Today's General Counsel, V12 N3, June/July 2015 by Today's General Counsel

JOIN US FOR THE

LAW DEPARTMENT AND LEGAL OPERATIONS DAY AT ILTACON 2015

AUGUST 31, 2015 â&#x20AC;¢ CAESARS PALACE, LAS VEGAS

The ILTACON 2015 Law Department and Legal Operations Day is the third annual event for law department and legal operations members. This is an exclusive event with a focus on operational strategies and issues for legal technology professionals who work in law departments or as part of legal operations. It brings corporate peers together to share their concerns, hear from experts and develop strategies and takeaways. Find more information about this event at iltacon.org.

ILTACON 2015 AUG 30 - SEPT 3, 2015 | CAESARS PALACE, LAS VEGAS 4 days, 200+ speakers and sessions, 3000+ attendees, all designed for you by peers.

$500

or register for the full ILTA conference at iltacon.org/register.

jun/jul 2015 toDay’s gEnEr al counsEl

Editor’s Desk

Insurance is a gamble in which actuaries and other experts assess risk (odds). It’s a good business because new risks are always arising, and prudent companies want financial protection if what is often called “the unthinkable” happens. The odds against that are said to be high, but if it happens – well, we don’t like to think about it, and that’s why there are insurers. In this issue of Today’s General Counsel, Richard Giller writes about various forms of standard insurance and how they differ with respect to coverage against class actions based on unsolicited faxes and phone calls to consumers, while Catherine J. Serafin discusses insurance issues that are routinely overlooked in commercial contracts. Both articles reference some unpleasant possibilities, but in her article about the implications of cyber-attacks, Ellen Canan Grady deals with the genuinely unthinkable, not because they are the kind of terrorist acts that are beyond the imagination of most human beings, but because heretofore unknown forms of cyber-attack are invented daily, and the damage they can cause is at this point incalculable. She advises general counsel to inform board members of their duties and potential liability – and about insurance against such attacks. Either a committee or the entire board should be made formally responsible for overseeing cybersecurity risk, she suggests. Diversity and inclusion are on many company agendas, with respect to hiring and also when retaining outside counsel. Christina Lewis writes that the best way to avoid the kind of negative consequences generated by discrimination claims is prevention, with particular attention to mentoring, sponsorship and unbiased performance evaluations. Anna M. Maiuri and

Joseph K. McKinney discuss how RFPs for outside counsel can be written to give firms with a commitment to diversity a leg up, and why that should pay off in new ideas and deeper analyses of issues. This issue we welcome a new columnist, Mark A. Cohen. Mark, a seasoned veteran of the national legal scene, will be writing about the legal marketplace, how it is changing and how general counsel can leverage those changes to their advantage.

Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com

Inside track. When you’re in the race, every advantage counts. Like having a lawyer who’s been in your shoes. At Barnes & Thornburg, more than 70 of our attorneys have been in-house or general counsel. We understand your challenges – and what it takes to keep you ahead of the pack.

Uncommon Value

ATLANTA

CHICAGO

DELAWARE

INDIANA

LOS ANGELES

MICHIGAN

btlaw.com

MINNEAPOLIS

OHIO WASHINGTON, D.C.

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Features

NUTS & BOLTS OF REPRESENTATIONS & WARRANTY INSURANCE Teresa A. Beaufait and Anshu S. K. Pasricha RWI addresses both purchaser’s and seller’s concerns.

INSURANCE CONSIDERATIONS WHEN NEGOTIATING COMMERCIAL CONTRACTS Catherine J. Serafi n, Surprising number of insurance considerations in common contracts.

PLAINTIFF-FRIENDLY COMPETITION DECISIONS FROM CANADA Nikiforos Iatrou, Bronwyn Roe, and Jeff Scorgie U.S. businesses potentially subject to Canadian antitrust investigations could be affected by two recent decisions.

54 56

Page 48 COLUMNS

Tammy McCutchen Eligible list will expand, but by how much?

MORE WITH LESS FOR CORPORATE LEGAL Ed Chang Right-sourcing goes in-house.

TCPA COVERAGE DEPENDS ON HOW “ADVERTISING INJURY” IS DEFINED IN THE POLICY

Anna M. Maiuri and Joseph K. McKinney Carefully written RFP will reveal fi rms’ diversity commitment.

THE ANTITRUST LITIGATOR Using Budget Analytics in Litigation Jeffery M. Cross Consideration of strategic options becomes part of the budget process.

Richard C. Giller Review your policies: ISO or non-ISO could spell the difference.

DIVERSITY-DRIVEN RFPS CAN HELP SECURE YOUR PREFERRED OUTSIDE FIRM

WORKPLACE ISSUES DOL Will Narrow Overtime Exemptions

THE LEGAL MARKETPLACE So Many Options, So Little Time Mark A. Cohen Vendors and foreign attorneys competing with U.S. law fi rms.

SPONSORED SEC TION AUG/SEP T 20 15

E-DISCOVERY AND INFORMATION GOVERNANCE The challenges of e-discovery are making information governance critical—and the marketplace is evolving to meet that need. This special section focuses on this important topic and highlights what solution providers are doing to address this issue. More specifically topical coverage will include: • More data, more risk • Developing a holistic approach • Controlling uncontrolled data

• TAR goes mainstream • Charting a course: leading practices • Evolving tools and technologies

Several sponsorships for the section are available which will highlight your organizations efforts and provide you with the perfect vehicle to showcase your thought leadership with a key demographic of corporate legal department decision makers and other c-suite executives. The award winning magazine has broad distribution to these groups with print distribution of over 15,000 and a digital readership of over 100,000.

EACH $7,500 SPONSORSHIP INCLUDES: • An extensive interview with an executive at your organization for inclusion in the 2200 word section • A full page advertisement adjacent to the piece • Bonus distribution at the Houston and Seattle “Exchange” Corporate E-discovery Conferences • Bonus distribution at ILTACON 2015 in Las Vegas

F O R M O R E I N F O R M AT I O N A B O U T T H I S U N I Q U E O P P O R T U N I T Y C O N TA C T:

NEIL SIGNORE nsignore@todaysgc.com 201.560.6591 STEVE LINCOLN slincoln@todaysgc.com 203.705.8407

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Departments Editor’s Desk

Executive Summaries

Page 16

INTELLEC TUAL PROPERT Y

16 The Mounting Threat From Counterfeits 6

Mark N. Mutterperl, Jessica S. Parise, Benjamin Z. Koblentz and Kedar S. Bhatia Potential liability if the knock-off fi zzles.

18 Inter Partes Review is FastPaced James Coughlan, Bing Ai, Kevin Patariu and John Schnurer Primer on what’s proving to be a strategically advantageous forum.

CYBERSECURIT Y

E-DISCOVERY

22 FTC Guidance for the Internet of Things

26 Pending Changes in Federal Rules Will Change E-Discovery

Douglas H. Fleming and James H. Wendell IoT devices create new breach and privacy risks.

24 General Counsel Must Discuss Cybersecurity With Their Boards Ellen Grady Fiduciary duties extend to cyber-attack protection.

Sean Byrne “Proportional to the needs of the case” will mean stricter costbenefit.

28 Law Schools Lag in Teaching E-Discovery William Hamilton and Michele Lange Thinking like a lawyer shouldn’t mean ignoring technology.

L ABOR & EMPLOYMENT

30 How to Navigate the Treacherous World of Social Media Armin J. Moeller Jr. and Ashley Eley Cannady A quick look at a candidate’s Facebook page could prompt a lawsuit.

34 Supreme Court Leaves Pregnancy Discrimination Claim Unresolved Philip Voluck It’s back in the lap of the trial court.

38 What the Pao Lawsuit Says About Diversity and Inclusion Christina Lewis Mentoring and sponsorships hedge against unconscious bias.

L AW FIRM EVENT A LERT

A MON T HLY OPP OR T UNI T Y T O SHOWC A SE YOUR F IR M’S E V EN T PR OGR A MS F OR T ODAY ’S GENER A L C OUNSE L’S 60,000+ C OR P OR AT E L E GA L DEPA R T MEN T A ND C- L E V E L R E A DER SHIP. Give your firm its best chance to make sure that important events and programs are well attended by the right people. FOR ONLY $250 PER LISTING, take advantage of this opportunity to drive awareness and attendance to the many services you provide to existing clients and can offer to new ones. This is all we need: • Select date of Alert • Headline • 35 Words Event Description • URL • Logo • Date and Time

F O R M O R E I N F O R M AT I O N P L E A S E C O N TA C T

SCOTT ZIEGLER sziegler@todaysgc.com (774) 414-1498

editor-in-Chief Robert Nienhouse Chief operating offiCer Stephen Lincoln managing editor David Rubenstein

exeCutive editor Bruce Rubenstein

senior viCe president & managing direCtor, today’s general Counsel institute Neil Signore art direCtion & photo illustration MPower Ideation, LLC law firm business development manager Scott Ziegler database manager Matt Tortora

Contributing editors and writers

Bing Ai Kedar S. Bhatia Teresa A. Beaufait Sean Byrne Ashley Eley Cannady Ed Chang Mark A. Cohen Jim Coughlan Jeffery M. Cross Douglas H. Fleming Richard C. Giller

Ellen Grady William Hamilton Nikiforos Iatrou Benjamin Z. Koblentz Michele Lange Christina Lewis Anna M. Maiuri Tammy McCutchen Joseph K. McKinney Armin J. Moeller, Jr. Anshu S. K. Pasricha

editorial advisory board

Dennis Block Kevin Patariu GREENBERG TRAuRIG, LLP Bronwyn Roe Thomas Brunner John Schnurer WILEy REIN Jeff Scorgie Peter Bulmer Catherine J. Serafin JACKSON LEWIS Philip Voluck Mark A. Carter James H. Wendell DINSMORE & SHOHL James Christie BLAKE CASSELS & GRAyDON

Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

reprints For reprint requests, email rhondab@fosterprinting.com Rhonda Brown, Foster Printing

Robert Profusek JONES DAy

Joel Henning

Art Rosenbloom

JOEL HENNING & ASSOCIATES

CHARLES RIVER ASSOCIATES

Sheila Hollis

George Ruttinger

DuANE MORRIS

CROWELL & MORING

David Katz

Jonathan S. Sack

WACHTELL, LIPTON, ROSEN & KATZ

Steven Kittrell

MORVILLO, ABRAMOWITZ, GRAND, IASON & ANELLO, P.C.

MCGuIREWOODS

Victor Schwartz

FTI CONSuLTING

Jerome Libin

SHOOK, HARDy & BACON

Jeffery Cross

SuTHERLAND, ASBILL & BRENNAN

Adam Cohen

FREEBORN & PETERS

subsCription

Dale Heist BAKER HOSTETLER

Thomas Frederick WINSTON & STRAWN

Jamie Gorelick WILMERHALE

Robert Haig KELLEy DRyE & WARREN

Jean Hanson FRIED FRANK

Robert Heim DECHERT

Timothy Malloy Mc ANDREWS, HELD & MALLOy

Jean McCreary NIxON PEABODy

Steven Molo MOLOLAMKEN

Thurston Moore HuNTON & WILLIAMS

Jonathan Schiller BOIES, SCHILLER & FLExNER

Robert Townsend CRAVATH, SWAINE & MOORE

David Wingfield WEIRFOuLDS

Robert Zahler PILLSBuRy WINTHROP SHAW PITTMAN

Ron Myrick RONALD MyRICK & CO, LLC

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published six times per year by Nienhouse Media, Inc., 640 Park Avenue, Hinsdale, IL 60521-4644 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2014 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 640 Park Avenue, Hinsdale, IL 60521-4644 Periodical postage paid at Hinsdale, Illinois and additional mailing offices.

Database Marketing for Lead Generation With over 300,000 names, the TGC database enables marketers an unmatched array of choices to send out co-branded emails with content of their own choosing to several desirable segments within the database.

T ODAYS G ENER A L C OUNSEL .C OM /A D V ER T ISE

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Executive Summaries INTELLEC TUAL PROPERT Y

CYBERSECURIT Y

PAGE 16

PAGE 18

PAGE 22

The Mounting Threat From Counterfeits

Inter Partes Review Is FastPaced

FTC Guidance For The Internet Of Things

By Mark N. Mutterperl, Jessica S. Parise, Benjamin Z. Koblentz and Kedar S. Bhatia Bracewell & Giuliani

By Jim Coughlan, Bing Ai, Kevin Patariu and John Schnurer Perkins Coie

By Douglas H. Fleming and James H. Wendell Riddell Williams P.S.

Counterfeiting may become a problem for virtually any company with a successful product. Counterfeiters have no interest in ensuring the quality or safety of their products. This creates significant potential for negative effects on consumers and PR problems for the company whose products are being counterfeited. The authors cite cases in which plaintiffs have tried to hold companies liable for damage done by counterfeits of their products, without success so far, but similar cases give them hope. A Kentucky court ruled that a shampoo manufacturer could be liable for damages arising from use of a bottle of its product that had been opened and adulterated, if the plaintiff convinces a jury that a prudent manufacturer would have sealed it. To address the threat from counterfeits, companies should establish a program with at least three components: Engaging R&D and other relevant departments to make counterfeiting more difficult by such means as making packaging difficult to copy, using chemical or biological tags, serialization or track/trace systems, or bar codes and radio frequency identification tags; developing a corporate security department to investigate suspected counterfeits and their sources; and including legal assistance that can take appropriate civil action or work with government agencies to pursue criminal remedies. The counterfeiting problem remains urgent. In addition to an effective program, strong investigatory and civil and criminal enforcement programs are essential and should be budgeted as a cost of business.

The America Invents Act created new administrative trials for litigating patent invalidity issues before the USPTO’s Patent Trial and Appeal Board by inter partes review. IPR trials can be initiated by any person who is not the patent owner and not otherwise barred from filing an IPR petition on a given patent. The U.S. International Trade Commission has yet to rule on a motion to stay based on a filed inter partes review petition or instituted IPR trial. It must decide whether or not to institute an investigation within 30 days after a complaint is filed. The ITC’s statutory mandate is to render decisions at the earliest practicable time to “promote expeditious adjudication” of investigations. A patent owner may file a preliminary response to an IPR petition before the requested trial and may file a response to the petition and claim amendments after trial is instituted. The patent owner’s statements become a part of the record relevant to the construction of the claim terms at the ITC. The cost of an IPR may not entirely represent additional cost to the respondent. The contents of an IPR petition and work product related to its preparation can be used in several submissions that must be drafted to litigate the ITC proceeding. If patent claims are narrowed by amendment during the IPR trial, then the doctrine of intervening rights can be applied at the ITC to seek modification or rescission of an ITC remedial order.

The Federal Trade Commission has released its staff report on privacy and security issues related to the Internet of Things (IoT). The FTC report is an important starting point for IoT developers looking to implement best practices. Many IoT devices create new security and privacy risks not seen in traditional hardware and software. For example, health and safety consequences of a security vulnerability in Internetconnected door locks or medical devices are potentially more severe than those created by the breach of a database holding consumer information. The FTC says “companies should build security into their devices at the outset, rather than as an afterthought.” Companies developing IoT products should consider tasking someone, or some group, with responsibility for overseeing privacy and security issues. Building security into an organizational structure is crucial; it creates accountability and helps foster the type of deliberate thought the FTC wants IoT developers to devote to privacy and security issues. A privacy and security risk assessment is also recommended, and it must be taken seriously. An assessment that is ignored would be exhibit number one in any lawsuit or enforcement action. Companies also need to consider security after launch. The FTC wants companies to monitor their products and patch known vulnerabilities. The FTC suggests other best practices, such as implementing a “securityin-depth” approach that provides consumers multiple layers of protection. The FTC report also provides guidance about notice and choice regarding data collection for IoT products.

TODAY’S GENER AL COUNSEL JUN/JUL 2015

Executive Summaries CYBERSECURIT Y

E-DISCOVERY

PAGE 24

PAGE 26

PAGE 28

General Counsel Must Discuss Cybersecurity With Their Boards

Pending Changes To Federal Rules Will Change E-Discovery

Law Schools Lag In Teaching E-Discovery

By Ellen Canan Grady Cozen O’Connor

By Sean Byrne Nuix

By William Hamilton, U of Fla Levin College of Law Michele C.S. Lange, Kroll Ontrack

As general counsel begin to understand the long-term ramifications of cyber attacks, they must also grapple with an evolving regulatory and legislative landscape. New laws and regulations are being enacted by states and federal agencies. Public companies that sustain a cyber attack may be subject to an SEC enforcement action relating to the corporation’s disclosures about its data protection measures and preparedness. Corporations also may be subject to civil action by the FTC. General counsel should be familiar with and advise directors about this evolving regulatory and legal landscape. The role of the board in addressing cybersecurity risk arises from directors’ fiduciary duties of care and loyalty, although at this point there are few precedents that clarify when directors may be held liable for failure to oversee cybersecurity risk. A board committee (or the entire board) should be made responsible for overseeing cybersecurity risk. The nominating committee should ensure that the board has among its members adequate technical and risk management experience. Directors should monitor the corporation’s emergency preparedness, which may take the form of a cyberresponse plan, with procedures and protocols for responding to either an attack or the threat of one. Protocols should include a plan for testing information systems and processes. General counsel should also provide the board with information about insurance, currently in place and obtainable, that could be used to defray the significant costs of a negative cyber event.

Changes to the Federal Rules of Civil Procedure scheduled to come into effect in December will increase the courts’ focus on making discovery proportional to the needs of the case. Adjusting to these changes will require legal practitioners to deepen their understanding of electronically stored information sources in client environments and the e-discovery tools that lawyers use. Complying with the new rules will help attorneys give clients fast, definitive answers about the risks and expenses they face. New Rule 26(b)(1), in requiring discovery to be proportional to the needs of the case, makes explicit reference to, among other things, the parties’ resources, the importance of the discovery in resolving the issues and whether the expense outweighs the likely benefit. Changes to Rule 16 will encourage judges to manage cases early and actively. Such management will include an initial pre-discovery conference where the judge confers with the parties, preferably in person, about timing and the needs of the case. When the new rules come into play, parties will need fast, in-depth knowledge of their ESI and its contents. This will place them in a position to argue that the other side’s discovery requests are overly broad, onerous or disproportionate. The new rules will require litigants and legal services providers to rethink the way they handle discovery on a broad scale. This is an opportunity for law firms and litigation support vendors to deliver value to their clients.

Why are law schools paying minimal attention to e-discovery when e-discovery expenses often approach half or more of the total cost of litigation? According to the authors, one answer is the reliance on adjunct professors. Most law professors began their academic careers after private practice or a judicial clerkship that pre-dated the e-discovery revolution, and most law schools lack tenured (or even non-tenured) faculty who are comfortable and skilled in the constantly evolving field of e-discovery. Law schools thus typically rely on adjuncts to teach e-discovery – litigators who have e-discovery experience or judicial officers who have seen e-discovery in their courtrooms. An adjunct’s time is limited, but teaching classes that offer practical lawyering skills requires a substantial commitment. Law schools need to stress the importance of e-discovery. Courses in e-discovery should be mandatory for litigation-track lawyers, and law schools should provide a robust e-discovery module in their basic civil procedure course. Law schools and e-discovery professionals should partner to foster teaching of the subject. Law students themselves need to embrace the value of e-discovery education. Ironically, rather than seeing it as a pathway to a variety of career options, too many law students shy away from it, viewing it as “too techie” or as mere “litigation support,” and not real lawyering. However, clients want litigators who are competent to rapidly assess risk and exposure, and who have the skills to manage cases, control costs and get to the important documents quickly.

