OCT/ NOV 2015 VOLUME 1 2 / NUMBER 5 TODAYSGENER ALCOUNSEL.COM
HARD BALL
MAKE YOUR OPPONENT PAY YOUR IP ATTORNEY FEES FEDS SEEKING FACT ADMISSIONS IN FALSE CLAIMS CASES CONTRACTORS BRACE FOR “FAIR PAY AND SAFE WORKPLACES” Directors Risk from Data Breaches Protection of Confidential Information During a Merger FTC Scrutinizing Social Media Campaigns
$199 Subscription rate per year ISSN: 2326-5000 View our digital edition: digital.todaysgeneralcounsel.com
BETTER IS: DATA SECURITY AND PRIVACY THAT SATISFIES THE TOUGHEST ENTERPRISE CLIENTS. 10 YEARS STRAIGHT.
Inside track. When you’re in the race, every advantage counts. Like having a lawyer who’s been in your shoes. At Barnes & Thornburg, more than 70 of our attorneys have been in-house or general counsel. We understand your challenges – and what it takes to keep you ahead of the pack.
Uncommon Value
ATLANTA
CHICAGO
DALLAS
DELAWARE
INDIANA
LOS ANGELES btlaw.com
MICHIGAN
MINNEAPOLIS
OHIO WASHINGTON, D.C.
oct/ nov 2015 toDay’s gEnEr al counsEl
Editor’s Desk
The phrase “non-practicing entities” does not roll lightly off the tongue. “Troll” sounds better, but for a short period of time, when trolls were riding high, there was a rumor in the publishing industry that you might be sued if you used that term. I don’t know if it ever happened, but nowadays image problems must be pretty far down the list for companies formed for the purpose of acquiring patents and suing for their alleged infringement. As Rudy Telscher writes in this issue of Today’s General Counsel, the Supreme Court dealt that business model a heavy blow in 2014, when it provided a virtual road map for defendants who want to collect attorneys’ fees when they litigate against non-practicing entities. The decision is also a powerful settlement tool in these disputes, says Telscher. General counsel make lists too, and according to Sandra Feldman finding out that the corporation they work for has been dissolved should rank higher when they prioritize potential problems. “Administrative dissolution” happens to thousands of corporations annually, she writes, usually due to inadvertent failure to comply with certain statutory obligations imposed by the state where they are incorporated or headquartered. The remedy is simply to comply, but any activities undertaken in the interim can be rendered null and void. Legionnaires’ Disease belongs on the list as well. A recent outbreak of that ailment in New York City should serve as a reminder that building owners and manufacturers of building components run the risk of liability when Legionnaires’ breaks out. Thomas Bernier, Susan Smith and Paul E. Wojcicki discuss how to deal proactively with the problem, a must since your insurance probably doesn’t cover it.
2
Allison Fitzpatrick writes about the issues posed by endorsements on social media, a topic covered in the FTC’s recently updated guides concerning the use of endorsements and testimonials, and Steven Friedman discusses the impact the Affordable Care Act has on employers. He notes that businesses are bracing for another round of insurance cost increases in 2016. He cautions against reclassifying employees to circumvent these costs, and provides a summary of potential penalties and how to avoid them. Look for an article about recent developments in data theft insurance in our next issue.
Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com
Wrong v. Right The American Lawyer admits it was wrong about Dentons. Which is why Dentons’ principled position was right. When Dentons refused to provide global average profits per partner data to The American Lawyer, the magazine published erroneous global average profits per partner numbers in its AmLaw 100 rankings. Now The American Lawyer has admitted it was wrong and that the global average profits per partner numbers it initially published underreported Dentons’ performance by 37%. Dentons’ global average profits per partner materially increased rather than decreased, the exact opposite of what The American Lawyer originally reported. All of which confirms Dentons’ position that attempts to determine a single global average profit per partner number and use it as a measure of a firm’s success are both impractical and irrelevant. Go to Accuracy100.com to see what The American Lawyer admits it got wrong.
Accuracy100.com dentons.com © 2015 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. Please see dentons.com for Legal Notices.
oct/ nov 2015 today’s gener al counsel
Features
44 46
4
COLUMNS Feds seeking Fact admissions in False claims cases Marilyn May No-fault settlements may be a thing of the past.
38
Steven J. Friedman Strategies for dealing with rising health care costs.
lessons From delaware’s recent el Paso decision Michael Holmes, David Oelman and Keith Fullenweider General partners must act in limited partners’ best interest.
50
analytics can detect FcPa and other risks
52
Ftc scrutinizing social media camPaigns
40
56
don’t get ambushed by administrative dissolution
58
what general counsel should know about legionnaires’ disease
THE ANTITRUST LITIGATOR Protecting confidential information from a Potential merger Partner Jeffery M. Cross Don’t let information sharing morph into collusion.
Rob Hellewell Use existing technology to manage risk.
Allison Fitzpatrick #paidendorsement
WORKPLACE ISSUES aca strategies for employers
42
THE LEGAL MARKETPLACE schools and Firms collaborate for Pro-bono clinics Mark A. Cohen A single-dose treatment for an industry problem and a social problem.
Sandra Feldman It’s happened to thousands of corporations.
Thomas P. Bernier and Susan E. Smith Liability lurks in the plumbing.
62
rethinking the legal Function Tim Strong Lawyer first, business person second.
Page 40
The future of labor and employment law is now. We developed the award-winning Littler CaseSmartŽ platform, an innovative, streamlined solution that offers immediate cost benefits in managing employment charges and single plaintiff litigation while increasing quality and consistency. But Littler CaseSmart is more than a case management system. It provides unique data analytics that not only give a comprehensive view of current key performance indicators, but also forecast trends to help minimize risk all within a privileged environment. And doesn’t your business deserve the platform considered to be the future of labor and employment law?
littler.com
oct/ nov 2015 toDay’s gener al counsel
Departments Editor’s Desk
2
Executive Summaries
10
Page 24
intELLEC tuaL propErt y
6
16 Make Your Opponent Pay Your Attorney Fees Rudy Telscher Supreme Court makes troll’s task more complicated.
18 Changes Coming to PostGrant Amendment Practice Edmund J. Walsh Congress is starting to pay attention.
CybErsECurit y
22 Directors Risk from Data Breaches Timothy A. Miller, Marc S. Gerber and Richard S. Horvath, Jr. Risk management oversight is a board responsibility.
24 When Worlds Collide Chris Pogue Team up to prevent data breaches.
28 The Cloud Is Secure, If ... Asaf Cidon Look for file-level encryption.
L abor & EmpLoymEnt
30 Criminal Background Checks a Dilemma For Employers Aimee E. Delaney Hiring practices coming under state scrutiny, feds next.
32 Hard Lessons from a Grisly Accident Todd R. Wulffson Criminal charges for negligent safety practices.
34 Contractors Brace for “Fair Pay and Safe Workplaces” Leslie StoutTabackman and Laura A. Mitchell Contractors will need to inventory their own transgressions.
editor-in-Chief Robert Nienhouse Chief operating offiCer Stephen Lincoln managing editor David Rubenstein
exeCutive editor Bruce Rubenstein
senior viCe president & managing direCtor, today’s general Counsel institute Neil Signore art direCtion & photo illustration MPower Ideation, LLC law firm business development manager Scott Ziegler database manager Matt Tortora
Contributing editors and writers
8
Thomas P. Bernier Asaf Cidon Mark A. Cohen Jeffery Cross Aimee E. Delaney Sandra Feldman Allison Fitzpatrick Steven J. Friedman Keith Fullenweider Marc S. Gerber Rob Hellewell Michael Holmes
Richard S. Horvath, Jr. Marilyn May Timothy A. Miller Laura A. Mitchell David Oelman Chris Pogue Susan E. Smith Leslie Stout-Tabackman Tim Strong Rudy Telscher Edmund Walsh Todd R. Wulffson
editorial advisory board Dennis Block GREEnBERG TRAuRiG, LLP
Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com
reprints For reprint requests, email rhondab@fosterprinting.com Rhonda Brown, Foster Printing
Robert Profusek JOnES DAy
Thomas Brunner
Joel Henning
Art Rosenbloom
WiLEy REin
JOEL HEnninG & ASSOCiATES
CHARLES RivER ASSOCiATES
Peter Bulmer JACKSOn LEWiS
Sheila Hollis
George Ruttinger
Mark A. Carter
DuAnE MORRiS
CROWELL & MORinG
David Katz
Jonathan S. Sack
DinSMORE & SHOHL
James Christie BLAKE CASSELS & GRAyDOn
WACHTELL, LiPTOn, ROSEn & KATz
Steven Kittrell
MORviLLO, ABRAMOWiTz, GRAnD, iASOn & AnELLO, P.C.
MCGuiREWOODS
victor Schwartz
FTi COnSuLTinG
Jerome Libin
SHOOK, HARDy & BACOn
Jeffery Cross
SuTHERLAnD, ASBiLL & BREnnAn
Adam Cohen
FREEBORn & PETERS
subsCription
Dale Heist BAKER HOSTETLER
Thomas Frederick WinSTOn & STRAWn
Jamie Gorelick WiLMERHALE
Robert Haig KELLEy DRyE & WARREn
Jean Hanson FRiED FRAnK
Robert Heim DECHERT
Timothy Malloy Mc AnDREWS, HELD & MALLOy
Jean McCreary nixOn PEABODy
Steven Molo MOLOLAMKEn
Thurston Moore HunTOn & WiLLiAMS
Jonathan Schiller BOiES, SCHiLLER & FLExnER
Robert Townsend CRAvATH, SWAinE & MOORE
David Wingfield WEiRFOuLDS
Robert zahler PiLLSBuRy WinTHROP SHAW PiTTMAn
Ron Myrick ROnALD MyRiCK & CO, LLC
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published six times per year by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2015 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.
TodaysGeneralCounsel.com The newly redesigned website provides a daily glimpse of curated content from experts, consultants, law firms and other valued information sources.
T ODAYS G ENER A L C OUNSEL .C OM / SUB S C R IBE
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
Executive Summaries INTELLEC TUAL PROPERT Y
10
CYBERSECURIT Y
PAGE 16
PAGE 18
PAGE 22
Make Your Opponent Pay Your Attorney Fees
Changes Coming To Post-Grant Amendment Practice
Directors Risk From Data Breaches
By Rudy Telscher Harness Dickey
By Edmund J. Walsh Wolf, Greenfield & Sacks PC
By Timothy A. Miller, Marc S. Gerber and Richard S. Horvath, Jr. Skadden, Arps, Slate, Meagher & Flom LLP
In 2014 the Supreme Court handed down one of several critical patent decisions that have given defendants leverage against infringement claims. In Octane Fitness v. Icon Health & Fitness, the Court significantly altered the standard for shifting attorneys’ fees. Not only is the Octane decision a tool for recouping fees, it’s also a powerful settlement tool. In Octane, the Supreme Court rejected the Federal Circuit’s rigid standard requiring, in the absence of litigation misconduct, clear and convincing evidence of both subjective bad faith and objective baselessness. The Court held that “[A]n ‘exceptional’ case is simply one that stands out from others with respect to the substantive strength of a party’s litigation position (considering both the governing law and the facts of the case) or the unreasonable manner in which the case was litigated. District courts may determine whether a case is ‘exceptional’ in a case-by-case exercise of their discretion.” The author suggests that once sued, counsel should assess all the allegations, including non-infringement or invalidity arguments, and if the case is unfair they should start building an appropriate Octane record. He summarizes what that record should consist of. He recommends making sure outside counsel closely track overly aggressive conduct to show a pattern that was intended to be abusive, and reminding the district court that you are only asking that fees be awarded because the plaintiff brought a case that was too weak, not one that violated Rule 11.
There are three new proceedings to challenge patents: inter partes review (IPR), covered business method proceeding (CBM) and post-grant review (PGR). One of them is considered in almost every patent litigation. These proceedings provide a fast, low-cost way to clear away bad patents. About 70 percent of petitions to institute one of these proceedings are granted. Once instituted, the Patent Trial and Appeal Board (PTAB) is twice as likely to cancel all of the challenged patent claims than to confirm all of the challenged claims. In only a handful of the thousands of cases filed has the patent owner been allowed to amend the claims. The PTAB rejects over 90 percent of motions to amend, unless the patent owner is simply giving up and canceling claims outright. Low rates of success in making amendments have largely been driven by the way the PTAB has implemented post-grant proceedings. The most problematic requirements have been inventiveness over the prior art and tight time limits for making a motion to amend. The U.S. Court of Appeals for the Federal Circuit has questioned the harsh requirements for making amendments. The PTO has instituted some changes and congress is considering others. It will likely become easier for patentees to amend claims during postgrant proceedings. Both patentees and potential challengers should prepare for this shift, with petitioners making the best use of post-grant challenges and patent owners maximizing the chance of retaining valuable patent rights.
Consistent with a board’s oversight duties, directors should give regular attention to whether the corporation has instituted adequate controls and procedures to mitigate the risk and harm of a data breach. The failure to undertake such efforts could, in theory, expose directors to liability for the corporation’s costs arising from a breach. It seems unlikely, in light of the high profile cyber attacks of the past few years, that directors of a public corporation could be found liable for utterly failing to implement any reporting or information system or controls for data security. Even relatively modest efforts to enhance data security, with board involvement or awareness, are likely to preclude a claim premised on an “utter failure” to implement controls. A different issue is raised by an oversight claim – whether “having implemented such a system or controls, [directors] consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention,” as one precedent has phrased it. Shareholder plaintiffs’ lawyers frequently allege that directors knowingly ignored “red flags” alerting them to misconduct or defects with the corporation’s controls, but such claims are rarely successful. While internal controls and the monitoring of data security will not prevent all attempts to breach a corporation’s cyber-defenses, oversight by directors before such a breach occurs will be a powerful tool in shielding them from oversight liability arising from such a breach.
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
Executive Summaries CYBERSECURIT Y
L ABOR & EMPLOYMENT
PAGE 24
PAGE 28
PAGE 30
When Worlds Collide
The Cloud Is Secure
By Chris Pogue Nuix
By Asaf Cidon Sookasa
Criminal Background Checks A Dilemma For Employers
Media attention to data breaches has thrust them into prominence in the eyes of the public, among executives, and in board rooms. This new level of visibility has spurred legislation and required lawyers inside law departments and at law firms to team up with IT professionals. Lawyers and computer security professionals agree that cybersecurity is a matter of critical importance to all businesses. The well intentioned yet marginally effective plethora of “Governance, Risk, and Compliance” (GRC) regimes have created volumes of documentation and checklists, all in a nominal effort to regulate the security that businesses implement within their organizations. Teams of risk professionals and lawyers have tried to understand what these standards are meant to accomplish, how they are supposed to be implemented, and how to best position their clients to demonstrate their compliance. However, these regimes have failed to keep their disciples safe from cyber criminals. Ask any security professional why, and they will point out that standards devoid of strategy will never ensure security. Lawyers do need partnerships with cybersecurity professionals. There are more companies in this space than ever, but selecting one is a complex process. Keep in mind that any team or organization is only as good as the people with their fingers on the keyboard, so make sure you actually evaluate the practice leaders, and make sure they have the education, experience and expertise that are going to be necessary.
In-house counsel find themselves in a conflicted situation with respect to the cloud: Confront the risk of sensitive corporate data leaving the office on employee-owned mobile devices, or risk interfering with productivity and profits. The cloud conflict can be solved if proper controls are put in place. Increasingly that requires general counsel to sync up with the rest of the executive team in order to enable safe adoption. When properly deployed, the cloud can be safer than outmoded networkfocused security systems Embracing the right encryption technology should prevent the security debacles that Sony, Premera, and hundreds of other companies have recently experienced, and safeguard against employee mistakes. Seek out a security provider that delivers file-level encryption, a level of protection seldom offered by the storage provider itself. This means that the data itself is protected, not merely the places where it’s being stored. Understand that employees are using the cloud whether or not it’s sanctioned, and that they prefer to use the software they’re already familiar with. Maintain an audit trail to see when files are being opened and edited, and by whom. Prepare for a breach. Denying that a company is at risk is simply irresponsible. The odds are that a breach is inevitable. Having a clear and regularly updated data breach response protocol in place is vital to being able to react promptly and effectively.
By Aimee E. Delaney Hinshaw & Culbertson LLP
There is currently no federal law that prohibits using conviction information in the hire decision or refusing to hire someone with convictions. That may change if the EEOC has its way, but meanwhile state and local action on the issue of disqualifying employment applicants on the basis of criminal convictions has made what was historically a simple hiring practice into a legal minefield. These developments put the employer in the difficult position of having to decide between compliance and potentially increased exposure to negligent hiring or vicarious liability claims. Companies can take steps that should allow for continued use of criminal conviction records while staying within the law. First, those involved in the hire process, including third-party service providers, need to be aware of limitations in the states where the company operates. Eliminate any bright line policy that prohibits someone with a criminal conviction from being hired. Instead, the policy should mandate individualized assessment of each candidate’s background check/conviction history. According to EEOC guidance, the employers should consider the duties and responsibilities of the specific position at issue, along with the nature and gravity of any criminal convictions found and the time elapsed since a conviction. Retain all relevant documents pertaining to the company’s process and decisionmaking in this area. Additionally, do not reject candidates absent a conviction. Arrests are not proof of criminal conduct, and most jurisdictions prohibit consideration of arrests, or expunged or sealed records.
11
oct/ nov 2015 today’S gEnEr al counSEl
Executive Summaries l abor & emPloyment Page 32
Page 34
Page 44
Hard Lessons From A Grisly Accident
Contractors Brace For “Fair Pay And Safe Workplaces”
Feds Seeking Fact Admissions In False Claims Cases
By Todd R. Wulffson Carothers DiSante & Freudenberger LLP
By Leslie Stout-Tabackman and Laura A. Mitchell Jackson Lewis P.C.
By Marilyn May Arnold & Porter
Executive Order E.O. 13673 (“Fair Pay and Safe Workplaces”) was issued in July of 2014. Given the breadth of this executive action, it is critical that companies understand its obligations even before the E.O. is implemented. The order requires government contractors and subcontractors to report regularly on violations of 14 different workplace laws and executive orders, and state law equivalents. It directs federal agencies to use this information to determine whether a contractor is a “responsible source” during the award process. The required information must be updated once the contract is awarded to determine whether the contract will be continued, or cancelled. In either phase of the contracting cycle, a contractor’s report of violations may result in notification to a suspending and debarring official for further action. The Department of Labor issued proposed guidance and the Federal Acquisition Regulatory (FAR) Council issued proposed regulations, in May 2015. While these are likely to be modified in final rule-makings, it’s clear that contractors must devote substantial resources to ensure compliance with the new obligations, in order to avoid the potentially dire results of reporting violations that are found to be “serious, repeated, willful or pervasive” The authors summarize the reporting requirements under this E.O. They characterize them as burdensome and onerous, but stress that companies need to plan now for how they will satisfy them. The potential ramifications of not doing so, they write, are too serious to ignore.
The False Claims Act settlement process typically involves two steps: agreement on the principal terms, and negotiating the written settlement agreement. The settlement itself includes a “covered conduct” recitation, and typically that conduct has been denied. DOJ has long agreed to provisions according to which the company both denies the allegations and resolves the matter. That may be changing. In a practice ushered in with U.S. Attorney Preet Bharara’s term, the U.S. Attorney’s Office for the Southern District of New York is not only requiring companies and individuals to admit their role in the alleged fraud as part of the price of settling an FCA case, but it’s also emphasizing those admissions in press releases about the settlements. This practice of obtaining admissions of fact in FCA settlements may spread if DOJ suggests to the 92 other U.S. Attorney’s offices around the country that it will not approve settlements without such admissions. Admitted facts, of course, lead to potential collateral consequences beyond resolution of FCA claims with the government. These include a possible effect on litigation by third parties, state attorney general actions, administrative proceedings (such as exclusion, suspension or debarment), insurance coverage disputes and reputational harm. Individual defendants also risk additional collateral consequences, including loss of employment and potential loss of future employment. Given these potential consequences, when faced with DOJ demands for admission of facts, companies should carefully consider whether such resolution is worth the price.
