llC

Thomas Brunner

Joel Henning

WIlEy REIn

JOEl HEnnInG & ASSOCIATES

Robert Profusek

JACKSOn lEWIS

Sheila Hollis

Art Rosenbloom

Mark A. Carter

DuAnE MORRIS

CHARlES RIvER ASSOCIATES

Peter Bulmer

DInSMORE & SHOHl

James Christie BlAKE CASSElS & GRAyDOn

Adam Cohen FTI COnSulTInG

Jeffery Cross FREEBORn & PETERS

Thomas Frederick WInSTOn & STRAWn

Jamie Gorelick WIlMERHAlE

Robert Haig KEllEy DRyE & WARREn

For reprint requests, email jkaletha@mossbergco.com Jill Kaletha, Foster Printing at Mossberg & Co

Dale Heist BAKER HOSTETlER

Jean Hanson FRIED FRAnK

Robert Heim DECHERT

David Katz

JOnES DAy

WACHTEll, lIPTOn, ROSEn & KATz

George Ruttinger

Steven Kittrell

Jonathan S. Sack

MCGuIREWOODS

MORvIllO, ABRAMOWITz, GRAnD, IASOn & AnEllO, P.C.

nikiforos latrou WEIRFOulDS

Jerome libin EvERSHEDS SuTHERlAnD

Timothy Malloy Mc AnDREWS, HElD & MAllOy

Jean McCreary nIxOn PEABODy

Steven Molo MOlOlAMKEn

Thurston Moore

CROWEll & MORInG

victor Schwartz SHOOK, HARDy & BACOn

Jonathan Schiller BOIES, SCHIllER & FlExnER

Robert Townsend CRAvATH, SWAInE & MOORE

Robert zahler PIllSBuRy WInTHROP SHAW PITTMAn

HunTOn & WIllIAMS

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published six times per year by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2017 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.

Go In-Depth Into e-DIscovery anD emerGInG technoloGy challenGes

navIGate evolvInG technoloGIes whIle DevelopInG new strateGIes In preventInG, DetectInG anD mItIGatInG rIsk.

upcoming in 2018

e-DIscovery anD emerGInG technoloGIes ChICaGo june

new york july

san FranCIsCo september

los anGeles december

“The Exchange” Event Series is a think-tank of interactive brainstorming in an all-inclusive discussion format, outside the traditional panel presentation with powerpoint. reGIster toDay specIal rates avaIlable throuGh February 2018

use coDe maG2018

T o d ay s G e n e r a l C o u n s e l . C o m / I n s T I T u T e @TodaysGC

fall 2017 today’S gEnEr al counSEl

Executive Summaries L abor and EmpLoymEnt paGE 16

paGE 18

paGE 22

Drafting BYOD Policies

A Global Look at Managing Extremism in the Workplace

“Sex” In Title VII

By Christopher Cox and John Stratford Weil, Gotshal & Manges

Bring Your Own Device (BYOD) is ubiquitous in many industries, but allowing employees to retain confidential company information on personal devices poses a number of risks. Exposure resulting from a leak of information on an employeeowned device can be catastrophic, and allowing employees to use personal devices for business purposes leads to expanded discovery obligations in litigation. Implement a written policy and require employees to accept it in writing before they are allowed to connect personal devices to the company network or engage in business communications on their personal device. The policy should be accompanied by appropriate training, and regularly updated. The policy should provide that the device’s password application must be enabled; the device should be required to lock automatically if an incorrect password is input too many times; and employees should be required to change their passwords every 60 or 90 days. The policy should prohibit employees from sharing their devices or allowing company accounts to be accessed by anyone other than the employee. Basic security requirements should be addressed. Mobile device management programs are becoming increasingly sophisticated, and are an effective first line of defense; but where potential for human error exists, a properly drafted policy can serve to further reduce risk. Whatever the approach, organizations should carefully consider the implications of BYOD — the benefits as well as the risks — before jumping into implementation. An appropriate written policy is an essential step in that process.

By Robbin Hutton FordHarrison LLP

Recent acts of terrorism in the name of religion in France, England and other countries, along with demonstrations and protests across the United States by extremist groups, have created management challenges for employers around the globe. Issues arise when employees with extremist views bring those views to the workplace, creating polarization among employees. Concerns can also arise when employees express their views outside the workplace, especially when the conduct is publicized. In managing the repercussions of extremist behavior by employees, a primary concern is ensuring the safety of the workplace. The common obligation to provide a safe work environment does not require employers to manage workplace extremist behavior, whether religious or otherwise. Employers manage workplace safety in a number of ways, including background screening at the time of hire, monitoring during employment, and establishing internal policies and procedures regarding acceptable workplace behavior. The methodology is usually defined or restricted by legal requirements, which vary in different countries. The author describes problems and rules unique to various countries, including the U.S., France, Belgium, Mexico, Chile and Argentina. The most significant way an employer can protect its workforce from extremism is by implementing strong internal policies that clearly define workplace expectations. However, since there is not a definitive or clear definition of extremist behavior, employers globally must try to balance the competing interests of keeping the workplace safe and respecting the varying religious and/or political views held among their employees.

By Chris Meyers Snell & Wilmer LLP

Gender norms are rapidly breaking down. As millennials join the workforce, they bring changed attitudes with them. Ironically, the law that governs the changes those attitudes mandate originated back in 1964. Title VII is a piece of the landmark Johnson-era legislation intended to eradicate discrimination in the workplace. It is one of several laws enforced and interpreted by the Equal Employment Opportunity Commission (EEOC). In response to growing public support for the LGBTQ community, the EEOC has adopted a broad definition of the word “sex” under Title VII. The EEOC’s federal cases have emboldened the agency. Indeed, the EEOC is not bashful about its priority enforcement toward LGBTQ sex discrimination complaints. However, federal courts remain hesitant to recognize LGBTQ-based claims, and courts reaching the issue are more willing to find that transgender discrimination is cognizable, as opposed to sexual-orientation-based claims. So far, only the Sixth and Eleventh Circuit Courts of Appeal (sitting on three-judge panels) and an array of district courts have recognized transgender-based Title VII claims. The author has some advice for employers contemplating a defensible policy concerning LGBTQ workers. They have little leverage on the bathroom issue, he says. LGBTQ employees must be permitted to choose which bathrooms they use. Prepare gender-neutral dress codes. Create an atmosphere conducive to welcoming and respecting diversity and the LGBTQ community. If your workforce understands that harassment or other misconduct is not tolerated, then the risks associated with Title VII sex-based claims diminishes rapidly.

today’s gener al counsel fall 2017

Executive Summaries e-Discovery

cybersecurit y

Page 24

Page 26

Page 28

Managing Corporate Data in the Era of Mobile Tech and the Internet of Things

Q&A on E-Discovery

Protecting Client Data When Traveling

Peter Ostrega Consilio LLC

By Jeff Kerr CaseFleet

The increase in data has serious legal implications for American businesses in the areas of data security, e-discovery and recordkeeping. Without good data management, enterprise data can become a liability. At any time, a business’s data could be spread across thousands of devices. Keeping tabs on this data, managing and finding it can be an enormous challenge. Nonetheless, cloud computing and mobile devices are popular because they drive productivity and are often superior to other alternatives. One lawyer recommends that businesses have a policy of not allowing corporate data on employee-owned devices. To control where data is stored, one option he recommends is so-called “thin” or “zero” client deployment of employer computer systems. With this model, he says, “employees use devices with little to no local storage, and those devices simply connect to a remote server that hosts the operating system, applications and data.” In advance of litigation, businesses should choose software with an eye to needs that will likely arise during litigation. Ask vendors during the purchasing process how data can be locked down in the event of a legal hold, and how it can be collected during e-discovery. Businesses need to actively manage the data they create and retain, and their plans and procedures need to be informed by legal requirements. Counsel who understand both the legal and the technical sides of this issue are best positioned to help a business meet these challenges.

The increased use of technology in the workplace has added to the complexity of e-discovery. Relevant, discoverable information may be on a computer, on a mobile device or in the cloud. Identifying, finding and preserving all of that information has made e-discovery significantly more complex. Mobile device companies are innovating at breakneck pace. Significant changes to operating systems are commonplace. New e-discovery tools are constantly being developed and tested to deal with these technologies. Technology tools and their adoption has become much greater, particularly in the last two years. At the same time, the volume of data that companies are creating on annual basis continues to skyrocket, so innovation and the size of the problem are competing with one another. Failing to manage and destroy unneeded data can lead to overwhelming e-discovery costs if a future discovery request puts that date range in the scope of discovery. We are seeing fewer massive-scale human document reviews than before. In particular, “TAR2.0,” or categorization-based review workflows are lowering the barrier to entry for integrating Technology Assisted Review (TAR) into the process. Companies need to manage their data archives. One thing to weigh is budgeting. Litigation is non-discretionary spending, while information governance and records retention are generally discretionary. Sometimes these discrete budgets lead companies to make penny wise, pound foolish, long-term decisions.

By Craig R. Smith Lando & Anastasi, LLP

Critical data should never be stored solely on mobile devices. It must be stored at a secure location so that the loss of a device does not mean the complete loss of data. Concerns regarding protection of client data when traveling have been amplified in the past year by an increase in electronic device searches at the U.S. border. Customs agents have been given broad discretion to search electronic devices at the border, even without any reason for suspicion. Attorneys have an obligation to strenuously resist providing border agents access to protected client information. Turn off electronic equipment before reaching customs and ensure that all devices are password protected and encrypted. Two-step authentication makes it more difficult to unlock mobile devices and accounts. If a device can be unlocked using a fingerprint or facial recognition, as is the case with the new Apple iPhone, then these access points should be shut off. It is unclear whether border agents can require travelers to use their finger or face to unlock a device. Traveling at home and abroad with nearly unlimited access to client data is a boon for attorneys’ productivity. The downside is that it increases the risk that client information can be lost, compromised or searched without the attorney’s permission. Attorneys are wise to prepare for each trip with an eye to protecting client data, especially when traveling internationally and crossing the U.S. border.

fall 2017 today’S gEnEr al counSEl

Executive Summaries intellec tual ProPert y

comPliance

features

Page 30

Page 32

Page 38

Combine AI and Human Expertise for Effective Trademarking

Self-Reporting FCPA Violations

Message-Managing in a Crisis: Lessons from a PR Disaster

By Sarah Walters and Katrina Rogachevsky McDermott Will & Emery

By Rob Davey CompuMark

AI offers important advantages for trademark research. Properly implemented, it can be used to automate complex cognitive tasks and increase the effectiveness of search and watch results, while also improving speed and efficiency. Considering how advanced AI-enabled solutions are, it could be fairly simple, theoretically, for them to take the place of human analysts, but relying solely on technology will always lead to issues down the road. Instead, AI technological systems must complement trademark experts rather than replacing them. Various trademark specialists have been using AI technology as part of their solutions for more than two decades, but only a few have been able to successfully combine it with valuable human knowledge to deliver the best possible results. No matter how sophisticated an AI-enabled technology might be, it is of no use without accurate and reliable data behind it. This is always best delivered by a dedicated team of quality analysts whose work involves reviewing hundreds of trademark records daily and finding the kind of critical error that could be missed by an online searching tool. Technology has a huge role to play within trademarking, helping to cull down massive amounts of information and displaying it in new and intuitive ways that weren’t possible before. This allows human experts to quickly make important decisions with an unprecedented level of accuracy. By bringing both humans and technology together, trademarking will continue to evolve and become more efficient.

In April 2016, the Fraud Section of the U.S. Department of Justice’s Criminal Division introduced a Foreign Corrupt Practice Act (FCPA) pilot program, which was intended to be a one-year experiment to incentivize self-disclosure of potential FCPA violations. It has recently been extended. A look back at how the program was implemented provides valuable lessons for companies confronted with possible violations and the opportunity to develop best practices for responding. The DOJ wanted the pilot program to work and — during the first year, in particular — was highly motivated to reward self-disclosures by declining prosecution. Between April 2016 and July 2017, nine companies reached resolutions for selfdisclosed conduct; seven of these received declinations. This represents a significant increase from the previous year when the DOJ issued only two declinations. The two companies that self-disclosed under the pilot program but did not receive declinations received significant discounts of 30 percent and 50 percent off the low end of the sentencing guidelines’ fine range. Self-disclosure must be seriously considered. The benefits are real, but making such a disclosure is a frightening proposition. It means inviting a government investigation; and to make it even more complicated, these critical decisions must be made at the outset of the investigation. Even where there has been self-disclosure, full cooperation and remediation, every defense should be explored and raised, as there is still an opportunity to fight. When it comes to FCPA enforcement, there are many gray areas, leaving plenty of room to debate.

By Mark Irion Hogan Lovells LLP

Corporations and other large organizations are smart to establish their own virtual “Situation Room” response teams, who swing into action following an unwelcome event. United Airlines’ crisis response to the spectacle of their bloodied passenger, Dr. David Dao, being dragged off its April 9 Flight, offers the perfect example of why a “Situation Room” approach is necessary. United did a great deal right several days into the crisis, but the first 24 hours of decisions and communication determine how successfully an organization weathers a crisis. Three days after the incident, United CEO Oscar Munoz went on national television to express “shame” and pledged that the episode will never happen again. United would receive an A plus if this were the message Munoz gave immediately following the event, but it did not emerge until three days later, when marketing and PR teams had not only joined the battle, but were becoming the dominant influence on the CEO’s thinking. On day one, United’s legal team seems to have gone out of its way to assure that there was no admission of wrongdoing without any understanding of the business risks this approach imposed. The first statement was a “nonpology.” It took the form but lacked the substance of an apology, and compounded United’s problem. Corporate leaders improve their companies’ odds in a crisis by giving PR, lawyers, HR and the business leaders all seats at the table when a crisis occurs.

er internal issue necessitates the instructions described above and, importantly, ide investigation counsel. When return any investigation results to the in-house mines to keep the investigation legal department. (Delivering investigation results l department must ensure that it to business units may influence a court to find estigation in a privileged manner. that the investigation was for business, non-legal concern for a company conpurposes.) nvestigation is that a court will The D.C. Circuit Court of Appeals 2014 undertook the investigation for decision in Kellogg, Brown & Root, Inc., for rather than for securing legal example, supports this approach. A KBR emsome government regulations ployee brought a False Claims Act case alleging PAGE 40investigaPAGE 44payment es to conduct internal that the company submitted fraudulent in complaints arise, and many claims to the Department of Defense. KBR’s Privileged Using the Digital tain internalConducting operating policies Code ofInternal Business Conduct required com- Tools in Litigation quire an automatic investigation pany to investigate, and KBR’s Byin-house Joshua counsel S. Reisberg Investigations event occurs. These investigaled an investigation that included non-lawyers Axinn, Veltrop & Harkrider LLP Todd oriented, Presnell s sound quiteBy business conducting employee interviews. Even though a Bradley d a court to reject any argument KBR business policy required the investigation, y conducted the investigation and non-lawyers conducted most of it, the court reasons. found the resulting report privileged because

gal

tigation delegated

Investigator Conduct investigation

Executive Summaries 45 PAGE 48

AI Can Maximize In-house Efficiency By Erik Severinghaus SpringCM

legal

Return investigation

KBR’s legal department initiated and managed it. nsel must therefore take careful author describes a technologically a whistleIn Johnson v. Ford Motor The Company, a West ent a court’sIn-house proclivity attorneys for find- receiving enabled deposition he took, in which he blower complaint, inquiry Virginia federal court similarly protected as erated investigations. Initially, government sat behind ainto command station of comorthe other alertinvesmust decide whether andinternal investigation privileged Ford’s may conduct internal puter displaysatplugged into his MacBook how to conduct investiga“sudden-acceleration” claims. Following ves or delegate to others. If the an internal which was loaded with a deposition If they choose in-house, leastit one lawsuitthey and a storyPro, in the Wall Street conducts thetion. investigation, then to do outline, the expert’s thousands of pages must communicamanage many complex issuesOffice to of General Journal, Ford’s Counsel initinate her employee of reports and appendices, and every ensure thatprovide the investigation its results but delegated ated anand investigation, the entire ged and confidential,” document that the expert relied upon or remain protected discovery into subseons to interviewees that they frominvestigation the company’s Automotive considered in support of his opinions in quent litigation. The legal advice compoSafety Office, a non-legal department. se their communications without the case.a Ford innentwarnings is especially for in-house rovide Upjohn wheretroublesome To support the privilege assertion, Typically, lawyers taking depositions lawyers. Courts in-house housethat lawyer (who met the heightened standard eliver any investigation resultsrecognize come to the conference room table with lawyers communicate explained about business-res decision makers. above) submitted an affidavit detailing

lated, as well as legal, issues, and will not assume that a communication involves legal issues simply because an in-house lawyer is present. The legal advice presumption afforded outside counsel may persuade the in-house lawyer to retain a law firm to conduct the investigation. But not every whistleblower complaint or government subpoena necessitates the retention of outside investigation counsel. When a company determines to keep the investigation in-house, its legal department must ensure that it conducts the investigation in a privileged manner. If delegating the investigation to nonlawyers, prepare a memorandum that emphasizes that the investigation is confidential and for legal advice purposes. Instruct and train non-lawyer investigators on how to conduct privileged interviews. Another consideration is whether the privilege protects communications between in-house lawyers or their designees who interview consultants or third-party contractors during an investigation. Although not addressed in every jurisdiction, the privilege should cover these communications under the functional-equivalent doctrine, which holds that the privilege applies to thirdparty communications if the third party was acting as the functional equivalent of an employee.

TODAY’S GENER AL COUNSEL FALL 2017

a printed, static outline. However, when a deposition involves complex, interwoven subject matter, the traditional deposition outline can be more of an encumbrance than a tool, even when supported by common organizational elements such as tables of contents. Effective use of digital tools is a matter that should be important to both lawyer and client. Myriad tools, specifically geared towards organizing and implementing information in a litigation, are available on both Mac and Windows® platforms. These tools include, for example, Casemap® and Summation®; but more generally applicable apps like DEVONthink Pro Office and OmniOutliner Pro can also be fashioned for litigation use. Clients, in-house counsel and case managers should recognize that it is important not only to understand the analysis undertaken by outside attorneys in developing a litigation narrative but also the means by which that analysis will be implemented during a litigation. Those responsible for retaining and overseeing outside counsel should gain an understanding of how counsel intends to deliver a better, cheaper product through the use of digital tools.

Artificial intelligence (AI) has the potential to significantly bolster the efficiency of in-house legal departments. Key developments are emerging that will reshape how work is dispersed among inside counsel. One key development is “ROSS,” an outgrowth of IBM’s proprietary supercomputer, Watson. ROSS is an interaction-based resource which is able to conduct legal research and generate responses to queries with proper citations. What sets ROSS apart from a basic document- retrieval tool is that it is designed to provide authoritative recommendations based on information it researches and synthesizes. AI has the potential to significantly shorten the due diligence process by providing legal departments with intelligence to consolidate and expedite reviews. Getting AI solutions up and running will require significant time and resources, needing the full backing of the C-Suite. Without an internal culture that is knowledgeable about AI and receptive to its introduction, legal departments will find AI challenging. Therefore, as internal legal leaders approach the prospect of introducing AI internally, they must also work to build cultural awareness about what its adoption means for employees. Moving forward, we will see AIdriven solutions paving the road for more efficient inside counsel operations. Freed from repetitive and minute tasks, inside counsel will have more latitude to focus on difficult cases and high-level organizational issues. These positive changes will become apparent in the next five years, when the application of AI within legal departments evolves from its infancy into a mainstream reality.