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Executive Summaries L ABOR & EMPLOYMENT

PAGE 30

PAGE 34

PAGE 38

How To Navigate The Treacherous World Of Social Media

Supreme Court Leaves Pregnancy Discrimination Claim Unresolved

What The Pao Case Says About Diversity

By Armin J. Moeller, Jr. and Ashley Eley Cannady Balch & Bingham

By Philip Voluck Kaufman Dolowich & Voluck

Widespread employee use of Facebook, Twitter, LinkedIn and other social media has drawn the attention of both the NLRB and the EEOC, and employers need to be careful about their policies in this area. For example, employers cannot prohibit, terminate, or discipline an employee for using social media to complain about working conditions if it’s done on behalf of others, if other employees join the discussion, or if it can be construed in any way as “protected, concerted activity.” But comments that are sufficiently outrageous or profane won’t be protected. The authors provide examples of each. Another problematic area involves potential discrimination claims and information related to protected status. Although most employers understand this kind of information cannot be solicited during the hiring process, few understand that uncovering it on social media sites, even inadvertently by way of photographs or birth date information, may be viewed as doing just that. If it can be shown it had access to the site, the employer may be forced to prove a negative – that it had knowledge of the information, but did not use it. Other issues include the potential that certain employees who use social media to promote the company might have a claim for getting paid when they do it. Social media and its impact on labor and employment law is constantly changing, and social media law, precedent and regulatory guidance should be reviewed regularly in order to assure compliance.

In March 2014, the U.S. Supreme Court handed down its first pregnancy discrimination decision since 1991. The issue was an employer’s obligation to accommodate pregnant employees under the Pregnancy Discrimination Act. The Court has already held that Title VII of the Civil Rights Act of 1964 “prohibits an employer from discriminating against a woman because of her capacity to become pregnant.”` Peggy Young, a driver for UPS, developed a pregnancy-related condition, and requested that she be able to perform “light duty” instead of her normal responsibilities. Her request was denied under a collective bargaining agreement negotiated with Young’s union, which provided that light duty was available only to employees injured on the job, and others accommodated under the Americans with Disabilities Act, as amended. Young did not fall under either category. Young claimed UPS violated the law by failing to provide her the same accommodations as employees with similar limitations. The lower court denied Young’s claims and found in favor of UPS because it policy was based on “gender-neutral,” “pregnancy-blind” criteria. The Supreme Court found that there was not enough evidence to make an informed determination. The lower court’s decision was thrown out and sent back for further analysis consistent with the Supreme Court’s interpretation. Notwithstanding the waiting game created by the Supreme Court, education, training and clearly worded policies which comply with the PDA and ADA should be developed and enforced now.

By Christina Lewis Hinckley Allen

A jury rejected gender discrimination claims lodged by Ellen Pao, a former employee at Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers, but the case nonetheless generated negative publicity for the firm. Regardless of a company’s demographics or policies, biases may exist. The best defense is prevention, starting with a company-wide focus on diversity. While strides have been made toward removing structural barriers to advancement for women and minorities, more progress is needed, including in the legal field. According to the ABA, the percentage of female general counsel at Fortune 500 companies stands at 21 percent. Sustained, meaningful investment in diversity and inclusion goes a long way toward rooting out unintentional bias and preventing the sense of disenfranchisement that often leads to claims of outright discrimination. When a company’s upper management lacks diversity, there is a greater risk for allegations of double standards. One area where this can play out is in performance evaluations, which may be influenced by the opinions and biases of the reviewer. Many studies on unconscious biases have shown that it’s in our nature to give preference to people who look and sound like us. That’s problematic when the task is to give impartial feedback. Mentoring and sponsorship are other essential tools for ensuring that employees feel supported in their professional development. The importance of mentors is magnified in organizations in which there is a lack of diversity in upper management.

TODAY’S GENER AL COUNSEL JUN/JUL 2015

Executive Summaries FEATURES PAGE 46

PAGE 48

PAGE 52

Nuts & Bolts Of Representations And Warranties Insurance

Insurance Considerations When Negotiating Commercial Contracts

Plaintiff-Friendly Competition Decisions From Canada

By Teresa A. Beaufait and Anshu S. K. Pasricha Koley Jessen

Representations and warranties insurance (RWI) is highly customized insurance for risk in M&A transactions. This article provides a brief primer on the structure, coverage, exclusions, retention and costs of typical RWI policies. Generally the purchaser is concerned about not bearing the risk of undisclosed liabilities and costs relating to the acquired business. The seller typically wants to maximize the closing proceeds and minimize the amount of the purchase price placed at risk. An RWI policy can help address the concerns of both parties. An RWI policy provides coverage to the insured for financial loss resulting from a breach of representations and warranties in a purchase agreement. Policies are written on a claims-made basis, with coverage triggered only by a loss or claim occurring within the defined policy period. The policy typically takes effect at closing of a transaction, which could create a coverage gap if the purchase agreement is signed before closing. RWI can be an effective tool as a supplement or replacement for seller’s indemnification obligations under a purchase agreement. The RWI market has evolved and gained traction in the last few years, mainly due to lower premiums and improved terms of coverage. Sellers have used RWI to maximize closing proceeds and exit cleanly. Purchasers have used RWI to obtain additional protection beyond the indemnity cap and survival limitations and improve their bid in auctions. The terms of an RWI policy must be negotiated to fit the particular transaction.

By Catherine J. Serafin Lowenstein Sandler LLP

By Nikiforos Iatrou, Bronwyn Roe, and Jeff Scorgie WeirFoulds

Insurance implications are routinely overlooked in commercial contracts. Contracts to receive or perform services, to supply or receive goods or raw materials, and contracts evidencing mergers and acquisitions all have their own insurance considerations that should be examined. Many commercial contracts contain indemnification provisions, and often the indemnitor is required to name the indemnitee as an additional insured (AI) on its policies. It is important to understand the applicable indemnification law; indemnification provisions vary from a broad to the most narrow obligation. In addition, state law may limit how indemnity provisions are interpreted. Some states, for example, bar indemnification for another’s gross negligence. There have been recent revisions to standard form AI endorsements, and these changes seem designed to attempt to narrow coverage. Mergers and acquisitions have significant insurance implications. One focus is on whether the acquiring company can access the insurance policies of the acquired company once the transaction is complete. Until fairly recently, it was generally assumed that a successor company could tap the historic insurance policies of the predecessor for latent liabilities. However, several cases since 2003 have changed the landscape on this issue, and courts are divided. Representation and warranty insurance (RWI) has only recently become widely used. Companies should analyze whether RWI might be a way to shift certain risks to an insurance company. Commercial contracts implicate a broad array of insurance issues. Update your commercial contracts from the insurance perspective to better protect your company.

Canada’s competition class-action jurisprudence has been tilting in plaintiffs’ favor in recent years. Canadian courts have been recognizing low thresholds for certification class-action and allowing certification of indirect purchaser class-action lawsuits. This trend has continued with two recent disclosure-related decisions that have important implications for U.S. businesses defending claims in Canada or subject to Canadian antitrust investigations. Documents and evidence that might not see the light of day in a U.S. courtroom are disclosable in Canadian class actions and to defendants in criminal proceedings. In February, 2015, the Ontario Superior Court released its decision in R. v. Nestlé Canada Inc. The court ruled that information voluntarily provided to the Canadian Competition Bureau under its Immunity and Leniency Programs is not protected by settlement privilege and must be disclosed to the accused in related criminal proceedings. The inapplicability of settlement privilege to these communications would imply that they could similarly be the subject of disclosure in a private action. In Imperial Oil v. Jacques (October 2014), the Supreme Court of Canada ruled that wiretap information obtained during Competition Bureau investigations may be disclosed to parties in civil and class-action proceedings. It is important that those involved in Competition Bureau investigations know how their information will be treated by the courts once it is in the hands of Canada’s antitrust authority. Both R. v. Nestlé and Imperial Oil v. Jacques are indicative of a trend in Canadian jurisprudence towards disclosure.

TODAY’S GENER AL COUNSEL JUN/JUL 2015

Executive Summaries FEATURES PAGE 46

PAGE 48

PAGE 52

Nuts & Bolts Of Representations And Warranties Insurance

Insurance Considerations When Negotiating Commercial Contracts

Plaintiff-Friendly Competition Decisions From Canada

By Teresa A. Beaufait and Anshu S. K. Pasricha Koley Jessen

By Catherine J. Serafin Lowenstein Sandler LLP

By Nikiforos Iatrou, Bronwyn Roe, and Jeff Scorgie WeirFoulds LLP

NEW! Todayâ&#x20AC;&#x2122;s General Counsel Career Center Let TGC help you find your next job. New in-house postings added daily.

Plus, for a limited time TGC is offering employers a complimentary listing. Use code TGCintro when submitting your job listing.

T O D AY S G E N E R A L C O U N S E L . C O M / C A R E E R - C E N T E R

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Intellectual Property

The Mounting Threat From Counterfeits By Mark N. Mutterperl, Jessica S. Parise, Benjamin Z. Koblentz, and Kedar S. Bhatia

ounterfeiting may become a problem for any company with a successful product. Counterfeiters have targeted virtually all industries, including automotive, defense, electrical components, food and beverage, chemicals, pharmaceutical, household products, consumer goods, energy and tobacco. Consumer health and safety, brand equity and the bottom line all may be threatened by counterfeit products.

As the Organization for Economic Cooperation and Development pointed out several years ago in a seminal report titled “The Economic Impact of Counterfeiting and Piracy,” counterfeiting has a detrimental effect on both brands and consumers. Counterfeiters and pirates who target the primary market, it says, “while seeking to maximize profits have limited, or no, interest in ensuring

the quality, efficacy or safety of their products. This increases the potential for negative effects on the health and safety of consumers.” Other reports, from the U.S. Government Accountability Office in 2010 and from the International Chamber of Commerce in 2011, building on the OECD Report, further laid out the significant costs of counterfeiting, which range from lost

today’s gener al counsel jun/jul 2015

Intellectual Property employment opportunities to lower tax revenues and missed innovation. Moreover, the immediate profitability and low risk-to-reward ratio of counterfeiting has led to the involvement of organized crime and terrorist networks, and further risks to brands and consumers. To address the escalating threat from counterfeit goods, companies should establish a robust program with at least three components. First, engage R&D and other relevant internal departments to make counterfeiting the company’s products more difficult by such means as making packaging difficult to copy, using chemical or biological tags, serialization or track/trace systems, or bar codes and radio frequency identification (RFID) tags. Second, develop a corporate security department to investigate and examine suspected counterfeits and their sources. Third, include knowledgeable legal assistance that can take appropriate civil action or work with governmental agencies to pursue criminal remedies. A proactive program may not be enough, however. Some consumers are trying to find a way to hold brand owners liable for counterfeit goods, and companies may need to be prepared to defend against lawsuits brought by consumers alleging brand owner liability for damage or injury caused by counterfeits. In Ashworth v. Albers Medical, Inc., for example, the plaintiff claimed that a pharmaceutical manufacturer should be liable for harm caused by counterfeit medications. In this case, the U.S. District Court for the Southern District of West Virginia found no merit in the plaintiff’s claim. As in other similar cases, the court found that the proximate cause of the injury was the action of the counterfeiter, not the brand owner. The court in Ashworth also emphasized that the defendant could not be held liable under a theory of negligence, because absent “a legal duty, there is no cause for negligence.” Similarly in another case, Schoenbaum v. Proctor & Gamble Co. in a federal district court in Florida, the court in commenting

on the scope of liability for defendants observed that the law does not impose a duty to notify others that someone is counterfeiting one’s own products. It may only be a matter of time, however, before the right set of facts is presented to a jury and a company is held liable in some similar case. It might be a sympathetic victim, such as a child, or a brand owner of products with health and safety implications who has specific knowledge of counterfeit problems and has undertaken no anti-counterfeiting initiatives.

Companies may need to be prepared to defend against lawsuits brought by consumers alleging brand owner liability for damage or injury caused by counterfeits. While such a decision would likely be overturned, the resulting headlines could be damaging and the appellate process can be slow. Nonetheless, due to the increased prevalence of counterfeits, owner awareness of them and their associated risks and the fact that anti-counterfeiting measures are available, a court may determine that manufacturers do have a duty to protect consumers from counterfeit products. Courts have recognized that companies may be liable for injuries due to illicit tampering with their products in cases where the manufacturers could have reasonably foreseen that tampering would occur. Plaintiff attorneys may take heart from cases like Wheeler v. Andrew Jergens Co., where a Kentucky court concluded that

a shampoo manufacturer could be held liable for damage from tampered-with shampoo if the plaintiff “convinces a jury that a reasonably prudent manufacturer would have sealed its product before placing it on the market.” We vehemently disagree that this rationale should be applied to counterfeiting and assume courts will continue to deny them, but brand owners may still need to expend valuable corporate and legal resources defending against them. Meantime, at least one sector, the defense industry, has recently had to confront increased regulation in this area. The new regulations in the defense industry were imposed in May of last year, applicable to both defense contractors and their suppliers. Covered federal contractors, for example, must establish and maintain acceptable systems to detect and avoid counterfeit parts. An adequate purchasing system under the new regulations must “provide for an organizational and administrative structure that ensures effective and efficient procurement of quality materials and parts at the best value from responsible and reliable sources” and establish and maintain “selection processes to ensure the most responsive and responsible sources for furnishing required quality parts and materials.” Detection systems must also provide for the “inspection and testing of electronic parts” that could be counterfeits, as well as methodologies “to identify suspect counterfeit electronic parts” and “reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts.” Under the new regulations, contractors that identify counterfeit electronic parts must isolate them and report them to the federal government. A federal auditing process will review the contractors’ detection and avoidance systems to determine if they meet DOD standards. While these regulations do not create civil liability for a contractor that fails to comply, failure to meet the requirements may result in the contractor not obtaining government approval for a contract or the withholding of payments. continued on page 21

jun/jul 2015 today’s gener al counsel

Intellectual Property

Inter Partes Review is Fast-Paced Often Strategically Advantageous By Jim Coughlan, Bing Ai, Kevin Patariu and John Schnurer

he 2011 America Invents Act created new administrative trials for litigating patent invalidity issues before the USPTO’s Patent Trial and Appeal Board (PTAB) by inter partes review (IPR), and covered business method patent review or post-grant review proceedings. A total of 2747 IPR and covered business method (CBM) filings were filed as of February 5, 2015. In 2014, PTAB received a total of 1675 IPR and CBM filings, exceeding the 1436 new patent case filings in the Eastern District

of Texas to become the busiest patent litigation venue in the United States. CBM trials can be instituted only if the petitioners have been sued for or charged with infringement. IPR trials can be initiated by any person who is not the patent owner and is not otherwise barred from filing an IPR petition on a particular patent. PTAB statistics indicate that over 90 percent of IPR petitions challenge the validity of patents that are asserted in federal court litigation. Thus, the popularity of IPRs may reflect a recognition

that an IPR proceeding (1) can result in a stay of costly district court litigation, (2) is a more effective alternative to district court litigation for invalidating a patent and (3) can force the patent owner to make arguments to the PTAB in order to preserve validity that ultimately undermine the infringement case against the IPR petitioner’s product. There is a misconception that IPR proceedings are not useful to parties sued for patent infringement at the U.S. International Trade Commission, perhaps because of the fast pace that is

today’s gener al counsel jun/jul 2015

Intellectual Property typical of ITC investigations. While it may not be possible to obtain a stay of an ITC investigation during the pendency of an IPR proceeding, a party accused of infringement in an ITC investigation should consider filing an IPR petition early in the life cycle of an ITC investigation as part of an overall strategy. the u.s. itc

The U.S. International Trade Commission is an independent federal agency that reviews claims of unfair trade brought under 19 U.S.C. § 1337, based on the alleged importation of articles that infringe a valid U.S. patent, trademark, trade secret, copyright or mask work. ITC actions move quickly and must be completed before a designated “target date,” which typically occurs about 16 months after the institution date of an investigation. The Commission can set longer target dates for more complicated matters. The ITC must make a decision to institute an investigation within 30 days after a complaint is filed. Its statutory mandate is to render decisions at the earliest practicable time to “promote expeditious adjudication” of the investigations. If a violation of section 337 is found, the ITC can issue a cease-anddesist order prohibiting the sale of infringing articles within the United States, a limited exclusion order barring the importation of a named party’s infringing articles, or a general exclusion order barring the importation of any infringing articles regardless of their source. The ITC has yet to rule on a motion to stay based on a filed IPR petition or an instituted IPR trial. Because of the speed of an IPR trial and the estoppel created by a final written decision, some commentators have speculated that the ITC might grant a motion to stay an investigation based on a filed IPR petition or an instituted IPR trial. Such speculation seems to be at odds with the established practice at the ITC, which has explained the five factors considered when deciding whether to stay an investigation as: “(1) the state of discovery and the hearing date; (2) whether a stay will simplify the issues and hearing of the case; (3) the undue

prejudice or clear tactical disadvantage to any party; (4) the stage of the PTO proceedings; and (5) the efficient use of Commission resources.” In view of these factors, the ITC is unlikely to stay an investigation before the IPR petition for trial is granted, because it is unknown whether a stay will simplify the issues. The PTAB decision to institute an IPR trial can occur up to six months after a petition is filed. Even if a petition is filed relatively quickly after the filing of a complaint, by the time an IPR trial is instituted, the state of discovery and the hearing date in the ITC investigation would make a stay unlikely. The stage of the IPR trial may also weigh against a stay, because the claims could ultimately survive the validity challenge. Beyond the five-factor test, public policy may weigh against a stay. The ITC does not typically stay investigations based on post-grant proceedings at the PTO, in part because doing so would encourage others to initiate post-grant proceedings resulting in stays in virtually every investigation, which would frustrate the statutory intent to provide expedited relief. Even if a stay of ITC proceedings is not achievable, an IPR can still be used by the ITC respondent as part of an overall strategy to elicit favorable patent owner statements on claim construction and the prior art in order to develop non-infringement positions, increase settlement leverage, and create an insurance policy in the event that the ITC finds a violation of Section 337. PAteNt OWNeR stAteMeNts

In an IPR proceeding, a patent owner may file a preliminary response to an IPR petition before the institution of the requested trial, and may file a response to the petition and claim amendments after the IPR trial is instituted. These papers and others filed by the patent owner often contain statements characterizing the invention and the scope of the challenged claims, and distinguishing the asserted prior art. Such statements can be useful in an ITC action, particularly if the patent owner characterizes the challenged claims

narrowly to preserve the patentability of the challenged claims over prior art selected for use in the IPR petition, and the prior art encompasses features or elements of the accused products. The patent owner’s statements and admissions become part of the intrinsic record relevant to the construction of the claim terms at the ITC. For example, the Commission has ruled that statements made during post-grant proceedings at the PTO may be used to “claim estoppel to prevent [the patent owner] from making arguments in this investigation that are inconsistent with its arguments to the PTO.” Thus, an IPR can be used to place the patent owner in the difficult situation of having to make consistent claim construction, patentability and infringement arguments simultaneously before two different federal agencies. This coordination issue is further exacerbated if the patent owner uses different counsel for the IPR and ITC proceedings. To extract the most value from an IPR petition, it must be filed early enough to allow the patent owner’s statements to be used. A petition filed by the typical Notice of Prior Art deadline in a 17-month ITC investigation can allow IPR statements to be used advantageously at the ITC hearing and in various filings throughout the investigation. A similar result can be obtained in a 16-month ITC investigation by filing the IPR slightly before the Notice of Prior Art deadline. In a typical ITC investigation, the administrative law judge will conduct an evidentiary hearing about ten months after the complaint is filed and construe the claims about three or four months later as part of a final initial determination. The ALJ’s claim constructions are then reviewed by the six ITC Commissioners. Thus, if an IPR petition is filed any time within the first six months after the filing of the ITC complaint, any helpful admissions appearing in the preliminary response will be available to cross examine the patent owner’s expert at the ITC hearing and can be incorporated in pre or post-hearing briefing to the ALJ.