PELIGRO
12
features
Following the horrific death of an employee, Bumble Bee Foods announced its agreement to pay $6 million in a criminal settlement, the largest of its kind in California history. Since the accident could have been easily avoided, and given the fact that the company had been previously cited for not having adequate safety procedures on the equipment where the employee was killed, the company had no choice but to settle the criminal matter and related claims that will surely follow. The case highlights issues to which prudent employers should pay attention, among them language problems when issuing safety warnings. The victim was a Hispanic employee who spoke limited English. Employers need to ensure that the unique concerns of a multi-racial and multi-lingual workforce are being addressed. Among the other takeaways from this case are that strong safety controls must be implemented in order to protect workers in high-risk occupations. The more resources the employer has, the higher the standard will be for what is “reasonable” to protect employee safety. Bumble Bee Foods and its managers were prosecuted for “willful” violations because of the level of criminal negligence associated with their failure to adopt proper safety measures. Also, employers must make sure that all employees are aware of the company’s safety policies and procedures, and take affirmative steps to confirm this awareness. Passing out a brochure or posting a bulletin is not going to be sufficient to avoid liability.
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
Executive Summaries FEATURES PAGE 46
PAGE 50
PAGE 52
Lessons From Delaware’s Recent El Paso Decision
Analytics Can Detect FCPA And Other Risks
FTC’s New Scrutiny Of Social Media Campaigns
By Michael Holmes, David Oelman and Keith Fullenweider Vinson & Elkins LLP
By Rob Hellewell Xerox Litigation Services
By Allison Fitzpatrick Davis & Gilbert
The Delaware Court of Chancery recently awarded $171 million in damages against the general partner of a master limited partnership (MLP). The ruling, in re El Paso Pipeline Partners, L.P. Derivative Litigation, came in connection with a drop-down that was approved by a conflicts committee with the help of legal and financial advisors, and after the receipt of a fairness opinion. The decision is the first of its kind in the master limited partnership space. Several lawsuits have previously challenged drop-down transactions, but none had resulted in a liability finding. The opinion reinforces basic principles for deal lawyers and litigators in both MLP and corporate transactions. The partnership agreement required committee members to subjectively believe that the drop down was in El Paso MLP’s best interests. This standard requires a plaintiff to show either that the general partner intended to act against the partnership’s best interest, or consciously disregarded its duty to make a determination in good faith. In its post-trial opinion, the court noted that the committee members testified that they believed the transaction was in the best interests of El Paso MLP. The court was not persuaded. According to the court, just because a transaction is accretive to limited partners does not mean it is in the partnership’s best interests. The court was critical of what it viewed as a “routine” approach and the committee’s failure to take into account what it had learned from a prior process.
The DOJ and SEC are imposing record penalties and settlements under the Foreign Corrupt Practices Act, including a record-breaking $772 million penalty to resolve bribery charges against French power and transportation company Alstom S.A., in 2014. The agencies have indicated that they intend to step up the investigation of individuals with respect to the FCPA and other laws governing corporate behavior. Over the years, corporations have handled enterprise risk management responsibilities by relying on policies, procedures, risk committees, audits and task forces. These approaches remain critical, but due to globalization and new technology they are increasingly falling short. Many organizations already have requisite risk management technology in-house, even if they currently are not exploiting its full potential. For example, organizations with e-discovery technology can gather keywords, concepts, and metadata to construct a profile of documents requiring closer scrutiny. Then, they can use e-mail communication visualization, along with predictive, concept and relationship analytics, to segment the small percent of documents that indicate a potential compliance problem. They can then apply advanced analytics to refine their searches, and create “heat maps” of activity. Once general counsel recognize the value of these tools, they can use them not only to root out corruption, but to examine data for violations of other laws, regulations and industry standards. With advanced analytics, unstructured data such as e-mail transforms from a treasure trove of information for regulatory agencies into a rich risk-management resource.
Fresh on the heels of recent enforcement actions involving endorsements on social media, the Federal Trade Commission updated its answers to some frequently asked questions about its Guides Concerning the Use of Endorsements and Testimonials. In addition to formalizing what was outlined in recent enforcement actions, the updated FAQs provide longawaited guidance with respect to a number of endorsement-related issues on social media, including incentivizing “likes,” pinning photos, tweeting, and streaming videos. According to the FTC, clicking a “like” button, pinning a photo or sharing a link as part of a paid campaign “probably” requires a disclosure. It is required regardless of character limitations, such as on Twitter. The words or hashtags “Sponsored,” “Promotion,” “PaidAd,” or “Ad” may be used to disclose the connection. Recent enforcement actions emphasized the responsibility of companies (like PR companies) to ensure their employees are disclosing their relationship with clients when posting about them on social media. With respect to video platforms, like YouTube, disclosures should be made within the video, not in the video description, and toward the beginning of the video, not the end. The FTC’s recent updates, long overdue, address what have become high profile issues regarding endorsements and testimonials on social media. Companies are now on notice regarding the FTC’s position on how to properly make clear and conspicuous disclosures on social media. Notably, this could be a precursor to more FTC enforcement against social media campaigns.
13
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
Executive Summaries FEATURES
14
PAGE 56
PAGE 58
PAGE 62
Don’t Get Ambushed By Administrative Dissolution
What General Counsel Should Know About Legionnaires’ Disease
Rethinking The Legal Function
By Sandra Feldman CT Corporation
By Thomas P. Bernier, Susan E. Smith and Paul E. Wojcicki Segal McCambridge Singer & Mahoney Ltd
“Administrative dissolution” means taking away the rights, powers, and authority of a corporation. Administrative dissolution is an action taken by the administrator overseeing business entities in the state of incorporation, due to the corporation’s failure to comply with certain obligations of the state corporation statute. “Administrative revocation” means taking away a corporation’s authority to do business in a state in which it had qualified to do business, other than its home state. The two most common grounds for dissolution or revocation are failure to pay franchise taxes or failure to deliver an annual report within a specified period of time. It happens to thousands of corporations each year, and in many cases the people running the business have no idea it happened and continue conducting business. Once a corporation is administratively dissolved it is prohibited by statute from engaging in any activities other than those necessary to liquidate its assets and wind up its affairs. An administratively dissolved corporation that continues doing business can run into a variety of legal problems. The actions it takes may be considered void or voidable. The people who act on its behalf may be held personally liable for debts or obligations incurred, and it may be unable to bring a lawsuit or proceeding. Counsel should be aware of the statutes and case law governing administrative dissolution, administrative revocation and reinstatement for the states in which the corporations they advise are organized and transact business.
Legionnaires’ disease poses a serious liability risk to those responsible for the development, design, engineering, construction, manufacture, installation, maintenance and repair of buildings, building systems and components identified as a cause or source of an outbreak. Manufacturers of HVAC equipment, water heaters, water tanks, plumbing fixtures and supplies – as well as companies that include these items in their products, such as mobile home, motorhome and travel trailer makers – are at risk. Claims have also been brought against the owners and operators of hotels, hospitals, shopping malls and senior housing facilities, under negligence theory. More recently, savvy plaintiffs’ attorneys have begun to target manufacturers. These suits typically allege product design, manufacture, and instructions and warnings defects. They seek recovery under strict product liability and for breach of express and implied warranty. It is becoming common for insurance policies to contain language excluding legionella-related claims, and parties may find they are not covered. Standard ISO exclusions have been judicially interpreted to support a denial of coverage. The American Industrial Hygiene Association and The American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. have published guidelines for the management and control of the legionnaires’ bacteria, but no court has declared that any particular guideline is a definitive standard of care. The trend is moving toward an expectation that designers, owners, and managers of buildings with complex water systems and water features have a solid appreciation of the risk and implement a proactive approach.
By Tim Strong Duff & Phelps
For many heads of legal departments, the opportunity to further develop their business acumen is one of the major incentives of the job. However, GCs hold a unique place within companies, and their first responsibility is as legal counselor. It tends to be much more professionally rewarding to earn a reputation as a problem solver, instead of being the department that says “no,” but GCs must maintain their independence and keep a focus on their legal and ethical obligations. Sometimes it makes sense to embed lawyers in the business units, rather than have them reside in the legal department. With this arrangement, GCs need to regularly remind their lawyers that they are lawyers first, and businesspeople second. GCs in all cases need to leverage data and technology to stretch their limited time and budgets and manage their duties. Used properly, metrics provide insights into performance, value, compliance and cost. This is enabled by the fact that often legal departments possess a great deal of useful data, as well the technology to leverage it. Most GCs, in fact, are likely to feel they have too much data. In order to wade through it and put it to work, they need to automate many of the processes. While the opportunities to be business partners and proactive strategists can be exciting, they also present challenges. To combine the best of legal and business skills, GCs need to calibrate their priorities, manage their time, and know where the pitfalls lay.
AND
PRESENTS
“ THE EXCHA NGE” CONFERENCES TGCI’s “The Exchange” conferences provide a perfect forum for c-level executives, industry leaders and strategic partners to meet, engage and discuss topics that impact their businesses. The unique interactive format is specifically designed to address “pain points” of corporate legal departments and c-level executives with real solutions provided. To learn more about the Leading Corporate E-Discovery Program Series and the Data Privacy and Cyber Security Forum Series visit todaysgeneralcounsel.com/institute.
“ THE EXCHA NGE” LOS ANGELES E - D I S C O V E R Y SPECIA L IN V ITAT ION F OR TGC CORPOR ATE READERS
REGISTER FOR
FREE
USING CODE T GCMAG100
CITY CLUB LOS ANGELES
DECEMBER 7-8, 2015 T O R E G I S T E R V I S I T: todaysgeneralcounsel.com/ institute/ los-angeles /register
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
Intellectual Property
16
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
Intellectual Property
Make Your Opponent Pay Your Attorney Fees By Rudy Telscher
I
n April of 2014 the Supreme Court handed down one of several critical patent decisions that have armed infringer defendants with potent leverage against illegitimate patent claims. In Octane Fitness v. Icon Health & Fitness, the Supreme Court significantly altered the standard for shifting attorneys’ fees under 35 U.S.C. § 285. Given the high price of patent litigation, this is an important development for companies that face patent litigation. Since this decision, district courts have taken the lead and are awarding attorneys’ fees to successful defendants at rates far greater than
Octane allows district court judges to reward companies that stand up to trolls by awarding their attorneys’ fees. under the prior standard, which was impossible to meet. Not only is the Octane decision a tool for recouping fees, if properly employed it’s also a powerful settlement tool. Having handled the case on behalf of Octane Fitness during the seven-year litigation, including preparation for an oral argument before the Supreme Court, I know that trial preparation requires immersion in case law and legislative history pertaining to the “exceptional case” standard, under 35 USC §285 and related areas of the law. With that in mind, we have discerned important strategy considerations that
may increase your odds of securing a fee award if your company is faced with a case that it believes is unreasonably weak and should not have been brought. This article will discuss the specifics of the legal change and several practical considerations that a corporate patent defendant should understand in order to maximize the chances for success. THE NEW STANDARD
In interpreting this federal statute, the Supreme Court rejected the Federal Circuit’s rigid standard, which required, in the absence of litigation misconduct, clear and convincing evidence of both subjective bad faith and objective baselessness. Instead the Court held as follows: “[A]n ‘exceptional’ case is simply one that stands out from others with respect to the substantive strength of a party’s litigation position (considering both the governing law and the facts of the case) or the unreasonable manner in which the case was litigated. District courts may determine whether a case is ‘exceptional’ in a case-by-case exercise of their discretion, considering the totality of the circumstances.” The Court further held that clear and convincing evidence is not required, and the traditional preponderance of the evidence standard applies. In a companion case decided the same day, Highmark v Allcare Health Management System, the Court held that the appellate standard of review is abuse of discretion. In essence, the Supreme Court set forth a standard that eliminates the prior “zero merit” or frivolousness requirement, replacing it with a standard that provides district court judges with considerably more discretion to spot weak cases brought by patent owners, and to shift fees.
Patent troll litigation is a common abuser in the assertion of weak patent cases, and Octane allows district court judges to reward companies that stand up to trolls by awarding their attorneys’ fees. It also allows district court judges to punish such conduct, therefore discouraging trolls from continuing the practice. I expect troll litigation to continue, but the number of these cases will no doubt decrease over the next few years. RAISE OCTANE ISSUES AT THE OUTSET
Once a company is sued, outside and in-house counsel will assess the allegations, including any non-infringement or invalidity arguments, and if the initial investigation reveals the case is unfairly weak, it’s time to start building an appropriate Octane record. Serious consideration should be given to putting the plaintiff patent owner on notice, in writing, immediately. I recommend advancing any claim construction position – specific cites to the patent and/or prosecution history that supports the position – and then explaining why the patent is not infringed or invalid in view of the construction. The written notice should also note your company’s intention to seek its fees because the case is so weak. There is no harm in sharing a detailed position early because your company will have to do so during the litigation. While the Octane decision does not require it, such written notice sets an equitable line in the sand. As of that date, the plaintiff patent owner has knowledge that your company considers its allegations weak, and it is squarely on notice why. This precludes a later plaintiff argument that it made continued on page 21
17
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
Intellectual Property
18
today’s gener al counsel oct/ nov 2015
Intellectual Property
Changes Coming to Post-Grant Amendment Practice By Edmund J. Walsh
T
he landscape for resolving both high-stakes and nuisance patent disputes has changed markedly since 2012, given the high rate at which patent claims have been canceled in post-grant challenges conducted by the Patent and Trademark Office. But now is not the time for complacency on the part of those who need to invalidate patents, or for despair on the part of patent owners. To the contrary, both should look out for upcoming changes in how these proceedings will be conducted and adapt their strategies now. There are a trio of new proceedings: inter partes review (IPR), covered business method proceeding (CBM) and post-grant review (PGR). One of these is considered in almost every patent litigation. These proceedings provide a fast, low-cost way to clear away bad patents. Those accused of infringement have jumped on them, using them literally thousands of times and with favorable results. About 70 percent of petitions to institute one of these proceedings are granted. Once instituted, the Patent Trial and Appeal Board (PTAB) is twice as likely to cancel all of the challenged patent claims than to confirm all of the challenged claims. All of these proceedings theoretically allow the patent owner to amend the claims of a challenged patent, and that can be a significant advantage. Adjustments to the claims can focus the patent on important innovation or simply allow claims to escape cancellation, enabling the patent owner to emerge from the post-grant proceeding with a valuable patent. Moreover, a challenger who initiates a post-grant proceeding is limited in the types of challenges that it can later make against claims that survive the pro-
ceeding. The patent owner may pay a short-term price for making amendments because no damages can be collected for infringing an amended claim before it officially becomes part of the patent. But that patent can be a longterm threat to the challenger, such that amendments could well be worth it for the patent owner. However, in only a handful of the thousands of cases filed has the patent owner been allowed to amend the claims. The PTAB rejects over 90 percent of motions to amend, unless the patent owner is simply giving up and canceling claims outright. That dismal showing has prompted calls for change to make post-grant proceedings more balanced between patent owners and petitioners. Action by the PTAB, the courts or congress is likely to make amendments a more viable option. THE PROBLEM
Low rates of success in making amendments have largely been driven by the way the PTAB implemented post-grant proceedings. There are rules limiting amendments to only those that narrow claims and respond to a ground of unpatentability argued in the proceeding. More problematic restrictions flow from general limitations on requesting the PTAB to take any action, including approving amendments. A request must be presented as a “motion,” limited to 15 pages in which the party filing the motion must prove entitlement to the requested action. In the context of a claim amendment, the PTAB has turned that into a requirement that the patent owner prove that an amended claim would meet every requirement of the Patent Act. That is a far cry from rebutting a rejection during ordinary patent prosecution, where the patentee need only rebut specific issues raised by a patent examiner.