FALL 2017 TODAY’S GENER AL COUNSEL

Executive Summaries FEATURES

PAGE 52

PAGE 54

PAGE 58

Cost Comparison for Financing Litigation

Using Cloud Technology in M&A Due Diligence

The Power of Accountability to Achieve Diversity and Inclusion

By Aviva Will Burford Capital LLC

By Josh Kirk Opus 2 Forum

By Christopher A. Pickett Greensfelder, Hemker & Gale

Litigation finance is used by corporations and law firms to pursue litigation, to move cost and risk off balance sheets, and to leverage the captive value of pending litigation to unlock working capital for the business. The use of litigation finance by law firms quadrupled from 2013 to 2016, but most lawyers and their clients have never used it, possibly because they haven’t compared the cost of paying for legal fees and expenses out-of-pocket versus financing those matters with a third party. A pending litigation claim is, practically speaking, a “receivable,” albeit a contingent one. From an accounting perspective, when a company is owed money by someone, it almost always creates a balance sheet asset — a receivable. Money spent to collect that receivable is often added to its asset value, or “capitalized.” Litigation does not follow these accounting rules. As a company pursues litigation, the money it spends is immediately expensed, flowing through the P&L and reducing operating profits. Moreover, those expenses do not create a balance sheet asset. There are many ways clients and their firms can use litigation finance, for example, to de-risk judgments on appeal or to unlock working capital for the business by monetizing pending individual high-value claims or portfolios of plaintiff and defense matters. Once clients appreciate that external financing addresses several of the pain points associated with litigation, the decision to use legal finance becomes attractive.

The rapid pace of M&A increases the pressure on due diligence teams to verify information provided by the seller, arrive at a plausible assessment of value, evaluate the business opportunities presented by integration and identify risks. It is becoming clear that due diligence teams need better tools. This is where a virtual data room (VDR) can make a significant difference. A well-designed VDR will tighten security and allow parties to exert control over sensitive information. A VDR platform must have tools that allow administrators to designate tiers of access by individual user or user type. These distinctions should be easily configurable and automatically implemented, as should controls over who may download or print documents. Designated system administrators from the buyer and seller teams should also have the capacity to monitor all activity within the VDR. A good VDR can also allow users on both the buyer and the seller sides to set up secure virtual “meeting rooms” within a separate software layer where authorized team members can engage in frank and private discussion of key documents or issues, and create detailed annotation threads. As the M&A due diligence process adapts to more and bigger deals in a global environment, buyers need to provide their due diligence teams with better tools to assess the logic that is driving transactions and uncover areas of risk. A well-designed virtual data room can produce a more complete understanding of the proposed deal and its long-range implications.

Large law firms are the least diverse sector of the legal industry. Diverse teams have been shown to outperform those that are homogeneous, but law firms consistently fail to implement policies or practices that promote it. Law firms, unlike large companies, are not held accountable by shareholders, board members and the public. Legal departments are now beginning to hold law firms accountable for their lack of diversity, and it’s that accountability and pressure that may ultimately have a positive impact. Some companies have begun reducing fees if law firms did not meet certain diversity metrics, others offer fee bonuses if firms meet certain diversity metrics. These are excellent first steps, but there are additional steps companies can take. Require that for new work credit, allocation will not be focused entirely on the lawyer responsible for the first engagement, but will also include lawyers working on the file. Require that an attorney of color or a woman not only works on a file, but also is included on communications with the client. Identify attorneys of color or female attorneys and offer them secundments to increase their visibility within the company and enlarge their role within the firm. If the legal industry is going to see real positive change, accountability must be driven by the clients. If companies identify real goals, ask real questions, and seek real change, law firms and the legal industry will finally change for the better.

TODAY’S GENER AL COUNSEL FALL 2017

Executive Summaries PAGE 60

Enforcing Unenforceable Contract Provisions in Bankruptcy By Amir Gamliel and Sara Chenetz Perkins Coie LLC

Contracts routinely include antiassignment and ipso facto provisions, which are typically unenforceable in bankruptcy cases. Such provisions restrict contracting parties from transferring their obligations and rights under the agreement to a third party without obtaining permission. They are known as “anti-assignment clauses.” They also permit termination due to the bankruptcy, financial condition or insolvency of a party — known as “ipso facto clauses.” Personal service contracts are not assignable without consent. Bankruptcy Code also prohibits the assignment of contracts without consent if other applicable law specifically provides that the identity of a contracting party is crucial to the contract, or when public safety is at issue. Certain contracts are not assignable in bankruptcy, even if the other party to the contract consents. These include loans, debt financing or other “financial accommodations.” Ipso facto clauses, which provide, for example, that a contract terminates upon bankruptcy filing by a party, are typically unenforceable. They will be enforced in non-assignable contracts to make loans or other financial accommodations or issue securities. Ipso facto clauses contained in forward and commodity contracts are enforceable, provided that various preconditions are satisfied, among them that the contract fits the Bankruptcy Code’s definition of a forward or commodity contract. It is typically the debtor in bankruptcy that benefits from the unenforceability of some of its contractual provisions. Entities doing business with other entities in financial distress may want to incorporate contractual terms that closely align with the applicable exceptions.

DAILY NEWSLETTER The daily newsletter is a terrific advertising vehicle to reach 35,000 corporate subscribers. With a high open rate, the newsletter is unmatched as a marketing vehicle within the corporate counsel community.

SUBSCRIBE NOW

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

fall 2017 today’s gener al counsel

Labor & Employment

Drafting BYOD Policies By Christopher Cox and John Stratford

bring your own device (BYOD) is ubiquitous in many industries. According to Crowd Research Partners’ BYOD & Mobile Security 2016 Spotlight Report, 40 percent of respondents reported that BYOD was available to all employees at their companies, while 32 percent reported that BYOD was available to at least some employees and only 13 percent reported no BYOD at their company.

The benefits of BYOD can be many: increased productivity, greater employee satisfaction, cost savings, flexibility and potentially greater control of informal practices that may be going on whether the employer allows it or not. But as in-house attorneys are aware, allowing employees to retain confidential company information on personal devices increases a company’s points of exposure and poses a number of risks,

including if the device is lost, stolen, or hacked, or if non-employee thirdparties are allowed access. From a legal liability standpoint, a company’s exposure resulting from a leak of information on an employeeowned device can be catastrophic: Trade secrets may end up in the hands of hackers or competitors. The company may be exposed to statutory notification requirements, penalties,

today’s gener al counsel fall 2017

Labor & Employment FTC investigation and severe harm to its reputation if sensitive information about individuals is compromised. Additionally, in respect to litigation, allowing employees to use personal devices for business purposes leads to expanded discovery obligations. Employers may also be held responsible for failure to sufficiently preserve information where employee-owned devices containing business communications, including text messages, are lost or unavailable. For example, in Christou v. Beatport LLC, plaintiffs were allowed to introduce evidence at trial that defendants had failed to preserve text messages subject to a litigation hold when the CEO lost a personal device. In trade secret cases, subpar security measures may present an inviting target for defendants to argue that information was not subject to reasonable efforts by the employer to maintain secrecy. While employers may recognize the inherent security risks, many have suboptimal BYOD policies in place, or no BYOD policy at all. With an effectively drafted BYOD policy, allowing employees to use their personal devices can be an opportunity for increased awareness and security, instead of something that keeps the general counsel up at night. Allowing BYOD carries certain risks that cannot be avoided. Consider the benefits of permitting BYOD — which may include mobility, increased productivity and employee satisfaction, or cost savings — and weigh them carefully against the need to protect confidential and sensitive information. If the benefits do not outweigh the risks, foregoing BYOD and providing employer-owned devices may be the best solution. IMPLEMENT A WRITTEN POLICY

If the organization decides to move forward with BYOD, an important threshold requirement is to implement a written BYOD policy, and require employees to accept it in writing before being allowed to connect personal devices to the company network or engage in business communications on their personal device. Whether the policy is distributed as a standalone or

as part of an employee handbook or on-boarding packet, a written acknowledgment of receipt of the policy, and agreement to comply with it, is essential. The policy should be accompanied by appropriate training and guidance, and regularly updated and re-circulated as necessary. The contents of a BYOD policy must be drafted with the organization’s particular needs and situation in mind, including its size, security posture and goals in implementing BYOD. Nevertheless, some guideposts can help steer a

Finally, from a hardware perspective, employers should consider creating a list of approved devices to fence in the universe of hardware, operating systems and potential security issues that must be considered. Basic security requirements should be addressed in the BYOD policy. Mobile device management programs are becoming increasingly sophisticated, and are an effective first line of defense; but where potential for human error exists, a properly drafted policy can serve to further reduce risk. While more or less robust

Consider creating a list of approved devices to fence in the universe of hardware, operating systems and potential security issues that must be considered. BYOD policy toward increased security and reduced risk. Employers may consider limiting the scope of the BYOD program in a number of ways. Many organizations implement BYOD for select employees only, to reduce points of exposure for a company’s sensitive data. Some firms prohibit BYOD for the highest-level employees who regularly deal in the company’s most sensitive information, but in some businesses the reverse is true. Very low-level or temporary employees are considered inappropriate candidates for BYOD because they have less incentive to maintain security. Organizations may also place limits on the types of data that are accessible. For example, placing particularly sensitive information outside the scope of BYOD access, or limiting BYOD to email only, may be useful. Scope is dependent on individual businesses, but it is always a consideration. If sensitive information is accessible from employee-owned devices, consider segregating or “sandboxing” such data in an environment that is technically separate from, and more secure than, the remainder of the employee-owned device.

measures may be appropriate depending on the sensitivity of the information accessible on the employee device, the measures below should be viewed as a baseline. STRONG PASSWORDS, SHARING PROHIBITIONS

The policy should provide that the device’s password application must be enabled at all times, and should specify that the device must lock after a certain reasonable time of inactivity and require the user to enter the password again to regain access. The device should also be required to lock automatically if an incorrect password is input too many times. There should be a strong password requirement, for example, at least six characters, containing a combination of upper- and lower-case letters, numbers, and symbols. Employees should also be required to change their device passwords every 60 or 90 days. The policy should prohibit employees from sharing their devices or allowing company accounts to be accessed by anyone other than the employee. This continued on page 21

fall 2017 today’s gener al counsel

Labor & Employment

A Global Look at Managing Extremism in the Workplace By Robbin Hutton

ecent acts of terrorism in the name of religion in France, the United Kingdom and other countries, along with demonstrations and protests across the United States by extremist groups, have created management challenges for employers around the globe. Issues arise when employees with extremist views bring those views to the workplace, creating polarization among employees and sometimes causing disputes, disruptions and other unwanted conduct. Concerns can also arise when employees express their views outside the workplace, especially when the conduct is publicized or memorialized by commercial or social media. In managing the repercussions of extremist behavior by employees, a primary concern is ensuring the safety of the workplace, followed by protection of employees from harassment or discrimination because of religious beliefs or other protected rights. Allowing employees to hold differing religious or political views must be balanced with the obligation to provide a safe work environment. For employers, this competing obligation creates the greatest challenge. One problem with regard to religious extremism is lack of agreement about its definition. In general, it is defined as an ideology that violates common moral standards. Many types of behavior can reach a point deemed extremist, whether religious or political. The United States and a number of other countries, such as Chile,

Argentina, France, Mexico, Denmark, Belgium and the United Kingdom, prohibit religious discrimination in the workplace and protect the right of employees to express religious beliefs. Employers in such jurisdictions must manage workplace demonstrations of extreme beliefs in a way that does not infringe on these protections.

treat employees differently due to their religious beliefs; and if a conflict arises between a religious practice and a workplace policy, the employer must try to accommodate the employee’s religious practice. In the UK, these rights are protected under the Equality Act 2010, with the expectation that employer practices can be adapted to accommodate employees’ beliefs. Denmark and Belgium do not explicitly require and currently do not impose a legal obligation to accommodate an employee’s religious beliefs. However, in Denmark an obligation to accommodate religious and political views may be created in some situations. ENSURING WORKPLACE SAFETY

In the United States, employees are protected by Title VII of the Civil Rights Act of 1964, which prohibits religious discrimination in the workplace with regard to any employment decision. Both federal and state laws prohibit employers from taking any employment action based upon an employee’s religious views. Employers may not

The common obligation to provide a safe work environment requires employers to manage workplace extremist behavior, whether religious or otherwise. Employers manage workplace safety in a number of ways, including background screening at the time of hire, monitoring during employment, and establishing internal policies and procedures regarding acceptable workplace behavior. The methodology is usually defined or restricted by legal requirements, which vary in different countries. An employer in France has a safety obligation that is generally considered as a “result obligation,” meaning that merely following the applicable regulations to provide a safe work environment is not sufficient to preclude

today’s gener al counsel fall 2017

Labor & Employment employer liability. If the employer had or should have had knowledge of the risk encountered by an employee and did not take the necessary measures to prevent that risk, it is liable. Thus, an employer should be particularly cautious on behalf of employees who are vulnerable and who travel to high risk locations. However, an employer in France is not allowed to ask for certain information regarding the applicant’s private life — such as family situation, health, pregnancy, religious or political convictions, or judicial records — unless the job characteristics would allow for it (i.e., handling money). In France there is a strict boundary between private and professional life, meaning that as a general rule, facts arising from an employee’s private life may not be used as grounds for discipline or termination, although there are exceptions. For instance, if the employee’s personal behavior causes an objective

In the UK, similar to France, an employer must conduct risk assessments to identify and minimize, as far as practicable, the health and safety risks employees face at work. For employees traveling for work abroad, preventative and protective measures may include such considerations as vaccinations, security guards, insurance and emergency contingency plans. Employers in the UK are permitted to conduct background checks and monitor employees’ behavior; but these activities are highly regulated, particularly by the Data Protection Act (1998). Any monitoring must be consistent with a provision that addresses the right to have private and family life respected. The interception of communications is also subject to regulations. In the United States, the Occupational Safety and Health Act (OSHA) sets forth the general duty of U.S. employers to provide a safe work environ-

business interest, such as providing a safe workplace, and would not run afoul of protections against religious discrimination. Employers in Chile, much like those in the United States, have the right to establish what are called their “Internal Rules of Order, Hygiene and Safety,” which must contain regulations to protect the lives and health of their employees. These include rules to provide security at work, an environment of respect, and protective measures for employees traveling for work abroad. These rules can also include employee obligations and prohibitions that will help employers as they face potentially problematic employee behaviors or expressions. Nevertheless, to dismiss an employee for extremist behavior, it would be necessary to determine if any provisions in the Labor Code are applicable. Chile permits background checks and monitoring of employee behavior during work, but it should be regulated in the Internal Rules. In the United States, if a conflict arises between a religious Monitoring outside work is generally practice and a workplace policy, the employer must try to forbidden. Argentina has accommodate the employee’s religious practice. been formed largely through immigration and through harm to the employer, then the employer ment. One method for accomplishing integration of different religions. Argenis entitled to take appropriate measures. this is background screening, permissible tine law recognizes freedom of faith, However, courts interpret this excepby federal and many state laws, as long including political and philosophical tion narrowly. Although the principle of as inquiries or information regarding beliefs; but it does not allow employsecularism exists in the French constitureligion is not factored into the hiring ees to become activists regarding their tion, it applies only in the public sector. decision. Another method of ensuring beliefs and faiths while at work. As in In the private sector, any restriction on a safe work environment is monitoring most countries, employers in Argentina employee rights to show visible signs of employees’ workplace activities. Alhave an obligation to provide employreligion at work must be justified. though an employer must provide notice ees a safe environment and are liable In Belgium, employers have a duty of its intent to conduct monitoring (such for any damage suffered at work. Due to make certain that employees can as computer and internet usage, and to privacy laws, the employer cannot work in safe conditions. That includes GPS activity), such monitoring can be conduct background checks. However, the duty to analyze potential risks and useful in determining if there is a posby providing a “no expectation of prirespond appropriately. Belgium does sible threat to the organization. vacy” notice, Argentine employers may not regulate background screening and A company’s most useful tool for conduct workplace monitoring, which monitoring of employees, but neither managing extremist behavior of any can include screening of emails sent is allowed without satisfying a number kind, however, is a clearly defined set of and received through the company’s of provisions, such as those addressing workplace rules that establishes a “nocorporate email address. recruitment and selection (CBA nr.38), tolerance” policy for serious conduct Although Brazil has not faced relithe data protection and antidiscriminaissues. A violation of the rules would gious extremism, there has been conflict tion rules, and a provision regarding allow a company to make an employin the political arena. With regard to e-monitoring (CBA nr. 81). ment decision based upon a legitimate that issue, companies in Brazil have the

FALL 2017 TODAY’S GENER AL COUNSEL

Labor & Employment capacity and the duty to look after their employees’ welfare in the workplace. Accordingly, Brazilian employers have the right to monitor the workplace by CCTV and company vehicles by GPS; to monitor the use of e-mail and internet; and the right to apply disciplinary actions for non-professional activity during work hours. This includes the duty to secure the protection of vulnerable

case of security guards) or unless it is justifiable by extraordinary need of trust (e.g., daycare). The company may screen public information, including social media; but it cannot make professional decisions based on matters of strictly private interest, such as political activity or religious activity. In Mexico, employers are responsible for keeping a safe environment during

The most significant way an employer can protect its workforce from extremism is by implementing strong internal policies that clearly define workplace expectations. However, since there is not a definitive or clear definition of extremist behavior, employers globally must try to balance the competing interests of keeping the workplace safe and respecting the varying religious and/or political views held among their employees. ■

Denmark and Belgium do not explicitly require and currently do not impose a legal obligation to accommodate an employee’s religious beliefs.

individuals and to refrain from exposing employees to risks, such as not sending them to conflict areas or to rescue them if a conflict arises. (For example, in Brazil mail carriers and delivery personnel do not serve areas notoriously affected by severe crime.) However, in Brazil a constitutional right to privacy prevents the employer from screening an employee’s background or monitoring behavior when the employee is off duty. Recently, the Superior Labor Court ruled out criminal background checks unless there is specific legal permission (e.g., in the

working hours. This means employers may implement security measures and monitoring that aims to detect and prevent extremism and violent acts in the workplace in order to secure the rights, property and safety of employees. For example, employers may consider surveillance cameras within the workplace, as well as monitoring employees’ communications. In order to implement these measures, Mexican employers should issue a privacy notice, explaining how personal data will be processed and informing employees about workplace surveillance and monitoring practices.

