Today's General Counsel, V14 N3, June/July 2017 by Today's General Counsel

JUN/JUL 2017 VOLUME 1 4 / NUMBER 3 TODAYSGENER ALCOUNSEL.COM

Finding and Correcting a Gender Pay Gap

Protecting Your Company from Internal Threats

E-Discovery and Smoking Guns

“Legal Operations”

Time-Tracking for In-House Lawyers

New ISO Anti-Bribery Standard

Big Data, Repurposed

$199 Subscription rate per year ISSN: 2326-5000 View our digital edition: digital.todaysgeneralcounsel.com

THE FUTURE OF There is a reason the worldâ&#x20AC;&#x2122;s leading e-discovery firms have standardized on Brainspace. We pioneered the powerful combination of machine learning and interactive visualizations, and we havenâ&#x20AC;&#x2122;t stopped innovating since. Discover for yourself how our artificial intelligence and industry-leading user experience can uncover the narrative within your data faster than you ever thought possible.

AUGMENTING INTELLIGENCE TO ACCELERATE HUMAN POTENTIAL

A Cyxtera Business

www.brainspace.com

Action, meet results. Too many law firms mistake activity for action. As they churn away on unnecessary tasks, your matters drag on. At Barnes & Thornburg, we are focused on keeping things moving and helping your business grow. Delivering results you can count on.

Uncommon Value

ATLANTA

CHICAGO

DALLAS

DELAWARE

INDIANA

LOS ANGELES btlaw.com

MICHIGAN

MINNEAPOLIS

OHIO WASHINGTON, D.C.

jun /juL 20 17 toDay’s gEnEr al counsEl

Editor’s Desk

Jeffery Cross points out a good lesson about decentralized corporate structure in this issue of Today’s General Counsel, one that was laid bare in the recent independent directors’ report on the Wells Fargo scandal. The bank had not one but many risk managers, all of them beholden to the head of the business they were monitoring. That flaw in governance led directly to unrealistic sales goals being set for the employees, and the creation of fraudulent bank and credit card accounts. A word to the wise for many corporations. As for Wells Fargo, it recently sank to the bottom of Barron’s list of most respected companies. That’s one more piece of bad news that includes the firing of 5,300 employees and the CEO, and a $185 million fine from the Consumer Financial Protection Bureau. Does your company have a gender pay gap? Figuring that out may seem pretty straightforward, but Zev J. Eigen’s article explains why it takes expertise in both state and federal law, plus some sophisticated data analysis, to tell if women are actually being paid less than men for “substantially similar” work. Gender equity laws do not target only intentional discrimination, and even companies with the best intentions can be liable. Mary Strimel discusses what happens in an antitrust cartel investigation. Best to stay out of the inevitable consequence of that situation, the “race for leniency.” Instead, she advises, have a good compliance program. Her article explains what such a program consists of. Kent Sullivan and Luke Gilman point out that it’s getting much harder to keep track of all of the electronic devices that might contain information crucial for e-discovery. Only the first party actor knows whether the smoking gun is lurking on

an email, a VoiceScribe pen, or even in the software of a copying machine. Witness interviews, they write, are the best way to find out where to search. Welcome to Nikiforos Iatrou, a frequent contributor who has joined our editorial advisory board. Niki is a Partner at the Canadian firm WeirFoulds LLP.

Bob Nienhouse, Editor-In-Chief

bnienhouse@TodaysGC.com

The Society of Corporate Compliance & Ethics 16th Annual

Compliance & Ethics Institute October 15-18, 2017 · Caesars Palace · Las Vegas, NV

Join us in LasVegas! Follow a track: · Risk · Ethics · Compliance Lawyer · ·

Case Studies · General Compliance/Hot Topics

Multinational/International · Investigations Workshop ·

IT compliance · Advanced Discussion Groups

150+ SPEAKERS

100+ 8LEARNING SESSIONS TRACKS

Learn more and register at complianceethicsinstitute.org

jun/jul 2017 today’s gener al counsel

Features

SucceSSful ImplementatIon of law Department tIme-trackIng Kevin Clem Proceed carefully, it’s a double-edged sword.

How wIll gorSucH fIelD State anD local tax ISSueS?

aDmInIStratIve revIew councIl aDDS value to arbItratIon

Matthew P. Hedstrom and Michael M. Giovannini Clues from his appeals court record.

Dwight James Arbitrator challenges over alleged conflicts are common.

C o lu m n s

workplace ISSueS finding and correcting a gender pay gap Zev J. Eigen Unintentional discrimination is still discrimination.

tHe antItruSt lItIgator How compliance failed at wells fargo Jeffery M. Cross The perils of decentralized risk management.

back page front burner “legal operations,” aI, are remaking legal Departments Pragmatists at the helm.

Page 56

AND

“ THE EXCHANGE” CONFERENCES E-DISCOVERY UNIQUE INTERACTIVE FORMAT • PROVIDES ACTUAL SOLUTIONS TO REAL BUSINESS ISSUES • DESIGNED SPECIFICALLY FOR C-LEVEL EXECUTIVES

JUL 18-19

SEPT 13-14

SEPT 27-28

NEW YORK

HOUSTON

SEATTLE

DEC 5

MAR 2018

JUN 2018

LOS ANGELES

SAN FRANCISCO

CHICAGO

jun/jul 2017 toDay’s gener al counsel

Departments Editor’s Desk

Executive Summaries

Page 30

6 L abor & EmpLoymEnt

intELLEc tuaL propErt y

16 Legal Hurdles in Global Employment

24 The Defend Trade Secrets Act One Year Later

Nancy Cremins Many questions, expensive penalties.

18 Trump’s Employment Agenda Remains Murky Brett E. Coburn and Anna Saraie The businessman campaigned as a populist. Now what? E-DiscovEry

22 Creative Places to Find a Smoking Gun Kent C. Sullivan and Luke J. Gilman There’s no substitute for witness interviews.

Lora A. Brzezynski, Cass W. Christenson, Peter Stockburger and Sophia Gassman What case law tells us now.

25 Major Questions that the DTSA Brings Leiza Dolghih Know your jurisdiction.

30 Five Techniques to Stop an IPR Before it Starts Kerry S. Taylor and Nathanael R. Luman Say that the prior art is neither prior nor art.

cybErsEcurit y

compLiancE

34 Protecting Your Company from Cybersecurity Litigation

42 Using Big Data Analysis to Protect Against Internal Threats

Jenny L. Martinez and Michael A. Holmes Primary responsibility falls to legal.

Steve Henn The danger that lurks in unstructured data.

36 Best Cybersecurity Practices Brian Stafford The biggest threat is internal.

40 Negotiating a Tech Contract with a Large Customer Josh Silver A mission-critical product has clout.

44 Cartel Investigations and Leniency Mary Strimel Tips for staying out of antitrust trouble and a YouTube video you shouldn’t miss.

48 The New ISO Anti-Bribery Standard Nina Gross and Leslie Benton Systemic approach to a pervasive compliance issue may be a boon for smaller companies.

AND

“ THE EXCHANGE” CONFERENCES CYBERSECURITY UNIQUE INTERACTIVE FORMAT • PROVIDES ACTUAL SOLUTIONS TO REAL BUSINESS ISSUES • DESIGNED SPECIFICALLY FOR C-LEVEL EXECUTIVES

NOV 2-3

NOV 15-16

DEC 6

WASHINGTON, D.C.

DALLAS

LOS ANGELES

APR 2018

MAY 2018

SAN FRANCISCO

BOSTON

NEW YORK

Editor-in-ChiEf Robert Nienhouse Managing Editor David Rubenstein

ExECutivE Editor Bruce Rubenstein

ChiEf opErating offiCEr Amy L. Ceisel viCE prEsidEnt, EvEnts today’s gEnEral CounsEl institutE Jennifer Coniglio

svp, Managing Editor of EvEnts today’s gEnEral CounsEl institutE Neil Signore

dirECtor, ConfErEnCEs & BusinEss dEvElopMEnt Jennifer McGovern-Alonzo dataBasE ManagEr Matt Tortora

aCCount ExECutivE Frank Wolson law firM BusinEss dEvElopMEnt ManagEr Scott Ziegler

art dirECtion & photo illustration MPower Ideation, LLC

ContriButing Editors and writErs

Leslie Benton Lora A. Brzezynski Cass W. Christenson Kevin Clem Brett E. Coburn Nancy Cremins Jeffery Cross Leiza Dolghih Zev J. Eigen Sophia Gassman Luke J. Gilman Michael M. Giovannini Nina Gross

Matthew P. Hedstrom Steve Henn Michael A. Holmes Dwight James Nate Luman Jenny L. Martinez Anna Saraie Josh Silver Brian Stafford Peter Stockburger Mary Strimel Kent C. Sullivan Kerry Taylor

suBsCription Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

Editorial advisory Board Dennis Block GrEENBErG TrAuriG, LLP

rEprints

ron Myrick rONALD MyriCK & CO, LLC

Thomas Brunner

Joel Henning

WiLEy rEiN

JOEL HENNiNG & ASSOCiATES

robert Profusek

JACKSON LEWiS

Sheila Hollis

Art rosenbloom

Mark A. Carter

DuANE MOrriS

CHArLES rivEr ASSOCiATES

Peter Bulmer

DiNSMOrE & SHOHL

James Christie BLAKE CASSELS & GrAyDON

Adam Cohen FTi CONSuLTiNG

Jeffery Cross FrEEBOrN & PETErS

Thomas Frederick WiNSTON & STrAWN

Jamie Gorelick WiLMErHALE

robert Haig KELLEy DryE & WArrEN

For reprint requests, email jkaletha@mossbergco.com Jill Kaletha, Foster Printing at Mossberg & Co

Dale Heist BAKEr HOSTETLEr

Jean Hanson FriED FrANK

robert Heim DECHErT

David Katz

JONES DAy

WACHTELL, LiPTON, rOSEN & KATZ

George ruttinger

Steven Kittrell

Jonathan S. Sack

MCGuirEWOODS

MOrviLLO, ABrAMOWiTZ, GrAND, iASON & ANELLO, P.C.

Nikiforos latrou WEirFOuLDS

Jerome Libin EvErSHEDS SuTHErLAND

Timothy Malloy Mc ANDrEWS, HELD & MALLOy

Jean McCreary NixON PEABODy

Steven Molo MOLOLAMKEN

Thurston Moore

CrOWELL & MOriNG

victor Schwartz SHOOK, HArDy & BACON

Jonathan Schiller BOiES, SCHiLLEr & FLExNEr

robert Townsend CrAvATH, SWAiNE & MOOrE

robert Zahler PiLLSBury WiNTHrOP SHAW PiTTMAN

HuNTON & WiLLiAMS

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published six times per year by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2017 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.

AND

“ THE EXCHANGE” CONFERENCES COMPLIANCE UNIQUE INTERACTIVE FORMAT • PROVIDES ACTUAL SOLUTIONS TO REAL BUSINESS ISSUES • DESIGNED SPECIFICALLY FOR C-LEVEL EXECUTIVES

OCT 12

APR 2018

MAY 2018

CHICAGO

HOUSTON

WASHINGTON, D.C.

Jun/Jul 2017 today’S gEnEr al counSEl

Executive Summaries L abor and EmpLoymEnt

E-discovEry

paGE 16

paGE 18

paGE 22

Legal Hurdles in Global Employment

Trump’s Employment Agenda Remains Murky

Creative Places to Find a Smoking Gun

By Nancy Cremins Globalization Partners

By Brett E. Coburn and Anna Saraie Alston & Bird

By Kent C. Sullivan and Luke J. Gilman Jackson Walker LLP

Once a company begins to expand globally, its employment compliance challenges become far more challenging. Model agreements that are used across the U.S. workforce locations are not a fit for the global teams. Employment abroad comes with many questions, and if implemented incorrectly, with serious penalties. The legal department must work closely with HR. Legal needs to know when HR is looking to make an international hire so the legal team can start looking at potential issues and obtain local expertise, before an offer has been extended. Once you are aware that your company intends to hire, your next step is to get baseline information about the relevant employment laws. Many HR professionals and some employment lawyers belong to the Society of Human Resource Management, which has a section on its site dedicated to global HR. There are numerous other sources, as well. You also will need to find in-country accountants and lawyers who can provide information about banking requirements, relevant employment laws, and tax and accounting obligations. If you are considering employment outsourcing, it’s essential to do your homework. In a number of countries, including Germany, Switzerland and Ireland, licenses are required for employee secondment or labor leasing. It takes preparation, open communications between HR and legal, and trusted partners who understand the complexities of the business and local requirements, to guide a company smoothly through international expansion.

The Trump administration has been in office for about six months, and the direction of its employment agenda remains uncertain. President Trump’s actions so far seem to indicate that, like any Republican president, he will promote employment policies that favor the business community. On the other hand, much of the campaign-trail rhetoric that got him elected invoked promises to support workers, especially blue-collar workers. It was anticipated that the Trump administration would take steps to block President Obama’s Executive Order and the DOL’s subsequent rulemaking amending the overtime regulations under the Fair Labor Standards Act, but the status of the rule and the administration’s position on the issue remain uncertain. The DOL has pushed back the effective date of the Occupational Exposure to Beryllium rule twice, and has asked for two extra months to consider the “Persuader Rule” under the Labor-Management Reporting and Disclosure Act. This would require employers to report any advice designed to persuade employees about engaging in union campaigns or collective bargaining. There are many unsettled employment issues that the current administration will have to address – chief among them, in addition to the overtime regulations, the efforts by the Obama administration and the plaintiffs’ bar to expand the definition of joint employment in a variety of contexts; the continuing attack of the NLRB on the enforceability of class action waivers in arbitration provision; and efforts to expand LGBT rights in the workplace in the absence of congressional action.

When it comes to electronic discovery, you never know where the proverbial smoking gun might be hiding. It could be in a smartphone app, a cloud-hosted third-party service or a long-forgotten thumb drive. This article explores several examples of creative approaches to finding crucial information. They illustrate the importance of closing the loop on potential data sources through witness interviews and examination of company practices (authorized or not), including the individual work habits of potential witnesses, in order to craft a robust, defensible and cost-effective strategy. In one case, early witness interviews with an employee identified a key source of communications that might otherwise have been missed. The importance of getting an on-the-ground view of potential sources of information was illustrated in another case involving a contract left in a copier. Social media, third-party document storage, third-party video hosts, project management software, accounting software, and even geolocation data are all sources of potentially relevant data. A flexible and responsive approach to electronic discovery starts by standing in the shoes of each potentially relevant player. With a combination of witness interviews, computer forensic analysis, and a ground-level view from a particular witness perspective, counsel can quickly and effectively tailor electronic discovery for the case at hand. By taking an active approach, it is possible to discover evidence that might otherwise be overlooked or given a lower priority while also slashing the overall budget by eliminating duplicative or irrelevant document collection.

today’s gener al counsel Jun/Jul 2017

Executive Summaries Intellec tual ProPert y Page 24

Page 25

Page 30

The Defend Trade Secrets Act One Year Later

Major Questions that the DTSA Brings

Five Techniques To Stop an IPR Before it Starts

By Lora A. Brzezynski, Cass W. Christenson, Peter Stockburger and Sophia Gassman Denton’s LLP

By Leiza Dolghih Lewis Brisbois

By Kerry S. Taylor and Nathanael R. Luman Knobbe Martens

Despite the creation of a new federal cause of action in the Defend Trade Secrets Act (DTSA), the number of misappropriation cases filed in federal court has not increased. DTSA’s new ex parte seizure process has been invoked sparingly. Temporary restraining orders and “expedited discovery” remain the most common forms of pre-trial relief. Questions remain as to the scope of the DTSA, especially with regard to extraterritorial application and whistleblower protection. Plaintiffs continue to file state court actions in large numbers, but counsel contemplating that move should proceed carefully. Factors to consider include whether certain aspects of the relevant state act are more favorable than the DTSA in specific cases, and whether there is actually a basis to pursue an ex parte seizure. In the hundreds of DTSA cases to date, parties have filed less than a dozen ex parte applications for seizure, and most have been denied. Whether, and to what extent, the DTSA applies to foreign conduct remains an open question. This portion of the DTSA is ripe for interpretation. Whether the DTSA whistleblower protections extend to non-natural persons also remains an open question. The DTSA provides whistleblower protection to any “individual” who discloses a trade secret in confidence to a government official or attorney for the purpose of reporting a suspected violation, but whether that term applies to “natural persons” only, or may extend to company consultant entities, remains an open question. No case has addressed this issue.

Technological developments have made it easier for employees to download confidential work-related information for uses both legitimate and illegitimate. One consequence of that can be the theft of trade secrets. Last year, Congress passed the Defend Trade Secrets Act, which elevated trade secret misappropriation issues from the state to the national level. Courts nationwide have begun to hone in on various preemption issues related to trade secrets misappropriation statutes. One of those issues is whether a state uniform trade secrets act preempts common law claims. Because each state’s trade secrets misappropriation statute is different, and because the state courts have interpreted such statutes in different ways, companies should be aware of what preemption analysis the courts within their jurisdiction use. Other issues that arise around misappropriation include potential Anti-Slapp law defenses, the question of seizing electronic devices, whistleblower protection and, notably, damages. With the elevation of trade secrets misappropriation issues to the national level, damages theories from other federal intellectual property infringement matters will likely be applied to DTSA claims. Companies must continue to improve their trade secrets protection measures and be prepared to act quickly in order to prevent their trade secrets from falling into the hands of competitors. Understanding what remedies are available, how to obtain them and how damages are assessed can help with the decisionmaking process when deciding whether, and how, to pursue a particular misappropriation case.

Inter partes review is a popular and successful tool for invalidating patents. It is increasingly likely that at some point your company will be served with an IPR petition challenging the validity of one or more of its patents. A full IPR proceeding consists of two phases: the preliminary phase and the trial phase. However, the proceeding will not progress to the trial phase if the Patent Trial and Appeal Board decides to not “institute” the IPR trial. Filing a well-crafted patent owner response during the preliminary phase is highly recommended, and this article provides strategies to employ when filing that preliminary response. Argue that the asserted “prior art” isn’t actually prior art. Several types of documents are susceptible to dispute by patent owners, including website printouts, graduate theses, presentations, advertisements, white papers and user’s guides. For anticipation challenges, find a claim limitation that the petition failed to address. For obviousness challenges, you can argue that the petition failed to provide a motivation to combine the prior art references, or lacks a reasonable expectation of success. Argue that a claim term requires construction, and that the petition failed to account for the claim term under correct construction. Determine if the petitioner or a real party-in-interest is statutorily barred from filing the petition. The patent owner should consider monitoring any changes in real party-in-interest and determining if such a change opens an opportunity for a one year bar challenge.

JUN/JUL 2017 TODAY’S GENER AL COUNSEL

Executive Summaries CYBERSECURIT Y PAGE 34

PAGE 36

PAGE 40

Protecting Your Company from Cybersecurity Litigation

Best Cyber Security Practices

Negotiating a Tech Contract with a Large Customer

By Jenny L. Martinez and Michael A. Holmes Godwin Bowman & Martinez PC

Increased connectivity across all industries has greatly increased the potential for data breaches. Post data breach consumer lawsuits, typically asserting breach of contract or negligence theories, are on the increase. Shareholder lawsuits, which often assert claims for breach of fiduciary duty due to lack of adequate data security measures, are seeing some success, and investigations by government agencies are now common. Cybersecurity involves evaluating legal risks for all aspects of the company’s business – a duty codified in many states. Data storage should be “layered like an onion” so that hackers don’t stumble onto a company’s most sensitive data as soon as they gain access. Each additional employee with access to sensitive data is another potential risk. To mitigate risk, an easy-to-use system for contacting IT and raising red flags should be implemented and communicated to all. One recommended practice: Instruct your IT department to send disguised phishing emails with links or attachments and see who reports them – or better yet who attempts to access the potentially harmful links. Review all external agreements to ensure that third-party vendors are adequately addressing the cybersecurity issue. The cybersecurity threats facing companies are rapidly evolving. To stay one step ahead of the hackers, it’s important to work directly with your IT professionals and third-party vendors. By maintaining clear and effective policies and procedures, general counsel can greatly improve their security framework and reduce the risk of litigation in the event of a data breach.