The most problematic requirement has been inventiveness over the prior art. Many PTAB panels have found this requirement to be met only if the patentee can first prove what was known in the art, then show why the amended claim represents a patentable innovation over that. Add to that challenge the tight time limits for making a motion to amend in post-grant proceedings and the single chance to get it right, and it is easy to see why so many attempts to amend fail. Change started small. PTO Director Michelle Lee highlighted amendment practice at the top of a list of “quick fixes” announced in March, 2015. Acknowledging that 15 pages “is not sufficient to explain adequately why the amended claims are patentable,’’ the PTO loosened the page limits, giving patent owners about twice the opportunity to make their case. Lee also reported that the PTO is considering further changes as part of a “second rule package.’’ The notice suggested that patentees may soon be able to file motions without “mak[ing] a prior art representation as to the patentability of the narrowed amended claims beyond the art of record before the Office.’’ The proposed rule package was projected by the end of July, 2015, but the date has slipped. The PTAB itself has echoed these themes. In a July 15 “informative opinion” in MasterImage 3D v. RealD, the PTAB clarified that though the patent owner still must demonstrate a prima facie case of patentability, it need only do so relative to the prior art of record in the proceeding. This creates a more finite and manageable obstacle to amendments. The U.S. Court of Appeals for the Federal Circuit, too, has questioned the harsh requirements for making amendments. In
19
oct/ nov 2015 today’s gener al counsel
Intellectual Property
20
Microsoft v. Proxyconn, the Federal Circuit took an interest in Proxyconn’s unsuccessful motion to amend during oral argument. It then issued an unusual order requesting that the parties and PTO submit letters addressing whether the PTAB’s restrictive approach to amendments was consistent with its own rules. At the end of the day, the Federal Circuit issued a decision limited to the facts of the case, as the patent owner had not shown the proposed amended claims were patentable even under a more lenient standard than used by the PTAB in other cases. However, the Federal Circuit stressed that it was not endorsing requirements as applied by the PTAB, leaving the door open for further action. Congress also has the option to mandate changes to amendment practice. Senate Judiciary Committee Chairman Chuck Grassley called the amendment issue a “difficult nut to crack.’’ But various proposals have been floated as part of reforming the post-grant process. Those contemplating filing or needing to defend a post-grant proceeding would be well served to plan for more permissive claim amendments. NAVIGATING UNCERTAINTY
Petitioners now need to visualize how the prior art invalidates the claims as they are and how they might be after amendment. Petitions that stretch the prior art to meet the claims by relying on a broad reading might be enough to win initially, but will be ripe for defeat by claim amendments that negate that broad reading. Petitioners should be ready to oppose potentially threatening amendments even before the patent owner seeks to amend, and preferably before their petition is even filed. The patent’s specification should be studied to understand what amendments might be made, such that the patent would still cover products accused of infringement. Once the patentee files the actual motion, challengers typically have no more than three months to respond. In addition to enabling an opposition within the tight deadlines, locating
the right prior art early opens up options. Where there is a risk of amendments that would result in threatening claims, the petitioner might choose to base the initial challenge on prior art that would hinder threatening amendments at the cost of giving the patent owner advance notice of the prior art, or save that prior art for an opposition to a motion to amend. Petitioners might also be judicious in selecting which claims to challenge. The PTAB’s rules generally allow a one-forone substitution of challenged claims for amended claims. As more claims are challenged, the patent owner has more options for proposing amendments, as different claims might be amended in different ways. In the extreme, the petitioner might opt to forego a post-grant challenge entirely and save an invalidity challenge for litigation where amendments are not possible. However, for the petitioner, amendments are not necessarily all bad. Because amendments do not become effective until after the PTAB issues a certificate, the delay between when amendments are proposed and when they are effective creates time for design-around strategies or other actions to avoid liability under the patent. PATENT OWNERS MUST MAKE CHOICES
Patent owners will be faced with strategic choices of whether, where and how to amend. Just because amendments are possible does not mean that amending is always the right strategy. Making claim amendments in reissue or in the related application – if there is a related application pending – may offer more flexibility. But depending on the nature of the prior art already in the proceeding or otherwise known to the patent owner, it may be preferable to push ahead with an amendment in a postgrant proceeding, so that the petitioner is bound, at least in some circumstances, by a finding that an amended claim is patentable. The patent owner may propose “conditional’’ amendments to be entered only if the PTAB concludes that the original challenged claims
are not patentable, and the amended claims are. Such an approach may seem to offer the best of both worlds. However, a failed amendment attempt in a post-grant proceeding can block attempts to get the same or similar claims in related proceedings. The PTO should require the patent owner to show that any claim presented in a related application has patentable differences relative to proposed amended claims that were rejected in a post-grant proceeding. As a further trap for the unwary, patent owners proposing amendments in post-grant proceedings have a duty of candor, which at least some PTAB panels have suggested creates an obligation to disclose prior art bearing on the patentability of proposed amended claims. The consequences for failure to comply with that duty may be that courts will later refuse to enforce the patent, in the same way that a breach of the duty of disclosure in ex parte prosecution leads to the patent being unenforceable. It will likely become easier for patentees to amend claims during post-grant proceedings. Both patentees and potential challengers should prepare for this shift, with petitioners making the best use of postgrant challenges and patent owners maximizing the chance of retaining valuable patent rights. ■
Edmund J. Walsh is the co-chair of the post-grant proceedings group at the intellectual property firm Wolf, Greenfield & Sacks, in Boston. He has substantial experience working with the patent office, including making claim amendments in reexaminations. ewalsh@wolfgreenfield.com
today’s gener al counsel oct/ nov 2015
Intellectual Property Attorney Fees
continued from page 17 a mistake and did not appreciate how bad the claim was. If the plaintiff indicates that it needs evidence of certain facts – for example, if the basis of non-infringement turns on technical details of your company’s accused product – offer a written declaration or a deposition. In other words, get creative about providing the plaintiff with some evidence, without the need for extensive discovery over many months. SETTLEMENT CONSIDERATIONS
I have on occasion used the above written notice in combination with early settlement efforts. During the first three months of litigation, discovery will not have started yet, and legal fees should remain relatively low during this phase. It’s an ideal time to settle cases, and Octane should be affirmatively used as leverage. Serious consideration should be given to getting outside counsel, inhouse counsel and business/technical personnel from both parties together in a neutral location. We frequently use O’Hare airport in Chicago, given its central Midwest location and the airport conference rooms that make it easy to meet with a fly-in, fly-out, one-day commitment. This meeting format precludes the plaintiff’s outside counsel from being able to dummy down your message. I have had good success in settling cases with such an approach, before attorneys’ fees increase to much higher levels. If your company is confronted with relatively few patent cases, early settlement is almost always a good idea, even if it involves paying some money. Many of my clients, however, face a large number of patent troll cases. If that’s true of your company, consider a strategy of not settling some of the weaker cases, even if the settlement amounts are less than $100,000, so as to develop a reputation for defending and not caving, in order to deter future suits. Experience has shown that patent trolls will con-
tinue to hit targets that pay out money, and will be deterred from taking on companies that are not easy with payouts. Before Octane, this strategy was harder to rationalize. Now that fees are easier to win and given the general disdain for troll litigation, it’s a strategy worth considering. CREATE AN OCTANE RECORD
You start an Octane record with the written notice discussed above. Then, if the case does not settle early, you need to continue to consider Octane case law and building a record that maximizes the odds of successfully securing a fee award. Consider your company’s equitable story, as well as the hardcore legal issues. This begins with developing a record about independent development, how your product is different, and how the technology in the asserted patent is not relevant to your company’s technology. The latter is particularly relevant in troll litigation. Many troll cases involve older patents, issued in the 1990s. These patents often disclose outdated technologies that realistically were not used in your company’s technology. They frequently include broadly worded claims, predating the Supreme Court’s KSR decision – i.e., patents that slid through the cracks during the 1990s when broadly worded patents were more leniently granted. Build a record showing how the patent owner (oftentimes a venture capital funded effort) is overreaching, and that its claims are unreasonable. Typically, where there is abuse of the patent system, one party has economic leverage over the other. Patent trolls use mass lawsuit filings to generate this leverage, as opposed to other kinds of cases where size disparity between the parties can lead to bullying-type abuse. In each situation, the abusive party uses the high cost of patent litigation to extort settlements that are not warranted by the facts of the case. Where there is evidence of economic coercion, courts have recognized it as a strong factor giving rise to litigation abuse and supporting a fee award.
These economic facts are oftentimes overlooked by outside counsel because they do not relate to the merits, but it’s critical to explore them and build the record in discovery. Cases that exemplify this proposition include Eon-Net LP v Flagstar Bancorp, a 2011 Federal Circuit case (awarding fees under the preOctane standard in part because “the record supports the district court’s finding that [plaintiff] acted in bad faith by exploiting the high cost to defend complex litigation to extract a nuisance value settlement ...”), and Lumen View Tech v Findthebest.com, a 2014 Southern District of New York case, which also found that the plaintiff’s motivation was to extract a nuisance settlement. Finally, the Supreme Court itself has made litigation misconduct a factor highly relevant to a fee award. Importantly, it specifically held that such conduct need not rise to the level of independently sanctionable conduct. Make sure that outside counsel is closely tracking overly aggressive conduct, which can take many forms, to show an overall pattern of conduct that was intended to be unreasonably abusive, and remind the district court that it need not find that the lawyers or plaintiff be labeled a bad actor. You are only asking that fees be awarded because the plaintiff brought a case that was too weak, not one that violated Rule 11. ■
Rudy Telscher is a principal at intellectual property firm Harness Dickey. He has litigated for 25 years in a wide range of intellectual property disputes in district and appellate courts throughout the United States. He and his litigation teams have not lost a trial, arbitration or other case-dispositive motion in more than a decade. rtelscher@hdp.com
21
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
Cybersecurity
22
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
Cybersecurity
Directors Risk from Data Breaches By Timothy A. Miller, Marc S. Gerber and Richard S. Horvath, Jr.
W
hat do the White House, federal government agencies, universities, banks, health insurers and other public companies have in common? All have been the victims of criminal cyberattacks. In public companies, although directors may be aware that cybersecurity is a part of the business landscape, the question arises: Have directors considered whether they could face legal exposure resulting from a malicious and criminal cyberattack? The answer under Delaware law, according to the plaintiffs’ bar, depends on whether directors failed to satisfy the duty of oversight. Consistent with a board’s oversight duties, directors should give regular attention to whether the corporation has instituted adequate controls and procedures to mitigate the risk and harm of a data security breach. The failure to undertake such efforts could, in theory, expose directors to liability for the corporation’s costs arising from a data security breach. These include the costs from investigating a possible cyberattack, potential legal penalties and the reputational harm suffered by the corporation. This article will discuss the potential legal basis for such liability and suggest some practical steps a board of directors can take in the discharge of its oversight duties in the cybersecurity arena.
GOOD FAITH AND LOYALTY
Directors bear the ultimate responsibility for managing and overseeing the business and affairs of a corporation. Day-to-day responsibility is typically delegated to officers and employees, with director oversight for strategic direction and risk management and approval of significant transactions. In the seminal case In re Caremark (Del. Ch. 1996), then-Chancellor Allen held that,
in discharging their duty of oversight, directors must assure themselves that a corporation’s reporting systems will enable the board to reach informed business judgments “concerning both the corporation’s compliance with law and its business performance.” Since Chancellor Allen’s decision, Delaware courts have made clear that directors’ oversight duties are grounded in concepts of good faith and loyalty. The typical provision in a company’s certificate of incorporation [under 8 Del. C. § 102 (b)(7)], exculpating directors from monetary damages resulting from conduct amounting to a breach of the duty of care, precludes any attempt to base liability on an alleged failure to exercise due care in overseeing the company’s cybersecurity. Under the duty of good faith, which Delaware courts have made clear is rooted in the duty of loyalty, only an extreme set of facts beyond gross negligence can expose directors to oversight liability. To establish a failure of oversight, a shareholder must plead and prove that: “(a) the directors utterly failed to implement any reporting or information system or controls, or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” (Stone v. Ritter, Del. 2006). It seems unlikely, in light of the high profile cyber attacks of the past few years, that directors of a public corporation could be found liable for utterly failing to implement any reporting or information system or controls for data security. In recent years, corporations have expanded their efforts to promote data security by increasing resources dedicated to such security and clarified responsibility for those efforts. Even relatively modest efforts to enhance
management’s data security, with board involvement or awareness, are likely to preclude a claim premised on the first Stone factor requiring an “utter failure” to implement controls. A different issue is posed by the second Stone factor for an oversight claim, whether “having implemented such a system or controls, [directors] consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” In attempting to show this conscious failure to monitor operations, shareholder plaintiff lawyers frequently allege that directors knowingly ignored “red flags” alerting them to misconduct or defects with the corporation’s controls. Such claims are rarely successful, reflecting the adage that an oversight claim is “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment” (Caremark). But ignoring red flags is not the only route to a possible oversight violation. Indeed, the second factor of Stone says nothing about red flags. Rather, the Delaware Supreme Court framed the test in Stone as creating oversight liability when, having implemented a system of internal controls, directors consciously failed to monitor or oversee its operation. Accordingly, a crucial factor explored by courts in dismissing purported oversight claims is the efforts undertaken by directors to monitor a corporation’s internal systems or controls. Such efforts can defeat a claim for oversight liability even if those efforts ultimately failed to prevent a corporate trauma. Nevertheless, continuously monitoring a corporation’s data security efforts presents unique challenges because cyber issues continue to evolve and a corporation may never be “done” securing its data. continued on page 27
23
oct/ nov 2015 today’s gener al Counsel
Cybersecurity
24
today’s gener al Counsel oct/ nov 2015
Cybersecurity
When Worlds Collide By Chris Pogue
T
o incident responders and information security experts, data breaches are nothing new. Having been in the industry for 17 years and an incident responder for the last ten, I have worked on or overseen hundreds of investigations worldwide and across just about every business vertical. The attacks and the criminals that carry them out are for the most part not particularly creative or sophisticated. They are simply taking advantage of the complacency and technical lethargy of business regarding effective security controls. The onslaught of media attention to data breaches has thrust them into a place of prominence for the public, among executives and in board rooms everywhere. This new level of visibility, combined with the growing potential for financial opportunity, has lured the behemoths of legislation from their lairs, chanting their mantra of “compliance,” “responsibility” and “penalties.” This has put two worlds – whose interactions heretofore have been limited to “my mail is not working,” “why can’t I print” and “the internet is down” – on a collision course that will change the face of legislation and litigation. Once it was lonely IT security professionals shouting in the wilderness about such issues as access control, data encryption and log retention. Now both inside and outside counsel are warning that cybersecurity is the most pressing matter that businesses have faced since the forming of labor unions in 1886, and the combined expertise of lawyers and computer security professionals is on the forefront of this issue. Juris Doctorates, meet Computer Geeks. The well intentioned but marginally effective plethora of Governance, Risk, and Compliance (GRC) regimes has created volumes of documentation and checklists, in an effort to regulate the security that businesses implement within their organizations. Teams of risk professionals and lawyers have tried their best to fully understand what these standards are meant to accomplish, how they are supposed to
be implemented, and how to best position their clients to show compliance. Ask security professionals why these regimes have failed to keep their disciples safe from cyber criminals, and they will tell you: Standards, devoid of strategy, will never make you secure. The failure of checklists and gold stars to keep data safe from attackers – arguably they were doomed from the start – has led to widespread finger pointing. (“This breach is due to the fact that you did not adhere to the standard, that breach happened because the standard was not comprehensive enough.”) The game of “cyber blame-pong” has inadvertently led to the creation of cybersecurity legislation as a means of setting things right, and provided an opportunity to learn from the mistakes of the past. That’s a pretty broad statement, but let me explain. I know nothing about crafting. My wife is constantly on something called “Pinterest” (which I am convinced is the devil), looking for projects to work on for our home. When she zeroes in on something she wants to make, she will usually get the necessary parts (wood, “command strips” paint, etc), create a plan and bring them to me in the garage. My job is to look at what she has proposed, figure out what tools to use and the best way to perform the work. She has the vision, I have the power tools, and by working together we usually end up with something pretty cool. I am not a lawyer and don’t play one on tv. But I do have a Master’s Degree in information security and 17 years of IT experience, which has afforded me a foundation of knowledge that can be leveraged to help others with less experience grasp complex technical concepts. As much as I would like to think so, I’m not unique. Thousands of IT security professionals have similar backgrounds and levels of experience. That being the case, as cybersecurity legislation is created, debated, and litigated it makes sense for the attorneys involved in the process to
25
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
Cybersecurity
26
harness the knowledge of these experts and implement the lessons they have learned from GRC efforts. Hopefully, something will happen like what’s taken place in my garage, and we’ll end up with an end result that’s pretty cool. I have had the privilege of working with some fantastic attorneys over the past several years on criminal cases, civil cases and legislation, and the partnerships that have been formed have been successful. The biggest challenge that I have seen is that, like any good lawyer, attorneys operating in “the cyberz” want to be right, convince a jury that they are right, or create sufficient speculation that the other guy may be wrong. However, to do so they have to possess a depth of technical knowledge, which like the power tools in my example, will allow them to formulate and execute a plan. The partnership we have formed allows these attorneys to leverage my expertise to give them the highest likelihood of success. It’s only by working together that we accomplish this mission.
Post-breach litigation, cybersecurity legislation, and recent rulings by the SEC and the Federal Trade Commission, have placed a burden on the attorneys involved in these cases that I don’t believe can or should be shouldered alone. The complex nature of information technology and data security introduces challenges that if not understood and confronted appropriately could yield hugely negative results. Only by forging partnerships with trusted IT security professionals will attorneys be able to sufficiently carry out their fiduciary responsibilities and provide the quality of service that is expected from attorneys in any specialty field. If you do not have a partnership with a cybersecurity professional, I strongly encourage you establish one. There are more companies in this space than ever, so there should be several organizations to choose from. Selecting one is a complex process in and of itself – a subject for another article. Suffice it to say there should be some big names in the industry you can trust, but you need to make sure
you do your due diligence. Remember, any team or organization is only as good as the people with their fingers on the keyboard, so make sure you actually evaluate the cybersecurity practice leaders and make sure they have the requisite education, experience and expertise you are going to need. ■
Christopher E. Pogue is the senior vice president of Nuix’s security consulting arm, the Cyber Threat Analysis Division, and a member of the U.S. Secret Service Electronic Crimes Task Force. He is responsible for the company’s security services organization, and he oversees critical investigations and contracts and key markets, nationwide. chris.pogue@nuix.com
TO D AY S G E N E R A L C O U N S E L . C O M
today’s gener al Counsel oct/ nov 2015
Cybersecurity
Directors Risk
continued from page 23 Courts have yet to address the merits of an oversight claim arising from a data security breach. For example, in response to oversight claims arising from the data security breach during the 2013 holiday shopping season, the Target board of directors appointed a special litigation committee to investigate, in part, the derivative allegations and whether Target should pursue the claims. That investigation is pending. In another shareholder action arising from data security breaches at Wyndham Worldwide Corporation between April 2008 and January 2010, the court noted that the Wyndham board and its audit committee understood the facts surrounding the data security breaches due to repeated presentations and discussions from 2008 through 2012. Relying in part on the directors’ understanding of the facts underlying the plaintiff’s pre-suit litigation demand, the court rejected the plaintiff’s arguments that the board’s investigation into the demand was unreasonable or that the board wrongfully rejected the demand. Because of the procedural posture in each of these cases, however, the courts in both the Target and Wyndham litigation have not ruled on the merits of the oversight claims. QUESTIONS FOR THE BOARD
Directors should consider data security efforts as falling into two broad categories: (1) risk mitigation designed to prevent or minimize the impact of a cyber attack and (2) crisis management once an attack occurs. Board oversight of both aspects is recommended. Although courts have yet to establish guiding principles in the application of oversight duties to data security, we suggest that directors and corporate counsel consider the following factors and practical steps in discharging the board’s oversight duties: • Whether the entire board of directors or a committee should oversee the corporation’s data security controls.
• Whether the board should have a member with data security experience. • Which officers should have responsibility for the corporation’s day-to-day data security efforts, including whether the primary focus of that officer’s responsibilities should be on such efforts. • Whether internal or external experts are needed to promote the corporation’s data security efforts. • Whether the corporation’s data security efforts comply with industry standards or best practices, and, if not, where and why the corporation’s efforts deviate. • The need for insurance to cover the costs associated with a data security breach. • Receiving regular reports regarding both the corporation’s ongoing compliance with data security laws and efforts to maintain the security of its own data. • Implementing a cyberattack response plan as a contingency for a data security breach, including conducting “war games” to test and refine the plan. Not all of these measures are appropriate for every organization, and it is important to recognize that the appropriate oversight system for data security is a question of business judgment. Moreover, the board of directors and corporate counsel should keep in mind two critical principles. (1) If any red flags or security breaches are reported to the board or its designated committee, those directors should also understand the corporation’s response efforts and consider whether additional action is needed. (2) Board or committee minutes should carefully document the board’s or committee’s exercise of its business judgment, including the attention given to reports about data security and the consideration of actions taken or not taken in response to potential red flags or security breaches. While internal controls and the monitoring of data security will not prevent all attempts to breach a cor-
poration’s cyber-defenses, oversight by directors before such a breach occurs will be a powerful tool in shielding them from oversight liability arising from such a breach. ■
Timothy A. Miller is a partner in the Litigation Department at Skadden, Arps, Slate, Meagher & Flom, based in the firm’s Palo Alto office. He has a broad practice in complex commercial and securities litigation. timothy.miller@skadden.com
Marc S. Gerber is a partner in the Corporate Department at Skadden, Arps, Slate, Meagher & Flom, concentrating his practice in the areas of mergers and acquisitions, corporate governance, and general corporate and securities matters. He is based in Skadden’s Washington, D.C. office. marc.gerber@skadden.com
Richard S. Horvath, Jr. is an associate in the Litigation Department at Skadden, Arps, Slate, Meagher & Flom, based in the firm’s Palo Alto office. His practice is focused on complex shareholder litigation, including M&A litigation, corporate governance disputes and securities class action defense. richard.horvath@skadden.com
27
oct/ nov 2015 today’s gener al Counsel
Cybersecurity
The Cloud is Secure, if … By Asaf Cidon
I
28
n-house counsel find themselves in a conflicted situation with respect to the cloud: Either wrestle with the risk of sensitive corporate data leaving the office on employee-owned mobile devices, or risk interfering with productivity and profits. It is true that public cloud solutions don’t offer adequate security controls out of the box. They offer plenty of server-side security, but most miss the mark when it comes to on-device encryption. Still, mobile devices are increasingly valuable tools, so it’s essential to take security precautions. Fewer than two-thirds of law firms have a plan for mobile security in place, so corporate counsel have the opportunity to be leaders in this area. The cloud conflict can be solved if proper controls are put in place. Increasingly, that requires that general counsel sync up with the rest of the executive team to enable safe cloud adoption and protect intellectual property and other corporate data. All the recent corporate data breaches have involved on-premises legacy systems, indicating that such security isn’t adequate. And, increasingly, it’s beside the point. Eighty percent of employees nationwide use unapproved cloud software on their work computers or personal mobile devices, which means that more and more corporate data isn’t even being stored on the network. What’s more, it’s expensive: Maintaining security on outdated systems is a drain on company finances, and redirecting those funds to effective, cloud-based security is the responsible thing to do, both for the company and the privacy and peace of mind of the clients. When properly deployed, the cloud is safer than outmoded network-focused securities. Embracing the right encryption technology should prevent the security debacles
that Sony, Premera, and hundreds of other companies have recently experienced, and safeguard against employee mistakes. BIGGEST RISKS
When considering data breaches, people’s imaginations often conjure up malicious actors hacking into net-
work databases and accessing sensitive company data at alarming rates. However, the most common mistakes that lead to breaches are lack of encryption, poor password protection, and outdated security systems. For example, it isn’t effective to encrypt traditional databases, because, when they’re in constant use, the sensitive
today’s gener al Counsel oct/ nov 2015
Cybersecurity
content becomes effectively decrypted every time it’s accessed. Still, many companies expend extraordinary effort securing network systems, building higher firewalls, and prohibiting or severely limiting cloud usage. The truth is that it’s pointless to spend so much time and money addressing on-premises network security, when less and less data is actually stored there. Employees are using the cloud whether companies want them to or not, and because employers can’t control this usage, employees begin to take inadvertent risks. Bring-your-own-device culture is on the rise among attorneys. More than 77 percent of lawyers admit to using personal devices at work, and 36 percent of law firms even expect employees to use their own smartphones. What’s more, 90 percent of lawyers use cloud-based file-sharing services like Dropbox or Google Drive on these personal devices, as well. With these kinds of numbers indicating that employees aren’t using company-sanctioned software, mistakes are easy to make. Employee negligence is often cited as the number-one cause of data breaches, and is twice as likely to occur as outside attacks. For instance, consider this: An engineer is asked to provide an overview of her team’s work for potential patent opportunities, so she saves a trove of records, the team’s product roadmap, and more details about the company’s secrets to her work computer. She then syncs it to her Dropbox to review it at home and to have easy access to it on her tablet at the next day’s meeting. That scenario is common, and in some ways it’s prudent. After all, being able to sync to mobile devices and have access to information anywhere boosts efficiency and makes working outside the office seamless. Unfortunately, what’s also all too common is what happens next. The engineer attends the meeting, all goes well, but on the way home she leaves her tablet on the subway. Now all
the company files she’d synced to her tablet are available for anyone to find. Though Dropbox-and most other cloud providers provide security for files on their network and in transit, the files lack encryption protection once they are synced to mobile devices. Employee negligence has many faces. Loss or theft of mobile devices is only one of them, but it’s a big one: Last year, 1.4 million smartphones were stolen, so the odds are good that if you don’t lose yours, someone at your company will. Employees also mis-address emails containing sensitive information, share passwords and leave work files unsecured. best practices
Despite the cloud’s vulnerabilities, it is safer than legacy networks and can be safer still with the right precautions. As mobile devices and BYOD culture become an increasingly normal way to work, securing file synchronization should become a priority. Beyond that, it’s essential to stay abreast of evolving best practices. Constantly considering and maintaining company security is one of the most important things company decision makers can do, especially in the face of changing technology. Here are a few best practices to consider: • Encrypt at the file level. Seek out a security provider that delivers file-level encryption, a level of protection seldom offered by the storage provider itself. This designation means that the data itself is protected, not merely the places where it’s being stored. Your files will be encrypted before they ever reach the cloud, and remain encrypted wherever they reside and when they’re shared or synced. File synchronization security will allow employees to sync client and company files to mobile devices without worrying about them falling into the wrong hands. When a phone or tablet is lost or stolen, the synced files won’t be readable to anyone but an authorized user.
