Today's General Counsel, V15 N1, Spring 2018 by Today's General Counsel

SPRING 2018 VOLUME 1 5 / NUMBER 1 TODAYSGENER ALCOUNSEL.COM

#TimesUp

Combating Sexual Harassment in the Workplace Consent is a Function of Power $199 Subscription rate per year ISSN: 2326-5000 View our digital edition: digital.todaysgeneralcounsel.com

Action, meet results. Too many law firms mistake activity for action. As they churn away on unnecessary tasks, your matters drag on. At Barnes & Thornburg, we are focused on keeping things moving and helping your business grow. Delivering results you can count on.

Uncommon Value

ATLANTA

CHICAGO

DALLAS

DELAWARE

INDIANA

LOS ANGELES btlaw.com

MICHIGAN

MINNEAPOLIS

OHIO WASHINGTON, D.C.

SPRING 20 18 TODAY’S GENER AL COUNSEL

Editor’s Desk

Victims of sexual harassment have long suffered under a system that stifled their voice. Change is coming. In this issue of Today’s General Counsel, Sabrina Beldner presents her ideas on how to combat sexual harassment in the workplace and Jennifer Robinson discusses the same topic from the perspective of “culture.” Beldner informs us that several states, powered in part by the #MeToo campaign, have pending legislation that will ban non-disclosure provisions in agreements that settle harassment and retaliation claims. If they pass, previous settlements will become evidence when new claims are made, thus multiplying exposure. Robinson explains what this means for your company: “In short, it means #TimesUp.” A law doesn’t always mean exactly what it says, not after the rules and regulations that implement it are written, and challenges work their way through the courts. In her article, Asha Allam discusses an opportunity available to respondents in International Trade Commission cases while the Court of Appeals for the Federal Circuit chews over the meaning of the phrase “shall investigate alleged violations.” As of now, the decision to investigate claims brought before the ITC can be contested with some hope of success. The opportunity may be fleeting, but the benefits are real whether the challenge is successful or not. Warren Braunig and Sarah Salomon ask an intriguing question — does your boss own your brain? For most readers of this publication, the real issue will be whether that new hire’s former boss owns the ideas that the decision to hire was based upon. Sometimes she does, but this is yet another rule that can be challenged with reasonable hopes for success. Jeff Franks and Erik Collasius argue that compliance with information security regulations should be viewed as a chance for the legal team to partner with the business function in a way that increases legal’s influence. Mike Hamilton, and Robert Owen, Frank Nolan and Trevor Satnick provide takes on e-discovery. The latter article is an historic look at what the authors describe as an “addiction” to document production for which legal departments need to find a cure. Hamilton brings in expert advice on how to cure it.

Bob Nienhouse, Editor-In-Chief bnienhouse@TodaysGC.com

A new brand day.

dawn

DTI and Epiq Systems are now Epiqâ&#x20AC;&#x201D;the one name for taking on the dayâ&#x20AC;&#x2122;s complex and critical legal tasks with more clarity and confidence.

Learn more at epiqglobal.com

People. Partnership. Performance.

Business Process Solutions | Class Action & Mass Tort | Court Reporting eDiscovery | Regulatory & Compliance | Restructuring & Bankruptcy

SPRING 2018 TODAY’S GENER AL COUNSEL

Contents 1

Editor’s Desk

9 | From the Event “The Exchange” Legal Operations Forum 10 | Executive Summaries

COLUMNS

38 | Workplace Issues #TimesUp Time for a strongly enforced policy prohibiting sexual harassment. By Jennifer Robinson

40 | The Antitrust Litigator Antitrust and Exclusive Dealing Depends on whether it is pro-competitve. By Jeffery M. Cross 64 | Back Page Front Burner Sharing Protected Information With Potential Litigation Funders It is a risk. By Todd Presnell

FEATURES

42 | A New Weapon for Creditors in Europe Freeze multiple bank accounts with one application. By Jef Klazen, Andrew Stafford, Rebecca Hume, D. Farrington Yates and James P. Booth 46 | Is the Government Friend or Foe When a Data Breach Occurs? It’s not an easy call. By Samantha Green 48 | Resource Alignment is a Big Law Department Challenge The wrong choice means lower productivity, higher cost. By Lauren Chung 50 | Business Continuity Plan for the Legal Department How to keep functioning in an emergency. By Kevin Collins and Jason Hutt 54 | How to Get the Best Legal Services Time is a good measure of cost, not value. By Nancey Watson 56 | Risks of Contractual Joint Ventures for Government Contracts Pitfalls of contractual affiliation. By Kay Tatum, John R. Prairie and George E. Petel 60 | Legal Departments Lead Industry-Wide Change CLOC’s clout puts legal departments in the driver’s seat. By Merry Neitlich

TODAY’S GENER AL COUNSEL SPRING 2018

Contents

L ABOR & EMPLOYMENT

16 | Combating Sexual Harassment in the Workplace Hush money could cost more than you thought. By Sabrina A. Beldner E-DISCOVERY

18 | The Search for a Cure for E-Discovery Addiction Don’t agree to overproduce. By Robert Owen, Frank Nolan and Trevor Satnick 20 | Turning E-Discovery Concepts into Practice Proportionality is key to just, speedy and inexpensive e-discovery. By Mike Hamilton

5 32

INTELLEC TUAL PROPERT Y

CYBERSECURIT Y

24 | Does Your Boss Own Your Brain? Not where ideas came from, but when they came. By Warren Braunig and Sarah Salomon

30 | Information Security as Legal/Business Partnership An opportunity to establish a role that will pay dividends. By Jeff Franks and Erik Collasius

16 26 Some PTAB Procedural Decisions Can Be Appealed The one year time bar is the issue. By Paul E. Dietze, Jeffrey Wolfson and Yong Jin Zhu |

32 | Privacy and Cybersecurity Issues in M&A Create a roadmap for due diligence. By Sheryl Falk and Alessandra Swanson COMPLIANCE

34 | Prosecutorial Discretion — the Quick ITC Escape Act while the appeal is pending. By Asha Allam

May 21â&#x20AC;&#x201C;24 | Las Vegas | Caesars Palace

Tackle todayâ&#x20AC;&#x2122;s biggest legal tech topics from Digital Forensic Investigations to eDiscovery!

1500+ Attendees | 800+ organizations | 110+ sessions Enfuse brings together specialists, executives and leaders to break new ground for the year ahead.

Join OpenText Vice Chair, CEO & CTO Mark Barrenechea Register today!

Use code AXCELER8

to save an additional $200

enfuse.opentext.com

110 sessions

Why attend

With 100+ top-notch sessions and 3 keynotes, you will reap the benefits of best practices, success stories, tools and practical solutions. Enfuse helps turn your biggest challenges into your greatest accomplishments.

countries

800

organizations

keynotes

• Create a personalized agenda from 100+ sessions across 10+ focused tracks

1500 attendees

9hrs dedicated to networking

Benefits of attendance

• Learn best practices and new techniques from hands-on sessions • Network with peers, experts and industry leaders throughout the event • Get certified with a free EnCE, EnCEP or CFSR exam to earn valuable CPE & CLE credits • Meet with 50+ industry vendors to discover the latest technology • Learn from distinguished speakers

enfuse.opentext.com

EDITOR-IN-CHIEF Robert Nienhouse MANAGING EDITOR David Rubenstein

EXECUTIVE EDITOR Bruce Rubenstein

SENIOR EDITOR Barbara Camm

CHIEF OPERATING OFFICER Amy L. Ceisel VICE PRESIDENT, EVENTS TODAY’S GENERAL COUNSEL INSTITUTE Jennifer Coniglio

SVP, MANAGING EDITOR OF EVENTS TODAY’S GENERAL COUNSEL INSTITUTE Neil Signore

TRACEY GOLDVARG Associate Publisher DIRECTOR, CONFERENCES & BUSINESS DEVELOPMENT Jennifer McGovern-Alonzo

LAW FIRM BUSINESS DEVELOPMENT MANAGER Scott Ziegler

ACCOUNT EXECUTIVE Frank Wolson

DATABASE MANAGER Matt Tortora

DIGITAL EDITOR Catherine Lindsey Nienhouse

ART DIRECTION & PHOTO ILLUSTRATION MPower Ideation, LLC CONTRIBUTING EDITORS AND WRITERS

Asha Allam Sabrina A. Beldner James P. Booth Warren Braunig Lauren Chung Erik Collasius Kevin Collins Jeffery M. Cross Paul E. Dietze Sheryl Falk Jeff Franks Samantha Green Rebecca Hume Jason Hutt Mike Hamilton Jef Klazen

Merry Neitlich Frank Nolan Robert Owen George E. Petel John R. Prairie Todd Presnell Jennifer Robinson Sarah Salomon Trevor Satnick Andrew Stafford Alessandra Swanson Kay Tatum Nancey Watson Jeffrey Wolfson D. Farrington Yates Yong Jin Zhu

SUBSCRIPTION Subscription rate per year: $199 For subscription requests, email subscriptions@todaysgc.com

REPRINTS For reprint requests, email jkaletha@mossbergco.com Jill Kaletha, Foster Printing at Mossberg & Co

EDITORIAL ADVISORY BOARD Dennis Block GREENBERG TRAURIG, LLP

Dale Heist BAKER HOSTETLER

Ron Myrick RONALD MYRICK & CO, LLC

Thomas Brunner

Joel Henning

WILEY REIN

JOEL HENNING & ASSOCIATES

Robert Profusek

JACKSON LEWIS

Sheila Hollis

Art Rosenbloom

Mark A. Carter

DUANE MORRIS

CHARLES RIVER ASSOCIATES

Peter Bulmer

DINSMORE & SHOHL

James Christie BLAKE CASSELS & GRAYDON

Adam Cohen FTI CONSULTING

Jeffery Cross FREEBORN & PETERS

Thomas Frederick WINSTON & STRAWN

Jamie Gorelick WILMERHALE

Robert Haig KELLEY DRYE & WARREN

Jean Hanson FRIED FRANK

Robert Heim DECHERT

David Katz

JONES DAY

WACHTELL, LIPTON, ROSEN & KATZ

George Ruttinger

Steven Kittrell

Jonathan S. Sack

MCGUIREWOODS

MORVILLO, ABRAMOWITZ, GRAND, IASON & ANELLO, P.C.