jun/jul 2015 today’s gener al counsel

Intellectual Property Even if the IPR petition is filed more than six months after the ITC complaint is filed, the patent owner’s preliminary response can be filed in time for it to be available when the ALJ’s claim constructions are under review by the ITC Commissioners. If the patent owner chooses not to file a preliminary response, the PTAB decision to institute a trial is at least persuasive authority on the validity of the asserted patents over the prior art, and the broadest reasonable interpretation of construed claim terms. OTHER CONSIDERATIONS

The cost of an IPR may not entirely represent additional cost to the respondent. The contents of an IPR petition and work product related to its preparation can be used in several submissions that must be drafted to litigate the ITC proceeding. For example, work required to propose claim constructions can be reused to draft the contention interrogatory responses for the ITC investigation. The results of the prior art investigation for the IPR can be used as the basis for the ITC respondent’s Notice of Prior Art, and the prior art positions in the IPR can be used in the invalidity contention interrogatory responses for the ITC investigation. Patent owners typically use the threat of injunctive relief from the ITC to obtain a larger financial settlement than they might otherwise get from a district court damage award. By filing an IPR, an accused party can obtain leverage over the patent owner that may be used to garner a more favorable settlement. The PTAB trial statistics have shown a significantly higher rate of finding challenged claims invalid in comparison with the invalidity outcome at the ITC and district courts. Filing or the threat of filing an IPR can exert pressure on the patent owner. PTAB judges, who are well versed in both patent law and technology of the patent at trial, are also patent specialists on invalidity issues, in particular, invalidity based on prior art combinations under 35 U.S.C. § 103. It is known that it tends to be difficult for respondents to win invalidity challenges at the ITC based on prior art combinations. Thus, filing an IPR having invalidity grounds can exert additional pressure on the patent owner. Specifically,

if an IPR is instituted, the patent owner must defend its claims at the PTO, where the evidentiary standard for invalidity (“preponderance of the evidence”) is lower than the standard at the ITC. The IPR also increases the patent owner’s total litigation costs and may disrupt a licensing campaign predicated on the enforcement threat of valid patents. If multiple parties are named in the ITC action, the patent owner may choose to reach an early and more favorable settlement with the party that filed the IPR petition in exchange for dismissal of the IPR under 35 U.S.C. § 317, and continue the litigation against the others, particularly when the one year bar for filing an IPR petition has passed for the other respondents. Moreover, the ITC rules allow a patent owner to withdraw its complaint on the eve of trial without any adverse consequence or showing of good cause. Thus, if an accused party will not agree to the patent owner’s settlement demands, it can withdraw the ITC complaint just prior to the hearing, restart the litigation from the beginning in the district court, and force the accused parties to pay additional months or years of costly legal bills in order to drive settlements. By initiating an IPR proceeding, this strategy can be frustrated because the accused infringer retains a degree of control over at least the invalidity dispute, and the patent owner will have more of an incentive to settle the dispute under favorable terms. The estoppel which attaches with a final determination in a PTAB trial creates a powerful incentive for the petitioner to win its invalidity challenge. The result of an IPR trial in an ITC proceeding creates further incentives. If the ITC issues an exclusion order based on a finding of patent infringement, but the claims at issue are later found unpatentable in an IPR trial, a party can petition the ITC to modify or rescind the exclusion order. Thus, an IPR can serve as an insurance policy that can be used to rescind any exclusion order that may issue. In addition, if patent claims are narrowed by amendment during the IPR trial, the doctrine of intervening rights can be applied at the ITC to seek modification or rescission of an ITC remedial order. ■

Jim Coughlan is a partner in the Washington D.C. office of Perkins Coie and firm wide co-chair of the firm’s International Trade Commission Section 337 Actions practice. He has served as lead counsel in ITC investigations and has litigated ITC actions on appeal before the U.S. Court of Appeals for the Federal Circuit. JCoughlan@perkinscoie.com

Bing Ai is a partner in the San Diego and Palo Alto offices of Perkins Coie and co-chair of the firm’s PostGrant Practice Group. He has an active practice in patent reexamination, reissue, supplemental examination, inter partes review, covered business method patent review and post grant review. Ai@perkinscoie.com

Kevin Patariu, counsel in the San Diego office of Perkins Coie, litigates patent infringement cases before the International Trade Commission and federal courts. He is counsel of record on over a dozen inter partes review proceedings. KPatariu@perkinscoie.com

John Schnurer is a partner in the San Diego and Washington D.C. offices of Perkins Coie and is co-chair of the firm’s International Trade Commission Section 337 Actions practice. He litigates and tries patent cases, including ITC investigations. JSchnurer@perkinscoie.com

today’s gener al counsel jun/jul 2015

Intellectual Property Counterfeits

continued from page 17 On June 10, 2014, shortly after the release of the final DOD regulations, the government published a proposed Federal Acquisition Regulations (FAR) rule that also touches on how companies monitor counterfeit goods. It seeks to expand the DOD rules relating to detection and reporting of counterfeit

Just as counterfeit electronic parts can imperil the nation’s defense strategy, counterfeit food, chemicals, pharmaceuticals, household goods, oil and gas products, among others, raise grave public health and safety concerns. and suspected counterfeit items to all contractors and subcontractors that supply any goods, not just electronic parts, to any agency subject to FAR. That includes all agencies in the executive branch of the government. Unlike the final DOD rule, the proposed FAR rule does not shield companies from government-imposed liability based on good faith compliance with reporting requirements. Companies would be shielded from civil suits brought by the government for violations of the FAR rule only insofar as they acted in good faith with respect to contracts with the DOD that involve electronic components covered under the recently enacted DOD regulations.

The pharmaceutical industry is also subject to counterfeit monitoring regulations. In late 2013, Congress passed the Drug Supply Chain Security Act. It requires drug manufacturers, distributors, retailers and others, over a period of time, to implement strict labeling and electronic tracing requirements designed to prevent counterfeit drugs from entering the market. Violations of the supply chain monitoring requirements can lead to a significant monetary penalty or jail time. While the DOD, FAR, and pharmaceutical regulations may not expressly create civil liability from a consumer’s lawsuit, they do suggest that there may be regulations for manufacturers in other high risk industries on the horizon. Just as counterfeit electronic parts can wreak havoc on sophisticated technology and imperil the nation’s defense, counterfeit food, chemicals, pharmaceuticals, household goods, oil and gas products, among others, raise grave public health and safety concerns. The trademark counterfeiting problem remains urgent. In addition to an effective proactive program, strong investigatory and both civil and criminal enforcement programs are essential and should be budgeted for as a cost of doing business. It’s also essential to educate consumers, law enforcement, legislators and judges. When it comes to counterfeiters, we are in a long-term struggle. ■

Mark Mutterperl is a partner at Bracewell & Giuliani, in the firm’s New York intellectual property practice. He litigates trademark infringement, dilution and counterfeiting cases. He also handles copyright, false advertising, right of publicity, and contract matters, as well as intellectual property theft and nonlitigation aspects of trademark, copyright and advertising. mark.mutterperl@bgllp.com

Jessica Parise, senior counsel at Bracewell & Giuliani, helps clients obtain, manage and enforce trademark rights and copyrights, and she litigates infringement, dilution, counterfeiting and false advertising matters. She also counsels clients on trademark, domain name and copyright prosecution matters, and IP aspects of corporate transactions. jessica.parise@bgllp.com

Benjamin Koblentz is an associate at Bracewell & Giuliani, where he focuses on general commercial litigation. He has litigated complex commercial disputes involving contract, tort, and regulatory matters. He also represents individuals and companies in criminal and regulatory investigations involving securities laws. benjamin.koblentz@bgllp.com

Kedar Bhatia is an associate at at Bracewell & Giuliani. His practice is focused on general civil and commercial litigation, as well as white collar defense. He participates in representing clients in the trial and appellate process under both state and federal law, as well as internal investigations, for companies in the defense, transportation, technology, natural resources, manufacturing, finance and real estate sectors. kedar.bhatia @bgllp.com

jun/jul 2015 today’s gener al Counsel

Cybersecurity

FTC Guidance for the Internet of Things By Douglas H. Fleming and James H. Wendell

n January 2015, the Federal Trade Commission released its longawaited staff report on privacy and security issues related to the Internet of Things (IoT). While the report, titled The Internet of Things: Privacy and Security in a Connected World, does not set mandatory rules, it provides critical guidance for every company that develops, manufactures or markets consumer products that connect to the Internet. Because the FTC has taken an active role in policing privacy and data security issues, the staff report serves as an important starting point for IoT developers looking to implement privacy and security best practices. This article provides some practical suggestions for using the FTC’s guidance. It’s important, first, to understand the breadth of the IoT as defined by the FTC. The report defines the IoT as “devices or products . . . that connect, communicate or transmit information with or between each other through the Internet.” Although the FTC’s definition excludes computers, smartphones and tablets, as well as non-consumer devices (such as business-to-business products), it is still very broad and includes nearly all the hottest areas for tech development, including the car, home and wearables. The anticipated explosion in the use of these devices is staggering. The FTC predicts there will be 25 billion connected devices this year and nearly 50 billion by 2020. The future is bright for IoT developers and those that provide related software and services, provided the privacy and security risks can be successfully managed. Many IoT devices create new security and privacy risks not seen in traditional hardware and software. For example, the health and safety consequences of a security vulnerability in Internet-connected door locks

or medical devices are potentially even more severe than those created by a breach of a database holding consumer information. Similarly, the emerging categories of general wellness devices, smart thermostats and other connected home devices raise new types of risk and potential liability. All of this guarantees increased FTC regulation of the IoT. Given the FTC’s interest, IoT developers will want to know how they can continue to innovate and build new products while minimizing exposure to enforcement actions or private lawsuits.

The answer is that “companies should build security into their devices at the outset, rather than as an afterthought,” says the FTC. This approach, also known as “security-by-design,” is easy to recommend but hard to implement. ORGANIZATIONAL STRUCTURE

To build privacy and security into your product, start by building it into your organization. Companies should consider tasking someone, or some group, with specific responsibility for overseeing privacy and security issues.

today’s gener al Counsel jun/jul 2015

Cybersecurity

The implementation of this idea will vary significantly across organizations depending on size, the development team’s structure and the nature of the product. For a small project at a small company, it could mean having a single person on the project team devoting a portion of time to privacy and security issues. For a larger company, it could mean having an entire group responsible for any new project. Building security into an organizational structure not only creates accountability, it will help foster the type of deliberate thought the FTC wants IoT developers to devote to privacy and security issues. Whatever organizational structure is chosen, the company should foster collaboration and cooperation between the privacy and security group and the rest of the development team. The FTC staff report and some of its recent enforcement actions demonstrate that privacy and security are an integral part of any IoT development project, not a mere annoyance that can be avoided. IoT developers should also consider bringing outside counsel in early in the product development cycle, and outside counsel should be willing to immerse themselves in the product’s development. Early cooperation among these groups can head off problems at the outset, when they can be resolved far more cost-effectively than at the end of the development cycle. Nowhere is this cooperation more important than with the privacy and security risk assessment, something that is specifically recommended by the FTC. One objective of a privacy and security assessment is to “consciously consider the risks presented by the collection and retention of consumer information.” Not only can such an assessment help prevent security threats, it can help defend decisions if a company does come under attack due to an unforeseen vulnerability. IoT developers should use the assessment to guide their privacy and security decisions throughout the product development process, and potentially beyond it.

To be beneficial and not harmful, however, an assessment must be taken seriously. A security assessment that was ignored or that raised risks that weren’t adequately addressed would be exhibit number one in any suit or enforcement action against the company. Assessments must be properly structured from the start. Product safety reports or financial irregularity audits can serve as a model. As in those situations, certain product development projects may warrant hiring outside legal counsel and/or outside security experts to lead the privacy and security assessment. Despite the cost, using outside counsel has some significant advantages,

There will be 25 billion connected devices this year, and nearly 50 billion by 2020. including the potential to keep aspects of the assessment privileged, and thus protected from involuntary exposure in a subsequent suit or regulatory action. Using an outside security company in conjunction with outside legal counsel can help bolster the legitimacy and thoroughness of the assessment. Ideally, the assessment should occur early in the product development cycle, and depending on the length of the development period, it may need to occur at least once more before launch. Outside counsel should work with the IoT developer’s in-house team in charge of security and privacy issues. It may also be critical to have direct input and involvement from the product engineers. DATA MINIMIZATION

The assessment should survey the information the company anticipates collecting, analyze its sensitivity and explore ways it can be protected or minimized.

IoT developers should think hard about what data they need to collect, and how long they need to keep it. The FTC’s guidance suggests that companies need to impose “reasonable limits” on the collection of consumer data, although what is reasonable in any given context is far from clear. In fact, it is unclear whether the FTC will even require these “reasonable” limits, as two of the five commissioners took issue with the staff report’s discussion on data minimization. Still, the prudent course of action is for IoT developers to consider this issue. The FTC’s guidance on data minimization is aimed at curbing the over-collection of data, especially when a company has no current use for it. Although the FTC acknowledges that companies have some flexibility to collect data for future use, this should not be the company’s default rationale, as it is unlikely to prove sufficient. Instead, IoT developers should work to tie any collection and retention of consumer information to a specific business need. Always ask the question: What is the minimum amount of data that must be collected in order to deliver the given product features? In answering that question, consider the risks posed by storing data in the product rather than the company’s systems or with third parties, and consider whether different retention periods should be implemented. The more a company can show that its data collection and retention are tied to a specific business need, the better its position will be if its practices are questioned. In particular, the FTC recommends that companies consider whether deidentified data could serve the business objective at issue. Keep in mind, de-identified data is not a risk-free solution. Take appropriate steps to properly de-identify data, and understand the risks of it being re-identified. Companies should think about creative ways to collect less intrusive data points that could accomplish a given business purpose. The FTC staff continued on page 33

jun/jul 2015 today’s gener al Counsel

Cybersecurity

General Counsel Must Discuss Cybersecurity With Their Boards By Ellen Canan Grady

ybersecurity has become an important topic of conversation in boardrooms, as the repercussions of highly publicized data breaches and cyber attacks become fully appreciated. The legal and regulatory landscape continues to evolve, with governments implementing data and consumer protection measures. No doubt, the time has come: General counsel, as advisors to directors,

must ensure that boards are exercising appropriate oversight of cyber risks. Here’s what in-house counsel should be discussing with directors now. WHAT HAPPENED TO TARGET

One of the first major cyber attacks was the data breach at Target Corporation in late 2013. The consequences, disclosed in the company’s 2014 annual report, illustrate the challenges that corporations

face following a serious cyber incident. In November and December of 2013, malware on Target’s point-of-sale terminals stole financial data from 40 million Target customers and personal information from 70 million Target shoppers. In the aftermath, more than 100 actions were filed against Target by investors and vendors seeking monetary damages. Three of the four major payment card networks filed claims,

today’s gener al Counsel jun/jul 2015

Cybersecurity

seeking reimbursement of fraud losses and operating expenses relating to the breach. Through 2014, Target reported total expenses of $252 million (partially offset by insurance proceeds of $90 million) and reserved an additional $171 million (with an additional expected insurance offset of $60 million) for future expenses associated with the data breach. On April 16, 2015, Target announced that it had reached a settlement with MasterCard Inc., in which Target agreed to reimburse about $19

porations should assess cybersecurity measures and how they must disclose and address cyber attacks. The result is a patchwork of fragmented and changing laws and regulations. A variety of federal agencies may be involved in a data breach situation. Public companies that sustain a cyber attack may be subject to an SEC enforcement action relating to the corporation’s disclosures about its data protection measures and preparedness. Corporations also may be subject to civil action by the FTC, which, as of

New laws and regulations are being enacted by states and federal agencies. The result is a patchwork of fragmented and changing laws and regulations.

million to financial institutions that had issued MasterCard-branded credit cards that were part of the data breach. More settlements are likely to follow. Target’s president and chief executive officer was forced to step down in May of 2014. Meanwhile, the company is the subject of numerous investigations by state and federal agencies, including the SEC, the Federal Trade Commission and various state attorneys general. These regulatory actions may subject Target to additional fines, monetary penalties or damages, injunctive relief, increased regulatory oversight, and additional compliance and data security costs. Target also reported weaker than expected sales and a loss of consumer confidence as a result of the breach. The reputational loss that Target suffered will have long-term negative consequences for a department store chain once praised for an innovative customer experience. As general counsel begin to understand the long-term ramifications of a cyber attack, they also must grapple with an evolving regulatory and legislative landscape. New laws and regulations are being enacted by states and federal agencies to address how cor-

September 2014, had brought 50 enforcement actions against corporations arising out of data security issues. Although the FTC has no specific authority to regulate data security practices, it uses its broad authority under Section 5 of the Federal Trade Commission Act, which prohibits “unfair and deceptive acts or practices,” to take legal action against companies for failing to abide by stated privacy practices or implement reasonable data security measures. Notably, in April 2014, a U.S. district court in New Jersey denied Wyndham Worldwide Corporation’s motion to dismiss an FTC civil action relating to three data breaches that resulted in the disclosure of 619,000 credit card accounts of Wyndham guests. The court found that the FTC had authority under Section 5 to bring the case, and the complaint set forth sufficient allegations of unfairness and deception to survive a motion to dismiss. Corporations in healthcare also may be subject to additional fines, penalties, audits and lawsuits if data is disclosed in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Laws governing data protection are changing. Most states now have laws mandating the protection and disposal of personal information by corporations. Under these laws, private companies may be required to implement and maintain reasonable security procedures to protect personal information from unauthorized access, use, modification or disclosure. Some states mandate the disposal of records containing personal information when information is no longer needed for business purposes. Federal legislation is likely. Proposed data security legislation that would establish broadly applicable data security requirements for private corporations, and consumer notification standards for corporations that sustain a breach of consumer data, was passed by the House of Representatives on April 22 of this year. That bill, which is supported by the White House, is similar to a measure that has been approved by the Senate Intelligence Committee and will likely be considered by the Senate. Thus, in addition to fielding the serious consequences associated with a cyber attack, general counsel should be familiar with and advise directors about the evolving cybersecurity regulatory and legal landscape. DIRECTOR FIDUCIARY DUTIES

The role of the board of directors in addressing cybersecurity risk arises from directors’ fiduciary duties of care and loyalty to the corporation and its shareholders. Generally, under state corporate law principles, decisions made by directors will be afforded deference and a presumption of validity under the business judgment rule, provided that the board acts on an informed basis, in good faith and in the belief that the action taken is in the best interests of the company. The role of directors in exercising their fiduciary duty of care over cybersecurity is one of oversight and monitoring, and the process it follows is important. General counsel should ensure that directors have adequate information in advance of any decision-making, and a reasonable opportunity to review and continued on page 37

jun/jul 20 15 toDay’s gEnEr al counsEl

E-Discovery

Pending Changes in Federal Rules will Change E-discovery By Sean Byrne

hanges to the United States Federal Rules of Civil Procedure, scheduled to go into effect in December of this year, will increase the courts’ focus on making discovery proportional to the needs of the case. This is welcome news for litigants, who have long been frustrated with the high costs of discovery. Adjusting to these changes will require the legal profession to deepen its understanding of technologies, the ESI sources in client environments and the e-discovery tools lawyers use to tame them. Counsel will need to better articulate this understanding in their conversations with clients, opponents and courts. The good news is that compliance with the new rules will help attorneys give clients what they’ve always wanted: Fast, definitive answers about the risks and expenses they face. COOPERATION AND PROPORTIONALITY