• Embrace the cloud. Understand that employees are using the cloud whether or not it’s sanctioned, and that they prefer to use the software they’re already familiar with. It is predicted that by 2018, 70 percent of all professionals will be conducting business on their personal devices. When a company acts early, adopts apps that users already like, and adds extra security to protect those apps, employees will stop seeking out unsafe workarounds. That greatly diminishes the odds of a breach. • Prepare for a breach anyway. Denying that any company is at risk is simply irresponsible, because the odds are that a breach is inevitable. Having a clear and regularly updated data breach response protocol in place is vital to being able to react promptly and effectively. • Keep tabs on files’ whereabouts and movements. Maintain an audit trail to see when files are being opened and edited and by whom. Grant employees access to sensitive data on a need-to-know basis, and allow auditing software to show who is accessing them. If someone unfamiliar opens a sensitive file, take action quickly to stop a breach. ■
Asaf Cidon is CEO and co-founder of Sookasa, a cloud security and encryption company that enables safe adoption of popular cloud services such as Dropbox and Google Drive to store sensitive information. asaf@sookasa.com
29
oct/nov 2015 today’s gEnEr aL counsEL
Labor & Employment
30
today’s gEnEr aL counsEL oct/ nov 2015
Labor & Employment
Criminal Background Checks a Dilemma For Employers By Aimee E. Delaney
I
s the government really telling employers that they are not allowed to disqualify someone from hire because of a past criminal conviction? In a word, yes. That is increasingly becoming the case on the state level and has been the focus of Equal Employment Opportunity Commission (EEOC) enforcement efforts over the past several years, since the federal agency in charge of enforcing Title VII updated its Guidance on this topic in 2012. The flurry of activity at the state and local level has made what was historically a simple hiring practice into a legal minefield. This article is intended to alert companies to the legal risks in using criminal convictions in hire decisions and identify best practices to reduce the risks in this rapidly changing arena. For decades, companies have managed their hire process guided by a few simple requirements: an application or resume, reference checks and, more often than not, a background check. In fact, the norm was (and perhaps for your company, still is) to have a bright line policy disqualifying any candidate with a conviction. A background check has often been run regardless of the nature of the position being filled or the industry within which the company operates. The only limitations on this practice came in the form of the Fair Credit Reporting Act (FCRA) which, though replete with technical requirements that in and of themselves cause employers difficulty, does not prohibit an employer from disqualifying an applicant because of a conviction. That is still the case, and apart from the disclosure and other technical requirements of FCRA necessary to obtain a background check, there is currently no federal law that prohibits an employer from using
conviction information in the hire decision or refusing to hire anyone with convictions. However, what’s becoming increasingly clear is that if the EEOC has its way that may change. Additionally, given the number of states taking action in this area each year, companies cannot rely on the lack of an outright federal ban as protection from a process increasingly coming under attack by stricter state regulations. BY THE NUMBERS
So why is the EEOC (or state and local governments for that matter) concerned with whether your company disqualifies applicants because of convictions? To be clear, the EEOC’s interest is not new. In 1987 and 1991 the EEOC issued three policy statements on this issue. Then, in April of 2012, the EEOC updated its guidance, and in doing so noted that in the twenty years since it last addressed the issue there had been a significant increase in the number of Americans who had contact with the criminal justice system. Specifically, in 1991, roughly 1.8 percent of the population (estimated at 4.6 million people) had served or were serving time in prison. Ten years later, in 2001, that number had jumped to 2.7 percent, roughly 7.7 million people, or one in 37 adults. Those numbers have continued to rise, with 3.2 percent, or roughly 9.6 million people, being under some form of correctional control by 2007. Based on statistics projected by the Department of Justice’s Bureau of Justice Statistics, it is predicted that of those born in 2001, an estimated 6.6 percent will serve time in state or federal prison. Employers may think that these statistics should bolster the need for background checks and “no convictions”
hire policies, and for any company that has faced a negligent hiring claim, those employers may be right. However, a problem arises when these same statistics are viewed with the racial breakdown of numbers. In 2010, 28 percent of arrests reported involved AfricanAmericans, when African-Americans were 14 percent of the overall population. The EEOC reported that if current incarceration trends continue, one in three African-Americans will serve time in prison, with that same statistic impacting one in six Hispanics and one in 17 Caucasians. If these statistics are accurate, the answer to why the EEOC is concerned with corporate America’s use of background checks and convictions in hire is clear: Doing so may have a greater negative impact (or what the legal field refers to as disparate impact) against minorities, particularly AfricanAmericans. This is particularly concerning for the EEOC, as 92 percent of employers responding to a Society for Human Resources survey confirmed the use of background checks in their hire process for candidates. Although it may not intend to discriminate, a company utilizing background check information in a bright line “no convictions” hire policy may expose itself to a disparate impact claim, and the updated EEOC Guidance broadcasts that fact. FED, STATE AND LOCAL INTEREST
Though there is currently no federal statute which prohibits basing a hire decision on a candidate’s criminal conviction, it is clear that the EEOC intends to challenge such policies pursuant to the agency’s strategic plan to eliminate barriers in hiring. Since 2009, the EEOC has filed three separate federal suits against comcontinued on page 37
31
oct/nov 2015 today’s gEnEr aL counsEL
Labor & Employment
Hard Lessons from a Grisly Accident By Todd R. Wulffson
F
32
ollowing the horrific death of an employee, Bumble Bee Foods announced its agreement to pay $6 million in a criminal settlement, the largest of its kind in California history. The situation, which resulted in the death of 62-year-old employee Jose Melena – in 2012 he was cooked alive in a steam oven along with 12,000 pounds of canned tuna fish – is a scenario more fitting to Upton Sinclair’s The Jungle than a modern workplace. Mr. Melena was cleaning the oven during his pre-dawn shift when a coworker mistakenly believed he was in the restroom and proceeded to load, and then activate, the 36” by 54” oven designed to sterilize cans of tuna at 270 degrees for an hour. Bumble Bee Foods, the plant operations director and former safety manager were each charged with three felony counts of violating Occupational Safety & Health Administration (OSHA) rules, causing Mr. Melena’s death. The company had previously been fined $74,000 for failing to assess the dangers to employees working in the same steamer ovens. The criminal charges state that Bumble Bee Foods and the two managers willfully violated rules that require implementing a safety plan, rules for workers entering confined spaces, and procedures to keep machinery or equipment turned off if an employee is inside the machine. They were fined $12,000 and $19,000, respectively, and they will likely have community service, probation and criminal records. The question arising from this case that has drawn nationwide attention can be simply put: Could this tragedy have been avoided? The unequivocal answer is “yes,” and there are several valuable lessons in-house counsel and senior managers should learn from these painful facts. In 1906, when Sinclair published his famous expose on the meatpacking industry, such an accident would also have been gruesome (albeit without the graphic publicity of the internet and TV), but at least somewhat explicable
PELIGRO based on then-current technology. Today, however, there simply is no excuse for operating machinery that is not either automated entirely or equipped with cameras, sensors and other safety measures that would have prevented the co-worker from assuming Mr. Melena was out of the machine and then turning it on. Given the language in the criminal charges, a clear takeaway from this case is that a modern company with ample resources is going to be held to a high standard of available technology. If an accident could have been reasonably avoided with standard technology, it should have been. Any business utilizing machines that can cause injury or death – that is, any machinery involved in a highrisk occupation – must establish strong safety controls and should routinely (at least every other year) hire a consultant to advise on whether the machinery and safety procedures are up to date and whether the machinery is working properly. Even though Bumble Bee Foods’ steamer ovens were relatively old, a procedure as simple as hanging a tarp on the oven door to
function as an indicator that someone was inside, or an investment in some inexpensive cameras or sensors, likely could have prevented Mr. Melena’s death. Since the accident could have been so easily avoided – and given the fact that the company was previously cited for not having adequate safety procedures on these same ovens – Bumble Bee Foods had no choice but to settle the criminal matter and the related claims that will follow. There is no acceptable explanation for the accident. If the company wants to sell tuna fish again, it needs either to change its name or at least minimize the ongoing publicity. Another takeaway is that an employer cannot simply rely on the workers’ compensation system as “insurance” against corporate liability resulting from industrial accidents. The workers’ compensation system is, by definition, a no-fault system and the exclusive remedy it provides is predicated on the concept that some accidents and injuries are part of the “compensation bargain” with em-
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
Labor & Employment ployees. By taking such strong criminal action, the Los Angeles district attorney has made it clear that the injuries suffered by Mr. Melena are not part of any “compensation bargain” and were not part of any employee’s reasonable expectation. The D.A.’s office also is sending an unmistakable message to employers that there is always a risk of criminal charges if you ignore safety issues. Prosecutions of workplace violations are uncommon, even in fatality cases. In 2013, California cited nearly 15,000 workplace safety violations, but of 189 fatality investigations, the state referred only 29 to prosecutors. The penalties, however, can be severe, and they are all outside the workers’ compensation system. Mr. Melena’s family also will be able to pursue, at a minimum, a serious and willful misconduct claim that is similarly outside the workers’ compensation system. These claims carry penalties of up to 50 percent of the underlying workers’ compensation award with no cap. In a fatality case, this can result in several hundred thousand dollars in additional penalties, and since serious and willful misconduct claims are outside the “compensation bargain” of workers’ compensation, they are uninsurable by the employer. Therefore, Bumble Bee Foods’ $6 million criminal settlement is likely just the start of the penalties it will face, all of which will have to settle. It is highly likely that the total out-of-pocket cost the company will incur will exceed $10 million, not including the lost profits associated with the public relations stigma. The terrible facts of this case also have highlighted other issues to which prudent employers should pay attention. Mr. Melena was a Hispanic employee who spoke limited English. In 2013, there were 817 fatal work injuries involving Hispanic workers in the United States. In the nation, Hispanics are the only racial/ethnic group experiencing an increase in these numbers, according to the U.S. Labor Department’s Bureau of Labor Statistics. Whether it is a language barrier in explaining safety rules, or a fear among undocumented workers that raising
safety concerns will result in their being fired or deported, this increasing fatality rate is unacceptable. It also is likely to be featured as often as judges will allow it in any discrimination, harassment or other lawsuit based on race or national origin. The statistics are impactful on juries, and although defense counsel will argue motions in limine strenuously, cases like this one will make all employers less sympathetic and more suspect when a Hispanic employee claims he or she has been mistreated by a company. In Southern California, where Bumble Bee Foods is headquartered, and increasingly in other states, a predominantly Spanish-speaking workforce is the reality, and employers must be proactive in addressing some of the unique challenges and concerns this workforce presents. It’s not only that training, handbooks and safety notices rendered in both Spanish and English will reduce injuries. They also may be legally required, to provide the “safe and healthful workplace” mandated by OSHA. It may be counter-intuitive, but manufacturing employers may actually be better-served to adopt an “Englishonly” rule on the manufacturing floor so that emergency commands and safety issues are understood by all. (To further add to the confusion, this may require the employer to provide English language training to employees). After all, there is a reason the international language for pilots is English: Parties must understand each other when safety is paramount, and shouting out commands in multiple languages can be a recipe for disaster when seconds matter. There are many outstanding consulting firms, significantly less expensive than lawyers, who can perform an overall audit and make recommendations for improving communication and safety for employees. Having a third party perform such an audit also can help insulate the employer from liability when someone (perhaps neither an English nor Spanish speaker) objects to the English-only rule or the bi-lingual training in just English and Spanish. The takeaways from the Bumble Bee Foods case for employers are as follows:
• Strong safety controls must be put in place to protect workers in high-risk occupations, and the more resources the employer has, the higher the technology standard will be for what is “reasonable” to protect employee safety. Bumble Bee Foods and its managers were prosecuted for “willful” violations because of the level of criminal negligence (not actual willful acts) associated with their failure to adopt proper safety measures. • Employers must make sure that all employees are aware of the company’s safety policies and procedures, and take affirmative steps to confirm this awareness. Passing out a brochure or posting a bulletin is not going to be sufficient to avoid liability. Employers must be proactive. • Language issues are a particular point of concern, and employers – legally and morally – need to ensure that the unique concerns of a multiracial and multi-lingual workforce are being addressed. The circumstances of Mr. Melena’s death are an absolute tragedy, but assuming it was just a freak accident that could not occur in hundreds of other modern companies would be a separate tragedy, as well as a fallacy. ■
Todd R. Wulffson is partner at Carothers DiSante & Freudenberger LLP, an employment, labor and business immigration law firm providing litigation defense and counseling to California employers. He has 25 years of experience counseling and defending businesses in labor and employment issues in the entertainment, manufacturing, banking, hospitality, financial services and retail industries. He is currently a frequent speaker, author and counselor to employers nationwide on social media issues. twulffson@cdflaborlaw.com
33
oct/nov 2015 today’s gEnEr aL counsEL
Labor & Employment
Contractors Brace for “Fair Pay and Safe Workplaces” By Leslie Stout-Tabackman and Laura A. Mitchell
34
today’s gEnEr aL counsEL oct/ nov 2015
Labor & Employment
I
n the last 18 months, President Barack Obama has penned no less than five executive actions aimed at the employment practices of government contractors. One of the more controversial and onerous is the “Fair Pay and Safe Workplaces” Executive Order (E.O. 13673), issued in July of 2014. Given the breadth of this executive action, it is critical that companies wrap their arms around its obligations even before the E.O. is implemented. The order requires government contractors and subcontractors to report regularly on violations of 14 different workplace laws and executive orders, and their state law equivalents. It directs federal agencies to then use this information to determine whether a contractor is a “responsible source” during the contract award process. The required information is also to be updated once the contract is awarded, to determine whether the contract will be continued or cancelled. In either phase of the contracting cycle, a contractor’s report of violations may result in notification to a suspending and debarring official for further action. In addition to the above “responsibility determination” implications, the E.O. also restricts certain pre-dispute arbitration agreements and requires pay transparency to workers, and notices to independent contractors. The E.O. directed the Department of Labor to issue proposed guidance and the Federal Acquisition Regulatory (FAR) Council to issue proposed regulations, and they did so May 28, 2015. While these proposed versions are likely to be modified in final rulemakings, it’s clear that contractors must plan and devote substantial resources to ensure compliance with the new obligations, in order to avoid the potentially dire results of reporting violations that are found to be “serious, repeated, willful or pervasive” under the final DOL guidance and FAR rule.
