Today's General Counsel, April 2023

COLUMN/PRIVILEGE PLACE

16 Supreme Court Dismisses

Privilege Case: What Now for In-House Lawyers?

You’ll need to know which court will settle a privilege dispute.

18 New BIPA Rulings in Illinois

Astronomical penalties are possible.

20 Leveraging Metrics to Drive Efficiency in E-Discovery

Case information, case documentation, and business intelligence. From KLDiscovery

EDITOR’S DESK

In its prediction of cybersecurity trends for the next decade, consultancy McKinsey and Co. noted the risks of a breach that companies take by storing massive volumes of data on the cloud, and then granting access to vendors and suppliers. Managing those risks is the subject of Peter Selvin’s article in this issue of Today's General Counsel. Among them, make sure that the definition of “insured computer network” in your policy includes the networks of your vendors and other service providers, and tell third parties you deal with to name your company as an additional insured under their policies.

The subject of Hunter McMahon’s article is a recent Illinois Supreme Court decision concerning the state’s Biometric Information Privacy Act. The Court ruled that damages of $1,000 per negligent violation or $5,000 per intentional violation under the Act apply to each instance of improperly collected data. As an illustration of how the law could be construed under this ruling, McMahon notes that a time clock using the technology at issue in the case, fingerprint ID, could commit 4-8 violations per day per employee.

Jeffrey J. Bakker writes about new rules the SEC adopted last August that aim to help investors understand the relationship between the compensation of a company’s named executive officers and its financial performance, and Todd Presnell discusses recent developments in the corporate attorney/client privilege area. In January, the U.S. Supreme Court dismissed a case that would have set the standard for privilege protection of in-house lawyer’s communications which contain both legal and non-legal advice. Presnell says Federal law will likely govern communications related to patents and trademarks, and state privilege law will define protections related to breaches of contract.

Experienced Cyber Incident Response

Cybersecurity incidents are now so prevalent that the question has moved from not if, but when to how many times. Given the pervasiveness, you need a dedicated Cyber Incident Response team on your side to provide:

 Industry insight and actionable steps to take to limit your risk prior to an incident

 The latest strategies for data mining post-incident, including reducing the time and cost to analyze impacted data for PII/PHI

 Post-incident insight to refine your internal data management practices

Learn more about KLDiscovery’s specialized Cyber Incident Response team and how their expertise, purpose-built technology solutions, and tailored workflows can help you with readiness and response.

www.kldiscovery.com/who-we-serve/cyber-incident-response

EXECUTIVE EDITOR

Bruce Rubenstein

EDITOR-IN-CHIEF

Robert Nienhouse

CONSULTING EDITOR

CHIEF OPERATING OFFICER

Stephen Lincoln

DIGITAL EDITOR

David Rubenstein EDITOR

Catherine Lindsey Nienhouse

CONTRIBUTING EDITORS AND WRITERS

Jeffrey J. Bakker

Hunter McMahon

Michael J. McCarthy

Karen Meyer

Todd Presnell

Peter Selvin

SUBSCRIPTION

rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

REPRINTS

For reprint requests, email Lisa Payne lpayne@mossbergco.com Mossberg & Company Inc.

SENIOR EDITOR

Barbara Camm FEATURES EDITOR

Jim Gill

MANAGING DIRECTOR OF CLIENT PARTNERSHIPS & INITIATIVES

Lainie Geary

DATABASE MANAGER

Jessica Bajorinas

ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC

Patricia McGuinness

Dennis Block GREENBERG TRAURIG, LLP

Thomas Brunner WILEY REIN

Peter Bulmer JACKSON LEWIS

Mark A. Carter DINSMORE & SHOHL

James Christie BLAKE CASSELS & GRAYDON

Adam Cohen FTI CONSULTING

Jeffery Cross SMITH, GAMBRELL & RUSSELL, LLP

Thomas Frederick WINSTON & STRAWN

Jamie Gorelick WILMERHALE

EDITORIAL ADVISORY BOARD

Robert Haig KELLEY DRYE & WARREN

Robert Heim DECHERT

Joel Henning

JOEL HENNING & ASSOCIATES

Sheila Hollis DUANE MORRIS

David Katz WACHTELL, LIPTON, ROSEN & KATZ

Steven Kittrell MCGUIREWOODS

Nikiforos latrou WEIRFOULDS

Timothy Malloy MCANDREWS, HELD & MALLOY

Steven Molo MOLOLAMKEN

Thurston Moore

HUNTON & WILLIAMS

Robert Profusek

JONES DAY

Art Rosenbloom

CHARLES RIVER ASSOCIATES

George Ruttinger CROWELL & MORING

Jonathan S. Sack MORVILLO, ABRAMOWITZ, GRAND, IASON & ANELLO, P.C.