Robbin Hutton is a partner in the U.S. law firm FordHarrison LLP, which is a member of the international employment law alliance Ius Laboris. She handles employment matters in state and federal courts and before administrative boards and state agencies. She also trains and counsels clients regarding employment policies and conducts work-related investigations. rhutton@fordharrison.com The author would like to acknowledge the valuable input to this article from Ius Laboris member firms in Mexico, Argentina, Brazil, France, Belgium, Chile, Denmark and the UK.

V I S I T T O D A Y S G E N E R A L C O U N S E L . C O M F O R T H E L AT E S T N E W S , A N A LY S I S , C O M M E N TA R Y FOR GCs A ND OTHER IN-HOUSE COUNSEL . PLUS, R ECENT JOB OPENINGS & CA R EER OPPOR T UNIT IES.

today’s gener al counsel fall 2017

Labor & Employment BYOD Policies

person in the company, ideally within 24 hours of the loss. continued from page 17 Once an incident is reported, ensure would include the obvious situations, that the policy sets guidelines for situsuch as access by family and friends, but ations where the company will need to companies should also address other remotely wipe the employee’s personal situations that might expose company device. This will likely include, at minidata to outsiders, for example, backing mum, situations where the device is lost the device up to cloud storage programs or stolen, or where the company detects or personal computers. a data breach, virus or other threat to Users should be required to keep company data. their personal devices up to date with If employees are intermingling workrecommended updates from their mobile related and personal data in the same device carrier and device manufacturer. location on the device, then the employer This will ensure that all devices are conwill need the ability to wipe the entire sistent with the latest security standards. device, even if doing so would result in A corollary of this is a loss of the employee’s that users must not be personal data. The permitted to replace or policy should explicitly rework the operating notify employees that Ensure that system via jail-breaking this may be the result if or similar methods. the device is comprothe policy sets Finally, the employer mised, and encourage should retain unfettered them to regularly back guidelines for access to devices — both up personal data to physically and remotely mitigate the effects of situations where — to investigate misconsuch an outcome. As a duct, preserve data or corollary to this, the the company wipe data, as necessary. company should also More organizations are retain for itself the right will need to implementing increasto disconnect any device ingly sophisticated mofrom its network or remotely wipe bile device management disable remote services or mobile application at its discretion, without the employee’s management software notice to employees. to allow for monitoring The BYOD policy and control. Logging to personal device. should also address track employee access what happens when to company servers, for an employee leaves the example, is a frequently company. Generally, used tool; this and any more robust the policy should specify procedures monitoring mechanisms should be for deletion of company data from the considered as part of a properly drafted employee’s personal device, including all BYOD program. company email, and disconnection of the device from the company network. DAMAGE CONTROL While an effective BYOD policy will Even the best security measures cannecessarily be tailored to the needs of not prevent every incident, particularly the organization, the guidelines above where human error is involved. Accordcan serve as a starting point for securityingly, the BYOD policy must address conscious in-house counsel tasked with what happens when devices are lost, improving such a policy, or drafting one stolen or otherwise compromised. from scratch. In addition to the above, The policy should address reportcounsel must consider a number of other ing requirements. If a device is lost or issues, including privacy, usage guidelines, stolen, employees should be required and labor and overtime issues. Depending to notify the IT department or another on the company’s needs, these issues may

necessitate consultation with experts or outside counsel. Whatever the approach, organizations should carefully consider the implications of BYOD — the benefits as well as the risks — before jumping into implementation. An appropriate written policy is an essential step in that process. ■

Christopher Cox is a Litigation partner in Weil, Gotshal & Manges’ Silicon Valley office, where he leads the firm’s California complex commercial litigation practice. Mr. Cox has more than 25 years of experience litigating matters in state and federal courts in California and throughout the country, as well as in the binding arbitration forum. He also counsels both domestic and international clients on a wide variety of intellectual property, employment and other litigation matters. chris.cox@weil.com

John Stratford is an associate in Weil, Gotshal & Manges’ Silicon Valley office. His practice focuses on complex commercial litigation, including trade secret, employee mobility, business torts, unfair competition, intellectual property and high-stakes contract disputes in both state and federal courts. john.stratford@weil.com

fall 2017 today’s gener al counsel

Labor & Employment

“Sex” in Title VII By Chris Meyers

ender norms are rapidly breaking down. As millennials join the workforce, they bring changed attitudes with them. Ironically, the law that governs the changes those attitudes mandate originated back in 1964. Title VII is a piece of the landmark Johnson-era legislation intended to eradicate discrimination in the workplace (42 U.S.C. 2000e-2). It applies to all employers with 15 or more employees and prohibits discrimination based on the “big five” — race, color, religion, sex or national origin — and it is the linchpin of many employment lawyers’ practices today. The law is one of several enforced and interpreted by the Equal Employment Opportunity Commission (EEOC). The EEOC has many offices around the country where employees can file discrimination charges against employers and thus trigger the agency’s investigative function. The EEOC has a knack for zealously prosecuting claims against employers and often making grueling examples

of misconduct. Like other federal agencies, the EEOC is always the first body to adjudicate and interpret the legislation under its purview. This leads to situations where the EEOC and federal courts disagree about the law. In response to growing public support for the LGBTQ community, the EEOC has adopted a broad definition of the word “sex” under Title VII. For quite a long time, most agreed to the relatively straightforward conclusion that the reference to “sex” in Title VII prohibits discrimination against women in the workforce. In other words, employers cannot treat women differently from their male counterparts simply because of their gender. The reader is likely familiar with recent high-profile sex harassment claims (particularly in the broadcasting industry), as well as inappropriate comments directed at females or wage discrepancy studies — including the oft referenced 79-centson-the-dollar gender wage gap. ADDITIONAL PROTECTIONS BASED ON “SEX”

Now, however, the EEOC and a growing number of federal courts are digging deeper into the meaning of “sex” in Title VII to include additional protections. These proponents find solace in the Supreme Court’s decision in Price Waterhouse v. Hopkins (1989). Hopkins was a case that upheld a female employee’s claim of gender discrimination under Title VII when her apparent lack of effeminate qualities played a motivat-

ing part in the decision to not offer her a partnership promotion. Until now, the impact Hopkins would have on sex discrimination doctrine was a matter of speculation. Only recently has the public rallied to support the LGBTQ community. For instance, in 2015 the Obergefell decision finally held that gay marriage was a fundamental constitutional right. Moreover, President Obama was the first President to openly support gay marriage. Although we can speculate about why, there is no doubt that the collective attitude has changed in this county, and the EEOC has followed suit. The EEOC first held in Macy v. Department of Justice (2012) that, consistent with Hopkins, intentional discrimination against a transgender employee because of gender identity is unlawful under Title VII as sex discrimination. The EEOC has exclusive jurisdiction to handle and decide cases involving claims of discrimination by public employees against federal agencies. These opinions are issued by a five-member agency panel. Macy is particularly significant because it is a landmark decision that affects all federal sector employees, sets internal agency enforcement policy and serves as a persuasive precedent for private sector discrimination cases. But Macy was just the start. Several EEOC federal cases used Macy to extend protections to transgender employees that include, among others, protections against forced-bathroom rules and intentionally verbally abusing a transgender employee. In Baldwin v. Department of Transportation (2015), the EEOC panel held that discrimination based on individual sexual orientation also qualifies as unlawful sex discrimination. FEDERAL COURTS AND THE PRIVATE SECTOR

The EEOC’s federal sector cases have emboldened the agency. Indeed, the EEOC is not bashful about its prior-

today’s gener al counsel fall 2017

Labor & Employment ity enforcement toward LGBTQ sex discrimination complaints. Rather, it embraces and prioritizes these complaints. However, for private sector employers, the cart still travels before the horse. Federal courts remain hesitant to recognize LGBTQ-based claims. Moreover, courts reaching the issue are more willing to find that transgender discrimination is cognizable, as opposed to sexualorientation-based claims. So far, only the Sixth and Eleventh Circuit Courts of Appeal (sitting on three-judge panels) and an array of district courts have recognized transgender-based Title VII claims. In April of 2017, the Seventh Circuit sitting en banc became the first appellate court in the land to recognize a sexual orientation claim. While an avalanche of cases holding the opposite still exist on the books, the EEOC’s broad interpretation of sex continues to gather momentum. Despite the ongoing tussle, the trend is clear. Unless the Supreme Court weighs in otherwise, employers must adapt. It’s impossible to shape a one-size-fits-all solution to, for example, sexual orientation, gender non-conformity, gender identity, gender transitioning, and gender expression. However, there are some proposed steps that employers should consider: • Engage in some honest reflection as to the current status of your workforce. Are employees collectively young or old? Diverse or dominated by a singular ethnicity? Are they strictly conformist or do they emphasize individuality? Do the employees tend to be more progressive or conservative? The answers should allow employers to conduct a risk assessment for discriminatory behavior. • Bathroom Policies. Although lamented by many, employers have little leverage on the bathroom issue. That is, for transgender employees, or those questioning their gender identity, these employees must be permitted to choose which bathrooms they use. Employers sometimes request that the transgender employee use a “gender-neutral” bathroom. However, the EEOC’s Lusardi case obvi-

ated this proposed solution. From the EEOC’s point of view, confining already-vulnerable employees to their own separate bathrooms amounts to segregation, and thus discrimination. • Dress Codes. Employers are wise to prepare dress code policies that are gender neutral. There are two justifications. First, employers realize that their workforce will eventually include employees who transition, struggle with their gender identity, or reject gender conformity. So, make this change now, while you have absolute control and are not confined by the restraints of a lawsuit or claim. Second, non-gender-neutral dress code policies are evidence should a legal issue arise.

The EEOC has a knack for zealously prosecuting claims against employers and often making grueling examples of

he or she wishes to be used for him or her. One caveat, employers cannot require the employee to legally change his or her name or gender. Additionally, the transition plan should include a discussion about the employee’s preferred choice of clothing and whether any official notice to other employees in that facility or unit is appropriate. If the employee prefers to use a particular bathroom, that issue should be discussed. However, the employee is not bound by this initial decision. It goes without saying that the transition plan should be written and signed by the employee. Employers should outline steps to be taken if the employee is subject to any harassment or discrimination from coworkers. That way, both the employee and employer know what to expect if these issues arise. • Control the work environment. Create an atmosphere conducive to welcoming and respecting diversity and the LGBTQ community. If your workforce understands that harassment, discrimination or other misconduct is not tolerated, then the risks associated with Title VII sex-based claims diminishes rapidly. ■

misconduct. • Transition Plans. For both employers and the transitioning employee, the process of handling the transition appropriately can be daunting. Most transitioning employees do not want to engage in bitter dialogue or litigation with their employers. They simply want respect and privacy to the extent possible. This involves sitting down with the employee to discuss a transition plan. Companies need to be asking these employees, for example, what they would like, what makes them feel uncomfortable, and how the company can help. Companies must respect employees’ wishes as to their pronouns and names. For instance, the employer should ask the employee what names and pronouns

Chris Meyers is an associate in the Phoenix office of Snell & Wilmer LLP. He focuses his practice on labor and employment. He regularly handles disputes relating to discrimination and compensation issues arising in the workplace, and advises employers about their obligations under federal and state laws. cmeyers@swlaw.com

fall 2017 today’s gener al counsel

E-Discovery

Managing Corporate Data in the Era of Mobile Tech and the Internet of Things By Jeff Kerr approved (or issued) devices for business purposes, that rule should apply to the CEO, too. UNDERSTANDING ENTERPRISE DATA

ur golden age of digital convenience is shadowed by vast amounts of unmanaged and unorganized data. According to the website Backblaze, the price to store a gigabyte of data has dropped from $500,000 in 1980 to less than $0.03 today. And as businesses and consumers invest in new devices and applications, we’re generating more data than ever. It is now generated by both people (e.g., someone writing an email) and machines (e.g., location tracking, database logging and automatic step counting). There’s almost always more data than we know, and even experts find it difficult, if not impossible, to collect all of the data belonging to a person or a business. The increase in the amount and complexity of data has serious legal implications for American businesses in the areas of data security, e-discovery and recordkeeping. Without good data

management (aka “information governance”), enterprise data can become a liability. Data that is not managed properly is more vulnerable to data breaches, as well as more difficult to locate and produce if it is needed in e-discovery. Indeed, during litigation, widely distributed and poorly inventoried data has a direct relation to e-discovery cost because of the time that must be spent collecting it. Beyond cost, overlooked sources can create problems of their own. To tame the chaos and minimize the risk of growing data, businesses need to be aggressive in designing and implementing data management policies. These policies should be informed by regulatory requirements and rules related to the preservation of evidence, and they should generally be drafted with the assistance of counsel. They also need to be accepted at all levels of the organization. If you have a rule that employees may use only employer-

The impact of mobile computing and cloud-based applications on the challenge of information governance can hardly be overstated. Cloud computing means that data is more and more decentralized. Rather than having a central set of on-premises servers, businesses — sometimes unwittingly — rely more and more on both public and private cloud infrastructures. Most new software products used by businesses are accessed through websites, with data stored on cloud infrastructure; the software is leased by the software provider and owned by major vendors, such as Amazon and Rackspace. At the other end of the spectrum, many employees take work home with them and use laptop computers, smartphones and tablets to do their work. At any time, a business’s data could be spread across thousands of devices. Keeping tabs on this data, managing it and finding it can be an enormous challenge. Nonetheless, cloud computing and mobile devices are popular because they drive productivity and are often superior to other alternatives. It is unlikely that banishing them from your business will be a workable solution. AVOIDING DATA PROLIFERATION

David Cole, a partner who practices in data security, privacy and e-discovery law with Freeman Mathis & Gary LLP, suggests that to mitigate the risks associated with data inundation, businesses keep only the data they need and for only as long as they need it. Even so, challenges remain, including the large number of devices involved and the varieties of operating systems, platforms

today’s gener al counsel fall 2017

E-Discovery

and applications. A simple first step is to keep an inventory of the company’s electronic assets. This can be facilitated by IT, which should register and configure each device. Cole notes that a key source of trouble is having multiple repositories for corporate data, some of which (such as employee-owned smartphones) may not even be in the custody and control of the corporation. “The simplest solution is to not allow the storage of company data on mobile devices,” he says. “You can do it by policy, but that can be hard to enforce. You can also disallow it, not by policy, but by design of your data infrastructure.” At a minimum, Cole says, “a business should have a clear policy of not allowing corporate data on employeeowned devices, and the policy should be enforced.” To control where data is stored, one option he recommends is so-called “thin” or “zero” client deployment of employer computer systems. With this model, he says, “employees use devices with little to no local storage, and those devices simply connect to a remote server that hosts the operating system, applications and data.” Accordingly, when an employee saves a file, the file is saved not to a hard drive connected to the computer at the employee’s desk, but to a server that the business can access and control. This system can be easier to administer and more secure than setups that spread data across numerous hard drives. Cole also recommends that businesses provide employees with “approved, corporate-controlled applications for work communications, and then allow only employees to use those applications.” This prevents the kinds of problems that will arise when employees, wanting to rely less on email, turn to an internal chat application without consulting IT or management. This can result in relevant communications needed for e-discovery being spread across numerous devices and applications. When the company creates or designates corporate-controlled applications for all work communications, they become centralized and easily accessible. This also allows the business to ensure

that its chosen vendor complies with data security and e-discovery requirements, and makes clear that unauthorized software violates policy. MANAGING DATA IN LITIGATION

When there’s actual litigation, the stakes become even higher. It’s essential at the beginning of a case, Cole says, that preservation notices be issued to all individuals who may have data relevant to the case, and that the notice be written in plain English, with the expectation that it will end up in the hands of the opposing party. Indeed, Cole recommends that preservation notices be issued not only by legal counsel, but also by management to employees, with the expectation that they will be discoverable. A primary purpose of a well-crafted preservation notice is to ward off claims of careless or intentional destruction of evidence. Inside counsel must also monitor compliance with preservation measures. If there’s any reason to believe that a particular employee may be inclined to ignore the notice or attempt to destroy data (a reasonable assumption when the data would be damaging to the employee personally), counsel may opt to have a computer forensics specialist preserve the data without notifying the employee. THE ROLE OF SOFTWARE

The variety of software is one of the causes of data chaos, but it can also help mitigate the problem. In advance of litigation, businesses should choose software with an eye to needs that will arise during litigation. For example, ask vendors during the purchasing process how data can be locked down in the event of a legal hold, and how it can be collected during e-discovery. Many vendors will not have a ready answer, but a larger organization may be able to push vendors to address these issues in their applications. Some vendors are reading the handwriting on the wall. Google Vault, for example, adds archiving and e-discovery features to the company’s business email, storage and calendaring products. With pressure from purchasers, more vendors will build documented e-discovery and

records retention features into their products. There are many tools to assist businesses during litigation, with data collection, de-duplication, search, review and production. Some of these tools are marketed primarily to e-discovery vendors, who then charge steep fees to their clients. Others offer a more economical self-service model. Deciding on the right tools for the project is possible only if the project has been properly scoped. Will there be 15 gigabytes of data, or 15 terabytes? If it’s the former, you may get along without industrial strength tools and teams of experts; but if it’s the latter, you will need powerful technology. Remember, however, that possessing 15 terabytes of data does not mean your e-discovery project will embrace all of it. Some, if not most, could be unrelated to claims and defenses or could be duplicative. One litigation tool that inside counsel should consider is software for managing a matter’s most important documents and communicating the importance of those documents to outside counsel. Several vendors offer tools for constructing chronologies that link key documents to the facts of a case. These tools can be invaluable for coordinating case strategy with outside counsel. In sum, the proliferation of data creates challenges, and failing to manage data creates risk. Businesses need to actively manage the data they create and retain, and their plans and procedures need to be informed by legal requirements. Counsel who understand both the legal side and the technical side of this issue are best positioned to help a business meet these challenges. ■

Jeff Kerr is CEO and co-founder of the legal and case management software company CaseFleet. jeff@casefleet.com

fall 2017 today’s gener al counsel

E-Discovery

Q&A on E-discovery with Peter Ostrega

ow has the increased use of technology in the workplace added to the complexity of e-discovery? How hasn’t it? Not only do we have myriad data types — emails, texts, social media posts, chat messages, you name it — but we also find that data in multiple locations. Relevant, discoverable information may be on a computer, on a mobile device or in the cloud. Identifying, finding and preserving all of that information has made e-discovery significantly more complex. One current point of focus involves Bring Your Own Device (BYOD) policies. Companies can save money by letting employees use their own devices for work, but BYOD introduces a host of new questions. Who owns the data on a personal mobile device that is also used for work? Who controls that data? Who has access to it? Does the device’s owner have any reasonable expectation of privacy with respect to that data?