VIOLATION REPORTING
The new obligations apply to contractors responding to solicitations, as well as those awarded contracts, by federal agencies for goods and services procurements, including construction, with actual or estimated value of $500,000. The requirement
is that they report all “Labor Violations” in the three years preceding the contract solicitation and every six months during performance of an awarded contract. Subcontractors must also report. Labor Violations are defined as administrative merits determinations, civil judgments and arbitral awards, involving violations of the following 14 labor laws and executive orders: • Fair Labor Standards Act. • Occupational Safety and Health Act. • Migrant and Seasonal Agricultural Worker Protection Act. • National Labor Relations Act. • Family and Medical Leave Act. • Davis-Bacon Act. • Service Contract Act. • Title VII of the Civil Rights Act. • Americans with Disabilities Act. • Age Discrimination in Employment Act. • Executive Order 11246 (affirmative action and equal employment opportunity). • Vietnam Era Veterans’ Readjustment Assistance Act. • Section 503 of the Rehabilitation Act. • Executive Order 13658 (federal contractor minimum wage). Contractors will also have to report on the state law equivalents of these laws and orders. The list of state law equivalents, with the exception of OSHA-approved plans, has yet to be published. ADMINISTRATIVE MERITS DETERMINATION
The definition of an Administrative Merits determination includes a broad but specific list of notices or findings issued by labor enforcement agencies following an investigation. These agencies include the DOL’s Wage and Hour Division, the Occupational Safety and Health Administration, and the Office of Federal Contract Compliance Programs, as well as the Equal Employment Opportunity Commission and the National Labor Relations Board. One of the more discussed implications of the broad definition is the fact
that the potential interim nature of a determination does not exempt a determination from disclosure. Civil judgments include judgments or orders entered by any state or federal court that has determined the contractor violated (or enjoined/restrained from violating) any provision of the labor laws. Significantly, this includes judgments and orders that are not final or are subject to appeal. Also included are summary judgments and consent and default judgments, if in the judgment there is a determination of a violation. Similarly, the definition of an arbitral award or decision subject to reporting includes any award or order by an arbitrator or arbitral panel in which the arbitrator or panel determined a labor law violation or issued an injunction. As with the other categories of what must be disclosed, contractors must report awards or orders even if they are not final or are subject to modification. Significantly, even arbitral proceedings that are private or confidential must be reported. THE PROCESS
Under both the DOL’s proposed guidance and the FAR proposed rule, the disclosure process has several layers. The initial disclosure is to a yes-no question, asking whether the contractor to the best of its knowledge and belief had any reportable violations. If the contractor answers “yes” and moves forward in the selection process, it would be required to provide additional information, including the labor law violated and identifying information. The contractor at this stage can choose to submit additional information, including mitigating factors (as defined by DOL) and remedial measures it has already taken. The agency, through roles played by both the contracting officer and a newly created Labor Compliance Advisor position, will assess the nature of the violation (i.e., serious, repeated, willful, or pervasive, as defined by DOL), and any remediation and other mitigating factors. At the pre-award stage, a contractor could be found to have a satisfactory record of integrity and business ethics. But if not, the contracting official should not award the contract, and it may inform
35
oct/nov 2015 today’s gEnEr aL counsEL
Labor & Employment
36
the agency suspending and debarring official, for review of the situation. Where disclosures are made postaward, the review is to determine whether the contracting official should continue the contract, refer the contractor to the DOL for compliance action (including a “Labor Compliance Agreement” to ensure future compliance), decide not to exercise an option, or terminate the contract. In addition, if the agency finds a level of violations that demonstrated a lack of integrity or business ethics, it could then notify the agency suspending and debarring official. As for subcontractors, the DOL and FAR Council are weighing the obligations, including the question of whether they will be phased in or imposed immediately. In addition, both agencies are seeking comments on whether contractors should be responsible for collecting the required violation information from subcontractors and, in turn, making the same determinations that will be made by contracting officers with their labor compliance advisors – or, alternatively, if the subcontractors should report violations directly to the DOL. In either case, contractors will be involved in the process and have some accountability for choosing or retaining subcontractors with reported violations. ACTIONS TO TAKE NOW
To get ready to meet these new obligations and avoid reportable violations, contractors should consider taking the following steps: • Identify the company stakeholders who need to be informed about the requirements and the potential impact on the company’s ability to gain and hold federal government contracts. • Identify who will lead the effort (e.g., legal department, compliance officer outside of legal, or contracting) and budget for additional resources. • Develop an internal compliance plan. Consider a centralized reporting system for companies with multiple locations, divisions, or subsidiaries.
• Review the company’s past labor law violations, as well as compliance efforts and remediation agreements or initiatives. • Analyze possible future strategies and decisions regarding labor law charges and complaints, agency investigations, arbitrations and enforcement proceedings based on the new reporting requirements, including what needs to be disclosed and what factors will be considered in mitigation. ARBITRATION AGREEMENTS
In what almost seems an afterthought, the E.O. restricts pre-dispute arbitration agreements. With the exception of commercially off-the-shelf items or subcontracts, this restriction applies to all federal contracts in excess of $1 million with flow down to all subcontracts in excess of $1 million. The provision requires contractors to “agree with the federal government” that the decision to arbitrate claims arising under Title VII of the Civil Rights Act, or any tort related to or arising out of sexual assault or harassment, shall be made only with the voluntary consent of employees or independent contractors after such disputes arise. There are narrow exceptions for collective bargaining agreement arbitration plans and for employees or independent contractors who entered into valid agreements prior to the contractor bidding on a contract subject to the requirement. However, the latter exception does not apply if the existing arbitration agreement permits the employer to change the terms of the agreement or if the agreement is renegotiated or replaced. Contractors should review their current arbitration agreements and consider expediting execution of any pending agreements. In addition, when bidding on and entering into contracts, contractors should consider the legal name and corporate structure of the entity actually entering into the contract and how this will impact the ability to use arbitration agreements for employees of that entity.
PAY TRANSPARENCY
The E.O.’s pay transparency component requires covered contractors and subcontractors to keep wage records and provide wage statements/pay stubs to all workers on covered contracts and subcontracts every pay period. They should include all hours worked, overtime hours (for non-exempt employees) by workweek and totaled for pay period pay, as well as all deductions. In addition, if a worker is an independent contractor, the contractor or subcontractor must provide the worker a written notice of that status prior to commencement of work. The reporting requirements under this E.O. are burdensome and onerous, but companies need to plan now for how they will satisfy them. The potential ramifications of not doing so are too serious to ignore. ■
Leslie StoutTabackman is a shareholder in the Washington, D.C. Region office of Jackson Lewis P.C. She counsels and represents employers regarding compliance with federal and state workplace laws and regulations, and the design and implementation of policies. Leslie.Stout@jacksonlewis.com
Laura A. Mitchell is a shareholder in the Denver office of Jackson Lewis P.C. She assists clients with the drafting of affirmative action plans, representing government and non-government contractors in Office of Federal Contract Compliance Programs (OFCCP) matters, preparing for and defending OFCCP audits, and counseling employers on issues stemming from OFCCP regulations. Laura.Mitchell@jacksonlewis.com
today’s gEnEr aL counsEL oct/ nov 2015
Labor & Employment Background Checks continued from page 31
panies for their use of background checks/convictions, asserting the policies in question discriminated against minorities. Two of those cases (filed in 2013) remain pending and the third resulted in a victory for the employer. These cases are proving to be hard fought battles for the EEOC, but there is no sign the agency intends to retreat. Where the federal government has remained legislatively silent, states and municipalities have not. As of the preparation of this article, 18 states have enacted “ban the box” or fair chance statutes, with seven of those laws applying to both public and private employers. Additionally, 100 cities and counties have enacted some form of fair chance laws. “Ban the box” or other similar fair chance statutes typically do not prohibit an employer from running background checks or using the information obtained in a hire decision, but seek to delay when in the process the information can be obtained. For example, in Illinois a covered employer must first identify a potential candidate for an interview or make a conditional offer of employment before being allowed to inquire into and consider conviction records. In New York City, however, in addition to just having to delay when the information can be obtained, employers are subject to restrictions concerning when employment decisions can be based on convictions, and failure to meet these restrictions can now constitute discrimination under the city’s Human Rights Ordinance. By varying degrees these statutes seek to have employers assess candidates’ substantive credentials for a position before they close the door (if they do close it) due to a criminal conviction. These developments place the employer in the difficult position of having to decide between compliance with the law or potentially increasing the company’s exposure to claims that may arise if criminal records are not considered. When employers do not
screen for criminal records or do not utilize the information obtained from them, they may risk negligent hiring or negligent supervision claims, or face vicarious liability if an employee with a criminal record injures others in the scope of employment. But if the employer obtains and uses conviction information in the hire process, the company may then face increased risk of discrimination claims, or statutory or other penalties under fair chance laws. Whether you call this a Hobson’s Choice, Morton’s Fork or a Catch 22, it spells trouble, and it will be critical for your human resources staff or any other professionals involved in the hire process to be familiar with the laws in each of the jurisdictions (state and local) in which your company operates. BEST PRACTICES
Companies can take steps that should allow for continued use of criminal conviction records while staying within the bounds of the law. First and foremost, those involved in the hire process need to be aware of the specific limitations in the states where they operate. If they use a third-party vendor or internet service to post and screen applicants, they must make sure their process complies with state-specific requirements. With regard to the EEOC, there are ways to manage the process that will help keep the company out of its crosshairs. Specifically, eliminate any bright line policy that prohibits someone with a criminal conviction from being hired. Instead, the policy should mandate individualized assessment of each candidate’s background check/conviction history. The EEOC Guidance confirms that the desired approach is for employers to consider the duties and responsibilities of the specific position at issue, along with the nature and gravity of any criminal convictions found, as well as the time elapsed since any conviction occurred. You are looking to determine whether the conviction and conduct implicated pose a real concern given the duties the candidate would be performing, ideally as supported by the written job description. As part of this process, if
a candidate’s background check turns up a conviction, allow the candidate the opportunity to explain the record and provide any other information he or she thinks relevant before making a final decision. Next, designate one or more persons as gate keepers of this process and the documentation generated. In this context, the EEOC has recently sought to enforce document retention requirements for selection procedures used in hiring against one employer under Title VII, marking perhaps a new type of EEOC attack on background check policies. Retain documents pertaining to the company’s process and decision-making. Also, train these gate keepers and decision makers about Title VII, as well as state and local requirements applicable to your operations. Additionally, do not reject candidates absent a conviction. Arrests are not proof of criminal conduct, and most jurisdictions prohibit consideration of arrests, as well as expunged or sealed records. In short, restrictions on the use of criminal convictions are here to stay and likely will become even more restrictive. There is no sure way to avoid a discrimination claim, but if one does arise the above practices will improve the chances for a successful defense. ■
Aimee E. Delaney is a partner at Hinshaw & Culbertson LLP in Chicago and the leader of the firm’s Labor & Employment Practice Group. She counsels employers on the employment relationship on matters from hire through termination, including leave and disability considerations, classification issues, employee misconduct and other disciplinary matters. She also works with management on training in anti-harassment, anti-discrimination and other employment law related topics. adelaney@hinshawlaw.com
37
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
WORK PL ACE ISSUES
ACA Strategies for Employers By Steven J. Friedman
T
38
he cost of employee healthcare has been hampering American business growth for many years. Over the past few decades, businesses have had to become accustomed to ever-increasing healthcare costs, which have risen at rates much higher than general inflation rates. The Affordable Care Act (ACA) has created new obstacles to business growth because it created a “mandate” requiring businesses with more than 50 full-time employees to offer coverage to at least 95 percent of these workers (lowered to 70 percent this year by a “transition rule”) or face a penalty tax of $2,000 per full-time employee. This is often referred to as the “A Tax.” If a business misses the 95 percent threshold by even one employee, the A-Tax is calculated by taking into account all full-time employees, regardless of whether they are covered by the ACA. Other penalty taxes may be incurred even if employees are offered coverage, if that coverage is deemed
Steven J. Friedman is a shareholder and co-chair of the Employee Benefits Practice Group at Littler Mendelson. He advises employers on employee benefits law, including the structuring and implementation of qualified and non-qualified retirement plans, welfare and fringe benefits programs, early retirement programs, severance plans and other issues. sfriedman@littler.com
to be unaffordable (because the cost for single coverage is more than 9.5 percent of household income) or doesn’t meet a “minimum value” standard. (Meeting that standard is not problematic for most healthcare plans.) The employer may be liable for a penalty tax equal to $3,000 per affected employee if that employee procures coverage from the government-established marketplace and is entitled to a tax credit to pay for the coverage. (This is available to individuals whose household income is no greater than 400 percent of the federal poverty level.) American businesses are bracing for another round of increases in insurance costs in 2016, with medical inflation again outpacing general inflation. How are businesses dealing with the twin threats of ACA penalties and higher healthcare costs? What follows are some of their strategies. Under the ACA, a full-time employee is defined as someone who works 30 hours or more per week, and some businesses are choosing to use part-time employees, seasonal workers and others who need not be offered healthcare. Other businesses are engaging independent contractors
who will be off the payroll entirely and therefore need not be provided with benefits of any kind. Another possibility is using staffing firms, which may provide benefits to the employees who are transferred to the employer’s worksite. Extreme caution is needed when transitioning to a workforce with fewer full-time workers. First, under traditional employment law principles, employers must be mindful of the various claims that could be made by employees
TODAY’S GENER AL COUNSEL OCT/NOV 2015
who had benefits and then lose them. Traditional discrimination laws are one area of concern. Employees who lose benefits could sue an employer, claiming they were in some way discriminated against on account of age, disability, race, gender, or some other category. Although there may be no discriminatory intent, an employer is not necessarily free from legal jeopardy. Another ground for legal liability is found in Section 510 of ERISA. Under this provision of the statute that governs benefit plans, employers are essentially foreclosed from taking benefits away from employees who are currently eligible if a material reason
contractors or other workers who do not meet the ACA definition of full-time employee, a reclassification by the IRS or the courts could cause the A-Tax to apply, and potentially result in additional taxes and penalties. We know there are pressing business needs that may require employers to become aggressive in seeking to minimize the number of employees covered under their healthcare plans. That said, there are several ways that employers can minimize their exposure to lawsuits and increased taxes. First, be careful before cutting staff or reclassifying those who already have benefits in your organization. It is far
It is far less risky to focus on hiring individuals who will not receive benefits than to reclassify those who already have them. for doing so is to save money on benefit costs. A court could require that in this situation benefits be reinstated, or that former jobs be reinstated, if it found for the employees. The provisions of the ACA also can create legal liability for employers. This is because the ACA requires that employers offer benefits to full-time employees, and employees for this purpose are those classified as “common law” employees. It may be difficult to determine who is a common law employee. Over the years the IRS has published many tests that instruct employers on how to determine if those classified as independent contractors are in fact employees. Essentially, the IRS will look at who is controlling the work of individuals who are working for an entity, or at an entity’s location, irrespective of who is paying them and/ or providing employee benefits. Again, employers must offer coverage to 95 percent of their full-time employees to avoid the A-Tax. If a business dutifully offers coverage to all full-time employees but has a sizable number of independent
less risky to focus on hiring individuals who will not receive benefits than to reclassify those who already have them. Second, be mindful of the number of independent contractors and others who do not meet the ACA definition of full-time employee that work for the organization. If staffing firms are used to providing workers to an organization, there are clear guidelines that will protect the staffing firm client from liability under the ACA. This includes having an agreement by the staffing firm to provide ACA-compliant benefits to these workers, and paying the staffing firm extra for covered workers. Third, make sure your organization is properly classifying those individuals who are employees as eligible or ineligible for benefits. The ACA rules provide guidance on this topic. It is important that employers do not “miscount” the hours performed by their staff, as this could create A-Tax issues. Lastly, it’s sensible to be guided by experienced benefits consultants or counsel who can help you navigate through the issues. ■
SUBSCR IBE TO
“Informative and worth reading.” “I refer to the magazine often and the information is useful in my daily work.” “Very useful publication.”
todaysgeneralcounsel.com/ subscribe
39
oct/ nov 2015 today’s gener al counsel
T H E A N T I T R U S T L I T I G AT O R
Protecting Confidential Information from a Potential Merger Partner By Jeffery M. cross
I
40
n my prior column, I wrote about the protection of commercially sensitive information in a merger investigation and challenge by the government. In this column, I address the protection of confidential information between the merging parties themselves. Confidentially issues frequently arise in mergers between competitors, which are defined as “horizontal mergers.” The parties are competitors because they sell or manufacture products that are substitutes. They compete to entice customers to buy one party’s products over the other’s. By definition, each of the parties will have competitively sensitive information which, if they were to remain competitors, they would not want the other party to know. This includes information about prices, costs, output, future marketing strategies and future product development. Until the parties close, they remain competitors. Indeed, if they began to “collude” on decisions regarding these areas, they would have violated the antitrust laws. The
Jeffery cross, is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com
government refers to this as “gunjumping.” (See my column “Take Control of the M&A Process” in the December/January 2015 issue of Today’s General Counsel.) The process of protecting confidential information begins before the completion of an asset or share purchase agreement. This is true even if the parties to the merger or acquisition have been identified. It is especially true in an auction. During the auction process, parties will express an interest in acquiring the seller or the seller’s assets. These interested parties will want to review information and data to facilitate their bids. In many cases such information may be confidential and commercially sensitive.
The first step in protecting confidential information is to prepare a “Confidentiality Agreement.” Employees of the acquiring party or a potential bidder in an auction should not have access to confidential information unless they have signed a confidentiality agreement. It should put limits on access to current and future competitively sensitive information. One way is to limit the type of employee that can have access to such information. The information should not be made available to employees who are making decisions about price, output, marketing strategies, and future product development. As for the type of information that should be restricted, the “touchstone”
today’s gener al counsel oct/nov 2015
test that I suggest to my clients is whether it is information they would want their competitor to have if the deal fell apart. Another way to limit access to competitively sensitive information is to use a virtual data room. There are many financial and corporate service companies that can provide virtual data rooms. The client can download data and documents into the virtual data room, then employees of the other party can access such data and documents electronically using security features such as passwords. Access can be restricted to specific documents or types of documents. Indeed, the best virtual data rooms can provide security to the page and even the character level. In addition, the party providing documents and data can see who is accessing the data room and what they are seeing down to each second of access. Finally, the downloading and printing of documents and data can be restricted. This makes it more difficult for a confidential document to be inadvertently forwarded to an employee who should not be permitted to view it. I recommend to my clients that they place more restrictions on the access of competitively sensitive information early on in the process, and relax that access as the process moves towards closing. For example, in a bid or auction process, parties may want to see confidential information and data in order to make a bid. Many companies that will remain competitors will potentially be seeing confidential information. In this situation, I recommend that the potential bidder have access only to historical information, and in many cases, aggregated data. Sometimes it is necessary to mask certain information. In one recent deal that I was involved in, a bidder wanted to know contract expiration dates. This was clearly competitively sensitive information. If the competitor knew when contracts with a customer would expire, it could solicit that customer. I recommended
that the client provide that information, but assign numerical identifiers to each customer. The bidder also wanted to know the dollar value of each customer, and the client felt that such information would potentially allow the competitor to identify certain large customers. In that situation, I recommended that the client provide ranges of dollar value on expiration dates. One potential solution to an acquirer that insists on detailed information is to require the use of a third-party “clean-team.” The third party, such as an accounting firm, would be permitted to review detailed confidential and commercially sensitive information
The best virtual data rooms can provide security to the page and even the character level. and prepare an aggregated report to the acquiring company. Of course, this necessitates an agreement with the third party that restricts how the data can be presented. Protection of a party’s commercially sensitive information should also be built into the asset or share purchase agreement. I always recommend that the purchase agreement provide that a party have the ability to designate certain data and documents as “Confidential – Outside Counsel Only.” The purchase agreement also frequently addresses the sharing of each party’s Hart Scott Rodino (HSR) submission to the government. Confidential information included in a party’s HSR submission should also be protected. For example, the HSR Notification and Report Form calls for the submission of potentially commercially sensitive information in Items 4 through 7. These include internal
marketing studies, revenue information and ownership data. Sometimes parties to a merger or acquisition will include in the purchase agreement that only Items 1 through 3 can be shared. These items cover basic identification information as well as a description of the transaction. I recommend to my clients, however, that they also share documents and information covered by Items 4(c ) and 4(d). These items call for the production of studies, surveys, analyses and reports prepared for the purpose of evaluating or analyzing the acquisition with respect to market shares, competition, competitors, markets, the potential for sales growth or expansion and synergies. If the purchase agreement permits either party to designate material as “Confidential – Outside Counsel Only,” the commercially sensitive nature of this information should be protected. I counsel my clients, however, that it’s important for the lawyers representing both merging parties to have access to this material in order to evaluate whether there are antitrust issues that might require a proactive effort with the agency involved. Often these materials are the only documents and data that the agencies will see prior to permitting the merger to close or asking for additional information. A merger or acquisition can be an exciting venture that results in synergies and pro-competitive benefits. Counsel should not forget, however, that until a horizontal merger closes, the parties are competitors, and competitively sensitive information and data should be protected. ■
41
OCT/ NOV 2015 TODAY’S GENER AL COUNSEL
THE LEGAL MARK E TPL ACE
Schools and Firms Collaborate on Pro-Bono Clinics By Mark A. Cohen
W
42
alter Cronkite, a legendary reporter turned news anchor at a time when that meant something more than simply reading stories written by others, was asked why so much news was bad. He responded there were so many positive things that occurred every day that they simply did not elevate to “news.” So, America’s most trusted man reasoned, that’s why so much of the news is bad. Wish the same could be said for news about the legal vertical, but even Cronkite could not make that case, because the legal sector seems to be inundated by bad news. And it comes from all quarters of the profession: debt-ridden, unemployed law graduates, laid-off associates and service partners, the free-agen-
Mark A. Cohen is the CEO of Legalmosaic, a consultancy to service providers, consumers, investors, educators and new entrants into the legal vertical. Prior to founding Legalmosaic, he was co-founder of Clearspire, a legal service provider whose disruptive, proprietary IT platform and reengineered legal model garnered international acclaim. This followed his founding of Qualitas, an early entrant into legal process outsourcing. Earlier in his career he was a civil trial lawyer. Currently he is Adjunct Professor of Law at Georgetown Law Center and blogger and public speaker. markacohen@legalmosaic.com
cy mentality of rainmaking partners that has contributed to even more instability among law firms, disgruntled clients, the access-to-justice crisis. For most lawyers, the bad news never seems to end. So, here’s a feel good story for law. It’s about collaboration between the academy and the private sector to provide training, mentorship, hands-on experience, and good jobs to newly minted lawyers. That’s good right there, but it’s only half of the story. The other half is that this collaboration has been undertaken to serve the needs of those who could not otherwise afford legal representation (the “access-tojustice crisis”). This story is about lawyers using their ingenuity, training, and pooled resources to find a creative solution to a pressing problem – that’s what lawyers should be doing, right?