Victor Schwartz SHOOK, HARDY & BACON

Jonathan Schiller BOIES, SCHILLER & FLEXNER

Robert Zahler

PILLSBURY WINTHROP SHAW PITTMAN

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, without the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients.

Today’s General Counsel (ISSN 2326-5000) is published ten times per year by Nienhouse Group Inc., 110 N. Wacker Drive, Suite 2500, Chicago, Illinois 60606. Image source: iStockphoto | Copyright © 2023 Nienhouse Group Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information.

Interview with Karen Meyer, CEO of Contract Logix

Today’s General Counsel had the pleasure of interviewing Karen Meyer, CEO of Contract Logix. As CEO, Karen leads strategy for Contract Logix and oversees all aspects of the business. Karen brings more than 20 years of SaaS experience building organizations to scale and driving growth. Before becoming Contract Logix’s CEO, Karen led Upland Software’s Global Customer Success organization and played a critical role in driving Upland’s M&A and integration strategies. In this interview, we discussed how contract lifecycle management (CLM) can help general counsel (GCs) and their legal teams mitigate risk, ensure compliance, and contribute to the commercial success of the business.

What does Contract Logix do and who are your main customers?

We are a full contract lifecycle management platform. The company was founded in 2006. As one of the original contract lifecycle management innovators, we have deep expertise in this area. We typically work with legal, procurement, finance, and sales teams in highly regulated industries like pharma, healthcare, and energy. Our customers use our software to help manage their end-to-end contract lifecycle and the processes around contract management. Most of the organizations we work with are focused on identifying key risks, eliminating bottlenecks, or meeting compliance requirements. Our specialization is helping them define and digitize their current state and build plans for continuous improvements to their contracting processes going forward.

What are some examples of the greatest business value that organizations get from effective CLM?

CLM helps organizations meet or exceed the performance goals associated with their business objectives. It gives an organization the right tools to manage contract details and get full visibility into vendor and customer relationships and captures contract data that can be used to benchmark and track key performance indicators (KPIs). On the procurement side, it helps organizations achieve cost savings through effective negotiation processes, increased efficiency, reduced administrative burdens, and

streamlined processes. For sell-side activities, it helps sales and legal teams close deals faster with automation, collaboration, and negotiation capabilities that remove friction from the sales contracting process. On the compliance side, CLM is directly associated with ensuring that legal and regulatory compliance is being met. Through CLM, we help organizations meet compliance requirements as well as make their process to meet those regulations easier.

What contract KPIs should GCs be looking to track?  GCs need to track key terms and key areas of risk. Specific examples are frequency of deviation from standard terms and pre-approved contract language, appropriate levels of insurance coverage, and visibility into whether contracts have been properly executed. As for compliance, KPIs are typically about data and data privacy. Our platform is SOC 2 Type II compliant, which provides our clients the highest level of data security. With respect to commercial objectives, the role of GC is to help businesses transact faster — tracking productivity, reducing friction in the process and the time between stages, and utilizing resources. It then comes down to expense management, purchasing, and having the appropriate KPIs with vendors.

How can a CLM platform support companies trying to navigate economic uncertainty?

In a downturn, you need to get a handle on current contract obligations and ensure that you have information readily available on a daily and weekly basis to make decisions. But equally important, organizations need to consider where they can save. This is especially important with regard to technology, auxiliary services, and staffing. If there is a hiring freeze, it is more cost-effective to add fit-for-purpose technology that can help the team absorb some of that extra work when additional bandwidth cannot be added. Another key area involves the supply chain and vendor management. CLM software can provide actionable insights into how vendors are performing and whether you have the right relationships in place to achieve your business goals.

How can a CLM be used to optimize revenue?