Nikiforos latrou WEIRFOULDS

Jerome Libin EVERSHEDS SUTHERLAND

Timothy Malloy Mc ANDREWS, HELD & MALLOY

Jean McCreary NIXON PEABODY

Steven Molo MOLOLAMKEN

Thurston Moore

CROWELL & MORING

Victor Schwartz SHOOK, HARDY & BACON

Jonathan Schiller BOIES, SCHILLER & FLEXNER

Robert Townsend CRAVATH, SWAINE & MOORE

Robert Zahler PILLSBURY WINTHROP SHAW PITTMAN

HUNTON & WILLIAMS

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information or retrieval system, witho ut the written permission of the publisher. Articles published in Today’s General Counsel are not to be construed as legal or professional advice, nor unless otherwise stated are they necessarily the views of a writer’s firm or its clients. Today’s General Counsel (ISSN 2326-5000) is published quarterly by Nienhouse Media, Inc., 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Image source: iStockphoto | Printed by Quad Graphics | Copyright © 2018 Nienhouse Media, Inc. Email submissions to editor@todaysgc.com or go to our website www.todaysgeneralcounsel.com for more information. Postmaster: Send address changes to: Today’s General Counsel, 20 N. Wacker Drive, 40th floor, Chicago, Illinois 60606 Periodical postage paid at Oak Brook, Illinois, and additional mailing offices.

TODAY’S GENER AL COUNSEL SPRING 2018

from the

EVENT Today’s General Counsel Institute hosted the first annual “The Exchange” Legal Operations Forum in

Beverly Hills, California on March 5-6. Thank you to all who attended.

1. Hal Marcus, Director, Product Marketing, OpenText Discovery. 2. Matthew Raymond Geiger, Actor; and Jada Foote. 3. Shirley Huang, Director of Operations & Legal Affairs, EDGEtv. 4. Lynn Frances Jae, eDiscovery Writer; Neil Signore, Senior VP & Managing Director, Today’s General Counsel; and Joy Murao, Founder & Principal Consultant, Practice Aligned Resources. 5. Lucy Endel Bassli, General Counsel, InnoLegal Services, PLLC. 6. Alexis Robbins, Vice President of Marketing, TCDI; and R. Michael Gibeault, Senior Director, Legal Services, TCDI.

#tgclegalops

SPRING 2018 TODAY’S GENER AL COUNSEL

Executive Summaries L ABOR & EMPLOYMENT

E-DISCOVERY

PAGE 16

PAGE 18

PAGE 20

Combating Sexual Harassment in the Workplace

The Search for a Cure for E-Discovery Addiction

Turning E-Discovery Concepts into Practice

By Sabrina A. Beldner McGuireWoods LLC

By Robert Owen, Frank Nolan and Trevor Satnick Eversheds Sutherland (US) LLP

By Mike Hamilton Exterro, Inc.

Employers can expect to see an increase in sexual harassment claims and complaints. Some may be exaggerated or involve actions that simply do not rise to the level of harassment. Some may be stale, years-old allegations that are no longer legally actionable, or involve someone who has since left the company. But other claims will have merit. Therefore, all claims must be taken seriously and thoroughly investigated. Employers should update their policies to clarify what behavior constitutes harassment and sexual harassment, and make everyone aware that there is zero tolerance for such behavior. Periodically train all supervisors, including senior and C-suite executives on the law regarding sexual harassment and the company’s anti-discrimination and anti-harassment policies. Employers should also make attendance at the necessary training and satisfactory compliance with anti-harassment and other personnel policies a component of job performance that is weighted in evaluations and considered in setting compensation and bonuses for senior leaders. Public indignation at discovering that organizations have used hush money to repeatedly shield bad actors and hide their sexual harassment transgressions has led several states, including New York, New Jersey and California, to introduce legislation to ban non-disclosure provisions in agreements that settle discrimination, harassment and retaliation claims. If these bills become law, evidence of an employer settling prior sexual harassment allegations will be easier to uncover and could be used the next time accusations arise, causing significant financial harm and harm to reputation.

Poor information governance practices placed businesses on a collision course with long-standing discovery practices, leading to an inflection point in 2003, when the first of many holdings that resulted in sanctions and significant awards was issued based on e-discovery failings. Organizations began spending massive sums of money to retain information on the off chance that they might face a lawsuit. The process that led to the adoption of the 2015 amendments to the Federal Rules of Civil Procedure began, in part, to control the costs and burdens of “overpreservation.” The amendment to FRCP 37(e) is arguably the most consequential. It requires a showing of specific intent to deprive an adversary before “death penalty” sanctions can be ordered. It also clarified that if data was lost after “reasonable steps” had been taken to preserve possibly relevant data, no sanctions measures can be ordered. The 2015 Rule amendments have facilitated the early stages of an e-discovery overhaul. Real change, however, requires adapting to emerging technologies in the discovery process, and a change in philosophy on what constitutes adequate production. In the interim, general counsel should take advantage of the tools currently available. Do not agree to overproduce. Enact reasonable preservation practices that do not break the bank. Rule 37(e) allows a court to act only when necessary to cure prejudice, unless there was an intent to deprive. Finally, make sure to suggest using electronic review methods in appropriate situations.

Robert Keeling, Esq., Co-Chair of the E-Discovery Group at Sidley Austin, offered advice to legal departments and law firms that aren’t getting the results they expect from predictive coding, in a recent edTalk sponsored by Exterro, Inc. and Georgetown Law CLE. Be selective during document collection. Use multiple models or techniques. Customize workflows. Be flexible. Adjusted parameters, algorithms, and even sample sets, especially in low-richness environments, can yield better results; and tactics like seeding the sample with responsive documents can help train the algorithm. Heidi Gardner, Ph.D., Lecturer on Law at Harvard Law School, says that debunking myths about collaboration is often the first step in helping lawyers see the real benefits. Gardner discovered that revenue grows exponentially when practice groups work collaboratively with a given client. The benefits of collaboration don’t just accrue to organizations; professionals who collaborate build networks of colleagues. The 2015 amendments to the Federal Rules of Civil Procedure focused on the need to resolve civil disputes in a “just, speedy, and inexpensive” way. Hon. David Waxse, United States Magistrate Judge in the District of Kansas, identifies the concept of proportionality as a key means of achieving those goals. There are things that can be done at each stage of e-discovery to deal with proportionality. Limit document retention. Use technology for review. Limit the scope and format of production. Tactical gains from disputes over document production rarely outweigh their negative impact on the cost and speed of litigation.

TODAY’S GENER AL COUNSEL SPRING 2018

Executive Summaries INTELLEC TUAL PROPERT Y

CYBERSECURIT Y

PAGE 24

PAGE 26

PAGE 30

Does Your Boss Own Your Brain?

Some PTAB Procedural Decisions Can Be Appealed

Information Security as a Legal/Business Partnership

By Paul E. Dietze, Jeffrey Wolfson and Yongjin Zhu Haynes and Boone LLP

By Jeff Franks and Erik Collasius Jabil Inc.

In January 2018, the United States Court of Appeals for the Federal Circuit issued its en banc decision in Wi-Fi One, LLC v. Broadcom Corp., holding that Patent Trial and Appeal Board (PTAB) time-bar determinations (the one-year statutory time bar) in an inter partes review (IPR) proceeding are appealable. The en banc decision overrules a panel’s earlier decision in Achates Reference Publishing Inc. v. Apple Inc. The majority opinion held that a determination considering whether the oneyear statutory time bar has been met is appealable. In holding that paragraph (d) of the authority to institute statute does not bar judicial review of a determination considering whether the one-year statutory time bar has been met, the majority relied on “the strong presumption favoring judicial review of administrative actions” and found no convincing indication of congressional intent to prohibit review. In reaching this conclusion, the majority reviewed both the statutory language and the statutory scheme. Although the court’s decision permits appeal of some decisions to institute an IPR, it did not address when the appeal can be filed. If interlocutory appeals are permitted, it will delay the statutory mandate that IPR decisions be made within one year of institution. If a final decision in the IPR must be in hand, this could leave a cloud hanging over patents with claims determined to be invalid by the PTAB, while the appellate court could decide the institution was improper in the first place.

Compliance with information security regulations should not be viewed simply as sunk cost or minimal value-add activity. It should be viewed as an opportunity for the legal team to engage with its business partners to establish regulatory compliance as a differentiator. Done effectively, the legal team’s involvement in driving the implementation of controls will not only reduce risks, but will result in an improved partnership with the business, and increased credibility and influence for the legal function. The legal team can be a key contributor to the information security team. It is knowledgeable about information security requirements that arise from laws and regulations (e.g., export control laws), customer and supplier agreements, and the limitations of the organization’s systems. The legal team can be especially effective when engaged early, which should happen naturally provided it has earned the role of trusted advisor within the organization. Threats to organizations are evolving. Regulations are inevitable, as is enforcement. The overall cost of information security continues to rise, and it is significantly higher in any organization that suffers a breach. Organizations that make concerted efforts to regard information security as a capability instead of a sunk cost can reduce their overall risk and cost, and build trusted relationships with their business partners. The legal team is well positioned to support the organization in achieving these goals, and to establish a trusted advisor role that will pay dividends in the form of engagement and collaboration.