The proposed changes will make courts and both parties explicitly responsible for ensuring that litigation is “just, speedy and inexpensive.” This will require more cooperation between parties throughout litigation. Courts and litigants alike have been frustrated by disproportionate discovery costs. The high cost of discovery effectively bars individuals and small and mid-sized businesses from using the court system to protect their interests, even against suits without merit. In addition, litigants with poor facts can (and often try) to ramp up discovery costs to force a party with an otherwise meritorious case to settle. In an attempt to address these issues, the new Rule 26(b)(1) will require discovery to be “... proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery

in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.” Magistrate Judge Elizabeth Laporte (N.D. Cal.), speaking at a recent judges’ panel, said judges would like to see parties better frame the question of how relevant is the information being sought, and what is the fastest, most efficient and least costly way to get it. The way to win, she argued, is to show the judge that you have the most reasonable proposal. This means litigants must come to court armed with detailed data about their data. If they do not, they could find themselves saddled with onerous orders and no way to mount an argument based on fairness or proportionality. PREPARE FOR PRE-DISCOVERY

Changes to Rule 16 will encourage judges to manage cases early and actively. The

management will include an initial pre-discovery conference, where the judge confers with the parties, preferably in person, about the timing and needs of the case. This codifies the efforts of many district court and magistrate judges, including J. Laporte and Magistrate Judge Andrew Peck (S.D.N.Y.), who already employ e-discovery-specific standing orders. Large state court systems, such as Illinois, have also put into effect e-discovery rules that mirror their federal counterparts. Attorneys in all jurisdictions will essentially be forced to have a deep understanding of their client’s digital universe in time for the pre-discovery conference. These changes dictate that early case assessment (ECA) technology needs to move beyond counting the number of documents per custodian, to where it gives attorneys real insight into what the documents say. They will need to know what the timelines are,

TODAY’S GENER AL COUNSEL JUN/JUL 2015

E-Discovery

what evidence there is, and what information is missing. That way, litigants and their legal teams can realistically assess the strength or exposure of their case, and estimate how much cost and effort will be required to respond to proposed discovery requests. Such insights are crucial to discussions with opposing counsel and the court about the benefit or burden of discovery requests. However, many e-discovery technologies are simply too slow, too incomplete and too inflexible to give legal teams the information they need. In the eyes of many legal practitioners, data collection, processing, analysis, and culling are low-value, straightforward operations that have little bearing on the outcome of the case. They hold on to the dated notion that downstream review, when highly paid attorneys get involved, is when the real action starts. They could not be more wrong. Even under the current Federal Rules, mistakes and data quality issues often lead to problems so severe that they can’t be fixed in review, or they may be discovered so far downstream in the process that addressing them becomes prohibitively expensive. “The biggest risk,” says forensic technologist Craig Ball, “is the risk of missed information. If the other side finds something you failed to produce, you’ll be blindsided. You’ll look like you’re hiding evidence and you’ll overlook helpful witnesses and crucial evidence for your side.” But if the early stages of discovery are important, so is the choice of e-discovery technology. Among software tools, there is considerable variation in the speed and accuracy with which they can process ESI, the types of data they can handle, and the flexibility they offer in managing it. When the new rules come into play, it will become that much more clear that the old mindset of “process it all and let the lawyers sort it out in review” is deeply flawed. Parties will require fast, in-depth knowledge of their ESI and its contents. This will put them in position to argue that the other side’s discovery requests are overly broad, onerous, or disproportionate. It may, for example, save them from agreeing to terms or file types that will return millions of mostly irrelevant documents. This means the speed at which e-discovery technology can process ESI is crucial.

Litigants will no longer have months to prevaricate about discovery issues. If their technology cannot provide early insights into data, in most cases within weeks, they are at a considerable disadvantage that may echo all the way through the litigation. E-discovery software will need to be able to handle all common types of ESI and as many uncommon ones as possible. A discovery tool that cannot quickly and efficiently process major data sources will keep litigants from being able to get a complete and timely picture of their case. For example, many e-discovery tools can process only Microsoft Outlook PST files. But organizations use a variety of email and productivity applications. Other email systems such as IBM Lotus Notes, Novell Groupwise, Apple Mail, and Microsoft Entourage are rarely supported by e-discovery software. A common workaround is to convert these files into PSTs. However, the conversion process may lead to data or metadata being lost or misrepresented, with serious consequences. An error as simple as an incorrectly interpreted timestamp or time zone offset could lead to items appearing out of chronological order or being excluded from date range searches. People often start sensitive conversations on company email but move to a channel they consider more secure and less permanent, such as SMS messages, Skype, instant messaging, Snapchat, Facebook Messenger, or a personal webmail service. These channels are more secure in the sense that they are often outside the control of the company, many litigators do not consider them during custodial interviews, and the majority of e-discovery tools cannot properly handle them. However, combining email and documents with text messages, phone records, instant messages and other communications into a single timeline is the only way to give the legal team a complete picture of the communications between, and activities of, custodians. THE OLD WAY WON’T WORK

Traditional discovery leaves ESI minimization to the review stage, when legal teams use techniques such as predictive coding to reduce the number of documents human reviewers must read. This misses a prime

opportunity to surface key documents earlier and reduce time to knowledge. Even at the earliest stages of discovery, analytics can turn a large disparate data collection into neatly organized batches of information tailored to specific types of reviewers. Platforms with comprehensive auditing and reporting functions can help legal teams tell the court an easy-to-follow story that can clear a path for truncated discovery and more realistic timelines. However, when it comes to quickly progressing from a bewildering array of information to highly relevant details, nothing beats data visualization. Timelines and date trend charts can quickly identify key events, when they happened and who was involved. Communication networks and link analysis can reveal unknown but important witnesses or custodians. The customary separation between the processing and review stages of discovery is another hurdle. Exporting data from the processing tool and setting up a review environment are wasteful extra steps and potentially damaging when you need to know the facts in time for a prediscovery conference. The new Federal Rules will require litigants and legal services providers to rethink the way they handle discovery on a broad scale. This is a tremendous opportunity for law firms and litigation support vendors to deliver real value to their clients by helping them adapt to the more efficient discovery model the rules changes seek to create. ■

Sean Byrne is head of eDiscovery Solutions, Nuix North America. He has worked as a trial attorney, e-discovery counsel, general counsel, e-discovery director and consultant. He is a certified e-discovery specialist and licensed to practice law in the state of Illinois. Since 2009, he has co-chaired the Technology Subcommittee of the Seventh Circuit Electronic Discovery Pilot Program Committee, which works to reduce the rising burden and cost of discovery in litigation. sean.byrne@nuix.com

JUN/JUL 20 15 TODAY’S GENER AL COUNSEL

E-Discovery

Law Schools Lag in Teaching E-Discovery By William Hamilton and Michele C.S. Lange

echnology has upended the practice of law. Documents have given way to electronic files containing layers of metadata. Boxes of paper documents have given way to unimaginable terabytes of data. “Eyes on” review has given way to technologyassisted review and predictive coding. While lawyers and law firms struggle with these changes, what are law schools doing? How can law schools prepare students for the challenges that their graduates will face as soon as they leave campus?

One way to understand how law schools are addressing the digital revolution is to look at how they are teaching e-discovery. Kroll Ontrack analyzed the public websites of 193 law schools to get a glimpse of the state of law school e-discovery education. The survey results (available at www. ediscovery.com) revealed that the law schools offered four distinct levels of e-discovery education. Starting at the bottom, the first level has no e-discovery courses. The second offers a basic introductory course on

e-discovery law. The third features courses that contain a significant practical lawyering component, such as the actual drafting of litigation hold notices and mock Rule 26(f) conferences. Finally, the fourth level of e-discovery education features courses that also contain data handling, processing, and analytical work with actual e-discovery software. Astoundingly, 15 years into the ediscovery epoch, 125 U.S. law schools offer no e-discovery courses. Most of the 69 schools with e-discovery courses

toDay’s gEnEr al counsEl jun/jul 2015

E-Discovery

followed the traditional case law teaching methods. A small percentage of the 69 schools offered courses with practical lawyering exercises. And only eight schools were at level four, offering hands on experience with actual e-discovery tools. Why are law schools paying minimal attention to e-discovery when e-discovery expenses are often half or more of the total cost of litigation? the ADJUNCt APPROACh

The first answer is, the (necessary) reliance on adjunct professors. Most law professors began their academic careers after private practice or a judicial clerkship that pre-dated the e-discovery revolution. Most law schools lack tenured (and even non-tenured) faculty who are comfortable and skilled in the constantly evolving field of e-discovery. Thus law schools, to teach e-discovery, typically rely on adjuncts – litigators who have e-discovery experience or judicial officers who have actually seen e-discovery in their courtrooms.

Why are law schools paying minimal attention to e-discovery when ediscovery expenses are often half or more of the total cost of litigation? An adjunct’s time is limited. Adjuncts have “day jobs” running cases, attending hearings and trials, and supervising staff. But teaching an e-discovery course takes hours of preparation. Class lessons and learning objectives must be defined. Engaging examples must be utilized to illustrate legal principles. Class participation must be encouraged by thoughtful and provocative questions. Teaching classes that offer practical lawyering skills requires a substantially

greater commitment. Designing good mock problems is hard work. And developing a mock Rule 26(f) conference that, for example, divides the class into role playing groups is even more ambitious. Student drafts and submissions must be evaluated and graded. Finally, level four courses that provide e-discovery software experience require immense dedication to create, teach, and grade weekly data sandbox exercises. Genuine e-discovery education requires a working knowledge of basic technologies. We wouldn’t teach someone to write without providing a pencil and paper. Similarly, students need a basic grounding in data information, codes, and technologies to navigate e-discovery. Teaching e-discovery case law is important, but real e-discovery education requires practical lawyering exercises and real work in the data sandbox. thRee SUGGeStIONS

Law schools need to stress the importance of e-discovery. The legitimacy of our dispute resolution process is at stake. E-discovery should be a mandatory course for litigation track lawyers, and law schools should provide a robust e-discovery module in their basic civil procedure course. Law schools should invite representatives from law firms, corporations, technology providers and the government to discuss the importance of e-discovery and the career opportunities e-discovery presents to students.

Law schools and e-discovery professionals should partner to foster better e-discovery learning. To accomplish this, law schools can choose to cultivate cadres of adjuncts who teach e-discovery. The e-discovery adjunct team can develop courses together, share instructional design responsibilities, and alternate teaching both elementary and advanced courses. Alternatively, law schools can provide access to ediscovery education by encouraging transfer credits from ground and online courses at law schools with more robust programs. Further, e-discovery software and service providers should work with law school adjunct teams to provide software exercises and experience. Like

the practice of e-discovery itself, teaching e-discovery should be a partnership.

Law students need to embrace the value of e-discovery education. Ironically, rather than seeing e-discovery as a bright pathway to a variety of career options, too many law students shy away from e-discovery, falsely seeing it as “too techie,” or as “litigation support” and not real lawyering. However, clients want real litigators who can rapidly assess risk and exposure and who possess the skills to manage cases, control costs, and get to the important documents quickly. E-discovery experience also provides students with alternative career pathways, opening new doors at law firms, corporations, technology providers or consultancies. The historical model that sent an aspiring lawyer to law school to learn “to think like a lawyer” and then join a law firm to learn the practice of law is no longer applicable. Today, the aspiring lawyer must learn and practice at law school the e-discovery skills needed to carry our civil dispute resolution process into the 21st Century. ■

William Hamilton is the executive director of the E-Discovery Project at the University of Florida Levin College of Law. He also is the provost of Bryan University and the National Litigation Partner for Quarles & Brady LLP. william.hamilton@quarles.com

Michele C.S. Lange is a director of Legal Technologies in the ediscovery. com product line for Kroll Ontrack, a global e-discovery software and services provider based in Minnesota. mlange@krollontrack.com

jun/jul 2015 today’s gEnEr aL counsEL

Labor & Employment

How to Navigate the Treacherous World of Social Media By Armin J. Moeller, Jr. and Ashley Eley Cannady

mployee use of Facebook, Twitter, LinkedIn and other social media has increased dramatically in the last decade. At the same time, we’ve also seen increased interest in employment decisions based on social media by the National Labor Relations Board (NLRB), as well as the Equal Employment Opportunity Commission (EEOC). Until recently, many employers would not have considered the NLRB when deciding whether to discipline or terminate an employee whom they believed had engaged in inappropriate social media behavior.

There is no doubt that social media is an established and continually evolving feature of personal and business interactive communications. The statistics are staggering. As of December 31, 2014, Twitter had 284 million active users. Facebook reported 1.39 billion. More than 30 billion photos have been shared on Instagram, with an average of 70 million per day. LinkedIn boasts that more than two professionals sign up for LinkedIn every second. These numbers increase daily and demonstrate just how many employees use social media – often during

working hours. Although social media is referred to as a “virtual water cooler” in the workplace, this analogy does not convey the fact that social media posts reach hundreds, or even thousands of people. It also does not reflect the reality that people tend to “speak” much more freely on social media platforms than if they were face-to-face. Employers are concerned, and their concerns are justified on the basis of legitimate business reasons. The NLRB is the leading regulatory agency addressing to what extent an employer can discharge or discipline

today’s gEnEr aL counsEL jun/jul 2015

Labor & Employment an employee based on social media postings. Employers cannot prohibit, terminate, or discipline an employee for using social media to complain about working conditions if the complaint is on behalf of others or other employees join in the discussion. In late 2010, the NLRB filed a complaint against an employer claiming that the termination of an employee violated Section 7 of the National Labor Relations Act (NLRA) because the employee’s Facebook postings constituted “protected, concerted activity.” Since then, the NLRB has aggressively pursued cases such as this,

However, not every communication is protected, and the more outrageous the comment or profane, the less likely it is to receive protection. The determination may involve a balancing test, as in the August 2014 Triple Play Sports Bar decision. In that case, the Board rejected the employer’s argument that the employee’s comments lost protection because they were profane and maliciously false. Posts that have lost protection have included slanderous or libelous statements, statements regarding certain confidential/proprietary information, comments about individuals unrelated

Although social media is referred to as a “virtual water cooler” in the workplace, this analogy does not convey the fact that social media posts reach hundreds, or even thousands of people. challenging employer firings and policies, frequently in non-union settings. Section 7 of the NLRA gives employees the right to engage in protected, concerted activities for the purpose of “mutual aid and protection,” such as addressing working conditions. Section 8(a)(1) of the NLRA prohibits employers from disciplining employees for engaging in protected, concerted activity or “Section 7 activity.” An activity is concerted when the employee acts “with or on the authority of other employees, and not solely on behalf of the employee himself.” Accordingly, for a social media posting to be “concerted,” an employee must be posting with other employees or posting alone, but on behalf of other employees. An individual gripe has the potential to become protected if even one employee “likes” it, as illustrated by a recent NLRB decision. The posting or comments must relate to the terms and conditions at work or otherwise be for the employees’ “mutual aid and protection.”

to the work environment, or comments that are deemed “so opprobrious” as to lose protection. The NLRB’s general counsel has issued three social media reports that outline its position regarding policies and discipline or termination decisions. The most recent memorandum was issued in May 2012. The following social media posts were found to be protected concerted activity: • Complaint about the quality of snacks served at a BMW customer event because it impacted his commissions. • Post about employer not issuing paychecks on time. • Employees’ comments about the manager after being counseled for closing the store early because they felt unsafe leaving at closing time.` • A post about a co-employee, where five other employees commented on the post and generally complained about working conditions. In contrast, the following posts were found to be unprotected:

• Use of social networking site to communicate information regarding union activities and noting that employees might withhold patient care for certain reasons. • Employee’s response to a non-employee’s question about the employer’s tipping policy • Facebook comments about the employer’s mentally disabled clients. In addition to carefully scrutinizing “Facebook Firings,” the NLRB also reviews employers’ social media policies to ensure that they do not “chill” concerted activity. An employer violates Section 8(a)(1) of the NLRA if it maintains a work rule, including a social media policy, that “would reasonably tend to chill employees in the exercise of their Section 7 rights,” per the NLRB’s 1998 Lafayette Park Hotel ruling. A policy is unlawful if (1) it facially restricts Section 7 activities, (2) employees would reasonably construe the language to prohibit Section 7 activity, (3) the policy was enacted in response to Section 7 activity or (4) the policy has been applied to restrict the exercise of Section 7 activity. The May 2012 memorandum also contained what purported to be an approved policy. However, although it appears the NLRB provided safeharbor language, administrative law judges and courts are not bound by the NLRB general counsel’s apparent approval. Indeed, administrative law judges and the Board have, in reported decisions, subsequently ruled that substantially similar language violated the NLRA. Drafting a social media policy that complies with the NLRB’s shifting, expansive requirements is challenging. Policies should be narrowly tailored to protect an employer’s legitimate business interests. Many policies that the NLRB has upheld contained specific, defined terms as opposed to general and overly broad terms. For example, the decisions make clear that failing to define what is “confidential” can render a provision invalid. Employers may

jun/jul 2015 today’s gEnEr aL counsEL

Labor & Employment

also consider adding language to explain that it does not intend to restrict employees’ Section 7 rights. Again, the key to developing a legally compliant policy is using specific but simple terms that a typical employee can understand. Although the NLRB has taken the lead in developing social media law, a prudent employer must also consider the EEOC and the statutes it enforces. In addition to reviewing the activity of current employees, many employers use social media sites such as Facebook, MySpace, Twitter, and LinkedIn to screen applicants. Under the various federal anti-discrimination laws, covered employers may not screen applicants or terminate or discipline an employee in a way that results in discrimination or retaliation. While most employers recognize that information regarding an individual’s protected status should not be solicited during the hiring process, few understand that uncovering such information on social media sites, even inadvertently, may be viewed as doing just that. Facebook displays users’ birth dates and photos, and that may reveal an applicant’s protected status, even if the employer does not collect the information on its application. Having access to this information can force the employer to prove a negative: that it had knowledge of the information, but did not use it. Similarly, employers that monitor their employees’ use of social media may inadvertently learn of an employee’s protected status, inviting claims of discrimination or retaliation. For example, an employer obviously could not terminate an employee for a Facebook post about the virtues of a religion or because the employee submitted a post opposing discrimination. Reliance on social media postings also can give rise to claims that members of one protected class are favored over another. In Marshall v. Mayor and Alderman of City of Savannah, Ga., a female firefighter was disciplined after posting pictures of fellow firefighters next to revealing photos of herself on

MySpace. She claimed that she was treated differently than males who engaged in similar conduct. Another example would be the applicant or employee who discusses a medical condition on social media and reveals information that implicates the Americans with Disabilities Act or the Genetic Information Nondiscrimination Act of 2008 (GINA). Employers also run the risk of disparate impact liability by relying on social media. While many employers utilize social media to recruit or to learn more about candidates, not every candidate has a social media presence. Relying on social media may result in a disparate impact on those without a profile. For example, older candidates may be less likely to have a LinkedIn profile or Facebook page. Despite the potential pitfalls for employers, employees can help promote an employer’s business with social media. This gives rise to yet another issue for employers to keep in mind: whether non-exempt employees should be compensated for time spent sending work-related transmissions from home. The Fair Labor Standards Act requires employers to compensate employees for time worked and to pay non-exempt employees overtime for hours worked in excess of 40. Since the term employ is defined as “to suffer or permit to work,” employees who perform work not specifically requested by the employer, but allowed, must be compensated for that time. At least one federal appellate court has held that time spent by employees at home sending work-related transmissions may be compensable. Thus, employers should consider whether to allow employees to make promotional posts during non-working hours or to enact a policy requiring employees to track time spent making such posts. In order to minimize liability, employers should consider carefully who should perform any searches, and their timing. Some employers hire an outside vendor who can filter any information that cannot be lawfully considered. However, employers must

ensure that they are in compliance with the Fair Credit Reporting Act before hiring an outside company to perform such a search. Delaying a search until after initial interviews are conducted also helps refute allegations that protected information was wrongfully considered. Social media and its impact on labor and employment law is constantly changing. The temptation to access such a vast source of information is too great for many employers to resist, but serious consideration must be given before making any employment decision that involves information gained from social media. Social media policies, including those related to discussing compensation, should be reviewed regularly in conjunction with judicial decisions or guidance issued by regulatory agencies, in order to assure compliance with the developing law of social media. ■

Armin J. Moeller, Jr., is a partner in the Labor & Employment Practice Group at Balch & Bingham. His practice focuses on labor relations and employment law issues, as well as health law, business litigation, arbitration and contracts. amoeller@balch.com

Ashley Eley Cannady is an associate in the Labor & Employment Practice Group at Balch & Bingham. Her practice focuses on defending employers and management in employment-related disputes before courts and administrative agencies. She also advises employers on how to avoid work-related legal exposure. acannady@balch.com

today’s gener al Counsel jun/jul 2015

Cybersecurity

Internet of Things continued from page 23

report uses the example of a company collecting zip code information instead of precise geo-location data. Companies should also periodically reassess whether there is a legitimate business need to continue to retain previously collected data. sECURITY TEsTING AND AFTERLAUNCH MONITORING

The staff report suggests that the FTC will have little tolerance for a company that subjects consumers to unnecessary data privacy and security risks because it failed to test its security measures before the product’s launch. Build adequate time into the development cycle. IoT products should not

the FTC seems willing to let companies “reasonably” limit the afterpurchase monitoring they provide, it cautions that companies should “weigh these decisions carefully.” Making these decisions as early in the product development cycle as possible will help IoT developers ensure that any representations in the marketing plan match the actual security being provided – a major area of potential liability. Although it’s left unmentioned in the staff report, IoT developers (like any company storing consumer information) should have a data breach response plan in place. Companies that already have a breach plan should assess how their IoT products may necessitate changes in the existing plan.