If we think about optimizing revenue throughout an organization’s contracting process, we think of driving better sales contracting processes, resulting in greater efficiency. Revenue optimization really needs to be connected to measurement and tracking of customer data. This typically means feeding the sales opportunity from a customer relationship management (CRM) system to the CLM. To optimize revenue, basic contracting processes must be optimized for speed, accuracy, and efficiency.  Doing this faster and even more consistently is what causes optimization and acceleration.

CLM helps with visibility first, and then creates efficiencies in the contract negotiation process, eliminating bottlenecks, and helping organizations transact faster. In addition, technologies like workflow automation help get contracts requested, created, approved, and electronically executed much faster than with manual approaches.

Where should a CLM fit in a company’s digital transformation roadmap?

Contracts are foundational to a business and define relationships with customers, vendors, and partners. Therefore, digital transformation of contract management via CLM is really a foundational element to any broader digital transformation efforts. We work with many organizations to digitally transform their contracts and contracting processes. It’s something we call digital contract transformation, or DCX. It’s a great opportunity for legal teams to take more of a leadership position in their organization’s digital transformation strategy.

Beyond Legal, we think about how other departments and other business processes are affected by contracts, including procurement, operations, sales, professional services, and delivery teams. Contracts touch all parts of the business, so having a digital and modern approach to managing them is key to success.

What are you hearing from your prospects about the biggest barrier in getting CLM implemented?

One of the barriers is time. Collecting data that lives in the form of contracts and supporting documents that are scattered throughout an organization and gathering it into a single place to determine the current state is overwhelming. Many legal teams are understaffed and don’t have extra time. It’s why so many organizations want to partner with us to help ease the burden of that

work. Legal teams are relied upon for their expertise, their human intelligence, their negotiation skills, and their legal backgrounds, not their technical expertise. We make this very easy for them using technologies like AI.

What can artificial intelligence (AI) mean for contract management?

The process of extracting key data is the single biggest barrier to getting started. Rather than having to tag and upload data from spreadsheets, AI can be used to automatically extract key contract data into digital assets and feed analytics and reporting much more easily. It now takes our clients seconds versus hours to interpret a new contract and input it into our platform. It is our belief that enabling AI to extract data from existing contracts will help organizations define their current state. In addition, AI can play a role in quickly delivering actionable insights. If you can ask simple questions of a database full of thousands of contracts, it’s much less time consuming than running reports and manually sifting through that information.

What kinds of implications does a CLM implementation have for GCs? What kind of ROI do they get by implementing CLM?

With the implementation of a CLM, GCs can help make organizations more efficient, more profitable, and more competitive. This enables GCs to contribute to the commercial success of businesses on the sales, expense, and compliance sides.

Here are a few examples of ROI our customers have achieved with our platform. One of our clients is an energy company showing quantifiable evidence they can execute contracts 90% faster than before having a CLM system in place. Another client, a healthcare organization, reduced time tracking and agreement management by 40% over two years. A tech company client was taking three days to find information. Now, it’s only a couple of minutes. Time is money, and our platform helps customers save a lot of time.

Is there anything else you would like to add?

The process in deciding where to start with a CLM may seem overwhelming. It’s really important that GCs don’t get stalled by trying to solve everything all at once and therefore solve nothing. Even starting with centralizing the current state is a huge step forward from where most organizations are today.

Upcoming Supreme Court Decisions Likely To Weaken Prosecutors

Two upcoming decisions will likely weaken some of the favored tools in a federal prosecutor’s toolbelt. In Ciminelli v. United States and Percoco v. United States , both of which arise from a N.Y. legislative project dubbed “Buffalo Billion,” the legal issues concern wire fraud and honest-services fraud, two related federal criminal statutes. From initial reactions, the

cases will likely join a series of decisions that have revealed this Court’s disapproval of expansive legal theories employed to combat public corruption.

Federal prosecutors utilize multiple statutes, including 18 U.S.C. § 201 (bribery), 18 U.S.C. § 666 (federal program integrity), 18 U.S.C. § 1952 (Travel Act), 18 U.S.C. §§ 1341, 1343 (mail and wire fraud), and 18 U.S.C.

§ 1346 (honest-services fraud).