By Warren Braunig and Sarah Salomon Keker, Van Nest & Peters LLP

Today, many employment agreements, particularly in the tech industry, include a clause assigning to an employer all discoveries, improvements, ideas, processes, developments, designs, know-how and formulae the employee develops while working for the employer, whether or not protectable under other intellectual property regimes. These provisions are referred to as proprietary information and invention assignment agreements (PIIAAs). Invention assignment agreements nominally prohibit an employee from competing against a former employer based on an idea conceived during that employment. Yet, at the same time, many states strictly limit the use of contractual non-compete agreements. As the use of PIIAAs rises, this doctrinal tension will be a source of continuing conflict, particularly in states like California, where non-compete agreements are almost universally unenforceable. If a prospective hire subject to a PIIAA approaches your company with a new business idea, general counsel must understand when it was developed using what resources. If a prospective employee comes to you with a presentation of ideas developed when she was subject to a PIIAA, do not rely on a document describing it. Instruct the employee to start from scratch after being hired. Incorporating suspect documents into your ongoing development will only give the former employer ammunition for its PIIAA claim. Whether an employer brandishing a PIIAA can lay claim, months or years later, to the fruits of an employee’s unarticulated ideas, remains an open question. In the meantime, be cautious, ask questions and protect your company.

SPRING 2018 TODAY’S GENER AL COUNSEL

Executive Summaries CYBERSECURIT Y

COMPLIANCE

FEATURES

PAGE 32

PAGE 34

PAGE 42

Privacy and Cybersecurity Issues in M&A

Prosecutorial Discretion — the Quick ITC Escape

A New Weapon for Creditors in Europe

By Sheryl Falk and Alessandra Swanson Winston & Strawn LLP

By Asha Allam Adduci, Mastriani & Schaumberg LLP

By Jeff Klazen, Andrew Stafford, Rebecca Hume, D. Farrington Yates and James P. Booth Kobre & Kim LLP

Privacy and cybersecurity laws and the accompanying risks involved in M&A are rapidly evolving. While your business team is wrapping its arms around traditional areas of diligence, conduct an initial analysis of the company’s information security infrastructure and business operations to determine the preliminary scope of privacy-focused diligence. Use your initial analysis to create an in-depth roadmap for diligence. Focus on three key issues: (1) what information the target is collecting, (2) what the target is doing with the information and (3) how the target is protecting the information. Merely asking whether the target collects “personal information” will not get the response needed to assess potential risk. Instead, using the knowledge from the initial sweep, ask specific questions about whether the target is collecting certain types of regulated information. There are three key concepts that help create your own diligence framework. First, keep in close contact with your business team to understand its risk tolerance and the potential measures that may be available to mitigate identified risks. Second, incorporate internal privacy counsel into your legal team early in the process — or seek outside counsel if you don’t have a specialist in-house — to assist with initial diligence, and provide insight into any significant areas of risk that need to be communicated to your business team. Third, work with your team to understand how the target collects, uses and secures its information; and use this knowledge to provide a full-risk picture to your business team.

The United States International Trade Commission’s (ITC) third decision in five years not to investigate an alleged violation of Section 337 of the Tariff Act, 19 U.S.C. § 1337, appears to contradict its statutory mandate. The ITC is instructed that it “shall investigate” alleged violations of Section 337, yet it dismissed complaints in 2012, 2014 and 2017. On December 1, 2017, complainants Amarin Pharma, Inc. and Amarin Pharmaceuticals Ireland Ltd. appealed the ITC’s dismissal to the Federal Circuit. Although the outcome of Amarin’s appeal remains unknown, the dismissals demonstrate fleeting opportunities for respondents that have strong arguments to present them and avoid or reduce the expense of ITC litigation. Regardless of the outcome, a respondent only stands to benefit from conducting a substantive evaluation of the allegations against it immediately after a complaint is filed. Every complaint must be drafted with sufficient specificity to enable relief without further briefing or evidence. Complainants must remain vigilant of their claims during pre-institution review, and use the 30-day pre-institution period to monitor their allegations and respond definitively to pleading deficiencies. Maintaining postfiling vigilance increases the likelihood that an investigation will be instituted. The Federal Circuit’s decision in Amarin Pharma, Inc. and Amarin Pharmaceuticals Ireland Ltd.’s appeal of the ITC’s dismissal in Omega-3 Products, will confront its predecessor court’s deference in Syntex Agribusiness, and shed light on what the word “shall” requires the ITC do.

Certain claimants and judgment creditors domiciled in 26 European Union member states enjoy access to a new weapon against evasive debtors. Under Regulation (EU) No 655/2014, they can apply for a European Account Preservation Order (EAPO) to freeze a debtor’s bank accounts across Europe. The regulation simplifies crossborder asset preservation by introducing a standardized application process, backed by automatic recognition across the 26 member states to which the regulation applies. An EAPO prevents dissipation of a specified amount of money from a debtor’s bank accounts, pending the enforcement of an achieved or likely judgment. The nationality and domicile of the debtor does not matter: The EAPO affects the bank account itself. EAPOs can freeze funds in bank accounts in the debtor’s name or — to the extent possible under domestic law — held on the debtor’s behalf. All EAPO member states automatically recognize the EAPO. An applicant may apply once to freeze funds held in accounts across the member states. The EAPO has the potential to save certain creditors time, effort and costs; but it is far from a perfect solution. The measure is likely to prove a blunt instrument for cases involving low account balances or assets concentrated in a small number of jurisdictions. Therefore, creditors should always give careful consideration as to whether the EAPO is the best tool for the job, and seek advice as to whether deployment of domestic measures is more appropriate in their circumstances.

TODAY’S GENER AL COUNSEL SPRING 2018

Executive Summaries PAGE 48

PAGE 50

PAGE 54

Resource Alignment is a Big Law Department Challenge

Business Continuity Plan for the Legal Department

How to Get the Best Legal Services

By Lauren Chung HBR Consulting LLP

By Kevin Collins and Jason Hutt Bracewell LLP

By Nancey Watson NL Watson Consulting Inc.

Cost control was ranked as the top challenge facing law departments, according to the 2017 HBR Consulting Law Department Survey, but law departments are effectively managing their spending and keeping total legal spending flat. They took active measures to control outside counsel costs and focused on building capabilities to handle more work in house. They are demanding accountability and transparency from their law firms, which has led to tighter budgeting, thoughtful planning and regular communication. Many law departments lack a formal process or strategy to properly align work with the appropriate resources. Resource misalignment creates challenges for the law department including lower productivity, higher legal costs associated with inefficient resource allocation and poor employee engagement. Resource optimization is a continuous improvement effort. This means law departments must regularly use data, risk analysis and business planning sessions to allocate in-house legal resources to the highest value functions and most cost effective usage. A thoughtful approach is needed to enable law departments to achieve operational excellence, and ultimately take more work in house. Law departments that are striving for this goal ask themselves: Are the right resources in place to ensure work is done in the most cost-effective and efficient manner? Is the legal staff armed with optimized processes and tools? By putting controls in place and answering these questions, law departments will begin to experience more efficient staffing, streamlined work processes and aligned technology that directly correlate with better cost management.

External threat, and its impact on the legal department’s ability to meet its mission and sustain its business processes during and after a significant disruption, is at the heart of business continuity planning. Unfortunately, many legal departments have not developed a business continuity plan (BCP) that will enable it to function during an emergency. Four major steps are required for establishing a BCP: (1) risk assessment, (2) business impact analysis, (3) resources/needs assessment, and (4) business continuity plan. A proper risk assessment includes identifying internal and external threats that might impact your department’s ability to meet its objectives. You will need to brainstorm a list of threats and then review it in light of probability of occurrence. The business impact analysis determines what impact these threats might have on operations. The resources/needs assessment involves identifying the assets the legal department needs to function. An effective BCP will define levels of functional service over pre-defined time frames, such as 2 hours post incident, 24 hours, 48 hours and 96 hours. Providing this information in simple tables and charts rather than in a densely written report will be more useful during an emergency. The legal department should test the BCP through an annual tabletop exercise, and record successes and possible areas for improvement. Between 2005 and 2016, tropical storms, floods, and other severe weather resulted in more than one trillion dollars in losses alone. Part of the economic losses were displacement and dysfunction of businesses. Legal departments cannot escape those problems; and they should be prepared.

Alternative fee arrangements (AFAs) can be of benefit to legal departments and law firms. According to the American Bar Association, “AFAs are not about charging more than what an hourly rate might be — they are about charging an appropriate fee, based on what value the client receives and how that client perceives value. Keeping track of time should be the lawyer’s measure of cost, not necessarily a measure of the value he or she is providing the clients in their legal needs.” Pricing approaches vary by practice area, complexity of the project, and the familiarity the company and law firm have with the particular kind of matter(s). Often, fixed fees are applied for higher volume type matters such as immigration, some types of employment law, contracts and trademarks. For complex matters such as M&A and litigation, AFAs are more difficult to agree upon. They can usually be settled by using a mix of AFAs, such as hourly fees plus fixed fees for certain elements of the work, because parts of the engagement cannot easily be defined. They can also be tied into success fees. The key is to ensure that open dialogue takes place in order to agree upon the approach that best aligns the fee to the value the client puts upon the work. The author provides an overview of several types of value-based AFAs: fixed fees, budgeted fees with a collar, reverse contingencies, success fees and holdbacks. Building a bonus into the holdbacks if certain criteria are met can further encourage the law firm to commit to the process of defining and evaluating performance and value.

SPRING 2018 TODAY’S GENER AL COUNSEL

Executive Summaries FEATURES

PAGE 56

PAGE 60

Risks of Contractual Joint Ventures for Government Contracts

Legal Departments Lead Industry-Wide Change

By Kay Tatum, John R. Prairie and George E. Petel Wiley Rein LLP

By Merry Neitlich EM Consulting

Parties pursuing government contracts or grants enter into joint ventures for many reasons. But joint venture participants often are unaware of the legal implications of operating as a contractual joint venture, as opposed to establishing a separate legal entity. In many states, a contractual joint venture is treated like a general partnership. Each partner is jointly and severally liable. Consequently, in the event that significant liabilities arise because of one party’s faulty performance, the government customer may be able to recover damages from the joint venture and each joint venture participant. By contrast, a joint venture in the form of a limited liability entity provides a layer of protection for each party. Despite the risks, sometimes organizations conclude that they prefer doing business as a contractual joint venture rather than forming a limited liability entity. In that case, they should take care to draft a joint venture agreement that minimizes the pitfalls of a contractual affiliation. Four of the most important contractual provisions to focus on are (1) choice of law, (2) waiver of fiduciary duties, (3) statement of purpose and (4) termination. Government contractors and grant recipients should seek to avoid entering into contractual joint ventures under the laws of states that deem the joint venture participants to be general partners with joint and several liability. If there are compelling reasons to do so, however, participants should consult with counsel to prepare their joint venture agreement so it will not create unintended liabilities.