By Brian Stafford Diligent Corporation

Companies spend millions guarding against external threats, but often ignore internal threats that can be more devastating. Policies and permissions should be established for all who work at the company, from the c-suite to contract workers and third party vendors. The careless work habits of executives in particular are putting companies at risk. Research reveals, for example, that more than 30 percent of U.S. board members are using a free email service provider to conduct board level business. Given the highly sensitive information often handled by the board, secure technology is necessary to protect confidential information and conversations. The right tool can help manage data securely, control access and authorization, and assist in compliance reporting. To guard against human error, employees must know and be accountable for following company protocols. It’s inevitable that employees are going to use personal devices for work purposes, so establish revised BYOD policies that takes this into account. Be clear on what devices/actions are allowed, what is prohibited, and clearly outline consequences for violations of policy. It’s important that education and training be ongoing. Keep in mind the variety of devices out there and take measures that address as many of them as possible, starting with the most popular. Breaches and hacking can originate from any place in the organization. Thus it’s essential that companies take a close look within individual business lines to determine which solutions will be most effective in mitigating their major risks.

By Josh Silver Bernstein Shur

For a technology provider, getting the chance to contract with a large company can be a welcome opportunity. But these opportunities come with sophisticated, demanding legal teams. Large companies tend to dictate very customer-favorable terms, and they are likely to try to replace your documents with their own. Matters such as indemnification obligations, liability caps and disclaimers of damages are really allocations of risk. However, experience has shown that even small technology companies don’t always have to accept large customers’ proposed risk allocations. If a customer will not back down on its demand for acceptance testing rights, a compromise may work. A short-term evaluation license is usually acceptable. Never agree to compliance with an individual customer’s information security policies, procedures and programs. If you have multiple customers, this is an unrealistic requirement. For purposes of indemnity obligations related to breaches of confidentiality, you should negotiate a “super liability cap” with which you are comfortable (typically some multiple of the general liability cap). There are a handful of exceptions that you should build into any indemnity obligation for intellectual property infringement. For example, you should not be obligated to indemnify a customer if the basis for the claim is an unauthorized modification the customer made to your product. If you provide a mission-critical product that gives customers a competitive edge, you probably have the clout to hold your ground on key terms, even when working with a big customer.

today’s gener al counsel Jun/Jul 2017

Executive Summaries compliance page 42

page 44

page 48

Using Big Data Analysis To Protect Against Internal Threats

Cartel Investigations and Leniency

The New ISO Anti-Bribery Standard

By Steve Henn Conduent Legal and Compliance Solutions

By Mary Strimel McDermott Will & Emery

By Nina Gross BDO Consulting and Leslie Benton Center for Responsible Enterprise and Trade

Legal and compliance teams have a number of strategies they can employ against risky employee behaviors and communications. Cross-disciplinary legal and IT teams are using big-data analytics technologies to analyze a variety of sources to detect signs of malicious activity and intent early on. This approach may save the company expensive fines, reputation damage and costly investigations. Although a lot of corporate fraud does involve financial transactions manifest in structured records, troves of unstructured data often present a greater threat. Single-case analytics is unable to identify patterns of non-compliance across matters and different data vaults. It’s merely reactive, processing information when directed. If reviewers do not know about a suspicious locus of communications or what to look for, then they won’t know to run an analysis and the threat remains. Big-data analytics addresses these shortcomings, augmenting the capabilities of existing software and other tools. It can apply accurate predictive algorithms across all the cases a legal team is working on, thereby identifying related data patterns for further investigation. This can significantly reduce manual work, detect risk before it becomes a liability, and reduce e-discovery costs. Forward-thinking organizations are spending time and money to protect their employees, their brand and their assets from deliberate harm. Legal departments are working with IT and risk management teams to transform traditional ERM from a reactive process into a proactive one that integrates big data analytics with expert human judgment.

This article explains what happens in an antitrust cartel investigation and how to stay out of one. The government’s favored way to learn about cartels is its leniency program. Under this program, the first company to come to the authorities and confess to wrongdoing gets off free: no fines, and no jail. The price of leniency is full cooperation against the other violators. Unlike a guilty pleader, a leniency applicant has full coverage for its cooperating current employees. This is a key advantage of winning the race for leniency. By law, the FBI can and does use the full range of investigative tools against cartels, working in conjunction with the DOJ Antitrust Division. These tools may include surveillance of cartel meetings, undercover sources, taping of meetings and phone calls, and underground email accounts to engage cartel members. Along with search warrants, agents typically will serve grand jury subpoenas, seeking a range of documents. Grand jury subpoenas may have the purpose of demanding documents that are outside the scope of the initial search warrant or were offsite during the warrant’s execution. This is no area for “paper programs.” A good compliance program that sensitizes employees to antitrust problems should include support from top executives; a risk assessment; quality antitrust content; proof that each at-risk employee participates; a place for employees to go if they see something improper; an audit process; and a continuous improvement program based on the audit results.

Guidance that has been adopted to help companies comply with the FCPA, the U.K. Bribery Act, and other laws adopted pursuant to the OECD Anti-Bribery Convention, helps mitigate the risk for bribery. But gaps still exist, and they are especially problematic for small and mid-sized companies, which are less able to command the resources needed to effectively mitigate the risk of corruption and bribery. These smaller companies are now able to take advantage of ISO 37001, the recently published anti-bribery management systems standard from ISO, the International Organization for Standardization. ISO 37001 equips small and middlemarket companies with a flexible, riskbased framework so they can fill in some of the gaps and better mitigate the risk of bribery without breaking the bank. An organization can use ISO 37001 in two ways. It can use the standard as a benchmark to develop a program, or it can retain a third-party auditor. The third party would then use the ISO standard as a guide for auditors conducting employee interviews and reviewing documentation, as required. Earlier this year, Italian energy company Eni became the first company to achieve certification. ISO 37001 is not a bar to liability, and like most standards, it will take time – likely a few years – for a clear picture of its market acceptance to emerge. If implemented effectively, and replicated across borders, it has the potential to be a powerful tool in combating bribery throughout the global supply chain.

JUN/JUL 2017 TODAY’S GENER AL COUNSEL

Executive Summaries FEATURES

PAGE 56

PAGE 58

PAGE 60

Successful Implementation of Law Department Time-Tracking

How will Gorsuch Field State and Local Tax Issues?

Administrative Review Council Adds Value to Arbitration

By Kevin Clem HBR Consulting

By Matthew P. Hedstrom and Michael M. Giovannini Alston & Bird LLP

By Dwight James American Arbitration Association

In order to increases productivity and reduce unnecessary expenses, many law departments are seeking greater transparency with regard to how employees spend their time. Time-tracking initiatives in particular are becoming common as a way to identify workflow redundancies and inefficiencies. These initiatives sometimes encounter resistance, but with careful planning, transparency, and the right technology, it can be minimized. Among the recommendations: Learn from your peers. Consult with other in-house counsel that have established similar programs. Find the right tools. Excel spreadsheets are one option for tracking employee time, but they are limited in their capacity to provide insight into workflow trends or resource gaps. Consider other more robust tools that enable instant, actionable analysis and automated dashboards. “Lead from the top,” but make sure middle managers and practice leaders are on board. Ideally, general counsel should lead the internal messaging regarding time-tracking through a top-down communication structure, while ensuring that department leaders understand the program’s importance and goals and can make clear the anticipated benefits to the rest of the department. Among other benefits, time-tracking data can help law department leadership make a more informed case to company executives for additional budget or resource investments. Despite the sometimes visceral initial reaction by staff, with a thoughtful approach to planning and communication, time-tracking initiatives can uncover significant opportunities for increased efficiencies and end up as a benefit, not a burden.

The presence of Neil M. Gorsuch could prove to be a key factor in decisions regarding state and local tax (acronym “SALT”) that the Supreme Court will soon consider. Currently the SALT community is focused on how he may impact decisions on two issues in particular: states’ challenges to the physical-presence nexus standard in the Supreme Court’s 1992 ruling in Quill v. North Dakota; and limitations on retroactive tax legislation. Quill requires an out-of-state company to have physical presence to be subject to a sales-and-use tax collection obligation. Based on his Tenth Circuit record, Gorsuch may side with the camp that believes Quill is past its useful life. However, that supposition needs to be tempered by the fact that Quill is a complicated decision involving issues of judicial restraint and separation of powers. In recent years, some states have enacted retroactive tax legislation to effectively overturn court decisions favorable to taxpayers, and the Supreme Court has repeatedly upheld such legislation against a due process challenge. In this area, it’s possible to read Judge Gorsuch’s confirmation hearing comments as favorable for limiting a state’s ability to enact retroactive tax legislation. It is difficult to predict how Justice Gorsuch may approach these thorny SALT issues, given that DMA is the only substantive SALT decision that he authored or joined while at the Tenth Circuit. It is safe to say that the SALT community will be watching closely as these issues play out.

Sometimes parties to an arbitration argue about whether there should be an arbitration at all, or whether they are properly-named participants. Those questions are for the courts or the arbitrator. Parties may also disagree about where the arbitration hearings will be held, or by which arbitrators. Arbitral institutions have developed procedural mechanisms to address these and other concerns. For example, the American Arbitration Association formed an Administrative Review Council, which was designed to resolve such thorny administrative issues. The administrator can determine whether the filing requirements have been met by a claimant under the rules governing the dispute. If the filing requirements are not met, the parties are informed, and if deficiencies are remedied by a date specified the case proceeds. In situations where a moving party has satisfied the initial filing requirements the process moves forward, but respondents still have ample opportunity – beginning with the preliminary hearing – to convince the arbitrator about their substantive issues. To avoid delays, there are some things worth considering: At the time of service, provide clear information regarding how each of the filing requirements has been met. In situations where it is not already clear, respondents may need to know exactly why they are a legitimate party to the action. Consider whether establishing a hearing locale in the contract while everyone is still getting along might be in everyone’s best interest, and develop a fail-safe strategy for any direct challenges to arbitrators in ad hoc arbitration.

AND

“ THE EXCHANGE” CONFERENCES INFORMATION GOVERNANCE UNIQUE INTERACTIVE FORMAT • PROVIDES ACTUAL SOLUTIONS TO REAL BUSINESS ISSUES • DESIGNED SPECIFICALLY FOR C-LEVEL EXECUTIVES

NOVEMBER 1

ATLANTA

jun /jul 2017 today’s gener al counsel

Labor & Employment

Legal Hurdles in Global Employment By Nancy Cremins

f you are an in-house lawyer for a company that has employees across various states, you are familiar (in some instances, painfully familiar) with the challenges of staying informed and complying with employment laws at the federal, state and, with increasing regularity, the cities that regulate your workforce. Just when you think you have mastered the relevant legal provisions, your company hires employees in a new state, or Massachusetts passes the Equal Pay Law, or Washington D.C. enacts paid parental leave, or another state or city adopts new paid sick leave or minimum wage standards. Depending on the size of your workforce and its geographic distribution, complying with these various laws can take considerable time and resources. Once your company starts to expand globally, your employment compliance challenges increase exponentially. Not only must you learn a new country’s employment laws, but you also need to

fully grasp the local laws of the town or county in which your new employees will work. The model agreements that you use across your U.S. workforce will not fit for your global team. Depending on the country, the benefit expectations of your global employees are likely to be very different from your U.S. team. Can you provide health care benefits? Are health care benefits even an expectation? What is the mandatory parental leave in the country of hire? And what will you do if an international hire doesn’t work out? Global employment comes with many questions, and if it’s done incorrectly, with expensive penalties. To address these challenges and manage the process as simply and efficiently as possible, general counsel should keep the following suggestions in mind:

Work side-by-side with HR. When hiring internationally, the legal team must work with HR in lockstep.

Legal needs to know if HR is looking to make an international hire so the legal team can start issue-spotting and obtain a local expert before an offer has been extended. In some companies, that may mean a change from a status quo where the HR team doesn’t involve legal in the hiring process. The HR team will need to be informed and reminded that if the company is considering an international hire, there must be open and consistent communication with the legal team. A clear process needs to be in place, so that HR recognizes when the legal team’s counsel is necessary. Establishing a process in advance will ensure that the relevant stakeholders are in agreement and will limit confusion initially and throughout the process. Companies have been forced, for example, to pay significant sums in severance pay because HR agreed to grant seniority to a new hire in an employment contract without knowing that such seniority

today’s gener al counsel jun /jul 2017

Labor & Employment automatically increased the severance pay entitlement. If the legal team was consulted in the contract/negotiations phase, such expenses could have been reduced, or avoided entirely.

Do your research. Once you are aware that your company intends to hire in a new country, the next step is to get baseline information about that country’s employment laws. Both lawyers and HR executives have access to resource materials that will provide guidance. Many HR professionals and some employment lawyers belong to the Society of Human Resource Management, which has a section on its site dedicated to global HR. The Association of Corporate Counsel, for its members, also offers a resource for international legal affairs. Numerous other sources are available, including Practical Law, Bloomberg Law, Mondaq, Globalization Partners’ CountryPedia, and many law firm blogs that provide an overview of relevant issues when hiring in a specific country. Once your company is an employer in a given country, you are obligated to keep up with changes in local employment laws. So make sure you sign up to receive alerts from your online resources and from local counsel.

Go local to go global. If your company is considering expanding into a new country, you will need to find in-country accountants and lawyers who can guide you in setting up your international subsidiary, determine your local banking requirements, inform you about the relevant employment laws, and ensure that you understand your tax and accounting obligations. You need to understand the complexities in order to carry out your obligations. Here are examples of the kinds of things that are often overlooked: • In Sweden, the rate of unionization is more than 70 percent, and distributed pretty evenly in both the public and private sectors. Collective labor agreements are common, so you should work with your local team to determine whether your company

would fall under a collective labor agreement. Also note that you may not screen out job candidates based on their union membership. In fact, you shouldn’t even ask about it. • In Poland, employees must have a medical screening before they can start employment. Make sure you know how you would effectuate such a screening before making the hire. • In Brazil, if you intend to hire an employee who will receive a commission, annual or semi-annual payouts are the norm. Monthly commissions

Outsourcing also may provide a faster and more streamlined path to entry into a new country, as such firms already have a global infrastructure to bring on new talent in that country. Your outsourcing partner can also help you navigate critical employment details, such as severance, commission, contingencies and employment licenses. This will decrease your risk for non-compliance. However, if you are considering employment outsourcing, make sure that you do your homework. In a number of countries, including Germany, Switzerland

The model agreements that you use across your U.S. workforce will not fit for your global team.

would be assessed social charges (i.e. statutory governmental benefits) of 80 percent, the same assessed on standard salary payments. If you limit commissions to one or two times a year, those commissions are assessed social charges of 40 percent (so long as such commission or bonus amounts don’t exceed 50 percent of base salary). • Parental leave varies widely across countries. Estonia tops the list with 87 weeks of paid leave. Bulgaria, Hungary, Japan, Lithuania, Austria, the Czech Republic, Latvia, Norway and Slovakia offer over a year’s worth of paid leave. Given that the U.S. does not mandate any paid parental leave, many U.S. companies are surprised by this.

Decide if outsourcing is right for your company. After doing some research and speaking with local service providers, you may decide that the best use of your time and budget is to outsource your global hiring to experts. Outsourcing to a professional services business, such as an international professional employer organization (PEO), removes the substantial burden from in-house legal and HR teams.

and Ireland, licenses are required for employee secondment or labor leasing. Employment laws both in the United States and globally are constantly changing, and in-house lawyers must constantly be learning to keep their companies in compliance. Going global can appear daunting, but companies miss out on huge opportunities for growth and new customers if they fail to seize the opportunity. With sufficient preparation, open communications between HR and legal, and trusted partners who understand local requirements and the complexities of your business, you can guide your company through international expansion. ■

Nancy Cremins is General Counsel of Globalization Partners. She focuses on employment law and dispute resolution. ncremins@globalization-partners.com

jun /jul 2017 today’s gener al counsel

Labor & Employment

Trump’s Employment Agenda Remains Murky By Brett E. Coburn and Anna Saraie

he Trump administration has been in office for about six months, but lingering uncertainty remains about its employment agenda, in large part because of the conflicting messages that President Trump and his administration have sent regarding these issues. On the one hand, Trump’s history as a businessman and his actions so far (including his initial choice for Secretary of Labor and his nomination of Justice Gorsuch) seem to indicate that, like any Republican president, his employment

policies will tend to favor the business community. On the other hand, much of the populist campaign rhetoric that got Trump elected involved promises to support America’s blue-collar workers. Thus a significant tension hangs over the administration’s employment agenda, and at this point a lot of uncertainty remains. We can also attribute this uncertainty to the President’s delay in getting a Secretary of Labor confirmed. His first nominee, Andrew Puzder, came from the

business world without any government experience, and drew criticism from Democrats and groups representing workers. Amidst the controversy, he withdrew from consideration. Trump’s second nominee, Alexander Acosta, has significant government experience and was confirmed by the Senate in April. When no one was heading the Department, and with the administration focusing much of its attention on immigration, health care and foreign affairs matters, it was difficult to gain

today’s gener al counsel jun /jul 2017

Labor & Employment much insight into the administration’s employment agenda. However, with the approval of the Secretary of Labor, we may finally see it come into sharper focus and get some sense of how he intends to use employment policy to attempt to fulfill his many campaign promises to revitalize the American economy. Meanwhile, movement in the employment arena has been sluggish. For example, it was anticipated that the Trump administration would take steps

The DOL’s deadline to file its reply brief was June 30, 2017. Notably, this delay gives the DOL time to determine whether to follow up with Trump’s promise of abolishing the overtime regulations. Yet, Secretary of Labor Acosta, though he opposed Obama’s regulations, has stated that he was “sensitive” to the fact that overtime reforms may be necessary. There is some speculation that the DOL might try to revamp the new overtime rule to provide for some increase in

designed to persuade employees about engaging in union campaigns or collective bargaining. The rule was nationally enjoined by the U.S. District Court for the Northern District of Texas back in November of 2016. In addition to delays, we have seen a few affirmative steps by the administration on employment issues. President Trump has indicated that he will leave in place President Obama’s Executive Order prohibiting federal contractors

Tension in the administration, as much of the populist campaign rhetoric that got Trump elected involved promises to support America’s blue-collar workers. to abolish President Obama’s Executive Order and the DOL’s subsequent rulemaking amending the overtime regulations under the Fair Labor Standards Act (FLSA), but the status of the rule and the administration’s position on the issue remain uncertain.

the minimum salary level, but one that is much smaller than the increase called for by the Obama administration’s rule. All we can say at the time of this writing is that the Trump administration’s position on the overtime rule remains unclear. HOLDING PATTERN

APPEAL EXTENSIONS

Before leaving office, the Obama administration attempted to change the overtime regulations by, among other things, significantly increasing the minimum salary threshold required to satisfy the FLSA’s white collar exemptions from $23,660 to $47,476, and providing for automatic increases in the threshold in the future. In November, 2016 – days before the rule was set to go into effect – the U.S. District Court for the Eastern District of Texas granted a preliminary injunction enjoining the DOL from implementing and enforcing the rule. On December 1, the DOL filed a notice to appeal to the Court of Appeals for the Fifth Circuit. Since the appeal was filed, the DOL (now under the Trump administration) has requested and received two extensions of its deadline for submitting its final brief in the matter – at which point the Trump administration will have to decide whether it will stand behind the arguments presented by the Obama administration.