A conviction under sections 1341 and 1343 requires the Government to prove that the defendant deprived the victim of money or property (by mail or wire communications).

Section 1346 criminalizes the deprivation of the right to “honest services” provided there is a fiduciary duty. As prosecutors struggle to articulate legal theories that pass

constitutional muster, they have alternatively cabined allegations into the different statutes.

In United States v. Margiotta (1982), the Second Circuit upheld a mail fraud conviction against a political leader for distributing insurance commissions on municipal properties because he had exercised de facto control of the processes of government. Despite not formally being in government, “everything went through his hands.” Five years

of regulatory power” rather than a taking. With this background, the grant of certiorari to Ciminelli and Percoco was not a surprise.

think you can give me that test without making it look like the guy is just a really, really good lobbyist.”

later, the Supreme Court held in McNally v. United States that mail fraud did not apply to honest services, only money or property. In response, Congress enacted section 1346. Broad application of this 28-word statute has invited scrutiny from the Court, especially over the last thirteen years.

In Skilling v. United States (2010), the Court held that only schemes involving bribes or kickbacks were covered by honest-services fraud by looking to pre-McNally case law. Afterward, prosecutors began conceptualizing allegations of public corruption as deprivation of “property” under the mail and wire fraud statutes. These efforts were stymied in Kelly v. United States, a case involving the convictions of two N.J. public officials for Bridgegate. The Court rejected the theory that the officials deprived the Port Authority of its property (the bridge), holding it was a “run-of-the-mine exercise

In Ciminelli, petitioner was a CEO convicted of wire fraud for working with state insiders to obtain development contracts. Under the “right to control” doctrine, accepted in certain circuits, property can include potentially valuable economic information that is necessary to make discretionary economic decisions. The Government argued that the property was the undisclosed information that the executive had inside assistance. Justice Kagan remarked that she was surprised the prosecution had not pursued a more traditional argument that the state was deprived of its contract money. Justice Gorsuch noted “radical agreement” among the Justices on the theory’s issues.

In Percoco, the issue is not what was deprived, but under section 1346, who was depriving the public of its right to honest services. By all accounts, the petitioner was a highly influential member of Governor Cuomo’s staff. He was found to have accepted a bribe to influence a state agency decision during a short period when he had left government (to serve as Cuomo’s campaign manager). The issue boils down to whether Margiotta’s “sufficiently influential” standard survived McNally and the recent narrowing of anti-corruption statutes. The Justices recognized that any such standard could potentially ensnare lobbyists and permit too much ambiguity in the statute – the same concern in Skilling. In response to the Government’s proposed functional government employee test, Justice Kagan was blunt: “I don’t

Of the two cases, Ciminelli will have the most immediate impact. Certain circumstances, such as bid rigging, will be harder to prove if the contractual relationship between the accused and the government resulted in a superficially fair exchange (i.e., no obvious economic harm). Nonetheless, the message of this Court has become clearer with each decision: “not every corrupt act . . . is a federal crime.”

In Ciminelli, petitioner was a CEO convicted of wire fraud for working with state insiders to obtain development contracts.

Insure Against Data Breaches Suffered By Vendors and Service Providers

Over the last several years several companies, including Marriott, Yahoo and Volkswagen, have been victimized by hackers breaking into a company’s computer network. In some cases, they have put confidential information on the internet. In others, the hackers have held

the company’s information hostage through ransomware.

While companies are rightly concerned about the security of their own networks, there is another risk. Recent court cases are testing the liability of companies and their directors for data breaches suffered by their vendors or service providers.

This is not surprising. Companies often need to share confidential information with their vendors or service providers. An example is where a company outsources its payroll management to an outside vendor. In that case, the vendor will have the names, Social Security numbers and other private information

of the company’s employees. If the payroll vendor suffers a data breach, this private information may be disseminated, causing harm to the company’s employees.

In such a case, it is a virtual certainty that lawsuits will not only be filed against the payroll vendor but also against the company itself. The legal claim will be principally based on negligence — the concept that the company did not take due care in selecting the vendor or monitoring the vendor’s computer network security system.