The ABA Journal broke the story described above. It reported the creation of a “Low Bono” law firm, named “The DC Affordable Law Firm.” It’s the product of a collaborative effort involving Georgetown Law School, DLA Piper, and Arent Fox. The glue that helped create and will surely bind the venture is its Executive Director, Sheldon Krantz. Sheldon is a remarkable lawyer who has been everything from a strike force attorney for DOJ to a law school dean and, later, a senior partner at DLA. Time for disclosures: Sheldon is a close personal friend and professional colleague, and I am an adjunct professor at Georgetown Law. But that hardly disqualifies me from sharing this good news with those who may not have seen the ABA piece, adding a bit of meat to
today’s gener al counsel oct/nov 2015
the bones of the story, and shedding some light on why it is so meaningful. The story of this upstart firm is important for several reasons. They are, in no particular order: • Collaboration. It’s an example, as noted, of the academy joining forces with the private sector to accomplish two key objectives: (1) to provide invaluable training, mentorship, practical experience and income to recent graduates, positioning them to lead productive careers either in the public or private sectors, and (2) to address the access-to-justice crisis by providing critically needed legal assistance to those who cannot afford market rates charged by attorneys and who otherwise would go unrepresented. • It’s a two-fer. The firm achieves two critically important objectives - albeit for an initially small universe - currently bedeviling the legal ecosystem: (1) the lack of experiential learning and mentorship for most law school graduates and (2) the lack of access to counsel, even in bet-the-homestead or bet-the-business situations, for the majority of Americans. • It’s an example of “adaptive radiation.” This is a term anthropologists use to describe the ability of a species to survive under changing conditions. Need I say more? Lawyers MUST be creative to maintain their relevance, and a good way to start is to be more responsive to the needs of clients. By doing so, they will not only do good, but also do well. • It creates a template. If it’s done right, and there is no doubt in this observer’s mind that it will be, the DC Affordable Law Firm can be scaled nationwide, if not internationally. Its win-win outcome can be reprised for countless law graduates in need of experiential and supervised training, a meaningful job and income, as well as for clients in need of competent counsel. It will also pay dividends to participating law firms, as it will promote goodwill and brand recognition, and it will create a fully vetted, practice-ready talent pool.
• Restoration of mentorship. A critical component of the model is the mentorship/oversight role played by BigLaw attorneys who serve as “partners” for the young lawyers. Mentorship was one of the victims of the post-2008 shakeout, but it will be restored here, albeit outside the confines of the law firm where the mentors spend the bulk of their practice time. • “It Takes a Village.” Another way of putting it is that law is an ecosystem whose key elements – the academy, providers, and consumers (clients) – have had misaligned interests. This has led to disastrous results: (1) too many debt-ridden, unemployed, and nonmarket ready law graduates; (2) too many Americans who cannot afford legal representation; (3) an inability to bridge this paradoxical gap; (4) an almost total divide between the retail and corporate segments of the legal market (except for the pro bono work of BigLaw) and (5) the stark isolation of the academy from the legal marketplace. The DC Affordable Law Firm will demonstrate, inter alia, all the good that can come from the collaborative efforts of different key stakeholders in the legal vertical. Happily, the DC initiative is not the only example of innovative thinking and collaborative implementation of new initiatives in the legal vertical. Not only is there a legion of new service providers, educational programs, and private and public sector initiatives driving new life, new models and new hope, but there also are a number of collaborative ventures – in many ways similar to the DC Affordable Law Firm – that bear mention (with apologies to others who are omitted but by no means intended to be slighted). • Law Without Walls (LWOW), sponsored by the University of Miami Law School, is a remarkable amalgam of legal education, entrepreneurship, legal providers, technology and business coming together to effect positive change. As LWOW describes itself, it “engages those with a stake in Law’s future and provides them with a powerful vehicle for
innovation and change.” This thoughtful, dynamic and inter-disciplinary initiative exposes its student participants, and others who participate, to the collaborative dynamic of a legal vertical that will soon bear little resemblance to the entrenched traditional model. • UnitedLex (ULX), a forward-thinking, diversified legal services provider (disclosure: I admire the company so much that I consult with it) offers another example of creative collaboration among the legal vertical’s key stakeholders. ULX has created and implemented an “Associate Legal Residency Program,” partnering with law schools. ULX hires a number of the school’s recent, bar-admitted graduates who then enroll in their well-paid two-year program that includes rigorous training in foundational legal skills, as well as supervised work on matters for clients who typically have ties to the law school. The students gain critical real life experience while clients benefit from highly qualified, cost-effective attorneys supervised either by ULX or internally. The areas of instruction and client deployment include data management, cyber-security, project management and IT, as well as a number of other foundational elements of 21st century legal practice not presently taught by the vast majority of law schools. The ULX Residency Program, already underway at a number of top-tier law schools, is a win-win-win for all: graduates, law schools and consumers. It’s easy to find fault and pick holes in innovative models such as the ones described here. But these and other creative initiatives are what lead to better, more efficient ways of doing things. The legal vertical is certainly in need of innovation. If lawyers embrace the innovative efforts of those mentioned here and others like them, they will continue to maintain their long run of occupational relevance. Without such innovation, lawyers may find their role increasingly marginalized by other knowledge-based professions and businesses that have developed better models for delivering the bulk of the services lawyers currently provide. ■
43
FEDS SEEKING FACT ADMISSIONS IN FALSE CLAIMS CASES BY MARILYN MAY
44
today’s gener al counsel oct/ nov 2015
D
o you remember as a child having to cry uncle to stop a sibling or friend from tormenting you? The Department of Justice is now making companies cry uncle and then some when settling a False Claims Act (FCA) case. Depending on which district your case is in, you may not have any other choice. The FCA settlement process typically involves two steps: First reaching agreement on the principal terms (usually the dollars to be paid and the time period included in the resolution). Then, and often months later after DOJ has obtained approval from its client agencies and any whistleblowers, negotiating the written settlement agreement. Negotiating a settlement agreement with DOJ, however, is different than from most other settlement agreement negotiations because the government insists on including what it claims are certain non-negotiable clauses (for example – whether it is applicable or not – the provision concerning unallowable costs ). Nevertheless, companies can negotiate certain other FCA settlement agreement language, including what is commonly referred to as the “covered conduct.” The covered conduct, one of the key provisions in an FCA settlement agreement, typically includes a recitation of the conduct the government alleges violates the FCA and for which the government will, accordingly, provide a release. Typically, that conduct has been denied. Although the covered conduct paragraph sometimes includes the company’s denial, more often the denial is found in a separate standard paragraph in which the settling company states it does not admit liability. The recent FCA settlement in the Northern District of Georgia between DOJ, whistleblowers (who are called “relators”) and DaVita Health Care Service, for example, contains the following standard language: “This Settlement Agreement is neither an admission of liability by DaVita nor a concession by the United States or Relators that their claims are not well founded. DaVita expressly denies the allegations of the United States and the Relators as set forth herein and in the Civil Action.” The typical FCA settlement agreement also refers to the parties’ statement they are settling the matter to avoid uncertainty and expense. For example, the DaVita agreement provides that the parties are settling in order to “avoid the delay, uncertainty, inconve-
nience, and expense of protracted litigation of the above claims and in consideration of the mutual promises and obligations of this Agreement…” Of course, if a civil FCA settlement is accompanied by a criminal resolution concerning the same underlying facts, the criminal plea will include sufficient admissions of fact to meet the essential elements of the crime to which the defendant is pleading guilty. Otherwise the court will reject the guilty plea. In that scenario, the company or individual pleading guilty will be hard pressed to deny in the civil FCA settlement agreement the same facts admitted in the criminal plea. However, even when there are both criminal and civil FCA resolutions with overlapping underlying facts, companies can negotiate language in the civil FCA settlement agreement limiting admissions to the narrow set of facts tailored to match the criminal admissions, but still denying all other alleged conduct. For example, the settlement agreement with Johnson & Johnson subsidiary Janssen Pharmaceuticals, accompanying a criminal resolution, included language denying the allegations except those made as part of the criminal action: “This Settlement Agreement is neither an admission of liability by Defendants nor a concession by the United States or Relators that their claims are not well founded. Defendants expressly deny the allegations of the United States and the Relators as set forth herein and in the Civil Actions and deny that they engaged in any wrongful conduct in connection with the Covered Conduct, with the exception of such admissions that are made in connection with the Plea Agreement.” However, if the resolution is strictly civil, companies often settle cases precisely for the reasons referenced in the language included in the typical FCA settlement agreement – to avoid delay, uncertainty, inconvenience and expense – based in part on the risk of enormous potential exposure to treble damages and penalties of $5,500-$11,000 per claim. Perhaps in recognition of that reality, DOJ has long agreed to the above referenced provisions in which the company both denies the allegations and resolves the matter. That construct, however, may be changing. In a change ushered in with U.S. Attorney Preet Bharara’s term, the U.S. Attorney’s Office for the Southern District of New York (USAO continued on page 49
45
Lessons from DeLaware’s recent eL Paso Decision By Michael Holmes, David Oelman and Keith Fullenweider
46
today’s gener al counsel oct/ nov 2015
T
he Delaware Court of Chancery recently awarded $171 million in damages against a master limited partnership’s (MLP) general partner. The ruling, in re El Paso Pipeline Partners, L.P. Derivative Litigation, came in connection with a dropdown that was approved by a conflicts committee with the help of legal and financial advisors, and after the receipt of a fairness opinion. The decision is the first of its kind in the master limited partnership space. Several lawsuits previously challenged dropdown transactions, but none resulted in a liability finding. While it is easy to overreact to this decision, in our view the opinion serves to reinforce basic principles for deal lawyers and litigators in both MLP and corporate transactions. The opinion arises from a series of drop-downs from El Paso Corp. to El Paso Pipeline Partners, L.P. (El Paso MLP). El Paso MLP’s governance structure was typical of corporate-sponsored MLPs. It had no employees, was operated by El Paso’s employees and was managed by the board of directors of its general partner (GP), a majority of which held senior management positions with El Paso. Plaintiff initially challenged two 2010 dropdown transactions involving LNG terminal/pipeline subsidiaries (the Elba Subsidiaries) to El Paso MLP. El Paso sold (1) a 51 percent interest in the Elba Subsidiaries in March 2010 (the Spring Dropdown) and (2) the remaining 49 percent interest in the Elba Subsidiaries and a 15 percent interest in another pipeline in November 2010 (the Fall Dropdown). El Paso GP formed a conflicts committee to evaluate and negotiate both dropdowns. The partnership agreement required committee members to form the subjective belief that the dropdown was in El Paso MLP’s best interests. As the opinion states, this standard requires a plaintiff to show either that the general partner intended to act against the partnership’s best interest or consciously disregarded its duty to make a determination in good faith. And, while this standard is subjective, a court may look to objective evidence in determining whether the directors actually formed this subjective belief. Finally, so long as directors can provide a “comprehensible” or “rational” basis for their beliefs, flaws or deficiencies with the process are insufficient to establish liability. Before trial the court granted summary judgment for all defendants with respect to the Spring Dropdown. Despite finding flaws with the process that led to that transaction, the court concluded that these flaws were insufficient to show that the committee had failed to form the requisite subjective belief. The court also granted summary
judgment for the committee members and other directors on all claims because the directors were not parties to the partnership agreement. Only El Paso GP was a party to that agreement. In its post-trial opinion, the court noted that each of the committee members testified that he believed the transaction was in the best interests of El Paso MLP. The court was not, however, persuaded by this evidence. It concluded that the committee members did not actually believe the transaction to be in El Paso MLP’s best interests and instead capitulated to El Paso’s desires. The court relied on, among other things: emails from committee members indicating concerns about the transaction and the lack of any record regarding how those concerns were addressed; its finding that the committee members did not offer “rational” or “credible” explanations for the process deficiencies and substantive concerns found by the court; and a critical review of the financial advisor’s analysis and apparent failure to aid the committee in negotiations. The court also rejected the committee members’ explanation that the transaction was in El Paso MLP’s best interests because it was accretive to its limited partners. According to the court, just because a transaction is accretive to limited partners does not mean it is in the partnership’s best interests. The court noted that it was not a single issue that led to this conclusion, or even a combination of the issues, but rather that when viewed collectively the evidence revealed a number of problems that reached a “tipping point.” The court concluded that the “composite picture that emerged was one in which the [c]ommittee members went through the motions” and “subordinated their independently held views to [the sponsor’s] wishes.” As a result, the court concluded that El Paso GP had caused El Paso MLP to overpay for the dropdown and awarded what it believed to be the amount the purchase price exceeded fair value. This opinion reinforces the critical importance of a documented, rigorous process that complies with the applicable contractual standard and provides a sound basis for a rational conclusion that a transaction is in a partnership’s best interests. While there is no doubt that a $171 million judgment is sobering, directors and sponsors should take some solace in the fact that the opinion provides guidance for avoiding such a result. • The opinion re-confirms the “subjective good faith” standard. With respect to MLP agreements that contain a purely subjective good faith standard, the issue is whether those acting on behalf of the GP formed the correct belief. While the belief itself does not have to be reasonable, objective
Michael Holmes is a partner in the Dallas office of Vinson & Elkins and co-leader of the firm’s Securities Litigation and Enforcement Group. He has significant expertise in Delaware corporate law matters, master limited partnerships and federal securities laws. mholmes@velaw.com
47
oct/nov 2015 today’s gener al counsel
evidence is relevant to determine whether the directors actually formed the requisite belief. The court stated that directors must only be able to “credibly” or “rationally” explain in a “comprehensible” manner the basis for their belief and the reasons why they made key judgments during the process.
David Oelman is a partner in the Houston office of Vinson & Elkins and co-leader of the firm’s Mergers & Acquisitions and Capital Markets practice groups. He has particular experience with publicly-traded master limited partnerships, exploration and production companies, and royalty trusts. doelman@velaw.com
48
Keith Fullenweider is a partner in the Houston office of Vinson & Elkins and co-leader of the firm’s Mergers & Acquisitions and Capital Markets practice groups. He has substantial experience with companies and investors in all aspects of the energy and natural resources industry, including power generation, gas and electric utilities, oil and gas exploration and production, renewables and clean energy, energy services, transportation and midstream, and refining. kfullenweider@ velaw.com
• The committee should lead the process. Once a committee has delegated authority to negotiate or consider a transaction on behalf of an entity, the committee becomes the leader of the transaction for that entity. Committee members should select its advisors and in conjunction with their advice direct their work, critically analyze the proposed transaction, act as “motivated bargainers” and be willing to say no. Management and sponsors should understand the committee’s role, and they should not get ahead of that process by substantively communicating with advisors without authorization. • The opinion reflects the holistic analysis a court will apply in reviewing a process. The court based its decision on what it found to be the “composite picture” that emerged from the testimony and all of the documents that were presented in trial. This includes not just board minutes and banker’s books, but all the evidence, including emails, draft presentations and other documents. This approach dictates that the legal advisor design a process that reflects in toto the work and discussions of a board or committee. The process should identify directors’ communication outside of board meetings and ensure that considerations raised in any means of communication are deliberated and resolved during meetings. • A proper record is critical. Committee minutes should explain the bases for key judgments (including the advice or input on which the committee relied) and the resolution of any material concerns committee members or the committee’s advisors have about the proposed transaction. This is not only good governance, but is also critical for trial lawyers because trials often take place well after the fact. Here, the trial was four years after the fact, and many of the court’s findings were based on the apparent inability of witnesses to recall certain facts or credibly explain the reasons for certain decisions. • “Accretion” is not tantamount to “best interests.” While one could argue that an accretive transaction in a core business is a sufficient basis for concluding the transaction was in a partnership’s best interests, the court concluded otherwise. According to the court, whether a drop-down is in the best interests of a partnership
depends not just on accretion, but on a number of other factors, including whether the purchase price is within a range of fair market value for the assets using traditional valuation analyses and the risks associated with the proposed transaction. • Financial advisors’ work will be critically scrutinized. Consistent with prior Chancery opinions, this opinion reflects the sort of scrutiny that courts will apply to examining a financial advisor’s role and analysis. These opinions reflect that advisors should not view themselves as merely opinion givers, but as financial and valuation advisors. In addition, because the subjective nature of a valuation or financial analysis makes it readily susceptible to scrutiny, financial advisors should ensure a rigorous process that provides an objective viewpoint that makes sense in light of the transaction. Finally, significant changes between presentation versions or prior, related processes should be discussed with the committee, and there should be a reasonable explanation for any such changes. • Fairness opinions form part of the basis of a director’s decision and should match the work done by the advisor. A fairness opinion can be an important part of the basis for a committee’s decision, and in some cases may be sufficient alone to provide such a basis under the conclusive presumption provision found in many partnership agreements. One question implicated by this opinion is what form the opinion should take – fairness to partnership, to the unaffiliated unit holders, or both? That is an important question that a committee should carefully consider with its financial and legal advisors. Whatever the form of the opinion, the substance of the financial advisor’s work should reflect the nature of the transaction and the opinion should be formulated to match the work done by the advisor. • Committees handling serial or multiple dropdowns should ensure independent rigorous processes and substantial consistency from one process to the next. The serial nature of transactions should not diminish the rigor or scope with which each transaction is reviewed and negotiated. Each will be judged by the court on a standalone basis. That said, committees should regroup at the beginning of each process to examine what can be learned from the prior process or transaction and take any lessons into account. In the El Paso case, the court was critical of what it viewed as a “routine” approach and the committee’s failure to take into account what it had learned from a prior process. ■
today’s gener al counsel oct/ nov 2015
FCA Admissions
continued from page 45 SDNY) is not only requiring companies and individuals to admit their role in the alleged fraud as part of the price of settling an FCA case, but it’s also emphasizing those admissions in press releases about the settlements. As an example, the FCA settlement earlier this year between DOJ and the Westchester Medical Center includes a long recitation of admitted facts. Although the first paragraph of the accompanying press release refers to alleged violations of the Anti-Kickback Statute and the Stark law, it later states “the defendant agreed to pay a total of $18, 800,000 to resolve its liabilities, and made admissions as to its conduct.” The release then continues with a three-quarter page recitation of the admitted facts. Similarly, in another recent FCA settlement, the USAO SDNY’s press release highlights the defendant’s admissions of fact in a bolded sub-headline stating that “CCH Admits to Misconduct and Agrees to pay $4.9 million to the U.S. and $1.6 million to the State of New York.” And its most recent press release of an FCA settlement again focuses on the defendant’s admissions, with the bolded sub-headline stating “Inspire Pharmaceuticals, Inc. Pays Federal and State Governments $5.9 million and Makes Admissions as to its Conduct.” Although this tactic of requiring admissions of fact in FCA settlement agreements appears well entrenched in the USAO SDNY – at least as long as Bharara is the U.S. Attorney – other U.S. Attorney offices around the country have not jumped on the factual admissions bandwagon so quickly, perhaps recognizing such a requirement will make it less likely companies will agree to settle or may extend the frequently lengthy period of negotiations even further. This practice of obtaining admissions of fact in FCA settlements may spread, however, if DOJ suggests to the 92 other U.S. Attorney offices around the country that it will not approve settlements without such admissions. (All FCA settlements in excess of one million dollars must be approved by DOJ’s Commercial Litigation Section in Washington.) DOJ may be moving in that direction. For example, Joyce Branda, DOJ Deputy Assistant Attorney General, in recent public comments stated that admissions of fact in FCA settlement agreements help inform the public.