Other employment-related delays by the Trump administration include partial postponement of the “fiduciary rule” under the Employee Retirement Income Security Act (ERISA). This would change the rules that govern broker-dealers, retirement investment advisers, and others. While partial implementation of this rule was scheduled to go into effect on June 9, the Labor Department’s review of the rule and its exemptions remains ongoing. The DOL has also twice pushed back the effective date of the “Occupational Exposure to Beryllium” rule. This rule was issued by the Occupational Safety and Health Administration (OSHA) to protect workers from substances that can cause lung disease. The original effective date was March 10, which was later delayed to March 21, and then again to May 20. The administration has also asked for two extra months to consider the “Persuader Rule” under the LaborManagement Reporting and Disclosure Act. This would require employers and their counsel to report any advice

from discriminating against employees on the basis of sexual orientation or gender identity. He has also begun putting his mark on the National Labor Relations Board (NLRB) and the Equal Employment Opportunity Commission (EEOC) by appointing Philip Miscimarra to head the NLRB and naming Victoria Lipnic to serve as acting chair of the EEOC. In addition, the administration recently withdrew two Obama-era DOL Wage & Hour Administrator Interpretations regarding joint employment and independent contractor issues, signaling a significant shift away from the prior administration’s policies on these important issues. Most recently, the Trump administration submitted its fiscal year 2018 budget proposal, which further muddies his intentions. The administration asked Congress to reduce Labor Department spending by $2.4 billion in fiscal year 2018. This 20 percent reduction would come in large part from cutting the nation’s workforce training program. That is a clear disconnect with campaign promises to bring more jobs to the American middle class. The administration also proposed to combine the EEOC and the DOL’s Office of Federal Contract Compliance Programs to create “one agency to combat employment discrimination.” This

jun /jul 2017 today’s gener al counsel

Labor & Employment initiative has invited criticism from both pro-worker and pro-business groups. FAIR PLAY AND SAFETY ORDER REJECTED

Perhaps the most notable development by the Trump administration has been the rejection of President Obama’s Fair Pay and Safe Workplaces Executive Order (often referred to as the “Blacklisting Rule”), and its implementing regulations. In July of 2014, President Obama signed the Executive Order that would have required (1) prospective federal contractors to disclose prior labor law violations for consideration by federal agencies when awarding contracts; (2)

government contractors. The reporting requirements in particular were a source of significant opposition. In August 2016, the Federal Acquisition Regulatory Council (FAR) published its final rule implementing the EO. On the same day, the DOL also announced its own guidance. The rule was set to go into effect on October 25, 2016, but on October 7, several business groups filed a lawsuit in federal court in Texas, asking the court to enter a preliminary injunction enjoining implementation of the regulations. Soon after, the court issued its injunction. The court found that the public disclosure and disqualification requirements directly conflicted with

Perhaps the most notable development has been the rejection of President Obama’s Fair Pay and Safe Workplaces Executive Order, of20

ten referred to as the “Blacklisting Rule.” federal contractors and subcontractors to provide each employee performing work under the contract with a document each pay period, indicating the employee’s hours worked, overtime hours, pay, and any additions or deductions from pay (the “paycheck transparency requirement”); (3) federal contractors to provide, for any individual performing work under a federal contract as an independent contractor, documentation to the individual indicating that status; and (4) that contractors on contracts where the estimated value of the supplies acquired and services required exceeds $1 million agree not to require any employees or independent contractors to enter into a pre-dispute arbitration agreement that covers claims arising under Title VII of the Civil Rights Act of 1964 or any tort related to or arising out of sexual assault or harassment. The EO had been criticized by Republican lawmakers, business groups and employers for imposing additional and unnecessary financial burdens on covered

existing statutes that already specified debarment procedures, and also violated the First Amendment and the due process rights of federal contractors. The court further held that the predispute arbitration prohibition conflicted with the Federal Arbitration Act. The court did not, however, enjoin the implementation of the paycheck transparency requirements or the independent contractor notification requirement. These provisions of the EO and the implementing regulations became effective on January 1, 2017. In early 2017, the Senate and the House of Representatives both passed a joint resolution of disapproval under the Congressional Review Act to block implementation of the FAR Rule. The CRA is an oversight tool that allows Congress to repeal or prevent regulations issued under an Executive Order from going into effect. Unlike the injunction issued by the court in Texas – which only invalidated certain parts of the regulations – the congressional resolu-

tion disapproved the FAR Rule in its entirety. President Trump signed the joint disapproval resolution into law on March 27, 2017. He also signed an Executive Order revoking President Obama’s Executive Order in its entirety. At this point, while the administration has certainly sent some pro-business messages regarding its employment agenda, it is difficult to tell if the resolution and Executive Order killing the Blacklisting Rule should be taken as an indication of the administration’s overall direction on employment issues, particularly since much of Trump’s voter base consists of the very blue-collar workers who would view pro-business employment policies as against their interests. Thus there are many unsettled issues on the employment front that the current administration will have to address. Chief among them are the fate of the overtime regulations, the continuing attack of the NLRB on the enforceability of class action waivers in arbitration provisions, and efforts to expand LGBT rights in the workplace in the absence of congressional action. Only time will tell where the Trump administration will ultimately land on these important issues. ■

Brett Coburn is a partner in Alston & Bird’s Labor & Employment practice group. He handles wage and hour cases under the FLSA and counsels employers on compliance with various federal and state employment laws. brett.coburn@alston.com

Anna Saraie is an associate with Alston & Bird’s Labor & Employment practice group. anna.saraie@ alston.com

The Magazine The six-time yearly publication, with strategies, best practices and analysis written by expert practitioners within the legal profession, offers an excellent branding opportunity to 15,000 print and 80,000 digital subscribers.

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

jun /jul 2017 todayâ&#x20AC;&#x2122;s gener al counsel

E-Discovery

Creative Places to Find a Smoking Gun Unlikely Platforms Often Key in E-Discovery By Kent C. Sullivan and Luke J. Gilman

hen it comes to electronic discovery, you never know where the proverbial smoking gun might be hiding. It may be in a smartphone app, a cloud-hosted third-party service or a long-forgotten thumb drive. This article explores several real-world examples (with the fact patterns altered

to protect confidentiality) of creative approaches to finding crucial information. They illustrate the importance of closing the loop on potential data sources through witness interviews and by examining company practices (authorized or not), as well as the individual work habits of potential witnesses, to craft

a robust, defensible, and cost-effective strategy. For many companies, e-discovery is a reflexive exercise in which the default mode is to ask the IT department to issue a blanket litigation hold on all company data sources and then pull hard drives full of data for witnesses, some

today’s gener al counsel jun /jul 2017

E-Discovery

of whom may have very little involvement in the dispute. Then an army of associates or document-review attorneys takes over, producing documents with little input from those who know the most about the case – the witnesses. Relying on this default mode, in some circumstances, can be a dangerous and expensive oversight. PROBING QUESTIONS

In one case, early witness interviews with an employee identified a key source of communications that might have otherwise been missed: An employee for Company A mentioned that the company on the other side of an agreement, Company B, had a particularly restrictive IT policy that did not permit the use of company email on mobile devices. Because many of Company B’s employees spent significant portions of their day in the field, over time they began using mobile apps as a work-around for this restriction. Typically, they would use the messaging function in Skype or

An additional benefit of an in-person interview is the ability to quickly review and document the information available. It also facilitates a targeted collection of the documents that may be relevant to the matter. In-person interviews also allow legal counsel to prioritize the highest value documents and eliminate data sources that might otherwise be needlessly collected. This in turn gives clients greater confidence that all the relevant documents were collected and there will be no surprises regarding unidentified document sources at deposition or trial. Even in situations when IT can provide all the necessary documents, early custodian interviews have other corollary benefits. This was highlighted in another case when a receptionist who had little involvement in the matter was interviewed. She had recently seen the defendant, a former company founder who had started a competing company, sneak into the client’s office and run out with documents stuffed under his

officer secretly owned a vendor that accounted for an increasingly large portion of the technology budget. Because all of the IT staff reported to him, an outside computer forensic firm was retained to preserve any data at risk of being deleted. That later turned out to be crucial in convincing the judge to order a forensic analysis of the vendor’s server, which turned up documents that ultimately led to a favorable settlement. THE CONTRACT IN THE COPIER

The importance of getting an on-theground view of potential sources of information was also illustrated in another case involving less-exotic technology. Company A was involved in a dispute with a disgruntled former business adviser. The client began to suspect that the former adviser was quietly raiding the company’s programmers to start a competing venture, Company B. The former adviser denied any involvement in Company B. The programmers who had left either gave personal reasons for

The client suspected that its chief technology officer secretly owned a vendor that accounted for an increasingly large portion of the technology budget.

WhatsApp – apps that allow users to send text messages and video or audioonly calls for free. Skype and WhatsApp are particularly popular with those who work overseas because they greatly reduce the costs of international calling and require only a wi-fi connection. Because so many Company B employees were using Skype and WhatsApp, Company A’s employees naturally began to adopt the same communications methods. The personal use of Skype and WhatsApp was not expressly authorized or prohibited by company policy, nor was the use of such personal devices monitored by the IT or legal department. In this case, individual interviews were the most reliable way to ensure that all potential sources of information were captured.

shirt. While she thought it was inappropriate, she simply hadn’t grasped its potential significance until she was interviewed. Use of a particular technology is frequently a cultural phenomenon. For instance, constant audio-recording on small personal microcassettes or digital audio recorders is a nearly universal practice among police officers in certain jurisdictions. When asked, officers freely admit they use such recordings to ensure that what they say cannot be misconstrued or fabricated by private citizens they might encounter on the job, or even in conversations with each other. There are of course times when circumstances require a less direct approach. In another case, the client suspected that its chief technology

leaving or declined to discuss their future plans. But a forensic analysis soon put a bullet through their denials. One programmer had been quickly escorted out of the building when he resigned. It was so unexpected that he apparently did not have an opportunity to log off his work computer. He had been involved in an instant messenger conversation with his girlfriend on his work computer in which she encouraged him to go through with his resignation, saying his employer would never find out about his new position with Company B. After he was escorted out, he apparently continued that conversation on his phone. His work computer captured the girlfriend’s responses, in which she reminded him of what he had been continued on page 33

jun /jul 2017 today’s gener al counsel

Intellectual Property

The Defend Trade Secrets Act One Year Later By Lora A. Brzezynski, Cass W. Christenson, Peter Stockburger and Sophia Gassman

n May of 2016, President Obama signed into law the Defend Trade Secrets Act (DTSA), amending the Economic Espionage Act of 1996 (EEA) and creating a new federal civil cause of action for misappropriation of trade secrets. The DTSA does not preempt state misappropriation law, but instead provides additional claims and remedies for trade secret owners. Specifically, for example, it authorizes an ex parte civil seizure remedy. Subject to certain limitations, the seizure remedy allows a trade secret owner to seize property “where

necessary to prevent the propagation or dissemination of a trade secret.” There is no similar remedy under state law, although injunctive relief may be available. Since its enactment, hundreds of DTSA claims have been filed throughout the country. Looking at what has happened, we can see some notable trends and insights: No Increase in Federally Filed Actions. Despite the DTSA’s creation of a new federal civil cause of action, the number of misappropriation claims filed in fed-

eral court has not increased. A survey of cases filed in federal court in the year preceding the DTSA shows approximately 500 cases filed with at least one cause of action asserting a claim for misappropriation of trade secrets under state law. In the 11 months following enactment of the DTSA, approximately 400 cases were filed asserting claims for trade secret misappropriation under either the DTSA and/or state law. The greatest number of post-DTSA trade secrets cases in federal courts have continued on page 28

today’s gener al counsel jun /jul 2017

Intellectual Property

Major Questions that the DTSA Brings By Leiza Dolghih

echnological developments have made it easier for employees to download confidential workrelated information for use on the go, but the unfortunate reality is they have also opened the door for misuse. Any company that has confidential information or trade secrets is likely at some point to encounter accusations of misappropriation, whether as defendant or a plaintiff. Indeed, in the past few years Amazon, Uber, Google, Nike, Fitbit and hundreds of less well-known companies have been embroiled in legal battles

centered on the misuse of confidential information. Last year, Congress passed the Defend Trade Secrets Act. The DTSA elevated trade secret misappropriation issues from the state level to the national stage and spotlighted several key aspects of trade secrets litigation. • Preemption. Courts nationwide have begun to hone in on various preemption issues related to trade secrets misappropriation statutes. One of those issues is whether a state uniform trade secrets

act preempts common law claims. Except for New York and Massachusetts, every state has adopted some version of the Uniform Trade Secrets Act (UTSA). For example, the Texas uniform trade secrets act specifically states that it “displaces conflicting tort, restitutionary, and other law of this state providing civil remedies for misappropriation of a trade secret.” The statutes in many other states contain similar language. But because each state’s trade secrets misappropriation statute is slightly different, and because the state courts have interpreted

jun /jul 2017 today’s gener al counsel

Intellectual Property such statutes within their jurisdiction in different ways, companies should be aware of what preemption analysis the courts within their particular jurisdiction use. Another preemption question, percolating in several jurisdictions, pertains

statutes to quickly dismiss claims of trade secret misappropriation on the grounds that the actions of which they were accused by plaintiff-corporations were within their freedom of speech, participation and association rights. So far this defense has had limited success, since defendants must establish that their rights impliBecause each state’s trade secrets cate a matter of misappropriation statute is slightly public concern, and typically a dispute between a comdifferent, and because the state pany and a former employee involving courts have interpreted such trade secrets misappropriation claims statutes within their jurisdiction in is a purely private matter. different ways, companies should For example, in World Finanbe aware of what preemption cial Group, Inc. v. HBW Insurance & analysis the courts within their Financial Services, Inc., a California court found that particular jurisdiction use. “a broad and amorphous public to material that is either fully or parinterest” in employee mobility and tially subject to copyright protection: competition was not in itself sufficient When does the federal copyright statute to meet the requirements of the antipreempt trade secrets misappropriation SLAPP statute. However, since defenclaims? dants continue to use the anti-SLAPP For example, in Spear Marketing, Inc. defense, companies considering a trade v. BancorpSouth Bank, the Fifth Circuit secrets lawsuit should make sure that Court of Appeals held that “state law the allegations do not inadvertently inclaims based on ideas fixed in tangible voke the anti-SLAPP statute and should media were preempted” by the federal consider whether the statute could apply Copyright Act. Thus, Spear Marketing’s to any counter-claims asserted by the state law claims alleging copying, theft, defendants. and conversion of the confidential information contained in its software were • Seizure of Electronic Devices. DTSA equivalent to reproduction and distribu- includes a powerful ex parte seizure protion-exclusive rights granted by Section ceeding that allows courts in “extraordi106 of the Copyright Act, and therefore nary circumstances” to order the seizure the case belonged in federal court. of property that may contain their trade secrets. This year several companies have • Anti-SLAPP Statute. Currently 28 attempted to use this provision to seize states, the District of Columbia, and one company-provided devices from former U.S. territory have enacted anti-SLAPP employees. statutes. These statutes allow an early The courts denied their applications, dismissal of lawsuits that are meant to indicating the courts set a high bar when stifle an individual’s freedom of speech. determining what constitutes “extraorEmployees around the country have dinary circumstances” that would justify been attempting to use anti-SLAPP such a seizure.

For example, in OOO Brunswick Rail Management et al. v. Sultanov et al., a case involving trade secret misappropriation, the Brunswick sought an ex parte seizure of a company-issued phone and laptop that a former employee had refused to return, although both contained confidential company information. A California district court denied the seizure request on the grounds that alternative measures existed to protect the data in question. The court also said the employee had to preserve all emails, could not access or modify the company-issued devices, and had to deliver the devices into either the court’s or their lawyer’s custody. Companies will continue to attempt to use the ex parte seizure provision in trade secrets cases, and the courts will continue to flesh out the burden that companies will have to meet in order to do it. • Whistleblower Protection. Under DTSA, employees are protected from civil or criminal liability when they disclose a trade secret (1) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney; and solely for the purpose of reporting or investigating a suspected violation of law; or (2) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. Courts around the country have begun applying and interpreting the first prong of the immunity clause to determine when an employee’s disclosure of trade secrets is protected. For example, in Unum Group v. Loftus, an employee who removed company documents and kept a company computer attempted to dismiss the trade secret misappropriation claims against him by invoking the immunity provision of the DTSA. He argued that he gave the documents to his attorney for the purpose of reporting a suspected violation of law. However, a Massachusetts district court refused to dismiss the lawsuit, stating that because it was not “ascertainable from the complaint whether [the employee] turned over all of [company’s] documents to his attorney, which

TODAY’S GENER AL COUNSEL JUN /JUL 2017

Intellectual Property documents he took and what information they contained, or whether he used, is using, or plans to use, those documents for any purpose other than investigating a potential violation of law.” Therefore, the complaint stated a plausible claim for trade secret misappropriation. The Unum Group case illustrates that a company asserting a claim for trade secrets misappropriation must be prepared for the possibility that an employee may in turn invoke whistleblower immunity, and must make sure that the complaint contains appropriate language to avoid a dismissal based on that defense.

disclosure or use of its trade secrets. This is the hardest of the three to prove, but it has become increasingly popular in recent years, especially in cases involving licensed technology. With the elevation of trade secrets misappropriation issues to the national level, it would not be surprising if damages theories from other federal intellectual property infringement matters are applied to claims brought under the DTSA. For example, the measurement of a defendant’s profits in copyright matters could be directly applied to the evaluation of unjust enrichment under the DTSA. The parties could also bor• Damages. The question of how to row commonly accepted methodologies assess damages arising out of the misfor reasonable royalty calculations from appropriation of trade secrets has been patent infringement actions, such as the around as long as there has been trade well-known Georgia-Pacific factors. secrets litigation. However, as technolAs technology develops and employogy and sometimes whole industries ees become more mobile, companies keep changing, companies around the must continue to improve their trade secrets protection measures and A company asserting a claim for be prepared to act quickly when trade secrets misappropriation must misappropriation is discovered, in be prepared for the possibility that order to prevent their trade secrets from falling into the an employee may in turn invoke hands of competitors. Understanding whistleblower immunity. what remedies are available in a comcountry continue to find creative ways pany’s jurisdiction, how to obtain them to measure damages in situations where and how damages are assessed can help the harm related to the disclosure of with the decision-making process when trade secrets disclosure may not be deciding whether, and how, to pursue a obvious or immediate. particular trade misappropriation case. ■ Actual losses, unjust enrichment and reasonable royalty are the three typical damages categories in trade secrets Leiza misappropriation claims. Actual losses Dolghih is usually are equivalent to lost profits. a partner Where lost profits are impossible or with Lewis difficult to measure, a company may be Brisbois, in entitled to the unjust enrichment earned Dallas. Her by the party that misappropriated the practice trade secret. Where there has been both focuses on unjust enrichment and lost profits, trade enforcement secret owners will often seek the larger of non-competition agreements, unfair amount. competition practices and trade secrets The trade secret owner may also seek misappropriation. a reasonable royalty for the unauthorized Dolghih@lewisbrisbois.com