A recent case in Delaware took this a step further. In that case Laboratory Corporation of America (LCA) contracted with a vendor to assist in collecting past due accounts. The vendor suffered a data breach which resulted in the disclosure of the private health and financial information of over 10 million LCA patients. As a result, LCA was subject to a class action on behalf of a class of patients whose personal information was compromised because of the data breach.

LCA’s legal jeopardy did not end there. Following the filing of the class action suit, a shareholder of LCA brought an action against the company’s directors. In his suit, the shareholder asserted that LCA’s directors had allowed the company to provide personal healthcare and financial information to a vendor with deficient cybersecurity and data breach detection. The shareholder also asserted that the directors had failed to ensure that the vendor utilized proper cybersecurity safeguards to adequately secure patient information.

These liability risks mean that companies must not only focus on their own cybersecurity and data

breach safeguards, but they must also be concerned about these safeguards in respect to their own vendors. The following are some risk-management ideas:

• Make sure that the definition of “insured computer network” in your own cyber insurance policy includes the networks of your vendors and other service providers. By doing this, you will potentially have protection under your own insurance program for damage claims arising from their data breaches.

• Make sure that you have cyber insurance and that you carry sufficient limits under that insurance policy. This means that the amount of insurance available will be sufficient to protect the company in the event of a data breach incident.

• Make sure that your vendor or other service provider carries its own cyber insurance policy with sufficient limits, and that your company is named as an additional insured under that policy. The vendor’s obligation to carry such insurance, and your entitlement to be named as an additional insured, should be expressly set out in the written agreement between your company and the vendor or other service provider.

• Require a written agreement between the company and the vendor or other service provider that obligates those parties to defend and indemnify the company from any claims arising from a data breach suffered by those parties that result in a disclosure of the company’s or the company’s employees’ private or confidential information. This obligation

should be backed up by the vendor’s or service provider’s own cyber insurance policy that has limits sufficient to support that indemnification obligation. This written agreement also ought to give the company the right to conduct periodic audits of the vendor’s or service provider’s cyber security safeguards.

• Conduct regular cyber security audits of your vendor or other service provider to ensure that proper safeguards are in place.

Liability for a data breach involving a company’s or its employees’ confidential information cannot be shifted by contract. Because a company runs the risk that it will be sued if its third-party vendor or service provider experiences a data breach, it should implement the risk management techniques described above.

SEC Final Pay vs. Performance Disclosure Rules: Planning for the 2023 Proxy Season and Investor Reactions

Anew financial reporting challenge is looming for publicly traded companies: compliance with the most significant change in executive compensation disclosure in more than 15 years.

Approved in August of 2022, the long-delayed Securities and Exchange Commission rules aim to help investors better understand the relationship between executive

compensation of its named executive officers (NEOs) and corporate financial performance. This article provides an overview of the new rules, their potential impact on companies and action items companies can take to meet compliance requirements.

In August 2022 the SEC adopted the rules, which were proposed in 2015, and amended existing

disclosure rules to comply with a mandate under the Dodd-Frank Act. The amendments apply to all reporting companies (except for foreign private issuers, registered investment companies and emerging growth companies), and should be incorporated into proxy and information statements.

Companies must start their compliance efforts because the rules

apply to public companies with fiscal years ending on or after Dec. 16, 2022. Companies not in compliance face the risk of SEC action.

The rules involve three main requirements:

• a pay vs. performance table,

• a clear description of the relationship between executive compensation and company financial performance as well as the relationship between a company’s total shareholder return and the TSR of its peer group; and

CEO during the reporting period, the company must include additional columns for each individual, making the presentation more complex.

The descriptive disclosure can be in narrative or graphic form, or both. Use whichever form best describes the relationship between executive pay and financial performance.

For the tabular list of financial measures, companies must disclose between three and seven financial performance measures they consider the most important in determining CEO and NEO pay for

investors, however, will use the data as a weapon. If they think they see discrepancies between pay and performance, they will use the data to fight pay proposals and other initiatives.

The requirements are complex, and most public companies likely will not be able to handle all aspects internally. Bringing in outside experts like actuaries, compensation consultants, legal counsel, and valuation experts will help ensure companies meet all necessary disclosures. Those partners can also advise on the strategic placement of the disclosures within the proxy statement.

The SEC is unlikely to delay the effective date, so companies that have not yet started their compliance efforts need to do so now.