About five years ago, a group of in-house counsel from large corporations started to meet informally. They expressed frustrations with how their departments were run, and surfaced issues surrounding the way legal services were delivered by law firms. They agreed that legal departments shared the blame for inefficiencies because they didn’t know how to create an easier and more productive way to work. They started to share information, processes and technologies such as e-billing, e-discovery and knowledge management; and they expressed a unanimous desire for law firms to approach them about what would make delivery of services better for the client. They became the founders of the Corporate Legal Operations Consortium (CLOC). CLOC quickly created a thoughtful, effective base of knowledge, templates, benchmarking capability and best practices to help solve the frustrations they were feeling. Their efforts led to the creation of CLOC’s 12 Core Competencies, a reference model for legal operations excellence. Developing a framework around legal operations and prioritizing the competency areas can build efficiencies that better align with a company’s business objectives. The legal operations function at major corporations has changed from an uncoordinated set of disparate actions to a more carefully defined, cross-disciplinary profession loosely aligned across hundreds of companies and government entities. The focus is on changing not only the way corporate legal departments deliver legal services but on the way the legal services industry should function. Corporate legal departments are in the driver’s seat.

BEYOND PRINT

TodaysGeneralCounsel.com

IN YOUR INBOX

Digital.TodaysGeneral Counsel.com

“THE EXCHANGE” EVENT SERIES TodaysGeneralCounsel.com/ Institute

FIND OUT MORE AT TODAYSGENERALCOUNSEL.COM

TODAY’S GENER AL COUNSEL SPRING 2018

Thank you to our sponsors

“ T H E E XC H A N G E” LEGAL O P E R AT I O N S F O RU M

Join us in Beverly Hills (and cities nationwide) to participate in our interactive roundtable discussions.

“A wonderful few days of roundtable talks with esteemed wearers of many hats. You will learn so much!” —Shirley Huang, Director of Operations and Legal Affairs, EDGEtv

LE A R N MORE

TodaysGeneralCounsel.com/Institute @TodaysGC #tgclegalops linkedin.com/groups/8656444

Strategic Alliance Partners

SPRING 2018 TODAY’S GENER AL COUNSEL

Labor & Employment

Combating Sexual Harassment in the Workplace By Sabrina A. Beldner

ince last fall, news media have shined a spotlight on beloved actors and high-powered film producers, politicians, media moguls and others who have fallen from grace as a result of sexual harassment allegations. This is hardly the first time sexual harassment has dominated headlines (remember Anita Hill?), but this feels different. This wave of incidents has been met with widespread public outrage, reproach and resistance in the form of the #MeToo movement. It inspired the formation of the Time’s Up organization, and has empowered women to no longer tolerate or be silent about sexual harassment or other improprieties in the workplace. So, what does this mean for employers, and what should they do next? First, employers can expect to see an increase in harassment claims and complaints. Some claims may be exaggerated or involve actions that simply do not rise to the level of harassment. Some may be stale, years-old allegations that are no longer legally actionable or involve someone who has since left the company. But other claims will have merit. Therefore, all claims must be taken seriously and thoroughly investigated. To ignore claims or to dismiss them as too dated or insignificant, or to serially pay off employees victimized by a highly valued predator puts the employer’s brand and business at risk and endangers employees. One poorly handled incident can reach millions of people in hours, and the public fallout could be significant — loss of clients, customers, vendors, brand partners and, most importantly, loss of public support. Second, employers should take practical steps to communicate a commitment to a harassment-free work environment, and follow those communications with

the company’s policies, regardless of how they learn about such allegations. That includes incidents that a manager or leader does not witness but only hears about anecdotally. • Communicate that retaliation for reporting concerns of harassment or sexual harassment is strictly prohibited. DISTRIBUTE YOUR POLICY

actions to address and remedy workplace harassment. Employers should update their policies to clarify what behavior constitutes harassment and sexual harassment, and make everyone aware that there is zero tolerance for such behavior. A strong anti-harassment policy should: • State that harassment is prohibited on the basis of membership in any class protected under state or federal law. • Identify each protected class under state and federal law. • Provide relevant examples of prohibited harassment and sexual harassment that are germane to today’s workplace (yes, an employee can engage in harassing behavior over email or text message). • Make clear that harassment is prohibited at work, even if it is committed by a non-employee (i.e., a guest or vendor). • Provide multiple reporting avenues for an employee to report harassment or share other workplace concerns. Consider an anonymous hotline for employees who are uncomfortable filing direct complaints to the company or their managers. • Require supervisor-level employees and upper management (including C-level executives and the company’s board) to immediately report allegations of conduct that might violate

Employees and supervisors should receive the anti-harassment policy, and an employer should obtain and retain signed policy acknowledgments from them that indicates that the policy has been received; that they understand that the policy applies to employment; that they are encouraged to report harassment through the reporting avenues set forth in the policy; that the company will conduct a full investigation and take necessary measures to bring an end to any inappropriate behavior that violates the company’s anti-harassment policies; and that retaliation for reporting a complaint is forbidden and should be immediately reported to the company. Employers should consider redistributing the policy periodically by a method that is effective in reaching all employees. For employers who regularly use e-mail to communicate, this could mean periodically e-mailing the policy to employees or sending them a link to the policy on the company intranet. For employers who do not communicate via e-mail, consider town hall-style meetings to reiterate the key components of the anti-harassment policy. The policy should also be posted in the employer’s facility, generally where other workplace postings or employee communications are displayed and/or in employee break areas or locker rooms. TRAIN EMPLOYEES

Periodically train all supervisors, including

TODAY’S GENER AL COUNSEL SPRING 2018

Labor & Employment senior and C-suite executives on the law regarding sexual harassment and the company’s anti-discrimination and anti-harassment policies. In some states, like California, this training is legally required. Employers should also consider providing training to non-managerial employees that focuses on the company’s policies against harassment, discrimination and retaliation. Comprehensive anti-harassment training will address what constitutes harassment, sexual harassment and workplace bullying. It should review and discuss the company’s anti-discrimination, anti-harassment and anti-retaliation policies. It should depict and educate employees and managers on various workplace harassment scenarios, including same-sex harassment, gender identity-based harassment, quid pro quo harassment, hostile work environment harassment and even unintentional harassment. To be effective, anti-harassment training should also discuss the means for reporting concerns to the employer, the investigation process for such complaints and the steps the company will take to remedy instances of misconduct. While online training satisfies the basic goals of such training, it allows employees to not pay attention to the critical messaging. Where business circumstances allow, employers may wish to consider in-person anti-harassment training for employees and supervisors (even though it is more expensive) led by an expert who can specifically discuss the law and the employer’s policies, especially if the workplace has recently been affected by claims or incidents of inappropriate behavior. In such circumstances, live training conveys a serious commitment and investment by the employer, and provides the best opportunity to drill home the message and increase employee engagement during such training. If it has not become patently clear over the last few months, no one should be treated as being above the law when it comes to harassment complaints. Employers who ignore complaints or fail to address policy violations committed by a top performer, a senior leader, or the face of the organization risk significant

financial liability. At worst, they face a public relations disaster that could ultimately cripple the organization. If a complaint implicates a critical employee or senior leader, employers should consider retaining a third-party investigator. This will help to reduce the risk (as well as claims by the alleged victim) that an investigation is biased or that the investigator is somehow beholden to the accused. It also will help ensure that the allegations are evaluated impartially and on the merits, and that recommendations for remedial action arising from an investigation are made by someone unaffected by business concerns or internal pressure to retain an offender who has perceived value to the company. If an employer intends to conduct its own investigations into harassment complaints, it should make sure to designate someone who has training and/ or experience. Just because an office administrator is available and has been with the company for a long time does not mean he or she is suitable to lead an investigation. Commitment to a harassment-free workplace environment should be conveyed through actions, not just words. After a couple of high-profile departures following allegations of sexual harassment, the CEO of a large investment firm upped the ante by moving her office to the same floor as key managers. CEOs, board members and other senior leaders should attend required anti-harassment training with nonmanagement and lower-level management employees to demonstrate the company’s endorsement of its policies, and perhaps even participate in other communications to employees regarding anti-harassment policies. The bestbehaved workplace environments are generally led by well-behaved managers who are both visible and accessible to their employees. “PAY OFF AND PRESS ON” IS OVER

For senior executives with employment contracts that provide different and less attractive severance packages in the case of terminations “for cause,” employers should consider expressly defining “cause” to include violations

of the employer’s equal employment opportunity policies, including its antiharassment policies. Employers should also make attendance at the necessary training and satisfactory compliance with anti-harassment and other personnel policies a component of job performance that is weighted in evaluations and considered in setting compensation and bonuses for senior leaders. In other words, mechanisms should be put in place to prevent and prohibit leaders who behave badly or otherwise fail to heed the company’s anti-harassment policies from financially benefitting from that conduct. Public indignation at discovering that organizations have used hush money to repeatedly shield bad actors and hide their sexual harassment transgressions has led several states, including New York, New Jersey and California, to introduce legislation to ban nondisclosure provisions in agreements that settle discrimination, harassment and retaliation claims. If these bills become law, evidence of an employer settling prior sexual harassment allegations will be easier to uncover and could be used the next time accusations arise, causing significant financial harm and harm to reputation. Accordingly, organizations must investigate and evaluate each complaint fully and without bias, and without consideration of the important role the accused may hold in the organization. To avoid a difficult and costly reckoning in the future, punishment for improper behavior needs to be the same for the CEO as for someone working in the mailroom. ■

Sabrina A. Beldner is a partner in McGuireWoods LLP’s Labor and Employment Department. She represents employers in all aspects of employmentrelated litigation and traditional labor law matters, and conducts management training on the prevention of unlawful employment practices. sbeldner@mcguirewoods.com

SPRING 2018 TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL

E-Discovery

The Search for a Cure for E-Discovery Addiction By Robert Owen, Frank Nolan and Trevor Satnick

xperts estimate that as much as 16.1 zettabytes of data existed in 2016. To put that number into perspective, that is enough data to cover the entire planet in Microsoft Word pages 122 times over. This data explosion has upended a number of historical practices and procedures. The discovery process in civil litigation has been no exception. Litigating parties often face significant expense when they have to preserve, collect, process and review large data sets.