BEYOND PRINT

TodaysGeneralCounsel.com

IN YOUR INBOX

Digital.TodaysGeneral Counsel.com

E-DISCOVERY CONFERENCES

TodaysGeneralCounsel.com/ Institute

TODAYSGENERALCOUNSEL.COM

jun /jul 2017 today’s gener al counsel

Intellectual Property DTSA One Year Later continued from page 24

been filed in the Northern and Central Districts of California, the Southern District of New York, and the Northern District of Illinois. This suggests that despite the DTSA’s new federal cause of action, plaintiffs continue to file state court actions in large numbers. Counsel should carefully evaluate whether it is

District of Tennessee denied the ex parte application because the facts alleged in the application were conclusory in nature and failed to explain why injunctive relief under Federal Rule of Civil Procedure 65 would be inadequate to achieve the desired result. In Mission Capital Advisors LLC v. Christopher D. Romaka, the Southern District of New York denied an ex parte application because the moving party’s application

Despite the DTSA’s new federal cause of action, plaintiffs continue to file state court actions in large numbers.

best to file in federal or state court. Factors to consider include whether certain aspects of the relevant state act are more favorable than the DTSA in specific cases, and whether there is a basis to pursue an ex parte seizure. Ex Parte Seizure Orders are Few and Far Between. A unique feature of the DTSA is that trade secret owners may apply ex parte for a pre-trial order directing the seizure of property necessary to prevent the “dissemination of the trade secret that is the subject of the action.” This extraordinary remedy provides trade secret owners with a potentially powerful pretrial tool to prevent or limit misappropriation. This remedy, however, is highly circumscribed. The DTSA imposes several limitations and requirements that apply to applications for seizure. As a result, the vast majority of cases do not involve such applications. In the hundreds of DTSA cases to date, parties have filed less than a dozen ex parte applications for seizure, and of those filed, most have been denied. Courts in large part have denied ex parte applications because the moving party has failed to allege facts sufficient to satisfy the statute’s rigorous pleading requirements. In Jones Printing LLC v. Adams, for example, the Eastern

failed to describe with sufficient particularity the existence of a trade secret and the irreparable harm. Notably, some courts that have denied ex parte seizure applications have granted alternative remedies, such as expedited discovery. In Baleria Caribbean Ltd. Corp. v. Calvo, the Southern District of Florida rejected the ex parte seizure application because the moving party failed to demonstrate the “extraordinary circumstances” required under the DTSA to obtain a seizure order. However, the court granted expedited discovery to examine the laptop in question because the moving party showed “irreparable injury and potential harm,” and also that the defendant attempted to “conceal his misappropriation activities from detection.” In Dazzle Software II, LLC, et al. v. Kinney, the Eastern District of Michigan likewise denied an ex parte seizure application, but granted expedited discovery of the computer storage devices in question. Temporary restraining orders also remain a popular form of alternative pre-trial relief under the DTSA. In OOO Brunswick Rail Management v. Sultanov, the Northern District of California denied an ex parte application for a seizure order and a request for expedited discovery, but granted a

temporary restraining order based on allegations that the former employees had sent confidential company documents to their personal email accounts without authorization, surreptitiously deleted those messages, and communicated directly with the moving party’s competitor. The court in this case deemed a seizure order unnecessary because it ordered the former employees to deliver the computer devices in question at the time of the temporary restraining order hearing, and ordered those former employees to not access or modify those devices in the interim. The court also found that a restraining order was appropriate because personal identifying information was at risk of disclosure. The District Court of Massachusetts followed the same approach in granting a preliminary injunction in Unum Group v. Loftus. Thus, a variety of options may be available to promptly recover materials containing trade secrets and secure protection, including ex parte seizure orders, temporary restraining orders, injunctions and expedited discovery. Cases also show that courts are likely to weigh competing considerations when asked to restrict a defendant’s ability to lawfully solicit customers. In Engility Corporation v. Daniels, although the court ultimately issued a non-compete injunction, it scrutinized the effect a TRO would have on the defendant’s ability to enter employment relationships and conduct business before granting such relief. In Henry Schein, Inc. v. Cook, the Northern District of California similarly balanced the parties’ interests by entering an order prohibiting the defendant from soliciting only customers “to which she was assigned” while employed by the plaintiff. When appropriate, therefore, courts may narrowly tailor seizure or injunctive relief, or order less severe relief, to balance the competing interests of the parties. For parties seeking relief, it is essential to provide sufficient details concerning the trade secret misappropriation, any specific property to be seized or enjoined, and any imminent threats concerning the destruction or

today’s gener al counsel jun /jul 2017

Intellectual Property removal of trade secrets. This showing is even more critical when seeking a seizure order. Extraterritorial Application. The scope of extraterritorial application is important to corporate counsel with employees or divisions located outside the United States, but whether and to what extent the DTSA applies to foreign conduct remains an open question. Generally, federal statutes do not apply outside the United States unless expressly stated otherwise. Although the specific DTSA amendments do not discuss extraterritorial application, section 1837 of the EEA provides that the EEA applies to conduct outside the United States if: (1) the offender is a natural person who is a citizen or permanent resident alien of the United States, or an organization organized under the laws of the United States or a State or political subdivision thereof, or (2) an act in furtherance of the offense was committed in the United States. This section ostensibly applies to DTSA claims. The language of “offense,” however, could indicate the extraterritorial application may be limited to criminal offenses (the subject of the EEA). How courts will interpret the phrase “in furtherance of” under the EEA as

whistleblower protection to any “individual” who discloses a trade secret “in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney; and solely for the purpose of reporting or investigating a suspected violation of law.” This protection also impacts a trade secret owner’s ability to recover exemplary damages and attorneys’ fees under the DTSA. In order to be eligible to seek such remedies, the trade secret owner must provide notice of the whistleblower immunity provisions as required in the DTSA. The term “individual” is not defined under the DTSA. Whether the term applies to natural persons only, or may extend to company consultant entities, remains an open question. No case has addressed this issue. That said, the ability of individual employees to seek immunity under the DTSA has been tested at the pleading stage. In Unum Group, the court denied the employee’s motion to dismiss on grounds of individual immunity because the employee failed to plead sufficient facts establishing entitlement to immunity under the plain terms of the DTSA. Corporate counsel should be aware of the DTSA notice requirement, and carefully consider the risks of not including the notice provision in non-disclosure

Temporary restraining orders remain a popular form of alternative pre-trial relief under the DTSA.

it relates to the DTSA also remains to be seen. This portion of the DTSA is ripe for interpretation, and it’s one in which U.S. companies with employees assigned to work outside of the country may have a strong interest. Whistleblower Immunity Trends. Whether and to what extent the DTSA’s whistleblower protections extend to “non-natural persons” also remains an open question. The DTSA provides

and other relevant agreements concerning employees, individual contractors, or consultant entities. In addition, state acts do not have any such whistleblower notice requirement, so fees and exemplary damages may be available under state law. The DTSA is still in its infancy, and the decisions discussed provide early indicators and trends. They will continue to take shape as courts flesh out the scope and application of the statute

with respect to a variety of stakeholders and cases. ■

Lora A. Brzezynski is a practice advisor in Dentons’ Litigation and Dispute Resolution Practice and the chair of Dentons’ Trade Secrets Group. lora.brzezynski@dentons.com

Cass W. Christenson is a partner in Dentons’ Litigation and Dispute Resolution Practice, with an emphasis on asserting and defending claims involving trade secrets, patents, trademarks and other intellectual property. cass.christenson@dentons.com

Peter Stockburger is a senior managing associate in Dentons’ Litigation and Dispute Resolution Practice, and a member of the firm’s global Employment and Labor group and Cybersecurity group. peter.stockburger@dentons.com

Sophia Gassman is an associate in Dentons’ Litigation and Dispute Resolution practice and White Collar and Government Investigations practice. sophia.gassman@dentons.com

jun /jul 2017 today’s gener al counsel

Intellectual Property

Five Techniques to Stop an IPR Before It Starts By Kerry S. Taylor and Nathanael R. Luman

nter partes review is a wildly popular and successful tool for invalidating patents. At the time this article was written, the Patent Trial and Appeal Board had issued 1,332 final written decisions in IPR trials, with 67 percent of them invalidating all of the instituted patent claims and another 16 percent invalidating at least some claims. With the widespread utilization of IPRs, it has become increasingly likely that at some point your company will be served with an IPR petition challenging the validity of one or more of its patents. A full IPR proceeding consists of two phases: the preliminary phase and the trial phase. The proceeding will not progress to the trial phase, however, if the Board decides to not “institute” the IPR trial. Thus, the best strategy for surviving an IPR challenge is to stop the proceeding before the Board institutes the trial phase. This avoids the risk of a final written decision holding the claims unpatentable and avoids the cost of the trial phase. To convince the Board to deny the IPR trial, you should file a wellcrafted patent owner response during the preliminary phase. The object is to convince the Board that the petition failed to show a reasonable likelihood that the patent’s claims are unpatentable, convince the Board to deny institution of the trial phase, and thus terminate the IPR proceeding. Once that happens, the Board often declines to institute trial on a subsequent petition that attempts to correct deficiencies in the first one. With that in mind, this article provides five strategies to employ when filing the preliminary response.

Argue that the asserted “prior art” isn’t actually prior art. An IPR petition must be based on prior

art consisting of patents or printed publications. The petition needs to demonstrate that the relied upon patents or printed publications constitute prior art to the challenged patent. A printed publication is not prior art if it wasn’t disseminated or otherwise accessible to the ordinarily skilled artisan before the critical date of the challenged patent. If possible, a preliminary response should dispute the prior art status of a document. Several types of documents are susceptible to dispute by patent owners, including website printouts, graduate theses, presentations, advertisements, white

ate the date upon which the document was accessible to the ordinarily skilled artisan. Patents that allegedly constitute prior art under pre-AIA 35 U.S.C. § 102(e) may not be entitled to one or more of its claimed priority dates. Specifically, a patent may be not be prior art if the petitioner relies on the filing date of an earlier filed continuationin-part application or a provisional application for the prior art date. If the petition does not provide evidence that the relied-upon disclosures of the patent are entitled to the petitioner’s asserted

To convince the board to deny the IPR trial, you should file a well-crafted patent owner response during the preliminary phase. papers and user’s guides. For example, the prior art status of website printouts typically require authentication by a declaration of someone with knowledge of the website, such as a webmaster. If the petition fails to provide an authenticating declaration for a website, the patent owner should argue that the petitioner did not demonstrate that the website is prior art. Graduate theses should be indexed, catalogued, and accessible to a person of ordinary skill in the art. If the petition fails to provide a declaration from someone with knowledge of the indexing, cataloguing, and accessibility of a graduate thesis, the patent owner should dispute its prior art status. Likewise, the prior art status of presentations, advertisements, white papers, user’s guides and other similar documents should be disputed if the petition fails to substanti-

priority date, the patent owner should consider disputing the prior art status of the patent.

For anticipation challenges, find a claim limitation that the petition failed to address. Anticipation challenges must demonstrate that the prior art discloses a single embodiment containing all claim limitations. It is rare for prior art to use the same language as the challenged claim. Therefore, a patent owner’s preliminary response should consider highlighting portions of an IPR petition that do not adequately explain how the language used in the prior art meets one or more claim limitations. For example, in one case (IPR2014-01094) the petition included a conclusory assertion that the prior art disclosed “transition devices” to meet a claim limitation for an “output

today’s gener al counsel jun /jul 2017

Intellectual Property

distribution.” The petition was denied because the petition did not adequately explain how the prior art disclosure anticipated the claim limitation. One manner in which a missing claim element can be highlighted is for the patent owner’s preliminary response to carefully parse claim language into as many separate limitations as possible. For example, to anticipate a hypothetical claim reciting “100 different steel

widgets having identical elastic universal connectors” the prior art must disclose (1) 100 different widgets, (2) each of the 100 widgets are made of steel, (3) each of the 100 widgets have a universal connector, (4) each of the universal connectors are elastic and (5) that all of the elastic universal connectors are identical. If the petition failed to account for any one of these claim requirements, then the preliminary response should

argue that the anticipation challenge is inadequate. Also, anticipation cannot be established by combining disclosures from various unrelated embodiments within a prior art reference. A patent owner should consider checking each of the prior art citations relied on in the petition and determining if any of the cited disclosures are contained within two or more unrelated embodiments. If so, the

jun /jul 2017 today’s gener al counsel

Intellectual Property In most IPRs, each claim will be construed under its broadest reasonable interpretation. Thus, a preliminary response should consider proposing construction of a claim term, under its For obviousness challenges, argue broadest reasonable interpretation, that that the petition failed to provide excludes the prior art cited by the petition a motivation to combine the prior art to meet the claim term. references or lacks a reasonable expecAn IPR petition may rely on a broad tation of success. claim construction to assert that a claim A petition cannot establish a prima facie term encompasses the prior art. In such case of obviousness by merely showing a case, the patent owner may be able to argue that the An IPR petition is required to take a petitioner’s proposed construction stance on claim construction. is unreasonably broad in light of the specification. The patent owner should consider proposing an alternative that each claim limitation was disclosed in the prior art. The petition must explain construction that satisfies its broadest reasonable interpretation but does not why a skilled artisan would have been encompass the prior art. motivated to combine the disclosures of the prior art references to arrive at the Determine if the petitioner or a claimed invention, and that the skilled real party-in-interest is statutorily artisan would have had a reasonable barred from filing the petition. expectation of success in doing so. The A petitioner is barred from filing an IPR petition is required to clearly articulate and explain the motivation and reason- petition more than one year from the date on which the petitioner, the petiable expectation of success. The Board often holds that conclusory assertions are tioner’s real party-in-interest, or a party in privity with the petitioner was served not sufficient. with a complaint alleging infringement The obviousness analysis needs to of the patent. be in the petition; it cannot be incorA real party-in-interest includes a porated by reference into the petition party that exercises or could exercise through an expert declaration. Thus, a control of the IPR. Relevant factors for preliminary response should argue that determining a real party-in-interest are an obviousness challenge is defective if case specific and include (1) whether the it fails to explain either a motivation party funds, directs, and controls an IPR to combine the prior art references or petition or proceeding, (2) the party’s lacks a reasonable expectation of sucrelationship to the petition itself, (3) the cess analysis. party’s nature and/or degree of involveArgue that a claim term requires ment in the filing and (4) the nature of construction, and that the petition the entity filing the petition. A party is failed to account for the claim term not a real party-in-interest merely beunder correct construction. cause it is a co-defendant in litigation. An IPR petition is required to take a The one year bar is determined on stance on claim construction. Many a patent-by-patent basis, instead of a petitions assert that none of the claim claim-by-claim basis. Therefore, if a terms require express construction. This party is sued for a patent in two sepaprovides an opportunity for a patent rate lawsuits, with the first lawsuit filed owner to propose claim constructions more than one year before the petition that will likely go unrebutted by the was filed and the second lawsuit filed petitioner. less than one year before the petition,

preliminary response can inform the Board that the petition is based on an improper anticipation challenge.

then the petitioner is barred from filing an IPR petition based on the first suit. However, a dismissal of a patent infringement complaint without prejudice will eliminate the one year bar for that lawsuit. If, during an IPR proceeding, a petitioner is acquired by a party that would have been barred from filing the petition, then the Board may terminate the IPR proceeding. The patent owner should consider monitoring any changes in real partyin-interest and determining if such a change opens an opportunity for a one year bar challenge. The authors hope that the above techniques will help you stop an IPR before it progresses to the trial phase. We encourage you to seek counsel from an attorney experienced in IPR proceedings to assist with crafting the best possible preliminary response strategy for addressing the specific anticipation and/ or obviousness challenges raised against your patent. ■

Kerry S. Taylor, Ph.D., is a partner in the San Diego office of Knobbe Martens. He leads the firm’s IPR efforts in the life sciences, biotechnology and chemical industries. He regularly represents patent owners and petitioners in IPR proceedings. kerry.taylor@knobbe.com

Nathanael R. Luman, Ph.D., a partner in the San Diego office of Knobbe Martens, represents chemical and pharmaceutical companies in intellectual property disputes. He has represented either the patent owner or petitioner in several IPRs. nate.luman@knobbe.com

today’s gener al counsel jun /jul 2017

E-Discovery

Smoking Gun

continued from page 23 promised when joining Company B. Second, there was a copy machine outside the programmer’s office. The programmer apparently was unaware that modern digital copiers are like a computer, scanner and printer built into a single unit. Many such copiers save a copy of the images they scan on an internal hard drive that can be forensically recovered. Analysts pulled the drive and found nearly three years’ worth of copies, including the programmer’s employment agreement with the competing venture, an agreement that was signed while the former adviser was still actively involved in the management of Company A. OTHER POTENTIAL SOURCES

Because any attempt to create a comprehensive catalog of potential sources of evidence would quickly become obsolete, it is imperative for in-house counsel to have a close working relationship with the IT department and employees to keep a finger on the pulse of the company’s actual data use. Consider some of the following technologies that are now becoming commonplace in the corporate environment, even when hosted by a third party: • Chat platforms, such as Slack, Cisco Jabber, Google Chat and Hangouts, and even Facebook and Twitter, all offer real-time messaging. Some are formally adopted by the company, but often they are informally adopted by particular individuals or teams, with or without the company’s knowledge or consent. The line between personal and business use of such platforms can create some tricky issues for counsel that must be carefully navigated depending on the circumstances of each witness and case. • Social media platforms, such as Facebook, Twitter, LinkedIn and Google+ can also be potential sources of pertinent data, although it is imperative to respect the personal privacy often associated with the use of such platforms.

• Third-party document storage, such as dropbox, google drive and box. • Personal email addresses. The ubiquity of smartphones often means that corporate and personal email coexists side by side in the same application. Witnesses sometimes confuse their

relevant player. With a combination of witness interviews, computer forensic analysis and a ground-level view from a particular witness’s perspective, counsel can quickly and effectively tailor electronic discovery for the case at hand. By taking an active approach, it is possible to dis-

An additional benefit of an in-person interview is the ability to quickly review and document the information available.

• •

•

use of personal and company email addresses, particularly when they may have a personal and business relationship with some of those they are emailing. Third-party video hosts, such as YouTube and Vimeo. Project management and task management software, whether hosted by the company or by a third-party provider. Accounting software, such as QuickBooks. Voicemail/audio recording/LiveScribe Pens. Voice data is increasingly available as companies move to VOIPbased systems. Voicemail is sometimes automatically sent to email and even transcription services (with varying degrees of accuracy). In addition, personal recording devices such as voice-activated audio recorders and LiveScribe – which offers pen-based audio recording – are prevalent. Geolocation data. It’s rare, but in some cases a person’s location may be relevant. Geolocation data can be found in phones (sometimes determinable from cell tower data), location services on iPhones and other smartphones, and even through geotagging available in some phones and digital cameras. The availability of such data often depends on the technology and the settings for each individual user.