• a tabular list of the performance measures a company determines are most important for determining the pay of its named executive officers.

Companies must disclose “compensation actually paid” (as determined in accordance with the new rules) to the CEO and the average compensation actually paid to the other NEOs. They must also disclose data that reflects the company’s net income, TSR, peer group TSR and the financial measure that the company has selected as representing the most important measure used to link compensation to performance.

When calculating shareholder returns after the first year, companies should keep in mind that totals are cumulative, meaning companies must incorporate the previous years’ data together with the current year. If a company has had more than one

the last fiscal year. The tabular list may include non-financial performance measures if they are among the most important measures and if the company has already disclosed three financial metrics. According to the rules, these measures do not have to be ranked.

The new rules give companies the flexibility to decide where to place the disclosures in their proxy statements. For companies whose compensation committees do not review TSR, net income or the SEC’s “compensation actually paid” criteria when determining CEO and NEO compensation, they may consider establishing a new section after the standard Compensation Disclosure and Analysis.

It will likely take several years until reporting companies see the full impact of these rules because it is not certain how proxy advisors will incorporate the new disclosure into their models., Activist

Companies should keep in mind that totals are cumulative, meaning companies must incorporate the previous years’ data together with the current year.

Supreme Court Dismisses Privilege Case: What Now for In-House Lawyers?

There have been several horrifically bad predictions throughout time. In 1903, a bank president predicted to a Ford Motor Company lawyer that the automobile was a fad and the horse “was here to stay.” A record-label executive in 1962 told the Beatles

that four-piece groups with guitars were “finished.” And in 2007, the CEO of Microsoft predicted that the iPhone would never gain significant market share.

Here’s another one for the Pantheon: In my last Privilege Place column, I predicted that the Supreme

Court would “without doubt” issue a significant privilege decision for in-house lawyers in 2023. In January 2023, the Court dismissed a case that would have set the standard for gauging privilege protection for communications containing legal and non-legal advice.

But I’m not deterred, and offer a new prediction: the Court’s dismissal will force federal and state courts to increase their focus on the privilege’s protection for dual-purpose communications. If courts amplify their focus, then in-house lawyers should react in three important ways.

First, in-house counsel should try to understand the privilege test that the jurisdiction will apply. To be sure, it is difficult but not impossible to, ahem, predict which court will ultimately adjudicate a privilege dispute. For example, we know that federal law will likely govern legal advice communications related to patents, trademarks, and the like. By contrast, state privilege law will

Second, in-house lawyers should ensure that their outside counsel argues for a specific rule. Many courts have not decided which test to apply when evaluating dual-purpose communications. Others employ the primary purpose test without specifying how it actually administers that test. The Supreme Court declined to adopt a test and explain its application, so lawyers must fill the void. Ask for a desired test, and provide details on how the court should apply that test. Otherwise, you may receive an adverse privilege ruling without knowing why.

Third, in-house lawyers should implement measures to increase their chances of privilege success

courts to determine. From an advocacy standpoint, the opportunity to shape privilege law in the dual-purpose area should rest, in large part, with in-house counsel. And that prediction is infallible.

govern protections for legal advice communications related to breaches of contract.

The question then becomes whether that jurisdiction applies the primary purpose test, the significant purpose test, or some other standard to assess whether communications containing legal and non-legal advice should fall under a privilege shelter. Courts applying the primary purpose test will generally identify the various purposes within a communication and weigh whether the legal-related portions were primary. Courts applying the significant purpose test will simply determine whether one of the communication’s significant purposes is legal advice and apply the privilege if so. Know and understand the test that governs before you communicate.

regardless of the test that a court may utilize. Emphasizing the legal-advice component of each communication is key. Create a new email thread to extract yourself from a business communication. Introduce communications with words as simple as “this email contains my legal advice” or “I understand your email to request legal advice.” In short, when drawn into a business discussion, make your legal input the predominant voice.

The Supreme Court embraced — and then relinquished — an opportunity to establish a standard that would govern evaluations of the corporate attorney-client privilege to in-house lawyers’ dual-purpose communications. From a decision-making standpoint, the issue is now front-and-center for other

Federal law will likely govern legal advice communications related to patents and trademarks, and state privilege law will govern protections related to breaches of contract.