We’ve had staff sorting through data from personal mobile devices only to discover that two C-suite executives were having an affair. When these devices are in scope of an e-discovery matter, mining the data from them can be a laborious manual process. Because both personal and professional information can be comingled (think text messages), we have to parse all the data on the device and determine what is and isn’t relevant. It’s time intensive, costly and sometimes personally intrusive. We’ve had staff sorting through data from personal

mobile devices only to discover that two C-suite executives were having an affair. We had to disclose that information to counsel, who had to have an awkward conversation with the client about it. What new skills and technologies are needed to address these changes? Email systems and standard office document software suites aren’t undergoing massive technological changes, and as a result the technologies and workflows built to handle “garden variety” e-discovery are capable and up to the task. The main concern is the number of platforms and locations that we have to search: emails, documents, websites, SharePoint, CRM systems such as Salesforce, practice management software and so on. Potentially discoverable data is everywhere. Mobile devices are a different story. Mobile device companies are innovating at breakneck pace in both software and hardware. Significant changes to operating systems are commonplace (think iPhone X FaceID). Apple releases a new iOS annually, along with minor updates and bug fixes throughout the year. Our firm tests and develops new tools and workflows to work with each new OS as quickly as it is released. We often license several different mobile phone analysis technologies, thoroughly testing them to determine which approach is most effective. For both computers and mobile devices, the adaptation to technology is grounded in the skills of the people performing the forensic collections and exams. Experienced practitioners know how to test and validate a new process so that the results are auditable, repeatable and defensible in court. What are some of the nontraditional forms of e-discovery that have started to present themselves? An interesting development in this area is self-service e-discovery processing and

Peter Ostrega, Managing Director at Consilio LLC, specializes in providing corporations and law firms with comprehensive e-discovery and document review solutions for complex legal matters. He helps clients comply with discovery and production requests in government investigations and a wide range of large litigation matters. postrega@consilio.com

hosting platforms, generally, in a cloudhosted environment. Smaller software companies have created user-friendly, low-cost, web-based tools for e-discovery that make the process feel more like using iTunes or online banking. While this type of service can reduce the need to hire a potentially costly expert vendor, it also shifts the risk of error to the user, who may not be as experienced as a third-party vendor in conducting a comprehensive discovery process. Companies should weigh the risk of using these types of platforms and determine what type of matters are a good fit (subpoenas, non-party or third party, might be one to consider).

today’s gener al counsel fall 2017

E-Discovery

What other ways have you seen e-discovery and litigation change over the last five years? Technology tools and their adoption, for instance, Technology Assisted Review (TAR), has become much greater, particularly in the last two years. At the same time, the volume of data that companies are creating on annual basis continues to skyrocket, so innovation and the size of the problem are competing with one another. Nonetheless, with the integration of analytics technologies (email threading, near-duplicate detection, coding propitiation) and TAR workflows, we are seeing fewer massive scale human document reviews than before. In particular, “TAR2.0” or categorizationbased review workflows are lowering the barrier to entry for integrating TAR into the review process. You no longer have to convince the case team to invest the up-front time in training a TAR algorithm; rather, you follow a more traditional e-discovery process and use the daily coding results of the document review to train the algorithm as you go. The technology categorizes likely responsive documents and moves them to the front of the cue. You get to the relevant information faster and can make a determination in regard to stopping the review once you are no longer seeing responsive material. The key to utilizing a process like this successfully is to have experienced analytics expertise on your team or at your service provider, to oversee the process, interpret the results and provide expert validation, affidavits or even testimony. Do you see e-discovery affecting certain industries more than others? It’s too soon to say whether the growth of e-discovery will have an industryspecific impact. Most every company is drowning in data. That could mean that the exploding costs of e-discovery will continue to drive an exponential increase in the cost of litigation, or that cases will settle sooner to avoid those costs. The true impact isn’t measurable yet. One area that’s important to high-

light is the destruction of legacy data that companies are under no obligation to keep. Some industries are better about this than others, but failing to manage and destroy unneeded data can lead to overwhelming e-discovery costs if a future discovery request puts that date range in the scope of discovery. I remember one case where the company had never archived any emails, and we were looking at emails from the day their email system came online, the first email the company had ever sent! In the vast majority of instances, companies are under no obligation to keep information that old and can work with an information management/governance consultant to defensibly dispose of it, thus reducing their risk of costly e-discovery. What advice can you offer to GCs on these topics? First, if your company uses a BYOD policy, clearly define what that policy means for the company and for the employees using their personal mobile devices for work. Explain the terms of ownership and control of company and personal data in an employee handbook, or a BYOD agreement. This doesn’t just help with e-discovery; it can also act as a security policy to ensure the protection of confidential company information. Second, develop strong information governance and records retention policies in conjunction with your IT professionals and an independent information management expert. Keeping too much outdated information can be a tremendous waste of company resources. Examine what data you need to keep, what you can delete and how you manage your data archives. One thing to weigh here is budgeting:

Litigation is nondiscretionary spending, while information governance and records retention are both generally discretionary. Sometimes these discrete budgets lead companies to make poor long-term decisions. For instance, we worked with a large healthcare client that never deleted anything and, as a result, they spent $4 million on e-discovery in a single massive case. Following that experience, counsel tried to get an additional $200,000 budget approved to work with a consultant to dispose of unnecessary data; however, the request was denied due to lack of budget. Of course, a few years later another massive matter with a multi-decade date range led to another $4 million e-discovery bill, where those costs could have been cut by 75 percent had the investment in information governance been made. ■

fall 2017 todayâ&#x20AC;&#x2122;s gener al counsel

Cybersecurity

Protecting Client Data When Traveling By Craig R. Smith

ost attorneys travel with laptops, mobile phones and a variety of other electronic gadgets. Each device can store vast quantities of client data, including confidential information, trade secrets and attorney-client privileged information, raising the risk that valuable information will be lost, compromised or searched when traveling. Concerns regarding protection of client data when traveling have been amplified in the past year by an increase

in electronic device searches at the U.S. border. Although U.S. citizens are protected against unreasonable searches and seizures under the Constitution, customs agents have been given broad discretion to search electronic devices at the border, even without any reason for suspicion. Attorneys must be prepared for these potential requests and searches. They have special ethical obligations, especially in respect to confidential and attorney-client privileged information. Critical data should never be stored solely on mobile

devices. It must be stored at a secure location so that the loss of a device does not mean the complete loss of data. Less is more when it comes to traveling with confidential client information. Before bringing a computer filled with gigabytes of data on a trip, evaluate the risk of disclosure versus the need for the information. In most cases, a significant amount of data can be left at the office. Three techniques can be used to limit the amount of data lawyers bring with them when traveling. First, use a separate

today’s gener al counsel fall 2017

Cybersecurity

laptop and phone for traveling. These devices can be configured for maximum security and loaded with only a small group of files and applications necessary for a specific trip. Travel devices make it easier to avoid losing large quantities of data, and can be scanned for spyware and cleaned after each trip. Second, attorneys should bring no more than they require for a particular trip. For example, there is no need to bring all client files on a work laptop on every trip. Instead, save the files and applications that you do not need on another device and delete them from the work laptop. Third, access critical data remotely instead of storing it on a mobile device.

ble to interception. Thus, unsecured Wi-Fi at cafes and even some hotels should not be used to transmit sensitive information. ELECTRONIC SEARCHES AT BORDERS

When traveling internationally, attorneys must be aware of the types of searches that may be requested and performed at border crossings. Government officials may demand access to electronic devices and even passwords for accessing computers, phones and social media accounts. The uptick in border searches of electronic devices has prompted some organizations to raise their concerns with the Department of Homeland Security. The American Bar Association urged the DHS “to ensure that the proper policies and Attorneys have an obligation procedures are in place … to preserve the attorneyto resist providing access to client privilege, the work product doctrine, and the confidentiality of protected client information. lawyer and client communications during border crossings.” Indeed, the American With a reliable internet connection, most Civil Liberties Union and the Electronic information can be accessed via a virtual Frontier Foundation recently sued the private network or another secured government, challenging its practice of means of transmission. The less data you searching laptops and cellphones without travel with, the less you have to lose. a warrant. TWO ACCESS CODES Attorneys have an obligation to resist Two-step authentication provides better providing access to protected client protection for devices and accounts information. Turn off electronic equipbecause it prevents a single password ment before reaching customs and ensure from unlocking them. Instead, a second that all devices are password protected access code is provided by email or text and encrypted. Two-step authentication message. Travelers should not keep their makes it more difficult to unlock mobile passwords stored on the same devices devices and accounts. If a device can be with which they are traveling. For examunlocked using a fingerprint or facial ple, web browsers that store passwords recognition, as is the case with the new for every website on the device should Apple iPhone, then these access points be deleted. should be shut off. It is unclear whether Electronic data should be encrypted border agents can require travelers to use on each electronic device. Encryption their finger or face to unlock a device. software is widely available and reasonIn addition, travelers should log off ably easy to implement on computer all social media sites and cloud-based hard drives and email systems. Data services so that they cannot be easily encryption helps mitigate the risk that searched or accessed if the device is meaningful data will be revealed even unlocked. if a device is stolen, compromised or Recently, the Association of the Bar searched. of the City of New York issued a formal Free Wi-Fi is risky. Information trans- opinion on “An Attorney’s Ethical Dumitted across these networks is suscepti- ties Regarding U.S. Border Searches of

Electronic Devices Containing Clients’ Confidential Information.” According to the opinion, “an attorney should not carry clients’ confidential information on an electronic device across the border except where there is a professional need to do so, and … attorneys should not carry clients’ highly sensitive information except where the professional need is compelling.” The opinion suggests a variety of potential safeguards including (1) using blank travel phones and computers, (2) deleting confidential information prior to traveling and (3) turning off cloudbased services for accessing confidential information. Once at the border, the opinion advises attorneys that they may only disclose a client’s confidential information if “reasonably necessary” to comply with an order of a government entity. However, compliance is not reasonably necessary until an attorney undertakes efforts to dissuade border agents from reviewing clients’ confidential information or to limit the extent of their review. If border agents obtain access to client confidential information, then the attorney must inform the client. Traveling at home and abroad with nearly unlimited access to client data is a boon for attorneys’ productivity. The downside is that it increases the risk that client information can be lost, compromised or searched without the attorney’s permission. Attorneys are wise to prepare for each trip with an eye to protecting client data, especially when traveling internationally and crossing the U.S. border. ■

Craig Smith is a partner and trial attorney at Lando & Anastasi, LLP. He helps clients protect and defend their inventions in complex intellectual property litigation. His practice focuses on patent, trademark, copyright, trade secret and cybersecurity issues. CSmith@LALaw.com

fall 2017 today’s gener al counsel

Intellectual Property

Combine AI and Human Expertise for Effective Trademarking By Rob Davey

he state of the global trademark landscape is complex and constantly changing. As millions of brands continue to battle it out, it is more important than ever for professionals within the intellectual property sector to clear and secure trademarks for their clients faster and more efficiently. Meeting this challenge requires not just the kind of specific knowledge that only highly experienced human trademark experts can provide, but also advanced technology — including artificial intelligence (AI). The abilities of AI are already helping to transform a wide range of industries, but it holds particular value within the legal sphere. In a blog written last year on the topic, Thomson Reuters emphasized the potential it holds, predicting that “the next few years will likely favor lawyers who can use partial states of

automation to outperform their peers.” A more recent article declared AI to be one of the top three emerging trends in 2017. It said: “The advancement of machine learning and other techniques in artificial intelligence are giving businesses and their development teams the opportunities to design data-driven applications that can recognize patterns to become sufficiently ‘cognitive’ to reduce and even automate repetitive manual work.” AI offers numerous important advantages for trademark research. Properly implemented, it can be used to automate complex cognitive tasks and increase the effectiveness of search and watch results, while also dramatically improving overall speed and efficiency. Various trademark specialists have been using AI technology as part of their solutions for over two decades now, but only a few

have been able to successfully combine this with valuable human knowledge to deliver the best possible results. This is where the majority of trademark specialists have room to improve. AI technology on its own has a role to play in improving operations, but its full benefits cannot be fully enjoyed without it being used alongside human experts. Researching trademarks is about getting all of the details right, which is why solutions providers must have years of experience and specialized knowledge that goes beyond technology. To achieve this, the best providers will work closely with the industry’s most experienced trademark analysts and linguists to learn what they do, why they are doing something in a particular way and why they choose certain results over others. After collaborating closely over a long period

today’s gener al counsel fall 2017

Intellectual Property of time, businesses can begin to really think like trademark analysts. One of the commonly used variations of AI in trademarking is what is known as neural network technology. It has been employed for years by the most forwardthinking trademark specialists, mostly for trademark-watching solutions, and is designed to work in much the same way as the human brain, determining and creating connections among related concepts. The neural network technology being used is ‘trained’ using vast amounts of specifically pre-processed trademark data to accurately perform semantic equivalence, which then determines the “relatedness” of words, helping providers make more accurate decisions. More recently, providers have been using AI to deliver self-service clearance solutions for both text and images, making it easier to help clients looking to trademark brand names, slogans and logos. These solutions employ neural networks and other AI technologies to automate and accelerate complex trademark search and analysis processes. Deep learning techniques are also often used to identify semantically related terms, which helps to improve recall to minimize the risk of missing relevant marks. These kinds of advanced processing technologies can deliver thorough results in just seconds. Considering how advanced these AI-enabled solutions are, it could be fairly simple, theoretically, for them to take the place of human analysts, but relying solely on technology will always lead to issues down the road. Instead, AI technological systems must complement trademark experts rather than replacing them. VALUE OF HUMAN EXPERIENCE

The best human analysts possess a wealth of experience, allowing them to make the kind of nuanced judgements that machines cannot. They also have relationships with customers, which gives them a clear understanding of their requirements — something that currently cannot be matched by technology. This means they have the ability to look at, search or watch results, and rank them in a way that’s most

meaningful to the customer, which is far more difficult than it might sound due to the number of factors that play a part in determining what makes a mark relevant to that customer. No matter how sophisticated an AI-enabled technology might be, it is of no use without accurate and reliable data behind it, and this is always best

AI is already helping to transform a wide range of different industries, but it holds particular value within the legal sphere. delivered by humans. The best trademark solutions providers will have a dedicated team of quality analysts whose responsibility it is to review and correct data from the trademark offices before adding it all to their own proprietary trademark database. This work involves reviewing hundreds of trademark records daily and finding errors such as a word mark that doesn’t match the image — the kind of critical error that could be missed by an online searching tool. Human analysts are also able to work with a level of pro-activity that cannot be achieved through current AI technology. For example, a quality analyst would enhance the records to help ensure the relevant results are not missed, perhaps by looking at a multi-word mark or slogan and attaching strength to the most important parts of that mark. Once this is done, AI-enabled technology can be used to display all relevant results in a format that makes sense — a perfect marriage of human experience and technological sophistication. FUTURE TECHNOLOGY

By now, we have a clear idea of how human analysts will remain a vital part

of the trademark landscape for years to come, but what is looming over the horizon? Most importantly, next generation trademark-watching solutions will deliver even greater speed and precision than that which is available today. Using AI to further refine semantics, the goal will be to catch even more relevant, targeted results in a bid to reduce risk and save trademark professionals valuable time — something that is important to every business. Some providers are continuing to bring AI technology towards an even more sophisticated and human level. Some are working on machines that can observe how a customer works and automatically fine-tune the findings to deliver results according to the unique needs of that customer, providing targeted insights that help IP practitioners work even more efficiently. No matter what technological innovations we see within this sector, they will always be focused on the real needs of trademark professionals. Technology has a huge role to play within trademarking, helping to cull down massive amounts of information and display it in new and intuitive ways that weren’t possible before. This allows human experts to quickly make important decisions with an unprecedented level of accuracy. By bringing both humans and technology together, trademarking will continue to evolve and become more efficient. ■

Rob Davey is Senior Director at CompuMark, a brand of Clarivate Analytics. He leads the CompuMark Client Insight team. He joined the company in 2007, initially as Senior Account Manager, UK and Ireland, before becoming Manager of the EMEA Patent and Trademark Solution Consultants. rob.davey@Clarivate.com.

fall 2017 today’s gener al counsel

Compliance

Self-Reporting FCPA Violations By Sarah Walters and Katrina Rogachevsky

n April 2016, the Fraud Section of the U.S. Department of Justice’s Criminal Division introduced a Foreign Corrupt Practice Act (FCPA) pilot program, which was intended to be a one-year experiment to incentivize self-disclosure of potential FCPA violations. A look back at how the program was implemented provides valuable lessons for companies confronted with possible violations and the opportunity to develop best practices for responding. The program was rolled out in connection with the DOJ’s most recent

“Foreign Corrupt Practices Act Enforcement Plan and Guidance.” In addition to announcing the pilot program, the guidance detailed the DOJ’s efforts to intensify its FCPA enforcement by increasing law enforcement resources and building cooperation with foreign counterparts. The pilot program was developed to incentivize voluntary self-disclosure by laying out with particularity the rewards that come from self-disclosure, full cooperation with investigators and comprehensive remediation. Specifically, under the pilot program, if a company selfdiscloses and fully cooperates, the DOJ can decline prosecution or grant as much as a 50 percent reduction from the bottom of the fine range. By contrast, a company that cooperates but does not self-disclose can receive only up to a 25 percent reduction in the fine. In addition, the program provides that, in self-disclosure cases, a compliance monitor will not be required if an effective compliance program is in place by the time of resolution. The notion that self-disclosure, full cooperation and remediation results in a more favorable corporate resolution

is not new. However, the DOJ’s definitions of what these concepts mean and the public statements regarding likely outcomes — including a real possibility of declining prosecution — were more novel. REWARDS

The DOJ wanted the pilot program to work. FCPA investigations are complex and resource-intensive. The DOJ wants companies to self-disclose and cooperate with the investigation so that investigators can ferret out the fraud, reach resolution with the company and, where appropriate, prosecute individual wrongdoers. This is why the pilot program was put into place. Accordingly, during the first year of the program in particular, the DOJ was highly motivated to reward self-disclosures by declining prosecution. And that is exactly what happened. Between April 2016 and July 2017, nine companies reached resolutions for self-disclosed conduct; and seven of these received declinations. This represents a significant increase from the previous year when the DOJ issued only two declinations. The two companies that self-disclosed but did not receive declinations received significant discounts of 30 percent and 50 percent off the low end of the sentencing guidelines’ fine range. Disgorgement of the proceeds of the violation was a component of each of these declinations, although in four of the cases the DOJ deferred to the Securities and Exchange Commission for collection of the disgorgement payments. Notably, none of the companies that self-disclosed were required to engage a compliance monitor. Most of the companies that received declinations under the auspices of the pilot program appear to have self-reported before the program was in place. However, as the declination letters themselves make clear, the program’s existence played

today’s gener al counsel fall 2017

Compliance

a large role in the DOJ’s decision-making regarding the ultimate resolution. The pilot program has been extended. In March 2017, the DOJ announced that it would remain in place beyond its one-year expiration while the DOJ “evaluate[s] its efficacy.” While this certainly is not a commitment to continue the program indefinitely, there does not appear to be a decline in FCPA enforcement. To the contrary, in announcing that the pilot program would continue, Kenneth A. Blanco, the Acting Assistant Attorney General in charge of the DOJ’s Criminal Division, made clear that FCPA enforcement continued to be a major priority for the department. Accordingly, chances are that the principles behind the program will continue to gain traction, and the DOJ will continue to push for declinations in self-disclosure cases. TIMING IS EVERYTHING