The principal lesson is that a flexible and responsive approach to investigations and electronic discovery starts by standing in the shoes of each potentially

cover evidence that might be otherwise be overlooked or given a lower priority, while also slashing the overall budget by eliminating duplicative or irrelevant document collection. ■

Attorney Kent Sullivan is a partner at Jackson Walker LLP and co-chair of the Government Relations/ Investigations Group. He represents clients in investigations, complex civil litigation and government relations. A former judge, he served as First Assistant Attorney General for Texas. Ksullivan@jw.com

Luke Gilman is an associate in the Litigation Section of Jackson Walker, a member of the firm’s E-Discovery Task Force and the Government Relations/Investigations Group, specializing in technologyrelated disputes and investigations. He worked eight years in information technology before becoming a trial and appellate lawyer. Lgilman@jw.com

jun /jul 2017 today’s gener al counsel

Cybersecurity

Protecting Your Company from Cybersecurity Litigation By Jenny L. Martinez and Michael A. Holmes

hough hacking has made headlines for years (search Dropbox, Evernote, Target, Apple, Home Depot, Ashley Madison, LinkedIn, etc.), it rarely affected our day-to-day lives. Then came reports of the 2016 hack of the Democratic National Committee, which possibly shifted the outcome of a presidential election and underlined the very real implications of inadequate cybersecurity. In its recent article Policy Ideas for a New Presidency, the Center for Long-Term Cybersecurity notes that cybersecurity “needs to be thought of as an existential risk to core American interests and values, rising close to the level of major armed conflict and climate change.” The increase in connectivity across all industries has drastically increased

the potential for data breaches. Post data-breach consumer lawsuits, which typically assert breach of contract or negligence theories, are on the rise. Shareholder lawsuits, which typically assert claims for breach of fiduciary duty due to lack of adequate data security measures, are seeing some success. Investigations by government agencies – including the FTC, FCC and SEC – are now common. Finally – while it’s rare – some companies have faced criminal charges for egregious security lapses. The damages available to plaintiffs in cybersecurity litigation depend on the nature of the company’s business and the types of personal information the company possesses. Proving causation between the breach and actual harm is more difficult than it appears because

it may be unknown how or whether customer information is actually used. Companies have successfully argued that there was no identifiable harm caused by the intrusion. However, some courts have allowed cases to proceed on a lower evidentiary burden of “substantial risk of future injury.” If a lawsuit or investigation results from a data breach, your company’s internal policies and procedures will be thoroughly scrutinized. Although having acted with commercial reasonableness and in accordance with industry standards will not prevent litigation, it will assist with a more favorable resolution. GENERAL COUNSEL’S DUTY

The days when data protection was solely the role of IT department are long

today’s gener al counsel jun /jul 2017

Cybersecurity

gone. The risk that your company’s data could fall into the wrong hands warrants an all-hands-on-deck approach, and legal must lead the way. This duty is codified in many states. The Texas Disciplinary Rules of Professional Conduct, for example, say that lawyers must not knowingly reveal a client’s or former client’s confidential information to third parties, must protect clients confidences and “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Cybersecurity

with third-party vendors include procedures that are consistent with the company’s internal data protection policies. POLICIES AND PROCEDURES

Adequate internal security is now lightyears beyond passwords, but security at many companies has not evolved to meet new risks and new standards. Determine where your data is physically stored, and what access points exist. Personal, proprietary and confidential data should not be stored locally on hard-drives or on a single server. While non-critical data may remain on local

consider this: If all your data looks identical, how will hackers know if they are looking at something important or unimportant? Data breaches do not usually involve stealing a company’s entire system, but only what the thief determines is valuable, so make it much harder for that determination to be made. While encryption five years ago was an arduous task, today entire systems can be encrypted and unencrypted in real-time. Evaluate who has access to your data. Every additional employee with access to sensitive data is another variable of risk,

Vital data should be segregated onto monitoring servers with the ability to disconnect in the event of an intrusion, or on air-gap storage devices which are connected only at designated times. 35 in our connected world involves evaluating legal risks for all aspects of the company’s business. Your first priority as general counsel is to identify the company’s “digital assets,” which typically fall into two major categories: (1) trade secrets, competitive advantage data and data essential to day-to-day operations, and (2) customer data, which, if released, could expose the company to liability. Once the company’s digital assets are identified, you must understand the digital structure of your organization. Where is the data located on your system? How is it stored? Who has access and why? What protections are in place? Are these protections sufficient to prevent a breach and the damages that may follow? A written explanation of the digital assets, structure, and protections within your system should be created, so that every department understands its role in the context of the whole, and this needs to be incorporated into your incident response plan. Finally, it’s necessary to look externally to determine whether your agreements

hard drives or stored on a main server or cloud, vital data should be segregated onto monitoring servers with the ability to disconnect in the event of an intrusion, or on air-gap storage devices which are only connected at designated times. Data storage should be layered like an onion to prevent hackers from stumbling into your most-sensitive data the moment they gain access. This layering may give your company a critical buffer needed to detect the intrusion and take counter-measures. Consider carefully how to minimize retained data. Unnecessary story of data is more than just costly. It creates risk. Hackers cannot steal data you do not possess. Learn how to securely purge your drives and the cloud of data when it becomes obsolete or no longer needed. If your company is required to retain data for regulatory or other purposes, consider storing that data on a secured “dead drop” computer with no internet capability. No matter where your data is stored, it should be encrypted. While this may sound contrary to the above advice,

so take steps to limit those variables. An employee who has historically had access to certain data, or who needed access to certain data at one point in time, may not need access today. Consider limiting access to only the time it is needed or making it device-sensitive. Additionally, multi-factor authentication (MFA) should be the standard for all employees with access to sensitive company data. MFA is a simple best practice that adds an extra layer of protection on top of a user’s name and password by requiring an authentication code from a device. General counsel must also consider physical security measures. While the ultimate goal is to create commercially reasonable levels of data security, the appearance that the company is taking all appropriate steps to maintain a secure physical environment is equally important. Examples of physical security include access-encoded keycards for all employees, continual monitoring of secured areas where sensitive data resides, biometric tokens, and continued on page 39

JUN /JUL 2017 TODAY’S GENER AL COUNSEL

Cybersecurity

Best Cybersecurity Practices By Brian Stafford

t the tail end of 2016, seven law firms discovered their systems had been hacked, enabling insider trading deals that amounted to more than $4 million in profits. The hacks were carried out by three Chinese nationals who, through installed malware, had accessed the emails of law firm partners working on mergers and acquisitions. The individuals were indicted, but the damage had been done and the hacking incidents left a black mark on the reputations of the law firms involved. This episode, and other recent hacks, where basic malware was able to infiltrate established law firms, should be a serious wake up call for all companies, and a reminder they need to take another look at their security practices. It’s clear many of them have a long way to go. According to the Ponemon Institute’s recent study, The State of Malware Detection & Prevention, companies don’t have the ability to prevent and deal with malware and other advanced threats – and they know it. Only 39 percent of respondents, the

costly. Companies spend millions guarding against external threats, for example, but often ignore internal ones. These can be more devastating, especially if there is malicious intent. Companies should implement policies and permissions for all who work with the company, from the c-suite down to contract workers. In addition, don’t forget that third party vendors and outside partners may have access to sensitive data, and they are outside company firewalls. Have security teams monitor for suspicious behaviors from all access points, and set protocols to prevent and/or quickly mitigate any leaks that occur. Another often neglected risk: human error. Numerous studies have cited both human error and lost/stolen mobile devices as leading causes of data breaches. As more employees work remotely and from their own devices – particularly senior level executives who travel frequently – it’s essential to create or update policies that address this practice. Include the basics, like using a protected wi-fi and a secure collaboration portal to share/ review documents. The insecure work habits of Companies spend millions executives in particular are putting companies at risk. guarding against external threats, We recently examined the use of free but often ignore internal ones. email service providers (ESPs) for business purposes. report says, “rate their ability to detect The research revealed that among the a cyber attack as highly effective, and enterprise elite -- U.S. board members similarly only 30 percent rate their abil– more than 30 percent are using a free ity to prevent cyber attacks as highly ESP to conduct board level business. A effective.” breakdown of the most frequently used Current technologies can protect ESPs includes: against many advanced threats, like denial of service (DoS), cross site • Google: 44 per cent scripting (XSS), SQL injection attacks, • AOL: 17 per cent man-in-the-middle attacks, malware, • Yahoo! : 9 per cent and more. But there are fundamental • Comcast: 7 per cent under the radar risks that can be just as • Others: 23 per cent

This practice is deeply concerning, especially considering hackers’ high success rates with infiltrating email providers such as Yahoo! and Google to garner user credentials, contact lists and access to personal accounts. Greater cooperation is needed between security, IT and executive teams to understand all risks to the firm – known, hidden and emerging. They need to work together to formulate protocols that help prevent an incident, and to design a response that can be implemented in case an incident occur. Here are four best practices that can serve as the basis of a security program:

Survey, Educate and Reward. To guard against human error, employees must know and be accountable for following company protocols. Particular attention must be paid to areas outside of legal/finance, security and IT, where employees are more removed from security strategy and implementation. In order to understand potential gaps in knowledge, survey employees through “town halls,” carry out impromptu check-ins, and conduct performance reviews. Through these assessments, managers can determine if there are gaps where additional education is needed and how to best allocate budgets to address vulnerabilities. Often companies will review security best practices as part of new hire orientation or hand out written policies via an employee manual, and then never follow up. That’s not enough. In an age where hackers are relentlessly attempting to gain access to private systems and confidential data, it’s important that education and training be ongoing. Any company that seeks to have a strong security culture must not only offer robust training to all employees – including the c-suite and directors – but also encourage professional development opportunities tailored to employees’ particular focus areas. In addition, consider

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL JUN /JUL 2017

Cybersecurity

jun /jul 2017 today’s gener al counsel

Cybersecurity

having mandatory quarterly training for all employees. This enables security teams to share the latest best practices, discuss evolving threats, and to provide refreshers on the basics. Lastly, it’s important to incentivize employees, to keep them motivated to follow protocols, and to hold their peers accountable for doing the same. Particular emphases may vary. For example, while the executive/finance teams may be more motivated by a company’s financial performance or brand reputation, firstyear attorneys and those on the front line of defense may be motivated by career advancement or new job responsibilities. In that case, rewarding security-minded actions as part of a performance review

personal devices for work purposes, establish revised BYOD policies that takes this into account. Be clear on what devices/actions are allowed and what is prohibited, and clearly outline consequences for violations of policy. • Perform due diligence checks on device/product manufacturers, to ensure they align with your organization’s security posture. If a manufacturer is not up to standard, do not allow employees to use its products for work purposes.

Follow the Letter of the Law. Recent studies have found that about a third of law firms had not

standards for the privacy and security of health information and data To ensure compliance, have gap assessments done by both an internal team and third party advisors. Results should identify and prioritize federal, state and industry compliance standards that need to be addressed.

Apply the Right Technology. Given the highly sensitive information handled at the board level, secure technology is necessary to protect confidential information and conversations. (See the email service provider usage information noted earlier.) The right tool can help manage data securely and

Research revealed that among the enterprise elite – U.S. board members – more than 30 percent are using a free and insecure email service provider 38

to conduct board level business.

performed formal privacy, security and information assessments, and about the same percentage have no cyber liability insurance. Firms with these deficiencies are less likely to comply with industry regulations, such as:

• Keep in mind the variety of devices out there and guard for as many as possible, starting with the most popular. This means look beyond employee use of smartphones or tablets to smart TVs, watches, cars, as well as biometric systems and intelligence sensors, all of which are increasingly being used for purposes related to work. • Since employees are bound to use

• Financial data and PCI DSS. The Payment Card Industry Data Security Standard sets security requirements for businesses that store, process or transmit cardholder data • WIPO. Created by the UN, the World Intellectual Property Organization details regulations on the promotion and protection of intellectual property • NCSL. The National Conference of State Legislatures Cyber Security Task Force promotes legislative discussion on cybersecurity, and a number of states have already enacted security breach protection and notification laws • HIPAA. The Health Insurance Portability and Accountability Act sets

could be one solution that both encourages participation and reduces security vulnerabilities. Establish IoT and Mobile Protocols. The tech industry is predicting rapid and massive adoption for IoT and workplace mobility, with the number of connected devices surging to as many as 200 billion by 2020. This represents greatly increased risk for companies, and suggests some basic protocols:

control access and authorization, as well as assist in compliance reporting. Keep in mind that breaches and hacking can originate from any place in the organization. Thus it’s essential that companies take a close look within individual business lines to determine which solutions will be most effective in mitigating their major risks. ■

Brian Stafford is executive director, chief executive officer and president of Diligent Corporation.

today’s gener al counsel jun /jul 2017

Cybersecurity

Cybersecurity Litigation continued from page 35

access-point sensors for data-sensitive machines to prevent the unauthorized use of external hardware such as thumb drives. Procedural security measures must also be in place. These include management, operational, and administrative controls to reduce potential humanfactor risks. The company’s employee handbook and policies should contain procedures regarding the safe use of electronic devices, the latest advice for avoiding phishing and other intrusion scams, and consequences for noncompliance. An easy-to-use system for contacting IT and raising red flags should be implemented and communicated to all. In addition to mandatory “classroom” training, internal active testing should be a top priority for the entire company. Instruct your IT department to send disguised phishing emails with links or attachments and see who reports them, or better yet, who attempts to access the potentially harmful links. Conduct frequent office audits and look for passwords written on Post-it

counsel should review all external agreements to ensure that third-party vendors are serious about data security. Do not assume that third-party vendors adequately protect your company’s digital assets. Data security measures implemented externally should be at least as stringent as those implemented internally. Thus, similar initial questions should be asked at the outset of the relationship: Where is your data located on your system? How is it stored? Who has access to your data, and why? What protections are in place, and will these protections prevent a breach and the damages that may follow? Do not do business with third-party vendors who refuse to incorporate data security measures into their agreements, and consider incorporating cooperation clauses to make clear the high levels of transparency and assistance that are expected. Include provisions that allow you to monitor the vendor’s actual compliance with your own data security requirements, including periodic audits and assessments, audit logs and security incident reports. For vendors who protect your company’s most critical digital assets, require audits of their entire system once a year

Data storage should be layered like an onion to prevent hackers from stumbling into your most-sensitive data the moment they gain access. notes, unlocked computers and forgotten thumb drives. Provide incentives to create a positive learning experience and develop employee vigilance. Within any organization, there will be varying levels of computer savvy. As less savvy employees make improvements, reward them. THIRD PARTIES

In addition to ensuring that internal data security controls are in place, general

and performance reviews every six months. These audits and performance reviews may be handled by independent auditors, or in-house if your company has the capability. The results should be discussed with the vendor, and if the issue is not already covered in the cooperation clause, the parties must agree to changes to the vendor’s procedures in response to the findings. The foregoing procedures cannot ensure against a data breach, but they

can assure that your company’s thirdparty vendors are not the weak point in your cybersecurity framework. The cybersecurity threats facing companies are evolving at a breakneck pace. Stay one step ahead of the hackers by working directly with your IT professionals and third-party vendors to maintain clear internal and external policies and procedures. By following these procedures, general counsel can greatly improve their cybersecurity framework and reduce the risk of litigation in the event of a data breach. ■

Jenny Martinez is co-chair of the Commercial Litigation Section of Godwin Bowman & Martinez PC, in Dallas. She represents businesses in disputes involving finance, software, real estate, employment and insurance. Jmartinez@GodwinLaw.com

Michael Holmes is an attorney in the business law and commercial litigation sections of Godwin Bowman & Martinez PC. He represents companies ranging from entrepreneurs to Fortune 500 businesses in transactional and litigation matters involving contracts, cybersecurity, employment, corporate, securities, financial institutions and real estate. Mholmes@GodwinLaw.com

jun /jul 2017 todayâ&#x20AC;&#x2122;s gener al counsel

Cybersecurity

Negotiating a Tech Contract With a Large Customer By Josh Silver

s a technology provider, getting the chance to contract with a large, global company can be the opportunity of a lifetime. But with big opportunities come sophisticated business and legal teams and considerable demands. Compared with smaller businesses, large companies tend to dictate much more customer-favorable terms and are more likely to try replacing your documents with their own.

The vast majority of the issues in a given technology transaction are, at the end of the day, business issues. Matters such as indemnification obligations, liability caps, disclaimers of certain damages and the like, while typically negotiated by lawyers, are really nothing more than allocations of risk amongst the parties to the contract. Experience has shown me that even small technology companies donâ&#x20AC;&#x2122;t always

have to accept large customersâ&#x20AC;&#x2122; terms and proposed risk allocations. In fact, they often have more power than they think. Here are five places in a technology contract where you may be able to push back on customer demands: ACCEPTANCE TESTING RIGHTS

Acceptance testing rights exist so that customers can test and vet software and other technologies. When a company

today’s gener al counsel jun /jul 2017

Cybersecurity

is licensing on-site software or buying access to a SaaS or other hosted products, the customer will typically ask to test it for 30, 60 or 90 days, and then provide the vendor with notice either of their acceptance or of any defects. If the vendor can’t correct the defects within a given period of time, the customer can terminate the contract and receive a full refund. As a vendor, the biggest problem with an acceptance testing right is that it prevents you from immediately recognizing your revenue when you deliver the software or provide access to the hosted product. Instead, you often have to wait for months, with the possibility that the customer will reject the product. If your product is “canned” software or a hosted product that is not custom built for a particular customer, you can demonstrate its success in a wide range of settings and environments; and if you know it’s something the customer really needs or desires, then you can push back

never once had to extend acceptance testing rights. CONFIDENTIALITY AND INFORMATION SECURITY

Large companies will usually initiate this conversation with their own confidentiality and information security contract provisions. Don’t expect the language in these provisions to be balanced. Almost uniformly, they will contain extremely robust and customer-favorable requirements. Still, it’s possible to work with these companies without assuming outsized risk. Depending upon your products, service and/or scenario, a lot of the company’s boilerplate confidentiality and information security language may not apply; and such inapplicable provisions present an opportunity to choose your battles wisely. In the case of our client referenced above, their product doesn’t involve gaining any access to personal informa-

and programs. If you have multiple customers, this is simply an unrealistic requirement. Instead, you can allow the customer to see your own set of policies and procedures. INDEMNIFICATION

Big companies will typically propose indemnity language that says, among other things, that if the vendor breaches any term, covenant, or provision of the contract, then the vendor agrees to step in and defend the customer against any lawsuits and reimburse all of the customer’s costs, expenses and liabilities (both first party costs and costs related to third-party claims), without the customer having to sue the vendor. In certain circumstances, indemnities are appropriate, but they usually need to be dialed back significantly. For example, in respect to intellectual property infringement, vendors should (and do) typically agree to indemnify a customer if that customer is sued by a third party

If a customer will not back down on its demand for acceptance testing rights, a compromise can work.