New BIPA Rulings in Illinois

The Illinois Supreme Court recently issued a decision in Cothron v. White Castle System, Inc. which could have significant implications for the state’s litigation landscape and business environment. The case concerned an alleged violation of Illinois’ Biometric Information Privacy Act (BIPA) by White Castle, a fast-food restaurant chain, in connection with its use of fingerprint scanning technology for employee timekeeping purposes.

BIPA requires companies to obtain informed, written consent from individuals before collecting, using, or storing their biometric information, such as fingerprints or facial scans. In addition, the law imposes specific notice and data retention requirements, as well as a private right of

consent requirements. The Court rejected White Castle’s argument that the plaintiff’s claim was moot because the company had provided proper notice and obtained consent after the lawsuit was filed. The Court held that the violation had already occurred when the data was collected without proper notice and consent and that the plaintiff was entitled to seek damages for that violation.

The most notable part of the decision was the Court’s confirmation of the law’s statutory damages provision. BIPA allows for damages of $1,000 per negligent violation or $5,000 per intentional or reckless violation. The Court clarified that the “per violation” is every single capture. To put this into perspective,

The question remains how this will be addressed on a federal level or by other states that we’ve yet to see legislate private rights of action.

Hunter McMahon is the Chief Operating Officer for iDiscovery Solutions (iDS). He focuses on collaborating with a team of experts to provide industry-leading solutions for clients in need of data analytics for litigation, investigations, data privacy and compliance issues. He has served as a testifying and consulting expert to large and small corporations and works with Am Law 100 and boutique law firms. hmcmahon@idsinc.com

action that allows individuals to sue for damages if their rights are violated.

In the Cothron case, the plaintiff alleged that White Castle violated BIPA by failing to provide proper notice and obtain consent before collecting and storing her fingerprint data. The trial court dismissed the case, but the appellate court reversed and remanded it for further proceedings. White Castle appealed the decision to the Illinois Supreme Court, which ultimately affirmed the appellate court’s ruling.

The Supreme Court’s decision covers many topics (i.e., plaintiff does not need to show actual harm or injury to bring a BIPA claim) while emphasizing the importance of complying with BIPA’s notice and

a time clock that uses fingerprint technology could capture biometric information 4 – 8 times per day per employee (every clock in and clock out).

While this decision could provide more protection for individuals’ biometric privacy, it may also have a chilling effect on businesses and technology operating in Illinois. The potential for significant damages based on every capture, along with the Tims v. Black Horse Carriers, Inc. decision that expanded liability for BIPA claims to a five-year statute of limitations, could incentivize plaintiffs’ attorneys to file more BIPA lawsuits – resulting in increased litigation costs for companies, and a more challenging business environment for this advanced technology.

The Court clarified that the “per violation” is every single capture of data without proper notice and consent

Leveraging Metrics to Drive Efficiency in E-Discovery

Legal organizations are always seeking ways to reduce their e-discovery spend, manage e-discovery processes more efficiently and accurately forecast their legal budgets. Metrics play a significant role in achieving those goals.

Whether you call them “metrics”, “key performance indicators” (KPIs) or some other name, when metrics are leveraged correctly, they can provide valuable intelligence into what works best at a company so that strategic changes can be implemented quickly and effectively. For instance, metrics might reveal

how long it takes for a project from start to finish, or how much energy is used throughout the workflow process. This kind of insight allows businesses to make informed decisions about which steps need to be improved or eliminated to ensure greater efficiency.

APPLYING METRICS TO E-DISCOVERY WORKFLOWS

Metrics and reporting play a vital role in efficiency and effectiveness in e-discovery workflows. With metrics-driven insights, organizations can better understand how long it

takes to complete each task within an e-discovery workflow, identify bottlenecks that slow down the process and increase costs, and measure performance against established benchmarks.

Reporting and documentation help legal teams optimize processes for maximum efficiency while keeping them on task. Metrics also help you estimate when e-discovery tasks will be completed so that you can adjust as needed to stay on schedule to meet deadlines.

