Today's General Counsel, V13 N5, October/November 2016 by Today's General Counsel

OCT/ NOV 2016 VOLUME 1 3 / NUMBER 5 TODAYSGENER ALCOUNSEL.COM

LEVERAGING ARTiFICIAL INTELLIGENCE E-DISCOVERY CONTRACT REVIEW DECISION-MAKING

■

The Uncertain Future of the Gig Economy

■

Does “Data Analytics” Invite Litigation?

■

Duped Shareholders Hail Delaware

■

“BigLaw” Raise$ Eyebrows

■

It’s Still Possible to Patent Software

$199 Subscription rate per year ISSN: 2326-5000 View our digital edition: digital.todaysgeneralcounsel.com

Most companies release the results of a board evaluation in their proxy statements. But shareholders want more than just a pro forma list of results. They want to know that your board assessment `` wasn’t just a “check-the-box”

exercise;

`` identified risk and strategic

opportunities; and

Check board performance, not just the box.

`` generated concrete action

steps that will lead to improvement.

NACD Board Evaluations are conducted by experienced, active directors who understand the nuances of the boardroom. Our facilitators are uniquely qualified to lead meaningful team-building engagements that are designed to produce practical action plans. That’s what shareholders are looking for—clear evidence that your board is actively looking after their interests.

SCHEDULE A CALL TO LEARN MORE.

NACD BOARD EVALUATIONS E-MAIL: PHONE: WEB:

Steve_Walker@NACDonline.org 202-572-2081 NACDonline.org/Evaluations

Problem solved. No matter how complex the legal challenge, our attorneys are up to the task. We’ll help you make the right moves and find solutions that work for your business. With fewer twists and turns.

Uncommon Value

ATLANTA

CHICAGO

DALLAS

DELAWARE

INDIANA

LOS ANGELES

MICHIGAN

MINNEAPOLIS

btlaw.com

Rubik’s Cube® used by permission Rubik’s Brand Ltd. www.rubiks.com

OHIO WASHINGTON, D.C.

oct/ nov 20 16 toDay’s gEnEr al counsEl

Editor’s Desk

Until recently it was assumed that robots couldn’t replace lawyers, and you still won’t be seeing a sign that says R2D2, Esq. in the near future, but it turns out that e-discovery was a stalking horse for artificial intelligence in the legal profession. The in-house departments of large corporations are on the cutting edge of this phenomenon. In this issue of Today’s General Counsel, Richard Vestuto points out that artificial intelligence-aided contract review is a natural companion to e-discovery, and uses some of the same tools. He estimates that it takes a group of attorneys about 20 weeks to review a thousand contracts the old-fashioned way, but automation could cut that time by 90 percent. That would free some of those attorneys for work that demands higher skills, but the net result would be fewer attorneys. Data analytics have been a boon for corporations that thrive on information about individual buying patterns. Now the sheer accumulation of data has made demographic analysis possible. Coleman Watson highlights a recent FTC report that addresses the potential for actionable discrimination issues when algorithms make forecasts about broad swaths of population that result, for example, in job or housing decisions. In another article, David Katz discusses the necessity for information governance strategies that address the risks posed by the Internet of Things, and suggests forming a Data Governance Committee as a first step. Its primary duty would be to ensure the defensibility of data practices. In the midst of data privacy and e-mail hacking headlines, it seems almost quaint to think about problems like employee dishonesty and conflicts between shareholders and corporate management, but they still exist and both are addressed in this

issue. Joseph Saka provides a guide through the process of collecting on a fidelity bond. He says that companies frequently forfeit coverage by making errors after learning about an employee’s misconduct. Co-authors John T. Bender and John A. Bender go into detail about a recent Delaware Supreme Court decision with major implications for shareholder litigation. That case was unusual because it held that shareholders suffered an injury independent of the harm suffered by the company when the share price dropped.

Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com

fronteo.com/usa usinfo@fronteo.com 1-866-803-7668

MOVING FORWARD TO A BRIGHTER FUTURE

Learn. Share. Know.

Subscribe to the new FRONTEO Blog today! Read thought-provoking, compelling content from subject matter experts on topics including: ■

■

eDiscovery Cyber Security Big Data Managed Services Artificial Intelligence Cross Border and Global eDiscovery Managed Review Foreign Language Business Intelligence Forensics ■

■

Also, feel free to share any topics you would like to see us cover! Email us at blog@fronteo.com

Visit www.FRONTEO.com/usa/blog

Welcome to the new FRONTEO (formerly UBIC/Evolve Discovery/TechLaw Solutions)

Oct/ NOv 2016 todayâ&#x20AC;&#x2122;s gener al counsel

Features

Page 58

Page 52

DELAWARE CASE MAKES IT EASIER FOR DUPED SHAREHOLDERS TO SUE John T. Bender and John A. Bender Drop in share price was the basis for the suit.

C o lu m n s

WORKPLACE ISSUES What the Olympics Teach Us about Diversity Dionysia Johnson-Massie and Paul E. Bateman Recruiting, retaining and rewarding, under serious leadership.

BIGLAW RAISES, AND A PITCH FOR INSIDE COUNSEL TO START THINKING SMALL Margaret Cassidy and Sara Kropf If $180K associates have you thinking twice...

CONTRACT REVIEW MEETS E-DISCOVERy Richard Vestuto Artificial intelligence can be trained to interpret contract provisions.

THE ANTITRUST LITIGATOR Motions to Dismiss Under Twombly

INFORMATION GOVERNANCE OBSERVED The Promise of Data-Driven Decisions

Jeffery M. Cross Key difference between plausible and possible.

Barclay Blair Data remediation policies are mostly driven by groundless fear.

PATENTS PATENTS PATENTS|||TRADEMARKS TRADEMARKS TRADEMARKS|||COPYRIGHTS COPYRIGHTS COPYRIGHTS|||TRADE TRADE TRADESECRETS SECRETS SECRETS

ARE ARE AREYOU YOU YOUMISSING MISSING MISSINGOUT? OUT? OUT? JOIN JOIN JOININTELLECTUAL INTELLECTUAL INTELLECTUALPROPERTY PROPERTY PROPERTYOWNERS OWNERS OWNERSASSOCIATION ASSOCIATION ASSOCIATIONAND: AND: AND: NETWORK NETWORK NETWORKwith with withover over over195 195 195corporate corporate corporatemembers members membersand and and290 290 290law law lawfirm firm firmmembers members members SUPPORT SUPPORT SUPPORTeffective effective effectiveIP IP IPprotection protection protection RECEIVE RECEIVE RECEIVEthe the theIPO IPO IPODaily Daily DailyNews™ News™ News™ ACCESS ACCESS ACCESSmembers-only members-only members-onlycontent content content JOIN JOIN JOINaaastanding standing standingIP IP IPcommittee committee committee ATTEND ATTEND ATTENDeducational educational educationalconferences conferences conferencesand and andIPO’s IPO’s IPO’sIP IP IPChat Chat ChatChannel Channel Channelwebinars webinars webinars

For For Formore more moreinformation information informationand and andtototoapply apply applyvisit visit visitus us ustoday today todayatatatwww.ipo.org www.ipo.org www.ipo.org

Serving Serving Servingthe the theworldwide worldwide worldwideintellectual intellectual intellectualproperty property propertycommunity community community www.ipo.org www.ipo.org www.ipo.org|||info@ipo.org info@ipo.org info@ipo.org|||+1 +1 +1(202)-507-4500 (202)-507-4500 (202)-507-4500

Oct/ NOv 2016 toDay’s gener al counsel

Departments Editor’s Desk

Executive Summaries

Intellec tual ProPert y

e-dIscovery

22 Building a Better Play List with Technology-Assisted Document Review Brett M. Anders and Rick Anderson Entry points to predictive coding.

l abor & emPloyment

16 Emerging Issues in Workplace Accommodations Jay M. Wallace Wide application of “the interactive process.”

18 Insurance after Employee Betrayal: Preparing and Presenting Fidelity Bond Claims Joseph M. Saka Chapter and verse required, but not for initial notice.

20 The Uncertain Future of the Gig Economy Todd Scherwin, Christopher Ahearn and Ryan P. Kennedy More workers than there are soldiers in the U.S. Army.

26 Why Speed Counts in E-Discovery Brad Harris Speed empowers legal teams for early decision-making and reduces risk.

28 Cruising Through E-Discovery Joe Mulenex Smoothing out what could be a rocky trip. cybersecurIt y

30 The Privacy and Cybersecurity Challenge for Startups Bill O’Connor Build in security from the get-go.

38 It is Still Possible to Patent Software Ed Russavage and Matt Grady Different examiners, art groups, yield different results.

40 Confronting the Gray Market in Korea and the U.S. Rebecca Felsenthal, Richard Nelson, Sue Su-Yeon Chun and Jason Jeong Lee Differing laws and protections with respect to “parallel imports.” comPlIance

44 Protecting Data Analytics from Litigation Coleman Watson Regulators watching how Big Data gets used.

46 Data Governance for the Internet of Things David Katz An emerging issue requires an institutional response.

34 Preparation is the Best Defense Against a Cyber Attack Collin J. Hite A ten-point checklist.

Page 22

editor-in-Chief Robert Nienhouse managing editor David Rubenstein

exeCutive editor Bruce Rubenstein

senior viCe president & managing direCtor, today’s general Counsel institute Neil Signore art direCtion & photo illustration MPower Ideation, LLC law firm business development manager Scott Ziegler database manager Matt Tortora Contributing editors and writers

Christopher Ahearn Brett M. Anders Rick Anderson, Paul E. Bateman John A. Bender John T. Bender Barclay T. Blair Margaret Cassidy Sue Su-Yeon Chun Jeffery M. Cross Rebecca Felsenthal Matt Grady Brad Harris Collin J. Hite

Dionysia Johnson-Massie David Katz Ryan Kennedy Sara Kropf Jason Jeong Lee Joe Mulenex Richard Nelson Bill O’Connor Ed Russavage Joseph M. Saka Todd Scherwin Richard Vestuto Jay M. Wallace Coleman Watson

editorial advisory board Dennis Block GREENBERG TRAuRiG, LLP

Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

reprints For reprint requests, email rhondab@fosterprinting.com Rhonda Brown, Foster Printing

Robert Profusek JONES DAY

Thomas Brunner

Joel Henning

Art Rosenbloom

WiLEY REiN

JOEL HENNiNG & ASSOCiATES

CHARLES RiVER ASSOCiATES

Peter Bulmer JACKSON LEWiS

Sheila Hollis

George Ruttinger

Mark A. Carter

DuANE MORRiS

CROWELL & MORiNG

David Katz

Jonathan S. Sack

DiNSMORE & SHOHL

James Christie BLAKE CASSELS & GRAYDON

WACHTELL, LiPTON, ROSEN & KATz

Steven Kittrell

MORViLLO, ABRAMOWiTz, GRAND, iASON & ANELLO, P.C.

MCGuiREWOODS

Victor Schwartz

FTi CONSuLTiNG

Jerome Libin

SHOOK, HARDY & BACON

Jeffery Cross

SuTHERLAND, ASBiLL & BRENNAN

Adam Cohen

FREEBORN & PETERS

Thomas Frederick WiNSTON & STRAWN

Jamie Gorelick

subsCription

Dale Heist BAKER HOSTETLER

WiLMERHALE

Robert Haig KELLEY DRYE & WARREN

Jean Hanson FRiED FRANK

Robert Heim DECHERT

Timothy Malloy Mc ANDREWS, HELD & MALLOY

Jean McCreary NixON PEABODY

Steven Molo MOLOLAMKEN

Thurston Moore HuNTON & WiLLiAMS

Jonathan Schiller BOiES, SCHiLLER & FLExNER

Robert Townsend CRAVATH, SWAiNE & MOORE

David Wingfield WEiRFOuLDS

Robert zahler PiLLSBuRY WiNTHROP SHAW PiTTMAN

Ron Myrick RONALD MYRiCK & CO, LLC

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, with out the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published six times per year by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2016 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.

The Magazine The six-time yearly publication, with strategies, best practices and analysis written by expert practitioners within the legal profession, offers an excellent branding opportunity to 58,000 qualified subscribers.

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

Oct/ NOv 2016 today’S gEnEr al counSEl

Executive Summaries l abor & emPloyment Page 16

Page 18

Page 20

Emerging Issues in Workplace Accommodations

Insurance after Employee Betrayal: Preparing and Presenting Fidelity Bond Claims

The Uncertain Future of the Gig Economy

By Jay M. Wallace Bell Nunnally & Martin LLP

The Federal government has been increasing the burden on employers to provide accommodations to employees. The Americans with Disabilities Act says that employees seeking an accommodation for a physical or emotional disability must engage their employer in an “interactive process.” Employees provide information concerning the condition and proposed accommodations, and employers are then tasked with determining whether there is a “reasonable” accommodation that would allow the employee to continue working. The Equal Employment Opportunity Commission and state agencies are placing stringent requirements on employers to make accommodations based on religious beliefs. Accommodations can include modified work schedules, attire rules and facial hair requirements. In July of 2014, President Obama issued an executive order to protect federal LGBT employees from workplace discrimination. Employers who have available facilities have responded by designating some gender neutral bathrooms. Others urge transgender employees to use facilities in a stall, to respect the privacy of employees of a different gender using that same bathroom. The EEOC contends that transgender males have the legal right to displace females from the women’s restroom if those women are uncomfortable using the facility at the same time. Under the Fair Labor Standards Act, lactating mothers are allowed a private room to express milk. It cannot be a bathroom, and it must allow a level of privacy and security. Examples include empty offices or lounge areas where the door can be locked.

By Joseph M. Saka Lowenstein Sandler

By Todd Scherwin, Christopher Ahearn and Ryan P. Kennedy Fisher Phillips

Fidelity bonds generally provide coverage for loss resulting from dishonest or fraudulent acts by employees, but too frequently companies forfeit coverage by making needless errors after learning about an employee’s misconduct. One crucial issue for bond coverage is determining when a loss is “discovered.” The bondholder’s notice obligations generally begin after the loss has been discovered, and discovery frequently starts the clock running for the bondholder to submit a proof of loss to the insurer. Under most bonds, the next step is to provide notice of the loss to the insurer. Most bonds don’t require an extensive statement of loss as part of the initial notice, but at that point the hard part begins - investigating the cause and extent of the loss, and submitting written proof to the insurer. Unlike preparing the initial notice, preparing and submitting the proof of loss is complicated. The bondholder generally must submit enough information to prove that a loss covered by the bond has taken place, including proof of the amount, how and when the loss was discovered, who was involved, which personnel have knowledge of the events, and supporting documentation. Bondholders need to be especially cautious in preparing proof of loss. Courts generally expect bondholders to provide all known information called for by the bond and reasonably requested by the insurer. Bondholders need to be careful they don’t forfeit coverage that is otherwise available by failing to check the proverbial box.

In recent years we’ve seen a revolution in e-commerce, as web-based “gig” companies began to enable anyone with a mobile device to connect on demand with a multitude of services. Companies such as Uber, Caviar and Grubhub have enabled anyone in need of income and flexible hours to turn their skills into steady cash. Studies have found that 44 percent of adults in the U.S. have participated in on-demand transactions, and 22 percent, or 45 million, have offered some kind of goods or service as part of the gig economy. An estimated 600,000 workers regularly work through an online gig economy platform. Critics point to the fact that most of the workers are classified as independent contractors rather than employees, and as such are forced to go without many benefits and legal protections that have been afforded to employees for decades. Proponents of the gig economy argue that the flexibility and ready availability of customers that gig companies provide outweigh these concerns, a view shared by many of the workers themselves. Gig companies do provide many benefits to workers, mainly a well-established, functioning and effectively-marketed platform that provides a steady stream of consumers. Policy proposals include legislation creating a new class of workers, and temporarily halting wage and hour lawsuits while Congress and regulators adopt a comprehensive regulatory scheme tailored to the industry. This subject will doubtless become an area of focus for the incoming presidential administration.

today’s gener al counsel Oct/ NOv 2016

Executive Summaries e-Discovery Page 22

Page 26

Page 28

Building a Better Play List with Technology-Assisted Document Review

Why Speed Counts in E-Discovery

Cruising Through E-discovery

By Brett M. Anders Jackson Lewis P.C. and Rick Anderson Kroll Ontrack

Predictive coding can cull through vast amounts of data by quickly identifying relevant documents, thus making the document review process itself less time consuming. Machines do not get tired, lazy or distracted, but attorneys need to train the system by reviewing a sample of the overall document set that empowers the machine to learn how to rank and sort. For parties that have yet to embrace predictive coding, there are various methods that can serve as an entry point. One of them is “document prioritization,” where the computer simply ranks documents that are likely to be responsive. Then attorneys select those documents for review while, to save costs, lower-cost reviewers are tasked with focusing on documents that the prioritization algorithm has deemed “not likely to be responsive.” An ancillary benefit of the prioritization workflow is that it supports potential proportionality arguments. Because the documents most likely to be relevant percolate to the top of the pile, if the review process needs to be stopped it is possible to argue that the most relevant documents have been found. Different vendors and technologies are applying different prioritization methods. In some cases, they review the most important files first, but still review every document. In other cases, quality control and sampling metrics build strong arguments to produce documents based on predictive categorizations. A savvy legal team will know when to leverage each scenario to avoid risk and maximize cost and time savings.

By Brad Harris Zapproved

Speed in e-discovery improves strategy and reduces risk and uncertainty. The advent of cloud computing that is purpose-built for data processing enables speed at a fraction of the cost, allowing legal teams to do searches almost immediately once data has been collected. They can experiment, trying different search parameters and seeing the results. In litigation, speed enables early understanding of what’s at stake and more informed decisions. Quick access and understanding of data is invaluable for developing case strategy, and in particular for defining scope of preservation and negotiating more effectively at the meet-and-confer. Previously, speed was very expensive and thus not a factor that could be exploited by most organizations. But with the advent of secure cloud computing, it’s affordable to gather, cull, search and do a first-pass review of digital records, virtually instantaneously, to inform the next steps. More speed means teams can process the data more efficiently and send smaller more targeted batches of information on to outside counsel for more expensive in-depth review. Time spent waiting for data is time when the team lacks information needed to make important decisions about the best actions to take to protect the organization. Rapid access to data empowers legal teams to gain control over the complex process of e-discovery and allows organizations to quickly understand the pros and cons of any matter. It brings more informed decisions and better strategies, and it reduces both cost and risk.

By Joe Mulenex Exterro

The author offers best practices, strategies and concrete advice about e-discovery projects. The starting point is the creation of a process for preserving and collecting new data types, with collaboration among IT, Legal and HR. These teams should also include internal and outside counsel, HR enterprise managers, IT experts and consultants. Their tasks are to know where the data is stored, craft a collection plan, update data management policies and decide whether work will be done in-house or by a third party. In order for teams from different departments to work effectively, roles must be clearly defined and an effective process and tracking system must be developed. The CIO and the GC must back the effort, and the GC in particular needs to be educated on the importance of developing a relationship with IT. Roles of IT and legal need to be clearly defined, and personal relationships built. There should be a universal tracking system for discovery requests. Large data volumes can be managed by creating a system that enables you to know what you have and where it’s stored, to align information governance and e-discovery policies and take steps to defensibly delete data you no longer need. Whether or not to collect data is the fundamental question. Some collect to preserve, others preserve in-place, or use a hybrid approach. Regardless of strategy, following the same process each time can make the difference when it comes to a successful collection.