So where to go from here? And what is the right path for a company that has identified a problem? Self-disclosure must be seriously considered. The benefits are real; but making such a disclosure is a frightening proposition, as it means inviting a government investigation. To make it even more complicated, these critical decisions must be made at the outset of the investigation. Timing is everything. As the guidance itself makes clear, to qualify for a potential declination under the pilot program, the disclosure must come “prior to an imminent threat of disclosure or government investigation,” meaning before a whistleblower has contacted regulators or law enforcement, and before a whiff of the issue has been leaked to the press. This does not mean that an internal investigation should be abandoned. To the contrary, it is critical to get your hands around the problem quickly and efficiently. Before disclosure, there must be some understanding of what the problem is (otherwise, there is nothing to disclose and no reason to wave a red flag) and a sense of the scope of the issue. However, it will not be possible to have a complete understanding of every aspect of the problem before the

decision of whether and how to disclose must be made. It is not necessary to have all of the facts and circumstances pulled together and presented in final form before disclosure. Experienced FCPA prosecutors understand that in order to accomplish timely disclosure, it will occur early in the process, which is why identifying the right venue for disclosure — whether it be the Fraud Section or perhaps a local U.S. Attorney’s Office that has handled such cases in the past — is critical. More importantly, by making the report and engaging with prosecutors early on, the internal investigation can be carried out more efficiently and with specific direction by investigators. Crucially, a preliminary discussion of the issue allows more flexibility down the road in terms of the company’s ultimate position. Full cooperation is critical, regardless of whether there has been self-disclosure. The pilot program and the “Principles of Federal Prosecution of Business Organizations” (U.S. Department of Justice, U.S. Attorney’s Manual, § 9-28.000) give real credit for “full” cooperation, even where there has been no self-disclosure. However, as the guidance makes clear, full cooperation requires proactive cooperation, not just responses to subpoenas and requests for information. Frankly, if everyone agrees that there is a problem, half-hearted attempts to cooperate will only frustrate the investigation and undermine chances for a more favorable resolution. Again, this proactive cooperation — which necessarily involves an ongoing dialogue with prosecutors — is beneficial because it results in better access to and more information about where the government’s investigation is headed, and allows for a more efficient and properly-directed internal investigation. Once there has been a decision to cooperate, it makes sense to fully cooperate. FIX THE PROBLEM

Once a problem has been identified, fix it. Restructure the problematic relationship, and discipline or move the individuals involved. Review the compliance program. Figure out how this one slipped through and make the necessary changes

so that it does not happen again. This is good business and serves very well in the final negotiations over whether a compliance monitor will be required. Monitors are expensive and disruptive, and it is worth taking the necessary steps to avoid one. If the DOJ sees tangible changes to the compliance program that were made not just for the sake of change, but that instead specifically address the problem at issue (as the pilot program guidance and spate of recent declinations make clear), a compliance monitor likely will not be deemed necessary. Even where there has been self-disclosure, full cooperation and remediation, every defense should be explored and raised, as there is still an opportunity to fight the fraud charges. When it comes to FCPA enforcement, there are many gray areas, leaving plenty of room to debate. The key with these cases is to employ every strategy available to reach the best resolution and, ideally, a declination. The pilot program provided concrete guidance on how to achieve a declination, and the DOJ seems to have embraced it in a way that should not be ignored. ■

Sarah Walters is a partner in McDermott Will & Emery’s White Collar & Securities Defense group. She previously served as an Assistant United States Attorney in the Boston U.S. Attorney’s office, where she held the position of Chief of the Economic Crimes Unit. Sewalters@mwe.com

Katrina Rogachevsky is an associate in McDermott Will & Emery’s Trial Department. Krogachevsky @mwe.com

fall 20 17 today’s gener al counsel

work pl ace issues

The EEOC under Trump By Barry a. Hartstein

hat can we expect from the Equal Employment Oppor‑ tunity Commission in the coming year? President Trump recently appointed Janet Dhillon, former gen‑ eral counsel of Burlington Industries, as EEOC chair. Picking Dhillon over acting chair Vicki Lipnic (who spent seven years as an EEOC commission‑ er) signals that changes are afoot. By the end of 2017, the EEOC most likely will have a 3‑2 Republican majority for the first time since the Bush ad‑ ministration and a more conservative EEOC general counsel. Here are my predictions for what to expect from the EEOC in the years ahead: • Expect a “new normal” of fewer lawsuits and movement away from nationwide systemic lawsuits. In the last year of the Obama administra‑ tion, the EEOC filed a historically low number of lawsuits — 86 “mer‑ its” lawsuits, compared to 142 in the prior year, a 35 percent decrease. It is unclear if the case filings will remain low. However, it is likely that a more conservative commission will reinforce its commitment to mediate and conciliate charges prior

Barry a. Hartstein is a shareholder and Co‑Chair of the EEO & Diversity Prac‑ tice Group at Littler Men‑ delson. He has expertise dealing with the Equal Employ‑ ment Opportunity Commission on both a local and national level. bhartstein@littler.com

to filing suit, and respondents to Lit‑ tler’s 2017 Annual Employer Survey predicted the impact of EEOC and anti‑discrimination law enforcement wouldn’t change much this year. Although large‑scale “systemic law‑ suits” focusing on alleged policies or practices that impact large groups of workers will not disappear, the EEOC will likely focus on individual lawsuits and systemic lawsuits of narrow scope (i.e., facility‑wide or regional).

• Disability discrimination and related litigation will remain front and center. In recent years, ADA lawsuits have been the most com‑ mon type of lawsuit filed by the EEOC, which is unlikely to change. Employers maintaining maximum leave policies will be vulnerable, based on failure to provide reason‑ able accommodations by extend‑ ing such leaves based on review of individual circumstances. Similarly, no‑fault attendance policies that fail

TODAY’S GENER AL COUNSEL FALL 20 17

to accommodate absences based on an employee’s disability may create risks for an employer, as shown by recent ADA litigation. • Challenges to unlawful harassment, including systemic harassment, will remain a priority. The EEOC, in its updated Strategic Enforcement Plan for 2017-2021, said that “[h]arassment continues to be one of the most frequent complaints raised in the workplace.” The EEOC’s Task Force Report on Harassment, issued in June 2016, underscores the importance of top down leadership for an effective anti-harassment policy, plus a focus on “civility training” as an effective approach to reducing harassment. • The EEOC will maintain focus on hiring barriers. The EEOC has taken the view that because most employers do not overtly express discrimination, most applicants are unaware when they have been denied hire because of discrimination. Thus, the EEOC believes that it is uniquely situated to address hiring and recruitment issues. Based on the EEOC’s recent meeting about increased use of data-driven selection devices, such as “big data,” it may more closely review reliance on selection practices. These lawsuits will not disappear, but EEOC challenges most likely will be narrower geographically. • Revised EEO-1 reporting requirements most likely will be rescinded, but pay equity will be scrutinized. Republican commission members opposed proposed changes to the EEO-1 forms to include pay data.

The Republican majority will likely rescind that requirement — something 50 percent of respondents to Littler’s 2017 Annual Employer Survey said they would support. Still, pay equity will likely remain an important priority, and the commission will focus on compensation systems and practices that discriminate based on sex, race, national origin and other protected statuses.

nation claims. As workers seek to remain actively employed longer, courts have been addressing evolving issues under the Age Discrimination in Employment Act, and the EEOC sought leave to file briefs in certain decisions. As an example, in Villarreal v. R.J. Reynolds (11th Cir. Oct. 5, 2016), the Eleventh Circuit rejected a failure-to-hire disparate impact claim under the ADEA in circumstances

The EEOC will likely focus on individual lawsuits and systemic lawsuits of narrow scope. • LGBT coverage under Title VII will continue to be vigorously debated. Regardless of the failure to expressly include sexual orientation and gender identity within the Title VII provisions, such charges continue to be filed and accepted by the agency. Since legislative action amending Title VII is unlikely, coverage will continue to be debated in the courts. The Seventh Circuit’s decision in Hively v. Ivy Tech Community College (7th Cir. Apr. 4, 2017), in which the appeals court interpreted Title VII as covering sexual orientation, may be a precursor to additional court decisions extending coverage. A smaller percentage of respondents to Littler’s 2017 Annual Employer Survey said they expected an increase in workplace discrimination claims than appeared in the 2016 survey. • Increased attention on age discrimi-

View our digital edition for instant access on your tablet or desktop D IGI TA L .T OD AY S G E NE R A L C OUN S E L . C OM

where the plaintiff was screened out based on hiring criteria seeking a “targeted candidate . . . 2-3 years out of school.” The appeals court focused on the express language of the ADEA and concluded that the statute did not cover applicants when dealing with disparate impact claims. On the other hand, in a recent Third Circuit decision, Karlo v. Pittsburgh Glass Works, LLC (3d Cir. Jan. 10, 2017), the court permitted a group of workers to carve out a subclass of workers (50 years of age and older) in a disparate impact claim under the ADEA. Clearly, this will continue to be an evolving area of the law. The above points provide a preview of EEOC developments that employers should closely monitor over the coming year. ■

fall 20 17 today’s gener al counsel

T H E A N T I T R U S T L I T I G AT O R

Restraints Justified to Prevent Free Riding By Jeffery M. cross

uring my more than 42 years of practicing antitrust law, the Supreme Court has issued several decisions that have significantly shaped the contours of modern antitrust analysis. One of these was the 1977 decision in Continental T.V., Inc. v. GTE Sylvania Inc. This decision introduced several important concepts to antitrust jurisprudence. One such concept: The imposition of vertical intra-brand restraints can increase inter-brand competition. A typical vertical intra-brand restraint occurs when a manufacturer limits its retailers to selling in a specified territory. Such a restraint can increase inter-brand competition by incentivizing retailers to provide point-of-sale services that the manufacturer believes will make its products more competitive against the products of other manufacturers. The restraint works by protecting the retailer from a market imperfection known as “free riding.” The concept of free riding has played an important role in antitrust thinking, and protecting against free riding is a well-established, pro-competitive justification for restraints. When I teach antitrust law, an example that I like to use originated in a 1977 law review article

Jeffery cross is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com.

commenting on the GTE Sylvania decision by then Professor, now Judge on the Seventh Circuit Court of Appeals, Richard Posner. Automobile manufacturers such as GM, Ford and Toyota believe that the best way to sell cars is to have dealers with showrooms, demonstrator models and knowledgeable sales staff. This allows consumers to visit the showroom, “kick the tires,” drive the car around the block and speak to a knowledgeable salesperson about various features and accessories. Such showrooms and sales personnel cost money, and the dealer

must pay the bank to finance the demonstrator models. Consumers are unwilling to pay a fee to visit a showroom, so the only way that the dealer can recoup this cost is through the ultimate sale. Various companies sell automobiles at a discount without providing a showroom, demonstrators or sales persons. In the example used by Judge Posner in his law review article, the discount seller was the “buying club,” prevalent in the 1960s and 1970s. Today, the equivalent would be Costco or Sam’s Club or Internet sellers. These discount sellers can offer cars for less because they do

TODAY’S GENER AL COUNSEL FALL 20 17

not have the dealers’ expenses. Such discount sellers urge their customers to visit a dealer’s showroom, select the model and accessories they would like and then buy the car from the discounter for less. They are taking a “free ride” on the point-of-sale services offered by the dealer. The dealer offering such services will not continue to do so if the discounter takes sales away. The dealer will have to drop the services to compete, and the manufacturer will have lost important marketing activities that it believed made it more competitive. By imposing on its dealers a limitation on what individuals and companies they can sell

against free riding. The court rejected this argument, noting that each member charged for emergency breakdown service. It noted that the free rider problem exists only because the provider of the services cannot charge for them and can only recoup its costs through a sale. In addition, a restraint cannot be justified because it merely increases the profitability of an enterprise by restraining the ability of competing products to compete. An example provided by Judge Douglas Ginsburg in an important 2005 decision in the Court of Appeals for the District of Columbia illustrates this point. The case concerned rivals participating in a joint enterprise to market a new

Discount sellers can offer cars for less because they do not have the dealers’ expenses. to — only end-users and authorized dealers — the manufacturer protects against free riding and incentivizes its dealers to provide the point-of-sale services that the manufacturer thinks will make it competitive. Of course, a restraint must in fact protect against free riding in order to be a legitimate pro-competitive justification. In a 1984 case in which I was lead counsel for the plaintiff, my opponent argued that the territory and other restraints imposed by an association of full-service truck lessors were necessary to protect against free riding. The members of the association were local lessors of over-the-road trucks. To compete against the national full-service truck lessors, the local lessors agreed with each other to provide emergency breakdown service for the trucks leased by fellow association members. The association imposed exclusive territories on its members and refused to allow a member who was not the designated association member in a market from affiliating with another organization providing such reciprocal breakdown service. My opponent argued that the restraints were necessary to protect

classical music recording. They agreed to impose restrictions on themselves in respect to advertising and promotions of recordings that were not part of the venture, claiming these were necessary to prevent the rivals from taking a free ride on the enterprise’s efforts. In rejecting the defendants’ assertion, Judge Ginsburg posed the following illustration: Suppose “General Motors were vigorously to advertise the release of a new model SUV. . . . [O]ther SUV manufacturers would no doubt reap some of the benefits of GM’s efforts. . . . But that would not mean General Motors and its competitors could lawfully agree to restrict prices and advertising on existing SUV models in return for General Motors giving its rivals a share of its profits on the new model.” The use of vertical restraints to protect against the market imperfection of free riding is an important and wellrecognized pro-competitive justification. Such restraints, although limiting intra-brand competition, can increase inter-brand competition. However, it is important that the justification be properly applied in order to avoid antitrust liability. ■

BEYOND PRINT

TodaysGeneralCounsel.com

IN YOUR INBOX

Digital.TodaysGeneral Counsel.com

E-DISCOVERY CONFERENCES

TodaysGeneralCounsel.com/ Institute FIND OUT MORE AT TODAYSGENERALCOUNSEL.COM

Lessons from a PR Disaster Message-Managing in a Crisis By MaRk IRIon

n 1961 President Kennedy faced his first major crisis, a disastrous botched invasion of Cuba known as the Bay of Pigs fiasco. This led the young President to establish the now famous White House â&#x20AC;&#x153;Situ-

ation Roomâ&#x20AC;? as methodology for better coordination and response to unplanned significant events. More than just a physical location with secure communications from which to command a crisis situation, it is fully staffed by watch teams that monitor events with specified duty officers, intelligence analysts and communications professionals.

today’s gener al counsel fall 2017

Corporations and other large organizations are smart to establish their own virtual “Situation Room” response teams, who swing into action instantly following a significant unwelcome event. United Airlines’ crisis response to the public horror show of their bloodied passenger, Dr. David Dao, being dragged off its April 9 Flight 3411 offers the perfect example of why a “Situation Room” approach is necessary. It is easy to Monday-morning quarterback the many failures of United’s response. Those faults have been well covered but offer little insight into exactly how and why things went so poorly. The truth is that United did a great deal right several days into the crisis, but the first 24 hours of decisions and communication determine how successfully an organization weathers a crisis. Only a pre-established and organized “Situation Room” approach prepares an organization to immediately manage adverse events. So how would an excellent and talented CEO, such as United Airlines’ Oscar Munoz, have benefitted from a different The first 24 hours approach? What could of decisions and have been done to steer communication towards a quicker and determine how more successful resosuccessfully an lution of the reputational catastrophe? organization To answer these quesweathers a crisis. tions, it is helpful to look at how United responded in reverse chronological order to see what they did well, and which internal stakeholders were either not in the “Situation Room,” or whose opinions were perhaps not given equal weight. As praiseworthy as I believe Munoz’s actions were 72 hours after the incident, he and his team dug an unnecessarily deep hole to climb out of in the first 48 hours. ANALYZING UNITED’S RESPONSE APRIL 27: Just two and a half weeks after the

incident, United posted a thorough and objective review and action report highlighting its own failures and outlining thoughtful policy changes to prevent a similar incident. The report also thoroughly described its pre-existing “Involuntary Denial of Boarding” process and explained

the complex practices of aircraft downsizing, moving crew, overbooking and other annoyances that can appear capricious. Most importantly, United reserved all responsibility for itself and only discussed its own failures — shifting no blame to the passenger or Airport Police. Analysis: This corrective action plan was a considerable accomplishment in a few short days, and offers evidence of a good deal of advance planning. No enterprise could have produced a great review and action plan in the initial 48hour maelstrom of public criticism. What United needed to do was to purchase breathing room immediately after the incident became public to grant it some grace time. If the strategic communications team, human resources, legal and investor relations had all been summoned to the “Situation Room” and prepared to work together, it is easy to imagine that Munoz’s initial comments would not have set public sentiment so hard against the airline that their corrective action plan would receive little praise. APRIL 12: Three days after the incident, Munoz

went on national television to express “shame” and pledged that the episode would never happen again. He came across sincerely contrite and resolute that he would fix the problem. Later that day, United offered to issue every passenger a full refund. Analysis: United would receive an A Plus if this were the message Munoz was prepared to give in the 24 to 48 hours immediately following the event. But this message did not emerge until three days after. It seems clear that by the third day, the marketing and public relations team had not only joined the battle, but was becoming the dominant influence on the CEO’s thinking about safeguarding United’s reputation. APRIL 11: Two days after the incident, United

faced a full-blown public relations nightmare, and congressional hearings were scheduled. At that point, United took full responsibility for the “horrific event” in a statement from Munoz that exhibited empathy for the victim and recognized the public’s anger: “The truly horrific event that occurred on this flight has elicited many responses from all of us: outrage, anger, disappointment. I share all of those sentiments, and one above all: my deepest apologies for what happened. . . I want you to know that we take full responsibility and we will work to make it right. . . I promise you we will do better.” Analysis: Munoz’s statement was the first continued on page 43

FALL 2017 TODAY’S GENER AL COUNSEL

d e g e il iv r P g in t c u d Con Internal Investigations BY TODD PRESNELL

In-house attorneys receiving a whistleblower complaint, government inquiry or other alert must decide whether and how to conduct an internal investigation. They may retain outside counsel to conduct the investigation, for privilege or other purposes, or they may keep the investigation in-house. If they choose the latter, they must manage many complex issues to ensure that the investigation and its results remain protected from discovery in subsequent litigation. Below, we examine these issues and offer some tips for increasing the chances that the investigation will be privileged.