A security assessment that was ignored would be exhibit one in any suit or enforcement action against the company. be rushed to market without testing, or with known risks and a plan to patch vulnerabilities later. Like the privacy and risk assessment, any pre-launch security testing should be carefully structured and involve outside counsel, as well as the company’s own security teams. In addition to helping keep much of the information privileged, this will help ensure that the security testing addresses the issues identified in the assessment. Companies also need to consider the extent to which they will continue to monitor the product’s security after launch. The FTC wants companies to continuously monitor their products, and to patch known vulnerabilities. Consider these issues early in the product development cycle to determine whether elements of the product’s design will make implementation of this best practice feasible or more affordable. While

For example, consider whether the product is collecting new information, such as different notice requirements, that may trigger different legal obligations in the event of a breach. Assess whether the personnel who are tasked with responsibilities in the event of a breach, including outside vendors, are best suited to deal with a breach involving the IoT product. People with knowledge of the product and systems are critical in any breach response. IoT developers that don’t already have a breach plan should work with outside counsel to create one, tailored to the specific data being collected. There is no one size fits all, and to develop a plan that will adequately and quickly address the threats posed by a breach takes time. It certainly should not be attempted for the first time in the aftermath of a breach. A response plan should be designed and tested

before a breach occurs. These are just a few suggestions to help companies develop IoT products in compliance with the FTC’s recent guidance. Left unmentioned are suggestions for how to implement the FTC’s other best practices, each of which warrants attention. These include the FTC recommendation to implement a security-in-depth approach that provides consumers multiple layers of protection, and critically important FTC guidance on notice and choice for data collection for IoT products. Above all, what should come across here is that, from the outset, IoT developers need to pay close attention to the privacy and security issues posed by their products. The FTC certainly will. ■

Douglas H. Fleming is a principal at Riddell Williams, in the Product Liability group. He has decades of experience representing clients in product liability, including health and safety issues surrounding consumer electronics. He also has extensive experience working on the development of AR/VR technology, wearables and other IoT devices. dfleming@riddellwilliams.com

James H. Wendell is an associate at Riddell Williams, in the Privacy and Data Security Group. He has represented companies nationwide regarding privacy and cybersecurity, including data breach response investigations and compliance with state data breach notification laws. He has written numerous articles on privacy and cybersecurity issues. jwendell@riddellwilliams.com

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Labor & Employment

Supreme Court Leaves Pregnancy Discrimination Claim Unresolved By Philip R. Voluck

n March of 2014, the U.S. Supreme Court handed down its first pregnancy discrimination decision since 1991, purportedly to address an employer’s obligation to accommodate pregnant employees under the Pregnancy Discrimination Act (PDA), in particular by assigning the employee light duty if requested. The Court has already held that Title VII of the Civil Rights Act of 1964, as amended,

“prohibits an employer from discriminating against a woman because of her capacity to become pregnant.” The issue was first brought to the Court’s attention by Peggy Young, a driver for UPS. After Young became pregnant, she developed a pregnancyrelated condition. Young’s physician approved her return to work, subject to a 20 pound lifting restriction. As a result, Young requested that she be able

to perform “light duty” instead of her normal driving responsibilities. Young’s request for light duty was denied under a policy contained within a collective bargaining agreement negotiated with Young’s union. The policy provided that light duty was available only to employees injured on the job and to others accommodated under the Americans with Disabilities Act, as amended. Young did not fall under either category.

today’s gEnEr aL counsEL jun/jul 2015

Labor & Employment Young claimed UPS violated the law by failing to provide her the same accommodations as employees with similar limitations who weren’t pregnant. Following a trial, the lower court denied Young’s claims and found in favor of UPS because, according to the lower court, its policy was based on “gender-neutral,” “pregnancy-blind” criteria, such as whether an employee was injured on the job or off the job. Such criteria, declared the lower court, are eminently lawful under the PDA. Unfortunately, the court did not resolve the issues before it. Justice Breyer, who wrote the decision for the 6-3 Supreme Court majority, found there was not enough evidence to make an informed determination. Expected to provide the definitive word on pregnancy discrimination, the Court instead issued a non-decision. The lower court’s decision was thrown out and sent back for further analysis consistent with the Supreme

The Supreme Court did hold that Young can prevail in the lower court if she can show that she was denied accommodations given by UPS to others similar in their ability to work, and that the UPS policy

Despite its browbeating by the Court, the EEOC guidance remains in effect and likely remains definitive for now. imposes a significant and unjustified burden on pregnant workers. According to Justice Breyer, Young can make that showing by providing evidence that the employer accommodates “a large percentage of nonpregnant workers while failing to accommodate a large percentage of pregnant workers.” Many observers, including the EEOC and the ACLU, see the Court’s decision as a clear win for women

The Supreme Court held that Young can prevail if she can show that she was denied accommodations given to others similar in their ability to work… Court’s interpretation of how the legal issues should be addressed. The Supreme Court found that the decision rendered by the lower court could not be properly reviewed because its underlying legal analysis was flawed. It failed to properly apply the appropriate burden-shifting legal thresholds. In other words, the Court determined that the PDA requires the lower court to decide whether UPS’s policy had a “disparate impact” on Young that could not be justified by the reasons cited by UPS in support of its policy – i.e., a union-negotiated policy and past practice. As a result, the case now sits with the lower court.

lower court’s analysis took a wrong turn, by failing to undertake a disparate impact analysis. An employer’s obligations towards pregnant employees have historically been marked by misunderstanding and

and families and a significant win for the rights of pregnant workers. The EEOC’s praise of the decision is rather interesting given the Court’s offhand dismissal in its decision of the EEOC’s 2014 Pregnancy Guidance as “inconsistent with positions for which the Government has long advocated” and faulting it for not explaining the basis of the Guidance. In deciding whether the UPS socalled “pregnancy blind” light duty policy is lawful, the Court looked to several federal statutes addressing pregnancy discrimination in the workplace, in particular Title VII of the ADA, and the PDA. It is here that, according to the Court, the

confusion. The Court’s decision obviously does nothing to remedy this, basically leaving employers to continue to treat pregnant employees on the same basis as those with other disabilities. Congress enacted the PDA to make clear that discrimination based on pregnancy, childbirth, or related medical conditions is a form of sex discrimination prohibited by Title VII. Despite the issuance last year of the EEOC’s Pregnancy Discrimination Enforcement Guidance, employers have been asking for further clarity from the EEOC and the Court regarding their precise obligations to pregnant employees. While pregnancy is not considered a disability under the ADA, pregnant workers and job applicants are not excluded from its protections. Changes to the definition of “disability” resulting from enactment of the ADA Amendments Act of 2008 make it much easier for pregnant workers with pregnancy-related impairments to demonstrate that they have disabilities entitling them to reasonable accommodations under the ADA. Such accommodations include allowing a pregnant worker to take more frequent breaks, keep a water bottle at a work station, use a stool, alter how job functions are performed, or receive a temporary assignment to a light duty position. Despite its browbeating by the Court, the EEOC guidance remains in effect and likely will remain the definitive word for now. That guidance makes it clear that employers are expected to accommodate pregnancy-

jun/jul 2015 today’s gEnEr aL counsEL

Labor & Employment

related conditions and not to treat employees suffering from these conditions differently than other employees. These conditions can include back pain, preeclampsia (pregnancy-induced high blood pressure), gestational diabetes, complications requiring bed rest, the after-effects of delivery, and any related disability that substantially limits one or more major life activity, construed broadly. Most notably, the guidance takes the position that employers are prohibited from discriminating against not only pregnant employees, but also against those who intend to become pregnant, or have been pregnant. This expansion is in line with several recently decided cases, with one court stating, “[i]t would make little sense to prohibit an employer from firing a woman during her pregnancy but permit the employer to terminate her the day after delivery if the reason for termination was that the woman became pregnant in the first place.”

the parameters of terms such as “past pregnancy” and “potential” to become pregnant. To avoid chaos and an increase of EEOC charges of discrimination, it should be made

An employer’s obligations towards pregnant employees have historically been marked by misunderstanding and confusion. abundantly clear what, in addition to allowing for “light duty” work under certain circumstances, employers must affirmatively do to be on the right side of the law. Employers should not expect a decision from the court of appeals anytime soon. The losing party will very likely ask the Supreme Court to review, adding even further to the

Unionized employers should immediately review any current collective bargaining agreements to assure that no section may be deemed unlawful as it relates to pregnancy. Thus, women must not be discriminated against with regard to job opportunities or benefits because they might get pregnant, are undergoing infertility treatments, or use contraceptives. Adverse action based on safety concerns, such as involuntarily moving a pregnant employee to a less stressful but lower compensated position, or banning fertile women from jobs with exposure to harmful chemicals, is also prohibited. Regardless of the ultimate outcome in Young v. UPS, the decision will likely not contain nearly the comprehensive content of the EEOC guidance. Clarification from the EEOC is still needed to define

and practices are in full compliance. UPS certainly recognized the apparent danger in maintaining the policy challenged by Young, and it changed its policy even before the Court is-

need for understanding pregnancy discrimination. It is uncertain if the lower court in Young will expand the class of protected employees to include women who have been or potentially may be pregnant. As it stands today, the EEOC guidance remains in full effect, and employers can expect the EEOC to process and investigate charges of discrimination accordingly. It would be foolish for employers to simply wait for the Young decision to wend its way through the courts again, instead of proactively applying the guidance to workplaces both in training managers and supervisors, and ensuring business policies

sued its decision by broadening the scope of accommodations to pregnant employees. Notwithstanding the waiting game created by the Supreme Court, education, training and clearly worded policies that comply with the PDA and ADA should be developed and enforced now. Unionized employers should immediately review any current collective bargaining agreements to assure that no section may be deemed unlawful as it relates to pregnancy. Lastly, as the list of medical conditions related to pregnancy continues to expand, employers should err on the side of caution and assume that most, if not all, of their pregnant employees will have medical conditions related to pregnancy which will require accommodation. ■

Philip R. Voluck is the managing partner of the Blue Bell, PA office of Kaufman Dolowich & Voluck. He has concentrated his practice for the last 33 years in the area of employment practices liability defense, with a particular emphasis on handling claims of employment discrimination, retaliation and wrongful discharge. pvoluck@kdvlaw.com

today’s gener al Counsel jun/jul 2015

Cybersecurity

Boards and Cybersecurity continued from page 25

consider materials using an established governance process. Data breaches and cyber attacks against corporations are a relatively recent phenomenon, and there are few precedents that clarify when directors may be held liable for failure to oversee cybersecurity risk. However, a November 2014 federal court decision arising out of the Wyndham data breaches may offer some guidance.

assess cybersecurity risks, periodically review and prioritize them in the context of the corporation’s strategy and operations, and from time to time consider mitigation strategies to reduce risk exposure.

Governance It is the board’s responsibility to oversee implementation of a risk governance process designed to provide directors with timely and relevant information. A board committee (or the entire board) should be made responsible for overseeing cyberse-

Boards should discuss cyber risks at regularly scheduled board meetings, and cybersecurity management should be a part of their monitoring calendar. In Palkon v. Holmes, a New Jersey district court dismissed with prejudice a shareholder derivative suit against Wyndham and its officers and directors because the plaintiff failed to plead that the board acted in bad faith or failed to exercise reasonable business judgment, after the board refused the shareholder’s demand that it file a shareholder derivative suit. The federal court did not reach the merits of the case, but in a footnote it noted that the directors would be liable only if they “utterly failed to implement any reporting or information system . . . [or] consciously failed to monitor or oversee its operations thus disabling themselves from being informed.” The Palkon decision, while of limited precedential value in litigation, may offer comfort to corporate directors by suggesting that directors will be protected from liability if they in good faith oversee a governance system that permits them to periodically monitor the corporation’s cybersecurity compliance and risk mitigation strategies. WHAT GC CAN DO NOW

General counsel should approach the board’s oversight of cyber-attack and data-breach risk using existing board governance processes. These processes should permit directors to identify and

curity risk. Often this is audit committee responsibility, but some corporations establish a separate risk committee with responsibilities that include cybersecurity. Risk management and oversight should be included among the duties delineated in the charter of the committee charged with monitoring cybersecurity. Also, the nominating committee should ensure that the board of directors has among its members adequate technical and risk management experience to permit the board to assess the issues presented. Boards that lack this expertise may want to bring in a director who has it.

Assessment and Prioritization of Risk Directors should take an active role in understanding cybersecurity risk within the context of the corporation’s overall strategy and operations. Directors will rely on regular management reports, and where needed bring in outside experts to provide information for making wellinformed decisions. Boards should discuss specific cyber risks at regularly scheduled board meetings, and management of cybersecurity should be a part of their monitoring calendar. Boards should also ensure that the corporation has adequate personnel and financial resources to address and manage these risks. For some corporations, a

chief information officer or chief privacy officer may be needed as part of senior management. All boards of directors should ensure that there are adequate internal controls and a reporting system in place to address cybersecurity threats.

Risk Mitigation Strategies Directors should oversee the corporation’s risk mitigation strategies on an ongoing basis. They should be familiar with evolving best practices, such as the National Institute of Standards and Technology February 2014 “Framework for Improving Critical Infrastructure Cybersecurity.” Directors should also monitor the corporation’s emergency preparedness. It may take the form of a cyber-response plan, with procedures and protocols for responding to either an attack or the threat of one, and it should include a plan for testing information systems and processes. General counsel should review these plans to ensure that they are up-todate and reflect the corporation’s current processes and reporting systems. Boards of directors also should monitor company procedures and internal controls to ensure they comply with evolving cybersecurity laws and regulations. Finally, general counsel should provide the board with information about insurance, currently in place and potentially obtainable, which could be used to defray the significant costs of a negative cyber event. ■

Ellen Canan Grady is a member of the Cozen O’Connor firm, in the Philadelphia office. She has more than 25 years of experience counseling executives, directors, entrepreneurs and businesses in a variety of industries and stages of development. She also counsels on corporate governance issues, advising public companies on SEC and NYSE reporting, issuing of public company equity and debt, private offerings and corporate transactions. egrady@cozen.com

jun/jul 2015 today’s gEnEr aL counsEL

Labor & Employment

What the Pao Lawsuit Says About Diversity and Inclusion By Christina L. Lewis

closely watched gender discrimination suit came to a close when a jury rejected each of the four claims lodged by Ellen Pao, a former employee at venture capital firm Kleiner Perkins Caufield & Byers. Despite the outcome, the case has sparked a national conversation on workplace discrimination in the male-dominated world of Silicon Valley. The case generated headlines for months, thanks to Kleiner Perkins’ size and stature – this is a firm that helped launch tech behemoths Google and Amazon – and the salacious allegations that came out during the trial. The Pao case has many parallels with that of Pamela Martens, the Long Island stock broker who filed a class action suit against investment bank Smith & Barney in the late 90s. Though the suit was eventually settled out of court, Martens’ case – which featured tales of rampant misogyny – drew national attention to pervasive sexual discrimination on Wall Street and continues to highlight the importance of discrimination whistleblowers. Many employers will look at a case like that of Ellen Pao or Pamela Martens and say, “It would never happen here.” But regardless of a firm’s demographics or policies, covert and unintentional biases may exist. In the end, the best defense

against these types of cases is to prevent them, and prevention starts with a company-wide focus on diversity and inclusion. BEYOND COMPLIANCE

Because workplace discrimination is identified by standard bright-line tests that leave little room for interpretation, top management may feel protected when anti-discrimination policies and practices are firmly in place. But these policies on their own won’t prevent lawsuits from employees who feel isolated in the workplace due to a lack of diversity, or feel undervalued and overlooked due to things like age, gender, or sexual orientation. Sustained and meaningful investments in diversity and inclusion go a long way toward rooting out unintentional biases and preventing the feelings of disenfranchisement

that often lead to claims of outright discrimination, particularly in industries dominated by any particular group of people. Broadly speaking, when there is a lack of diversity in a company’s upper management, the risk rises for allegations of unequal opportunity and double standards. One area where this can play out is in performance evaluations, which may be influenced by the opinions and biases of the reviewer. As many studies on unconscious biases have proven, it’s in our nature to gravitate toward and give preference to people who look and sound like us, and that’s problematic when we’re tasked with giving impartial feedback. Evaluations of Ms. Pao, for example, characterized her as passive, quiet and ill-suited to the rigors of management. While the criticisms may

today’s gEnEr aL counsEL jun/jul 2015

Labor & Employment have been legitimate, the language suggests she may have been judged by a gender-based stereotype of leadership, which views characteristically male qualities of outspokenness and assertiveness as vital for success. At the same time, additional performance evaluations labeled Pao as “territorial,” suggesting a double standard for female employees: Dare to be too outspoken and you may be labeled as combative and resentful. Refrain from speaking up, and you are viewed as meek. Had there been a balance of male and female voices weighing in on Pao’s performance, her evaluation may have been different. Even if the content of her reviews were the same, bringing a diversity of perspectives into the process might have diminished perceived unfairness and prevented the lawsuit in the first place. BEYOND DIVERSITY