OCT/ NOV 2016 TODAY’S GENER AL COUNSEL

Executive Summaries CYBERSECURIT Y

INTELLEC TUAL PROPERT Y

PAGE 30

PAGE 34

PAGE 38

The Privacy and Cybersecurity Challenge for Startups

Preparation is the Best Defense Against a Cyber Attack

It is Still Possible to Patent Software

By Bill O’Connor Baker Donelson

By Collin J. Hite Hirschler Fleischer

By Ed Russavage and Matt Grady Wolf Greenfield

The privacy and cybersecurity landscape is constantly evolving, and it can require significant resources for companies to keep pace with both threats and compliance obligations. This is especially challenging for startups. Numerous laws, including federal and state consumer protection laws, apply to virtually all companies, but in addition there are state data breach notification laws, and in certain industries additional laws and regulations, such as HIPAA for healthcare and the Gramm-Leach-Bliley Act (GLBA) for the financial industry. Startups need to develop a comprehensive program that includes administrative, physical and technical safeguards. These should include an extensive list of safeguards and procedures, including asset management, training, vendor and data management, incident reporting, incident response, event tracking, antivirus and anti-malware protection, removable media protection and restriction, penetration testing and preparation for disaster recovery. Startups are in a unique position regarding awareness and training. Because they generally have a small number of employees or independent contractors, it’s easier for them to conduct training and keep their teams up to date with current privacy and cybersecurity issues. By incorporating awareness and training in the early stages of a company, a startup can build awareness into its culture, and as the company grows that can be a competitive advantage. A startup may also be able to follow “privacy by design” and “security by design” principles from the very beginning as it develops products or services, and that too can give it a competitive advantage.

Today virtually all business is on the radar of cyber criminals, and cybersecurity is no longer just an IT issue. It’s companywide, and all stakeholders need to be involved in solutions. Best practices for managing the risk of a data breach include minimizing data collection, complying with the Payment Card Industry Data Security Standard (PCI DSS), and identifying and digitally shredding unneeded information. Access to personally identifiable information and HR data should be on a “need to know” basis. The network should be “split,” with electronic firewalls limiting the spread of viruses and attacks, and data should be properly encrypted. A comprehensive incident response plan should be in place and tested regularly through desktop exercises. Businesses are also advised to work closely with a broker and insurance coverage counsel to procure the right data privacy insurance. Insurance should cover data restoration, re-securing the information network, theft, fraud and extortion, business interruption, forensic investigation, and crisis and PR management. Keep in mind that insurance underwriters are very cautious and thorough in issuing data privacy insurance. Businesses that go through the process of purchasing insurance will learn a great deal about the state of their network security and response plan and be wellpositioned to find gaps and upgrade their preparation. Good preparation includes developing a strong response team and response capabilities, establishing relationships with law enforcement and regulators, creating and testing a plan, and anticipating communication, remediation and notification pitfalls.

This article discusses patenting strategies for prosecuting existing cases, as well as strategies for preparing cases yet to be filed, so they will withstand heightened scrutiny resulting from the new U.S. Patent & Trademark Office tests for determining patentable subject matter, following a line of cases that culminated in the Alice decision, in 2014. The Supreme Court’s two-step abstract idea test determines if patent claims are “directed to” an abstract idea, and if so whether the claims recite “significantly more” than the abstract idea itself. But the Court provided only the bare-bones test for what constitutes an “abstract idea” and when claims recite “significantly more.” It has fallen to lower courts to define the test, and to the USPTO to figure out implementation. The author discusses several strategies for writing new applications and prosecuting stalled applications. For example, because there are widely different allowance rates between art units and examiners (even within the same group), it is beneficial to forum shop to the client’s advantage. The use of common specifications with different targeted claim sets may permit a case to be assigned to a particular art unit, which in turn may increase the likelihood of getting a patent. Although software patents have been under fire for several years, valid approaches to preparing and prosecuting software patents are still available. By using lessons learned from recent cases and taking a more active role in prosecution, clients can obtain the protection that they need.

today’s gener al counsel Oct/ NOv 2016

Executive Summaries intelleC tual ProPert y

ComPlianCe

Page 40

Page 44

Page 46

Confronting the Gray Market in Korea and the U.S.

Protecting Data Analytics from Litigation

Data Governance for the Internet of Things

By Rebecca Felsenthal and Richard Nelson Sideman & Bancroft Sue Su-Yeon Chun and Jason Jeong Lee Kim & Chang

By Coleman Watson Watson LLP

By David Katz Nelson Mullins Riley & Scarborough LLP

Both Korea and the United States face an influx of gray market goods (also known as “parallel imports”), but they offer trademark owners vastly different tools to combat this problem. The Lanham Act enables U.S. trademark owners to fight gray market goods in federal court. The resale of trademarked goods is limited by the first sale doctrine, according to its quite limited definition of what constitutes a “genuine product.” Legal remedies are also available in the courts of some states, including California and New York. In addition to the courts, U.S. Customs has authority to detain imported gray market goods (including those bearing “genuine” trademarks) when the goods are physically and materially different from those authorized for sale in the United States, and where the trademark owner has obtained specific “Lever Rule” protection. Obtaining this protection is a double-edged sword. It prevents some gray market goods from being imported into the United States, but it also creates a snag in the importation of goods to the authorized supply chain. In South Korea, while parallel imports are generally allowed, a trademark owner may have recourse against third parties who use the related trademark and/or copyright in a manner that violates unfair competition laws, copyright laws, etc. Decisions on potential actions against parallel importers should be made based on the specific facts involved. Excessive action against parallel importers could be construed as violation of the Monopoly Regulations and Fair Trade Law of Korea.

In earlier days, data analytics revealed individually identifiable customer patterns, but as data sets have grown, data analytics have shifted from forecasting about individual consumers to forecasting about demographics and the general population. But according to the Federal Trade Commission, rote algorithms, the engine of data analytics, can lead to unintended results that give rise to discrimination. In January the FTC published a report addressing that issue: Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues. This report aims to educate businesses on laws relevant to big data analytics, including the Fair Credit Reporting Act (FCRA), Section 5 of the Federal Trade Commission Act and various federal equal opportunity laws. It serves as a reminder that the FTC has broad jurisdiction to regulate e-commerce. The linchpin of the FTC position is that under the FCRA, when aggregators and marketers compile “nontraditional” information to build a consumer credit profile in order to make employment and housing decisions, they become the equivalent of a credit reporting agency that is creating credit reports. In the FTC’s view, this implicates the FCRA, even though the “credit reports” may be demographic and not individual. The FTC report underscores that big data brings big problems. The bottom line is that the powerful algorithms making data analytics possible are no longer simply complex numbers on paper. Rather, they are a door through which the FTC can enter your business and examine potential violations of federal law.

More companies are joining an interconnected web of devices connected to the Internet, known as the Internet of Things (IoT). Companies need to develop information governance strategies to accommodate these emerging information types, and also prepare for the regulatory and compliance implications of data that moves between devices and systems, and across borders. Companies that implement sound data governance now and conduct a data audit and inventory will be best prepared for audits. Establishing a data governance committee (DGC) is the first step to addressing these risks. The DGC’s primary task is to ensure responsibility, accountability, defensibility and sustainability of data practices. The framework for effective data governance planning contemplates the personnel, technology, processes, policies and procedures necessary to ensure the preservation, availability, security, confidentiality and usability of the company’s data. A DGC also encourages strategic thinking and the creation of opportunities for appropriate use of data within the company. The DGC should focus on establishing data standards for privacy and information security, records management, employee data, trade secret and intellectual property protection, e-discovery and litigation readiness, and vendor management. Such policies must include a comprehensive set of rules, policies and procedures governing the use and disposal of the company’s data. Institutional infrastructure in the form of a DGC that formalizes the necessary communication, cooperation and ownership challenges presented by data management has the potential to bring long-term value to the company.

OCT/ NOV 2016 TODAY’S GENER AL COUNSEL

Executive Summaries FEATURES PAGE 56

PAGE 58

PAGE 62

Delaware Case Makes it Easier for Duped Shareholders to Sue

BigLaw Raises, and a Pitch for Inside Counsel to Start Thinking Small

Contract Review Meets E-discovery

By John T. Bender Lewis Brisbois Bisgaard & Smith LLP and John A. Bender Ryan Swanson & Cleveland PLLC

In May of this year, the Delaware Supreme Court handed down a decision with major implications for shareholder litigation. It held that shareholders could sue Citigroup directly for losses they suffered when, relying on misrepresentations made by the company and its directors, they abandoned plans to sell securities. The case, AWH Inv. P’ship v. Citigroup Inc., concerned shareholders who said they suffered over $800 million in losses when they put off liquidating their Citigroup stock due to Citigroup statements that concealed the financial condition of the company. It had been widely assumed that shareholders lacked standing to bring such claims directly under Delaware law because “corporate mismanagement” claims are derivative of the corporation. That is, the shareholders cannot show an injury independent from the harm suffered by the company. In a victory for shareholders, the Delaware Supreme Court held that the claims pled against Citigroup were direct. The decision is significant because it states that the old test, emphasizing the measure of damages first and foremost, is inapplicable to whether a shareholder has standing to sue a company directly when the company misrepresents material information and thereby induces a shareholder to hold stock instead of selling it. The Delaware Supreme Court indicated it would recognize a direct holder claim if it is based on a right belonging to the plaintiff personally. In light of Delaware’s influence in corporate and securities law, the importance of this case should not be underestimated.

By Margaret Cassidy Cassidy Law PLCC and Sara Kropf Law Office of Sara Kropf PLCC

This past summer many big firms gave new associates a substantial raise, up to $180,000 in some cases. The authors contend there was no market-based reason for the raises, that they occurred despite the fact that there is no dearth of lawyers looking for jobs and law schools continued to graduate more lawyers than the market can absorb, and that corporate America expressed dismay at the increases. Bank of America’s Global General Counsel David Leitch, in a letter to his outside counsel, said that although he respects the firms’ right to raise salaries to suit their competitive needs, since the market did not drive the decision he will not pay higher rates should firms try to pass the increase on to clients. Allstate’s general counsel, Susan Lees, advised firms to invest in innovation and technology rather than high salaries. The authors note that the legal market is replete with small firms staffed with accomplished lawyers. These firms cover the range from solo lawyers to 20-person boutique firms. According to the authors, small firms often focus sharply on a single practice area without the cross-selling inherent in big firms. They say that because small firms rarely hire brand new lawyers – instead relying on laterals – clients don’t pay for an apprentice period and rates are lower, and that small firms create the opportunity to build personal relationships, with the attorneys developing an understanding of the business, its legal issues and market pressures.

By Richard Vestuto Deloitte Transactions and Business Analytics LLP

Because they are so labor-intensive, contract reviews tend to be reserved for pivotal events, but in an era when e-discovery has become common, there is an opportunity to make good use of them more often. Many day-to-day business processes could benefit from a better understanding of company contracts, which even for mid-sized companies often number in the thousands. The processes, procedures, and technologies that make up e-discovery are well-suited to delivering those benefits. The process starts with a foundation provided by e-discovery and its document review specialists, processes, and technologies, augmented by artificial intelligence (AI) that allows attorneys to teach analytics software to recognize and interpret contract provisions. An AI-powered contract review application applies this training to contracts it hasn’t seen before, resulting in the extraction of key contract provisions. Technology-aided contract review is a natural companion to e-discovery and conventional contract management tools. Soon it will be common for machines, guided and taught by legal specialists, to select the documents that are relevant to a matter, extract the relevant content within each document and make that content available through a secure online system. A thousand contracts might take a group of attorneys 20 weeks to review. Automation could cut that time by 90 percent, freeing those attorneys for the more interesting and strategic aspects of their work.

TodaysGeneralCounsel.com The newly redesigned website provides a daily glimpse of curated content from experts, consultants, law firms and other valued information sources.

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

oct/ nov 2016 today’s gener al counsel

Labor & Employment

Emerging Issues in Workplace Accommodations By Jay M. Wallace

he Federal government has been increasing the burden on employers to provide accommodations to employees. Examples include job modifications for disabled workers, religious accommodations, transgender facilities, and private venues for lactating mothers. This article addresses emerging issues in these areas. DISABILITY RIGHTS AND THE INTERACTIVE PROCESS

As the law on accommodating disabled workers currently stands, the good news

for employers is that accommodation is a two-way street. The Americans with Disabilities Act says that employees seeking an accommodation for a physical or emotional disability must engage their employer in an “interactive process.” This consists of the employee providing to management information concerning the condition causing the disability, the limitations associated with the condition, duration of those limitations, and proposed accommodations that would allow that employee to continue working in his or her chosen job. Employers

are then tasked with the responsibility of reviewing this information and determining whether there are job modifications that would allow the employee to continue working as a productive member of the workforce. Importantly, employers are not required to select the employee’s chosen accommodation, nor are employers required to select a “perfect” accommodation. Instead, management is only required to determine whether there is a “reasonable” accommodation that would allow the employee to continue

today’s gener al counsel oct/ nov 2016

Labor & Employment working. However, employers must take seriously their responsibility to assess the job to determine what can be modified as a reasonable accommodation. This includes job elements, such as work schedule, non-essential work tasks, modifications to the work space and assistance from other employees on the job’s physical requirements. RELIGIOUS BELIEFS

The Equal Employment Opportunity Commission, as well as certain state agencies, are placing more stringent requirements on employers to make accommodations based on religious beliefs. Accommodations can include modified work schedules to comply with religious services and holidays, as

appearance or symbols consistent with their religion. This could include face coverings, beards and jewelry. GENDER ISSUES

More than two years ago, in July of 2014, President Obama issued an executive order to protect federal employees who were LGBT from workplace discrimination. Then, earlier this year, the initiative was broadened. First the Administration confronted the state of North Carolina over its school bathroom policy with a cease-and-desist letter. That was followed by a directive from DOJ and the Department of Education to public schools nationwide, saying that students should be allowed to use the bathrooms that corresponded

If management wants to contend that the religious accommodation does not allow the employee to perform essential functions of the job, it must be prepared to clearly demonstrate that’s the case.

well as modifications to workplace attire rules and facial hair requirements. The good news for employers is that religious accommodations follow the same traditional interactive-process track as disability accommodations. Consequently, employees have an obligation to initiate an open conversation with management concerning their religious beliefs, the impact of those beliefs on the workplace requirements, and a proposed accommodation that will allow them to continue working in their chosen job. If management wants to contend that the religious accommodation does not allow the employee to perform essential functions of the job, it must be prepared to clearly demonstrate that’s the case. Currently, a principal area of contention involves management emphasis on esthetic aspects of the job, such as proper work dress and appearance, versus employees’ rights to clothing,

with their identity. The legal status of this directive has remained unclear, but it’s been widely interpreted as carrying the inherent threat of loss of federal funding for districts that don’t comply, and there have been legal challenges. They include a Fourth Circuit case, currently pending before the Supreme Court, involving a Virginia school board that has sought an emergency order exempting it from the Obama Administration’s policy. A principal challenge for employers is balancing the privacy of employees with the preference of transgender people to use a particular bathroom or locker room. Among the considerations is that the federal law protecting gender, Title VII of the Civil Act’s Right of 1964, in its stated wording does not protect people based on sexual orientation. The EEOC, on the other hand, says sexual orientation is protected.

As one solution to transgender accommodation, employers who have available facilities have designated some gender neutral bathrooms. In this arrangement, individuals of either gender can use the bathroom. Other employers urge transgender employees to use facilities in a stall to respect the privacy of employees using that same bathroom who are of a different gender. Importantly, employers need to be aware that the EEOC contends that transgender males have the legal right to displace females from the women’s restroom if those women are uncomfortable using the facility at the same time. Locker rooms present another set of challenges. It’s likely that in the near future we will begin to see privacy walls between transgender individuals using a locker room and people whose biological sex matches that locker room designation. LACTATING MOTHERS

Under the Fair Labor Standards Act, as amended six years ago, lactating mothers are allowed a private room to express milk. This room cannot be a bathroom, and it must allow a level of privacy and security for the mother. Examples of appropriate accommodations for lactating mothers, include empty offices or lounge areas where the door can be locked. ■

Jay M. Wallace is a labor and employment attorney and a partner with Bell Nunnally & Martin LLP in Dallas. He represents companies in all phases of employment law, both state and federal. jwallace@bellnunnally.com

oct/ nov 2016 today’s gener al counsel

Labor & Employment

Insurance after Employee Betrayal Preparing and Presenting Fidelity Bond Claims By Joseph M. Saka discovered, courts usually will require more than a mere suspicion or an allegation that a covered loss may have occurred. Rather, courts generally insist on knowledge of facts sufficient for a reasonable person to believe that a covered loss actually has occurred. Given that bonds often tie discovery to the understanding of a “reasonable” person, many cases ultimately find that discovery is a question of fact for a jury. When in doubt, bondholders should err on the side of caution, and consider a loss to be discovered at the earliest possible time for purposes of triggering any obligations under the bond. Waiting until one has irrefutable proof of dishonesty may result in a forfeiture of coverage.

NOTICE OF LOSS

ometimes those in an organization who are most trusted cause significant loss. Many companies attempt to protect against dishonesty and malfeasance by employees or other insiders by purchasing fidelity bonds. Terms of these bonds vary, but fidelity bonds generally provide coverage for loss resulting from dishonest or fraudulent acts by employees. Although many companies have the foresight to purchase bond coverage, too frequently companies forfeit their coverage by making needless errors after learning about an employee’s misconduct. This article will provide an overview of the claim submission process and highlight some of the common traps for unwary bondholders. DISCOVERY OF DISHONESTY

One crucial issue for bond coverage is determining when a loss is “discovered.”