If a party fails to take those steps, it can face crushing sanctions, since courts have not taken kindly to spoliation of potentially relevant data. These harsh realities helped spur the 2015 amendments to the Federal Rules of Civil Procedure (FRCP), which aimed, in part, to streamline e-discovery. But e-discovery is still far from perfect, and still carries risks and expenses for litigants. This article explains how the discovery process became the behemoth

it is today, provides examples of how e-discovery will continue to evolve with technological advances and offers suggestions for change, which may help to prevent the costs associated with discovery from continuing to spiral out of control. HISTORY OF DISCOVERY

The FRCP were adopted in 1938. Before then, civil litigation was resolved without parties gaining pretrial access to poten-

TODAY’S GENER AL COUNSEL SPRING 2018

E-Discovery

tially relevant information. The discovery process paved the way for lawsuits brought by those who had been harmed, but could not obtain the evidence to prove their case without viewing records held by the alleged offender. Up until a few decades ago, meeting discovery process requirements was not a significant financial burden. Because most communication was verbal, keeping records of conversations was the exception, not the rule. Over time, ever-expanding electronic storage and the rise of electronic communication made it possible to collect and store virtually unlimited quantities of data. Furthermore, data became a profitable asset for organizations. It not only became possible to save massive quantities of data, but it made sense to do so. However, poor information governance practices placed businesses on

but the case illustrates how costly the e-discovery process had become. Crippling decisions and awards like these generated fear and uncertainty. Organizations began spending massive sums of money to retain information on the off chance they might face a lawsuit. THE 2015 AMENDMENTS

The process that led to the adoption of the 2015 amendments to the FRCP began, in part, to control the costs and burdens of “over-preservation” that had resulted from a well-founded fear of sanctions. The amendment to FRCP 37(e) is arguably the most consequential in this regard. It requires a showing of specific intent to deprive an adversary before “death penalty” sanctions can be ordered. It also clarified that if data was lost after “reasonable steps” had been taken to preserve possibly

allowed courts to narrow scope and costs, the amendment did not entirely cure the problems associated with overzealous discovery. Unfortunately, more than one court has held that “[r]elevance is still to be construed broadly to encompass any matter that bears on, or that reasonably could lead to other matter that could bear on any party’s claim or defense.” (Lightsquared Inc. v. Deere & Co., 2015) Such decisions rely on a 1978 Supreme Court case, Oppenheimer Fund, Inc. v. Sanders, which based its decision on older versions of Rule 26. Despite the Rules Committee’s best efforts, the scope of e-discovery is still a major concern, particularly for larger organizations. Courts often assume that large companies have the resources and employees with the requisite skill set to manage large collections. Integrating data sources is a complex process at best, and near impossible at worst. It

Poor information governance practices placed businesses on a collision course with long-standing discovery practices. a collision course with long-standing discovery practices, leading to an inflection point in 2003, 65 years after the adoption of the FRCP. In 2003, the Southern District of New York issued multiple decisions in Zubulake v. UBS Warburg. That case involved a plaintiff who had located over 450 pages of email correspondence that the defendant failed to produce during discovery. Ultimately, the court issued an adverse inference instruction against the defendant, and the jury awarded the plaintiff a judgment for nearly $30 million. The Zubulake decision was the first of many holdings that resulted in sanctions and significant awards being issued based on e-discovery failings. Two years later, a defendant in Coleman (Parent) Holdings, Inc. v. Morgan Stanley & Co. failed to produce thousands of pages of emails. The court subsequently issued an award of $1.5 billion to the plaintiff. The ruling was reversed on appeal,

relevant data, no sanctions or even remedial measures can be ordered. The other consequential amendment narrowed the scope of discoverable material under FRCP 26(b)(1) and the express requirement that discovery be “proportional to the needs of the case.” Some courts immediately grasped the significance of the amended Rule 26(b)(1), with one court commenting that proportionality “has become the new black,” while holding that a discovery request violated the proportionality principle. In another decision issued shortly after the amendment, a court noted that “the 2015 amendment does not create a new standard; rather it serves to exhort judges to exercise their preexisting control over discovery more exactingly.” The Court nonetheless pointed to the proportionality language in holding that it had “no trouble concluding that Plaintiff’s discovery requests [were] burdensome and disproportionate.” While the proportionality rule has

can be extremely difficult for larger organizations, even with the proper team and funding, to locate, store, collect, preserve and produce all relevant data. The e-discovery process is not going away, and it is likely that new data will continue to be generated and stored at unprecedented rates. Fortunately, technological advancements in storage and search have made it easier to cull large data sets while reducing cost. For example, many (but not all) jurisdictions have begun to permit the use of Technology Assisted Review (TAR). The TAR process usually involves a small team tasked with “coding” particular sample sets of documents as responsive or non-responsive. Once the computer views enough sample sets, it can decide for itself which documents are responsive. A 2015 study concluded that TAR could reduce the costs of discovery by 30 percent and time spent on review by a whopping 74 percent. It is likely continued on page 23

SPRING 2018 TODAY’S GENER AL COUNSEL

E-Discovery

Turning E-Discovery Concepts into Practice By Mike Hamilton

very year seems to usher in a new technology, a surprise in case law, or some other big idea that promises to revolutionize ediscovery. More often than not, the big concepts don’t fundamentally change the way e-discovery takes place. True revolutions are not common, but a lot of real value can be lost if we flatly dismiss “revolutionary” ideas. Often practitioners just lack practical tips to gain incremental benefits in efficiency or outcomes. So what are some concepts that have produced a lot of buzz — if not revolutions — in e-discovery and how might professionals find real value in them? AI AND PREDICTIVE CODING

Whether you talk about predictive coding, machine learning, AI or technology assisted review (TAR), few would dispute that the use of computers to review and classify documents during e-discovery is here to stay. The question is, by not

technology have had a negative impact on the benefits it can provide. In a recent edTalk sponsored by Exterro, Inc. and Georgetown Law CLE, Robert Keeling, Esq., Co-Chair of the E-Discovery Group at Sidley Austin, offers advice to legal departments and law firms that aren’t getting the results they expect from predictive coding: Be selective during document collection. Too many users, Keeling explains, “just throw everything into the so-called predictive coding hopper. In other words, they think, ‘I’m using predictive coding, so I don’t need to exercise any kind of discretion… because the model is magic and it’s going to figure it all out.’ ” Overcollection makes it more difficult for algorithms to recognize responsive documents. Use multiple models or techniques. Often one model will suffice to assess multiple kinds of data. But not always. Language differences, e.g., terminology differences between the United States

Tactics like seeding the sample with responsive documents can help train the algorithm. distinguishing between these concepts, has the legal profession failed to take the best advantage of what they offer? Given a green light by the courts in a series of decisions from Da Silva Moore and Rio Tinto through the recent Winfield v. City of New York, the federal bench contains some of predictive coding’s most prominent advocates. But in practice, it doesn’t always deliver the results its proponents hope for. Popular conceptions of AI as a near-magical

and the United Kingdom or Australia, might necessitate multiple review models. The same lesson holds for sampling. “Think about other sampling techniques,” Keeling advises, “for example, clustering first and then sampling across different clusters and making sure that at least part of your sampling captures all clusters.” Customize your workflows. There may be situations — for example, an internal investigation — when users can

defensibly sacrifice recall for precision. “That may not be defensible if you’re litigating a civil matter, but it may identify all the documents that are important in an internal investigation while saving significant expense,” Keeling says. Predictive coding has use beyond responsiveness reviews: quality control, privilege reviews, and even prioritizing attorney review. Be flexible. Adjusted parameters, algorithms and even sample sets, especially in low-richness environments, can yield better results. Tactics like seeding the sample with responsive documents can help train the algorithm. Experiment with default settings in a test environment to gain insight into how the algorithm works and what adjustments in parameters can provide. As Keeling explains, “The predictive coding process involves an attorneyidentified document that trains an algorithm to create a model that identifies and classifies the rest of the documents in the data set.” If the technology fails to deliver results, always consider user error among the reasons why. COLLABORATION IN LEGAL PROJECT MANAGEMENT

In the world of the law, collaboration may seem like a fantasy. In court, there are winners and losers. Inside firms, attorneys compete for partnerships. Even law school has a reputation for being exceptionally competitive, as students at the top of the class vie for prestigious clerkships. In fact, however, collaboration can and probably should exist in the legal profession, at least more often than it does. Heidi Gardner, Ph.D., Lecturer on Law at Harvard Law School, recently authored a book on the topic, Smart Collaboration: How Professionals and Their Firms Succeed by Breaking

TODAY’S GENER AL COUNSEL SPRING 2018

E-Discovery

Down Silos. In a field as competitive as law, debunking myths about collaboration is often the first step in helping people see the real benefits (and costs) of collaboration. Myth One: Collaboration is a passing trend. As professional specialization accelerates, so too does the need for collaboration. Few would argue that domains of expertise are both narrowing

and deepening. Gardner explains, “Knowledge is changing so quickly that unless we’re clear about which domain of knowledge we’re trying to specialize in, it’s very hard for us to stay at the top of our game.” But while specialties are narrowing, clients’ needs are not. They are, in fact, volatile, uncertain, complex and ambiguous. “If you put these two

trends together, you have deep but narrow experts addressing problems that are increasingly complex and multidisciplinary,” she says, “and that is the reason we believe that collaboration is more important than ever.” Myth Two: Collaboration is just getting along. Collaboration is not the same as collegiality, communication, delegation or cross-selling. Even hand-