on any acceptance testing rights that a customer attempts to impose on you. But this becomes much more difficult if the product is custom-built and lacks a track record. If a customer will not back down on their demand for acceptance testing rights, a compromise can work. One client of ours offers an off-the-shelf, installed software solution. It has been configured in thousands of different customer environments, and we know it works. When customers ask for 90-day acceptance testing periods against very specific acceptance criteria, we respond by offering a short-term evaluation license (typically 15 to 30 days), so that the customer can confirm that it works as advertised. We’ve been taking this approach for over a decade, and we’ve

tion or other sensitive customer data. So we either strike the information security obligations or add a caveat that we will have to execute a separate written agreement accepting any regulated or other sensitive customer data (which, of course, we have no intention of doing). This protects our client from inadvertently receiving data they were never supposed to have, then becoming subject to information security obligations with which they cannot comply. However, if you’re a cloud services provider with a product that stores or processes sensitive information, you will likely have to agree to many of these terms. Still, there are some things to which you should never agree. For example, compliance with an individual customer’s information security policies, procedures

claiming that the customer’s use of the vendor’s technology within the scope of the license infringes an intellectual property right (e.g., patent, copyright, etc.) held by the third party. Such an indemnity would require you, as the licensor of the technology, to step in, hire lawyers, defend the customer against the lawsuit, cover the customer’s costs if they have any, pay any court awarded damages and otherwise resolve the claim. However, there are a handful of exceptions that you should always build into any indemnity obligation for intellectual property infringement. For example, you should not be obligated to indemnify a customer if the basis for the claim is an unauthorized modification the customer made to your product. continued on page 51

jun /jul 2017 today’s gener al counsel

Compliance

Using Big Data Analysis to Protect Against Internal Threats By Steve Henn

mployer assets and reputation are exposed daily to risky employee behaviors and communications. Co-workers instant message each other regarding plans to take clients with them to a new job. A disgruntled engineer passed over for a promotion exposes the company’s secret project on social media. An ex-employee discloses company plans for a new product in order to sweeten his next job offer with a competitor. This type of behavior sometimes can be unwitting, but there are rogue employ-

ees and hackers who know exactly what they are doing, and why they’re doing it. These employees and cyber thieves leave behind a trail of criminal and civil charges, financial burdens and serious damage to a company’s reputation. Today, legal and compliance teams have more ammunition than ever against such threats. Leading organizations are countering bad actors by moving beyond traditional enterprise risk management (ERM). They are creating cross-disciplinary legal and IT teams and are using big-data

analytics technologies to analyze dozens of sources, to detect signs of malicious action and intent early on. This proactive approach may save the company expensive fines, reputation damage and costly investigations. Unfortunately, many organizations discover serious violations only after the fact. It’s not that internal audit, regulatory and corporate compliance teams, and the Office of the General Counsel (OGC) – which should play a major role in reducing this risk – are asleep

today’s gener al counsel jun /jul 2017

Compliance

at the wheel. More likely they just lack the means and resources for identifying threatening actions in its beginning stages. A major issue is that until recently the focus of risk management and compliance processes – including analytics – was corporate data that is highly structured. This data is stored in internal relational and transactional databases, such as finance reports, expense reports, and point of sale and customer account databases. While a lot of corporate fraud does involve financial transactions, the troves of unstructured data present a greater threat. Teams tasked with monitoring enterprise risk often are not well-prepared for detecting indicia of risk in new and emerging types of e-communications used by employees, such as IM, email,

Now, however, big-data analytic technologies can augment the capabilities of existing software and other tools. They can process highly accurate predictive algorithms across all the cases a legal team is working on, to identify related data patterns for further review and investigation. This can significantly reduce manual work, detect risk before it becomes a liability, and reduce e-discovery costs. The OGC’s challenge is to make the shift from being reactive to being proactive. This means identifying all potential risks, across all data vaults and communications platforms used by employees. Big data analytics enable legal, IT, and risk management teams to proactively identify and report noncompliant patterns in structured and

cal learning, text, audio and video analytics, sentiment (emotive) analysis, and natural language processing (NLP). As the engine assimilates new data, it identifies relationships with existing data and extracts meaningful new results for investigation. Predictive and prescriptive functions identify and report illicit or suspicious patterns as soon as they appear. As the results are reviewed by humans, the results can be fed back into the tools to make them more attuned and powerful. Here are some real-life scenarios that demonstrate how big data analytics work to proactively deter litigation. SCRA Compliance Validation. A leading U.S. bank received a “Matter Requiring Attention” notice from

Teams tasked with monitoring enterprise risk often are not well-prepared for detecting indicia of risk in new and emerging types of e-communications used by employees.

chat and social media. These, plus BYOD policies, mobile devices, thumb drives and insecure file sharing are just a few attack points for bad actors. It’s often not possible to detect risk in unstructured data. In addition to the problem of its sheer volume, the variety of issues, workloads and limited budgets, traditional e-discovery analytics cannot assess data across multiple cases and platforms. Each matter is essentially treated as a one-off project, making it impossible to share what’s learned across a wider universe of e-discovery data. This kind of single-case analytics is unable to identify patterns of non-compliance across matters and data vaults. Moreover, single-matter analytics is a reactive function that processes information when directed to do so. If reviewers do not know about a suspicious series of communications or what, specifically, to look for, then they will not know to run an analysis, and the threat remains.

unstructured data. It creates highly scalable, virtualized storage environments that continuously ingest and analyze massive numbers of records. Specialized big data analytics technologies for e-discovery are designed for litigation support, compliance oversight and internal investigations. These engines consolidate and then analyze millions of documents, including previously reviewed and classified documents residing across any number of e-discovery platforms. Analysis functions run across the entire repository and are iterative, so the more data that comes into the repository, the more comprehensive the analysis. The analytics tools continuously run on the data within the repository, to identify requested patterns and return results to human reviewers. Customizable policies and algorithms monitor for specific data patterns, using anomaly detection, machine and statisti-

a regulator. It said the bank may have violated the rights of borrowers protected under the Servicemembers Civil Relief Act (SCRA). The bank needed to quickly analyze 1.5 million mortgage and consumer loans to identify borrowers with potential military service or SCRA-protected status. Working with a team of data scientists, subject matter experts and legal process experts, the bank developed a compliance approach using big data analytics. The process pared down large quantities of loan documents to a small sub-set of responsive documents for expert review. Advanced analysis identified target documents, and culled 120 million pages of loan documents down to 8 million. A further refinement reduced the data set to 2 million for further human scrutiny. When compared to the estimates of its previous internal work plan, the analytics-based process continued on page 47

jun /jul 2017 today’s gener al counsel

Compliance

Cartel Investigations and Leniency By Mary Strimel

overnment investigations into price-fixing and bid-rigging have targeted dozens of industries, high tech and low, from asphalt paving to wall art. The consequences of an antitrust violation are severe. Corporate fines of hundreds of millions of dollars are not unusual. Individual sanctions are worse. In most years, the government counts in the thousands the number of “jail days” that it is able to impose on individual company executives via criminal sentences. No company wants to endure this kind of pain. With that in mind, this article will explain what happens in an antitrust cartel investigation and, more importantly, how to stay out of one.

The government’s favored way to learn about cartels is its leniency program. Under this program, the first company to come to the authorities and confess to wrongdoing gets off free: no fines, and no jail. Why would the government allow a violator to walk away? That’s easy. The price of leniency is full cooperation against the other violators. The leniency applicant will bring witnesses to the government to describe the cartel, revealing the who, what, when and where of all meetings, communications, and agreements. The leniency applicant will also supply copies of key documents, including hard-to-obtain documents from overseas and emails that may

show agreements to fix prices or rig bids. In some circumstances, if meetings or communications are ongoing, the cooperator will even agree to make secret tapes for the government. The purpose of the government’s leniency program is to destabilize cartels by causing each member to look over its shoulder, wondering whether its competitor can be trusted. This, indeed, is an enormously powerful tool for breaking cartels. It also requires speed on the part of any leniency applicant that wishes to be successful. Any price-fixing or bid-rigging matter that reaches a GC’s desk should be evaluated immediately for a potential leniency request (the policy is available

today’s gener al counsel jun /jul 2017

Compliance

on the Antitrust Division’s website), because by the time the matter has reached your level, chances are very good it has also reached your competitor. The leniency program aside, the government can open cartel investigations from any number of sources. They may start with tips from customers who see suspicious patterns in pricing or bidding. Disgruntled ex-employees are also

typically will serve grand jury subpoenas, seeking a range of documents. Grand jury subpoenas may have the purpose of demanding documents that are outside the scope of the initial search warrant or were offsite during the warrant’s execution. Either during the warranted search or shortly thereafter, agents frequently will pay unannounced visits for “knock-and-

they will agree to pay for individual representation for this or that executive. If individual executives have significant exposure, it makes sense to ensure they are properly represented by unconflicted counsel. Think about it: The executive has the ability to implicate the company in federal crimes, and the company similarly can implicate the executive (and may need to, in order to secure

Either during the warranted search or shortly thereafter, agents frequently will pay unannounced visits for “knock-and-talk” interviews at the homes of investigative subjects or witnesses. These interviews are technically voluntary.

potential sources, as are class plaintiffs’ counsel. Even a newspaper article that discusses odd pricing behavior can trigger an inquiry. THE INVESTIGATIoN

By law, the FBI can and does use the full range of investigative tools against cartels, working in conjunction with the DOJ Antitrust Division. These tools may include surveillance of cartel meetings, undercover sources, taping of meetings and phone calls, and underground email accounts to engage cartel members. Public sources can also be a goldmine when it comes to developing background facts. Regulatory filings, email chat rooms and trade association records all provide insight into cartelists’ whereabouts and activities. Once a cartel investigation becomes overt (i.e., known to the subjects), FBI agents often execute search warrants at company premises or at the homes of the alleged participants. These warrants will focus on seizing anything that holds communications between conspirators, including phones, laptop computers and company email servers. The executives’ calendars and expense reports are also of great interest, because they show who met whom, where, and when. Along with search warrants, agents

talk” interviews at the homes of investigative subjects or witnesses. During these interviews, which are technically voluntary, agents will ask the subjects for their version of events, making note of any suspicious evasions. Witnesses who lie may be subject to penalties for obstructing justice. Those who confess the existence of a cartel have no Miranda rights to exclude the confession from a later trial, provided the government can show the interview was voluntary and provided the witness was not in custody. Agents go out of their way to make sure both of these hurdles are met. The FBI will continue trying to meet with and reach individual company employees even if you, or outside counsel, claim to represent all of them without having actually spoken to them. The best course is to try to reach employees yourself and let them know that participation in an interview is voluntary and that they have the right to request your attendance. Typically, after an initial rush of search warrants, subpoenas and unannounced interviews, the pace of the investigation slows as the subject individuals and companies begin to engage antitrust criminal counsel. At this stage, GCs should expect to be asked on a regular basis whether

a plea agreement). This is a tailor-made conflict, and one that no lawyer should want to touch. To help keep costs under control, employees with less exposure can be represented by pool counsel. Depending on the style of the individual prosecutors involved, the government may provide significant guidance regarding who it’s interested in, or it may provide very little guidance. Either way, the government will not disclose the identity of its leniency applicant. That information is a closely-guarded secret until litigation or trial requires that it be revealed. As lawyers in the case begin to debrief their clients, companies will be asked to work closely with the government to handle logistics of processing files from seized computers and phones. At this point, both sides have a shared interest in seeing the seized evidence promptly, so it pays to be cooperative. At a higher level, though, the company must now make a tough decision: Should it come in early and plead guilty, or stand its ground and fight? PRETTY PLEAS

In a strong cartel case, the government holds a wealth of cards. It may have a leniency applicant or secret tapes that provide a roadmap to a conspiracy. It

jun /jul 2017 today’s gener al counsel

Compliance

ElEmEnts of a Good antitrust ComplianCE proGram • Support from top executives. • A risk assessment. • Quality antitrust content. No “paper programs.” • Proof that each at-risk employee participates. • A place for employees to go if they see something improper. • An audit process. • A continuous improvement program based on the audit results.

may have emails or texts that unmistakably confirm the existence of rigged bids or a price-fixing agreement. It may even have confessions of company executives obtained from knock-and-talk interviews. If it has these things, it typically will approach companies pre-charge and give them an opportunity to cooperate and plead guilty, in exchange for a reduction in their criminal fine. As one might expect, the earlier a company makes the decision to come in and plead guilty, the greater the reduction that it may expect. However, a company’s decision to plead guilty does not take its employees off the hook. The Antitrust Division’s model plea agreement includes coverage for most current company employees, but the company will typically be required to accept “carve-outs” from its plea agreement. (This is a key advantage of winning the race for leniency. Unlike a guilty pleader, a leniency applicant has full coverage for its cooperating current employees). Carve-outs are identified corporate executives that the government wishes to keep available for prosecution. There is no guarantee that carve-outs will ever be charged, and their identities are kept secret until such time as they are charged. However, the Antitrust Division is on record with a strong policy of charging senior, culpable individuals in order to deter cartel crimes. If the Division has sufficient evidence to successfully charge an executive, it will likely do so – and as part of the corporate plea, the company will be required to cooperate with the government’s case against that individual. Besides deterrence, the government’s

policy on charging individuals has another impact: It gives the executive the incentive to turn on his or her employer if the employer does not plead guilty. This is an important weapon in the government’s arsenal. FIGHTING A CHARGE

If the company decides to fight on through an indictment, it can expect negative publicity along with the uncomfortable knowledge that any other guilty pleaders are now cooperating against it. As the case proceeds, the company will typically receive discovery in the form of witness statements, documents, tapes of meetings or phone calls (if they exist), and copies of seized electronic files, such as cell phones. These may facilitate a reassessment of the strength of the government’s case. It is hard to recommend fighting unless the company has a basis for potential acquittal. A trial is enormously disruptive and uncomfortable for the employees involved. Posturing in the hope of a generous plea can also raise issues. The government does not want to punish early pleaders, so it may be constrained in what plea deal it can offer to companies that reach an agreement later. That said, the government’s proof sometimes fails. The prosecution’s best witnesses typically have cooperation agreements that impair their credibility. Each decision must stand or fall on its own merits. STAYING OUT OF TROUBLE

To avoid experiencing any of these impacts first hand, your company should have a strong compliance program. No company is too big or too small to have

one – some industries such as dairy and paving have had repeated cartel problems that originated from modestlysized companies. A few pro-active steps could have changed the outcome for these companies, at very low cost. A compliance program is a chance to get creative, with the object being to keep the company’s employees informed and aware. Some steps to consider: • Set up whistleblower hotlines. • Require pre-approval before employees can attend trade association meetings where they will encounter competitors, and require follow-up reporting of what occurred. • Require that executives be seconded to the compliance function for a few months before they can advance in their careers. • Encourage watching the infamous lysine cartel tapes, available on YouTube, that resulted in the movie “The Informant”! Any program that sensitizes your employees to antitrust problems and gives them a place to go if there is a problem will help keep your company on a safe path. ■

Mary Strimel is a partner at McDermott Will & Emery, where she advises and defends clients on criminal cartel, class actions, M&A and other antitrust matters before federal and state competition authorities. She was an attorney with the DOJ Antitrust Division for over a decade, most recently as the founding chief of a criminal enforcement section that was launched in Washington DC. mstrimel@mwe.com

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL JUN /JUL 2017

Compliance

Big Data Analysis continued from page 43

reduced costs by 50 percent and the timeline by 18 months. Global Pharmaceutical Compliance. A global pharmaceutical conglomerate planned to introduce a new drug to the market, but faced looming legal and regulatory issues around the introduction. They needed big data analytics to identify risk so they could proactively identify and remediate any issues before going to market. The potential minefields were email and other unstructured data sources, and the company needed a solution that could reliably analyze this type of data for off-label marketing, unapproved patient populations, Sunshine Law compliance, unsupported product claims, and improper sales practices. The resulting data sets needed to be highly accurate for

further review by the compliance teams. The company used basic analytics and manual review to identify text documents by keyword filtering and date searches. However, they needed more. The sheer size of assessable data made for a slow review process, and they also needed to analyze large amounts of non-textual data. The managed services team created custom algorithms that quickly analyzed large data populations, and included non-textual sources of unstructured data. By the end, analytics and ongoing review cut to one percent the data population shared with compliance personnel for review and action. Most importantly, the analytics identified multiple issues the customer could handle quietly and efficiently. Forward-thinking organizations will spend time and money protecting their employees, their brand and their assets from deliberate harm. Moreover, they will do it proactively, with the legal

department working with IT and risk management teams to transform traditional ERM, from a reactive process into a proactive one that integrates big data analytics with expert human judgment. â&#x2013;

Steve Henn is an attorney and vice president at Conduent Legal and Compliance Solutions. He has more than 20 years experience leading technology organizations and working with c-suite executives on business, litigation and e-discovery strategies. stephen.henn@conduent.com

TO D AY S G E N E R A L C O U N S E L . C O M

jun /jul 2017 today’s gener al counsel

Compliance

The New ISO Anti-Bribery Standard By Nina Gross and Leslie Benton

espite stronger international collaboration around anticorruption enforcement, bribery costs around the world continue to soar, with International Monetary Fund (IMF) estimates totaling between $1.5 and $2 trillion in economic and social costs per year. “Depending on its pervasiveness, corruption affects some or all drivers of potential and inclusive growth, such as macro-financial stability, public and private investment, human capital accumulation and total factor productivity,” the IMF said in a May 2016 report, Corruption: Costs and Mitigating Strategies. “Low rates of inclusive growth can also lead to increased incidence of corruption, creating a negative feedback loop that can become self-fulfilling and long lasting.” In 2016 alone, the SEC pursued 26 enforcement actions under the Foreign Corrupt Practices Act (FCPA), compared to 15 in 2010, when it created a specialized FCPA enforcement unit.

Corruption has broader economic and societal implications, as well. “By distorting the functions of a state in a number of areas, [corruption] may undermine macro-financial stability, public and private investment, human capital accumulation and total factor productivity,” the IMF report added. “When corruption becomes pervasive it should be factored in when assessing economic performance of a country well beyond the direct effects of monetary and fiscal policies. “Indeed, when systemic corruption affects virtually all state functions, distrust prevails and social capital erodes. In extreme cases, the state itself dissolves into disorder, civil strife and conflict, with significant and long-lasting social and economic implications.” The compliance risk is often greater for smaller organizations, as they are less able to command the resources needed to effectively mitigate the risk of corruption and bribery. These companies are now

ISO 37001 equips small and middle-market companies with a flexible, risk-based framework so they can fill in some of the gaps and better mitigate the risk of bribery without breaking the bank. Guidance that has been adopted to help companies comply with the FCPA, the U.K. Bribery Act and other laws adopted pursuant to the OECD Anti-Bribery Convention helps mitigate the risk for bribery. However, gaps still exist, particularly in middle and emerging markets, and they cost businesses millions and sometimes billions of dollars in compliance costs, reputational damage and loss of clients.

able to take advantage of ISO 37001, the recently published anti-bribery management systems standard from ISO, the International Organization for Standardization. ISO 37001 equips small and middle-market companies with a flexible, risk-based framework so they can fill in some of the gaps and better mitigate the risk of bribery without breaking the bank. The risk-based standard of ISO

37001, published in October 2016, includes the following: • Adopt and implement an antibribery policy and program, communicating the requirements to all relevant personnel and business partners, including subcontractors, consultants and suppliers. • Appoint a person or persons to a compliance function to oversee the policy and program. • Deliver anti-bribery training to employees and business associates as necessary. • Assess bribery risks, including through necessary due diligence steps. • Ensure controlled entities and third parties also implement anti-bribery controls. • Monitor and ensure compliance with the policy and program by personnel. • Oversee benefits like gifts and donations to make sure they serve a legitimate, legal purpose. • Implement financial, procurement and other controls to help mitigate bribery risk. • Cement whistleblower and antiretaliation procedures, investigating and addressing reports of suspected bribery or actual bribery. The standard was drafted over a three-year period and incorporates input from representatives of 56 countries and seven liaison organizations. It avoids “legalese” commonly used in these kinds of standards, has a level of detail that’s lacking in much of the existing guidance, and is meant to be easily replicable across borders. It follows the high-level structure of other ISO management systems standards and lays out specific anti-bribery procedures, and it also incorporates best practices from the well-established anticorruption guidelines referenced above.

today’s gener al counsel jun /jul 2017

Compliance

An organization can use ISO 37001 in two ways. First it can, on its own, use the standard as a benchmark to develop a program. Second, it can retain a thirdparty auditor to certify conformity with its requirements. This would involve auditors conducting employee interviews and reviewing documentation required by the standard. Earlier this year, Italian energy company Eni became the first company to achieve certification.

Certification is effective for a period of three years, with a slimmed down “surveillance audit” performed annually during the interim period. The costs of formal certification will vary according to the size and complexity of the organization, and on the scope of the certification (e.g., whether it is seeking certification for the entire organization or a part of the organization, such as a subsidiary or business unit).