Most bonds are written on a discovery basis, and losses are covered regardless of when they occurred, provided they are discovered during the bond period. Discovery is important for a number of reasons. The bondholder’s notice obligations generally begin after the loss has been discovered, and discovery of the loss frequently starts the clock running for the bondholder to submit a proof of loss to the insurer. In addition, coverage generally is terminated for at least the dishonest employee upon the discovery of the employee’s misconduct. Therefore, it is critical for bondholders to have a clear understanding about when a loss will be considered “discovered.” Bond provisions on discovery vary dramatically from form to form, but regardless of the bond language, the issue of when discovery occurred is at the heart of many disputes over bond coverage. In assessing when the loss was

Upon discovery, under most bonds, the next step is to provide notice of the loss to the insurer. Here again, the language in fidelity bonds varies. Many bonds require notice “as soon as practical” or “at the earliest practicable moment” following discovery. Other bonds set a specific amount of time, such as within 30 days after discovery. Unlike proof of loss, most bonds do not require an extensive statement of the loss as part of the initial notice. Instead, a brief statement notifying the insurer that the bondholder has discovered employee dishonesty is all that is required. Historically, courts required strict compliance with notice provisions in fidelity bonds and held that failure to provide timely notice results in total forfeiture of coverage. More recently, however, courts in many jurisdictions also consider whether the insurer has been prejudiced by the late notice before finding a forfeiture of coverage. Some states have considered the overall reasonableness of the delay before finding a forfeiture of coverage.

today’s gener al counsel oct/ nov 2016

Labor & Employment On the other hand, courts may not be as lenient when the fidelity bond sets forth a specific time period during which notice must be given, and in those instances there is a split as to whether courts will consider prejudice to the insurer or the reason for any delay. Finally, where the insurer failed to assert that notice was untimely, some courts have found that the insurer waived its right to assert late notice. Bondholders, therefore, should be skeptical when an insurer asserts untimely notice for the first time at the eleventh hour. The key takeaway is that bondholders should be vigilant about providing timely notice. Although in certain jurisdictions coverage may be saved by a court’s consideration of whether late notice has caused prejudice to the insurer, bondholders should give prompt notice and avoid this issue altogether. INVESTIGATION AND PROOF OF LOSS

After providing notice, the hard part begins – investigating the cause and extent of the loss, and submitting a written proof of loss to the insurer. Unlike the initial notice provided to the insurer, preparing and submitting the proof of loss generally is a complicated process. One of the first items on a bondholder’s checklist after discovery of a loss should be to determine any specified time period in the bond to submit the proof of loss. A common deadline is six months after discovery of the loss, unless a written extension is given by the insurer. The bondholder also should check to determine whether there is any specific form to be completed for the proof of loss. These forms, when required, are generally provided by the insurer. If there is no set form, the bondholder can organize the document in any manner that seems reasonable under the circumstances. During the investigation process, the bondholder must pull together all facts and documents so as to be able to submit, literally, a “proof” of its loss. The bondholder generally must submit enough information to prove that a loss covered by the bond has taken place (i.e., the dishonesty or other bad acts that caused the loss), and proof of the amount of the loss. Particularly for

large losses spanning many years, this can be a complex task that may involve, for example, reviewing large volumes of documents and interviewing many employees. In investigating a loss, bondholders, therefore, need to develop an examination plan that is both efficient and cost-effective.

Bondholders should be especially cautious in preparing the proof of loss, and be sure to provide all information required by the bond. Although provisions requiring the proof of loss are construed in favor of the bondholder, courts generally expect bondholders to provide all known information called

Waiting until one has irrefutable proof of dishonesty may result in a forfeiture of coverage.

After assembling a team, the first step usually involves identifying all individuals that may have information and assuring that the documents required from those people are collected and retained. The investigators also will want to interview employees with information, sometimes while being recorded. The investigation will have at least two primary goals: (1) determining whether the loss was caused intentionally by the employee and, if so, documenting it, because most bonds require proof that the employee acted with “manifest intent,” and (2) assessing and documenting with accuracy and precision the extent of the loss. Following the investigation, and after the bondholder has a good understanding of the employee dishonesty and resulting loss, the next step will be preparing and submitting the proof of loss. The proof of loss will set forth the amount and particulars of the loss and contain a description of why the claim is covered. Generally, the proof of loss must be sworn to, and should include how and when the loss was discovered. It should include a full description of the dishonesty, including specific acts and individuals involved, identification of individuals with knowledge, and a statement of the loss. Supporting documentation, such as affidavits and business financial records, often are attached to the proof of loss.

for by the bond and reasonably requested by the insurer. Bondholders do not want to forfeit coverage that is otherwise available by failing to check the proverbial box. There are many priorities to address once a company discovers that it has been betrayed by one of its employees, and insurance for the loss may not be top of mind. To assure that coverage provided by fidelity bonds is not forfeited, bondholders need to educate themselves with respect to the requirements for their fidelity bond coverage, and have a plan in place to timely comply with those requirements. ■

Joseph Saka is counsel in Lowenstein Sandler’s Washington, D.C. office. He represents businesses in disputes with their insurance companies and helps clients maximize the value of their insurance assets. He gratefully acknowledges the assistance of Catherine Serafin, a partner in Lowenstein Sandler’s Washington, D.C. office who has been representing businesses in high-stakes insurance coverage disputes for nearly 30 years. jsaka@lowenstein.com

oct/ nov 2016 today’s gener al counsel

Labor & Employment

The Uncertain Future of the Gig Economy By Todd Scherwin, Christopher Ahearn, and Ryan P. Kennedy

n recent years we’ve seen a revolution in e-commerce, as web-based “gig” companies began to enable anyone with a mobile device to connect on demand with a multitude of services. The popularity and rapid rise of gig companies is no surprise. A multitude of companies – including Uber, Caviar, Grubhub, Instacart, Mechanical Turk, Medicast, Red Beacon, Samasource, Shyp, and Task Rabbit – have provided a convenient way for busy consumers to instantly outsource daily living tasks, from dog walking, cooking and rearranging furniture, to transportation and grocery shopping. These companies have also enabled retirees, laid-off workers, artists, musicians, young parents – anyone in need of income and flexible hours – to turn their skills, spare time, idle car or the tools in their toolbox, into steady cash. Some of these companies are prospering. Uber, for example, is the fastest-growing start-up in history, reaching a valuation of $60 billion in its first five years. Many have conflated the terms “gig” and “share” economy, but there is a distinction. The term “share economy” casts a wider net and includes companies such as Airbnb, which don’t necessarily involve on-demand personal services. The gig economy has been defined by the Congressional Research Service as follows: The gig economy is the collection of markets that match providers to consumers on a gig (or job) basis in support of on-demand commerce. Gig workers enter into formal agreements with on-demand companies to provide services to the company’s clients. Prospective client’s request services through an Internet-based technological platform or smart-

phone application that allows them to search for providers or to specify jobs. Industry-wide data is sparse, but studies by the Future of Work Initiative and Time magazine have found that in the United States, 44 percent of adults have participated in on-demand transactions and 22 percent, or 45 million, have offered some kind of goods or service as part of the gig economy. An estimated 600,000 workers, or .4 percent of the U.S. workforce, regularly work through an online gig economy platform. By comparison, this is slightly more than the approximately 540,000 soldiers actively serving in the U.S. Army. Perhaps it is not a stretch to say that the gig workforce amounts to an army of workers. LEGAL AND POLICY CONCERNS

There is some concern that gig economy workers are at risk of being excluded from “ traditional employment.” Critics of gig companies point to the fact that most of their workers are classified as independent contractors rather than employees, and as such are not entitled to: (1) minimum wage, (2) overtime, (3) health insurance, (4) participation in 401(k) plans, (5) the right to collectively bargain over wages and working conditions as part of a union, and (6) the other legal protections that have been afforded to employees for many decades. Statistics indicate that the independent contractor classification is becoming more widespread, with the IRS receiving 91 million 1099 forms in 2014, an increase of more than 10 percent from the 82 million it received in 2010. Proponents of the gig economy argue that the flexibility and ready availability of customers that gig companies provide outweigh these concerns, and that’s a view shared by many of the workers

today’s gener al counsel oct/ nov 2016

Labor & Employment themselves. Gig companies do provide many benefits to workers, mainly a well-established, functioning and effectively-marketed platform that provides a steady stream of consumers. Because of this feature, gig workers are distinguished from traditional freelancers in that they need not invest in establishing a company or marketing to a consumer base. This significantly lowers their operating costs. Another difference is that gig companies often exercise some control over branding and place other conditions on use of their platforms beyond those in the traditional freelance arrangement. However, many workers see that as an added benefit, because it means they can focus on the work itself, rather than branding, marketing, and accounting. Many gig workers often perform work using multiple gig platforms simultaneously, in a further contrast to the traditional model, where most workers have one, or at most two or three “employers” at a given time. Currently, U.S. labor and employment laws are not in harmony with the new model represented by gig workers. Traditional test factors for employment status, such as control over the means and manner of work (such as scheduling), the workers’ level of investment in the business, and opportunity for profit or loss, are often starkly out of alignment for workers in the gig economy. Traditional employees are usually strictly controlled in terms of their schedule and work procedures, but also they need make no investment and can only benefit financially from the work. Independent contractors, in contrast, generally have near total control over their schedule and conduct of the work, and they can lose money – or potentially profit even more from work than a traditional employee. Gig economy workers often share features of both. On the one hand they have little or no control over schedules (often simply switching a button on a phone app when deciding when to start or stop working), often have no supervisor, and do not report to human resources or receive performance reviews, although customer ratings may serve continued on page 25

oct/ nov 2016 todayâ&#x20AC;&#x2122;s gener al counsel

E-Discovery

Building a Better Play List with Technology-Assisted Document Review By Brett M. Anders and Rick Anderson

rom Pandora and Netflix, to Amazon and LinkedIn, the websites and apps we use daily have a way of sneaking into our brains. Sometimes it seems as if our Pandora and Netflix accounts know us better than we know ourselves, and can build a better play list than we can. If an algorithm can understand our entertainment

and purchasing preferences, think what it could do if it understood the work of a lawyer. In fact, that remarkable predictive potential is not limited to consumer applications. Forwardthinking attorneys and law firms are cautiously embracing artificial intelligence in the data-intensive exercise of document review.

Much of the growth of technologyassisted document review, also known as predictive coding, is being driven by in-house counsel becoming better educated about its cost savings and benefits. Still, some litigation teams are guarded about using it. This article, by explaining how legal teams can integrate predictive coding to prioritize and categorize

today’s gener al counsel oct/ nov 2016

E-Discovery

documents for review, seeks to debunk the misconception that human lawyers alone can “build a better playlist.” Predictive coding can help cull through vast amounts of data by quickly identifying relevant and responsive documents and making the document review process less time consuming, but it doesn’t work by itself. Attorneys need to train the system. They do that by reviewing a sample of the overall document set that empowers the machine to learn how to rank and sort documents. Without thorough and consistent training by subject-matter-expert attorneys, the technology will not learn how to make appropriate coding assessments

predictive coding. There is a widespread belief that human review is the gold standard, even though a variety of studies have found this not to be true and the process has extensive judicial support. The bottom line is that humans are inconsistent, both with one another and with themselves. The effect is magnified when you have a large number of document reviewers working on a single document set. In contrast, with predictive coding categorizing the documents, the machine does not get tired, lazy or distracted, and when it learns something new it goes back and re-reviews documents, making better decisions based on new information.

earlier in the process. This will allow the legal team to be able to spend more time with relevant information and make key strategic decisions earlier in what may be a costly process. Another benefit of utilizing the prioritization method is that the legal team may still review every document, a consideration that addresses some of the fear and opposition to predictive coding. To save costs, the legal team may then decide to have lower-cost reviewers focus on the documents that the prioritization algorithm deems as “not likely to be responsive.” Seeing the effectiveness of the prioritization capability serves as a gateway

The machine does not get tired, lazy or distracted, and when it learns something new it goes back and re-reviews documents to make better decisions based on new information.

or suggestions. The quality of the predictive coding process is only as good as the training it receives. In the early planning phases of a document review, it’s important to assess first whether the case will indeed benefit from predictive coding. Conventional wisdom suggests that it is best applied in cases with larger data volumes, in the hundreds of thousands of documents. However, while size is a factor, legal teams have successfully applied predictive coding to as few as 5,000 documents. Factors such as the complexity of the documents, the availability of subject matter experts to train the system, and time pressures and deadlines need to be considered. Judge Andrew Peck, in the first opinion endorsing predictive coding (Da Silva Moore v. Publicis Groupe in 2012), noted that in document review the goal is not perfection (i.e., finding every possible relevant document), but rather creating a process that is reasonable and proportional to the matter. Nonetheless, many legal teams are hesitant to leverage

Another common roadblock relates to whether or not a party must seek approval from its adversary or disclose its predictive coding methods. Again, Judge Peck provided clarity, this time with his opinion in Rio Tinto PLC v. Vale. That opinion made clear that producing parties do not have to turn over irrelevant documents used to train the predictive coding algorithms. Prevailing wisdom is that parties control how they search for and find relevant documents in discovery, and as long as parties conduct a diligent search, their review methods are considered work product. For parties that have yet to embrace this new technology, there are various predictive coding workflows that can serve as a guarded entry point. One of them is “document prioritization,” where the computer simply ranks documents that are likely to be responsive, and attorney reviewers select those documents first for review. The benefit of reviewing the most relevant documents first is that it will reveal material information about a case much

to the technology for many litigation teams. During review, the “richness” of the documents will eventually dry up and come to a point where there are no more “likely to be responsive” documents to review. Seeing that process first-hand, in combination with sampling and quality control checks, may give teams confidence to apply predictive coding workflows where the computer’s categorizations are used to form production sets, without human review on every document. Consider this illustrative case: In a class action lawsuit, one party was confronted with the daunting task of reviewing over 800,000 documents for potential production in discovery. Given time constraints, the party decided it would leverage predictive coding to help prioritize. It started the workflow by reviewing an initial random sample of 1,533 documents (a statistically significant sample size). From this sample, the party estimated the data set contained between 10,606 and 21,731 relevant documents.

oct/ nov 2016 todayâ&#x20AC;&#x2122;s gener al counsel

E-Discovery

Through the use of search terms and other analytics tools, the party found approximately 250 relevant documents and 250 irrelevant documents, which were then used to start the predictive

top of the pile, if a party determines the review process needs to be stopped mid-stream (perhaps due to escalating costs), that party is in a good position to say it likely already found the most

finding the right documents as fast as possible, sorting and grouping documents more efficiently, and validating the results prior to production. These problems are magnified when there

If the random sample review shows that no relevant documents were missed, or that some relevant documents were missed but they were of marginal importance to the case, then a party is in a good position to argue that proportionality considerations justify the stopping of the review.

coding training process. With training underway, the iterative predictive coding process commenced. The party started the first round by reviewing documents that were predicted by the computer process to be 99 percent relevant. During this initial round, many of the documents were identified as actually irrelevant. Then, as the computer better learned about the case and the types of documents that were relevant, the number of documents predicted to be 99 percent relevant shrank dramatically. As a result, in subsequent training rounds, the contract review attorneys reviewed all documents ranked as 90 percent responsive or above, then 75 percent responsive and above, and eventually all documents that were ranked 50 percent responsive and above. In the end, of the approximately 800,000 documents in the review set, the reviewers reviewed only about 27,000 documents, and of that amount the system identified about 11,000 documents for further review. Using this iterative prioritization workflow, the party was able to confidently produce relevant documents from a voluminous review set in a very short time frame. An additional benefit of the prioritization workflow is that it supports potential proportionality arguments. For example, because with each round of training the documents most likely to be relevant are percolated to the

relevant documents and the burden/cost of continuing the review outweighs the any incremental benefit. This argument can then be bolstered by a review of a random sample of documents not being produced. If the random sample review shows that no relevant documents were missed, or that some relevant documents were missed but they were of marginal importance to the case, then a party is in very good position to argue that proportionality considerations justify stopping the review. It is much more difficult to make a similar argument when relying solely on keyword searches, where there is no system to elevate the most relevant documents to the top of the review pile. With no uniform predictive coding workflow, and different vendors and technologies applying different methods, individual legal teams are honing their methods. In some cases they are leveraging prioritization to review the most important files first, but still reviewing every document. In other cases, quality control and sampling metrics build strong arguments to produce documents based on predictive categorizations from the algorithm. A savvy legal team will know when to leverage each scenario to avoid risk and maximize cost and time savings. In the end, litigation teams face three key problems when it comes to producing documents in discovery:

is outdated technology and with the continuing increase in the volume of information and documents subject to discovery. Savvy legal teams are embracing predictive coding and letting new technology, like their Pandora accounts, help them build a better playlist. â&#x2013;

Brett M. Anders is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. He represents management in workplace law, including counseling and litigation. AndersB@jacksonlewis.com

Rick Anderson is a Manager of Strategic Accounts at Kroll Ontrack, where he provides clients with information management strategies to optimize cost efficiencies and ensure repeatable, defensible processes. randerson@krollontrack.com

today’s gener al counsel oct/ nov 2016

Labor & Employment Gig Economy

continued from page 21 a similar role. On the other hand, they have little or no investment, in work that often is not highly skilled, and they have little potential for loss vs. profit. The non-alignment of the gig worker model with traditional legal concepts has led to confusing and contradictory results, with a multitude of agencies and courts reaching differing conclusions on worker classification. In one example, workers were deemed entitled to minimum wage, but not to have their gig “employer” pay half of their share of payroll taxes. This regulatory non-alignment has led some to call for new ways to classify these workers. The “dependent contractor” has been an operative concept for some time in certain jurisdictions, such as Germany and Canada. In Canada, many provinces apply collective bargaining and termination notification rules to independent contractors who derive a certain amount of revenue from a single customer over a period of time. Even

Gig workers differ from traditional freelancers in that they need not invest in establishing a company or marketing to a consumer base. this model, however, does not fully align with gig companies, in that the worker’s relationships with individual customers is often temporary and one-time, and the company itself – its function often limited to providing the “platform” – does not share the same features as a traditional “customer.” Companies like Uber, for example, do not mandate driving routes, as these tasks are subject to the direction of the actual customer. Some state and local governments in the United States, such as Seattle, Utah, and Baltimore, have considered or passed laws allowing gig workers

to be represented by unions, to register with the state and meet insurance standards. The U.S. Department of Labor is considering instituting “portable” retirement benefits for gig workers. However, such proposed rules may run afoul of, or be preempted by, federal statutes such as ERISA or the Labor Management Relations Act. LITIGATION

Predictably, the uncertain regulatory environment surrounding gig workers has led to a multitude of class-action lawsuits nation-wide, further compounding the risk of inconsistent results, especially in light of the often highly factual, individualized analyses attendant to worker classification issues. For example, the California Labor Commissioner in 2012 ruled that an Uber driver was not an employee, but issued an opposite ruling in 2015. Settling such cases has proven difficult, given the often significant sizes of the putative classes and the high damage and penalty claims. In one example, Uber reached a settlement of more than $85 million in a class action case pending in California, resulting in multiple objectors and very public controversy surrounding class counsel’s agreement to settle. Objectors believe that even a nine-figure settlement is too low and fails to adequately address concerns over the core issue of worker classification. The Uber and related cases lay bare two flaws inherent in litigation as a means for resolving major policy issues: the risk of inconsistent results, and continuing uncertainty on status of the workers after the litigation has concluded. Litigation has not been limited to the employment context. Lawsuits have arisen in areas of privacy, false advertising, data security, personal injury, unfair competition and other matters where the regulatory status of gig companies is uncertain. Looking ahead, some who have studied the issue advocate for a shift of the focus in classifying gig workers to their level of economic dependence on a given gig platform. One proposed model also suggests a “third class” of workers who are given many traditional protections, such as collective bargaining, entitlement

to benefits and civil rights protections, but whose flexible schedules mean they should not be subject to stringent rules, such as overtime or minimum wage. Proposals also include legislation to temporarily halt wage and hour lawsuits, while Congress and other regulators have time to adopt a comprehensive regulatory scheme tailored to the industry. This subject will doubtless become an area of focus for the incoming presidential administration. ■

Todd Scherwin is managing partner of the Los Angeles office of Fisher Phillips. His litigation practice involves representing employers in various aspects of labor and employment law, including employment discrimination, harassment, and retaliation claims, trade secret protection and administrative proceedings. tscherwin@fisherphillips.com

Christopher Ahearn is Of Counsel in the Irvine office of Fisher Phillips. He focuses his practice on California employment law, including wage and hour matters, discipline and termination, and employment policies and procedures. cahearn@fisherphillips.com

Ryan P. Kennedy is an associate in the Irvine office of Fisher Phillips. He represents and counsels employers in labor and employment law, including wrongful termination matters, discrimination, wage and hour, worker misclassification, unfair competition, and construction labor law. rkennedy@fisherphillips.com

oct/ nov 2016 todayâ&#x20AC;&#x2122;s gener al counsel

E-Discovery

Why Speed Counts in E-Discovery By Brad Harris

n a time of rapidly increasing data volumes, corporate legal teams need better and more flexible tools to improve their e-discovery processes. Speed in e-discovery accelerates each step, improves strategy and reduces risk and uncertainty. The advent of cloud computing that is purpose-built for data

processing enables speed at a fraction of the cost, as legal teams can almost immediately do searches once data has been collected. That means they can experiment, trying different search parameters and seeing the results. This kind of searching allows legal teams to hone in on the right set of

documents quickly and easily. Investigations become simpler to resolve into the next steps. Assessing the risk of litigation, and deciding to fight or settle, can be based on better information. Refining the scope of preservation becomes easier, helping to ensure the data that needs to be retained is included in the legal hold.

today’s gener al counsel oct/ nov 2016

E-Discovery

As they approach the meet-and-confer, legal teams can have direct knowledge about the data set, so they are able to negotiate a more reasonable and cost-effective scope of discovery. Speed gives legal departments more flexibility in their workflow and processes, and more time to contribute their talents to the business.