SPRING 2018 TODAY’S GENER AL COUNSEL

E-Discovery

ing projects off step by step doesn’t meet the bar for smart collaboration. True collaboration arises when there is a business reason, based on the client’s needs, that requires a holistic solution drawing from multiple areas of expertise. “When we talk about smart collaboration, we mean that it is the kind of collaboration where highly specialized experts integrate their knowledge to tackle more complex or sophisticated issues,” Gardner explains. Myth Three: The benefits of collaboration can’t be quantified. One frequent objection to collaboration is that its benefits are “soft.” Organizations won’t embrace change that’s based solely on qualitative returns. To dispel that myth, Gardner conducted extensive research. “We collected millions of data records, hard evidence, to understand not just what collaboration is, but the outcomes.” By examining how many different practice groups within two global professional service firms worked with clients in a given time period, Gardner discovered that revenue grows exponentially when practice groups work collaboratively with a given client. Although this might seem to argue against collaboration, at least from a client perspective, in practice that’s not the case. Simple solutions to complex

strong case for collaboration both on the business front and the talent front.” THE VALUE OF PROPORTIONALITY

The 2015 amendments to the Federal Rules of Civil Procedure focused bench and bar on the need to resolve civil disputes in a “just, speedy, and inexpensive” way. Unfortunately, few people involved in litigation would characterize the process as either speedy or inexpensive, despite the changes. Hon. David Waxse, United States Magistrate Judge in the District of Kansas, identifies the concept of proportionality as a key means of achieving those goals. He explains, “There are things that can be done at each stage (of the e-discovery model) to try to deal with proportionality.” Limit document retention. “You don’t have an obligation to maintain or retain every piece of digital information that you have,” he reminds legal teams. “You only have to retain those that might be discoverable in litigation.” That begs the question of what exactly is discoverable. “The step that’s often missed,” he says, “is that you are required to do discovery only on factual issues that are in dispute.” Use technology for review. If “speedy” or “inexpensive” are important criteria,

Collaboration is not the same as collegiality, communication, delegation or cross-selling. problems may not, in fact, be solutions at all. Gardner observes, “Clients know that they are often overpaying for firms that serve them with a multi-practice offering, but they’re willing to overpay because those are the same firms that are tackling the toughest problems that keep the C-suite awake at night.” In fact, Gardner found that the benefits of collaboration don’t just accrue to organizations; professionals who collaborate build networks of colleagues. In short, she concludes, “There’s a very

then technology is the solution. “Technology is going to ultimately cost a lot less than humans doing review and collection of information,” Waxse states. “I still have cases where lawyers are telling me, ‘Well, I’m not going to send anything to the other side until I’ve had lawyer’s eyes on it.’ And the problem is, the research is pretty clear, that lawyer’s eyes on it is the least effective way of determining what ought to be discoverable.” Cooperate more. Waxse has long been an advocate for cooperation, and

his assessment is quite blunt. “If you look at ways of doing all this in a manner that will get you to just, speedy, and inexpensive, I think cooperation is the most underused item on the list… The failure of counsel to cooperate in facilitating discovery requests and responses, increases cost and contributes to sanctions.” Limit the scope and format of production. Tactical gains from disputes over document production rarely outweigh their negative impact on the cost and speed of litigation; after all, 97 percent of civil cases are settled or dismissed without trial. “I still have some cases where lawyers are arguing about what format they should produce in, and spend time fussing about that,” Waxse laments, “when it’s pretty clear to me in almost all cases native format is the cheapest and quickest way of doing it.” In any field, big ideas that promise revolutions often fail to deliver. However, in e-discovery at least, the incremental advantages that predictive coding, collaboration and proportionality offer can and should be implemented to yield real benefits to legal departments and law firms. ■

Mike Hamilton, JD is the Director of E-Discovery Programs at Exterro, Inc., and has been involved in e-discovery for over five years. He frequently writes and speaks on e-discovery issues and best practices around the country. He is a graduate of the University of Oregon School of Law. michael.hamilton@exterro.com

TODAY’S GENER AL COUNSEL SPRING 2018

E-Discovery

E-Discovery Addiction continued from page 19

that there will be a further reduction in costs and time spent as the technology becomes cheaper. The next logical step in this technological transition is to incorporate artificial intelligence (AI) into the e-discovery process. Although TAR is helpful, it

become bloated, the rules have devolved into a patchwork across jurisdictions and, most importantly, the process is guided by a flawed pursuit of perfection. This pursuit of perfection in discovery exists despite the fact that civil courts adhere to a preponderance of the evidence standard. What is even more damaging is that the pursuit of perfect collection and production leads to shunning newer,

While the proportionality rule has allowed courts to narrow scope and costs, the amendment did not entirely cure the problems associated with overzealous discovery. requires a human to spend a significant amount of time determining which documents are responsive. TAR platforms are also limited by the types of data they can analyze. AI can remove the human from the discovery process completely, by not only analyzing and interpreting various kinds of data but also weaving various data points together to provide an attorney with the relevant information. For example, an attorney may be able to ask a computer to return data referencing an accident. The AI engine would then provide video files showing an accident, emails and messages that reference the accident or any derivation thereof (e.g., collision, incident, crash, injury, etc.) and other useful data points. The attorney would merely need to feed in the data sets, and the computer would do the rest. This technology is not quite ready for prime time, but it is very much a reality. WHERE TO FROM HERE?

Barriers to streamlining e-discovery are neither rules-based nor technological, but merely the result of a natural resistance to change after nearly a century of performing a process in a certain manner. Unfortunately, this process has

more efficient discovery methods like TAR and AI-based searches. While most courts are coming around to the idea of using technology-based search methods, others are still clinging to the standard linear data collection method. This holds true even though studies have confirmed that human review is prone to human error. The 2015 Rule amendments have facilitated the early stages of an e-discovery overhaul. Real change, however, requires adapting to emerging technologies in the discovery process, and a change in philosophy on what constitutes adequate production in discovery. In the interim, general counsel should take advantage of the tools currently available. First, do not agree to overproduce. Rule 26(b)(1) provides ammunition to push back against overzealous discovery demands. Second, enact reasonable preservation practices that do not break the bank. Rule 37(e) allows a court to act only when necessary to cure prejudice, unless there was an intent to deprive. If a party takes “reasonable steps” to preserve and does not act maliciously, it is unlikely that the mere occurrence of data loss will result in damaging sanctions.

Finally, make sure to suggest using electronic review methods such as TAR in appropriate situations. Those steps will help, but until there is broad-based agreement on a shift in process and philosophy to fit our times, the costs of e-discovery will continue to rise. ■

Robert Owen currently serves as Partner in Charge of the Eversheds Sutherland (US) LLP New York office. He is a nationally recognized authority in e-discovery, managing the costs and risks that e-discovery adds to the litigation calculus. He is also president of the nonprofit Electronic Discovery Institute. robertowen@eversheds-sutherland.com Frank Nolan serves as counsel at Eversheds Sutherland (US) LLP in the New York office. He defends class action lawsuits and complex business litigation matters in federal and state courts throughout the country. He advises financial services and insurance clients on issues affecting their core business practices. franknolan@eversheds-sutherland.com Trevor Satnick is a staff attorney at Eversheds Sutherland (US) LLP in the New York office. He focuses on the full range of data issues, including data privacy and security, cyber risk and cyber breach responses, e-discovery and information governance. trevorsatnick@eversheds-sutherland.com

SPRING 2018 TODAY’S GENER AL COUNSEL

Intellectual Property

Does Your Boss Own Your Brain? By Warren Braunig and Sarah Salomon

magine your company is looking to hire a new VP of Product Management. Your product team interviews Julia, a hotshot engineer brimming with exciting ideas. She shows them a one-page summary for a product line that would mesh really well with your existing business. They ask for your General Counsel’s advice. You confirm that the ideas are Julia’s, and weren’t taken from her former employer. You determine that, while Julia’s former employer is in your company’s general field, it is not a primary competitor. Last, you make sure she is not subject to a non-compete agreement. You give the team your blessing to hire this creative dynamo.

Over the next two years, your company pours resources into developing the product line sketched out in Julia’s one-pager. The product is wildly successful, generating millions of dollars in revenue, thousands of new customers, and plenty of great press. But then, out of nowhere, you are hit with a lawsuit from Julia’s former employer. The complaint alleges that Julia hatched the “idea” for your new product line — and wrote the one-pager — while it still employed her. The former employer therefore claims that it is the lawful owner of the entire product line and all of its profits, and seeks to enjoin an entire segment of your business. Sounds crazy, right?