Retaining employees from a wide variety of backgrounds is a valuable business objective for reasons beyond avoiding lawsuits. Research shows that workplace diversity breeds greater creativity, innovation and productivity. A diverse organization is also better able to reach an increasingly diverse clientele. Thus it’s not surprising that to attract a diverse workforce, many companies have changed their recruiting practices. Among them are Kleiner Perkins, which claims that more than 20 percent of its partners are women, more than at many other highly regarded tech investors. While real strides have been made toward removing structural barriers to advancement for women and minorities, more progress is needed, including in the legal field. According to the American Bar Foundation, the percentage of female general counsel at Fortune 500 companies stands at 21 percent. But diversity is only half the puzzle, and many companies mistakenly believe that fostering diversity is enough. Once you attract diverse talent, how do you ensure that they

feel included and integrated in the workplace culture and supported in their career advancement goals? Performance evaluations are an important moment for employers to demonstrate their commitment to inclusivity and fair and unbiased assessment. At our firm, we have implemented a process for even-

unsponsored female peers to ask for a raise and 22 percent more likely to ask for “stretch assignments,” the projects that put them on the radar of the higher-ups. Acknowledging our differences and biases is uncomfortable, particularly in the context of our working relationships. But silence and

Silence and inaction can breed the anger and frustration that ultimately lead to expensive high-profile lawsuits like Ms. Pao’s.

handed performance evaluations through the retention of a Director of Talent Management, who designs evaluation forms with a goal of reducing unintended bias and collects evaluations from attorneys across demographics, often asking probing questions aimed at eliciting honest, fair, and valuable feedback. Mentoring and sponsorship are other essential tools for ensuring that employees feel supported in their professional development. The Diversity and Inclusion Committee at our firm has a formalized mentoring process that matches each employee with a mentor. This structured approach is not critical if a culture of mentoring is already in place, but what’s critical is that all employees feels they have a true sponsor, someone who will use his or her influence with senior executives to advocate for their advancement. The importance of mentors is magnified in organizations in which there is a lack of diversity in uppermost management. According to findings from economist Sylvia Ann Hewlett, women are less likely to have someone in the C-suite who will put their name forward and go to bat for them. Hewlett’s research also shows that women who do have sponsors are 27 percent more likely than their

inaction can breed the anger and frustration that ultimately lead to expensive, high-profile lawsuits like Ms. Pao’s. This is an important moment to take stock of how well we’re doing, not only in creating an environment free of discrimination and retaliatory behavior, but one that fosters cohesiveness. Though Kleiner Perkins prevailed in the courtroom, its reputation did not emerge unscathed. As for Silicon Valley, the time is right to take some of the disruptive thinking that it’s celebrated for and apply it to the industry’s approach to diversity and inclusion. ■

Christina Lewis is a partner at Hinckley Allen in Boston, the practice group leader for the firm’s Labor and Employment group and a member of the Diversity and Inclusion Committee. She counsels employers regarding virtually all facets of employee relationships, and is a litigator and trial attorney. clewis@hinckleyallen.com

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

WORK PL ACE ISSUES

DOL Will Narrow Overtime Exemptions By Tammy McCutchen

n March 2014, President Obama, declaring that Americans “have spent too long working more and getting less in return,” ordered the U.S. Department of Labor (DOL) to revise the white collar overtime exemption regulations, with a goal of making millions more workers eligible for overtime pay. President Obama’s announcement came on the eve of the 10th anniversary of the revisions to the overtime regulations published in 2004. The speculation and questions began immediately. When will the changes go into effect? What changes will DOL make? How will the changes impact my company? The timing has been delayed from initial plans to publish the proposed regulations in November 2014, but on May 5, 2015, DOL submitted its proposal to the White House Office of Management and Budget for approval. The public will not have access to the proposed changes during OMB’s review, which could take anywhere from two weeks to several months. Once OMB completes its review, the proposal will publish in the Federal Register and a public comment period will follow. Most likely,

Tammy McCutchen is a principal in the Washington, D.C. office of Littler Mendelson. She served as Administrator of DOL’s Wage & Hour Division from 2001 to 2004, and she was the primary architect of the 2004 revisions to the FLSA overtime regulations. tmccutchen@littler.com

DOL will give the public 90 days to file comments. Finally, DOL must prepare a “preamble” responding to the public comments, to be published in the Federal Register along with an economic cost-benefit analysis and the Final Rule. From the time the rules publish in the Federal Register, the regulatory process could take a year or more. During the Bush Administration, when I served as Administrator of DOL’s Wage & Hour Division, we published the last major overhaul of

the overtime regulations, in March of 2003. We received more than 75,000 comments during a 90-day comment period, before the Final Rule was published in April 2004, with an effective date four months later. If the Obama Administration were to publish the proposed regulations by June of this year and proceed with equal speed, the revised overtime regulations would likely be final by about July 2016 and become effective four months later, in November 2016.

today’s gener al counsel jun/jul 2015

Regardless of the timing, there can be no doubt that DOL’s proposal will seek to narrow the overtime exemptions in an effort to ensure millions of additional employees become eligible for overtime pay. The easiest way to achieve this goal is to increase the minimum salary levels that employees must earn to qualify for an overtime exemption. Today, the minimum salary level for exemption is $455 per week ($23,660 annually), increased in 2004 from the $155 per week set in 1975. It is a certainty that DOL will raise the salary level. Until stalling in 1975, DOL had raised the salary threshold for exemption every five to ten years. As the $455 level was set over a decade ago, an increase is appropriate. But rumor and speculation suggest that DOL could raise the minimum salary as high as $1,000 per week ($52,000 annually), which is well above the minimums required for exemption under New York ($656) and California ($720) law. Worse, in January, thirty House Democrats signed a letter to President Obama suggesting a salary threshold of $69,000. DOL is also expected to seek significant changes to the duties requirements for exemption. Both President Obama and Secretary Perez seem most focused on narrowing the exemption for managers in the retail and restaurant industries. Based on “listening sessions” that Secretary Perez has held with the U.S. Chamber of Commerce and other business groups, DOL seems to be considering two changes in particular that would narrow that exemption. First, DOL could revise the definition of “primary duty.” To qualify for an exemption, employees must have a primary duty of performing exempt work. Historically and currently, primary duty refers to an employee’s “principal, main, major or most important duty.” An employee’s primary duty is based on all the facts, “with the major emphasis on the character of the job as a whole.” The amount of time an employee spends performing exempt work is an

important factor. Employees who spend more than 50 percent of their time performing exempt work meet the primary duty test. However, under the FLSA, employees who spend less than 50 percent of their time performing exempt work may still qualify. DOL could propose to change this to a Californiastyle quantitative test: An employee who spends less than 50 percent of his/ her time performing exempt work can never qualify for exemption. Second, under the executive exemption, DOL may eliminate the concept of “concurrent” duties. The concurrent duties section recognizes the reality that

DOL’s proposal will seek to narrow exemptions to ensure millions of additional employees become eligible for overtime pay.

an employee can perform both exempt and non-exempt work at the same time. Concurrent performance of exempt and non-exempt work does not disqualify an employee from the executive exemption. An assistant manager can supervise employees and serve customers at the same time or simultaneously direct the work of other employees while stocking shelves. A high salary level coupled with a quantitative over 50 percent primary duty rule and elimination of the concurrent duties section would virtually eliminate the executive exemption for managers in the retail, restaurant and many other industries. Along similar lines, DOL could narrow the outside sales exemption which, in addition to a primary duty of making sales, requires only that an employee work away from the employer’s

places of business “customarily and regularly.” That means “a frequency that must be greater than occasional but which, of course, may be less than constant.” California, in contrast, requires exempt outside sales employees to work away from the employer’s places of business more than 50 percent of the time. Adopting the California rule for the FLSA would significantly narrow the exemption. What can businesses do to prepare for the new regulations? First and foremost, there is still an opportunity to impact what changes will be made, and do what can be done to limit changes to the current exemption. If you follow the wage and hour blog at littler.com/blogs, you will know immediately when DOL publishes their proposed regulations, what DOL is proposing to change, and how you can submit comments on the regulations. DOL needs to hear how their proposed regulations will impact your business. For example, how many employees will you have to reclassify or provide with a salary increase? How much will the changes cost your company? At the same time, you need to prepare to adapt to whatever changes the DOL decides on, and that process should be started before the regulations become final. In 2004, DOL gave employers four months to review their classifications and make changes. Since I’ve returned to private practice, I now know that reclassifications and implementing new compliance plans often takes much longer. As soon as the new final rules are effective, both DOL investigators and plaintiffs’ lawyers will be at the ready to shine the spotlight on any violations. My advice to employers: As soon as the proposed regulations are published, review the jobs currently classified as overtime-exempt based on the proposed regulations, to identify employees who may need to be reclassified. Then run some numbers on how much paying overtime will cost, and begin to design new compensation plans to minimize that cost. ■

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

T H E A N T I T R U S T L I T I G AT O R

Using Budget Analytics In Litigation By Jeffery M. Cross

he use of analytics is a hot topic today in the practice of law. Consulting firms are rushing to provide in-house counsel with various analytical tools to help manage outside law firms and litigation. Software companies are offering applications to facilitate the use of analytics. One law firm has developed a subsidiary to sell analytical services to law departments. I have been using analytics in litigation for almost 40 years, and I know they can be a powerful tool. However, they have strengths and weaknesses, and they must be properly applied. Budgeting is an extremely important analytical tool. What follows are some thoughts on its use. (Later columns will explore other types of analytics.) In my experience, budgeting that is merely a guess, even if informed by previous cases, is not helpful and may have unfortunate consequences. If the guess is too low, it can lead to unrealistic expectations. If too high, it can dampen enthusiasm for prosecuting a meritorious case or lead to a costly settlement of a matter that has valid defenses. Compounding the problem is the fact that most complex cases are unique. An estimate based on past

Jeffery Cross, is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com

experiences may not be applicable. Furthermore, litigation is unpredictable and the party trying to budget a matter does not have complete control. The court may impose unanticipated requirements, or the opposing side may take unexpected action. The most meaningful budget is one that attempts to identify every project that might be involved in a case, each member of the team that may be involved in each project, and the estimated hours for each team member. These hours can be multiplied by the team member’s billing rate and then added together to develop the budget. Budgets should be prepared early, but updated regularly. The initial budget should try to account for every possible

event. For example, if your client is the plaintiff, assume that your opponent will move to dismiss for failure to plead sufficient facts to state a plausible claim. Also assume that there will be discovery disputes and motions to compel. Budgeting should be undertaken in collaboration with in-house counsel, especially if the client’s staff attorney regularly supervises litigation or has litigation experience. In this way, it becomes a collaborative effort and in-house counsel will assume ownership of the process. One of the advantages of collaboration is that consideration of strategic options becomes part of the budget process. Even though the actual strategic decision may not be made for two or three years, beginning to think

TODAY’S GENER AL COUNSEL JUN/JUL 2015

through and discuss the issues helps to shape the case. For example, if the case is a class action and there is a belief that a realistic challenge to class certification could be mounted, budgeting for this prospect will dictate other steps needed, such as engaging class experts. In-house counsel should be engaged in decisions along the way that affect the budget. For example, a dozen depositions of the opponent’s employees might initially be contemplated, but a collective decision might be made that only half that number is necessary. In this regard, the budget should be reviewed often. In one antitrust class action matter in which I represented a major oil company, my total bill after four years of litigation came within $50,000 of a budget of several million dollars. The reason that this was possible was that staff counsel and I would regularly reconsider the budget and adjust it accordingly. Estimating the amount of time on a particular project is more an art than science. A research project may turn out

to be more complex than anticipated. The number of responsive documents to be produced may be greater than expected. Client/counsel collaboration on regular budget adjustments assures that the costbenefits of a task or strategy are analyzed. Budgeting on a project-by-project and person-by-person basis is also a tool to manage the litigation. Members of the litigation team have a benchmark against which to measure expectations. However, unless the client requires a guarantee or a flat fee, in-house counsel and the team leader should be flexible. If the project turns out to be more complicated than anticipated, then the team member can raise this fact with the senior partner who can, in turn, raise it with in-house counsel. The budget can then be adjusted or the project scope revised, or even abandoned. To facilitate using a budget as a management tool, billing should reflect the budgeted projects. In this regard, counsel should avoid “block billing” where a team member describes in a narrative everything that he or she did in a day

on the matter. Instead, individual entries should reflect discrete budgeted projects. To further facilitate using the budget as a management tool, the senior partner on a matter should insist that time sheets be prepared and entered into the billing system daily. The senior partner also needs the ability to access the billing system to track work being done against the budget. Detailed budgeting on a project-byproject and person-by-person basis, regularly updated and adjusted, is a timeconsuming process. Some clients require it, but do not permit outside counsel to bill for it. This is short-sighted. Permitting outside attorneys to recover for this time means they will fully embrace its goal to control litigation costs. Budgeting is a useful analytic tool to manage litigation, but to make it successful, it should be undertaken proactively. The budget should be revised often as the case progresses. Most importantly, it should be a collaborative project between in-house and outside counsel. ■

TO D AY S G E N E R A L C O U N S E L . C O M

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

THE LEGAL MARK E TPL ACE

So Many Options, So Little Time By Mark A. Cohen

“S

o many options, so little time” could well be the lament of general counsel, chief legal officers and others charged with engaging the services of lawyers. Not too long ago, it was a much simpler process: Select a law firm, send them the file, pay the invoice. No more. Technology – most notably e-discovery – globalization, the steady and cumulatively astronomical rise of legal fees, and regulatory issues, not to mention the global financial crisis of 2008 and its aftermath, have created a new landscape for lawyers and the clients they service. This was underscored by the Association of Corporate Counsel launch of its “Value Challenge” in the midst of the financial crisis. It was a clarion call

Mark A. Cohen is the CEO of Legalmosaic, a consultancy to service providers, consumers, investors, educators and new entrants into the legal vertical. Prior to founding Legalmosaic, he was co-founder of Clearspire, a legal service provider whose disruptive, proprietary IT platform and reengineered legal model garnered international acclaim. This followed his founding of Qualitas, an early entrant into legal process outsourcing. Earlier in his career, he was a civil trial lawyer. Currently he is an Adjunct Professor of Law at Georgetown Law Center and a frequent blogger and public speaker. markacohen@legalmosaic.com

by its membership for large law firms to bridge the “cost-value” divide and to provide enhanced value for their services. It is against this backdrop that the aforementioned options arose. A snapshot of the new landscape includes the following reference points: A proliferation of legal service providers. Unlike law firms that are strictly regulated, service providers are largely unregulated, and they employ attorneys (as well as paraprofessionals and professionals from other disciplines, notably technologists and consultants) in an ever-widening array of legal tasks once performed exclusively by law firms. In fact, if you were to put the service areas of some of these providers sideby-side with the practice area sub-specialties of law firms, the two would be virtually indistinguishable. The difference: Law firms “engage in the practice of law” and service providers do not – or at least should not, lest they be slapped with unauthorized practice of law claims. Such claims are rare in the corporate end of the legal marketplace, as opposed to the retail side, where lawyers are frequently whistleblowers, even when they are jus tertii complainants.

There is another difference between law firms and legal service providers: price. This stems not only from the providers’ abdication of risk retention (borne either by the client or the supervising outside law firm, depending on who is in privity), but also because the service providers are not encumbered by the cost-escalating structure endemic to the traditional law firm model. Increased competition among law firms. It’s a buyer’s market. Not only can GCs routinely exact significant discounts from firm rack rates, but they can and frequently do put firms through RFP’s, demand alternative fee arrangements, and decree who can and cannot work on their outsourced files. Put another way: the days of law firm carte blanche and “for services rendered” invoices are over (excepting for a handful of bet-the-company matters handled by a small number of brand differentiated, elite law firms). Foreign competition as well as the threat of new entrants. It is only a matter of time before UK-based firms, who operate in an “alternative business structures” (ABS) environment, set up shop in the States.

TODAY’S GENER AL COUNSEL JUN/JUL 2015

How can they do this? There are several viable workarounds for the existing U.S. regulatory system, which prohibits key elements of the ABS structure including multi-disciplinary practice, non-lawyer ownership and management of law firms, and other measures intended to encourage innovation, reduce legal cost, and otherwise benefit clients, not lawyers. Already, Dentons, the world’s largest law firm by headcount, has doubleddown on its U.S. presence by acquiring McKenna, Long. That’s not to mention U.S. firms looking across the pond as a

in 2014, its outside legal spend was $100,000. That’s an ominous portent for outside law firms. But it’s far from gloom and doom for all major law firm partners. In fact, 2014 was a terrific year for many of them. But there are multiple signs that the traditional law firm model is unsustainable and that the legal vertical is ripe for disruption. The frenzy of law firm mergers (many firms seem to be taking the “too big to fail” route); peripatetic rainmakers who jump to firms with higher profit-

There are multiple signs that the traditional

SUBSCR IBE TO

“Informative and worth reading.”

law firm model is unsustainable and that the legal vertical is ripe for disruption. base camp for global expansion. Cahill Gordon recently did just that when it became the first U.S. law firm (and an elite, brand-differentiated one), to secure an ABS license. All this ups the angst for U.S. firms and provides clients with even greater leverage to demand more value from their incumbent firms. Nor is that to mention the real threat posed by the Big Four as well as other consultancies with global brands and footprints, substantial war chests, deep and broad client relationships, and large legal teams not currently “engaging in the practice of law,” but performing legal tasks. The “competition” from in-house legal departments. Many companies have decided, for a myriad of reasons, that they prefer to beef up their inhouse departments rather than outsource the bulk of their legal work. Take the case of Shell, which has a 650-lawyer in-house “firm.” Why single out Shell? Here are two data points that underscore their amped-up internal law firm: (1) they have assembled an internal global litigation team of 80 lawyers spread across 15 countries (litigation has long been a practice area largely outsourced), resulting in greatly reduced outside spend, and (2) when the company divested $5.1B of assets

per-partner; and the increase in Swiss Vereins are three manifestations of instability that presage true disruption in the way corporate legal services are engaged and delivered. One thing is certain: law firms as we knew them are under intense pressure from multiple directions, both within and outside the legal vertical. “What is a law firm?” is a valid question, because the global behemoths that are springing up – most the products of voracious acquisition strategies rather than organic growth – bear little resemblance to law firms even a generation ago. And so too is it fair to ask “What is a lawyer?” at a time when so many tasks once performed by attorneys, in a law firm setting, are now performed either by lawyers working outside the law firm framework or by paraprofessionals or non-lawyers. Where will it end? No one knows for certain, but it’s clear that clients are flexing their muscles and insisting that lawyers, like others in the business world, deliver greater bang for the buck. That applies whether they work in-house, at a law firm, at a service provider, or at an accounting or consultancy practice performing what used to pass as legal work. ■

“I refer to the magazine often and the information is useful in my daily work.” “Very useful publication.”