Speed improves workflows and increases productivity. Processing speed changes the paradigm by changing how legal teams approach understanding data during early case assessment (ECA). They are able to index and process data once, review it, gain understanding, then move on to the next step, whether that’s gathering

best action to take order to protect the organization.

Speed reduces uncertainty. At the outset of a matter, it’s often unclear if the matter is routine or something much bigger. The period of not knowing what is at stake brings much anxiety for those involved, often with lost sleep and

Quick access and understanding of the data is invaluable for developing case strategy, defining scope of preservation and negotiating more effectively at the meet-and-confer.

Here, specifically, are eight reasons corporate legal teams should care about speed in e-discovery:

more data from additional custodians or sources, or promoting the data on to full review and production.

Time is money and e-discovery is painfully slow – speed gives teams back their time. Traditional on-premise software technology, with fixed computing capacity, processes at a rate of about one terabyte a week. Why wait a week before the data can even be looked at for evaluation, when scalable processing powered by cloud technology can accomplish the same task in an hour? Delays are costly, and during the delay the legal team is not focused on producing value for the organization.

Speed handles large volumes of data in stride. E-discovery is by its nature episodic, but today that’s compounded by the exploding volume of data and its fragmentation across a variety of repositories. The need is to consolidate disparate data sources onto one processing and viewing platform, so it can be managed and culled down to what’s essential. Speed provides an affordable way to efficiently process data regardless of volume.

Speed helps you to quickly understand what’s at stake. Rapid access and understanding of the data is invaluable for developing case strategy, defining scope of preservation and negotiating more effectively at the meet-and-confer.

Speed is affordable. Previously it was very expensive and therefore not a factor that could be exploited by most organizations. With the advent of secure cloud computing, it’s affordable to gather, cull, search and do a first-pass review of digital records, virtually instantaneously, to inform the next steps.

Speed reduces review cost. The review stage consumes three out of every four e-discovery dollars. More speed means teams can process and search the data more efficiently and send smaller more targeted batches of information on to outside counsel, for more expensive in-depth review.

Speed reduces risk. In litigation, courts expect a timely response following a trigger event. Time isn’t just money, it’s risk, and the risk compounds. Data can be altered or lost. Time spent waiting for data is time when the team does not have information that may be needed to make important decisions about the

with work over weekends. Getting to an actionable litigation response strategy in the shortest amount of time minimizes the uncertainty that causes anxiety. Rapid access to data empowers legal teams to gain control over the complex process of e-discovery and allows them to quickly understand the pros and cons of any matter. It enables more informed decisions, better strategies, and reduces both cost and risk. ■

Brad Harris is vice president of products at Zapproved, Inc. His more than 30 years experience in high technology and enterprise software includes assisting Fortune 1000 companies with e-discovery preparedness. He is an author and frequent speaker on data preservation and e-discovery issues, and has held senior management positions at public and privately held companies. From 2004 to 2009, prior to joining Zapproved, he led the development of electronic discovery readiness consulting efforts for Fios, Inc. brad@zapproved.com

oct/ nov 2016 today’s gener al counsel

E-Discovery

Cruising through E-Discovery By Joe Mulenex

discovery projects can feel like a long road trip of adventures, some good, some bad. Each new matter or legal hold brings it own challenge, and often organizations feel like each one comes with a new set of speed bumps. Following are some best practices, proven strategies and expert advice to help smooth the road. Each stop on this trip is based on the top five most controversial e-discovery issues, as determined by a recent Exterro survey.

Steps To Take: 1. Know where the data is stored. 2. Update existing data management policies. 3. Craft a collection plan. 4. Understand scope of collection needed. 5. Decide in-house or 3rd party.

Preserving and Collecting New Data Types Almost any activity we take part in creates data, and it no longer resides just on email servers, laptops, or mobile phones. Data resides in the cloud, in apps, on social media, and in your watch or fitness tracker. Creating a process for preserving and collecting

Caroline Sweeney, Global Director, E-Discovery and Client Technology, Dorsey & Whitney LLP

“Involve everyone in conversations with policy development, and educate them on the need, consequences, and various roles surrounding these policies.”

Reducing Costs Without Sacrificing Defensibility Yes, there are ways to reduce e-discovery costs without sacrificing effectiveness. Here is a plan to help readers do this within their organization, with a strategy and Creating a process for preserving process that has been proven to and collecting new data types takes a work. But before getting started collaborative effort between numerous on this costreduction plan, be sure you can teams throughout IT, Legal and HR. check off everything on this list:

new data types takes a collaborative effort between numerous teams throughout IT, Legal and HR. With the right people and processes, your e-discovery collection activities can quickly adapt to include new data sources. Who and What to Bring With You: • Internal Counsel • HR • Enterprise Managers • IT • External Counsel • Consultants • E-discovery Software

• Standardized process and documented decisions. • Cross-constituency role clarification. • Outside counsel negotiation. • Service provider strategic partnerships. • E-discovery technology expertise. • Scalable technology. Directions: 1. Create a “reasonable” discovery process under FRCP 37(e). 2. Align the e-discovery scope proportional to the needs of each matter. 3. Develop a strategy to measure spend and performance metrics.

4. Perform early data assessments before incurring external costs. “You should constantly be evaluating what’s on the market, so that you have a sense of how things stack up against your current model. If you’re considering bringing e-discovery in-house, the key consideration is whether or not you can drop costs. Then, make sure you have a process in place, because technology brought inhouse can reduce defensibility.” Aaron Crews, Sr., Associate General Counsel and head of E-Discovery, Walmart

Managing Large VoLuMes of Corporate Data

Managing data is not the job of one department in an organization. You can effectively manage large data volumes by creating a management system that enables you to know what you have and where it’s stored, to build a team of correct stakeholders, to align information governance and e-discovery policies, and take steps to defensibly delete data you no longer need. Stakeholders to involve: • Records • Legal • IT • Privacy • Information Security • Finance • HR • Business Units • External Consultants Building Your Data Management System 1. Develop multiple policies and plans to manage large data volumes. For example: a data breach response plan, a privacy and security program and an information asset protection plan.

today’s gener al counsel oct/ nov 2016

E-Discovery

2. Have a strategic roadmap and a maturity model with goals, budgets, audits and a defined retention program. 3. When remediating and classifying significant backfiles and network storage locations, consider tools to monitor, search, classify and collect unmanaged custodial data on workstations, and other storage media in-place. 4. Know where your data is and establish policies and practices related to data – i.e., create BYOD agreements and tools to manage corporate data on user devices; submit a request to

3rd party data managers to obtain, preserve, or dispose of data; place limits on data storage in email, file shares and home directories. “Big Data doesn’t occur overnight. It takes years and many employees to create it. Add company turnover to the equation through promotions, downsizing, retirements, or other internal transitions, and that’s when information gets lost. Because of the long time frame and the multiple people involved, most

companies don’t even know what they have when it comes to data.” Carolyn Durell, Global Head of Records, Novartis

Deciding How and When to Preserve Data To collect or to not to collect – that is the real question. Some collect to preserve, others preserve in-place, while many use a hybrid approach. Regardless of your strategy, following the same process each time can make all the difference when continued on page 37

OCT/ NOV 2016 TODAY’S GENER AL COUNSEL

Cybersecurity

The Privacy and Cybersecurity Challenge for Startups By Bill O’Connor priority. Startups need to develop and implement a comprehensive program that includes administrative, physical and technical safeguards. These should include:

lthough privacy and cybersecurity issues have been with us for many years, it has taken numerous data breaches, ransomware attacks, enforcement actions and lawsuits to finally get most companies to take them seriously. But this can be especially difficult for startups. The privacy and cybersecurity landscape is constantly evolving, and significant resources may be required for companies to keep pace with the changes and their compliance obligations. Numerous laws, including federal and state consumer protection laws, potentially apply to all companies, while at the same time there are state data breach notification laws, and, in certain industries, additional laws and regulations such as HIPAA for healthcare and the Gramm-Leach-Bliley Act for the financial industry. Startups are particularly vulnerable to cyberattacks because typically they don’t have adequate administrative,

physical and technical safeguards in place. There are a number of reasons for this, but the biggest determinant is usually budget. It requires significant investment in resources (including technology, personnel, legal resources and training) to implement appropriate safeguards. Another factor that may affect startups is “pivoting.” Startups often change their business model, and that may affect the landscape of privacy and cybersecurity risks they will need to confront and lead to different regulatory requirements or industry best practices. Moreover, privacy and cybersecurity concerns are often a low priority for startup founders, because they need to do so many other things that are more important, or at least seem more important. But they must keep in mind that government enforcement actions, lawsuits and reputational costs of a data breach could sink them, so privacy and cybersecurity really should be a high

• Policies and procedures that address privacy and information security (including all of the other items in this list). • An appointed team of specific personnel to be responsible for privacy and information security. Depending on the size of the company, this may be one person or many. In particular, if the startup is covered under HIPAA, there is a requirement to appoint a privacy officer and a security officer to oversee the development, implementation and maintenance of their respective policies and procedures. • Asset management. This involves the identification of assets and “baseline configurations and configuration management.” • Risk assessments, to insure compliance with administrative, technical and physical safeguards. These should be undertaken at least annually and preferably any time there is a material change in technology, policies or procedures. • Risk management, which involves developing and updating policies and procedures to mitigate risks or vulnerabilities identified by a risk assessment. • Privacy and security awareness and training. • Change management, to ensure that modifications to hardware, software, firmware and documentation do not compromise the security and integrity of information systems, and that they are implemented in compliance with the privacy and information security program.

today’s gener al counsel oct/ nov 2016

Cybersecurity

• Data management. This refers to identification of data (data inventory), classification of data, and data retention and destruction. • Incident reporting. Data incidents and security incidents should be reported to personnel responsible for privacy and information security (e.g., privacy officer and/or security officer). • Incident response, to develop and implement appropriate response procedures for data incidents and security incidents, based on type of incident and severity level. • Business continuity. This entails the development of contingency plans that include procedures for responding to an emergency or other incident, so as to continue delivery of products or services at acceptable predefined levels. • Disaster recovery, to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. • Event tracking. This includes audit logs, system events and security events. • Monitoring, This includes audit logs, system events, security events, personnel and external service providers. • Vendor management, to ensure vendors have adequate privacy and cybersecurity safeguards in place. • Website (and app) privacy notice and terms of use. • Access controls and authorization, including file permissions, login credentials, ID cards and locks. • Authentication, including complex passwords, multi-factor authentication and digital signatures. • Asset destruction and disposal, to ensure all potentially sensitive data is properly removed before assets are destroyed. • Removable media protection and restriction, to restrict the use of removable media and to monitor their use and secure disposal, in order to avoid inadvertent disclosure. • A clean desk policy. • Data security. This includes encryption (at rest and in transit), integrity checking and backups. • Anti-virus / anti-malware software.

• Patch management, including operating system updates, software updates and firmware updates. • Penetration testing, to determine if vulnerabilities exist in technology infrastructure. • Screen saver / lockout / automatic logoff. These should occur automatically after a predetermined amount of time. • Remote access: Restrict and monitor external access to internal systems and applications. These may seem like daunting tasks for startups, but they may have no choice if they conduct business in certain states or collect certain personal information from residents of certain states. For example, any business (including out-ofstate entities) that receives, stores, maintains, processes or otherwise has access to personal information about a resident of Massachusetts in connection with the provision of goods or services, or in connection with employment, is required to develop and implement a written comprehensive information security program. The requirements are set forth in state regulations, and they include most if not all of the safeguards listed above. Fortunately for startups, most privacy and cybersecurity laws and regulations require “reasonable” steps to be taken to protect and secure the privacy of information. This means that the budget constraints and limited resources described above can be taken into account when developing and implementing adequate safeguards. Privacy and cybersecurity awareness and training are also critical for startups. Employees and other insiders are often the weakest link and the cause of many privacy and cybersecurity issues, so startups must ensure their teams understand policies and procedures, and buy into them. Startups are in a unique position regarding awareness and training. Because they generally have a small number of employees or independent contractors, it’s easier for them to conduct training and keep their teams up to date with current privacy and cybersecurity issues. They may find it easier to build awareness into their culture by incorporating

awareness and training at the early stages, and then as the company grows find that to be a competitive advantage. A startup may also be able to follow “privacy by design” and “security by design” principles from the very beginning, as it develops products or services, and that too can prove to be an advantage. ■

CyberseCurity resourCes for startups It’s important for startups to identify the skills they need and engage the appropriate parties to provide it, whether it’s attorneys, consultants, additional employees, or people from other startups. Meanwhile, there are many free resources available on the internet. These include: • https://www.ftc.gov/tipsadvice/business-center/ privacy-and-security • http://nvlpubs.nist.gov/ nistpubs/SpecialPublications/ NIST.SP.800-53r4.pdf • http://www.hhs.gov/ocio/ securityprivacy • https://www.sans.org/ security-resources/

Bill O’Connor is a member the Privacy and Information Security Team at Baker Donelson. His practice is focused on technology, information security and privacy, securities, corporate governance, mergers and acquisitions, and general corporate matters. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional (CIPP). boconnor@bakerdonelson.com

Sp ec Ia L a dve rT ISIng S ec T Ion

Super Lawyers, a part of Thomson Reuters, is the only lawyer-ranking service with a patented selection process.* How do we do it? The infographic on the right shows, at a very high level, the steps we go through to vet the attorneys selected to our list each year. Because of our rigorous selection process, and the fact that our selection is limited to no more than 5 percent of the attorneys in any state or region, you can rely on us as one of your sources for finding an attorney who exhibits excellence in the practice of law.

This issue continues the unique partnership between Todayâ&#x20AC;&#x2122;s General Counsel and Super Lawyers. In each issue, you will learn about lawyers and firms that have passed muster with Super Lawyers. We honor attorneys in commercial and consumer practice areas, and the focus with our partnership will be on those selected in a business-related practice area. If you find yourself in need of legal services, whether for your business or personally, start your search with Super Lawyers. For more information on our selection process or to find a lawyer in a specific region or practice area, please visit SuperLawyers.com. learn more

SuperLawyers.com/SelectionProcess

Questions?

SL-Research@thomsonreuters.com

visit SuperLawyers.com Search for an attorney by practice area and location, and read features on attorneys selected to our lists.

*U.S. Pat. No. 8,412,564

DISCLAIMER: The information presented in Super Lawyers is not legal advice, nor is Super Lawyers a legal referral service. We strive to maintain a high degree of accuracy in the information provided, but make no claim, promise or guarantee about the accuracy, completeness or adequacy of the information contained in this special section or linked to SuperLawyers.com and its associated sites. The hiring of an attorney is an important decision that should not be solely based upon advertising or the listings in this special section. No representation is made that the quality of the legal services performed by the attorneys listed in this special section will be greater than that of other licensed attorneys. Super Lawyers is an independent publisher that has developed its own selection methodology. Super Lawyers is not affiliated with any state or regulatory body, and its listings do not certify or designate an attorney as a specialist. State required disclaimers can be found on the respective state pages on superlawyers.com.

SpeCIa L a DVe rT ISINg S eC T ION

Super LawyerS DaviD E. ChambErlain

JEffrEy m. sElChiCk

Ethan l. shaw

301 Congress avenue 21st Floor austin, TX 78701 Tel: 512-474-9124 Fax: 512-474-8582 dchamberlain@chmc-law.com www.chmc-law.com

pO Box 11280 albany, Ny 12211 Tel: 518-783-0016 selchick@nycap.rr.com www.selchick.com

1609 Shoal Creek Boulevard Suite 100 austin, TX 78701 Tel: 512-499-8900 Fax: 512-320-8906 elshaw@shawcowart.com www.shawcowart.com

Civil litigation: DEfEnsE Personal injury General: Defense Professional liability: Defense

EmploymEnt & labor alternative DisPute resolution aDministrative law

businEss litigation Civil litiGation: Defense Personal injury General: Plaintiff

David Chamberlain was named the Outstanding Defense Bar Leader in the nation in 2006 by DrI, the largest association of defense trial lawyers in the country. He is past Chair of the State Bar of Texas Board of Directors, past president of The american Board of Trial advocates (Texas Chapters), and recently served as president of the Texas association of Defense Counsel and the austin Bar association. He recently served as Course Director of the State Bar Business Disputes Law Course and the State Bar advanced Civil Trial Law Course, and received the State Bar’s Standing Ovation award in 2014. He is listed in The Best Lawyers in America and is the founding partner of Chamberlain McHaney, where he handles a full docket of complex civil litigation. He is Board Certified in personal Injury Trial Law.

engaged in the practice of labor arbitration, mediation, and employment dispute resolution, arbitrator Selchick serves on labor arbitration panels of the american arbitration association and the Federal Mediation and Conciliation Service. He is available to accept assignments throughout the u.S. a member of the National academy of arbitrators, he is active in both the public and private sectors and serves as permanent contract arbitrator for numerous employers and the respective unions. arbitrator Selchick has over 30 years of experience as arbitrator of contract disputes and disciplinary matters for all types of manufacturing and service industries, with expertise in government, police and fire, corrections, hospitals, education, and transportation.

ethan Shaw is included in a small percentage of lawyers who are Board Certified in both personal Injury Trial Law and Civil Trial Law by the Texas Board of Legal Specialization. In addition, he is aV-rated by Martindale-Hubbell. Shaw has earned a reputation as an exceptional trial attorney, having successfully represented clients in matters across the united States. He handles many types of cases for both plaintiffs and defendants. Shaw is licensed to practice in Texas and before the u.S. District Courts for the Northern, Southern, eastern, and western Districts of Texas.