Auditors are still completing the required steps for accreditation as outlined by their respective national standards bodies (in the U.S., the ANSI-ASQ National Accreditation Board), so formal certification likely will not be available to organizations for another six to nine months. Not a perfect picture, but a start. ISO 37001 is not a bar to liability, and like most standards it will take time –

JUN /JUL 2017 TODAY’S GENER AL COUNSEL

Compliance

likely a few years – for a clear picture of its market acceptance to emerge. At the very least, the ability to tout ISO 37001 certification or self-attestation may prove to be not only a selling point for organizations to potential partners and clients, but also a vehicle to provide assurance to management, employees and investors that the organization has taken tangible steps to mitigate the risk of bribery. At best, if implemented effectively, and replicated across borders, it has the potential to be a powerful tool in combating bribery throughout the global supply chain. ■

Nina Gross

leads the Global Forensics practice of BDO Consulting, in Washington, D.C. She has 30 years of forensic accounting, investigation and consulting experience working with multinational organizations and their counsel. Prior to joining BDO, she led the Financial Advisory Services FCPA consulting group at Deloitte LLP, and established the firm’s Global AntiCorruption Training Academy. She has also served as Director of the Office of Legislative Affairs at the SEC. ngross@bdo.com

Leslie Benton is the Vice President of Advocacy and Stakeholder Engagement at the Center for Responsible Enterprise and Trade. She is a member of the U.S. Technical Advisory Group to the ISO committee developing ISO 37001 and helped draft its anti-bribery management systems. lbenton@CREATe.org

TodaysGC Daily Newsletter The daily newsletter is a terrific advertising vehicle to reach 35,000 corporate subscribers. With a high open rate, the newsletter is unmatched as a marketing vehicle within the corporate counsel community.

T OD AY S GE NE R A L C OUN S E L .C OM / S UB S C R IB E

TODAY’S GENER AL COUNSEL JUN /JUL 2017

Cybersecurity

Negotiating a Tech Contract continued from page 41

Similarly, you should have no indemnity obligation if the basis for the claim is the customer’s combination of your product with some third-party product that you did not provide to them. If you are working with a customer-provided contract, you will likely have to negotiate these exceptions.

are comfortable (typically some multiple of the general liability cap). In respect to general liability caps, customers will routinely ask for overall caps of three to five times the amount paid or payable under the contract, which is well beyond what a vendor should ever agree to. A more reasonable liability cap is 1x trailing annual fees—in other words, whatever the customer has paid in the 12 months

Watch out for customers seeking service credits all the way up to 100 percent. The purpose of service credits is to incentivize a vendor to deliver on their guarantee, not to put them out of business. A reasonable service credit eats into the vendor’s margin but still allows them to cover their costs. If you provide a mission-critical product that gives customers a competitive edge, you probably have the clout

Why would a vendor receiving a $200,000 perpetual license fee agree to $1 million of potential liability, with a handful of exceptions for which it would have unlimited liability? Customers often require indemnity for breaches of confidentiality and information security. This can be an especially high-risk obligation for hosted or cloud services providers that store, maintain or process very sensitive data. To reduce your risk in connection with these sorts of indemnities, you can exclude liability for information security breaches to the extent you were following your contractual information security obligations at the time of the breach, and by including a cap on your liability relating to confidentiality and information security breaches. This cap should cover first party costs, third party claims, direct claims by the customer and indemnity obligations. LIABILITY CAPS

Often, customers will ask for unlimited liability in connection with indemnity obligations; and while that is okay in some scenarios, it’s not a smart risk to take if you’re hosting sensitive customer data. In reality, it’s highly likely you’re going to be breached or some data will be lost at some point, whether it’s an employee taking it, a hacking scenario or something else entirely. When it happens, you want to know where your liability ends. So, for purposes of indemnity obligations related to breaches of confidentiality, you should negotiate a “super liability cap” with which you

leading up to the event that caused the customer damages. Liability caps are, at the end of the day, a business risk issue. Why would a vendor receiving a $200,000 perpetual license fee agree to $1 million of potential liability, with a handful of exceptions for which they would have unlimited liability? It’s usually not worth the business risk, unless the vendor is desperate for the revenue.

to hold your ground on key terms— even when working with a big customer that has a big team of lawyers, and you have only one or two. However, if you’re a startup company, you probably don’t have that leverage. Your biggest decision remains a business one: Is this customer worth the risk? Count on them to dictate their terms quite persuasively. But it’s still your business call. ■

SERVICE LEVELS AND SERVICE CREDITS

Negotiable points in a support services contract (which may be separate from or rolled into a license or SaaS agreement) include support hours, initial response times, resolution turnaround timeframes and general uptime of hosted products. Many hosted solution providers will guarantee uptime of, say, 99.9 percent; and if they fall short, they’ll provide service credits, which are partial refunds of the fees a customer paid. These are scalable based on a formula—stipulating that if you only deliver 99.5 percent of the 99.9 percent guaranteed uptime, the customer will get x percent of fees back. Or if you’re lower, they’ll get a higher percent, capped somewhere between 10 percent and 15 percent of monthly, quarterly or yearly fees.

Josh Silver is a shareholder and co-chair of Bernstein Shur’s Data Security Team. He negotiates sophisticated and complex technology transactions on behalf of large and small companies and financial institutions. He frequently assists clients with data breach response measures and the negotiation of technology licenses and related services. jsilver@bernsteinshur.com

Jun/Jul 20 17 today’s gener al counsel

work pl ace issues

Finding and Correcting a Gender Pay Gap By Zev J. eigen

oncerns about a gender pay gap have intensified in recent years. Politicians, social activists and the media have declared war against employers paying women less than men for the same or “substantially similar” work. Few employers would deliberately set out to pay one gender less than another. However, regardless of intent, employers may not pay sufficient attention to the gap, so simple things like maintaining a policy of offering starting pay at the bottom of a range, but being willing to go as high as the top of that range, could produce gender pay gaps and go unnoticed and undetected. Empirical research suggests that a critical labor supply problem makes this neutral policy capable of producing a gender pay gap because men tend to ask for more than women. What’s worse is that this effect may be exacerbated over time because of percentage-based pay increases. There are both legal and non-legal reasons why you should evaluate your company’s gender pay gap and, if a problem exists, try to fix it. Remember that gender equity laws do not target only intentional discrimination. Even well-meaning employers can be held

Zev J. eigen is the Global Director of Data Analytics for Littler Mendelson. He was recently named as one of the top 10 most innovative lawyers of 2016 by the Financial Times, and his work earned Littler the honor of being named the most innovative in the area of data analytics and business intelligence. zeigen@littler.com

liable, absent even a hint of intent to discriminate. A better way to conceptualize gender equity regulations is to think of them as requiring employers to correct pay gaps that might exist in the labor market, even if employers didn’t have any direct hand in their creation. Such pay gaps may not only be unlawful under federal law, but also under a growing number of state gender equity laws. California’s Fair Pay Act, for example, went into effect on January 1, 2016. Other states including Maryland,

Massachusetts and New York are enacting or have enacted similar laws. These laws often require employers to augment pay transparency. Future regulation might require more of this, because of the availability of data and the ease and low cost with which it is accessible and transmittable. Under certain circumstances, regulation could increase the availability of grounds on which to base retaliation claims. Because the laws protect an employee’s inquiry about compensation equity, it’s

today’s gener al counsel Jun/Jul 20 17

possible that an employee or group of employees could rely on an employer’s poor response as evidence in support of a theory of animus or retaliation in the event of involuntarily termination. GOOD REASONS FOR ELIMINATING THE GAP

Some of the legal reasons an employer should tackle this problem today are:

• Even well-intentioned employers may be violating the law. Pay equity laws do not contain provisions requiring plaintiffs to show animus or intent to pay one gender less. • State laws are evolving to impose greater restrictions on employers. It is worth it to start paying attention to these laws now to reduce risk. • Some state laws may require or otherwise encourage augmented pay transparency. Employers are better served to identify and correct problems before they start fielding employee questions. Fixing gender pay gaps after inquiries arise may increase the risk of those inquiries materializing into claims. • Finding and correcting compensation equity problems may reduce the availability of evidence that could be used to support retaliation claims – which are the fastest growing type of claim being filed over the last five years. Legal risks aside, there are good nonlegal reasons an employer would be wise to identify and correct gender pay gaps. The bad press associated with gender pay inequity, for example, directly impacts an employer’s recruiting potential, creating a vicious circle in which qualified applicants may become less interested or willing to apply if they think their earning potential at a company will be limited. Further, many employers use the absence of a gender pay gap as a means of improving a company’s image. Missing out on this opportunity is one way to fall behind the competition. Lastly, compensation equity is often a great predictor of turnover. This is hard for employers to observe directly because they might, for example, just

see women exiting the company without knowing that the reason has to do with compensation equity. A friend recently confided in me that she quit her job after several years of asking for pay increases. She is highly skilled and experienced. A junior male counterpart was hired and immediately given more money – something she learned because she was privy to some compensation records. As a result, she ended up leaving and going to a competitor. When the employer attempted to retain her, it was too late. The lesson is that getting compensation equity right will lead to a happier, engaged workforce that is less likely to voluntarily exit. It will also promote greater diversity and inclusion, and result in more collaboration and productivity. THREE RULES

Hopefully, you are convinced that you should evaluate whether there is a gender pay gap at your company and fix problems quickly. Hopefully, you’re also convinced that it is important to engage legal, HR and recruiting, and maybe even your PR office, to ensure that once problems are resolved, information is correctly and properly disseminated in a careful and strategic way. As a data scientist, former law professor and in-house labor and employment counsel working with employers to identify and correct gender equity issues for almost two decades, I’ve learned a number of things about the process of using data to identify gender equity problems and correct those issues. Here I would say are three critical rules to follow:

Do not rely on internal non-experts to ensure gender equity compliance. I’ve seen it too many times. I ask a client if they’ve evaluated whether their organization is paying men and women the same for substantially similar work, and they say that they’ve got it covered. When I ask what they’ve done, some tell me they have someone from their compensation group or from Human Resources making sure that there are no problems. But unless that person

is versed in the law and how courts and plaintiff attorneys are interpreting it, understands data and statistics at a high level, and has experience running gender equity audits, this can be a very bad idea. Why? Because it can identify risk where none exists, and miss instances of risk that a proper review of the data would have found. It tends to miss a critical component of the analysis: identifying the proper ways of drawing the circles around “substantially similar” employees for the purpose of the law. It can also miss data sources that could be used to explain away observed gaps in pay. Lastly, it tends not to evaluate gaps using proper statistical methods that are more likely in accord with the law and how courts are likely to interpret them.

Conduct an attorney-client privilege audit – the right way. The optimal way to evaluate compensation equity is to engage experienced experts to run an audit of compensation systems. They will start by working with you to identify the substantially similar groupings to evaluate. This is based on skill, effort and accountability. It is not based on pre-existing pay bands or pay grades used by the employer. If that were the case, gender equity problems could be circumnavigated by just relabeling improperly paid women into a lower pay band or group. That is unlikely to be a satisfactory solution under any situation. The experts should work with you to identify the optimal way to measure compensation for the purposes of rendering meaningful comparisons, and to identify sources of data that might explain away observed distributional gender pay gaps. Using this data (and it must be the right data) is the critical piece of the puzzle. It enables experts to identify where the problems are, the dollar value of the problems and how to advise on remedying them.

Consider gathering and using relational data. I’ve spent a lot of time working with employers large and small to idencontinued on page 55

Jun/Jul 20 17 today’s gener al counsel

T H E A N T I T R U S T L I T I G AT O R

How Compliance Failed at Wells Fargo By Jeffery M. cross

n April, I again moderated one of the Compliance and Ethics Forums presented by Today’s General Counsel. The fourth installment of this series, it was held in Houston and again consisted of peer-to-peer discussions among inhouse counsel and compliance officers, on topics of significant interest to them. One of those topics was the 113-page report of the independent directors of Wells Fargo Bank that had been released just three days earlier. The report and the discussions at the Forum established some valuable lessons for compliance. The major contours of the Wells Fargo story are quite familiar. Because of sales pressures on employees created by management of its Community Bank, millions of fictitious credit-card, checking and savings accounts were opened in customers’ names, in many cases without the customers’ knowledge. Millions of dollars of improper fees were charged to the bank’s customers. Beginning with a Los Angeles Times story in December 2013, and followed by a lawsuit by the Los Angeles City Attorney in May 2015, the improper practices were uncovered. The bank’s management faced hostile questioning by Congress and various

Jeffery cross is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com.

government agencies, and many state treasurers pulled their business from the bank. Wells Fargo’s CEO, the head of the Community Bank and others lost their jobs. Hundreds of millions of dollars in salaries and bonuses were clawed back from executives by the company, and the bank has paid hundreds of millions of dollars to settle lawsuits and government imposed fines. Most significantly, Wells Fargo’s reputation had been severely damaged. The independent directors’

report described this damage to the bank’s brand and reputation as “extraordinary.” The report shows that Wells Fargo had in place a fairly robust compliance program and a pro-active board of directors that regularly considered compliance issues. What, then, went wrong, and what are the lessons for compliance from the independent directors’ report? Perhaps the most significant lesson is that the compliance program failed to timely inform the board of the problems

today’s gener al counsel Jun/Jul 20 17

because of a decentralized corporate that the violations were caused by sales structure. The board concluded that the pressures in the Community Bank. structure gave too much autonomy to However, the board of directors was the Community Bank’s senior managekept from fully appreciating the magniment, including the Community Bank’s tude of these terminations. For example, risk officer. in May 2015 after the Los Angeles city The report noted that each business attorney’s lawsuit, the Wells Fargo CEO unit had its own risk managers that and the head of the board of directors’ reported directly to the head of the unit, risk committee both wanted the lawsuit not the chief corporate risk officer. The to be the first order of business at the report stated: “The line of business risk next meeting of the risk committee. The managers were answerable principally CEO asked the head of the Community to the heads of the businesses and yet Bank to work with the legal team to took the lead in assessing and addressprepare relevant information for the risk ing risk within their business units.” committee prior to their meeting. The report goes A draft of the beyond just raising the report to the risk The report shows idea there was an incommittee disclosed herent conflict of interthat approximately that Wells Fargo est in the risk officers one percent of the investigating failures employees in the rehad in place a fairly gional bank had been within their own lines of business. Rather, terminated for sales robust compliance integrity violations it indicates that the decentralized orgain 2013 and 2014. nizational structure, This amounted to program and a with parallel units in 1,229 sales practice the Community Bank, terminations in the pro-active board impeded corporateCommunity Bank in level insight into, and 2013, and 1,293 such of directors that influence over, the terminations in 2014. Community Bank. It the Commuregularly considered However, goes further by noting nity Bank’s risk officer, that the risk officer for up by the head compliance issues. backed the Community Bank of the Community was “running interferBank, argued that the ence” for the head of the Community one percent number was “unreliable.” Bank and “filtering” communications Consequently, the number was dropped with other Wells Fargo risk officers. from the report. The board was not to This decentralized organizational struclearn the true number of terminations ture allowed the head of the Commufor sales practice violations until Septemnity Bank and its risk officer to hide the ber of 2016. magnitude of the sales problem from the Even when a large corporation has board of directors. an extensive compliance program, The report includes an illustration with an active board of directors fully of this effort by the head of the Comengaged in compliance, the company’s munity Bank and her risk officer. If an governance structure, and the organizaemployee was found to have violated tion of the compliance function within the bank’s sales practices with dishonthat structure, could lead to the compliest conduct, such as issuing debit cards ance team and the board missing probwithout customer consent, that emlems significant enough to damage the ployee became “un-bondable” under the company and its reputation. The Wells bank’s fidelity bond requirements and Fargo independent directors’ report therefore had to be terminated. Such tersheds considerable light on how such minations were obvious “red flags” that, structural and organizational flaws led upon full investigation, would reveal to that result. ■

Gender Pay Gap

continued from page 53 tify sources of data that objectively measure skill, effort, and accountability to legitimately differentiate compensation. It is sometimes the case that traditional measures exacerbate the problem instead of ameliorating it. My experience when I evaluate performance evaluation data often reminds me of work by Emilio Castilla from MIT, which shows how performance evaluations can systematically favor men, even though they appear objective. Performance evaluations may be used to differentiate pay gaps, but what if the performance evaluations themselves are biased against one gender? A good solution to this is using relational data. Relational data are measures of how other employees regard their fellow employees – how much they rely on them to get work done, how critical they are to team performance. This generally is the best source of information on how influential and critical individuals are to the work being done. Relational data are blind 360-degree performance data, instead of topdown single-sources of non-blinded information on performance. Employers may effectively use Software as a Service (SaaS) options like Syndio (www.synd.io) for expediently gathering and analyzing relational data. Relational data are great for identifying problems with gender or race equity pay for many reasons. They also may be used as part of diversity and inclusion initiatives. Lastly, employers should consider the frequency of re-running analyses. This will be a function of several factors, like how much turnover there is, how much the company is hiring, how frequently the employer updates compensation, and the overall risk profile identified by previous audits. Following these rules for gathering and analyzing data properly, and following up when necessary, will go a long way toward remedying the problem of gender pay gaps. ■

SucceSSful ImplementatIon of law Department

tIme-trackIng By kevIn clem

istorically, outside counsel has represented a significant portion of law department spending. However, in the last couple of years efforts to reduce costs and improve in-house processes have brought equilibrium to internal and external budgets. According to the 2016 HBR Law Department Survey, internal legal spending outpaced outside counsel spend for the first time in the more than 30-year history of the survey. While â&#x20AC;&#x153;e-billingâ&#x20AC;? has enabled law departments to accumulate troves of data on outside counsel activities, few companies have much insight into how internal law department resources are deployed. At the same time, with continued pressure for corporate law departments to run more like a business, internal resource optimization has become more important. In

today’s gener al counsel Jun/Jul 2017

order to adjust their business models in a way that increases productivity and reduces unnecessary expenses, more law departments are seeking greater transparency with regard to how employees are spending their time. Time-tracking initiatives, whether as part of a periodic study or ongoing, are becoming more common as a way to identify, in particular, workflow redundancies and inefficiencies. This creates the unique challenge of gathering accurate data without damaging department morale. One issue is that employees may associate attempts at cost reduction with layoffs; they fear time-tracking information will be used to eliminate positions. This means that department leaders need to take a strategic approach to their messaging, and their implementation. In order to reduce employee anxiety and encourage precise timetracking habits, they need to be clear about their goals. According to the most recent HBR Law Department Survey, only 14 percent of law departments now have a formal timekeeping system. Those that do typically define “broad buckets” for regulatory reporting or chargeback purposes. But in-house time-tracking, if adopted successfully, can also be used to identify those low-level administrative tasks that monopolize attorney time. These tasks can often be automated, delegated or outsourced to ensure that department members have more time to dedicate to high-value work. This means rather than reducing headcount, organizations can work to increase employee engagement by eliminating or reallocating tedious activities in favor of more meaningful projects. With careful planning, transparency, and the right technology, law departments can minimize internal resistance to a time-tracking system. Here are some suggestions to consider before attempting to formalize any time-reporting policies: • Learn from your peers: Organizations should first consult with other in-house counsel that have established similar programs. Their lessons learned, including insight into potential stumbling blocks, constitute invaluable intelligence. • Find the right tools: Excel spreadsheets are one option for tracking employee time, but they are limited in their capacity to provide insight into workflow trends or resource gaps. Organizations should consider more

robust tools that enable instant, actionable analysis and automated dashboards. • Lead from the top, but get middle managers on board. Practice leaders need to understand and support the initiative, and middle manager buy-in is crucial. Ideally, general counsel should lead the internal messaging regarding time-tracking through a top-down communication structure, while ensuring that department leaders understand the program’s importance and goals and can make clear the anticipated benefits to the rest of the department. • Start small: Pursuing a phased approach to time-tracking is a proven way to guarantee smooth adoption and ongoing compliance. It’s easier to refine tools and processes when they’re being tested by a pilot group, rather than overhauling the initiative across the entire department. Once the data from an initial study are analyzed and a preliminary set of efficiency opportunities are identified, additional momentum can be gained to expand scope or duration. Acting on a set of quick-win insights that reduce administrative burdens can greatly accelerate departmental acceptance. In 2016, law department outside counsel spend decreased by two percent, while the inside spend grew three percent (to a median of $12.4 million worldwide). As they bring more legal work in-house, it’s imperative that law departments have accurate understanding of how resources are being used. With the right tools, standards, and management messaging, timetracking can be a powerful way to highlight inefficient processes and identify tasks ripe for automation, ensuring that employees time is spent as effectively as possible. Having a detailed view into employees’ day-to-day tasks enables law department leaders to transform their staff workload from the tedious to the strategic, giving meaningful work to attorneys and paralegals while transferring administrative tasks to non-attorney support staff, automating those tasks, or discontinuing them entirely. At the same time, these insights help law department leadership make a more informed case to company executives for additional budget or resource investments. Despite the often visceral initial reaction, with a thoughtful approach to planning and communication, time-tracking initiatives can uncover significant opportunities for increased efficiencies and end up as a benefit, rather than a burden. ■