todaysgeneralcounsel.com/ subscribe

Nuts & Bolts of Representations and Warranties Insurance By Teresa A. Beaufait and Anshu S. K. Pasricha

epresentations and warranties insurance (RWI) is highly customized insurance for an M&A transactionâ&#x20AC;&#x2122;s risk allocation provisions. When negotiating a purchase agreement, a purchaser typically will seek contractual assurances, backed by an escrow or a holdback, regarding the business being purchased. However, this negotiated risk allocation can be impractical in certain situations, such as when a private equity seller is nearing the end of its fund life and needs to be able to return funds to its investors, or an ESOP is a significant owner of the seller. This article provides a brief primer on the structure, coverage, exclusions, retention and costs of typical RWI policies, and elaborates on various considerations for sellers and purchasers in using RWI policies as part of the risk allocation in M&A transactions. WHEN TO USE AN RWI POLICY In negotiating the indemnification and related escrow or holdback provisions of a purchase agreement, the purchaser is concerned about receiving the benefit of its bargain and not bearing the risk of undisclosed liabilities and costs relating to the acquired business. The seller typically wants to maximize the closing proceeds and minimize the amount of the purchase price placed at risk. An RWI policy can help address those concerns, and can be put in place without delaying a transaction.

today’s gener al counsel jun/jul 2015

RWI is also useful in situations where indemnification is unavailable, impractical or uncertain, e.g. when purchasing assets out of bankruptcy or purchasing a business from a distressed seller, from a private equity seller winding down its fund, from a public company, from an ESOP, or from numerous sellers wanting to avoid joint and several liability. If selling owners are continuing on as management of the acquired business, RWI can relieve the purchaser’s concerns about having to pursue indemnification from management. In a competitive bid process, a seller might require the use of RWI or a purchaser could use RWI to distinguish its bid by reducing or even eliminating the need for a seller indemnity. Payment of the premium for an RWI policy is often negotiated or reflected in the purchase price. Both parties typically benefit, so the premiums may be split. RWI may specify either the seller (sellerside policy) or the purchaser (buyer-side policy) as the insured. Buyer-side policies are more prevalent, perhaps because they are generally viewed as providing greater protection. The policy may be procured by either the purchaser or the seller, depending on the situation, regardless of who is the insured. A seller or purchaser could procure an RWI policy under which it is the insured without the other party knowing about it. STRUCTURE OF THE RWI POLICY An RWI policy often serves as a backstop (seller-side) or security (buyer-side) for a seller’s indemnification obligations for breaches of representations and warranties under the purchase agreement. Under this structure, while the seller is contractually obligated to indemnify the purchaser for the breaches, the RWI policy will provide coverage for claims made for breaches in excess of the policy retention. The seller may want to provide in the purchase agreement that a buyer-side policy is the first recourse for the purchaser for such indemnity claims. Alternatively, the RWI policy could partially replace (by layering in coverage over the seller’s indemnity cap) or completely replace the seller’s indemnity obligation. Under this structure, the seller would be liable to the purchaser up to its indemnity cap and the purchaser would proceed against the policy for any amount above the seller’s indemnity cap. In a complete replacement, the policy would be the sole recourse for the purchaser for indemnity claims resulting from a breach of the

seller’s representations and warranties. Insurers generally prefer underwriting RWI in a transaction in which the seller retains some of the liability for breaches of its representations and warranties. However, as the RWI market has evolved, underwriters are more willing to insure transactions where the RWI policy is the sole recourse available to the purchaser for payment of its indemnity claims. Claims handling procedures differ under buyer-side and seller-side policies. Seller-side policies are third party liability policies. If the purchaser makes a claim against the seller for breach of the purchase agreement representations and warranties, the seller submits the claim to its insurer, but the seller remains liable to the purchaser under the purchase agreement (up to any applicable indemnity cap). Buyerside policies provide first party loss coverage. Upon discovering the breach of a representation and warranty following closing, the purchaser makes its claim directly to the insurer under the policy. SCOPE OF COVERAGE AND EXCLUSIONS An RWI policy provides coverage to the insured for financial loss (including defense costs) resulting from a breach of the representations and warranties in a purchase agreement. The seller’s indemnity obligations under a typical purchase agreement, however, often extend beyond breaches of representations and warranties. A typical indemnity provision might obligate a seller to also indemnify the purchaser for breaches of covenants and for specific liabilities, such as outstanding litigation or other known potential risks disclosed or discovered during due diligence (e.g. environmental, tax, or benefit plan liabilities). A typical RWI policy will exclude these other matters from the scope of coverage. The purchaser might either continue to look to the seller for indemnification with respect to these other matters or purchase a specific transaction liability product covering the specific liabilities. Some insurers will cover all representations and warranties while other insurers may exclude certain representations and warranties, such as environmental. An insurer may also exclude (or modify, for purposes of the policy) certain representations and warranties that it views as unduly purchaser-friendly or too easily breached (e.g. missing usual qualifiers). The incontinued on page 51

Teresa A. Beaufait is a shareholder and member of the M&A/ Securities practice group at Koley Jessen. Her practice is focused in the areas of mergers and acquisitions, private equity and venture capital transactions, public and private securities offerings and compliance, financing, and general corporate law. teresa.beaufait@ koleyjessen.com

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

Insurance Considerations When Negotiating Commercial Contracts By Catherine J. Serafin 48

nsurance implications are routinely overlooked in commercial contracts. Too often outdated boilerplate provisions are copied from prior contracts. Contracts to receive or perform services, to supply or receive goods or raw materials, and evidencing mergers and acquisitions each have their own specific insurance considerations that should be examined. Moreover, insurance law varies by state, and standard insurance policy forms change from time to time. Thus, you may have insurance that is not providing the best protection for your company if the unthinkable happens. Below are three specific considerations to keep in mind when negotiating business contracts. ADDITIONAL INSURED PROVISIONS Many commercial contracts contain indemnification provisions, and often the indemnitor is required to name the indemnitee as an additional insured (AI) on its policies. Indemnification provisions vary from a broad obligation to indemnify for all loss caused by the indemnitee’s sole negligence, to the most narrow obligation to indemnify only to the extent that the indemnitor’s conduct caused the liability of the other party (as in cases of vicarious liability).

There also are variations taking into account willful misconduct and making distinctions between active and passive negligence. State law may limit how indemnity provisions are interpreted, and some states bar indemnification for another’s gross negligence, for example. It is important to understand the applicable indemnification law, especially in view of the changes in AI contract language discussed below. AI provisions may also require the promisor to purchase a certain type of insurance, with stated limits of liability. This type of provision allows a company to use another entity’s insurance to manage its risks. There is tension because the party receiving AI status wants the broadest possible coverage, but the party giving AI status wants to give more narrow coverage. There have been recent revisions to standard form AI endorsements, and these changes seem designed to attempt to narrow coverage. For instance, one recent revision provides that the AI insurance applies only “to the extent permitted by law,” which could create a coverage gap where the indemnification obligation is broad but the coverage provided will be interpreted more narrowly. Some forms of AI endorsements provide coverage only for injury caused by the acts or omissions of the named insured, not the

TODAY’S GENER AL COUNSEL JUN/JUL 2015

AI. Still others limit coverage to claims arising during the time the work or services are provided. In addition, the interplay between indemnification and AI provisions in commercial contracts has been the subject of recent litigation. If these two contractual provisions are not separate and independent, a court may interpret one provision as limiting the other. For instance, the contract may be read to require AI coverage only to the extent of the indemnification obligation. For example, this year in In re Deepwater Horizon, the Texas Supreme Court noted that “the scope of indemnity and insurance clauses in services contracts are not necessarily congruent.” However, the court found that the provision in the drilling contract at issue requiring Transocean, the drilling rig owner, to name BP, the oil field developer, as an AI on Transocean’s primary and excess insurance policies, was congruent and “inextricably intertwined” with certain indemnity provisions in the contract, and that those indemnity provisions, therefore, limited the amount of coverage available to the AI. When negotiating a contract containing an AI provision, it is important to get legal guidance on at least the following issues: • The differences between the available AI endorsements, and specifying in the contract as to what coverage is being provided.

• If you are receiving AI coverage, consider a provision making it a breach of contract not to procure the required insurance. • If you are giving AI coverage, decide whether you want that coverage to include defense costs, which usually erodes your limits of liability. • Beware of disappearing “completed operations” coverage. If you want coverage to be provided for claims asserted after the work is done, have the coverage apply to claims “arising out of your work.” • Separate the contractual indemnification and insurance provisions so that they cannot be read as limitations on one another. TAPPING INTO INSURANCE OF ACQUIRED COMPANIES Mergers and acquisitions have significant insurance implications. The focus is on whether the acquiring company can access the insurance policies of the acquired company once the transaction is complete. Until fairly recently, it was generally assumed that a successor company could tap the historic insurance policies of the predecessor for latent liabilities, such as environmental or asbestos liabilities, despite the fact that most policies contain an “anti-assignment” clause prohibiting assignment without the insurer’s consent.

jun/jul 2015 today’s gener al counsel

The purported reason for anti-assignment clauses is to prevent an increase in the insurer’s risk that had not been underwritten. However, such an increase in risk does not occur, and such clauses generally are disregarded, when the assignment takes place after the loss already occurred. The “risk” already has become a reality. The only question is who the insurer must pay. Thus, many courts found that a corporate successor could tap the insurance of a predecessor for liabilities arising out of the predecessor’s operations. However, several cases since 2003 have changed the landscape on this issue, and courts are divided on whether a corporate successor may access a predecessor’s insurance coverage. If your company is considering acquiring another company, consult with counsel early in the process about ways to maximize the available insurance. This should include the following steps. • Know the law in your state regarding whether insurance coverage flows to the successor company by “operation of law,” specific assignment, or otherwise. • Investigate purchasing successor liability insurance coverage if it does not appear that the acquired company had adequate insurance, or if state law prohibits accessing prior coverage. • Understand whether you need specific contractual provisions to make clear your right to access the historic insurance asset.

Catherine Serafin is a partner with Lowenstein Sandler LLP in Washington, D.C. She has been representing policyholders in coverage disputes since the 1980s. cserafin@ lowenstein.com The author gratefully acknowledges Joseph Saka, counsel in the firm’s Washington, D.C. office, for his assistance in the preparation of this article.

REPRESENTATION AND WARRANTY INSURANCE An additional consideration when merging with or acquiring a company is whether representation and warranty insurance (RWI) is appropriate. This type of insurance has been available for some time, but has only recently become more widely used. Because demand for this product has increased, more insurance companies are now offering RWI, and the price has come down. Companies should analyze whether buyer-side or purchaser-side RWI might be a way to shift certain risks to an insurance company. Purchase and acquisition agreements usually have “rep and warrant” provisions that have long-term financial consequences for the parties. Representations and warranties cover such things as the acquired company’s compliance with laws and regulations, environmental liabilities, the accuracy of financial statements and tax issues. Sellers retain liability for any

inaccuracies, and it is not uncommon to require a percentage of the purchase price to be placed in escrow for a period of time to cover any breaches. Typically, these types of agreements also have provisions requiring one party to indemnify the other in the event a representation or warranty is inaccurate. RWI is a highly customized product that can be purchased by a buyer or seller, or can be purchased jointly. The policies usually cover loss from claims made by a third party for any breach of, or inaccuracy in, representations and warranties in the purchase and sale agreement. RWI may be a way for a seller to exit a business cleanly, and immediately use capital for other endeavors, rather than having it restricted in an escrow account. A buyer may use RWI as a way to help distinguish its bid from others. It also may provide more certainty because in the future the buyer should be able to collect from a third party insurance company, as opposed to pursuing a seller with unknown assets, for breaches of representations or warranties. Although the terms vary widely, buyers and sellers should consult experienced counsel with respect to at least the following issues if they are considering RWI. • Consider whether “blanket” coverage for all representations and warranties, or coverage only for specific ones, is appropriate. • The coverage usually is sold on a “claims made” basis, meaning the policy covers claims made during a specified time period, so it is important to consider the policy period in relation to the survival period of the representations and warranties. • Among the key terms in RWI are what constitutes a breach and what “loss” covers. If defense costs are covered, the limits of the policy will be depleted more rapidly. • RWI policies exclude known inaccuracies, but this exclusion can be narrowly drawn to apply only to inaccuracies discovered during the due diligence process by members of a defined deal team. Commercial contracts implicate a surprising number of insurance issues, and AI provisions, successor liability issues and RWI are just three of them. If you have not recently examined your commercial contracts from the insurance perspective, perhaps it’s time to do so and to update them to better protect your company from future exposure and liability. ■

today’s gener al counsel jun/jul 2015

Nuts and Bolts of RWI continued from page 47

Anshu S. K. Pasricha is a shareholder and member of the M&A/ Securities practice group at Koley Jessen. He has extensive experience in counseling strategic corporate and private equity sponsors in domestic and international mergers and acquisitions, joint ventures, divestitures, general corporate matters, and in ‘33 Act and ‘34 Act compliance issues. Anshu.Pasricha@ koleyjessen.com

surer would typically raise such matters during underwriting due diligence and then the parties would decide how to address the issue. Common exclusions under RWI policies include fraud (although buyer-side policies will cover seller’s fraud), disclosed items or otherwise actually known breaches, fines and penalties, purchase price adjustments, and forward-looking statements. Policies also exclude injunctive, equitable and other non-monetary relief. An insured may be able to negotiate coverage for diminution of value or a multiple-based calculation of damages for a breach of a representation and warranty, or at least silence on the type of damages that can be recovered under the policy. Anecdotally, in appropriate circumstances, insurers have paid out on claims for such damages. Insurers will typically agree that subrogation against the seller is limited to fraud, and to severability among sellers as relates to knowledge. RWI policies are written on a claims-made basis, with coverage triggered only by a loss or claim occurring within the defined policy period. The policy typically takes effect at closing of a transaction (which could create a coverage gap if the purchase agreement is signed before closing). Although the policy period is often matched to the survival periods under the purchase agreement, RWI policies also can be issued for longer than the seller’s survival periods to cover claims for breaches that become apparent only after those periods have ended. Significant negotiation and care may be required to fit an RWI policy to a particular transaction and ensure that the policy provides the desired coverage. The coverage amount, policy period, premium, retention, loss definition, and exclusions must be negotiated with the insurer. Although coverage can be bound quickly, the insured usually can secure better terms if it allows at least 2-3 weeks for underwriting due diligence and negotiation of the policy. Although dealing with an insurer poses potential credit and coverage risks, established RWI insurers often are AAA rated (which may make them more financially viable than a seller) and they have an incentive to act reasonably when responding to a claim in a competitive insurance market.

RETENTION AND COSTS RWI policies usually require a retention to be satisfied before the insurer is obligated to cover claims. For most policies, the retention ranges from one percent to three percent of the transaction purchase price. If the transaction involves an escrow, the escrow would typically serve as the retention, with any losses going first to exhaust the escrow before the insurer’s obligation to cover losses kicks in. RWI policies typically provide that uncovered matters do not erode the retention, although the insurer may agree to certain exceptions. Lower retentions may be available at higher premiums, and an insured may be able to negotiate step-downs in the retention over time if no losses have occurred. Premiums for RWI policies typically range from two percent to four percent of the coverage limits purchased. Factors that can affect premiums include the insurer’s assessment of the quality of the due diligence and reps/ warranties, the retention amount, the coverage limit and the policy period. Premiums are typically slightly higher for buyer-side policies than seller-side policies (seller fraud is covered and purchasers are generally presumed to have less knowledge than sellers with respect to breaches). The RWI premium typically covers the brokerage commission, but not any applicable state surplus line or premium taxes. Insurers also charge an underwriting fee (typically $15,000 to $50,000) for due diligence and other legal costs. Coverage limits depend on the insurer, but often range from a minimum of $10 million to $300 million or more. Primary and excess layers are stacked for the higher coverage limits. RWI can be an effective tool as a backstop, supplement or replacement for the seller’s indemnification obligations under a purchase agreement, and can be customized to fit the parties’ needs in a particular transaction. The RWI market has continued to evolve and has gained significant traction in the last few years, mainly due to lower premiums and improved terms of coverage. Sellers have used RWI to maximize closing proceeds and exit cleanly. Purchasers have used RWI to obtain additional protection beyond the indemnity cap and survival limitations negotiated with the seller and improve their bid in auctions. The terms of an RWI policy must be negotiated to fit the particular transaction and ensure that the policy provides the desired coverage. ■

PLAINTIFFFRIENDLY COMPETITION DECISIONS FROM CANADA By Nikiforos Iatrou, Bronwyn Roe, and Jeff Scorgie 52

TODAY’S GENER AL COUNSEL JUN/JUL 2015

s we have previously reported in this magazine, Canada’s competition classaction jurisprudence has been tilting in plaintiffs’ favor in recent years. Canadian courts have been recognizing low thresholds for certification and allowing certification of indirect purchaser class-action lawsuits. This trend has continued with two recent disclosure-related decisions that have important implications for U.S. businesses that are defending claims in Canada or are subject to Canadian antitrust investigations. Documents and evidence that might not see the light of day in a U.S. courtroom are disclosable in Canadian class actions, or to defendants in criminal proceedings. R. v. NESTLE CANADA INC. In February 2015, the Ontario Superior Court released its decision in R. v. Nestlé Canada Inc. The Court ruled that information voluntarily provided to the Canadian Competition Bureau under its Immunity and Leniency Programs is not protected by settlement privilege and must be disclosed to the accused in related criminal proceedings. Moreover, the inapplicability of settlement privilege to these communications would imply that they could similarly be the subject of disclosure in a private action. As is the case in the United States, Canada’s Immunity and Leniency Programs have proven to be rich sources of information for Bureau investigations into anti-competitive conduct. Through the Immunity Program, participants in cartel-like activity trade information in exchange for immunity from prosecution. Similarly, the Leniency Program allows for persons not eligible for immunity to obtain lenient sentencing in exchange for cooperating with the Bureau’s investigation. Typically, the initial tranche of information that is provided to the Bureau is in the form of a “proffer.” It is on the basis of the proffer that the Bureau and the immunity or leniency applicant negotiate the terms of their deal. R. v. Nestlé puts those contemplating the Immunity and Leniency Programs on notice that information provided to the Bureau during proffer meetings – that is, before any sort of agreement with the Bureau has been reached – can be subject to disclosure in subsequent criminal proceedings. By extension, this means that the communications might possibly be discoverable in civil litigation. Background of this case goes back to July 2007, when Cadbury Canada Inc. informed the Bureau, through the Immunity Program, of

the existence of a price-fixing cartel. Cadbury provided information to the Bureau during a proffer meeting in August 2007, and a formal immunity agreement was reached in May 2008. The Bureau used Cadbury’s information to obtain and execute search warrants against Nestlé Canada Inc. and Hershey Canada Inc. Hershey subsequently approached the Bureau under the Leniency Program and for several years provided information about the pricefixing cartel to the Bureau. A plea agreement was ultimately reached in February 2011, with Hershey pleading guilty to one count of pricefixing and paying a $4 million fine. As a result of its investigation and the information provided by Cadbury and Hershey, the Bureau charged Nestlé with price-fixing contrary to s. 45 of the Competition Act. During the Crown’s disclosure to the accused, the Crown realized that it had mistakenly disclosed documents received from Cadbury and Hershey during the proffer stage of negotiations. When Nestlé refused to return or destroy the documents, the Crown brought an application to the Court to determine whether that information had to be disclosed to the accused. The Court considered and rejected the argument that solicitor-client privilege attaches to information provided to the Bureau in proffer meetings. The Court ruled that solicitor-client privilege, if it did apply, was waived once a party instructs its counsel to disclose the information to the Bureau for the purposes of entering into a plea agreement. The Court went on to hold that settlement privilege also did not apply to the proffered information. The Court found that the evidence was likely relevant to the accused, and noted that the parties who were seeking to claim privilege would suffer no prejudice from the information being disclosed to the defendant. Cadbury and Hershey knew from the outset that obtaining and retaining immunity or leniency would require them to provide evidence that could be used against others in the price-fixing cartel. The Court concluded that they should have known their evidence would necessarily be relevant to the prosecution of Nestlé. In the Court’s view, there was no distinction between information provided after the immunity and plea agreements were executed and information provided during the proffer meetings. The Court stated that even if it was wrong, and pre-agreement information should be treated differently from information provided continued on page 64

Nikiforos Iatrou is a partner at WeirFoulds. He recently finished a three-year special appointment as counsel to Canada’s Commissioner of Competition. A former clerk of the Court of Appeal for Ontario, he publishes widely, including as co-author of the book Witness Preparation: A practical Guide, with Supreme Court of Canada Justice Thomas Cromwell and Bryan Finlay Q.C. niatrou@ weirfoulds.com

JUN/JUL 2015 TODAY’S GENER AL COUNSEL

More with Less For Corporate Legal

By Ed Chang

ur company recently conducted a study to learn how corporate legal departments are operating and to gauge their perceptions about the future. Oddly enough, they reported three seemingly conflicting trends.