Maybe not. Today, many employment agreements, particularly in the tech industry, include a clause assigning to an employer all discoveries, improvements, ideas, processes, developments, designs, know-how and formulae the employee develops while working for the employer, whether or not protectable under other intellectual property regimes. These provisions are referred to as proprietary information and invention assignment agreements (PIIAAs). If an employee who signed one leaves to develop a long-germinating idea, the former employer may attempt to claim ownership of the competitive business founded on that idea. Surprisingly, the relevant case law potentially allows this

TODAY’S GENER AL COUNSEL SPRING 2018

Intellectual Property result based on expansive notions of the right-to-contract, even in California, where non-competes are generally dead on arrival. There are good practical reasons to permit assignment of inventions. At common law, and in the patent context, employees by default retain ownership of their inventions. Without an assignment, employers would risk losing significant capital investments with every departing employee. Less clear, however, is the justification for permitting the

ability to cede them to an employer by contract. In the seminal case of Mattel, Inc. v. MGA Entertainment, Inc. (9th Cir. 2010), defendant Carter Bryant, a doll designer, had signed an agreement assigning all discoveries, improvements, designs, know-how, whether patentable or not, that he “conceived or reduced to practice” to the company. While working for Mattel, Bryant pitched a new doll concept, Bratz, to MGA Entertainment and was hired to help commercialize the idea. When MGA

time, the employer can still demand assignment if the invention either “relates at the time of conception or reduction to practice of the invention to the employer’s business” or “results from any work performed by the employee for the employer.” In practice, these exceptions mean that Section 2870 shields very few employee innovations from assignment. Indeed, California courts have clarified that an invention need not even be “related to” the specific type of work the

Many employment agreements include a clause assigning to an employer all discoveries, improvements, ideas, processes, developments, designs, know-how and formulae the employee develops. assignment of inchoate, undeveloped ideas based on the employee’s general know-how attained through work in her chosen field. Using California law as an example, this article traces the often-conflicting treatment of PIIAAs by courts, and offers suggestions for a general counsel faced with the situation described above. CONTRACTING FOR IDEAS

We do not typically think of ideas as intellectual property. Patent protection requires a detailed specification and novel, non-obvious written claims. Abstract ideas are, by law, unpatentable. Likewise, while the expression of an idea can be copyrighted, the idea itself is not afforded protection. Although courts have cautiously expanded the scope of trade secrets to include a company’s unwritten business ideas, see Altavion, Inc. v. Konica Minolta, Inc. (Cal. Ct. App. 2014), it is uncertain that an employee’s unsolicited and undisclosed thoughts could qualify as the employer’s trade secrets. Even though ideas are generally not recognized as intellectual property, California courts have ratified an employee’s

introduced Bratz, Mattel sued for complete ownership of the Bratz line based on Bryant’s assignment agreement. In determining whether Bryant had assigned his “idea” for Bratz, the Ninth Circuit (applying California law) turned to conventional contract interpretation. The Court reasoned that, while the word “idea” did not appear within the list of things Bryant agreed to assign, the list did include “know-how” and “discoveries,” and could encompass things not embodied in a tangible form because it covered inventions Bryant had merely “conceived.” The Ninth Circuit therefore endorsed the possibility that something as fleeting as a burst of inspiration could be subject to a mandatory contractual assignment. Much as other states have done via common law, California has adopted some statutory limits on the degree to which employers can assert contractual control over their employees’ innovations. California Labor Code § 2870 states that any PIIAA “shall not apply to an invention that the employee developed entirely on his or her own time without using the employer’s equipment.” However, even if an employee develops an invention entirely on her own

employee performed for the employer. Rather, so long as the invention is related to some division or product line of the company, it is likely assignable. For employees of large companies with many product lines, that could exclude an entire industry. Moreover, as a practical matter, it is rare that entrepreneurs or innovators develop new business concepts that have nothing to do with their prior or existing work. Instead, they often draw upon the know-how they’ve obtained as someone else’s employee to fix a problem they’ve identified. As written and construed, however, Section 2870 makes little room for that reality. Invention assignment agreements nominally prohibit an employee from competing against a former employer based on an idea conceived during that employment. Yet, at the same time, many states limit the use of contractual non-compete agreements. As the use of PIIAAs rises, this doctrinal tension will be a source of continuing conflict, particularly in states like California, where non-compete agreements are almost universally unenforceable. Free employee mobility is as embedded continued on page 29

SPRING 2018 TODAY’S GENER AL COUNSEL

Intellectual Property

Some PTAB Procedural Decisions Can Be Appealed By Paul E. Dietze, Jeffrey Wolfson and Yongjin Zhu

n January 2018, the United States Court of Appeals for the Federal Circuit issued its en banc decision in Wi-Fi One, LLC v. Broadcom Corp., holding that Patent Trial and Appeal Board (PTAB) time-bar determinations (the one-year statutory time bar) in an inter partes review (IPR) proceeding are appealable. The en banc decision overrules a panel’s earlier decision in Achates Reference Publishing Inc. v. Apple Inc. A procedural background and discussion of the implications of this ruling are set out below. Broadcom petitioned the PTAB to institute IPRs challenging the validity of various claims of three patents owned and asserted by Wi-Fi One. In its preliminary response, Wi-Fi One argued that the IPR should not be

com was denied by the PTAB, as was Wi-Fi One’s request for a rehearing on the order denying discovery. A request for writ of mandamus filed by Wi-Fi One’s predecessor-in-interest asking the Federal Circuit to compel that discovery was also denied. Ultimately, the IPR proceedings concluded with a determination that the challenged claims of the Wi-Fi One patents were unpatentable. A request for rehearing was denied, and Wi-Fi One appealed the PTAB’s final ruling to the Federal Circuit. On appeal, Wi-Fi One again argued that the district court defendants were a real party-in-interest or a privy of Broadcom as to the patents subject to the IPR proceedings. Therefore, Broadcom’s petition was untimely under the one-year statutory time bar. A panel of

Achates. Oral arguments were heard on May 4, 2017. THE EN BANC DECISION

The majority opinion, written by Judge Reyna, held that a determination considering whether the one-year statutory time bar has been met is appealable. In overruling Achates and holding that paragraph (d) of the authority to institute statute does not bar judicial review of a determination considering whether the one-year statutory time bar has been met, the majority relied on “the strong presumption favoring judicial review of administrative actions” and found no convincing indication of congressional intent to prohibit review. In reaching this conclusion, the majority reviewed both the statutory language and the statutory scheme.

Wi-Fi One argued that the IPR should not be instituted because Broadcom’s petition was barred under the one-year statutory time bar. instituted because Broadcom’s petition was barred under the one-year statutory time bar. Specifically, Wi-Fi One asserted that, although the defendants in a district court litigation regarding the same patents were not petitioners in the IPR, the defendants were a real party-in-interest or a privy of petitioner Broadcom as to these patents. Thus, the one-year statutory time bar for filing a petition applied. The PTAB disagreed and instituted the IPR proceedings. Wi-Fi One’s motion requesting additional discovery to determine if any of the defendants were a real party-in-interest or a privy of Broad-

the Federal Circuit declined to review the PTAB’s decision to institute the IPR, citing the court’s earlier decision in Achates. The panel held that a PTAB decision to institute an IPR proceeding, which involves an assessment by the PTAB as to whether or not the one-year statutory time bar has been met, is not reviewable because such review is precluded under paragraph (d) of 35 U.S.C. § 314 (the authority to institute statute). Wi-Fi One petitioned the Federal Circuit for rehearing en banc, and the petition was granted. The court requested supplemental briefs limited to the question of whether the court should overrule

The majority first held that “the natural reading” of paragraph (d) of the authority to institute statute limits the reach of the statute to the determination by the Director whether to institute IPR as set forth in the authority to institute statute. The majority found that paragraph (a) of the authority to institute statute, “the only subsection addressing substantive issues that are part of the Director’s determination under this section,” does only two things: (1) identifies the threshold requirements for institution and (2) grants the Director discretion not to institute even when the threshold is met.

TODAY’S GENER AL COUNSEL SPRING 2018

Intellectual Property

The majority clarified that paragraph (a) does not address any other issue relevant to an institution determination. Thus, the majority concluded that paragraph (d) of the authority to institute statute limited unreviewability to the Director’s preliminary patentability assessment, or the Director’s discretion not to initiate an IPR even if the threshold is met. The majority then held that a

determination considering if the oneyear statutory time bar has been met is reviewable, because it controls the Director’s authority to institute IPR that is unrelated to the Director’s preliminary patentability assessment or the Director’s discretion not to initiate an IPR even if the threshold reasonable likelihood is present. The majority found such a read-

ing to be consistent with the statutory scheme “as understood through the lens of” the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, which, according to the majority, “strongly points toward unreviewability being limited to the Director’s determinations closely related to the preliminary patentability determination or the exercise of discretion not

SPRING 2018 TODAY’S GENER AL COUNSEL

Intellectual Property

to institute,” such as the procedural requirements of sections 311-313 of Title 35 of the United States Code. The majority went on to further state that the one-year statutory time bar limits the agency’s authority to act under the IPR scheme, and that timely filing of a petition under the one-year time bar statute is a condition precedent to the Director’s authority to act. The majority concluded by stating that the statutory scheme as a whole demonstrates that the one-year statutory time bar is not closely related to the institution decision addressed in paragraph (a) of the authority to institute statute, and therefore is not subject to paragraph (d) of the authority to institute statute’s bar on judicial review. Judge O’Malley’s concurrence turned on the distinction between the Director’s authority to exercise discretion when reviewing the adequacy of a petition to institute an IPR, and authority to undertake such a review in the first instance. According to Judge O’Malley, a determination concerning whether the one-year statutory time bar has been met is reviewable because it is directed

and that Cuozzo confirmed such an interpretation. IMPLICATIONS

The Federal Circuit’s decision narrowly interprets the restriction of paragraph (d) of the authority to institute statute on appealing a decision to institute an IPR as being limited to substantive determinations under paragraph (a) of the authority to institute statute and those closely related to paragraph (a), i.e., determinations closely related to the preliminary patentability determination, or the exercise of discretion not to institute. By narrowly interpreting paragraph (d) of the authority to institute statute, it appears that the Federal Circuit has limited the non-appealable restriction of paragraph (d) of the authority to institute statute to PTAB determinations that require the particular expertise of the Patent and Trademark Office (PTO), i.e., determinations regarding the patentability of claims. Thus, it seems likely that in the future there will be additional appeals challenging PTAB determinations to institute, or even not institute, an

The majority relied on “the strong presumption favoring judicial review of administrative actions” and found no congressional intent to prohibit review. to a procedural right that prevents an agency from acting outside its statutory limits, “one of the categories of ‘shenanigans’ envisioned by the majority in Cuozzo,” and is unrelated to the agency’s core statutory function of determining whether claims are or are not patentable. Judge Hughes, joined by Judges Lourie, Bryson and Dyk, dissented. The dissent argued that the plain language of paragraph (d) of the authority to institute statute bars judicial review of the Director’s decision to institute,