Chamberlain mChaney

attorney – arbitrator

shaw Cowart, llP

OCT/ NOV 2016 TODAY’S GENER AL COUNSEL

Cybersecurity

Preparation is the Best Defense Against a Cyber Attack By Collin J. Hite

oday virtually all businesses are on the radar of cyber criminals. Businesses large and small are now realizing the question is not if they will get breached, but when. Ransomware in particular has seen a spike in 2016. Importantly, cybersecurity is no longer just an IT issue. It’s companywide, and all stakeholders need to be involved in the solutions. Here is a ten-point checklist on some best practices for managing the risk.

1 2

Minimize data collection. If you do not need it, then do not collect it.

Understand and comply with the Payment Card Industry Data Security Standard (PCI DSS). Make sure your business is completely aware of its “cardholder data environment” and is providing appropriate protections.

Find and digitally shred unneeded information. Old, forgotten data is dangerous. Don’t be “data blind.” Eliminate what you no longer need.

Limit access. Employees should be on a “need to know” basis with personally identifiable information (PII) and HR data.

Split up your network. Create electronic firewalls that limit the spread of viruses and attacks.

Encrypt! Proper encryption renders hacked data unusable, and it can provide a safe harbor from mandated reporting requirements in some instances.

Understand your network. Review network logs for unauthorized activity, and make sure your security professionals do too.

Security is not just for IT professionals. Make sure your entire organization creates and respects a culture of privacy that prioritizes security as the basis for all of its operations.

Have a comprehensive incident response plan in place and test it regularly through desktop exercises.

Work closely with your broker and an insurance coverage attorney to procure appropriate data privacy insurance. Larger entities must take an enterprise risk management approach to cyber risks, since exposures permeate every facet of an organization. Consequences of a data breach can be catastrophic, so comprehensive risk control techniques are critical to reduce both the frequency of loss and loss severity.

litigation brought by customers for their direct losses due to a breach. However, insurance may also cover: • PCI-DSS liability • Credit monitoring for customers • Cost associated with notifying customers of a breach • Media and privacy liability • Responses to regulatory investigations Policyholders can also obtain “Difference-In-Conditions” coverage under certain first-and third-party coverages. For data privacy insurance, the market continues to evolve, and insurers are using a wide variety of forms. In this case, the devil truly is in the details. Here are some tips for placing data privacy coverage:

Computer data restoration Re-securing the information network Theft and fraud Business interruption Forensic investigations Crisis and public relations management • Extortion

• Use a team approach: the insured, the broker, and coverage counsel. • Understand your risk profile. • Review existing coverages to know what is already available in your current program. • Put into place other data privacy coverage as needed. • Understand that data coverage is broader than just “cyber.” • Ensure there is coverage for using Cloud services. • Negotiate for a retroactive date of at least one year. • Know what legal counsel and vendors will be supplied by insurers. • Carefully review the insurance application.

First-party losses are usually the highest costs to a business suffering a cyber-attack, so adequate coverage in this area is vital. But organizations need liability coverage as well. Most coverage in this area will provide for defense against

For most companies, the significant costs associated with responding to a data privacy breach cannot be borne internally, and robust data privacy insurance is required to shift the risk. The premiums and policy limits are relative to a company’s risk, so that ratio allows

INSURANCE PURCHASE CHECKLIST

It’s possible to obtain cyber insurance for losses, but it is critical to understand the full scope of the coverage you buy. Insurance to protect property and network can include coverage for: • • • • • •

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL OCT/ NOV 2016

Cybersecurity

oct/ nov 2016 today’s gener al counsel

Cybersecurity

a business of any size to consider such coverage. However, keep in mind that insurance underwriters are very cautious and thorough in issuing data privacy insurance, and they employ an extraordinary amount of due diligence in the underwriting process. As a result, businesses that go through that process will learn a great deal about the current state of their network security and response plan. Information learned in this way can be useful for companies, as they search for gaps and upgrade their security and protocols, as well as establish their coverage. Policyholders

72 hours of an incident can increase response costs by two to three times. An efficient response can also prevent loss of sales and income and a drop in stock price. Customers who are comfortable with a company’s response are less likely to stop doing business with the company, in the days following the breach and thereafter. A proper and effective response protects the company’s brand reputation. Keep in mind the bigger the company, the harder the fall when it comes to a botched response to a breach. Ransomware can be considered the next breach frontier. According to a re-

For most companies, the significant costs associated with responding to a data privacy breach cannot be borne internally, and robust data 36

privacy insurance is required to shift the risk. will be required to fill out extensive questionnaires and likely submit to an onsite visit. All of the information gathered in the process not only informs the insurer as to whether it wants to issue a policy, but also becomes invaluable to the company in its efforts to establish a strong network defense and response. Going through the process of purchasing insurance is the first step, not only to getting insurance protection, but also to developing a strong response plan. There are major differences in policy forms among the carriers, and policyholders must be vigilant to ensure they purchase the right coverage. Although the declarations page and coverage grant are obviously important, insureds must look well beyond them. ADVANCE RESPONSE PLANNING

A comprehensive data incident response is now a must, whether or not the business carries data privacy insurance. The plan should be thorough, and it should be tested. Mistakes made during the first

port from Intel Corp.’s McAfee Labs, the number of cyberattacks where malware holds user data hostage is expected to continue to grow, as hackers target more companies and advanced software is able to compromise more types of data. This malware works by encrypting files on a system’s hard drive using an unbreakable key. It is decrypted by the attacker only after a ransom is paid, typically by online currency such as Bitcoin. The malware is usually delivered via email, which makes some industries particularly susceptible in light of current trends to communicate with customers through email. The best ransomware defense is a robust backup of all data in an offline environment. Companies also must ensure their computer networks are regularly updated with security patches. Jens Monrad, systems engineer at FireEye, notes that most malware “will execute with the same privileges as the victim executing the payload. If the person getting compromised has local or global administrative privileges, the malicious code will have access to the same resources.”

Cyber insurance is the ultimate backstop in a cyber extortion situation. It can pay the ransom, as well as the cost of restoring the network. But remember that it’s critical for the insurance to be properly placed at inception, to ensure the coverage is there when needed. GETTING SERIOUS ABOUT CYBER DEFENSE

After going through the exercise of purchasing data privacy insurance coverage, a company is well positioned to develop a response plan. Good preparation means that the company: • Develops a strong response team. • Identifies response capabilities and external resources. • Establishes relationships with law enforcement and regulators. • Creates and tests its plan prior to an actual event. • Anticipates communication, remediation and notification pitfalls. Time spent upfront as part of an indepth analysis when considering insurance may prevent the type of coverage battles many policyholders are now facing. Regardless, the incident response plan is a must for any company that doesn’t want to risk going out of business. ■

Collin J. Hite is the practice leader of the Insurance Recovery Group in the Richmond office of Hirschler Fleischer and the co-chair of the firm’s Data Privacy and Security Group. He provides insurance policy and program audits for policyholders, and he handles insurance recovery and coverage litigation nationally. chite@hf-law.com

today’s gener al counsel oct/ nov 2016

E-Discovery

Crusing E-Discovery continued from page 29

it comes to a successful collection. Here is a suggested process, with checkpoints along the way. 1. To prepare, begin by defining criteria to initiate a legal hold (business events or notices of litigation that trigger the obligation to preserve data). Then document responsibility and procedures for the identification of sources of data subject to preservation. 2. Automate legal hold, so that when preservation duty is triggered, notices are sent to relevant custodians and system owners who oversee companygenerated data.

8. It’s also important to understand the breadth and scope of a given collection need. Consider using a formal custodian interview process to uncover data sources or additional custodians. “Using the simple analytic of putting custodians into tiers, you can lower costs. The hybrid approach is cheaper than ‘collect everything,’ but more defensible than ‘In-Place’. You’re getting what you need without it costing a fortune.” Beth King, Lead Paralegal, Vestas

Working with IT and Legal Effectively In order to work effectively with another department, you need to develop a relationship top down, define roles clearly, and develop an effective process

Once a legal hold is initiated, preservation requires strict scheduling and notification of custodians and data system owners, as well as audit procedures to verify compliance.

3. Create audit procedures to verify compliance and define non-compliance procedures. 4. Work with HR and IT to handle custodian departures and new employee arrivals in which preservation obligations may be impacted. 5. Develop a clear interview process for obtaining information from relevant custodians. 6. Define a legal hold release process that accounts for custodians on concurrent holds. 7. Once a legal hold is initiated, preservation requires strict scheduling and notification of custodians and data system owners, as well as audit procedures to verify compliance. Communication between all parties involved is a must, and with clearly defined responsibilities and procedures to keep this process efficient.

and tracking system. First, make sure you have all these people ready to go with you: • • • •

GC CIO Liaison between IT and Legal Legal professionals involved in e-discovery • IT professionals involved in e-discovery. Then, follow these steps: 1. Educate your GC on the importance of developing a relationship with IT. 2. Define the roles and responsibilities of legal and IT. 3. Build personal relationships. 4. Schedule monthly meetings between teams. 5. Create a universal tracking system for discovery requests.

6. Document and consistently define and refine the discovery process. “The difficulty comes largely from the fact that litigation is a very small part of what your company is about and an even smaller part of what the IT department is about. The key to getting around this is management buy-in at the highest levels of the company, so that when you go to IT and ask for help, they understand that their managers know e-discovery issues have to be a priority as they come up.” Travis Wolfinger, Sr. Attorney, Marathon Petroleum

“Ten years ago, Legal didn’t always do a very good job of explaining why they were coming into the IT department and asking a whole lot of questions about what IT was doing operationally. Now we need to mend relationships and explain to IT professionals why the standards and expectations that are being imposed on them by Legal are important.” David Briscoe, Sr. Director, Consilio

A lot can come up when you’re on an e-discovery trip, and you can’t plan for everything. But with a solid process in place, your e-discovery travels don’t have to be bumpy. You can be prepared for the unexpected, and handle anything that comes your way. ■

Joe Mulenex is Director of Solution Engineering at Exterro. He has served as special master in numerous cases and has led the discovery work for one of the parties in Deepwater Horizon, the largest litigation in U.S. history. His experience includes digital forensics, ESI processing and analysis and managed review. joe.mulenex@exterro.com

oct/ nov 2016 todayâ&#x20AC;&#x2122;s gener al counsel

Intellectual Property

It is Still Possible to Patent Software By Ed Russavage and Matt Grady

today’s gener al counsel oct/ nov 2016

Intellectual Property

espite the doom and gloom about the difficulty of patenting software in today’s legal landscape, there are still ways for software companies to protect their intellectual property. This article will discuss concrete and practical strategies for prosecuting existing cases to successful and timely completion, as well as strategies for preparing cases yet to be filed, so that they will withstand heightened scrutiny resulting from the new U.S. Patent & Trademark Office tests for determining patentable subject matter. We will also provide a brief overview of recent relevant cases. BACKGROUND

In 2012, the U.S. Supreme Court started a line of cases that dramatically shifted the definition of subject matter that inventors can protect with patents, effectively narrowing the types of ideas that the patent system can protect. For software and business methods, the line of cases culminated in the Alice Corp. v. CLS Bank International decision, which excludes any invention characterized as an “abstract idea.” Alice resulted in many issued patents being invalidated and more rejections of patent applications at the USPTO. The Court’s newly declared two-step abstract idea test determines (1) if patent claims are “directed to” an abstract idea, and if so, (2) whether the claims recite “significantly more” than the abstract idea itself. Unfortunately, the Court provided only the bare-bones test, leaving what constitutes an “abstract idea” and when claims recite “significantly more” for another day. It has thus fallen to the lower courts to define the test, and to the USPTO to figure out implementation. Both have struggled. Since Alice Corp., only a handful of Federal Circuit cases have determined that a patent claims patent-eligible subject matter. The contradictory legal opinions and varying USPTO standards for identifying eligible subject matter have left attorneys and corporations adrift, as they try to determine what is left to patent. In certain technical groups within the USPTO (e.g., business method art units), most relating to software, the

patent allowance rates have plummeted, causing many applicants to abandon their ideas or incur increased costs of prosecuting their patent applications. HOPE FOR NEW APPLICATIONS

At least one case in late 2014 provided direction for obtaining meaningful patent protection. Although the DDR Holdings case (DDR Holdings, LLC v. Hotels. com, L.P.) was not the widespread panacea that patentees and applicants were looking for, it did indicate that technical ideas are not necessarily abstract and therefore can be patented. More recent cases in 2016, including Enfish, TLI, and Bascom, as well as follow-up guidance from the USPTO, helped to further define the tests used for determining what can and cannot be patented. In the current landscape, the USPTO has taken a conservative approach by placing most of the burden on the patent applicant to prove that a patent application does not claim an abstract idea. As

current guidelines, care must be taken in defining and claiming the invention. Technical features that solve technical problems, such as those described in the recent Enfish case (Enfish, LLC v. Microsoft Corp.), should be defined and described carefully. Most software can be described as a collection of technical features, with some being more important (and technical) than others. A successful strategy includes capturing the invention by covering a collection of technical aspects, each of which may provide incremental value. The days of describing an invention broadly, sometimes without much technical detail, are over. Well-written applications should include more technical detail and examples of improvement over conventional computer functions. Each of the latest cases finding eligible subject matter – including DDR, Enfish, and Bascom (Bascom Global Internet Services Inc. v. AT&T Mobility LLC) – can be used to build

For an existing case, one approach is to change the claims to cover a technical feature described somewhere within the patent specification.

a result patenting software has become a more difficult and expensive process. However, it’s not impossible, even within the most difficult art units, if certain strategies are used. Recent cases and interactions with the USPTO have shown that technicallybased inventions, such as inventions that target improving the functioning of a computer itself, are still eligible subject matter. Success in obtaining and defending patent claims is directly related to what ideas the claims are directed to, and how they are characterized in the application and during prosecution. In addition, the procedure by which an invention is prosecuted can play a large part in whether the patent is granted. To obtain a patent under the

a path to an allowable application. For instance, careful planning is needed to identify technical features that can be analogized to DDR where the invention is necessarily rooted in computer technology – meaning it necessitates computers. Claims should also be focused on technical implementations, to increase the chances of ending the abstract idea inquiry at step one, as discussed in the Enfish decision. That is, if the technical implementation claimed is not “directed to” an abstract idea, the claim is eligible. Also, even if the elements of the claim are known but are arranged in a novel way, examples should be included to describe improved operation continued on page 43

oct/ nov 2016 today’s gener al counsel

Intellectual Property

Confronting the Gray Market in Korea and the U.S. By Rebecca Felsenthal, Richard Nelson, Sue Su-Yeon Chun and Jason Jeong Lee

ray market goods, also known as parallel imports, are genuine (not counterfeit) goods that have been manufactured by, for, or under license from the trademark owner. They are typically intended for sale in a particular market, but imported into and sold into another market or region. Both Korea and the United States face an influx of gray market goods. However, they offer

trademark owners vastly different tools to combat this problem. Under U.S. law, trademark owners have two tools with which to limit the distribution of gray market goods. First, the Lanham Act enables U.S. trademark owners to fight gray market goods in federal court, where the resale of genuine trademarked goods is limited by the first sale doctrine. The first sale doctrine,

borrowed from U.S. copyright law, states that a trademark holder has an exclusive right to the first sale of its goods, but cannot block the resale of genuine products. However, there is a limited definition of what constitutes a genuine product. “A gray-market good is ‘genuine’ only if it does not materially differ from the U.S. trademark owner’s product” (Hokto Konoko Co. v. Concord, 9th Cir. 2013).

today’s gener al counsel oct/ nov 2016

Intellectual Property Courts have concluded that a product is “materially different” from a product intended for sale in the United States for a variety of reasons, including physical differences between products, like product composition or packaging; language differences in product packaging and instructions; and differences in quality control, service offerings, warranties and production methods. Despite the permissive implications of the first sale doctrine, courts enjoin the sale of gray market goods that are “materially different” from products intended for sale in the United States. The second way to limit the distribution of gray market goods is to use legal remedies available in a few states. California, for example, requires disclosure to the consumer when a gray market product does not retain the manufacturer’s warranty, unless the gray market seller provides a warranty that is equal to or better than the manufacturer’s. Similarly, New York requires sellers of gray market goods to disclose, when applicable, that the product is not accompanied by a U.S. warranty; the product is not accompanied by instructions in English; and the product is not eligible for a rebate offered by the manufacturer. Trademark owners may also have remedies against parallel importers for the improper procurement of gray market goods. When the goods have been obtained through fraud and misrepresentations, trademark owners can seek civil and criminal remedies.

held that U.S. Customs should have prohibited the unauthorized importation of merchandise from the United Kingdom bearing a U.S. trademark legitimately applied abroad, because the merchandise sold in the U.K. was modified to the tastes and preferences of British consumers. Obtaining Lever Rule protection is complicated, and many trademark owners view it as a double-edged sword. It prevents some gray market goods from being imported into the U.S., but also creates a snag in the importation of goods through the authorized supply chain. In addition, under the Lever Rule, U.S. Customs cannot detain gray market goods that are materially different if the goods bear a “conspicuous and legible

U.S. courts enjoin the sale of gray market goods that are “materially different” from products intended for sale in the United States.

label” stating that the product is not authorized by the United States trademark owner for importation and is physically and materially different from the authorized product. Korean gray marKet laws

Customs ProteCtion

In addition to the courts, U.S. trademark owners may seek assistance from U.S. Customs and Border Patrol. It has authority to detain imported gray market goods (including those bearing “genuine” trademarks) if the goods are physically and materially different from those authorized for sale in the United States, and where the trademark owner has obtained specific “Lever Rule” protection. The Lever Rule was codified in U.S. Customs Regulations following the D.C. Circuit’s decision in Lever Bros. Co. v. United States in 1993. There, the court

This does not, however, mean that there is nothing a trademark owner can do to prevent parallel importers from using its trademarks in a manner that is likely to mislead or cause confusion among consumers regarding the business relationship between the trademark owner and the parallel importers. The landmark Supreme Court case Burberry Limited v. E.M.E.C. Co. Ltd. (2002) addressed the extent to which a party can advertise a parallel imported product in South Korea. The Supreme Court ruled that while the defendant’s use of the BURBERRY trademark in connection with the sale of genuine BURBERRY products did not violate trademark laws, such use may nevertheless violate unfair competition laws if it is likely to lead consumers

South Korean law is similar to that of many countries, in that parallel importation is in general lawful and will only be prohibited in very limited circumstances. Under the relevant customs guidelines, a genuine gray market good can be prohibited where there is an exclusive licensee with respect to the registered trademark and the goods in question; the exclusive licensee wholly manufactures the trademarked goods and does not import the goods; and the exclusive licensee is not an agent of, or a company related to, the trademark owner. Unless the foregoing requirements are all met, it is difficult to prevent parallel importation.

to believe, for example, that the parallel importer is the official Korean agent of, or has any business relationship with, the trademark owner. Based on this holding, the Supreme Court affirmed the lower court’s decision enjoining the defendant from using the BURBERRY mark on exterior signage and business cards. Therefore, if parallel importers were to use a trademark in a manner that is likely to cause consumer confusion or deception about their business, the trademark right owner may be able to prevent them from using it, even if stopping sales or importation into South Korea may not be allowed. In addition, any unauthorized use of a copyright owner’s works by a parallel importer in relation to advertising, selling, etc. of gray market goods may be deemed unlawful, as it infringes the copyrights in those works.