“RIGHT SOURCING” Who will take on this bigger workload? Traditionally, corporate legal departments had three options: Hire additional staff, hire a qualified law firm and outsource the commodity-type work (discovery is a prime example, though the business models have evolved to include third-party vendors). However, with consistent pressure to reduce spending, or at least maintain existing levels

They would control costs by taking on more legal work in-house. The majority (54 percent) will do this.

Few anticipate budget increases. Just 32 percent of corporate legal departments say they expect their budget to grow in the next 12 months. This means the vast majority will have to use the existing resources despite growing work demands.

Despite plans to bring more work in-house. only 30 percent plan to hire new staff.

In summary, the outlook for corporate legal seems to be more work with fewer resources.

TODAY’S GENER AL COUNSEL JUN/JUL 2015

of legal spending, ideas previously considered experimental – often a combination of process improvement, technology or both – are beginning to hit the mainstream. The concept known as “right sourcing” is gaining momentum in the corporate legal world, because it offers a way for in-house attorneys to manage increasingly complex legal work on a flat or fixed budget. Examples of right sourcing we’ve observed, from the simple to the complex, include:

Right sourcing means looking at all viable options and deciding which one, or which combination, makes the most sense. Often the key to implementation is to think big but start small, and build on successes gradually over time. It’s not always about cost, but about value. It’s an effort to apply the right resources, at the right levels and at the right price.

• Implementing Stop Lists. Sometimes the corporate legal department gets roped into dealing with problems because no other department knows what to do with them. Stop lists identify those items corporate attorneys simply aren’t going to do anymore because they don’t have much to do with the legal system. • Corporate Intake Checklists. Sometimes matters that land on the legal desk are lacking in facts. Intake lists are a process designed to elicit the core problem, including information on which an attorney can take action. When integrated into matter management, this provides visibility and a basis for reporting. When, for example, the CEO tells the GC he or she isn’t being responsive, the GC can provide a list of matters, matters-in-progress and matters closed. • Contract Specialists. Re-routing work to specialized shops or hiring in-house experts is a viable option. Contract specialists are a good example of non-lawyers with a narrow but deep area of expertise. They are generally less expensive than lawyers and able to run with projects without active management. Technology tools related to work flow, status, cost and reporting are often an important foundation for this function. • Vendor consolidation. More corporate legal departments are getting a better handle on the work they send to law firms. We’ve seen legal departments consolidate as many as 200 law firms down to 20, which means shipping more work to the firms that add the most value. The mechanisms for achieving consolidation include legal spend management systems to automate billing review and provide a dashboard-style view of matters, including duration and outcome, and customized scorecard-style analysis for every matter in way that quantifies satisfaction. Both of these mechanisms provide

TECHNOLOGY AND INFORMATION MANAGEMENT Technology is central to improving legal operations. Most corporate legal departments – 61 percent – cited achieving operational efficiency as one of their primary goals, and 37 percent cited plans for increasing technology investment. Typically business has three investment options to drive output – invest in people, process or technology. Given the cost pressures corporate legal faces – more with less and friction over headcount growth – process maturity and technology investment are the logical courses of action. Also in the mix, and increasingly important, is the concern for meeting regulatory requirements. In our study, compliance was tied with operational efficiency for the top spot among legal challenges. Complicated work feeds the explosive growth of data. On that basis, technologies for managing information – including legal spend, automated matter management and e-discovery – will continue to be areas of investment considered by the general counsel. Such tools provide a means to predict legal spend and compare it to actual budget, and that’s the top performance indicator for corporate legal departments. Despite the challenging climate, in-house attorneys are moving away from being solely experienced legal practitioners to being seasoned business advisors. Therefore it’s not surprising that an overwhelming majority of attorneys (more than 70 percent) say they are optimistic about the future. Perhaps this optimism comes not just because business itself is stabilizing, but because in-house attorneys now have seat at the table. I would suggest it’s also because they are learning to manage those three conflicting priorities – doing more with less – as they bring capable attorneys together with better processes and technology. ■

quantitative and qualitative measures for evaluating service providers.

Ed Chang is senior account executive with LexisNexis® CounselLink® and an attorney licensed to practice law in Texas. He works with corporate legal departments implementing new technologies. edward.chang@ lexisnexis.com

TCPA COVERAGE DEPENDS ON HOW “ADVERTIS ING INJURY” IS DEFINED IN TH E P O LICY By Richard C. G iller

he Telephone Consumer Protection Act was enacted in 1991 to protect consumers from unwanted phone calls and faxes and to limit the use of certain types of automatic dialing systems, artificial or prerecorded voice messages, and as recently amended, text messaging services. The TCPA imposes strict liability on companies and provides for statutory damages of $500 per call, text or fax. This can be increased for willful or knowing violations to $1,500 per violation. Because most TCPA cases involve thousands or tens of thousands of calls, texts or faxes, the potential damages facing a company can be significant. The TCPA has spawned a cottage industry of class action lawsuits in recent years, primarily because of three major events. In 2008 the FCC ruled that the TCPA applied to debt collectors. In 2012, the Supreme Court

decided that TCPA cases could be brought in federal court. Then new regulations went into effect in 2013. They require express written consent and eliminate the “established business relationship” exception, thereby making it more difficult for companies to defend against TCPA violations. Taken together, these events have resulted in a significant increase in the number of TCPA filings. Over the past three years a dozen companies have paid more than $200 million to settle TCPA class action lawsuits. Capital One and three collection agencies, for example, paid $75.5 million to settle a TCPA class action case in August of 2014. A month later, AT&T Mobility paid $45 million to settle a Montana case where the lead class plaintiff received 53 unsolicited calls over a two-year period. Then earlier this year, a $45 million class action case was filed in California against Toyota Motor

Sales and Sirius XM Radio involving unsolicited calls to new Toyota purchasers. Fortune 500 companies are not the only targets of TCPA class action lawsuits. In February 2006, a small family-owned company called Lake City Industrial Products was contacted by a “fax-blasting” company that promised to provide a legal way to generate new business. It proposed sending faxes to 10,000 targeted businesses for the low cost of $92. But when an equipment wholesaler in Michigan received an unsolicited Lake City fax advertisement, it filed suit. Class certification was approved and the district court ultimately found Lake City liable for 10,000 TCPA violations. Statutory damages of $5.2 million were imposed, all because of a $92 service contract. In light of the increasing number of TCPA cases being filed, as well as the potentially staggering costs associated with both defend-

ing and settling these of lawsuits, it is becoming increasingly important for companies to review their insurance policies and determine whether the defense and indemnity for TCPA claims might be covered. This article will analyze which policy language has been held to trigger coverage for TCPA claims and which language precludes coverage. ADVERTISING INJURY The Insurance Service Office (ISO), the entity responsible for drafting form insurance policies, first offered optional coverage for advertising activities in 1973 as part of the Broad Form Comprehensive General Liability Endorsement. Beginning in 1986, “Personal and Advertising Injury Coverage” has been included as part of the main CGL policy form under Coverage B, and in each iteration of the ISO form between 1986 and

jun/jul 2015 today’s gener al counsel

The majoriTy of courTs ThaT have addressed The issue of wheTher adverTising injury coverage exTends To TcPa claims have concluded ThaT coverage is Triggered under The iso form language buT Precluded under The non-iso wording. 58 today, coverage has been provided for “oral or written publication of material that violates a person’s right of privacy.” In contrast, some non-ISO policies offered by certain insurance companies provide a slightly different version of advertising injury protection. Those non-ISO policies provide coverage for “making known to any person or organization written or spoken material that violates an individual’s right of privacy.” The highlighted alteration of the standard ISO policy language, while seemingly minor on its face, has a significant impact on whether insurance coverage exists for TCPA claims. Courts analyzing the non-ISO language have concluded that the phrase “making known” only covers losses arising out of the dissemination of private personal information (violating the right of secrecy), whereas courts presented with the standard ISO “publication” language have applied a much broader interpretation which extends coverage for violations of both the right of secrecy and the right of seclusion; i.e., the right to be left alone. As a result, the critical inquiry in a TCPA insurance coverage case is whether the policy involved is a standard ISO form policy or a non-ISO policy. According to the Illinois Supreme Court, the receipt of an unsolicited fax

implicates a person’s right of privacy because it violates the right to seclusion which is protected under the TCPA. As of the writing of this article, the majority of jurisdictions that have addressed coverage for TCPA claims have concluded that coverage is triggered for such claims under policies incorporating the ISO language. Those states include Florida, Georgia, Illinois, Kansas, Minnesota, Missouri, New Jersey, New York, North Carolina, Ohio and Texas. The states that have analyzed the non-ISO policy language have reached the opposite conclusion. Those states include California, Iowa, Massachusetts, Pennsylvania, Virginia and Washington. In fact, California courts interpreting both the ISO and non-ISO language have refused to extend coverage to TCPA claims. INSURANCE INDUSTRY RESPONSE For almost a decade, ISO has offered another endorsement that specifically excludes coverage for personal and advertising injury “arising directly or indirectly out of any actions or omission that violates or is alleged to violate” the TCPA or the CAN-SPAM Act of 2003 or any other similar “statute, ordinance or regulation.” More recently, ISO drafted an endorsement, made effective April 2013, which eliminated coverage for “oral or written publication, in any manner, of material that violates a person’s right of privacy.” By eliminating such coverage in the standard ISO policy form entirely, the insurance industry all but eliminated the possibility of coverage for TCPA claims in policies with the new endorsement. However, many policies issued today do not include either endorsement. As a result, companies should closely review their post-2005 CGL policies to see if either endorsement has been added. If not, coverage may exist for TCPA claims, based on the wording of the policy. Whether a court is analyzing policies using the standard ISO form language (“oral or written publication of material”) or ones with the alternate version used in some policies (“making known to any person or organization written or spoken material”) to determine the scope of the Advertising Injury coverage provided, none of the policy forms define the critical terms or phrases used. For example, the phrase “right of privacy” is not defined in any of the policies, nor are the terms “publication”

today’s gener al counsel jun/jul 2015

or “material,” or the phrase “making known to any person or organization.” The world of insurance coverage is full of axioms that are routinely quoted by judges but often misapplied or simply ignored by the citing case. Among the truest and oldest of these is the rule that undefined terms used in a policy should be assigned their plain, ordinary and popular meanings, rather than how a lawyer might understand them. For example, under California case law, it is said that a policy should be read as a layperson would read it and not as an attorney or an insurance expert would read it. In New York, courts try to read an insurance policy through the eyes of the “average man on the street” or the “average housewife who purchases it.” Nonetheless, it is important to understand the technical difference between the standard ISO right-of-privacy language and the non-ISO language. As noted above, the standard ISO policy form includes language defining what constitutes “advertising injury” and that differs from non-ISO policies issued by some insurers, most notably, St. Paul Fire & Marine Insurance Company and its related entities. In a nutshell, here are the two competing provisions: • In the ISO Form, advertising injury includes “oral or written publication of material that violates a person’s right of privacy.” • In the non-ISO form, advertising injury includes “making known to any person or organization written or spoken material that violates an individual’s right of privacy.” The majority of courts that have addressed the issue of whether AI coverage extends to TCPA claims have concluded that coverage is triggered under the ISO form language but precluded under the non-ISO wording. There is perhaps no better case that exemplifies this than Cynosure, Inc. v. St. Paul Fire & Marine Ins. Co., a 2011 First Circuit case, in which Associate Supreme Court Justice David Souter, sitting on the First Circuit Court of Appeal by special assignment, was called upon to distinguish between the dueling privacy provisions noted above. Cynosure was on appeal from the district court that had based its finding of coverage for the TCPA claims primarily on a Massachusetts Supreme Judicial Court decision that found coverage for TCPA claims under

the standard ISO “publication of material” language. The Massachusetts court concluded that the ISO language was ambiguous because “publication” could have more than one meaning and, therefore, the court construed the ambiguity in favor of coverage. However, because Cynosure involved non-ISO privacy language, Justice Souter concluded that the Massachusetts case was not controlling and set out to analyze the issue based upon the different wording of the policy at issue. Justice Souter agreed with the Massachusetts court that the term “publication” was ambiguous because it could refer to both the act of conveying information (separate and apart from its content) as well as the revealing of private information to others. However, he found that the non-ISO language (“making known to any person or organization”) was susceptible to only one interpretation; i.e., making known private facts about a person to another person or entity. Under Justice Souter’s analysis, the focal point of the inquiry under the non-ISO language was the content of the material communicated to a third party rather than the manner of transmission. One court later observed that every case involving the nonISO privacy language has concluded that the advertising injury protection under those policies did not extend to TCPA claims. With very few exceptions, the opposite of that observation is also true – that is, nearly every court to consider the ISO form language has concluded that coverage exists for TCPA claims. In light of the significant split of authority concerning coverage for TCPA claims, a company served with a TCPA class action should review its insurance policies to determine which language is employed, ISO or non-ISO, and if it is ISO language, whether one of the endorsements was added. And when it comes time for renewals, make sure you are aware of the policy language. Which wording is used could mean the difference between triggering coverage for TCPA claims or having it excluded. ■

Richard Giller is a principal at Polsinelli PC in Los Angeles. He is an advocate for policy holders, focusing his practice on recovery from reluctant insurance companies. He also counsels clients concerning insurance needs and claims. He has experience in arbitration and mediation, as well as trial cases in both state and federal courts, and in appeals courts in the State of California, the Ninth Circuit Court of Appeals and the Seventh Circuit Court of Appeals. rgiller@polsinelli.com

DiversityDriven RFPs Can Help Secure Your Preferred Outside Firm By Anna M. Maiuri and Joseph K. McKinney

few decades ago diversity was a mere afterthought in the business arena. If you were pitching your services to a Jewish client, then you might find someone in your firm with a Jewish background to sit in on the pitch meeting. It was mostly tokenism, a smoke screen designed to reassure clients without making any actual changes to the workforce. Today, “diversity” has become a watchword in the corporate world, a touchstone that strives to ensure fairness and equal opportunity, and demonstrates a willingness to account for a broad range of perspectives. We seek it in our workforce, our corporate boards and the public faces of our companies. So naturally, diversity should be a significant consideration when soliciting bids for outside counsel by way of RFPs. Many businesses (and entire industries) have begun to see a diverse workforce as a means of gaining a wider perspective on client needs, boosting public relations and demonstrating a modern perespective on a diverse world. This isn’t tokenism. It isn’t about making sure you have one of each category on some list. It’s about bringing more ideas and more experience to the table, because the results are more creative, innovative and simply better. Attorneys with different backgrounds and experiences can provide a more comprehen-

TODAY’S GENER AL COUNSEL JUN/JUL 2015

sive and engaged level of problem solving and collaboration, and that can lead to new ideas and deeper analyses of legal and corporate issues. SELLING THE FIRM TO THE C-SUITE While you may have in mind a diverse, wellbalanced and talented firm you’d like to hire, you probably have to internally sell a board, a management committee or a purchasing department on the idea first – a process that can be cumbersome, if not overtly political. This is where the RFP is key. An RFP that thoroughly vets a firm’s team composition can effectively tip the purchasing scales toward your preferred firm. Why? Diversity is on the radar of many companies now, and corporate executives and lawyers alike are growing in their understanding of its value. The legal and corporate professions are relationship businesses. Because businesses are more diverse, and people want to work with people they can relate to, more firms are themselves trying to become more diverse. We don’t see many law firms now that are all middle-aged white men. Why is it that big companies like Cardinal Health and Ford Motor Company require diversity metrics and diverse teams? They want access to the most robust pipeline for excellent talent to meet their company’s business objectives. We’re not just talking about race and gender. “Diversity” has become a more fluid concept. Its meaning has broadened to include categories such as professional background, age, socioeconomic class, education and professional diversity, all of which contribute to a more holistic approach to any issue. Using an RFP designed to elicit the right evidence, general counsel can use diversity as a selling point. WRITING A STRATEGIC RFP With a well thought-out RFP process, you can probe both subtly and quite blatantly an outside firm’s diversity efforts and commitment. For example, you can ask directly the level of diversity represented among the firm’s equity partners. In RFPs for outside firms, we’re starting to see more requests for specific information on diversity, including statistics and hard numbers. It isn’t just “How many LGBT lawyers do you have?” but “How many are at the associate level? At the equity principal level? Are you really diverse in the way you’re using your people?” So what are the key indicators that an outside firm values diversity? Data is important, but

to fully leverage a firm’s diversity, look at their proactive efforts. Do they have a diversity committee? Do they regularly attend workshops and recruiting fairs that stress diversity? Do they make donations to diverse causes? Do they have full-time diversity professionals among the partnership ranks or in management positions? Is there continual diversity training for employees? Your RFP can reflect these values in the criteria laid out for response. One might ask, for example, for bios and photographs of the attorneys likely to be part of the transactional team. If you get back ten bios of folks that look essentially the same, with similar backgrounds, who all went to the same network of private schools, that’s not diversity. But if you see a group that includes women, minorities, lawyers who went

Diversity should be a significant consideration when soliciting bids. to public schools, lawyers from working class backgrounds and a range of socio-economic levels, then you know the work product is going to reflect a wide range of viewpoints. Again, it isn’t just about ticking off boxes in categories. A firm that truly embraces diversity will manifest a level of acceptance that includes and embraces people from diverse cultures and allows them to succeed. Diversity must be paired with inclusion or you’re back to the mindset of past decades. In both the corporate and legal world, we’re seeing RFPs that aren’t shy about diversity requirements. There’s no reason to be shy, because the benefits are indisputable and apparent. We’re seeing more firms tout their diversity programs as a means of obtaining more business. At the Fortune 100, 500, or 1000 companies, you will see as many as 60 percent mention diversity as a selling point, right alongside their strong ties to the community and philanthropic efforts. Make your own RFP reflect diversity as a priority and you’ll discover firms that share that view. ■

Anna M. Maiuri is a member in the Troy, Michigan, office of Dickinson Wright PLLC, a full-service law firm with 13 offices across the United States and Canada. Her practice is focused on corporate environmental law, and she is co-chair of the firm’s Diversity Committee. AMaiuri@ dickinson-wright.com

Joseph K. McKinney is an attorney in the Nashville office of Dickinson Wright, PLLC, where he focuses on civil and corporate litigation. He also serves on the firm’s Diversity Committee. JMcKinney@ dickinson-wright.com