To navigate these waters, it is helpful to return to the foundational elements of privilege. Simply put, the corporate attorney-client privilege applies to confidential communications between employees and counsel, whether outside or in-house, made for the purposes of rendering or implementing legal advice. The confidential component contains two critical elements. First, the communication must be confidential when made. Practically, this means among other things that the corporate lawyer should not include unnecessary recipients on email communications nor hold verbal conversations with employees in the presence of third parties — or even in the presence of other employees who do not need to know the substance of the conversation. Second, communications also must be made with the intent that they remain confidential. So the confidential one-on-one email may lose its confidentiality, and thus the privilege, if the recipient forwards it to thirdparties or unnecessary internal employees. The legal advice component is even more troublesome for in-house lawyers. While many courts presume a legal advice purpose when an employee communicates with outside counsel, that same presumption evaporates when the employee communicates with in-house attorneys. Courts

make this distinction because they recognize that many in-house lawyers communicate about business-related, as well as legal, issues; therefore, they will not assume that a communication involves legal issues simply because an in-house lawyer is present. Many courts effectively apply this heightened legal advice standard to in-house lawyer communications. When a party challenges an in-house lawyer’s privilege assertion, courts want to see the in-house lawyer’s sworn declaration explaining why the communication pertained to legal, rather than business, advice. Even if the in-house lawyer meticulously meets the privilege’s three foundational elements, jurisdictional choice-of-law issues could derail the assertion of privilege. Many jurisdictions follow the subject matter test, which applies the privilege to counsel’s discussions with any employee so long as the discussion pertains to issues within the scope of that person’s employment. Other jurisdictions follow the control group test, which generally holds that the privilege covers counsel’s communications with an employee if the employee is in a position to take action based on the lawyer’s advice. The scope of the control group test is narrower, meaning that the privilege will not shelter corporate counsel’s communications with lower-level employees.

today’s gener al counsel fall 2017

Federal courts employ the common law/subject matter test in federal-question cases. They utilize state privilege law in diversity cases. Some states follow the narrow control group test, others follow the subject matter test, while other states remain undecided. The take-away for in-house lawyers is that one may not know at the time of the communication whether the narrow control group test or the broader subject matter test will apply. It is with these privilege uncertainties that in-house lawyers undertake an internal investigation. The legal advice presumption afforded outside counsel may persuade the in-house lawyer to retain a law firm to conduct the investigation. But not every whistleblower complaint, government subpoena, or other internal issue necessitates the retention of outside investigation counsel. When a company determines to keep the investigation in-house, its legal department must ensure that it conducts the investigation in a privileged manner. The primary concern for a company conducting its own investigation is that a court will determine that it undertook the investigation for business reasons rather than for securing legal advice. Indeed, some government regulations require companies to conduct internal investigations when certain complaints arise, and many companies maintain internal operating policies that similarly require an automatic investigation when an adverse event occurs. These investigation requirements sound quite business oriented, and they may lead a court to reject any argument that the company conducted the investigation for legal advice reasons.

Legal

Investigation duty delegated

In-house lawyers, however, rarely have time to add a comprehensive internal investigation to their schedules. They may, if it’s properly handled, delegate to others, including non-lawyers, and still maintain the privilege. The key is for the in-house lawyer to formally delegate the investigation to the designee. In the delegation memorandum, the in-house lawyer should expressly state that the investigation is confidential, subject to the privilege and conducted so that the lawyer can provide the company with legal advice. With these instructions, the designee may conduct the investigation, including employee interviews and document review, and then prepare a written or oral report. The designee should follow the same interview instructions described above and, importantly, return any investigation results to the in-house legal department. (Delivering investigation results to business units may influence a court to find that the investigation was for business, non-legal purposes.) The D.C. Circuit Court of Appeals 2014 decision in Kellogg, Brown & Root, Inc., for example, supports this approach. A KBR employee brought a False Claims Act case alleging that the company submitted fraudulent payment claims to the Department of Defense. KBR’s Code of Business Conduct required the company to investigate, and KBR’s in-house counsel led an investigation that included non-lawyers conducting employee interviews. Even though a KBR business policy required the investigation, and non-lawyers conducted most of it, the court found the resulting report privileged because

Investigator Conduct investigation

In-house counsel must therefore take careful steps to circumvent a court’s proclivity for finding business-generated investigations. Initially, in-house counsel may conduct the internal investigation themselves or delegate to others. If the in-house lawyer conducts the investigation, then she should designate her employee communications as “privileged and confidential,” provide written instructions to interviewees that they should not disclose their communications without authorization, provide Upjohn warnings where necessary, and deliver any investigation results to the company’s decision makers.

Legal

Return investigation

KBR’s legal department initiated and managed it. In Johnson v. Ford Motor Company, a West Virginia federal court similarly protected as privileged Ford’s internal investigation into “sudden-acceleration” claims. Following at least one lawsuit and a story in the Wall Street Journal, Ford’s Office of General Counsel initiated an investigation, but delegated the entire investigation to the company’s Automotive Safety Office, a non-legal department. To support the privilege assertion, a Ford inhouse lawyer (who met the heightened standard explained above) submitted an affidavit detailing

fall 2017 today’s gener al counsel

Todd Presnell is a partner in Bradley’s Nashville office, where he maintains a litigation practice, serves in discovery counsel roles, and leads and advises on internal investigations. He also counsels in-house legal departments on the attorneyclient privilege, and authors the blog Presnell on Privileges. tpresnell@bradley.com

that the OGC directed the safety officer to assist the legal department in the review and analysis, that the investigation results “were used solely by Ford’s attorneys in rendering legal advice to Ford,” and the results were not “disseminated beyond those Ford employees and consultants working directly with Ford’s counsel.” The court found the investigation report privileged because Ford satisfied its burden to show that its lawyers requested and directed the investigation, the investigation was for legal advice purposes, and that it kept the resulting documents confidential by limiting dissemination on a need-to-know basis. In a third case the Texas Court of Appeals, in Fairway Methanol LLC and Celanese Ltd, January 2017, upheld the privilege over a company’s post-accident investigation even though the company admittedly wanted the investigation so that the legal department could offer “business advice” regarding potentially at-fault employees. The court upheld the investigation as privileged because the company’s in-house lawyer filed an affidavit declaring that the legal department requested the investigation for the primary purpose of defending litigation, the investigation team acted on the legal department’s instructions, the team marked all communications as “privileged and confidential,” and the team communicated its findings solely to the legal department. These three opinions support the boomerang approach to in-house, lawyer-led investigations. Even where an in-house lawyer delegates an investigation to non-lawyers, she has a greater chance of winning the privilege battle if she initiates the investigation by declaring it is for legal advice purposes, educates the investigative team on communicating confidentially, and the team returns the results solely to the in-house lawyer. Two agent-related issues deserve separate consideration. The first is whether the attorney-client privilege applies to former employees. In other words, can an in-house lawyer or her designee conduct investigation interviews with former employees in a privileged setting? This issue is unsettled. In the 1981 case, Upjohn Co. v. United States, the Supreme Court left open whether the privilege safeguards corporate counsel’s communications with former employees. Few circuit courts of appeals have addressed the issue, but the Fourth and Ninth Circuits held that the privilege covers those communications. To the contrary, the Washington Supreme Court in the 2016 decision in Newman v. Highland School District ruled that the privilege

Practice Tips Although courts employ varying standards, the following practice tips should increase the chances that the in-house lawyer’s investigation will be privileged. • Conduct the investigation knowing that most courts will not presume that an in-house lawyer’s communications with employees are for legal advice purposes. • Label employee communications as “privileged and confidential.” • Instruct interviewees that the conversation is confidential and privileged, and that they should not disseminate emails or otherwise discuss the conversation with others. • If delegating the investigation to non-lawyers, prepare an initiating memorandum that emphasizes the investigation is confidential and for legal advice purposes. • Instruct and train non-lawyer investigators on how to conduct confidential, privileged interviews. • Ensure that non-lawyer investigators return any work product or results only to the in-house lawyer, and not a business unit. • Know if your jurisdiction applies the privilege to former employees; and if it does, determine whether and how to conduct the interview.

does not apply to former employees. Other jurisdictions have not addressed this issue. A second consideration is whether the privilege protects communications between in-house lawyers or their designees who interview consultants or third-party contractors during an investigation. Although not addressed in every jurisdiction, the privilege should cover these communications under the functional-equivalent doctrine, which holds that the privilege applies to third-party communications if the third party was acting as the functional equivalent of an employee. ■

today’s gener al counsel fall 2017

PR Disaster

continued from page 39 evidence of cooperation between the lawyers, the HR team, and the marketing and PR team. This second response shows a balancing of the HR department’s desire to not blame flight attendants for following the company’s procedural guidelines, with the brand keeper’s imperative to not blame the customer. April 10: Monday evening, approximately 24 hours after the incident, Munoz issued a second statement in the form of a letter to reassure United employees that he was with them: “Like you, I was upset to see and hear about what happened last night aboard United Express Flight 3411 headed from Chicago to Louisville. While the facts and circumstances are still evolving, especially with respect to why this customer defied Chicago Aviation Security Officers the way he did, to give you a clearer picture of what transpired, I’ve included below a recap from the preliminary reports filed by our employees. As you will read, this situation was unfortunately compounded when one of the passengers we politely asked to deplane refused and it became necessary to contact Chicago Aviation Security Officers to help. . . ” Analysis: The employee eye-witness accounts of what transpired was an effort to show solidarity with employees, but reiterated what could be called biased descriptions of a passenger refusing $1,000 in compensation and becoming disruptive and belligerent. United’s HR team may have succeeded in assuring the employees they were not being hung out to dry, but it had the opposite effects on the flying public, which saw it as “Us vs Them.” April 10: Monday morning following Sunday’s

incident, Munoz issued his first statement: “This is an upsetting event to all of us here at United. I apologize for having to re-accommodate these customers. Our team is moving with a sense of urgency to work with the authorities and conduct our own detailed review of what happened. We are also reaching out to this passenger to talk directly to him and further address and resolve this situation.” Analysis: United’s legal team seems to have gone out of its way to assure that there was no admission of wrongdoing and reiterated the uncertainty of the situation without any understanding of the business risks this approach imposed. This statement is a “nonpology.” It takes

the form but lacks the substance of an apology. “Re-accommodate” is an annoying euphemization that added insult to injury. No one felt accommodated in the least. The worst part of this statement is that the injured passenger does not even get a “nonpology.” What’s to be learned from this series of events? United’s response was pilloried in the public eye not so much for what Munoz said, but for what he didn’t say. His legal and human resources team played commanding roles in the first 24 hours of crisis response, but it came at the expense of how United needed to speak to customers. iNTEGrATE lEGAl AND STrATEGiC COMMUNiCATiONS Companies that otherwise communicate brilliantly replicate United’s mistakes countless times in crisis situations because they are not prepared with a Situation Room process that integrates legal, communications, HR and business unit leaders. Rather than judge United, it would be wise to remember that just three weeks before this crisis, Munoz received PRWeek’s coveted Communicator of the Year award for his efforts to reconnect his employees to the customers they serve. In accepting the award, he said: “Communication and communications strategy is not just part of the game, it is the game.” Like many CEOs, United’s understands communications, but that is not the same as being prepared with a system to contain a business crisis. United’s crisis would have tested any company, but imagine how much more deftly United could have weathered the storm if it had felt confident enough to respond to a desperate and uncertain situation with language showing human emotion; delivered a consistent, coherent message throughout a fast-developing story; and tempered a coldeyed assessment of risk with an acknowledgment of an elderly man in an emotionally trying crisis. Corporate leaders improve their companies’ odds in a crisis by giving public relations, lawyers, human resources and the business leaders seats at the table. Had United implemented an integrated “Situation Room” approach to crisis preparedness, it could have ensured that its efforts for a legal win did not result in a loss in the court of public opinion. ■

Mark Irion is Head of Strategic Communications at Hogan Lovells US LLP. He provides fully integrated communications and advocacy programs that help clients achieve their public relations, crisis communications and reputation management goals, as well as legislative, regulatory and corporate positioning objectives. mark.irion@ hoganlovells.com

USING DIGITAL TOOLS IN LITIGATION BY JOSHUA S. REISBERG

today’s gener al counsel fall 2017

n July 2017, I deposed a seasoned expert witness in a complex Hatch-Waxman patent litigation involving 12 patents directed to pharmaceutical compositions. The expert witness, offered on behalf of plaintiffs to opine on key issues of infringement and validity, sat at the head of the table with the videographer positioned 25 feet away at the opposite end. Three attorneys representing the plaintiffs sat across from me; the court reporter, with her numerous devices, was positioned between the expert and me. There was nothing unusual about the deposition, with one notable exception. I sat behind a veritable command station of computer displays plugged into my MacBook Pro, which was loaded with a deposition outline, the expert’s thousands of pages of reports and appendices, and every document that the expert relied upon or considered in support of his opinions in the case. Every report or document necessary to discuss was accessible in digital format, with a series of banker’s boxes at hand containing hardcopy

counsel, case manager or executive when retaining outside lawyers. DIGITIZE AND ATTACK Early in preparation for the deposition referenced above, I recognized that traditional methods of preparation would be ineffective. Typically, lawyers taking depositions come to the conference room table with a printed, static outline. However, when a deposition involves expansive, complex, interwoven subject matter, the traditional deposition outline can be more of an encumbrance than a tool, even when supported by common organizational elements such as TOCs. This is because the TOC and other common organizational tools (e.g., section headers) do little to provide ready, instantaneous access to information within the outline. Transitioning between a TOC and the substance of an outline can be clumsy in digital format and even more so in paper format, which ultimately leads to inefficiencies in the use of information in a live deposition. Traditional

All DIGITAl DoCumENTs wErE ANNoTATED, hypErlINKED AND AvAIlAblE To bE CAllED upoN INsTANTANEously.

versions of documents potentially to be marked as exhibits during the deposition. All digital documents were annotated, hyperlinked and available to be called upon instantaneously in what I expected to be a complex deposition. This approach to deposition taking was my logical next step after developing expertise with digital tools to make the day-to-day work of being a trial attorney more efficient. In the context of dispute resolution where I focus my practice, our mandate as lawyers is to analyze and strategize in order to achieve victory through settlement or before a fact-finder, judge or arbiter. We have an obligation to continuously adapt to serve our client’s needs. How do trial lawyers and litigators produce a better, cheaper product? By weaponizing our analyses more effectively through the proper selection and use of digital tools. Digital tools should be part of every outside attorney’s litigation arsenal, as well as the subject of inquiry by every in-house

organizational tools do not empower lawyers to weaponize critical information in depositions as they respond to and follow up on the witness’s answers. This can lead to disastrous results, ranging from wasted time to an ineffective witness examination that harms the client’s litigation narrative. As a Mac user, I have found two apps that work beautifully. DEVONthink Pro Office provides robust tools for document organization and analysis, and is particularly useful as a tool to organize and annotate materials for deposition. OmniOutliner Pro is a dedicated outlining app. Its usefulness is its ability to remedy the inefficiencies of a static, TOC-supported outline through the dynamic use of expandable and collapsible headings. This interface allows more effective targeting and implementing of information during a live deposition by working with third-party apps focused on document organization. For example, for purposes of my July 2017

fall 2017 today’s gener al counsel

expert deposition, the digital outline included questions directed to specific lines of text within a 205-page pharmaceutical development report. DEVONthink Pro Office annotated the relevant passages, and then generated a hyperlink to each relevant page. I integrated that hyperlink directly into the digital outline in such a way that I could

firm’s IT leaders. Myriad tools, specifically geared towards organizing and implementing information in a litigation, are available on both Mac and Windows® platforms. These tools include, for example, Casemap® and Summation®; but more generally applicable apps like DEVONthink Pro Office and Omni-

TrAdITIONAL OrGANIzATIONAL TOOLS dO NOT EmpOwEr LAwyErS TO wEApONIzE CrITICAL INfOrmATION IN dEpOSITIONS AS THEy rESpONd TO ANd fOLLOw up ON THE wITNESS’S ANSwErS. click on the link to open the digital PDF at the annotated page and could locate a physical copy of the document in the banker’s boxes we brought to the deposition. These digital tools support an approach to litigation based on the idea that to be of value — in developing a case, creating opportunities for victory, and limiting the litigation spend effectively — information must be readily accessible. It must seamlessly integrate with the various digital applications that lawyers use to implement analyses in furtherance of clients’ objectives.

Josh Reisberg is Counsel at Axinn, Veltrop & Harkrider LLP. He focuses his practice on intellectual property and high-stakes commercial litigation. He has a degree in Molecular Biology and has employed his science background in patent litigation matters related to diverse technologies such as polymer materials, pharmaceuticals, semiconductor materials, medical devices and agricultural genetics. jreisberg@axinn.com

ACHIEVING TACTICAL OBJECTIVES My deposition of a critical expert on key issues in a complex patent infringement litigation proved to me that the common method of taking a deposition using a printed, TOC-supported outline can be unnecessarily cumbersome, given the existence of far superior digital tools. Digital tools allowed for mastery of the complex subject matter, more effective control of the speed and cadence of the deposition, less time wasted finding information, and more pointed and effective follow-up questioning. These benefits led to more opportunities for achieving the strategic and tactical objectives set for the deposition that were designed to support the litigation narrative and achieve victory down the road. Effective use of digital tools is a matter that should be important to both lawyer and client. Outside lawyers developing a client’s case can pursue a number of different initiatives to find the tools that best work for them, including experimenting and communicating with their

Outliner Pro can also be fashioned for litigation use. Lawyers must find what works best for them through trial and error, and have flexibility within their firm’s IT environment to pursue individualized approaches to the work of litigation. Lawyers should not let their work product or the client’s case suffer because of unavailability of digital tools or insufficient support. Clients, in-house counsel and case managers should also recognize that it is important not only to understand the analysis undertaken by outside attorneys in developing a litigation narrative, but also the means by which that analysis will be implemented and weaponized during a litigation. As part of standard quality control, those responsible for retaining and overseeing outside counsel should gain an understanding of how counsel intends to deliver a better, cheaper product through the use of digital tools. ■

The Magazine The quarterly publication, with strategies, best practices and analysis written by expert practitioners within the legal profession, offers an excellent branding opportunity to 15,000 print and 100,000 digital subscribers.