If the goal, however, is to inform the public about the facts of the case, DOJ has other means to do so, including making detailed statements of facts in the government’s contention section of the FCA settlement agreement or by filing a detailed public complaint and referencing the complaint in press releases or conferences. DOJ did exactly that when it resolved FCA and criminal claims against Janssen, by simultaneously publicly filing: (1) A 165-page civil FCA complaint in intervention (in which it intervened in a number of whistleblower lawsuits) containing 16 exhibits of defendants’ document, (2) An FCA settlement agreement (with a multipage statement of the government’s contentions of fact), (3) a criminal information, (4) A plea agreement and (5) a sentencing memorandum. DOJ also held a press conference and issued a press release including lengthy excerpts of facts contained in its complaint in intervention. Although the FCA settlement agreement included defendants’ narrow admission of facts made in connection with a plea agreement, DOJ also agreed to include defendants’ express denial of the allegations in the complaint as well as denial of wrongful conduct. Although it did not follow the USAO SDNY model requiring additional admissions of fact in the FCA settlement agreement, DOJ nevertheless achieved its goal of informing the public. Will the USAO SDNY model spread to other offices? Probably. According to Stuart Delery, former DOJ Acting Assistant Attorney General, DOJ is focused on non-monetary relief, including explaining the conduct that led to the resolution and deterring future bad acts. At some point, however, DOJ’s insistence on admission of facts is likely to lead to fewer resolutions and more litigation. Admitted facts, of course, lead to potential collateral consequences beyond resolution of FCA claims with the government - including possible effect on litigation by third parties, state attorney general actions, administrative proceedings (such as exclusion, suspension or debarment), insurance coverage and reputational harm. Individual defendants also risk additional potential collateral consequences, including loss of employment and potential loss of future employment. Given these potential collateral consequences, when faced with DOJ demands for admission of facts, companies should carefully consider whether such resolution is worth the price. ■
49
Marilyn May, counsel in Arnold & Porter’s Washington, DC office, represents clients in government and internal investigations and white-collar litigation, with a focus on pharmaceutical, medical device and healthcare defense. Prior to joining Arnold & Porter, she was Deputy Chief of the Civil Division for the U.S. Attorney’s Office in the Eastern District of Pennsylvania, where she was responsible for healthcare and procurement fraud investigations and litigation. Marilyn.May@ aporter.com
50
Analytics Can Detect FCPA and Other Risks By Rob Hellewell
R
ecord-breaking penalties and settlements under the Foreign Corrupt Practices Act continue to rattle multinational corporations and their general counsel, and as James Koukios, former Senior Deputy Chief of the Fraud Section of the DOJ’s Criminal Division said in October 2014, “It’s fair to assume that the penalty amounts are not going down.” That is quite the understatement given current initiatives at the regulatory agencies charged with enforcing the FCPA. Just two months following Koukios’ statement, the DOJ imposed a $772 million penalty to resolve bribery charges against French power and transportation company Alstom S.A. In the press release
announcing the company’s decision to plead guilty, Deputy Attorney General James M. Cole remarked, “[I]t is both my expectation and my intention that the comprehensive resolution we are announcing today will send an unmistakable message to other companies around the world: that this Department of Justice will be relentless in rooting out and punishing corruption to the fullest extent of the law, no matter how sweeping its scale or how daunting its prosecution.” The DOJ and SEC also indicated that they intend to step up the investigation of individuals. Koukios suggested that because the DOJ had more prosecutors and resources focused
today’s gener al counsel oct/ nov 2015
on the FCPA than it had before, its investigations of these matters will be “vibrant, aggressive, and appropriate.” Additionally, the agency is looking to expedite the prosecution of FCPA-related misconduct under administrative actions filed under the Dodd-Frank Act. By avoiding the need to file a complaint in court, the agency can avoid the requirement of obtaining judicial approval for settlements. The results are convincing evidence of stepped-up enforcement. In the last year, the SEC and DOJ assessed penalties and interest in excess of $1.5 billion, the highest level since 2008. Tellingly, 2014’s average settlement amount was $156 million – nearly $70 million higher than the average assessment from the next highest year (2008, when it was $89 million). The last year also saw two of the ten highest settlements of all time, with Alstom topping the list of criminal penalties imposed by the DOJ in an FCPA-related enforcement matter. HARD TO DETECT WITH TRADITIONAL METHODS Rooting out organizational risk has always been a goal for most legal departments. Over the years, they have handled their enterprise risk management responsibilities – with varying levels of success – by relying on traditional tools, such as policies, procedures, risk committees, audits and task forces. Though these approaches are critical to ensuring compliance, as the Alstom case reveals, those tools fall short. The Alstom bribery scheme involved the falsification of books and records, as well as bribes to high-ranking government officials, and it spanned multiple continents and lasted more than a decade. In Indonesia, for example, the company and its subsidiaries bribed government officials in return for assistance in obtaining contracts for services. The bribes totaled more than $75 million, in exchange for $4 billion in projects and $300 million in profit. The Alstom investigation epitomizes the problems endemic to an FCPA investigation. First is the difficulty of spotting evidence of bribery. Here, instead of working directly through employees, the company retained consultants who served as liaisons for corrupt payments to foreign officials. Instead of referring to the consultants by name, internal documents used code names such as “Mr. Paris, “Quiet Man,” and “Old Friend.” In addition, Alstom did not have an effective compliance program in place that could have detected unusual payment practices. For
example, had the company been on the lookout for aberrant transactions or other tell-tale signs of bribery, it might have noticed a suspicious pattern of payments to consultants. In one case, the company deviated from its normal policy of paying consultants on a pro-rata basis. Instead, the Egyptian consultant involved in bribery received a large up-front payment. This was far from a lone incident. Many other transactions were characterized as “consultant payments.” Payments to the company’s Egyptian consultant were made without sufficient description of the services performed and lacked backup documentation. Other consultants, in Saudi Arabia, were paid $39 million in fees, yet there was no documentation showing that they performed any legitimate services. In addition, the company donated $2.2 million to an American charity devoted to Islamic education that was affiliated with a Saudi official. The siloed nature of the organization likely prevented earlier detection of the problems. To take just one example, the government’s complaint alleged that in December of 2003 an Alstom finance employee emailed an Alstom subsidiary project manager, explaining that she could not process an invoice for consulting services without proof of the services provided. The project manager called the employee and said that if she “wanted to have several people put in jail [she] should continue to send emails as [she] had earlier in the day” and instructed her to delete all emails regarding the consultant. Apparently no one followed up on the investigation, and no further steps were taken. The contents of the email did not trigger a red flag for anyone. Finally, Alstom did not apply what it had learned from similar government investigations and look for other instances of wrongdoing. The company had been investigated multiple times, starting as early as 2004, when a Swiss government agency flagged documents that seemed to indicate potential improper documents. A fine for failure to stop foreign bribery was assessed. Rather than taking smoke as an indication of fire, the company ignored the fact that another of its subsidiaries had engaged in similar, related misconduct, but failed to voluntarily disclose this misconduct or cooperate with the investigation Cases such as Alstom bear out the results of a recent study by the Association of Certified Fraud Examiners, its “Report to the Nations on Occupational Fraud and Abuse,” which suggests that internal audit detects a miniscule continued on page 55
51
52
FTC’S NEW SCRUTINY OF SOCIAL MEDIA CAMPAIGNS B Y A L L IS ON F I T ZPAT R I C K
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
F
resh on the heels of recent enforcement actions involving endorsements on social media, the Federal Trade Commission updated its answers to a series of frequently asked questions (FAQs) about its Guides Concerning the Use of Endorsements and Testimonials. By way of background, the FTC requires that endorsements and testimonials be truthful and not misleading, and that endorsers disclose any material connections (e.g., payments or free products) that the consumer would not expect. In 2009, the FTC updated the Guides to cover new media formats, such as blogs and social media. While the original FAQs addressed general questions involving blogs and social media, the updated FAQs provide specific guidance with respect to disclosures on social media platforms, such as Twitter, Facebook, Pinterest and YouTube. The updates also expand on guidance provided by the FTC in its recent enforcement actions involving violations of the Guides. RECENT ENFORCEMENT ACTIONS Since 2014, the FTC has increased its enforcement efforts against social media campaigns that allegedly violated the Guides. For example, last year the FTC claimed that home security company ADT LLC was in violation by allowing its paid endorsers to represent themselves as independent reviewers. As part of its settlement with the FTC, ADT agreed to institute reasonable monitoring programs to ensure that its endorsers were making appropriate disclosures when promoting ADT on talk shows, blogs and social media. Later that year, the FTC investigated Cole Haan’s Pinterest contest for failing to have entrants adequately disclose that their pins were entries into Cole Haan’s contest. According to the FTC, entrant’s pins constituted endorsements of Cole Haan’s products, and that needed to be disclosed. The FTC also found that the hashtag #WanderingSole, which entrants were required to include in their pins, failed to disclose the material connection. Again in 2014, the FTC brought an action against Sony Computer Entertainment America LLC and its advertising agency, Deutsch LA, alleging that they falsely advertised certain capabilities of Sony’s PlayStation Vita. Most notably, the FTC found that Deutsch violated the Guides by urging its employees to promote the PlayStation Vita on Twitter without instructing them to disclose the relationship.
The FTC’s recent uptick in enforcement illustrates its concern. In response, and as a follow-up to the enforcement efforts, the FTC updated its FAQs. The update places special emphasis on issues raised in the recent enforcement actions, including with respect to social media promotions and employee endorsements. The updated FAQs provide long-awaited guidance with respect to a number of endorsement-related issues on social media, including incentivizing “likes,” pinning photos, tweeting and streaming videos. According to the FTC, if as part of a paid campaign you click a “like” button, pin a photo or share a link, it “probably” requires a disclosure describing the relationship. This advice re-emphasizes the guidance from the FTC’s investigation into Cole Haan that words are not necessary to constitute an endorsement. Even uploading a photo of a product can convey an endorsement. The FTC further explained that because Facebook’s “like” button does not allow for a disclosure of a material connection, companies should avoid making use of the button for incentivized campaigns (e.g., “like” this page for entry into our sweepstakes, or to get a free product or coupon). That being said, the FTC is unsure how much stock consumers actually put into “likes” when deciding to patronize a business. Consequently, a company’s failure to disclose that a “like” was incentivized may not violate the Guides. In contrast, buying fake “likes” from non-existent people or people with no experience using the product would be deceptive, and may subject both the company and the seller of the fake “likes” to FTC action. According to the FTC, platform-specific constraints are no excuse for a failure to disclose material connections. Consequently, disclosures are required regardless of character limitations, such as on Twitter. The FTC does not mandate the specific wording of such disclosures, but the audience should be given the information that they need to evaluate sponsored statements, regardless of the medium and any associated limitations. On platforms with character limitations, such as Twitter, the words or hashtags “Sponsored,” “Promotion,” “PaidAd,” or “Ad” may be used to disclose the connection. With respect to YouTube and other online video platforms, the FTC explained that disclosures should be made within the video
53
oct/nov 2015 today’s gener al counsel
itself (not in the video description) and toward the beginning of the video, not the end. For live stream videos, the disclosure should appear whenever viewers tune in to the broadcast. The FTC recommends multiple periodic disclosures throughout a video stream. Alternatively, as a best practice, a clear and continuous disclosure should appear throughout the entire stream. Expanding on the guidance from the Cole Haan investigation, the FTC advised in its updated FAQS that posting a Tweet or pinning a photo as part of a contest may constitute a material connection that must be disclosed. Accordingly, when entrants are encouraged to endorse a company or its products in connection with a contest on a social media, entrants’ hashtags should clearly convey that their posts were made as part of a contest. Notably, a hashtag with the company’s name is not sufficient to notify the audience that the posts were incentivized. While adding the word “contest” or “sweepstakes” to the hashtag would likely be sufficient, an ambiguous word such as “sweeps” would not be sufficient because many people would not know what that means.
54
Allison Fitzpatrick is a partner in the advertising, marketing and promotions practice group of Davis & Gilbert, where she represents advertisers, media companies and agencies in connection with all aspects of advertising, marketing and promotions. She counsels clients on new and emerging media issues, including with respect to social media, user-generated content, blogging and mobile marketing. afitzpatrick@ dglaw.com
CELEBRITY AND EMPLOYEE ENDORSEMENTS The updated FAQs also address the issue of endorsements by celebrities who regularly charge advertisers to mention their products. The FTC explains that the issue of whether celebrities must disclose that they are being paid to tweet about products depends on whether their followers understand that their tweets are paid endorsements. If a significant number of their followers do not understand, a disclosure would be required. Because this understanding may be difficult to prove, the FTC generally recommends a disclosure. The FTC’s recent enforcement actions placed a particular emphasis on the responsibility of companies to ensure that their employees are disclosing their relationship with the company’s clients when posting about the clients on social media. The updated FAQs expand on this concern, explaining that if an employee uses social media to talk about his or her employer’s products, the employee should properly disclose the employee/employer relationship in the post. The same requirement applies to employees of an advertising agency or public relations firm. Accordingly, if an agency or PR
firm asks its employees to endorse clients on social media, it must advise the employees to disclose their relationship with their client. The updated FAQs emphasize that companies should establish a formal program to both remind employees of policies regarding how to properly disclose material connections, and to monitor those employees. The updates also state that before using social media to talk about the employer’s products, an employee should check to ensure compliance with the policies. If an employer learns that an employee has posted a review on the company website without adequate disclosure, the employee should be reminded of the policy and asked to either remove the review or disclose the relationship to the company. MONITORING AND TRAINING When using a network of influencers to promote products, companies are responsible for developing and maintaining programs to train and monitor that network. The updated FAQs state that companies should explain to network members what is permissible to say about a product and what is not, instruct network members regarding responsibilities for disclosing their relationship to the company, periodically check to see what members of the network are saying on social media, and follow up if questionable practices are discovered. Nevertheless, the FTC understands the difference between monitoring employees and monitoring a network of influencers. Therefore, as long as a company make a reasonable effort to train and monitor its network, it is unlikely that questionable practices by a single influencer would lead to formal action. Still, companies should remember that they are responsible for what others say online on their behalf. Consequently, according to the FTC, companies should make sure that any third parties hired to run social media programs on the company’s behalf have a program in place to train and monitor their social media network. Companies should ask for regular reports confirming that the program is operating properly and in accordance with the Guides. ■
today’s gener al counsel oct/ nov 2015
Detecting FCPA Risk continued from page 51
14 percent of corporate fraud. As this number illustrates, organizations must develop more effective methods of compliance. DATA-DRIVEN ANALYTICS Alstom and many other recent FCPA cases illustrate the need for organizations to move away from traditional, reactive methods of responding to risk. Organizational risk will to continue to rise as unstructured data continues to proliferate, and data becomes more decentralized through operational and employee globalization, and the widespread use of cloud computing, social media and mobile devices. The loss of control over data means organizations must find new ways to consider and manage data-based risks before problems erupt. Today, organizations need to make use of their unprecedented access to data to detect indications of bribery and fraud in real time, before liabilities for the company arise. They must use the many sources at their disposal, including unstructured data and communications such as e-mail, messaging, and social media between employees, thirdparty partners and others. Otherwise, they are ignoring a potentially rich source of insights. While significant progress has been made in using data analytics to detect fraud and other misconduct within structured data (e.g., credit card transactions that can be mined within a database), less work has been done in developing methods of uncovering risk in email and other less structured data sources. It is no surprise to general counsel and other legal practitioners that email often serves as the primary source of damaging material in FCPA and other cases involving misconduct. The traditional legal process focuses on analyzing email after a government investigation or litigation request has commenced. However, a proactive monitoring program can leverage email and other structured and unstructured data to detect risk as issues develop in real time. Many of the same behavioral and communication patterns legal practitioners have become adept at identifying after misconduct has occurred can be used to search for similar patterns. Some of the techniques to implement proactive monitoring include: • Identifying classes of communications (e.g., emails between company representatives and outside consultants) most likely to contain evidence of FCPA and other violations, based on patterns identified in past cases.
• Developing analytic models that leverage both text and metadata features within email to identify higher risk communications. • Conducting periodic audits of email and other data sources in countries with a higher risk of FCPA and other issues. By building on basic e-discovery technology and layering in advanced analytics, legal departments can more effectively zero in on documents warranting review. EXPLOIT WHAT’S ALREADY IN PLACE Despite their aggressive approach, the DOJ and SEC still consider an organization’s timely self-disclosure and remediation of misconduct in assessing fines. Therefore, a proactive, data-driven approach to determine which risks require the most attention by general counsel is important. Many organizations already have the requisite risk management technology in-house, even if they currently are not exploiting its full potential. For example, organizations with ediscovery technology can put their expertise to use. They can interview subject matter experts to gather the appropriate keywords, concepts, and metadata to construct a profile of documents requiring closer scrutiny. Then they can use email communication visualization, and predictive concept and relationship analytics, to segment the small percent of documents that indicate a potential compliance problem. Finally, they can apply advanced analytics to refine their searches, correlating additional criteria, or indicia, of risky behavior to create “heat maps” of activity. As the effectiveness of analytical capabilities improve, the compliance monitoring program can function with less human intervention while detecting indicia of risk sooner. Once general counsel recognize the value of these tools, they can use them to not only root out corruption under the FCPA but also to examine their data for violations of other laws, regulations and industry standards, such as the Fair Credit Reporting Act, the Health Insurance Portability and Accountability Act, and the PCI Data Security Standard. With advanced analytics, unstructured data such as e-mail transforms from a treasure trove of information for regulatory agencies into a rich resource for organizations looking to make the most of their opportunities to proactively identify emerging risks before they turn into liabilities for the company. ■
55
Rob Hellewell is an attorney and vice president at Xerox Litigation Services. He counsels corporations and law firms on using e-discovery technology, data science and data analytics to solve legal and compliance issues. He works with clients to detect hidden risks in email and other unstructured data and apply data analytics to FCPA, antitrust, white collar and other legal matters. Rob.hellewell@ xerox.com
!?
Don’t Get AmbusheD by ADministrAtive Dissolution 56
by sandra Feldman
today’s gener al counsel oct/ nov 2015
A
dministrative dissolution or revocation is one of the worst things that can happen to a corporation and should be avoided at all costs. Nevertheless, it happens to thousands of corporations each year. In many cases the people running the business have no idea it happened and continue conducting business as usual. “Administrative dissolution” means taking away the rights, powers, and authority of a corporation. It is an action taken by the administrator overseeing business entities in the state of incorporation, due to the corporation’s failure to comply with certain obligations of the state corporation statute. “Administrative revocation” means taking away a corporation’s authority to do business in a state in which it had qualified to do business, other than its home state. If dissolution or revocation occurs, the corporation’s management and counsel will eventually find out. This may be when they try to file documents with the filing office, bring a lawsuit, enter into a merger or asset sale, find investors, or when another event occurs where proof that the corporation exists or is authorized to do business is required. At that point counsel will have to learn when and why the corporation was administratively dissolved or revoked, how its powers or authority can be reinstated, and what consequences transpire because the corporation conducted business while it was not permitted to do so.