Kevin Clem is managing director and group leader of the Law Department Consulting Practice at HBR Consulting. He has more than 17 years experience consulting with corporate law departments, collaborating with clients to improve operational efficiency and optimize legal operations. Prior to joining HBR Consulting, he was a founding member and managing director at Huron Consulting Group and a senior consultant at Arthur Andersen. kclem@hbrconsulting. com

How Will Gorsuch Field State and Local Tax Issues? By Matthew P. Hedstrom and Michael M. Giovannini

$ $

udge Neil M. Gorsuch’s confirmation as an Associate Justice of the Supreme Court was a historic political moment for many reasons, including the fact his confirmation was based on a simple majority

vote. This confirmation could also prove historic for issues of state and local tax (SALT). Currently, the SALT community is focused on how Justice Gorsuch may impact the Court’s decisions on two of the most pressing SALT issues now facing taxpayers and states: various state challenges (in the form of aggressive legislation) to the physical presence nexus standard in the Supreme Court’s 1992 ruling in Quill v. North Dakota, and the limitation around retroactive tax legislation.

today’s gener al counsel Jun/Jul 2017

It is frequently observed that Justice Gorsuch may follow in the footsteps of former Justice Antonin Scalia. Gorsuch been described by NPR’s Nina Totenberg as a “cerebral proponent of ‘originalism,’ the idea that the Constitution should be interpreted as the Founding Fathers would have more than 200 years ago, and of ‘textualism,’ the idea that statutes should be interpreted literally, without considering the legislative history and underlying purpose of the law.” While Gorsuch’s judicial ideology has been analyzed at great length, what is of primary interest to the SALT community is how this ideology will likely impact some important SALT issues that may be facing the Court in the near future. While sitting on the Tenth Circuit, Judge Gorsuch was highly skeptical of the “dormant” Commerce Clause, which underpins many major SALT issues, such as nexus, discrimination and apportionment. Indeed, in three separate decisions joined by Judge Gorsuch, the dormant Commerce Clause claims failed. Although Justice Gorsuch was not asked any questions on SALT topics during his confirmation hearing, his comments did shed light on some relevant issues. In particular, he referred to the dormant Commerce Clause as a “sleeping thing” that was the “product of judicial interpretation.” This is not exactly glowing praise for a construct that is so crucial to SALT issues.

QUILL AND PHYSICAL PRESENCE Perhaps no issue has captured the state tax community like state attacks on the physical presence nexus standard established by the Supreme Court in its 1992 Quill v. North Dakota ruling. Quill requires an out-of-state company to have physical presence to be subject to a sales and use tax collection obligation. In Justice Gorsuch’s relatively short tenure as a Tenth Circuit judge, the only significant SALT case where he authored or joined the majority opinion (or authored a concurring opinion) is Direct Marketing Association (DMA) v. Huber. The substantive issue involved Colorado’s disclosure and reporting law, which requires out-ofstate retailers making sales to Colorado customers (but not collecting sales/use tax) to report to the state’s Department of Revenue the amount of taxable purchases made by each customer and to disclose that amount to the customers. DMA, a trade association, challenged this reporting/disclosure requirement as violating Quill’s physical presence nexus requirement. Ultimately, the Court held that the federal Tax Injunction Act did not apply to the Colorado law. Perhaps more significant than this decision

is Justice Anthony Kennedy’s concurring opinion, in which he declared that it is “unwise to delay any longer a reconsideration of the Court’s holding in Quill. A case questionable even when decided, Quill now harms States to a degree far greater than could have been anticipated earlier ... It should be left in place only if a powerful showing can be made that its rationale is still correct.” When DMA made it back to the Tenth Circuit, the court upheld Colorado’s statute but did not take the opportunity to unwind Quill. Nonetheless, Judge Gorsuch provided some pointed comments that illustrate the states’ collective views on various Quill challenges. Not only is it clear that Justice Gorsuch is familiar with the debate surrounding the continued viability of the Quill decision, but it is possible that he may actually side with the camp that believes Quill has aged past its useful life. He wondered aloud in his DMA concurrence whether Quill has an “expiration date” and was intended to “wash away with the tides of time.” However, before one concludes that Justice Gorsuch will necessarily side with the states in the ongoing “kill Quill” debate, it is important to remember that Quill is a complicated decision involving issues of judicial restraint and separation of powers. Any reconsideration of Quill is made more complex by the doctrine of stare decisis, which essentially means “to stand by things decided.” The Court’s specific conclusion in Quill was that stare decisis demands the continued application of a physical presence standard, especially because Congress has the ultimate authority to

WHILE SIttINg oN tHE tENtH CIRCUIt, tHEN-JUDgE goRSUCH WAS HIgHLY SkEPtICAL of tHE “DoRMANt” CoMMERCE CLAUSE. enact a different law. The Quill decision, in fact, had much less to do with the actual merits presented, and this is where it may get interesting. In particular, in DMA Judge Gorsuch began his concurrence by stating that Quill “remains on the books and we are duty-bound to follow it ... out of fidelity to our system of precedent whether or not we profess confidence in the decision itself.” However, Judge Gorsuch openly questioned continued on page 63

Administrative Review Council Adds Value to Arbitration By Dwight James

arties always come to arbitration with at least one dispute. They may also disagree about whether they are properly-named participants, where the arbitration hearings should be held, or by which arbitrator(s). Respondents may claim that they are not a signatory to the contract, or this is the wrong version of the contract, or that the claim is outside the scope of the arbitration clause, or that some condition precedent has not been satisfied. Substantive challenges, such as those concerning jurisdiction or whether the issue can be arbitrated, are for the courts or the arbitrators, but arbitral institutions have developed admin-

istrative mechanisms to address other concerns. For example, in 2013 the American Arbitration Association (AAA) formed an Administrative Review Council that was designed to resolve thorny administrative issues on large, complex cases. The Council is comprised of a group of current and former Association executives who meet regularly to resolve party disagreements as they arise. Since its inception the Council has heard 743 administrative matters. There is data on 617 issues, and on those they were unanimous almost 90 percent of the time. What the administrator can determine at the outset is whether the filing requirements have

TODAY’S GENER AL COUNSEL JUN/JUL 2017

Administrative Review Council 743 ISSUES

551

Unanimous Decisions

126

Not Tracked

Dissenting Opinions

been met by the claimant under the specific rules governing the dispute. In accordance with the AAA rules, if the filing requirements are not met, the parties are informed. If all deficiencies are cured by a date specified, the case proceeds. In situations where a moving party has satisfied the initial filing requirements. the process continues to move forward absent a court order to the contrary, but respondents still have ample opportunity – beginning with the preliminary hearing – to convince the arbitrator about their substantive issues. Since its inception four years ago, the Council has heard 104 such objections from respondents.

In 88 percent of those it was determined that the filing requirements had been met. WE’RE GOING WHERE? A surprising number of arbitration agreements do not specify the hearing locale. In some instances the drafter’s omission may be intentional in order to allow the parties to decide, but abdicating this responsibility at drafting stage may have unintended consequences. Rational minds do not always prevail once parties are embroiled in a dispute. In accordance with their rules the AAA may initially determine the place of the arbitration, subject to the power of the arbitrators after

Jun/Jul 2017 today’s gener al counsel

Administrative Review Council 743 issues 222 Arbitrator Challenges: Removed

91 Filing Requirements: Met 12 Filing Requirements: Not Met 1 Filing Requirements: unknown

295 Arbitrator Challenges: Reaffirmed

122 Locale Disputes

appointment to make a final determination on the locale. Myriad factors are weighed by the Council in determining where the evidentiary hearings will be held, such as where the parties, witnesses and relevant documents are located, where the contract was made, the governing law and, in the case of a construction dispute, perhaps where the project is located. The Council considered 122 such locale disputes in the past four years.

Dwight James is senior vice president with the American Arbitration Association. He is responsible for the commercial and construction divisions in the western half of the United States and is a frequent speaker on the use of Alternative Dispute Resolution. JamesD@adr.org

WHO DECIDES? The one thing just about all parties to a dispute seem to agree on is that who arbitrates is potentially the single most important factor affecting the outcome of their case. Most of the time parties agree that decision will be made by direct party appointment, by strike-and-rank list, or some combination of these. Per its rules, the AAA may administratively appoint if the parties cannot make the necessary selection through other means. In addition to the appointment gauntlet, arbitrators are subject to numerous and continuing disclosure requirements to protect the neutrality and integrity of the process. However, despite all the safeguards intended to seat the optimal triers of fact, arbitrator challenges may arise for a variety of reasons. The AAA rules generally require that any arbitrator be impartial, independent, and perform his or her duties with diligence and in good faith – with a notable partial exception for non-neutral party-appointed arbitrators. Consequently, a neutral arbitrator may be subject to disqualification for those or any other grounds provided by applicable law. For neutral arbitrator challenges involving a potential conflict, the Council applies a four-part test to evaluate whether the

arbitrator should be removed: if the conflict is direct, recent, continuing, or substantial. More than two-thirds of all issues the Council took up in the past four years are the 517 arbitrator challenges, and in more than half (57 percent) of those the Council reaffirmed the arbitrator. Interestingly, and indicative of the value added by an administrator, there were 222 instances where the arbitrator was removed. How, exactly, are such matters resolved in an ad hoc environment? BEST PRACTICES While arbitral institutions have developed methods to deal with disagreements that arise in the administration of the arbitration itself, there are some things worth consideration by the parties which may help avoid unnecessary delay. Respondent’s unwillingness to concede participation in arbitration could potentially be eliminated if claimant provides, at the time of service, clear information regarding how each of the filing requirements has been met. So, first a demand identifying all the parties, their representatives and the claim being sought. Secondly, any agreements of the parties to submit the dispute to the named forum for resolution in the form of a pre-dispute agreement, a post-dispute submission, or a court order. Third, the necessary filing fee pursuant to the appropriate fee schedule. Also, in situations where it is not already abundantly clear, respondents may need to know exactly why they are indeed a legitimate party to the action. For drafting attorneys, consider whether establishing a hearing locale in the contract while everyone is still getting along might be in everyone’s best interest. Likewise, if you are executing another party’s documents, you may want to consider whether insisting that the hearing locale be named in advance might be best. Finally, and most importantly, if you engage in ad hoc arbitration, take note in the graphic above of the 43 percent of arbitrators removed as a result of a direct challenge. Recognizing the importance of getting this one issue right – especially because an arbitrator challenge may be perceived in any ad-hoc environment as a particularly sensitive issue – the AAA offers this administrative review to anyone on non-administered cases. Regardless of whether you take advantage of this offering or have some other solution in mind, you should certainly develop a fail-safe strategy for this eventuality. ■

today’s gener al counsel Jun/Jul 2017

Justice Gorsuch

continued from page 59 “what exactly Quill requires of us,” explaining that the court’s “obligation to precedent obliges us to abide not only a prior case’s holding but also to afford careful consideration to the reasoning (‘ratio decidendi’) on which it rests.” Under this principle, Judge Gorsuch characterized Quill’s “ratio” as one of “exceptional narrowness” due to the decision’s reliance on stare decisis. The decision did not, in Judge Gorsuch’s view, involve a substantive determination that sales/use tax collection requirements on out-of-state retailers “violated dormant commerce clause doctrine because they are too burdensome.” Justice Gorsuch also addressed stare decisis generally, at his confirmation hearings. “Start,” he said, “with a presumption in favor of history ... You look at the doctrine, and whether it’s been built up around it, or whether it’s been eroded away.” He also added that when considering any challenge to precedent, courts should consider reliance interests, how long the precedent has stood undisturbed, whether the precedent has been reaffirmed and the quality of the initial decision. Given that framework, it is far from clear that these factors would necessarily weigh in favor of overturning Quill. Justice Gorsuch has also expressed clear views on the importance of separation of powers, and Quill was a classic case of separation of powers. The Court made a firm decision in 1992 that the balance of powers between the judiciary and the legislature dictates the maintenance of the physical presence standard originally handed down by the Court in 1967. That said, four of the nine justices are needed to grant certiorari, and we count two likely votes (Kennedy and Gorsuch).

CARLTON AND RETROACTIVITY As far as current state tax issues go, running a close second to the ongoing state attacks on Quill is the question of retroactive tax legislation, and what many see as a concerning trend in recent years: States are enacting retroactive tax legislation to effectively overturn court decisions favorable to taxpayers. This issue has been highlighted in three recent cases, two of which are currently before the Supreme Court. The justification by the states for such legislation stems from the Supreme Court decision in United States v. Carlton. While that decision on its face appears concise and easy to apply, the Court announces fairly broad proposi-

tions and arguably provides inconsistent messages, which can be used to support both sides of the argument when applied to a given set of facts. We firmly believe that the Court should now clarify Carlton to provide some concrete guidance on retroactivity. The Court recently passed on an opportunity to do that, but it has another opportunity to weigh in with several pending cases. How might Gorsuch view this issue? Interestingly, one of his first private conferences may be to consider petitions filed by businesses seeking review of these retroactivity cases. How he might approach this is hard to assess, given a lack of material to draw from. It is possible to read into his confirmation hearing comments related to Gutierrez-Brizuela v. Lynch (stating that applying a new policy retroactively was to act “as if our decision never existed”) as favorable for limiting a state’s ability to enact retroactive tax legislation. Such a conclusion would be hasty. First, the Gutierrez-Brizuela decision dealt with executive, not legislative action. Second, the Court’s views regarding retroactive tax legislation in Carlton raise different considerations. After all, the Supreme Court has pointed out that it “repeatedly has upheld retroactive tax legislation against a due process challenge,” and the majority opinion could be viewed as establishing an incredibly low bar for states seeking to establish a “legitimate legislative purpose” for a retroactive tax law change. Taxpayers can only hope that Justice Gorsuch’s views on separation of powers might more align with the views expressed in Carlton by Justice Sandra Day O’Connor through her concurrence, which advocates for true limitations on arbitrary and aggressive revenue raising through retroactive tax legislation: “The governmental interest in revising the tax laws must at some point give way to the taxpayer’s interest in finality and repose.” It is difficult to predict how Justice Gorsuch may approach these thorny SALT issues, given that DMA is the only direct and substantive SALT decision that he authored or joined while at the Tenth Circuit. Fortunately, Judge Gorsuch’s concurring opinion in that case provides valuable insight into his thinking on the dormant commerce clause and Quill in particular, and coupled with his judicial ideology, we can at least speculate on expected outcomes. It is safe to say that the SALT community will be watching very closely in the coming months and years as these issues play out in real time. ■

Matthew P. Hedstrom is a partner at Alston & Bird LLP, based in the New York office. His practice is focused on state and local tax planning and controversy, addressing clients’ multi-state tax issues. He also has tax controversy experience at the audit, administrative and appeals level in several jurisdictions. matt.hedstrom@ alston.com

Michael M. Giovannini is a senior associate with Alston & Bird LLP’s State & Local Tax Team. He advises clients on all aspects of state and local tax and unclaimed property law. michael.giovannini@ alston.com

jun /jul 20 17 today’s gener al counsel

B A C K PA G E F R O N T B U R N E R

“Legal Operations,” AI, are Remaking Legal Departments

If attendance at the second annual get-together

such as analytics and artificial intelligence (AI) by law

of their trade association is a reliable metric, then the

departments. CLOs are in the forefront of change in

influence of legal operations officers is growing expo-

those areas.

nentially. The approximately 1000 attendees at the 2017 Corporate Legal Operations Consortium Conference

the Consortium. “I’d say there were three buckets that

doubled last year’s attendance, and 2000 attendees are

attendees responses to AI fell in,” says Prashant Dubey.

projected for next year.

“There was the traditional lawyers’ response. ‘I’m an

“CLOs are incredibly influential, because they hold

There was much curiosity and buzz around AI at

artist, or at least a skilled craftsperson, and you can’t

the purse strings for legal services and technology expen-

replace me with software.’ Then there were some people

diture,” says Sumati Group president and CEO Prashant

whose attitude was ‘this is really cool and it’s going to

Dubey, one of many high-ranking officers of consulting

make a big impact on our operations.’ But the third and

and vendor businesses who mingled with potential clients

by far the most prevalent was, ‘AI is not an elixir, it’s an

at the event, held in Las Vegas in May. Dubey believes

enabler.’ I agree. AI can facilitate a project, but it has to

the increasing presence of CLOs in law departments, and

be deployed in the context of a business process. Other-

even a few law firms, has been a game-changer.

wise, best case is that it creates some efficiencies, worst

But the more some things change, the more others

case it will actually hurt you because you not only end

stay the same. The counterproductive effects of the bill-

up spending more on software, you over-promise and

able hour – one of the hottest topics at the conference

then disappoint your stakeholders. Mostly, people took

– has been on the front burner for decades, yet it is still

that very pragmatic approach. That’s the hallmark of the

the industry standard for compensation. Panelist Ralph

CLO. They are very pragmatic.”

Baxter, chairman of the advisory board of the Thomson

There were about 90 attendees at Dubey’s presentation

Reuters Legal Executive Institute, put his finger on why.

on how to increase user adoption of contract management

Powerful law firms have no incentive to change because

solutions. His co-presenters, both of whom are clients

they do so well under the existing fee structure. “You

of his from contract-intensive businesses, told war stories,

can’t convince a bunch of millionaires that their system

and he followed up with specific take-aways on how to

is broken,” Baxter said. He challenged CLOs to make

increase adoption.

Biglaw partners see the light. If history is any guide they don’t stand much of a chance, but legal costs are slowly heading down anyway, driven by technology-assisted solutions for legal problems and the increasing use of efficiency measures

“That was what the conference organizers told us to do – provide attendees with concrete, actionable things that they can implement in their organizations,” said Dubey. Next year’s conference will be held in April, at the same venue in Las Vegas as this year’s. ■

TodaysGeneralCounsel.com The newly redesigned website provides a daily glimpse of curated content from experts, consultants, law firms and other valued information sources.

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

YOU NEED AN ARBITRATOR WHO UNDERSTANDS ENERGY. WE HAVE THE EXPERTISE. Our panel is composed of accomplished arbitrators and mediators–attorneys, former federal and state judges, and business owners specializing in a diverse range of domestic and international subjects. Each brings a lifetime of experience in fields including energy, healthcare, cyber-security, IP, aerospace and more. When resolving your dispute requires industry expertise, trust the American Arbitration Association® and the International Centre for Dispute Resolution®.

adr.org

| +1.800.778.7879