SUBSCRIBE NOW T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

fall 2017 today’s gener al counsel

AI CAn MAxIMIze In-house effICIenCy By Erik Severinghaus

L 48

egal departments within companies often tactically pivotal role of in-house counsel, it also face burdensome workloads with limited calls greater attention to the amount of time that resources. In this high-pressure environexperts within these departments are forced to ment, in-house lawyers must divide their time spend executing relatively low-level, repetitive between business-critical tasks and lower-level functions. AI, however, offers a promising solurepetitive functions. Amid mounting industry tion to this problem. regulations and workloads, this model is increasingly unsustainable. hARnessInG AI To IMPRoVe WoRKfLoW Fortunately, artificial intelligence (AI) has Although AI is a buzzworthy discussion across the potential to significantly bolster efficiency industries, when it comes to in-house legal departinternally. Key developments are emerging that ments, the conversation is still relatively new. will reshape how work is dispersed among inside It will not remain that way for long, however. counsel. But what do company legal teams need In recent years, legal-specific advances in cognito do to prepare for this shift — and what will tive computing have begun to emerge, pointing in-house legal departto the ways in which ments look like five AI will start to funLaw firms are already putting years down the line? damentally reshape Across industries, inthe legal profession, ternal legal departments the solution to the test, deploying including company’s have long had to cope legal departments. with being chronically One key developRoss to tackle elements of overextended. The issue ment in this arena is emerged in the wake of “ROSS,” an outgrowth their bankruptcy division. 2008’s global financial of IBM’s proprietary meltdown with the passupercomputer, Watson. sage of the Dodd-Frank Act, which introduced Touted as “the world’s first intelligent attorney,” strict compliance rules to preempt a future finanROSS is an interaction-based resource that is able cial crisis. Faced with unprecedented regulatory to conduct legal research and generate responses requirements, in-house counsel had a dearth of to queries with proper citations. What sets ROSS staff to fill the need. Since then, the time-intensive apart from a basic document-retrieval tool is that nature of regulatory adherence in addition to it is designed to provide authoritative recommenother administrative and operational tasks has dations based on the information it researches created legal workloads that can verge on beand synthesizes. As a product of the Watson ing unmanageable. Although legal department supercomputer system, ROSS is programmed operations professionals work to devise strategies to develop in speed and efficacy the more it is to expedite worker efficiency, these plans often interacted with. Law firms such as Baker & fall short. Hostetler are already putting the solution to Unfortunately, the issue of overburdened the test, deploying ROSS to tackle elements of in-house legal teams is not going away anytime their bankruptcy division. soon. Increasingly, businesses are turning to ROSS isn’t the only example of a burgeoning general counsel to handle higher-level strategic AI-driven solution for legal. Other companies, tasks in addition to traditional legal work. Alsuch as eBrevia, are also looking for ways to chanthough this elevated responsibility solidifies the nel AI into bolstering legal department efficiency.

fall 2017 today’s gener al counsel

For example, eBrevia is focused on building a solution that searches for and sorts legal documents according to established preferences, as well as developing knowledge to conduct more targeted document searching. AI solutions such as ROSS and eBrevia are anecdotal examples of a bigger trend that promises to reshape the way in-house counsel operates.

AI deployments within in-house legal teams are minimal, but that is set to change significantly over the next five years. Here are some of the key benefits we will see when it comes to AI improving and expediting in-house counsel workflows:

Erik Severinghaus is the Chief Strategy and Alliances Officer at SpringCM. Prior to leading strategy at SpringCM, he was Founder and CEO of SimpleRelevance, a highly acclaimed machine learning platform to optimize digital marketing. eseveringhaus@ springcm.com

• Better prioritization of contract reviews: For many organizations, contracts accumulate in high volumes around very concentrated periods of time — say, in the two weeks before the end of a financial quarter. This influx of activity has historically led to enormous inefficiencies between sales and legal, including a haphazard first-in-first-out review process. With the introduction of AI solutions, however, intelligent automation will be able to pre-scan contracts in order to determine optimal prioritization based on potential value and risk. • Faster due diligence reviews: Corporate transactions in progress are often encumbered by protracted due diligence reviews. AI, however, has the potential to significantly shorten this process by providing legal departments with the intelligence to consolidate and expedite reviews. PREPARING FOR ADOPTION Currently, AI deployments within in-house legal teams are minimal, but that is set to change significantly over the next five years. As AI-driven solutions within the legal sector become more commonplace, inside legal departments will need to follow strategic steps to successfully adopt and maximize these tools. Without an infrastructure that supports AI, these developments won’t be able to flourish. Here are some of the key ways that legal departments can create an environment that is conducive to success with AI deployments:

• Get administrative buy-in: Getting AI solutions up and running will require significant time and resources. Because of this, any internal department looking to deploy AI solutions needs to ensure the full backing of the C-Suite. Purchasing AI-driven workflow solutions is likely to be costly. • Plan for incremental adoption: Although some legal departments may be eager to fully maximize AI deployments to allay burdensome workloads, it is critical for inside counsel to take a slow and measured approach to AI. That means taking time to evaluate the potential costs and savings of a prospective solution, as well as overseeing pilot tests when applicable. • Prepare for cultural adoption: Without an internal culture that is knowledgeable about AI and receptive to its introduction, legal departments will find AI challenging. Therefore, as internal legal leaders approach the prospect of introducing AI internally, they must also work to build cultural awareness around AI and what its adoption means for employees. One of the biggest concerns in-house staffers have about AI is that it will drive them into obsolescence. Instead of replacing lawyers, however, it is more accurate to think about legal-departmentbased AI as an augmentation. In the case of ROSS, for instance, its use has largely been limited to mundane and repetitive functions such as compiling citations relevant to a case — a notoriously onerous task that traditionally demands a significant amount of lawyers’ time. Moving forward, we will see AI-driven solutions paving the road for more efficient inside counsel operations. Freed from repetitive and minute tasks, inside counsel will have more latitude to focus on difficult cases and high-level organizational issues. These positive changes will become apparent in the next five years, when the application of AI within legal departments evolves from its infancy into a mainstream reality. By then, AI solutions will have grown in structure and reliability, providing in-house legal teams with a dependable resource to ease the burden of repetitive tasks and enable focus on the most important work. ■

Be an Integral Part of the ConversatIon

CollaBorate on Best PraCtICes and mItIgate rIsk In ComPlIanCe and governanCe

upcoming in 2018

InformatIon governanCe atl anta nov ember

“The Exchange” Event Series is a think-tank of interactive brainstorming in an all-inclusive discussion format, outside the traditional panel presentation with PowerPoint. regIster today sPeCIal rates avaIlaBle through feBruary 2018

use Code mag2018

T o d ay s G e n e r a l C o u n s e l . C o m / I n s T I T u T e @TodaysGC

fall 2017 today’s gener al counsel

Cost Comparison for Financing Litigation B y Av i vA W i l l

L 52

itigation finance is a fast-growing area of the business of law, used by corporations and law firms to pursue litigation, to move cost and risk off balance sheets, and to leverage the captive value of pending litigation to unlock working capital for the business. According to 2016 research, the use of litigation finance by law firms quadrupled from 2013 to 2016, from seven percent to 28 percent. Even with that dramatic growth curve, most lawyers and their clients have never used litigation finance. Ten years ago, the reason may have been lack of awareness or caution about a “new” practice. Those explanations no longer hold: Most clients and private practice lawyers are aware of litigation finance, and courts and legislatures have repeatedly affirmed its use. In our experience, the number one reason that litigants haven’t financed commercial litigation is that they haven’t done the math — specifically, comparing the cost of paying for legal fees and expenses out-of-pocket versus financing those matters with a third party. On the numbers, it is hard not to see the benefits of financing litigation, as corporations regularly choose financing for practically every other area of their businesses, from copiers to real estate. The only difference is the degree of idiosyncratic risk that litigation finance companies assume. Funding is typically provided on a non-recourse basis, meaning clients often have no exposure for an unsuccessful case and can move most or all of the cost and risk of a litigation off their balance sheets. Litigation financing is priced accordingly, and clients who have not done the math may too easily conclude that it is “expensive.” What are the alternatives? One is walking away from the litigation altogether and ceding

a meritorious claim with value to the business, which 29 percent of general counsels responding to a 2016 survey said they had done. Another is to continue to pay ever-rising legal fees and expenses out-of-pocket, which has negative accounting and financial implications even when clients can afford to pay. A third alternative is attempting to squeeze savings out of law firms by negotiating discounted fees, fixed fees, capped fees, deferred fees or contingent fees. Law firms are understandably exhausted with this option and typically unwilling to assume an unlimited amount of client risk. For clients, too, pressure to discount fees can lead to unintended consequences. If a lawyer is good enough to have continued demand for his or her services, pushing compensation levels below the market either will result in that lawyer not wanting the client’s work or cutting corners performing it. At the very least, the result may be injecting an unpleasant and divisive negotiation between client and counsel that shifts the focus from the merits of a client’s case to the cost of a lawyer’s time. Litigation finance represents a better solution, once clients take the time to quantify the relative costs and benefits of financing models.

The Accounting Treatment of litigation

It is helpful to understand the negative accounting impact of litigation on corporate balance sheets, which can make pursuing litigation almost punitive for many clients. A pending litigation claim is, practically speaking, a “receivable,” albeit a contingent and risky one. From an accounting perspective, when a company is owed money by someone, it almost always creates a balance sheet asset, or receivable. Money spent to collect that receivable is

often added to its asset value, or “capitalized.” Litigation does not follow these accounting rules. As a company pursues a litigation claim, the money it spends is immediately expensed, flowing through the P&L and reducing operating profits. Moreover, those expenses do not create a balance sheet asset. Indeed, a pending litigation claim — despite having legal status as an asset, or a “chose in action” — is affirmatively not an asset for accounting purposes. It is found nowhere on financial statements, not even in the notes. To make matters worse, when a significant litigation claim succeeds, the associated income from the claim often is not treated as operating income on the P&L. Instead, it appears “below the line” as a non-operating or one-off item because litigating claims typically is not the core business of the company. Companies want to maximize profits and minimize expenses. Incurring expenses as a litigation matter proceeds and then being unable to recognize income from a win is at best suboptimal and, in some cases, can be prohibitive. Beyond the obvious reduction in profitability, there is the added concern for publicly traded companies that investors won’t see, and there-

fore won’t credit, the It’s hard not to see the benefits litigation asset and will of financing litigation, as instead see a negative valuation impact from corporations regularly choose pursuing litigation. The ongoing expense financing for practically every of litigation reduces net profits and other area of their businesses. EBITDA, negatively affecting companies that trade on a P/E or EV/EBITDA multiple. Litigation finance avoids the negative impact of the costs of litigation on corporate balance sheets. When a litigation financier pays the costs of a lawsuit, those costs do not flow through the company’s P&L, thus conserving profitability from operations. Working with an outside financier also enables a company to husband its cash to use for other purposes. When the company wins its claim, the first time its financial statements are affected by being a litigant is when it has a positive cash and income event.

A Side-by-Side Comparison of Costs

The many variables associated with complex commercial litigation make it nearly impossible continued on page 57

Using Cloud Technology in M&A Due Diligence By Josh KirK

W 54

e are in the midst of an unprecedented global boom in mergers and acquisitions, as a recent Financial Times article makes clear. As the article notes, 2016 was the second-best year for dealmakers since the financial crisis, despite political upheaval and government efforts to block deals. And there are no signs of the M&A boom abating, as investor pressure to find growth coupled with large volumes of capital available at low-borrowing rates will only drive more deal-making. While this may be good news for M&A lawyers, the rapid pace of deal-making increases the pressure on due diligence teams to verify information provided by the seller, arrive at a plausible assessment of value, evaluate the business opportunities presented by integration, and identify the potential risks a deal could pose in the near and far term. That is a tall order, and the challenge is exacerbated by business trends that have emerged in recent years. Corporate budgets for external legal advisors have been shrinking, and the scope and complexity of due diligence projects have increased as enterprise-scale commerce has entered a thoroughly global and mobile marketplace. Traditional areas of focus have included the target companyâ&#x20AC;&#x2122;s assets, past and current litigation, contracts, employee agreements and benefits, customers and sales. But the list has lengthened. Due diligence teams are now likely to look at compliance (often in an international context), cybersecurity, data privacy, IT infrastructure and information governance. And this is by no means a comprehensive list. Understanding and evaluating these issues puts a premium on skilled analysis and rigorous organization. It also requires efficient and

todayâ&#x20AC;&#x2122;s gener al counsel fall 2017

substantive collaboration across a team of professionals who may be at multiple locations and time zones. Due diligence teams must find ways to efficiently pore through large numbers of documents and other media in a broad range of formats, under very tight timelines. While any due diligence team will certainly be focused on verifying the accuracy and completeness of financial data provided by the seller, careful buyers will also want to examine in detail the strategic rationale behind a deal, identify any unanticipated barriers to successful integration and evaluate the potential for long-term financial benefits. Accurate evaluation of a deal in all of its implications requires thoroughness, objectivity and insight. Effective due diligence thus depends on trained professionals from a variety of backgrounds. These individuals must continually draw upon their collective experience and judgement to synthesize large amounts of complex information in a collaborative environment, and it is becoming clear that due diligence teams need better tools to complete their work on time. This is where a well-conceived virtual data room can make a significant difference. THE VIRTUAL DATA ROOM The use of online or virtual data rooms is standard practice in M&A due diligence. Much like the physical data room that preceded it, a virtual data room (VDR) functions as a centralized warehouse populated by key documents and other file types provided by the organization being sold. Unlike a physical data The rapid pace room, however, a VDR is not of deal-making simply a document repository. It is a powerful increases the tool for simplipressure on due fying, accelerating and controldiligence teams. ling the entire due diligence workflow. Advanced data rooms can now support just about any file format and present very diverse document sets to reviewers on screen in a single, uniform interface. Some systems can also provide instant visual previews of large files as they load so that users can make rapid decisions about relevance, and quickly identify specific pages or passages to focus on. Teams should be able to classify items using

fall 2017 today’s gener al counsel

tagging tools, annotate items and organize them into custom virtual “folders.” Some VDRs also allow users to create live hyperlinks between documents or parts of documents with the click of a mouse, thus forging logical connections that may later become important components of the overall analysis of the deal. A state-of-the-art VDR provides dashboards and reporting tools for better control over the

agencies. Security is one of several functional areas that demonstrate the superiority of cloud infrastructure for modern VDRs. Deployment of cloud technology allows for sensitive data and work product to be contained within the shared online workspace. Users will rarely need to copy, download or print documents, which are available around the clock via web-based login to authorized users in any location. This

A good VDR can also allow users on both the buyer and the seller sides to set up secure virtual “meeting rooms.” project. Such tools allow team leaders to continuously monitor project status, assign and adjust roles and responsibilities, receive automatic notifications when new materials are added to the document set, and quickly determine which items have been reviewed and which remain in the queue. Tools like these are now essential to manage the process for optimal efficiency and cost-effectiveness.

Josh Kirk is a Business Development Associate at Opus 2 Forum with a background in capital markets and the duediligence process for M&A. Prior to joining Opus 2, he practiced law as an attorney at Ashurst LLP, where he specialized in corporate and finance work, and was on secondment to Credit Suisse’s M&A legal team. jkirk@opus2.com

TIGHTENED SECURITY A well-designed VDR will tighten security and allow parties to exert control over sensitive information. The importance of data security in any due diligence process can hardly be overstated. To be credible and practical, a VDR platform must have tools that allow administrators to designate different tiers of access by individual user or user type. Some users may be granted access to all folders or documents; many others may be allowed access to only subsets of data. These distinctions should be easily configurable and automatically implemented, as should controls over who (if anyone) may download or print documents. Designated system administrators from the buyer and seller teams should also have the capacity to monitor all activity within the VDR. A good VDR can also allow users on both the buyer and the seller sides to set up secure virtual “meeting rooms” within a separate software layer where authorized team members can engage in frank and private discussion of key documents or issues, and create detailed annotation threads. If there are multiple prospective buyers, each should have its own secure, private workspace. Security features and protocols in any VDR should be at least as robust as those used in the best-run financial institutions and government

is the most reliable way to ensure that private information does not end up on laptops and other devices that can be lost or stolen. A cloud-based VDR that allows team members to access the data set via web-based login facilitates a much more dynamic process of collaboration. Multiple team members can access the same materials and occupy the same “workspace” simultaneously. Web-based access makes it more practical to assemble teams of individuals who complement each other and possess the right areas of expertise for a given project, without having to make travel arrangements or schedule conference calls. As the M&A due diligence process adapts to more and bigger deals in a global environment, buyers will need to provide their due diligence teams with better tools to assess the logic that is driving those transactions and uncover areas of potential risk. Rather than viewing due diligence as a verification exercise, organizations should understand the process for what it is: a complex workflow that requires collaboration among teams of highly skilled experts. Advanced data room technology can make the process more efficient. More importantly, a well-designed virtual data room can produce a more complete understanding of the proposed deal and its long-range implications. ■

today’s gener al counsel fall 2017

Financing Litigation continued from page 53

to provide off-the-shelf pricing, and no single comparison will apply to every scenario. A hypothetical example, however, can help lawyers help clients “do the math” for the most easily understood form of litigation finance, in which the fees and costs of commercial litigation matters are paid by an outside funder in exchange

case and receives the following proposal: The litigation finance provider will pay the entire cost of the $5 million budget. In exchange, the litigation finance provider receives its outlay back and 25% of the net proceeds from the lawsuit if successful. After receiving the proposal, the accounting team at ACME Co. conducts the following analysis to compare the cost of proceeding and financing out-of-pocket, and the cost of proceeding with litigation finance.

Without litigation finance

With litigation finance

creation of a legal claim

• Claim can’t be recorded as an asset on the balance sheet • Stock analysts don’t account for potential value of legal claim

The legal claim asset worth approximately $70 million cannot be recognized

Opportunity to monetize legal assets

ACME Co. no longer has to bear the cost of litigation and its negative accounting impact, and in addition, can invest the capital it would have used for legal fees back into growing the business

necessary legal expenditures

• Costs can’t be capitalized, but must be expensed each period • Reduces operating profit in each period

Annual legal costs of $1 million, reducing ACME Co.’s operating profit by $5 million over five years

Up to 100% of legal costs covered

ACME Co. reports better operating margins than it would if it were funding the legal claim on its own balance sheet

3a. Successful claim

• Seen as an exceptional event that isn’t core to the company’s business activities • Excluded from forecasts before a victory, not appreciated afterwards

The market reaction to the news is far less than hoped, but the company does have $70 million to redeploy in the business

Upside participation in the outcome

ACME Co. receives net proceeds of $45 million, over 64% of the original damages estimate, having taken no risk during the pendency of the litigation

3b. unsuccessful claim

• Questions from the Board of Directors about wasting $5 million on the unsuccessful claim

ACME Co. regrets that it pursued the claim on its own, shouldering the risk by itself

Downside exposure mitigated

No impact on corporate balance sheet because litigation finance provider bears cost; revenue neutral outcome

for a portion of any settlement or judgment. (Note: The data and application scenario in this example are fictional and offered for illustrative purposes only.)