Achieving the “where” and “when” for e-discovery projects is more

challenging today than in the past. Across the world, data has grown from 2 zettabytes (which is 2 trillion gigabytes) in 2010 to 120 zettabytes today – an increase of 60 times in just 13 years. When you consider the variety of discoverable data sources –including mobile devices, enterprise cloud solutions, and collaboration apps – the ability to leverage metrics to streamline processes is more important than ever.

IMPORTANT METRICS AND DOCUMENTATION FOR E-DISCOVERY PROJECTS

There are three categories of metrics and documentation that can help keep your e-discovery team on track, efficient, and effective:

• Case Information: If organizations only had one matter, it would be easy to track. However, for most organizations that have multiple matters, it is important to be able to track information that includes the matter name and status, key details about the client and law firm, contact information, and even any regional restrictions to keep in mind.

• Case Documentation: During the life of a case a lot can happen – everything from iterative collections and searching to turnover of project personnel. Having case documentation in a centralized, easy to access location enables the team to stay on point and get new team members up to speed quickly.

• Business Intelligence: These are the detailed metrics associated

with the workflow itself, which includes data on everything from processing to production, but also financials to ensure the project remains on budget. These metrics could make the difference between on-time, on-budget and having to explain to the client (or worse, the court) what went wrong.

KEY FEATURE CRITERIA FOR E-DISCOVERY METRICS TRACKING

When looking for an e-discovery solution, here are seven of the most important feature criteria to consider for metrics tracking and reporting:

• Real-Time Access: e-discovery projects move fast and making decisions based on yesterday’s numbers could prove costly. It is important for an e-discovery metrics solution to provide access to real time information to support timely decision making.

• Customizable Dashboards: Metrics are as varied as the people who use them. Dashboards are a great way to track important metrics at a glance, but not everybody is focused on the same metrics. Dashboards need to be customizable to support the needs of each user.

• Easy to Use: Your team already has plenty to learn to effectively support your e-discovery project. If the software that tracks e-discovery metrics is difficult to grasp, your team will not use it.

• Visualization: A picture is worth

a thousand words and at least as many numbers. A robust e-discovery metrics solution needs to provide numerous visualizations to enable “at a glance” status communication.

• Cross-Matter Reporting: As noted above, an e-discovery metrics solution must provide cross-matter reporting capabilities. Not only will that enable you to manage multiple projects more effectively, it will enable you to learn from previous projects to implement improvements going forward.

• Centralized Reporting and Documentation: The data needs to reside in one centrally located repository so that it can be accessed by any team members that need to use it.

• Extendable: The e-discovery metrics solution should support the ability to download the data into a business intelligence platform such as Microsoft’s Power BI to extend the reporting and analysis capabilities even further.

Data-driven insights provided by metrics empowers your team to deliver projects on-time and on-budget, while you gain the ability to forecast accurately and control your legal spend. KLDiscovery’s Client Portal solution provides all these benefits and more.

Metrics and reporting play a vital role in efficiency and effectiveness in e-discovery workflows.

UPCOMING

How AI and AI-Adjacent Technologies Impact Discovery, Compliance & Investigations

Wednesday, April 19 1pm ET / 12pm CT

In this webinar, Eric Robinson, KLDiscovery’s VP, Global Advisory Services & Strategic Client Solutions, will discuss how AI and AI-adjacent technologies, including machine learning, natural language processing, and predictive coding, are impacting discovery, compliance, and regulatory investigations— especially in highly regulated industries with changing rules.

UPCOMING

The NLRB is Evolving... Is Labor & Technology on a Collision Course, and Are You Ready?

Tuesday, May 16 1pm ET / 12pm CT

The NLRB have intentionally updated the scope of their requests to include electronically stored information (ESI) which has introduced a new set of obstacles for companies. Join this webinar to ensure you understand the evolving landscape of NLRB investigations and that your company has the processes and practices in place to meet them.

UPCOMING

Document Review

Workflows That Work for Everyone

Thursday, April 27 1pm ET / 12pm CT

Managing the review process between corporate counsel, service providers and law firms is no easy feat. To work effectively and efficiently, all groups involved need to be in alignment when considering key elements of the legal matter including strategy, budget, and timeline. Adherence to mutually agreed upon guidelines can help maintain matter progression and reduce surprises.

Register for Webinar Register for Webinar Download Webinar

Sponsored by

Sponsored by Sponsored by