In most states, reInstatement Is avaIlable only for a certaIn number of years after dIssolutIon or revocatIon.
NON-COMPLIANCE OFTEN INADVERTENT A corporation may be administratively dissolved or revoked for a variety of reasons. The exact grounds are set forth in the state corporation statutes. The two most common grounds are failure to pay franchise taxes within a specified period of time after they were due, and a failure to deliver an annual report within a specified period of time from the due date. The failure to maintain a registered agent or registered office, or notify the state of a change in registered agent or registered office in a timely manner, are common statutory grounds as well. The failure to comply with these statutory obligations may be intentional or unintentional. In some cases it occurs because the corporation has been abandoned by its owners. More often it is inadvertent.
tion continues to exist, generally until it winds up its affairs and liquidates its assets or the survival statute expires. A survival statute is like a statute of limitations. It gives a corporation a certain period of time (often two or three years) to prosecute and defend suits and take the actions necessary to wind up. Once a corporation is administratively dissolved it is prohibited by statute from engaging in any activities other than those necessary to liquidate its assets and wind up its affairs. Despite this prohibition, it is not unusual to see an administratively dissolved corporation continuing to operate as a going concern because the people who are acting on its behalf are unaware that it has been dissolved. An administratively dissolved corporation that continues doing business can run continued on page 61
Inadvertent administrative dissolution or revocation can happen fairly easily to corporations large and small. For example, the shareholders of a small S Corporation may have thought that because the corporation did not have to pay state income tax, it did not have to pay franchise taxes either. Or an overburdened corporate secretary, responsible for the annual report filings of hundreds of subsidiaries, may have allowed some to fall between the cracks. The consequences of administrative dissolution are generally the same as the consequences of a voluntary decision to dissolve. At common law, and under the early corporation statutes, a corporation ceased to exist as an entity upon the effective date of its dissolution. However, today an administratively dissolved corpora-
57
58
WHAT GENERAL COUNSEL SHOULD KNOW ABOUT LEGIONNAIRES’ DISEASE BY THOMAS P. BERNIER, SUSAN E. SMITH AND PAUL E. WOJCICKI
TODAY’S GENER AL COUNSEL OCT/ NOV 2015
A
recent outbreak in the South Bronx claimed 12 lives, left another 120 victims infected and put Legionnaires’ disease back in the headlines. As is typical of such outbreaks, the cases mounted quickly, with over a hundred diagnoses occurring in a three week period. As media attention grew, so did the pressure on public health agencies, who in turn unleashed investigators with orders to identify the source. Suddenly, hundreds of building owners were faced with requests for water samples from every cooling tower under their control. Shortly thereafter, state and municipal legislators enacted regulations that require owners of cooling towers to register them and develop a cooling tower maintenance plan. The regulations require cooling towers to be periodically inspected and tested for microbes, including legionella, with immediate disinfection required when results are positive. It is expected that other states and municipalities will follow suit and pass similar legislation. As a result, building owners likely turned to their corporate or general counsel looking for advice. If that were you, could you provide timely answers to questions such as: What is Legionnaires’ disease? What does it have to do with our building? Can health department authorities shut us down? Can we get sued over this if someone gets sick? Does our insurance cover it? What should we do to protect ourselves? Besides being a potentially fatal disease, Legionnaires’ disease poses a serious liability risk to those responsible for the development, design, engineering, construction, manufacture, installation, maintenance and repair of buildings, building systems and components identified as a cause or source of an outbreak. Manufacturers of HVAC equipment, water heaters, water tanks, plumbing fixtures and supplies – as well as companies that include these items in their products, such as mobile home, motorhome and travel trailer makers – are also at risk. But once appreciated, the liability risk can be managed. Here are a few things you should know about the disease and managing the liability risk it poses. THE DISEASE Known as legionellosis in medical circles, Legionnaires’ disease is a type of bacterial pneumonia. Scientists first identified the disease and its cause, the Legionealle bacterium, in 1976 following an outbreak at the American Legion Convention at a prominent Philadelphia hotel. Research has since shown the Legionealle bacterium to be ubiqui-
tous. It occurs naturally in lakes and streams and spreads through drinkable-water distribution systems, and it can survive the chlorine levels found in most public water systems. It is present at some level in virtually all municipal water supplies. Legionellae can grow in tap water at temperatures ranging from 77º to 108º F, with optimal growth conditions occurring at 98.6º F. For Legionnaires’ disease to develop, an individual must inhale aerosolized water that contains a high enough concentration of the bacteria to make it past the body’s natural defense mechanisms. Most exposures do not produce disease, but when they do the disease can be fatal. Outbreaks have been traced to HVAC equipment, especially cooling towers and evaporative condensers, water heaters, showers, faucets, humidifiers, whirlpool baths, respiratory equipment, ultrasonic misters and decorative fountains. Symptoms usually appear between two days and two weeks after exposure. Legionnaires’ disease outbreaks are on the rise, with the number of reported cases having tripled in the past decade. The Centers for Disease Control and Prevention (CDC) estimates that in the United States the disease infects between 8,000 and 18,000 people annually, with associated healthcare costs of about $321 million. The CDC also puts the mortality rate in some outbreaks at near 50 percent. But the CDC’s estimates may not tell the whole story. Medical experts believe that because most infections involve a single patient, they are frequently misdiagnosed as some other form of pneumonia. As a result, a great many cases go uninvestigated and unreported. The actual number of cases in the United States may be as high as 100,000 annually. RECENT TRENDS The increasing number of diagnoses of Legionnaires’ disease has led to an increase in the number of claims and lawsuits alleging wrongful death, serious personal injury, property damage and economic loss, including business interruption and lost profits. For the most part, claims have been brought against the owners and operators of hotels, hospitals, shopping malls and senior housing facilities, under a negligence theory. More recently, however, savvy plaintiffs’ attorneys have begun to target manufacturers. These suits typically allege product design, manufacture, and instructions and warnings defects, and they seek recovery under strict product liability and for breach of express and implied warranty.
Thomas P. Bernier is a trial attorney and shareholder with the law firm Segal McCambridge Singer & Mahoney, Ltd, which specializes in representing defendants in commercial cases, consumer litigation, general liability, products liability and toxic tort/ hazardous substances litigation. Currently he is representing clients nationwide in complex, multi-party Legionnaires’ disease lawsuits. tbernier@smsm.com
59
oct/nov 2015 today’s gener al counsel
60
Susan E. Smith is a trial attorney and shareholder with the law firm of Segal McCambridge Singer & Mahoney, Ltd. Currently she is representing clients nationwide in complex, multi-party Legionnaires’ disease lawsuits. ssmith@smsm.com
Paul Wojcicki is a trial attorney and shareholder with the law firm of Segal McCambridge Singer & Mahoney, Ltd. His practice focuses on product liability and warranty defense. pwojcicki@smsm.com
The legal exposure can be substantial. Many of those infected who do recover spend weeks, if not months, in the hospital and may be left with catastrophic impairment. In November, 2010, two workers exposed in an Alabama hotel hot tub split a $4.5 million dollar award. In April, 2014, $2.3 million was awarded to the widow of man who died of Legionnaires’ disease he contracted from an indoor fountain in a wellknown Chicago hotel. An outbreak at a hotel in Miami, Florida in 2009 reportedly resulted in revenue losses of $200,000 per day, and in 2006 a jury returned a $193 million verdict against a manufacturer of equipment used for hot tubs on a luxury cruise ship, after the hot tubs were associated with several confirmed cases of Legionnaires’ disease, leading to months of lost bookings while the ship was forced to remain in port for remediation and repair. Many other serious personal injury and wrongful death lawsuits settle out-of-court with stipulations that details remain confidential. In addition to potential exposure to multimillion dollar lawsuits, building owners and operators may face public health investigations and associated regulatory action such as temporary closure orders, remediation, and mandatory notification of guests and patrons, leading to substantial business interruption losses, expenses and negative publicity. Insurance coverage may not be available. It is becoming more common for policies to contain specific language excluding legionella related claims. Standard ISO exclusions have been judicially interpreted to support a denial of coverage. RISK MANAGEMENT Effectively managing the risks posed by Legionellae and other potentially harmful bacteria requires action. Those involved in ownership and operation of buildings with complex water distribution systems, decorative water features and other components that have been implicated in legionella amplification should understand the risks associated with their premises and engage qualified professionals to develop a tailored risk management plan. International, national and industry associations have issued guidelines and protocols relating to legionella risk assessment and control, and in particular two prominent organizations have recently weighed in. The American Industrial Hygiene Association (AIHA) and The American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. (ASHRAE) have published documents on the evaluation and control of legionella in building water systems.
On May 1, AIHA published “Recognition, Evaluation, and Control of Legionella in Building Water Systems,” a guide for competent professionals and technicians to follow when assessing legionella hazards using the fundamental principles of industrial hygiene. And in late June, 2015 ASHRAE published “Legionellosis: Risk Management for Building Water Systems,” more common-
Claims have been brought against owners and operators of hotels, hospitals, shopping malls and senior housing faCilities, under a negligenCe theory. more reCently savvy plaintiffs’ attorneys have begun to target manufaCturers. ly referred to as Standard 188, which is intended for use by the owners and managers of buildings that contain features associated with legionella amplification. ASHRAE Standard 188 establishes a risk management protocol for building water systems, including a mandate that building owners establish a “water management program,” and designates a specific program team to oversee it. No court as yet has declared that any particular guideline is a definitive standard of care for the management and control of legionella. However, it is fair to say that the trend is moving toward an expectation that designers, owners, and managers of buildings with complex water systems and water features have a solid appreciation of the risk and implement a proactive approach. In jurisdictions such as New York, where regulations require specific actions to monitor and control the proliferation of legionella in cooling tower water, a compliance audit must be done so that owners are able to demonstrate that an appropriate maintenance and monitoring program is in place. Likewise, manufacturers must understand the risks associated with their products and assess whether existing product literature sufficiently informs consumers about risks and precautions. Once informed, it is up the product user to use and care for the product properly. ■
today’s gener al counsel oct/ nov 2015
Administrative Dissolution continued from page 57
into a variety of legal problems. The actions it takes, other than those done to wind up its affairs, may be considered void or voidable. The people who act on its behalf may be held personally liable for debts or obligations incurred while dissolved. And it may be unable to bring a lawsuit or proceeding. A corporation is not permitted to conduct intrastate business in a state other than its state of incorporation until it applies for, and receives, a certificate of authority to do business in that state. If its authority is revoked it cannot continue to transact business there. A corporation doing business without authority is subject to monetary penalties. In some states the individuals who transact business on its behalf may be penalized. In addition, the corporation cannot bring a lawsuit in the state while it is transacting business without authority. TIME PERIOD FOR REINSTATEMENT One of the first steps counsel will take on behalf of an administratively dissolved or revoked corporation is to seek reinstatement. Reinstatement is a statutory procedure that restores an administratively dissolved corporation’s rights, powers and authority – or an administratively revoked corporation’s authority – thereby allowing the corporation to resume doing business. In most states, reinstatement is only available for a certain number of years after dissolution or revocation. The period varies from state to state, but is generally not less than two or more than five years. It is important to check the statute. If reinstatement is not available, a dissolved corporation will have to complete its winding up and liquidation and then reincorporate. A revoked corporation will have to re-qualify. Assuming reinstatement is still an option, a corporation must deal with the grounds that caused it to be dissolved or revoked and pay all taxes, interest and penalties that are due. It also has to file an application for reinstatement with the state administrator. If its application is denied there is a statutory right to appeal. The corporation statutes provide that when reinstatement is effective it takes effect as of the date of dissolution or revocation. This creates a legal fiction that the administrative dissolution or revocation never occurred. By creating this fiction, many of the problems that arise due to the dissolution or revocation are eliminated.
Nevertheless there are a number of case law examples in which reinstatement did not provide a cure-all. For example, officers have been held personally liable for contracts entered into on a corporation’s behalf before it was reinstated where the officer knew of the
Once a cOrpOratiOn is administratively dissOlved it is prOhibited frOm engaging in any activities Other than thOse necessary tO liquidate its assets and wind up its affairs. administrative dissolution, and lawsuits filed by reinstated corporations have been dismissed if the statute of limitations ran before the date of reinstatement. Another problem an administratively dissolved or revoked corporation can face, and that reinstatement may not cure, involves the loss of its name. In many states the corporation’s name becomes available to other business entities. If, during the period of administrative dissolution or revocation, another business entity forms, qualifies or changes its name to the dissolved or revoked corporation’s name, reinstatement will generally not give the corporation the right to get its name back. It will have to choose another name in order to be reinstated. Administrative dissolution and revocation are not uncommon occurrences. Consequently, counsel should be aware of the statutes and case law governing administrative dissolution, administrative revocation and reinstatement for those states in which the corporations they advise are organized and transact business. ■
61
Sandra Feldman is the Publications and Research Attorney for CT Corporation (a Wolters Kluwer business), a leading provider of formation, incorporation, registered agent and other services for businesses of all sizes. She has written extensively about corporations and other business entities. sandra.feldman@ wolterskluwer.com
Rethinking the Legal Function BY TIM STRONG
62
today’s gener al counsel oct/ nov 2015
F
or today’s general counsel, it’s no longer enough to be an excellent legal advisor. In order to manage legal departments, GCs must also be strong business leaders and experienced counselors. These functions can be both complementary and competing, so GCs should regularly take time to consider where skills, talents and acumen are best deployed. They should consider each situation in the context of specific challenges faced by their own industries, companies and the geographies in which they operate. There are, however, several common situations that most GCs will face. A major issue is maintaining legal authority while acting as a business leader. For many, the opportunity to develop their business acumen is one of the greatest incentives of the job. However, GCs hold a unique place within companies and they must occasionally navigate a fine line. Even as they lead a department and utilize their business knowhow, their first responsibility is to their profession and to be legal counselor to their clients. Even though it tends to be much more professionally rewarding to earn a reputation as a problem solver and meaningful contributor instead of the one who says “no,” GCs must maintain their independence and keep a focus on their legal and ethical obligations. Failure to do so can put the company at risk of questionable, even illegal, business practices and compliance breaches. In practical terms, that means GCs have to regularly reassess the needs, culture and strategies of their clients, colleagues and senior leadership. In certain situations, lawyers indeed may need to say no, or at least suggest alternatives. This is particularly true when companies are just starting up, entering new geographies or launching new initiatives. Those new to the top legal role need to proceed carefully in such situations, in order to find and maintain the right balance. However, if the company does have solid compliance programs in place, if employees understand their ethical obligations and GCs feel confident in their abilities, then they may be able to spend more time acting as business leader, and switch seamlessly back to their position as legal authority when necessary. In some companies, it makes sense to embed lawyers in the business units, rather than have them reside in the legal department. With this type of arrangement, GCs need to regularly remind their lawyers that they are lawyers first and businesspeople second.
At many organizations, the GC oversees activities that can be tangentially related to their core job, such as compliance and government relations. In these situations, they need to carefully consider how to balance these activities with their legal responsibilities. If GCs learn about allegations of illegal practices or misconduct through their other roles, they may find themselves facing a conflict of interest. While they may need to defend their clients and maintain confidentiality and privilege as in-house counsel, in other roles they may have duties to disclose actual and potential misconduct. Even when others have direct oversight of compliance, government relations and other functions, GCs need to consider how
If GCs learn about allegations of misconduct through their other roles, they may find themselves facing a conflict of interest. involved they should be, and in what ways. Many companies are now grappling with the question of whether the compliance department should be part of the legal department or completely separate. Even when conflicts don’t arise, playing multiple roles takes time away from the GC’s primary role of heading the legal department. That means when GCs have other responsibilities, they have to plan carefully, manage their time wisely and delegate when necessary. The growth in regulatory and compliance issues has added to GC responsibilities. GCs must stay current with new laws and shifting regulator priorities, and make sure their in-house attorneys and outside counsel do the same. They should familiarize themselves with the company’s training programs, so they can ensure those are up-to-date and reflect the current landscape. They should also consider communications with the board of directors and others in the C-suite. Those at the top levels of companies are aware of the increased risks in the current environment, and they expect answers and information from their legal departments.
63
oct/nov 2015 today’s gener al counsel
When it comes to compliance and regulations, GCs should think like businesspeople, but offer advice from a legal perspective. Today GCs also need to leverage data and technology to stretch their limited time and budgets, and properly manage their duties. Through metrics, legal departments can improve the qual-
When it comes to compliance and regulations, GCs should think like businesspeople, but offer advice from a legal perspective.
64
Tim Strong is a managing director in Duff & Phelps’ Legal Management Consulting practice. He specializes in corporate legal strategy, operations and technology engagements. Tim.Strong@ duffandphelps.com
ity of in-house and outside counsel work, boost the bottom line and manage risk. Used properly, metrics provide insights into internal and external performance, value, compliance and cost. In most cases there is no shortage of data. Often legal departments already possess a great deal of useful data, as well the technology to leverage it, and in fact many GCs feel like they have far too much data. In order to wade through it and put it to work, they need to automate many of the processes involved. To systematically track their data, GCs need to categorize work performed and ensure that law firms submit their bills electronically, and designate resources in the legal department to analyze the data. GCs should also consider who will be able to use the information to hire and manage outside counsel and vendors. At some companies, only in-house counsel are able to hire law firms directly. At other organizations, business people or the procurement department may have that authority. When it comes to developing metrics programs, GCs don’t need to dive in all at once, but rather can start by focusing on one area of improvement. They may, for example, begin by developing scorecards for alternative fee arrangements with outside counsel, or by creating a vendor evaluation program. When one part of the program has been formalized, others can be added. By using metrics, GCs will be able to operate more like their business peers, monitoring and measuring strategic goals, while making sure they can correct course when necessary.
With insight derived from metrics, GCs can improve the way they staff and manage matters internally. Along with accessing the hard data they need to make staffing determinations, GCs should complete strategic analyses of overall operations. Equipped with this information and insight, they can add staff where necessary and reallocate resources as needed. Once they have the right staffing levels, GCs need to consider how to retain in-house counsel. This can be challenging, particularly in companies where attorneys are staffed within the legal department and not business units. When assigned to the legal department, in-house attorneys often have fewer opportunities to change positions or develop different skills and experiences. GCs should make a conscious effort to broaden the skill sets of attorneys who want fresh challenges. This can mean allowing some lawyers to work on projects in areas outside their normal responsibilities. Social media, “Big Data” and other emerging technologies present their own sets of issues. They can provide significant advantages, but they can also present risk. Big Data raises privacy and security issues. Social media can expose an organization to bad publicity. GCs need to understand these technologies and create policies and procedures for using them. While the opportunities to be business partners and proactive strategists can be exciting, they also present challenges. To combine the best of legal and business skills, GCs need to know where the pitfalls lie, calibrate their priorities and manage their time. ■
TodaysGC Daily Newsletter The daily newsletter is a terrific advertising vehicle to reach 46,000 corporate subscribers. With a high open rate, the newsletter is unmatched as a marketing vehicle within the corporate counsel community.
T ODAYS G ENER A L C OUNSEL .C OM / SUB S C R IBE
$110 BILLION
IN CLAIMS & COUNTERCLAIMS AdMINISTEREd IN 5 YEARS *
would you trust just anyone?
When everything is on the line, trust the leader in alternative dispute resolution (ADR) since 1926. The American Arbitration Association® (AAA®) has been entrusted to handle more “bet-the-company” cases than anyone in ADR today. We provide executive facilitation of your disputes by experienced leaders, and access to arbitrators and mediators who specialize in large cases. Meet your AAA executives at adr.org.
adr.org | 1.800.778.7879
RESOLVE the Complex. The total of all claims and counterclaims for commercial arbitrations filed with the AAA between 2009-2013. ©2015 American Arbitration Association, Inc. All rights reserved.
*