Case Study: ACME Co. Antitrust Claim

ACME Co., a company engaged in the manufacture, distribution and sale of widgets, has a $70 million antirust claim against some number of its suppliers that will cost approximately $5 million to litigate. By all accounts, ACME Co. has a viable, NPV-positive legal claim with strong legal merits, substantiated damages, defendants that can afford the judgment awarded, and sufficient cost-to-damages ratio given the expected duration. ACME Co.’s general counsel recommends moving forward with the claim. However, the general counsel’s budget is already under considerable stress, and ACME Co. needs to consider the negative impact of litigation spending on ACME’s P&L and market value. Thus, ACME Co.’s external counsel recommends the company consider using litigation finance. ACME Co. contacts a third-party litigation finance provider, explains its

Litigation finance eliminates the need for ACME Co. to choose between sacrificing company profits or foregoing a valuable legal claim that will potentially bring a significant sum of cash into the business. Instead, ACME Co. can pursue a profit-generating legal claim while enabling the company to realign budgets so that more cash can be allocated to value-increasing activities — effectively turning the legal department from a cost center to a profit center. There are many other ways clients and their firms can use litigation finance, for example, to de-risk judgments on appeal, thereby moving risk off balance sheets, or to unlock working capital for the business by monetizing pending individual high-value claims or portfolios of plaintiff and defense matters. Doing the math of comparing financing costs for these scenarios likewise provides objective data points that can be used to make smart decisions about how best to finance a litigation. Once clients appreciate that external financing addresses several of the perpetual pain points associated with litigation, the decision to use legal finance seems simple. ■

Aviva Will is Managing Director in charge of Burford Capital LLC’s underwriting and investment team. She previously was Senior Litigation Manager and Assistant General Counsel at Time Warner, Inc. and a senior litigator at Cravath, Swaine & Moore. info@burfordcapital. com

The Power of Accountability to Achieve Diversity and Inclusion By Christopher A. Pickett

TODAY’S GENER AL COUNSEL FALL 2017

Large law firms are the least diverse sector of the legal industry. Diverse teams have been shown to outperform those that are homogeneous, but law firms consistently fail to implement policies or practices that promote it. Many other industries are realizing positive impacts in diversity and inclusion by implementing policy changes, setting measurable goals, and focusing on top-down culture changes that push companies to achieve their goals, but those successes have not moved to the legal industry, which remains remarkably homogeneous. Though many law firms are aware of their lack of diversity, and have implemented diversity and inclusion initiatives and hired diversity professionals, the legal industry is still overwhelmingly white and male. According to the Institute for Inclusion in the Legal Profession, 1.77 percent of large law firm partners in the United States are African-American, 2.89 percent are Asian American, and 2.19 percent are Hispanic. The statistics for women of color are similarly dismal, with African-American women representing 0.64 percent, Asian-American women representing 1.07 percent, and Hispanic women representing 0.3 percent of large law firm partners. The reasons are too many to review in their entirety here, but at a high level there are systemic issues that negatively impact women and attorneys of color and prevent them from advancing to partner and leadership positions. At the micro level, the issues include hiring, work assignment, succession planning and credit allocation policies that may disfavor attorneys of color. In addition to formal policies, often there are informal policies and practices that disfavor attorneys of color and female attorneys. They may not impact the recruitment of top students of color, but over time they create work environments where women and attorneys of color do not feel valued and are not treated fairly or equally, and that negatively impacts retention. It is not only the policies that impact diversity and inclusion, but also their application. The issue often is not intentional unfairness or inequality, but rather implicit or unconscious bias, and significant research illustrates its impact. In one study, a consulting firm sent a legal memorandum to 60 large law firm partners for their review and analysis. Half were told the memorandum was written by a white male attorney, and the other half were told it had been written by a black male attorney. The memos were identical. Reviewers who believed it was written by a black man criticized the memorandum as “average” and “needing a lot of work,”

rated the memo 3.2 out of 5, and found three more typographical errors than those reviewers who believed it was written by a white male. The reviewers who believed it was written by a white male rated the memo 4.1 out of 5, praising the author for his potential and good analytical skills. This study helps show why, even though many firms have diversity and inclusion committees and managers who work toward diversity and inclusion goals, there has not been significant positive impact. Law firms, unlike large companies, are not held accountable by shareholders, board members and the public. They operate privately and are insulated from public pressure. However, legal departments are now beginning to hold law firms accountable for their lack of diversity, and it’s that accountability and pressure that may ultimately result in the positive impact many of us would like to see. When companies began focusing on diversity and inclusion, they often measured the diversity of their law firm partners by simply counting the attorneys of color and/or women working at the firm. Over time, companies began requiring attorneys of color and/or female attorneys to work on specific matters, but the emphasis remained on the number of attorneys at the firm, working for a client, or working on a matter. This analysis resulted in law firms focusing only on recruiting, rather than recruiting and retaining, attorneys of color. It also allowed firms to analyze diversity goals only in the context of numbers, without confronting systemic barriers that impact the ability of women and attorneys of color to advance to partnership or leadership positions. Furthermore, with companies focusing solely on numbers, law firms also viewed diversity through the lens of tokenism, believing they needed only to have enough attorneys of color within their ranks to satisfy clients. This mindset further harmed attorneys of color, who were viewed within the firm as necessary but not equal in quality to their counterparts, and often had the burden of not just attempting to succeed as an attorney, but also of acting as the “face” of diversity. Lastly, partners often saw attorneys of color as fungible, easily replaced by another attorney of color should he or she leave employment. This method of analyzing diversity demeaned their contribution and was an additional impediment to their advancement within the firm. Legal departments are in a unique position to help law firms achieve true diversity and inclusion. continued on page 63

Enforcing Unenforceable Contract Provisions in Bankruptcy By Amir Gamliel and Sara Chenetz

ontracts routinely include anti-assignment and ipso facto provisions, which are typically unenforceable in bankruptcy cases. Such provisions restrict contracting parties from transferring

their obligations and rights under the agreement to a third party without obtaining permission. They are known as “anti-assignment clauses.” They also permit termination due to the bankruptcy, financial condition, or insolvency of a party — known as “ipso facto clauses.”

today’s gener al counsel fall 2017

This article discusses exceptions to their usual unenforceability in bankruptcy, and provides drafting tips on how to avoid that result.

ENFORCEABLE ANTI-ASSIGNMENT PROVISIONS With limited exceptions, the Bankruptcy Code provides that contract provisions that condition assignment on consent are unenforceable against a debtor or trustee in bankruptcy. As with much else, there are exceptions. The three primary exceptions are: • Personal Services Contracts. Thanks in part to the Thirteenth Amendment, personal service contracts are not assignable without consent, in or out of bankruptcy. A commonly cited example is an agreement between a famous opera singer and an opera house. Due to the singer’s unique skills and popularity, she may not assign the contract to someone else without the consent of the opera house. The law is equally applicable in instances where someone who is not a debtor does not consent to the assignment of his or her personal services contract with a debtor. For example, when restaurant chain Planet Hollywood filed for bankruptcy in the late 1990’s, it was unable to assume or assign certain endorsement agreements involving prominent athletes such as Andre Agassi and Tiger Woods. Personal service contracts generally involve one party relying on a special skill of another party that cannot be replaced by someone else, or an agreement that creates a special relationship of confidence between the parties. Besides famous singers, other notable personal service contracts include service agreements with a particular architect, lawyer or physician to render services. Contracts explicitly attesting to personal relationship between the parties may fail to qualify as personal service contracts. Just saying it is so does not make it so. Whether an agreement is a personal service contract is a question of fact determined under state law. For example, one court concluded that physician contracts to provide medical services to members of a bankrupt HMO were not personal service contracts, since the contracts at issue did not require the physicians to perform the services personally. Therefore, they were deemed assumable and assignable. • Law Precludes Assignment without Consent. The Bankruptcy Code also prohibits the

assignment of contracts without the consent of the other party, if other applicable law specifically provides that the identity of a contracting party is crucial to the contract, or when public safety is at issue. Certain federal statutes, for instance, preclude the assignment of government contracts, such as contracts to produce military equipment, without the government’s consent. Whether or not public safety concerns are implicated will likely garner more debate in the future in light of recent terrorist attacks. One Delaware bankruptcy court held public safety concerns are not implicated by a debtor running an airport car rental service. Perhaps the outcome would have been different if the debtor attempted to assign its business to a citizen of certain foreign countries, or with certain political ties. The Fifth Circuit took a different view, holding that a debtor operating an airline was not permitted to assign its contractual rights in light of public safety concerns. • Contracts to Make Loans or Issue Securities. Certain contracts are not assignable in bankruptcy, even if the other party to the contract consents. These include loans, debt financing or other “financial accommodations,” or contracts to issue a security of the debtor. The Bankruptcy Code does not define “loan,” “debt financing” or “financial accommodation.” Some courts have held that these terms should be strictly construed so they do not cover ordinary contracts that have incidental financial accommodations. Attempts by non-debtors to convince courts that contracts for ordinary unsecured credit sales are truly financial accommodations generally fail. Nevertheless, some courts have held that a sales contract in which the seller agrees to provide carryback financing is in the nature of a debt financing or financial accommodation and thus not assignable under bankruptcy law. By contrast, a sublease agreement that provides for the payment of additional rent based upon a percentage of gross sales has not been considered a financial accommodation.

ENFORCEABLE IPSO FACTO CLAUSES

Ipso facto clauses, which provide, for example, that a contract terminates upon bankruptcy filing by a party, are typically unenforceable in bankruptcy. They will be enforced in nonassignable contracts to make loans or other financial accommodations or issue securities. Ipso facto clauses contained in forward and commodity contracts are enforceable, provided that various

FALL 2017 TODAY’S GENER AL COUNSEL

preconditions are satisfied, among them that the contract fits the Bankruptcy Code’s definition of a forward or commodity contract. The rationale is protection of volatile financial markets and institutions from the effects that would result from a bankruptcy filing that halts the completion of performance under such contracts, particularly by a major player in the financial markets, and potentially triggers a chain of insolvencies by other market participants. A party to forward and commodity contracts must

enforceability of anti-assignment provisions, and noting in a contract the public safety impact of the products of such a contract may help prevent assignment over objection. A way to promote the enforceability of an ipso facto clause is to create a bankruptcy-remote, special purpose entity that restricts a company’s ability to file for bankruptcy in the first instance, and provides that insolvency or other financial distress outside of bankruptcy is a cause for termination. As long as one party does not have

While labeling an agreement a personal service contract alone does not suffice, describing the unique nature of the services to be provided may help render an

Amir Gamliel, counsel in Perkins Coie LLC’s Los Angeles office, advises financially troubled entities, parties that have invested in or managed these entities and parties aiming to acquire such entities or their distressed assets. He also represents parties in complex litigation. agamliel@perkinscoie. com

anti-assignment clause enforceable. exercise its rights to terminate promptly, however, and may lose this right by, for example, waiting until the market tilts in its favor. It is typically the debtor in bankruptcy that benefits from the unenforceability of some of its contractual provisions. As such, entities doing business with other entities in financial distress may want to incorporate contractual terms that closely align with the applicable exceptions. While labeling an agreement a personal service contract alone does not suffice, describing the unique nature of the services to be provided under a contract may help render an anti-assignment clause enforceable. In that regard, sellers of goods may want to consider offering carry-back financing in their contracts so as to fall within the financial accommodation exception. Eliminating exclusivity rights in copyright license agreements likewise may impact the

a complete veto over whether the other may file for bankruptcy, and a director’s fiduciary duties are not eliminated, these bankruptcy-remote (not bankruptcy-proof) structures are usually enforced. If a business may not file for bankruptcy, the nondebtor party to a contract with it may be able to trigger termination thanks to an ipso facto clause based on, for example, the debtor’s insolvency. Understanding the enforceability of certain contract provisions in bankruptcy isn’t an easy task. It is made more complicated because courts in different jurisdictions take different approaches to the enforceability of anti-assignment and ipso facto clauses. Thus, contract drafters should consider consulting counsel when drafting such provisions, and considering whether these provisions would be enforceable against the other side, if the other side becomes a debtor in bankruptcy. ■

Sara Chenetz is a partner with Perkins Coie LLC in their Los Angeles and San Francisco offices. She represents clients with varied interests in bankruptcy, restructuring, workout, litigation and credit risk matters. schenetz@perkinscoie. com

SUBSCRIBE TO

“Informative and worth reading.” “I refer to the magazine often and the information is useful in my daily work.” SUBSCRIBE NOW TODAYSGENER ALCOUNSEL.COM/SUBSCRIBE

TODAY’S GENER AL COUNSEL FALL 2017

Diversity and Inclusion continued from page 59

Law firms are accountable to one outside entity: their clients. If companies make diversity and inclusion a significant part of what they consider when engaging new law firm partners or reviewing current law firm partners, then the firms will be forced to better analyze their diversity and inclusion initiatives. History has shown, however, that this will occur only if companies analyze diversity and inclusion in a complex manner, with a true understanding of diversity and inclusion goals. By connecting real accountability to their company’s expectations for diversity and inclusion, law firms will have no choice but to comply if they want to maintain that relationship, and consequently they will be motivated to work towards removing the institutional barriers and biases that keep diverse employees from being hired, retained and advanced. Recently, some companies have received credit for their diversity and inclusion mandates. Some began reducing fees if law firms did not meet certain diversity metrics, while still others offered fee bonuses if firms met certain diversity metrics. These are excellent first steps, but there are additional steps companies can take in order to push the legal industry in the direction of true diversity and inclusion. To better measure the culture of a law firm, legal departments should ask for a variety of information, including: • Information about promotion opportunities (number of attorneys of color and/or female attorneys who successfully moved from associate to equity partners). • Information about female equity partners and partners of color. • Attrition rate among attorneys of color and female attorneys. • Numbers of attorneys of color and women working in firm leadership (demographics of management committees, compensation committees, practice group leaders). • Information about succession planning and how the firm ensures that it includes attorneys of color and female attorneys, and how the firm assists attorneys of color to become the relationship attorneys for firm clients. • How “credit” at the firm is allocated. Knowing these things can lead to a clear understanding of a firm’s culture and true dedication to diversity and inclusion. Furthermore, as you

request the information, in addition to becoming part of the fabric of your legal department, these concerns will become entrenched in the law firms that want to do business with you. This information, however, will impact Legal the diversity and includepartments sion work only if there are consequences for are in a unique not “measuring up” to the goals your departposition to help law ment determines as firms achieve true important. In addition to requesting informadiversity and tion, law departments inclusion. and companies should set requirements that firms must comply with in order to satisfy diversity and inclusion goals. First require that, for new work, credit allocation will not be focused entirely on the lawyer responsible for the first engagement, but also includes lawyers working on the file. Second, you can require that an attorney of color or a woman not only work on a file, but also be included on communications with the client. Third, if you are a longtime client of a law firm, you can identify attorneys of color or female attorneys and offer them secundments to increase their visibility within the company and enlarge their role within the firm. Fourth, your department can identify attorneys of color and work to mentor those associates/young partners (both those who work on your files and those who do not), to not only increase their visibility within the company, but also to help them develop a network that will help with business development as their career advances. Though following these suggestions can cause Christopher A. uncomfortable conversations or may seem like inPickett is the leader of appropriate intrusions into a law firm’s operation, the Securities & Finanthey are identical to a client suggesting that the cial Services industry law firm needs a lawyer with a specific expertise, group at Greensfelder, that it begins developing a practice area, or that Hemker & Gale, and it consider alternative fee arrangements. If the the firm’s Chief Diverlegal industry is going to see real positive change, sity Officer. He helps these conversations must occur and accountability clients from a variety of must come from clients. If companies identify real industries with disputes goals, ask real questions, and seek real change, related to restrictive law firms and the legal industry will finally covenants, misapprochange for the better. priation of trade secrets, This list of suggestions is not complete. Stratediscrimination claims, gies are limited only by the determination of and claims of breach of your company and its legal department to work fiduciary duty and unfair to achieve real positive change in diversity and competition. inclusion initiatives within the legal industry. ■ cap@greensfelder.com

fall 20 17 today’s gener al counsel

B A C K PA G E F R O N T B U R N E R

SEC is Serious About Cybersecurity Compliance By Jeffrey taft, Matthew rossi and amy Ward Pershkow

Cyber risks faCed by the U.s. financial markets

have been front page news over the last few months. This September, the SEC announced that its online database for receiving, storing, and publishing corporate securities filings had been compromised in 2016 by hackers who may have traded on information they obtained. Two weeks earlier, Equifax announced that it was the victim of a cyber attack. Before that, businesses around the world were attacked by WannaCry ransomware. In light of these and similar cyber events, all businesses should review their cybersecurity policies and procedures. In August, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the results of its second cybersecurity examination initiative. For about a year beginning in September 2015 OCIE examined 75 regulated entities — broker-dealers, investment advisers, and investment companies — focusing on governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response. OCIE reported the results of its initiative in a “Risk Alert,” which recommends best practices for regulated entities. Six elements that regulated entities should consider adopting as part of their compliance plan were identified: • Maintenance of an inventory of data, information and vendors: A complete inventory and classification of the related risks and vulnerabilities. • Detailed policies and procedures for penetration testing, security monitoring, system auditing, access rights and data breach reporting: Specific documentation addressing the scope, methodology, timing and responsible parties for cybersecurity activities. • Maintenance of schedules and processes for activities such as vulnerability scanning and patch management: Defined schedules and prioritization for identifying system vulnerabilities. • Effective access controls and access monitoring: Implementation of acceptable use and mobile device policies, review of third-party vendor logs and very prompt termination of former employee systems access. • Mandatory enterprise-wide information security training: Periodic and onboarding training covering all employees.

• Engagement of senior management in the review and approval of cyber-related policies and procedures. The OCIE has indicated that it will continue its initiative by examining cybersecurity compliance procedures and controls, and their implementation at regulated entities. The SEC’s focus on cybersecurity is not limited to regulated entities. It has also addressed cybersecurity for issuers of public securities. In 2011, the SEC’s Division of Corporation Finance released guidance explaining that existing disclosure requirements may impose an obligation to disclose significant cybersecurity risks and incidents. Companies should consider whether cyber risks or incidents should be disclosed in prospectuses, registration statements, and the “Description of Business” and MD&A sections of their periodic filings. Disclosures about cybersecurity matters are not required in such detail that they would compromise cybersecurity efforts. In addition, the SEC has targeted cybersecurity violations in enforcement actions. In particular, the Division of Enforcement has focused on the “safeguards rule,” adopted in 2000 as part of Regulation S-P under the Gramm-LeachBliley Act. Recent enforcement actions targeting violations of the safeguards rule show that the SEC is serious about cybersecurity compliance. ■

Jeffrey taft is a Financial Services Regulatory & Enforcement partner at Mayer Brown LLP. His practice focuses primarily on bank regulation, bank receivership and insolvency issues, payment systems, consumer financial services, cybersecurity/privacy issues, and anti-money laundering laws. jtaft@mayerbrown.com Matthew rossi is a partner at Mayer Brown LLP and co-leader of the firm’s Securities Litigation & Enforcement practice. Before joining Mayer Brown, he worked in the SEC’s Enforcement Division, where he served most recently in the position of Assistant Chief Litigation Counsel. mrossi@mayerbrown.com amy Ward Pershkow is a Corporate & Securities partner at Mayer Brown LLP. She focuses primarily on representing investment companies, investment advisers and financial services companies. apershkow@mayerbrown.com

Build a Better Business

develop new Business strategies for internal legal operations teams

upcoming in 2018

legal operations Be v erly Hil l s/ los Angel es M ArcH

â&#x20AC;&#x153;The Exchangeâ&#x20AC;? Event Series is a think-tank of interactive brainstorming in an all-inclusive discussion format, outside the traditional panel presentation with PowerPoint. register today special rates availaBle through feBruary 2018

use code mag2018

T o d ay s G e n e r a l C o u n s e l . C o m / I n s T I T u T e @TodaysGC

YOU NEED AN ARBITRATOR WHO UNDERSTANDS AEROSPACE. WE HAVE THE EXPERTISE. Our panel is composed of accomplished arbitrators and mediators–attorneys, former federal and state judges, and business owners specializing in a diverse range of domestic and international subjects. Each brings a lifetime of experience in fields including aerospace, healthcare, cyber-security, IP, energy and more. When resolving your dispute requires industry expertise, trust the American Arbitration Association® and the International Centre for Dispute Resolution®.

adr.org

| +1.800.778.7879