oct/ nov 2016 today’s gener al counsel

Intellectual Property It is important to note that any attempt to block or restrict parallel importation has the risk of being considered a violation of the Monopoly Regulations and Fair Trade Law of Korea, which protects parallel importation to a certain extent. The basic presumption is that unfairly impeding such parallel importation may constitute a violation of the Monopoly Regulations and Fair Trade Law as an unfair business practice. Protecting AgAinst grAy MArket ProbleMs

In the United States, trademark owners have multiple avenues to limit the entrance of improper parallel imports to market. They must assess the scope and source of any gray market problems by reviewing and updating their agreements, emphasizing channel compliance, monitoring channel partners, and developing efforts to track and serialize products. Registration of trademarks with the U.S. Patent and Trademark Office, as well as recording marks with U.S. Customs, is critical. Clear physical differences in product packaging and language differences in instructions will help you, and government officials, to identify improper gray market goods and enforce laws and regulations against importers. Additionally, both state and federal laws provide trademark owners with causes of action against those who fraudulently procure gray market goods, sellers of “materially different” gray market goods, and sellers that fail to disclose the gray market status of their products. As for South Korea, while parallel importation is generally allowed, a trademark owner may have recourse against third parties from using the related trademark and/or copyright in a manner which violates the unfair competition laws, copyright laws, etc. In this regard, any decisions on potential actions against parallel importers should be made based on the specific facts involved. Typically, a trademark owner can prevent a parallel importer at least from operating an independent shop using a signboard bearing the same trademark. In addition, there have been more than a few cases in South Korea where

some parallel importers imported and sold genuine gray market goods mixed together with counterfeits, against whom additional legal measures may be taken, including civil and criminal actions. Therefore, it would be advisable to closely monitor the activities of certain parallel importers in order to take immediate action against counterfeits. In any case, trademark owners should always be mindful of the risk that excessive action against parallel importers could be construed as unreasonably preventing parallel importation. That may violate the Monopoly Regulations and Fair Trade Law of Korea. Domestic trademark owners in the United States and in Korea receive protection by way of the respective laws and regulations concerning gray market goods in varying degrees. In the United States, trademark owners may rely on stricter laws that prohibit the sale of

Rebecca Felsenthal is an associate at Sideman & Bancroft in San Francisco. Working with the firm’s Brand Integrity and Innovation Group, she represents business entities in connection with brand protection issues, trademark enforcement, and a range of civil litigation matters. rfelsenthal@sideman.com

Richard Nelson is a partner at Sideman & Bancroft in San Francisco, where his practice focuses on intellectual property, fraud enforcement, complex commercial litigation and internal investigations. He has extensive trial experience in federal and state courts, having tried 32 cases to jury verdict. rnelson@sideman.com

gray market goods that differ materially from goods intended for sale in the United States. In Korea, the sale of gray market goods is generally permitted regardless of where the goods are intended for sale. That being said, trademark owners are aided by laws prohibiting the unfair competitive use of their trademarks by parallel importers. Trademark owners in both countries are advised to monitor the market, identify parallel importers, and carefully consider their options before enforcing their trademarks. ■

Sue Su-Yeon Chun is a trademark attorney in Kim & Chang’s Trademark/ Design Practice Group. Her practice encompasses trademark, unfair competition and design prosecution, and enforcement matters. She has handled a wide range of IP matters in business sectors including entertainment, publishing, fashion, jewelry, luxury, pharmaceutical, chemistry, cosmetics, personal care, food, consumer products and information technology. She has also handled a number of notable administrative trials and litigations. sychun@kimchang.com

Jason Jeong Lee is an attorney in Kim & Chang’s Trademark/ Design Practice Group. His practice focuses on trademark enforcement and prosecution, unfair competition, copyrights, designs, anti-counterfeiting, customs and domain name matters. His experience includes advising multinational corporations and global brands on intellectual property issues. jlee4@kimchang.com

today’s gener al counsel oct/ nov 2016

Intellectual Property Patenting Software continued from page 39

of a computer and meet the second step of the inquiry, as discussed in the Bascom case. Technical areas that can still be protected in software are numerous, if cast in a technical light. For instance, systemlevel aspects, architecture, protocols, and other technically-based features are still fair game for patenting. SAVING EXISTING CASES

There appear to be many ways to write better patents that will hold up under the new standards. Meanwhile, prosecuting existing applications, written under a different standard, presents other kinds of challenges. Cases being prosecuted before the USPTO may be stalled, rejected or otherwise abandoned after lack of success. For some companies, this has resulted in lost investment, increased costs, and frustration for those relying on obtaining the protection. Depending on the nature of the invention, closeness to the prior art, and other factors, a custom prosecution approach may improve the chances of success. For an existing case, one approach is to change the claims to cover a technical feature described somewhere within the patent specification. The technical feature need not be the best feature of the application, but it should be one that would enable you to push the case to allowance. Because one valid strategy is to delay prosecution until more favorable (and well-defined) guidelines exist for these types of cases, it makes sense to obtain what narrow protection is available currently, and pursue additional and perhaps broader coverage later in a continuation application. Another approach that should be used in conjunction with technical elements involves actively interviewing cases with the assigned patent examiner. Interviews should include the patent examiner’s supervisor, to accelerate agreement on the issues. Interviews have always been a valid approach for advancing prosecution, but with software cases having abstract idea rejections, it is especially useful to

understand the examiner’s position so that an expedited result can be reached. Another approach involves appealing cases. This can be beneficial with regard to the delay introduced in prosecution, which can be several years due to the current number of backlogged cases. Many borderline cases where there is a question of law, or close facts, may benefit from this strategy. In some cases, appeal is warranted because the facts are too close. In some the examiner cannot agree on eligible subject matter, or a supervisor has maintained the subject matter rejection (sometimes contrary to the working examiner). In these cases, the faster you can identify the need for appeal, the more you can reduce the legal costs. Statistical data may also be used to determine the appropriate procedural path through the USPTO, including the need for appeal. Commercial tools are available for reviewing the tendencies of particular examiners and art groups, and locating successful cases and arguments that could win the day. Also, because there are widely different allowance rates between art units and examiners (even within the same group), it is beneficial to forum shop to the client’s advantage. For example, the use of common specifications with different targeted claim sets may permit a case to be assigned to a particular art unit, which may dramatically increase the likelihood of getting a patent. SUCCESSFUL CASES

By using some of these approaches, we have had success in navigating the abstract idea landscape. In one case where an inventor wanted to leverage her patent to secure funding, aggressive interviewing, increased technicality of the claims, and responses were all used to obtain a patent in a business method unit of the USPTO (typically having allowance percentages in the single digits). Moreover, this patent (U.S. Patent No. 9,384,505) was secured using an accelerated patent filing process which typically concludes in a year, and provided the inventor the outcome she had wanted. In another example, a patent application covering financial processing

systems was languishing in the business method unit of the USPTO. Under current classification approaches there, mentioning financially-related processing can result in assignment to the business method art unit. Tying the claims directly to the hardware and circuit architecture allowed the applicant to overcome the subject matter rejection in an art unit having a very low allowance rate. The bottom line is that although software patents have been under fire for the past several years, there are valid approaches to successfully preparing and prosecuting software patents in the current environment. By using lessons learned from recent cases and taking a more active role in prosecution, clients can obtain the protection that they need. ■

Ed Russavage is a shareholder in the Electrical & Computer Technologies Group at intellectual property law firm Wolf Greenfield in Boston. He is a strategic advisor to a wide range of companies, including startups, mid-range companies and multinationals. He provides counsel in areas including patent protection, licensing, freedomto-operate and transactions. erussavage@wolfgreenfield.com

Matt Grady is a shareholder in the Electrical & Computer Technologies Group at intellectual property law firm Wolf Greenfield in Boston. He works in both U.S. and foreign jurisdictions, working with clients to develop effective intellectual property-building strategies and to protect IP, including utility patents, design patents, trademarks, copyrights and trade secrets. mgrady@wolfgreenfield.com

oct/ nov 2016 todayâ&#x20AC;&#x2122;s gener al counsel

Compliance

Protecting Data Analytics from Litigation By Coleman Watson

today’s gener al counsel oct/ nov 2016

Compliance

he worldwide web now allows businesses to reach their consumers far more efficiently, while consumers are free to more selectively interact with businesses they choose to patronize. There is a constant two-way exchange of information, as businesses market their services and consumers are enticed by their advertisements. This mutual exchange of information generates data, and lots of it. As any successful business knows, data collection without analysis seldom has economic value. Thus, the birth of data analytics, the process by which

and is often characterized by reference to volume (the amount of data that businesses collect and analyze), velocity (the speed at which industry collects data), and variety (the diversity of the data). The FTC report finds that businesses too often rely on data mining or analytics algorithms that directly or indirectly, and often inadvertently, take into account numerous legally protected and suspect classifications, such as race, color, gender, religion, age, disability status, national origin, marital status and genetic information. As a result of these findings, the FTC announced that it will

and provide disclosures when they take adverse action as a result of information contained in a consumer report. Section 5 of the FTC Act prohibits unfair or deceptive acts or practices resulting in a substantial injury that consumers could not reasonably have avoided and that is not outweighed by the benefits to consumers or to competition. The FTC report focuses on potentially “deceptive” and “unfair” practices in relation to big data. Deceptive practices may include violating disclosures made to users – for example, when a business violates its own privacy policy.

Data analytics have shifted from forecasting about individual consumers to forecasting about demographics and the general population.

businesses examine data sets to forecast consumers’ future patterns of behavior. Banks and credit card companies, for example, might analyze consumers’ spending patterns to counter fraud on financial accounts, and online stores might analyze consumers’ website navigation patterns in order to do targeted marketing of products based on past purchases. In its early days, data analytics were more revealing of individually identifiable customer patterns. But as data sets have grown, and thus become unmanageable at an individual level, data analytics have shifted from forecasting about individual consumers to forecasting about demographics and the general population. According to the Federal Trade Commission, rote algorithms – the engine of data analytics – can lead to unintended results that give rise to discrimination. Indeed, in January of this year the FTC published a report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, that addresses this issue. It focuses on the commercial use of “consumer information” big data, as well as the impact of big data on low-income and underserved populations. “Big data” refers to consumer data from a variety of sources,

become more aggressive in affirmatively setting policies designed to ferret out any improper use of data concerning problematic classifications. According to the FTC report, the big data lifecycle consists of collection, compilation and consolidation, analysis and use. The report itself, however, only concerns the “use” component of the lifecycle. It aims only to educate businesses on important laws and research that are relevant to big data analytics, such as the Fair Credit Reporting Act (FCRA), Section 5 of the Federal Trade Commission Act and various federal equal opportunity laws. FCRA requires consumer reporting agencies that compile and sell consumer reports to implement certain policies that will ensure the safety and accuracy of reports, provide consumers access to their own information and follow reasonable procedures to correct identified errors. Consumer reports are allowed to be provided only when the receiving entity has a permissible purpose, which may be the result of the consumer’s own written authorization, or for credit, employment, insurance or housing determinations. In addition, users of consumer reports are required to take certain steps

A Section 5 violation can be disastrous to any business, mainly because the FTC has the power to bring enforcement actions, which almost always end in settlement agreements. Enforcement actions generally require that a business disclose the unfair or deceptive practices to their customers, which obviously damages customer trust in the business. The federal equal opportunity laws, including the Equal Credit Opportunity Act (ECOA), Title VII of the Civil Rights Act of 1964, the Americans with Disabilities Act, the Age Discrimination in Employment Act, the Fair Housing Act, and the Genetic Information Nondiscrimination Act, prohibit discrimination based on protected characteristics. The federal equal opportunity laws require proof of either disparate impact or disparate treatment. The FTC report advises that lenders should focus on Regulation B of the ECOA which “prohibits creditors from making oral or written statements, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application” while also requiring lenders to “maintain records of continued on page 49

oct/ nov 2016 today’s gener al counsel

Compliance

Data Governance for the Internet of Things By David Katz

ith the adoption of state-ofthe-art technologies, more companies are joining an interconnected web of devices connected to the internet, known as the Internet of Things (IoT). Businesses across the manufacturing, automotive, agricultural, energy, healthcare and now consumer sectors employ Internet-connected deviceto-device communication, enabling extraordinary monitoring and communication abilities. By using these Internetconnected devices, businesses transfer more data than ever, and consequently face increasing cybersecurity risks and regulatory compliance issues. Companies must develop information governance strategies to accommodate these emerging information types, and also prepare for the regulatory and compliance implications of data that moves between devices and systems and across borders. Companies that implement sound data governance now and conduct a data audit and inventory will be best prepared for audits by regulators and customers. Establishing a data governance committee (DGC) is the first step to addressing these risks. The DGC’s primary duty is to ensure responsibility, accountability, defensibility and sustainability of data practices. The framework for effective data governance planning contemplates the personnel, technology, processes, policies and procedures necessary to ensure the preservation, availability, security, confidentiality and usability of the company’s data. A DGC should also encourage strategic thinking and the creation of opportunities with the appropriate use of data within the company. A key initial step for a DGC should be the establishment of roles and objectives. They should, at the least, include:

• Specifying the framework for decision rights and accountabilities to encourage desirable behavior in the use of data. • Ensuring the data assets are overseen in a cohesive enterprise-wide manner. These objectives should be clearly articulated in the form of a governance charter, and clearly explained to the DGC members. The DGC should focus on establishing data standards for privacy and information security, records management, employee data, trade secret and intellectual property protection, e-discovery and litigation readiness, and vendor management. Such policies must include a comprehensive set of rules, policies and procedures governing the use and disposal of the company’s data.

through which employees can express concerns and independently identify potential risks. COMPOSITION

Choosing members of the DGC is crucial to ensuring its success. Members must comprise a cross-functional team, including representatives of executive management who can appreciate the role of data in the long-term objectives of the company. The DGC should include members of company leadership and representatives from the information technology, communications/marketing and legal departments, as each of these departments has control over areas of the company that are likely to be affected by a data governance strategy. The members will make decisions about data access control,

Establishing a Data Governance Committee is the first step to addressing these risks.

The DGC will be the decision-making body when issues arise related to data use. It will consider the appropriate level of risk allocation, and assure appropriate insurance and contractual transfer of data risk. Finally, the DGC can be a powerful tool for setting the tone within the company, establishing the internal top-down support to ensure that employees are properly educated and trained about their responsibilities related to data, including its collection, use and disposal. The DGC should also develop channels

disaster recovery requirements, policycompliance and other tasks related to data management. A larger company might create steering committees to focus on activities related to privacy, information security, and compliance, while a smaller company may delegate these areas of responsibility to DGC members. Through participation in the DGC, representatives can coordinate to accomplish the established objectives and goals of the company in the context of data governance. All team members should have a crucial role in ensuring

today’s gener al counsel oct/ nov 2016

Compliance

their respective departments are properly represented in data governance process. ROLES AND RESPONSIBILITIES

The roles and responsibilities of the DGC are to: • Establish direct reporting to the most senior corporate governance tier of the company. There should be

oversight of data governance from the company’s highest levels. • Evaluate and respond to internal proposals relating to the use of data in connection with data mining, behavioral targeting and data analysis. • Monitor implementation and compliance of processes, and propose needed revisions to policies and procedures.

• Provide oversight to senior management, the chief technology officer and company employees in their efforts to reinforce good business practices and maintain legal compliance. • Keep up-to-date regarding compliance activities, training activities, communications programs, compliance audit reports and reports of alleged violations of company policies.

oct/ nov 2016 today’s gener al counsel

Compliance

• Conduct annual evaluations of the company’s data governance practices. • Consult with any advisors they deem necessary to ensure that the company conducts its business activities in compliance with the law. GOVERNANCE FOCUS AREAS

At the core of all data governance is a firm understanding of the building blocks of data exchange. A company must know what types of data it generates and collects, what terminologies and coding languages are being transmitted by their partners, and how their

and objective assurance to the board and executive management regarding how effectively the company assesses and manages its data security risks. Without a mechanism to provide such assurance, a company faces risk of its information privacy practices becoming obsolete and inadequate. For example, internal audit should measure the effectiveness of data security controls. If it finds a weakness, it should then alert the relevant business or IT management to remediate it. Given that data security and privacy breaches can bring both reputational and direct financial costs, the company’s

• Review whether the IoT data collected and stored has an actionable purpose, keeping in mind that data can become a liability for the company both legally and in terms of the cost of storing it. • Data collected from IoT devices may need to be stored for longer periods of time, and as a result corporate data retention policies may need to be changed. The DGC should review policies with this in mind. • Utilize analytics to turn data into information and insights.

Review whether the IoT data collected and stored has an actionable purpose, keeping in mind that data can become a liability for the company both legally and in terms of the cost of storing it. 48

internal systems are set up to accept and analyze these different forms of data. The DGC should determine how the company will communicate data integrity and accuracy concerns to end-users. An independent security audit conducted by a third-party security company creates a profile of the current state of a system’s data information security compared to an ideal, and it provides an understanding that the DGC will need in order to implement new procedures and policies. The assessment will inform the DGC about where the company needs improvement. Also, some insurers provide a discount on premiums for annual assessments. The DGC should prepare for a cyber-audit by confirming where all data is, conducting reviews of policies that impact data security, ensuring that the company has cyber insurance that will protect the company in the event of a breach, and insisting on mandatory security training for employees. The DGC should document all security measures and be ready to produce them as a part of an audit. The DGC may delegate to internal audit the role of producing competent

board of directors needs to stay on top of these risks. A key role of internal audit is to keep the audit committee apprised of emerging risks and effective ways to address them. PREPARE FOR IoT TECHNOLOGY

The DGC should prepare for the implementation of IoT by considering the following. • Review the capabilities of the company’s connectivity and network infrastructure for the IoT foundation. Determine how IoT-related data will interact or integrate with other data sources and systems. Ascertain whether the company’s data storage infrastructure is large enough to handle IoT data. • Invest in mobile, social and cloud technology that will gather, share and analyze sensor data. • Develop a plan to regularly install security updates on IoT devices. • Explore encryption technologies capable of securing on-device IoT data to prevent data hijacking. • Review storage plans and security for IoT data repositories. They are attractive targets for hackers.

As the legal and regulatory environment remains volatile with regard to data security in general, and data use and data transfers both domestically and in Europe, companies should be focusing on how to best position themselves to stay ahead of the curve. Creating institutional infrastructure in the form of a DGC that formalizes the necessary communication, cooperation and ownership surrounding the challenges presented by data management has the potential to bring long-term value to the company. ■

David Katz is a partner with Nelson Mullins Riley & Scarborough LLP, in Atlanta. His practice focuses on regulatory compliance, consumer privacy and data security compliance, information governance, ethics, corporate governance and enterprise risk management. david.katz@nelsonmullins.com

today’s gener al counsel oct/ nov 2016

Compliance

Protecting Data Analytics continued from page 45

the solicitations and the criteria used to select potential recipients.” To ensure compliance with respect to big data in light of the FCRA, Section 5 of the FTC Act, and federal equal opportunity laws, the FTC report lays out several key questions that businesses should ask themselves. They include: • If you compile big data for a company that will use it for eligibility decisions (such as credit, employment, insurance, housing, government benefits and the like), are you complying with the accuracy and privacy provisions of the FCRA? • If you receive big data products from another entity that you will use for eligibility decisions, are you complying with the provisions applicable to users of consumer reports? • If you are a creditor using big data analytics in a credit transaction, are you complying with the requirement to provide statements of specific reasons for adverse action under ECOA? • Are you complying with ECOA requirements related to requests for information and record retention? • If you use big data analytics in a way that might adversely affect people in their ability to obtain credit, housing, or employment, are you treating people differently based on a prohibited basis, such as race or national origin? • Do your policies, practices, or decisions have adverse effects or impact on a member of a protected class? And if they do, are they justified by a legitimate business need that cannot reasonably be achieved by means that are less disparate in their impact? • Are you honoring promises you make to consumers and providing consumers material information about your data practices? • Are you maintaining reasonable security over consumer data? • Are you undertaking reasonable measures to ascertain the purposes

for which your customers are using your data? The FTC report also serves as a reminder it has broad jurisdiction to regulate e-commerce. The linchpin of the FTC’s position is that arguably under the FCRA, when aggregators and marketers compile “nontraditional” information from social media to build any type of consumer credit profile in order to make employment decisions and housing decisions, they become the equivalent of a credit reporting agency that is creating credit reports. In the FTC’s

Second, a business must continually review its data sets to ensure that the algorithms driving the analytics are not producing unintended consequences on problematic classifications. Third, given the changing landscape of data analytics, a business would be wise to implement the use of anonymized data, wherein individual consumers cannot be identified. With anonymization, the risk of harm is significantly lowered for data subjects, and so too is legal exposure. If nothing else, the FTC report underscores that big data brings big problems.

A business must continually review its data sets to ensure that the algorithms driving the analytics are not producing unintended consequences on problematic classifications.

view, this alone implicates the FCRA, despite the fact that the “credit reports” are for demographics of the general population, not for individually identifiable consumers. It is important to note that this position marks a departure from the FTC’s own precedent, wherein for more than 40 years the FTC did not consider the same aggregation of information akin to a credit report, so long as the information did not actually identify a consumer. But now, a credit report may still exist even where no consumer is identifiable. For business, this is a dangerous view that threatens legal exposure for alleged violations of the FCRA. However, the FTC report makes several recommendations that will assist businesses in avoiding violations. First, the business must ensure that in its data analytics process it is not missing information from certain demographics within the general population. If it is, it must quickly rectify the problem, or the missing data might lead to a bias and discrimination allegations.

The bottom line is that the powerful algorithms making data analytics possible are no longer simply complex numbers on paper. Rather, they are a door through which the FTC can enter your business and examine potential violations of federal law. ■

Coleman W. Watson is the managing partner of Watson LLP. He counsels clients on matters related to crypto-currency; patent, trademark and copyright licensing; cybersecurity; intellectual property portfolio management; and litigation. coleman@watsonllp.com

OCT/ NOV 20 16 TODAY’S GENER AL COUNSEL

WORK PL ACE ISSUES

What The Olympics Teach Us About Diversity By Dionysia Johnson-Massie and Paul E. Bateman

he closing ceremony of the 2016 summer Olympics included Simone Biles carrying the U.S. flag after winning five medals in various gymnastics events. Throughout the competition, Biles gave her best efforts with the tutelage of her coaches and the encouragement of her teammates. The coaches invested in her well before her Olympics performances, did not give up on her when she made errors while developing her skills, and envisioned her

Dionysia JohnsonMassie is a shareholder at Littler Mendelson. She is a litigator, as well as provider of advice and business solutions on labor and employment matters. A former Littler board member, she is founding member and current co-chair of Littler’s Diversity and Inclusion Council, and founding co-chair of its Women’s Leadership Initiative. djmassie@littler.com

Paul E. Bateman is a shareholder at Littler, where he counsels global companies in all facets of labor and employment law. He previously served as a member of the firm’s Management Committee, and Office Managing Shareholder of the Chicago office and the Diversity and Inclusion Council. pbateman@littler.com

success well before she could see it fully for herself. Her teammates championed her success despite having different experiences, ethnicities and backgrounds. Are there lessons we can learn from the Olympics about creating and maintaining diverse and inclusive legal teams? From our experience with various legal organizations, the answer is a resounding yes. Let’s compare what an Olympics team does and what a successful legal organization must do to have a successful diverse and inclusive team. Obviously the first step is recruiting diverse talent. Although there might be

pipeline challenges to recruiting diverse attorneys, they are simply that – challenges. Webster’s provides one definition of a “challenge” as the “[r]equirement for full use of one’s abilities or resources.” So, if an organization is having difficulty recruiting diverse talent, it may mean that it needs to use the various tools that exist to innovate recruiting efforts. There are plenty of online vehicles for advertising job openings where diverse attorneys will read them. However, focusing recruiting in contexts where applicants only learn of opportunities if tapped by a member of a select group already “on the team,”

TODAY’S GENER AL COUNSEL OCT/ NOV 20 16

or where decision-makers work with recruiters lacking depth in identifying diverse talent, represent woefully inadequate efforts to meet the challenge. The second step, retaining and rewarding diverse talent and making them feel like integral members of the team, is the most vexing. The parallels to the Olympics team are evident here. Imagine an Olympian being selected for

attorneys into certain practice areas, or roles without an upward trajectory. These organizations are not afraid to inquire about the lack of diverse talent hired into, or progressing successfully in, various regions of the country, business lines and practice areas, or into executive ranks. They courageously inquire about “why” something is occurring and demonstrate leadership

comes from their interactions while competing against each other. Plainly, Simone and Aly were exuberant after winning the Gold and Silver Medals, respectively. But, Aly was equally exuberant in her excitement over Simone’s Gold Medals. In other words, even in these individual events, Aly never stopped being Simone’s teammate and never stopped cheering for her success.

If an organization is having difficulty recruiting diverse talent, it may mean that it needs to use the various tools that exist to innovate recruiting efforts. a team but never being told when the team was practicing, what role she was playing, or when the events were taking place. It is not likely this Olympian would do well or want to be part of the team in the future. The same, we suggest, happens if an attorney is recruited to a legal organization, but is not given meaningful responsibilities and opportunities. Sensing dead ends, people leave organizations. Legal organizations that have successfully made diversity and inclusion an integral part of their mission recognize this, and take affirmative steps to ensure that diverse talent is not just window dressing. These organizations provide internal guidance through formal and informal mentoring programs, and by clearly conveying expectations and pathways to success. In addition to internal mentoring programs, there are various organizations, including the Minority Corporate Counsel Association, Corporate Counsel Women of Color and the Leadership Council on Legal Diversity, that have programs, which legal organizations can tap into to participate in external mentoring opportunities. Again, mentorship might be a challenge to an organization, but there are ample tools to address it. Additionally, successful organizations provide equal work opportunities and do not pigeonhole their diverse

by developing measurable goals and holding decision-makers accountable for creating and sustaining diverse and inclusive environments within their spheres of influence. They do the work necessary to eliminate the warts. Pretty words expressing positive intentions or lamenting the challenges of finding diverse talent are insufficient and outdated. There is simply no substitute for the hard work, accountability measures and courageous leadership required to create inclusive, career-sustaining work environments for diverse lawyers. This leads to another parallel between a winning Olympics team and a successful diverse legal organization. Some Olympic events are solely team sports, while others feature both team and individual competitions. Thus the U.S. women’s gymnastics team members competed in both a team event – where they won the Gold Medal – and individual events, in which some team members competed against each other. So after working together to win a Gold Medal for their teams, Simone Biles and Aly Raisman went toe to toe in the women’s all-around and floor exercise competitions. As we know, in both events, Simone won the Gold and Aly won the Silver. But the true lesson from these competitions was not that Simone and Aly are the two best gymnasts in the world. Rather, the lesson

In a successful legal organization, diversity and inclusion cannot simply be the mission of diverse attorneys. It must be the mission of all attorneys. It must be the mission of the chief legal officer who sets the tone and tenor for the entire organization, as well as other attorneys and staff in the legal organization. Stated another way, legal organizations that are successful in the diversity and inclusion arenas don’t just have Simones. They also have a bunch of Alys. ■

TODAYS G ENER AL C OUNSEL .COM

oct/ nov 20 16 today’s gener al counsel

T H E A N T I T R U S T L I T I G AT O R

Motions to Dismiss Under Twombly By Jeffery M. cross

hen my clients are involved in litigation in federal district court, a question that invariably arises involves a motion to dismiss the complaint for failing to state a claim. If my client is the plaintiff, the issue arises because the defendants have moved to dismiss. If the client is the defendant, the issue is whether we should move to dismiss. In 2005, the U.S. Supreme Court addressed the federal pleading standard in Twombly v. Bell Atlantic Corp. That decision and its progeny have been interpreted by many as imposing a heightened fact-pleading standard. This view would impose a significant burden on plaintiffs and, therefore, many in the defense bar think it is almost malpractice not to bring a motion to dismiss. However, as the lower courts have grappled with the standard, it has become apparent that the issue is more nuanced than that. Consequently, it is important to understand the key holdings by the Supreme Court in Twombly and the application of that standard by the lower courts. In considering Twombly, it is helpful to place the decision in its factual context. The Twombly case involved

Jeffery cross, is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com.

Section 1 of the Sherman Act, which requires an agreement in restraint of trade among independent economic entities. The plaintiff had alleged that the companies created from the breakup of AT&T – the so-called “Baby Bells” – had conspired to prevent competition from new local exchange carriers, and to allocate markets. An express agreement was not alleged, but rather circumstantial evidence of parallel conduct. The Supreme Court found that parallel behavior was as consistent with a uniform response to a common stimulus as it was with an agreement. As the Seventh Circuit Court of Appeals noted in a case following Twombly, the simultaneous establishment of thousands of lemonade stands on a hot summer day does

not suggest the existence of an agreement among all enterprising children. The Supreme Court held that barebone allegations of a conspiracy and parallel behavior were not sufficient because of this ambiguity. The Court held that “stating such a claim requires a complaint with enough factual matter (taken as true) to suggest that an agreement was made.” The Court also made it clear that asking for “plausible grounds to infer an agreement does not impose a probability requirement at the pleading stage; it simply calls for enough facts to raise a reasonable expectation that discovery will reveal evidence of an agreement.” In a later case applying the Twombly standard to all federal cases, not just an-

TODAY’S GENER AL COUNSEL OCT/ NOV 20 16

titrust cases, the Supreme Court stated that “[t]he plausibility standard is not akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” The Supreme Court has made it clear, however, that the “notice pleading” requirement of the Federal Rules is still valid. In that regard, a complaint need only state a short and plain statement of the claim showing that the pleader is entitled to relief, and – although specific

be true is no longer enough. Rather, the complaint must establish a non-negligible probability that the claim is valid, but that probability may not be as great as a standard such as “preponderance of the evidence.” What is clear is that Twombly did not change the rule that a court must construe a complaint in the light most favorable to the plaintiff, accepting as true all well-pleaded facts alleged, and drawing all inferences in the plaintiff’s favor.

One of the biggest issues in considering a motion to dismiss is that a trial court must take a well-pled fact as true, but can ignore “conclusory” allegations.

facts are not necessary – the complaint must give the defendant fair notice of what the claim is and the grounds upon which it rests. It is the “plausibility” requirement that causes the most misunderstanding. A panel of the Seventh Circuit interpreted Twombly as requiring that the plaintiff must give enough details about the subject matter of the case to present a story that holds together. It stated that “the court will ask itself could these things have happened, not did they happen.” Another panel of the Seventh Circuit noted that the Supreme Court’s plausibility standard is unclear when it states that it is not a “probability requirement,” but rather asks for more than a “sheer possibility” that a defendant has acted unlawfully. The court found this statement unclear because plausibility, probability, and possibility overlap. The court noted that “probability” runs the gamut from a zero likelihood to a certainty. The court also noted that what is “plausible” could have a moderately high likelihood of occurring. The court concluded that the fact the allegations undergirding a claim could

Furthermore, lower courts have held that a plaintiff’s burden must be commensurate with the amount of information available to it. These courts have held that it is unreasonable to require a plaintiff to plead specific facts known only to the defendants. Finally, one of the biggest issues in considering a motion to dismiss is that a trial court must take a well-pled fact as true, but can ignore “conclusory” allegations. The difference between a well-pled fact and a conclusory allegation is a fine line and appears in many cases to be up to the discretion of the trial court. The advice that I give my clients is that any allegation that appears to be a bare-bones statement of the elements of the cause of action is probably “conclusory.” However, an allegation that helps to tell the story is probably a factual allegation. The motion to dismiss has become standard fare for cases in federal district court. Bringing such motions without clearly understanding the standard would not only be expensive for the client, but also may encounter push-back from the court. ■

BEYOND PRINT

TodaysGeneralCounsel.com

IN YOUR INBOX

Digital.TodaysGeneral Counsel.com

E-DISCOVERY CONFERENCES

TodaysGeneralCounsel.com/ Institute

TODAYSGENERALCOUNSEL.COM

oct/ nov 20 16 today’s gener al counsel

I N F O R M AT I O N G O V E R N A N C E O B S E R V E D

The Promise of Data-Driven Decisions By Barclay Blair

ife, business, and government are increasingly quantified by data - data that is driving critical decision-making. For example, the market for “fitness wearables” is predicted to grow to $10 billion by 2020, with over 100 million people using the devices to enable data-driven decisions about health, sleep, and exercise. The promise of data-driven decision making is this: Processing and analyzing data at a scale far exceeding the capabilities of the human brain will transform our ability to understand and predict reality. The ability of organizations to govern information in a way that enables these deeper insights, unforeseen efficiencies and new business models is what will separate the winners from the losers in this new era. We still have a long way to go. While we invest in technology that can beat a human at Jeopardy in one part of our organization, we are stuck with the technology that prints Trebek’s cue cards in another. For all the big data sexiness, according to one academic study up to 80 percent of the total development cost

Barclay t. Blair is president and founder of ViaLumina and the executive director and founder of the Information Governance Initiative, a cross-disciplinary consortium and think tank. He is an advisor to Fortune 500 companies, technology providers and government institutions, and has written award-winning books on the topic of information governance. Barclay.blair@iginitiative.com

of an analytics project is spent on “data discovery and wrangling . . . the most tedious and time-consuming aspects of an analysis.” Why does it take so long? Because most organizations quite simply have very little idea what data they have, where that data lives, what it means, what rules must attach to it, and whether or not it represents measurable value or risk. Consequently, our data is messy, incomplete, difficult to find and access, duplicative, and missing context essential to enable its analysis and use. In short, it is the inevitable outcome of a generation of attempting to force analog practices to work in a digital world, and it has failed. Most organizations continue to make management decisions about

their information based on tradition, superstition, and supposition instead of innovation, evidence, and analysis. It’s time that our approach to governing our information caught up to the information age. One example is data remediation. Many information professionals mistakenly believe that data remediation decisions (e.g., keeping, deleting, or migrating information) are legal or technology decisions. But, they are actually business decisions. What is the difference and why does it matter? The difference is that legal analysis and technology evaluation are only part of what is required to make a remediation decision. It matters because the way we perceive remediation clearly correlates with the quality of our approach and our level of success.

TODAY’S GENER AL COUNSEL OCT/ NOV 20 16

A business decision is the act of: • Gathering the best available facts • Calculating benefits and costs • Assessing risk Armed with this insight and knowledge about the organization’s capabilities, goals and values, an outcome is projected, a decision is made and a course of action is set. In practice, only the most consequential business decisions are made with this level of formality, and time, budget, politics, and other factors mean that the decisions are necessarily imperfect. However, this framework clearly illustrates why we have struggled with remediation. We have lacked high quality, practical, and cost-effective tools and techniques to make good business decisions about our data. A quantified, or data-driven approach to information governance projects like data remediation is needed. My research shows that three things bedevil most data remediation projects: 1) Lack of insight into the information environment. In other words, we do not know what information we have, where it is, or what we can or cannot do with it. 2) A breakdown in corporate governance that fails to make clear who actually has the mandate and authority to make remediation decisions. 3) Fear. Decision-makers of all stripes are guilty of making fear-based decisions

about information. For example, they are afraid that if they throw the wrong thing away, they will face sanctions, fines, or even jail. So, they decide to do nothing. This fear is the predictable result of a decade of education and awareness centered on the “CEO in prison stripes” image derived from Sarbanes-Oxley’s obstruction of justice provisions. or the “you accidentally recycled a backup tape, so you lose” sanctions feared in civil litigation after the 2006 revisions to the U.S. Federal Rules of Civil Procedure.

Decision-makers of all stripes are guilty of making fear-based decisions about information. Is this fear evidence-based? Are organizations making data-driven decisions about the fate of their information, driven by real insight into their information environment and quantification of the risk and reward? Our research suggests the answer is no. In fact, most organizations’ data remediation plans are stalled or moribund because of a failure to bring the evidence-based practices they are using in other parts of their business to bear on the problem of IG generally, and data remediation specifically. Data and evidence-driven IG empowers organizations to make high-quality

View our digital edition D IGI TA L .T OD AY S G E NE R A L C OUN S E L . C OM

business decisions about their data, even in difficult business environments. Thankfully, in at least one aspect of that environment, things are getting better. Numerous amendments to the U.S. Federal Rules of Civil Procedure (FRCP) went into effect on December 1, 2015. Rule 37, and in particular Rule 37(e), defines when and how courts can address digital information and data that were not preserved. Under the prior rule, the severity of a potential spoliation sanction relied heavily upon the level of culpability of the alleged spoliator. The cases interpreting the rule had adopted a negligence standard and awarded sanctions based upon the level of culpability. However, under the new Rule 37(e), this negligence standard has been abandoned. Instead, the courts now look to the degree to which the other party was prejudiced by the loss of information. Critically, only upon a finding of prejudice may a court award sanctions, and then it may order measures “no greater than necessary to cure the prejudice.” The state of mind of the alleged spoliator is irrelevant to this analysis except in those cases where the court finds “intent to deprive another party of the information’s use in the litigation.” Only upon this finding may the court apply the severe sanctions. such as an adverse inference or dismissal of claims, or the entire case. Thus, absent extreme cases of willful spoliation, the most severe sanctions are no longer in play. This is great news for organizations adopting information governance. ■

Delaware Case Makes It Easier for Duped Shareholders to Sue By John T. Bender and John A. Bender

TODAY’S GENER AL COUNSEL OCT/ NOV 20 16

n May 24, 2016, the Delaware Supreme Court handed down a decision with major implications not only for shareholder litigation in Delaware, but also for the corporate and securities laws of other states insofar as they look to Delaware for direction. In AWH Inv. P’ship v. Citigroup Inc., Delaware’s Supreme Court held that shareholders of Citigroup could sue Citigroup directly for losses the shareholders say they suffered when they abandoned plans to sell securities in reliance on misrepresentations made by the company and its directors. The Court stopped shy of officially recognizing “holder claims” in Delaware, but the decision provides important guidance on when shareholders have standing to bring such claims directly in the future. It made clear that the old direct-derivative test stressing how shareholders measure their damages is suspect and does not control whether a shareholder has standing to sue a company directly after a company misrepresents material information inducing the shareholder to hold their stock instead of selling it. The case concerned shareholders who said they suffered over $800 million in losses between May 2007 and March 2009, when they put off liquidating their Citigroup stock due to Citigroup financial reporting and public statements that concealed the financial state of the company. The complaint alleged that Citigroup misrepresented “the full extent and impairment of billions in ‘toxic’ assets, including collateralized debt obligations

have standing, the claim must be direct and particularized, not secondary to the rights of the corporation. Before the Citigroup case, a claim was only direct if the shareholder suffered an injury independent of the harm to the company and if they would recover directly if they prevailed. Shareholders normally lack standing to sue for losses caused by a board’s delaying a merger or entering into a bad transaction that ultimately harmed the value of the company. These “corporate mismanagement” claims are derivative of the corporation because the shareholders cannot show an injury that was independent from the harm suffered by the company. Shareholders face this problem in courts all over the country. The lawsuit against Citigroup differed from the classic corporate mismanagement case because the shareholders claim that Citigroup and several Citigroup executives made material misrepresentations during the heart of the financial crisis. The plaintiffs alleged that the statements caused them to delay selling stock until after the price of Citigroup’s shares were in free fall. They claimed as damages the difference in price at the time they say they abandoned plans to sell, roughly $55.00, and when they finally sold over one year later, about $3.00. As noted, the problem for the plaintiffs was that, prior to their case, courts generally presumed that claims were derivative in Delaware if the damages were measured solely by decline

The plaintiffs alleged that the statements caused them to delay selling stock until after the price of Citigroup’s shares were in free fall.

backed by subprime assets” during the onset of the 2007-08 financial crisis. Until recently, it was widely assumed that shareholders lacked standing to bring such claims directly under Delaware law. The direct-derivative distinction is a major obstacle to investors seeking to recover individual losses caused by corporate mismanagement. Shareholders generally may not bring claims that are secondary, or derivative, to the company’s rights unless special circumstances apply. To

in stock value. However, at least one recent case called into question the idea that shareholders may never sue a company directly if their damages are measured by stock depreciation. In NAF Holdings v. Li & Fung (Trading), the parent company of two subsidiaries sued for losses suffered in reliance on a foreign company’s misrepresentations. The damages sought were measured by the depreciation in the subsidiaries’ continued on page 61

BigLaw Raises, and a Pitch for Inside Counsel to Start Thinking Small 58

By Margaret Cassidy and Sara Kropf

today’s gener al counsel Oct/ nOv 20 16

o one would seriously contend that the biggest law firms have been underpaying their associates over the last few years. Even as the economy tanked, their salaries remained steady. Yet this past summer, many of these big firms gave their associates a substantial raise. Brand-new associates, lacking even one day of real-world experience, now make $180,000. The salaries for more experienced lawyers increase from there. There was no market-based reason for the raises. Rather, it was just dogs barking: One New York firm raised its starting salary, and everyone followed, even firms based in less-expensive cities like Houston and Chicago. These increases occurred despite the fact that there is no dearth of lawyers looking for a job. Law schools continue to graduate more lawyers than the market can absorb. Corporate America rightly expressed dismay at the increase in salaries, calling them unjustified. For example, Allstate’s general counsel, Susan Lees, wrote a letter to the law firms with which the company works, explaining that new lawyers are “devoid of any meaningful lawyering experience.” Still other in-house lawyers pointed out that lawyers with twenty years’ experience working for Fortune 100 companies don’t make this kind of money.

Ms. Lees is correct. The legal market is competitive, and even the biggest law firms have found discounting fees to be a routine demand from clients. But more important, the competitive market has already encouraged entrepreneurial, talented and experienced lawyers to respond to the concerns of clients and to those expressed by Ms. Lees and Mr. Deitch. The legal market is replete with small firms filled with accomplished lawyers. These “small firms” cover the range, from solo lawyers to 20-person boutique firms. Perhaps these salary raises will be just the jolt that companies need to pivot from treating big firms as the default choice for outside counsel to evaluating small firms as a viable option. Given that the lawyer-client relationship is personal, clients hire the lawyer, not the law firm. Moreover, clients have always been transparent about what they are looking for: lawyers who are smart, hard-working, creative, well-versed, responsive and a good value. There are good reasons why small and solo firms can fill those requirements just as well as big firms for nearly every matter. For one thing, the depth of experience and subject matter expertise in small firms can match that in big firms. Many of the lawyers we know who work in small firms left big firms, but just because they left BigLaw doesn’t mean what they learned in BigLaw left them. Small firms often

In-house lawyers have pointed out that lawyers with twenty years’ experience working for Fortune 100 companies don’t make this kind of money. Clients are concerned that the likely result of the salary raises is higher billing rates. One of them, Bank of America’s Global General Counsel, David Leitch, made clear in a letter to his outside counsel that although he respects the firms’ right to raise salaries to suit their competitive needs, since the market did not drive the decision he will not pay higher billing rates should firms try to pass the increase on to clients. Ms. Lees advised firms to invest in innovation and technology rather than high salaries. She also reminded the law firms that the legal market is a competitive one and that many clients, such as Allstate, will reward firms that innovate, not those that blindly follow.

focus on a single practice area without the crossselling distractions inherent in big firms that are always looking to expand their work to new practice areas. Because small firms rarely hire brand new lawyers, relying on laterals instead, clients don’t pay for an apprentice period. They simply get experienced lawyers from start to finish. Indeed, the advice provided and the litigation tactics employed by a small firm are not found in dusty legal tomes or online research sites. They are more often borne of years of experience. It’s also true that small firms can be innovative in ways often unknown to big firms weighed down by bureaucracy. They can be nimble in

oct/ nov 20 16 today’s gener al counsel

their use of technology, both to serve clients and to compete with big firms. If the newest cloudbased solution would help a client, a small firm can deploy it quickly without waiting for the next IT budget cycle. Technology has allowed small firms to compete with big firms in other ways, too. No longer is it necessary for lawyers to band together to share the cost of legal books and a large administrative

matter, rather than junior lawyers who move between matters. Thus, clients who use a small firm have the opportunity to build a long-term and personal relationship with outside counsel who develop an understanding of the business, and an appreciation for its risk appetite, its legal issues and its market pressures. Finally, size seldom really matters. Yes, there are a few times where a client actually must hire

Small firms often focus on a single

Sara Kropf, a former partner with Baker Botts LLP, is a trial lawyer who founded her own firm in Washington, DC. She focuses her practice on defending clients in white-collar criminal and civil litigation matters. sara@kropf-law.com

Margaret Cassidy counsels businesses on the legal, ethical and compliance risks of operating in a global marketplace, particularly when interacting with governments. She started her DC-based firm after working as a prosecutor, and then for GE Transportation as its Global Compliance Counsel and for Pricewaterhouse Coopers as its Government Ethics and Compliance leader. m.cassidy@ cassidylawpllc.com

practice area without the cross-selling distractions inherent in big firms. staff. These days small firms have comparable access to legal research through online sources and to administrative help through the use of virtual assistants. Small firms are almost by definition entrepreneurial in spirit and practice. They know what it’s like to start and run a business, and they understand the pressures of navigating legal and regulatory boundaries while still turning a profit. Certainly there are BigLaw lawyers who understand how businesses work, but nothing beats the real world experience of running one. Client service has always been a hallmark of small firms. Rarely do they have “legacy” clients that have been with the firm for many years. Small firms instead have hustled for every client they have, and they work hard to keep those clients, knowing that the lure of a big firm is always looming. Moreover, a smaller overall client list means every client matters more to the bottom line, and that means every client is an important one. Many started their own firms precisely to return to the concept that the law is a profession, not just a business, a troubling trend among some firms driven by profits-per-partner. The value is undeniable. Not only are small firm billing rates lower, but matters are staffed appropriately. Clients won’t pay for a partner and three associates to attend client meetings to be sure comprehensive notes are taken, nor will they pay for multiple associates to read pleadings to “keep up with the case.” A small firm’s value goes beyond saving a few dollars each hour, because they provide clients with a seasoned counselor focused on their

a big firm because it’s a large emergency matter, or a massive transaction that spans multiple countries and requires numerous attorneys. But those matters, are few and far between for any company. For most matters, a small firm can scale to meet a client’s needs. These days, it’s a simple matter to engage a snall army of contract attorneys to review documents. If a case needs another partner-level lawyer, then small firms collaborate with each other, with the client’s approval, to bring in the right lawyer with the right level of experience. For even the largest matters, most clients talk to only one or two lawyers at big firms, and most of the work is done by lawyers who are not in direct contact with the client at all. Why should it be any different working with a small firm? As David Perla, the President of Bloomberg Law and Bloomberg BNA’s Legal division, recently wrote in a post on Above the Law, it’s true that the “best lawyers and firms will always attract clients. But it’s also true that the news stories making the rounds may be putting an unpleasant taste in the mouths of corporate counsel. If that’s the case, it’s an ideal time for firms outside the Biglaw elite to find out what’s possible.” So, to all the Susan Lees and David Deitchs out there, think smaller and explore what’s possible. Ask around among your colleagues and friends for quality small firms to handle your matters. If your typical outside lawyers aren’t doing what you ask, there’s nothing stopping you from, as Steve Jobs would say, “thinking different.” ■

today’s gener al counsel Oct/ nOv 20 16

Delaware Shareholder Case continued from page 57

share value. The corporate defendant argued the claims should be dismissed because they were derivative. The court disagreed, stating that the claim was direct even though the damages were measured by the drop in stock prices. Similarly, in Citigroup, the plaintiffs asserted that their claims were direct regardless of how their damages were measured because the source of harm was material misrepresentations by Citigroup and its executives. Plaintiffs argued that under these circumstances only Citigroup’s shareholders could bring the claims at issue because it was they alone who relied on Citigroup’s representations about the financial wellbeing of the company during the onset of the financial crisis. The plaintiffs’ arguments challenged the logic of denying shareholders the right to sue on such claims because that would mean only Citigroup could sue itself for its own misrepresentations that Citigroup never relied on.

damages first and foremost, is inapplicable to whether a shareholder has standing to sue a company directly when the company misrepresents material information inducing the shareholder to hold stock instead of selling it. The Delaware Supreme Court indicated that it would recognize a direct holder claim if the claim is based on a right belonging to the plaintiff personally. In light of Delaware’s prevailing influence over the corporate and securities laws of other states, the importance of this case should not be underestimated. This decision follows the nationwide trend of courts recognizing holder claims. For such claims to be viable, most courts require that the shareholder allege concrete facts showing that they actually perceived the misrepresentations and relied on them by abandoning concrete plans to sell securities. Whether the plaintiffs in this case satisfy this requirement remains to be seen. It is important to note that the debate over whether such claims are direct centers on the party’s standing to bring the claim and whether it can survive an early motion to dismiss. Even in states

The burden of proof for these claims is significant. Not only is the plaintiff required to prove knowledge

John A. Bender is a member at Ryan Swanson & Cleveland PLLC in Seattle. A business and securities litigation attorney, he has focused his practice on resolving securities, franchise, banking and other complex civil cases on behalf of businesses and individuals for more than 30 years. bender@ryanlaw.com

and intent to deceive if the claims are based in fraud, but to actually prevail the plaintiff must show concrete reliance and evidence of actual loss.

In a substantial victory for shareholders, the Delaware Supreme Court held the claims pled against Citigroup were direct. The court stopped shy of recognizing direct holder claims in Delaware for all cases, however. The Court’s ruling was that either Florida or New York law applied, and that under the laws of those states the claims belonged personally to the shareholders, not the corporation. But the court emphatically rejected the assertion that the shareholders could not sue directly because the damages were measured by the decline in stock value. The decision is significant because it states that the old test, emphasizing the measure of

that permit shareholders to bring holder claims against a company directly, the burden of proof for these claims is significant. Not only is the plaintiff required to prove knowledge and intent to deceive if the claims are based in fraud, but to actually prevail the plaintiff must show concrete reliance by the shareholder and evidence of actual loss. This requires expert testimony about market conditions at the time of the abandoned sale. In other words, actually winning a holder case is not as simple as showing the price at the time the shareholders could have or wanted to sell. ■

John T. Bender is an associate in the Seattle office of Lewis Brisbois Bisgaard & Smith LLP. He focuses his practice on resolving commercial, corporate and other complex civil cases on behalf of businesses and individuals in both state and federal court. John.Bender@ lewisbrisbois.com

today’s gener al counsel Oct/ nOv 20 16

Contract Review Meets E-Discovery BY RICHARD VEsTuTO

nyone who has had the dubious pleasure of reviewing contracts for a legal, regulatory, or business matter knows that nothing about it is painless. Possibly the only comparable pain can be found in the discovery phase of legal, regulatory, or business matters, where a broader document review may be required. In contract reviews, even if the types of provisions you’re looking for – change of control, assignment, exclusivity, and so forth – are consistent, phrasing and location can vary from contract to contract. For these reasons, neither a table of contents nor a keyword search are reliable shortcuts. You have to review each contract to find the provisions. Once you do find them, you must copy (or worse, retype) every one into a chart for subsequent analysis. Then there’s the issue of accuracy. A mid-size company might have thousands of contracts, making anything but a spot check uneconomical. Of course, the problem with spot checks is that restrictive covenants or indemnifications might easily slip through. And if an error turns up? Get ready to redo it all.

RIPE FOR TECHNOLOGY Because they are so labor-intensive, contract reviews tend to be reserved for pivotal events, such as a business combination, divestiture, regulatory investigation or change in regulatory requirements. But in an era where electronic discovery has become common, there is a missed opportunity here. Many day-to-day business

processes could benefit from a better understanding of the appropriate provisions across a company’s population of contracts. The processes, procedures and technologies that make e-discovery effective, guided by experienced legal specialists, are well-suited to delivering those benefits. For example, contract review could put companies in a better position to assess compliance with terms and conditions, issue required notices, renegotiate critical contracts and assess potential damages. The benefits of contract review don’t stop with the legal department. Facilities could stay on top of lease agreements. Accounting might find it easier to comply with external audit and financial reporting requirements. Product development could more easily navigate supplier exclusivity. The information technology function could tease out force majeure provisions, and marketing might have a more thorough way to manage customer permissions and partner support obligations.

ARTIFICIAL INTELLIGENCE So how to close the gap between cost and benefit in contract review? You can start with the foundation provided by e-discovery and its document review specialists, processes and technologies. Then add artificial intelligence (AI), which allows attorneys to teach analytics software to recognize and interpret contract provisions. With these software applications, machines learn much the same way humans do, through exposure to

oct/ nov 20 16 today’s gener al counsel

Richard Vestuto is a director and market offerings leader in the discovery practice of Deloitte Transactions and Business Analytics LLP. He specializes in providing practice guidance and other technology-based litigation and data retention strategies to corporate and law firm clients. rvestuto@deloitte. com

multiple examples of what makes up a relevant clause. An AI-powered contract review application applies this training to contracts it hasn’t seen before, resulting in the extraction of key contract provisions. The most modern of these tools aren’t picky about the contracts they review. They accommodate a multitude of file formats, from word processing and PDF to image scans and emails. Attorneys can drag and drop documents into the application and receive back the provisions they told it to find, parsed and ready for export to a spreadsheet. Technology-aided contract review is a natural companion to e-discovery and contract management tools. In fact, it seems likely that applications will end up combining the three capabilities. Someday it will be common for machines, guided and taught by legal specialists, to select the documents that are relevant to a matter, extract the relevant content within each document, and make that content available through a secure online system. Different versions of these solutions are likely, especially with open-source AI development platforms coming online. Still, automation hasn’t touched everything. Contract review is a job with much nuance. It takes extensive experience to find contract language affecting a particular aspect of the business and unpack its meaning. As is the case with traditional e-discovery, that means legal professionals are needed to set up AI-based tools with terms and analytical models that are appropriate to the situation and reflect human judgment. Another thing AI doesn’t do – yet – is find the contracts in the first place. This part of the process can be considered the “chase.” Locating or chasing down contracts is sometimes a bigger project than the review itself. Even in organizations that have a contract management system, contracts can be anywhere, from paper files in a basement cabinet, to electronic files on a sales agent’s laptop. Until bots come to the rescue, it will be up to people to set up the repository, identify where contracts might be, coordinate the chase, and figure out which contracts are missing.

ATTORNEYS fOR HIGHER VALUE WORK Even so, today’s AI-enabled contract review can yield dramatic results, if only because the part of the process it does touch is otherwise so timeconsuming. A thousand contracts might take a group of attorneys 20 weeks to review. Automation could cut that time by 90 percent, freeing those attorneys for the more interesting and

strategic aspects of their work. It could mean greater ability to execute in intellectual property management, procurement, sales support, corporate governance and many other areas of the business. Consider, for instance, a global financial services firm that has more than a half million contractual relationships with service providers and other parties. Worried that these relationships might have regulatory and statutory compliance risks, the firm decides to review the contracts so it can identify and resolve any potential issues. Instead of manually reviewing each document, the firm’s counsel train a contract review application to look for protective clauses addressing indemnity, insurance, confidential information and intellectual property. The application processes the contracts, extracts the appropriate clauses, and exports them to a single file. Attorneys can now focus on assessing the clauses for compliance with the Dodd-Frank Act, the U.S. Foreign Corrupt Practices Act, customer information protection requirements, and EU data protection norms. Or, suppose a petroleum exploration company decides to split into two separate publicly-traded entities. As part of this endeavor, the company needs to know what its licensing obligations are. Here again, attorneys familiar with the company’s business relationships formulate guidelines that tell the contract review application what, in each contract, it should extract – such as representations, warranties, assumptions, and limiting conditions. With everything in one place, the legal team now knows which contracts the company could assign, transfer, or serve as a third-party provider, and it can turn its attention to renegotiating the rest. A central paradox of contract review has been that it takes practice to understand the relevance and impact of contract provisions, yet experienced attorneys are too costly to staff on contract review projects. Similarly, responses to legal, regulatory, and business matters depend on insight into the organization’s contracts, yet acquiring that insight is often at the expense of other activities at least as important to a general counsel’s office. AI-powered contract review can resolve both dilemmas, and bolster the status of in-house legal teams as a critical resource for management decision-making. ■

TodaysGC Daily Newsletter The daily newsletter is a terrific advertising vehicle to reach 46,000 corporate subscribers. With a high open rate, the newsletter is unmatched as a marketing vehicle within the corporate counsel community.

T O D AY S G E N E R A L C O U N S E L . C O M / S U B S C R I B E

LOOK NO FURTHER.

THE AAA® JUDICIAL PANEL The AAA has a long-established Judicial Panel capable of efficiently handling even the most complex and contentious arbitrations and mediations. Composed of over 300 former State, Federal Magistrate, and Appellate judges throughout the United States, the AAA’s Judicial Panel can provide the legal knowledge, process skills and decisiveness to move your case expeditiously through the process; resolving your conflict while controlling cost. When your client’s dispute calls for the expertise only a former judge can provide, trust the American Arbitration Association®.

adr.org/judicial

| +1.800.778.7879