IPR based on tangential issues that are a “condition precedent” to the PTO’s authority to act, or that are otherwise outside the substantive determinations related to the preliminary patentability determination of whether to institute a post-issuance review proceeding. The decision arguably also raises the question of whether a determination under section 325(d) of Title 35 of the United States Code can be appealed. Furthermore, although the court’s decision permits appeal of at least some decisions to institute an IPR, it did not

address when the appeal can be filed. If interlocutory appeals are permitted, it will delay the statutory mandate that IPR decisions be made within one year of institution. On the other hand, if a final, written decision in the IPR must be in hand before appealing, this could leave a cloud hanging over a patent with claims determined to be invalid by the PTAB, while the appellate court could decide the institution was improper in the first place. ■

Paul Dietze, Ph.D., is a partner in Haynes and Boone LLP’s Washington, D.C., office and a member of the Intellectual Property Practice Group. He combines his experience as a chemist with his expertise as a lawyer to counsel clients in all aspects of intellectual property in the pharmaceutical, chemical and biotechnology arts. paul.dietze@haynesboone.com Jeffrey Wolfson is a partner in Haynes and Boone LLP’s Washington, D.C., office and head of the Patent Prosecution Practice Group. He helps clients manage their intellectual property and related legal risk, in both obtaining and managing portfolios of United States and foreign patent and other intellectual property rights. jeff.wolfson@haynesboone.com Yongjin Zhu is an associate in the Intellectual Property Litigation Practice Group in the Washington, D.C., office of Haynes and Boone LLP. His practice focuses on patent litigation with an emphasis on representing generic companies in actions brought under the Hatch-Waxman Act. yongjin.zhu@haynesboone.com

TODAY’S GENER AL COUNSEL SPRING 2018

Intellectual Property Own Your Brain

continued from page 25 in California culture as surfing and traffic jams. The state’s statutory prohibition on restrictive covenants, codified at Business and Professions Code § 16600, dates back almost 150 years. It is one of the key engines of Silicon Valley’s innovation economy. So great is California’s commitment to unfettered employee mobility that California courts frequently overturn choice-of-law clauses in employment agreements for California employees who seek to invoke the law of a different state where non-competes are more favored. Courts occasionally have approved non-competes tailored to prevent the former employee’s use of trade secrets,

not only the right to compete, but also the right to make preparations to compete, including seeking other employment or meeting with others to discuss a potential new business. However, California courts have yet to resolve the question. TIPS FOR GENERAL COUNSEL

What then is a savvy general counsel to do? For starters, you can take the following steps: • Perform due diligence. If a prospective hire subject to a PIIAA approaches your company with a new business idea, make sure you understand when it was developed using what resources. Was this idea worked on during business hours? On a work computer? Was the employee inspired by existing or anticipated developments at

The Ninth Circuit endorsed the possibility that something as fleeting as a burst of inspiration could be subject to a mandatory contractual assignment. but what about “ideas” that were never the trade secret of the employer? Section 16600 has been invoked to invalidate PIIAAs that demanded assignment of innovations conceived in the first year after an employee terminated employment. Those courts have reasoned that an assignment agreement targeting post-employment innovations prevents an employee from capitalizing on the professional expertise attained at the previous job to flourish at the next one. Undecided, however, is whether a broad PIIAA that targets an employee’s ideas conceived of during her tenure might also violate Section 16600. Is an employee who engages in preliminary development of ideas she might wish to develop later any less entitled to use her previous work experience to flourish at her next job? The answer would seem to be no. California law has long protected

her former employer? Did she share the idea with her former company, putting them on notice? Knowing the answers to these questions is essential to determining your exposure. • Ditch that one-pager. If, as in the hypothetical above, a prospective employee comes to you with a presentation of ideas, developed when she was subject to a PIIAA, do not rely on it. Play it safe: Instruct the employee not to bring it with her when she departs, and to start from scratch again when she arrives. Incorporating suspect documents into your ongoing development will only give the former employer ammunition for its PIIAA claim. • Hire a good lawyer and fight. While new employees with PIIAAs should be handled carefully, you need not be cowed by the prospect

of an aggressive former employer. When hiring companies can document that they invested heavily and substantially improved the employee’s idea to bring it to market (and acted in good faith), courts are reluctant to strip away the fruits of that labor. In Mattel, for example, the Ninth Circuit acknowledged that the idea had germinated while the inventor was still at Mattel but nonetheless rejected Mattel’s demand to impose a constructive trust over the Bratz doll line, noting the substantial resources MGA had poured into Bryant’s ideas. If genius is one percent inspiration and 99 percent perspiration, ultimate ownership of a great idea (and the resulting profits) should reside with the company that put in the sweat equity. Whether an employer brandishing a PIIAA can lay claim, months or years later, to the fruits of an employee’s unarticulated ideas, remains an open question. In the meantime, be cautious, ask questions and protect your company. ■

Warren Braunig is a partner at Keker, Van Nest & Peters LLP. He focuses his practice on complex commercial litigation, ranging from patent law, employment and contract disputes to administrative and water law and consumer class actions. wbraunig@keker.com Sarah Salomon is an associate at Keker, Van Nest & Peters LLP. She specializes in complex commercial litigation, including trade secret cases involving employee mobility. ssalomon@keker.com

SPRING 2018 TODAY’S GENER AL COUNSEL

Cybersecurity

Information Security as Legal/Business Partnership By Jeff Franks and Erik Collasius Further details around the criteria for properly handling that data is included in NIST SP 800-171 (updated in November 2017), which provides recommended requirements for the protection of the confidentiality of controlled unclassified information as defined by the National Archives. It includes the following controls:

nformation security is a regular topic of discussion for corporate legal teams today, as threats continue to emerge at an alarming rate and the cost of security incidents continues to rise. Increasingly complex information security regulations, together with expanding reliance on digital information, significant cost and impact of security incidents, make information security a risk that must be addressed decisively. There are many regulations that address the topic, among them one that our department deals with regularly, the Defense Federal Acquisition Regulations Supplement (DFARS), which includes safeguarding and incident reporting requirements. Compliance with information security regulations should not be viewed simply as sunk cost or minimal value-add activity. Instead, it should be viewed

as an opportunity for the legal team to engage with its business partners to establish regulatory compliance as a differentiator. Done effectively, the legal team’s involvement in driving the implementation of controls will not only reduce risks, but will result in an improved partnership with the business, and increased credibility and influence for the legal function. To further illustrate this premise, let’s take a look at the DFARS requirements, which require businesses supporting U.S. Department of Defense contracts or subcontracts to provide “adequate security” for information known as Controlled Defense Information, and “rapid reporting” of security incidents. Department of Defense contractors can expect these requirements to increase and evolve over time to deal with the changing threat landscape.

1. Access Control: How are users identified and authorized and insider threats identified? 2. Awareness and Training: Are users regularly trained on information security risks? 3. Audit and Accountability: Are the systems regularly reviewed and tested? 4. Configuration Management: Are security configurations established and maintained on hardware and software throughout their lifecycles? 5. Identification and Authentication: Are users required to use complex passwords that are verified by multi-factor authentication? 6. Incident Response: Is a plan established and successfully tested? 7. Maintenance: Are systems properly maintained from a patch and vulnerability perspective? 8. Media Protection: Is information properly marked, encrypted and sanitized before disposal? 9. Personnel Security: Are employees adequately screened? 10. Physical Protection: Are visitors logged and escorted? 11. Risk Assessment: Are systems tested for vulnerabilities? 12. Security Assessment: Are processes regularly updated and assessed? 13. System and Communications Protection: Is information monitored and controlled at egress points?

TODAY’S GENER AL COUNSEL SPRING 2018

Cybersecurity

14. System and Information Integrity: Are threats detected, identified and corrected? INFORMATION SECURITY GOES BEYOND INFORMATION TECHNOLOGY

Information Security is often thought of as protecting against viruses or malware, but it goes well beyond firewalls and patches. Information security is the organization’s handling and safeguarding of information from cradle to grave. No one person or function can effectively ensure information security alone, but everyone must be responsible and accountable for security. Information security is dependent on an organizational culture of security,

should happen naturally provided it has earned the role of trusted advisor within the organization. Intellectual property, including that entrusted to an organization by its customers and suppliers, are often the crown jewels of the organization. In regulated industries such as healthcare and defense, information security can take on even greater importance due to the heightened consequences of failures and mandatory reporting requirements. Simply meeting information security requirements is not enough to demonstrate a marketable differentiation. Requirements are the price of admission. However, early adoption of security frameworks even when not required

Regulatory compliance should be viewed as an opportunity for the legal team to engage with its business partners. along with governance. Governance encourages the behavior that we want to see, discourages unacceptable behavior, and engrains the necessary level of discipline and security within the culture. Everyone within the organization needs to be vigilant regarding their own actions, and the actions of the people with whom they interact. Insider threats are as real as outsider threats to the business. An effective security framework enables good governance and culture. To select and implement an effective information security framework, the organization must agree on roles and responsibilities, risk management approach, metrics and benchmarking, as well as the commitment to institutionalize security through training and communication. The legal team can be a key contributor to the information security team. It is knowledgeable about information security requirements that arise from laws and regulations (e.g., export control laws), customer and supplier agreements, and the limitations of the organization’s systems. The legal team can be especially effective when engaged early, which

by law or regulation, coupled with independent validation, demonstrates a commitment to security. An organization that can effectively communicate and independently confirm its security enhancements can turn them into a competitive advantage. The legal team can do more than simply interpret current requirements to assist the organization with developing a marketable information security capability. The legal team can assess regulatory and business trends and synthesize the findings into a roadmap. It can also play key roles in executing the roadmap by designing and evaluating systems, and training the organization. Any opportunity to meaningfully engage the organization in these efforts is an opportunity to further develop trusted partnerships. ENHANCED SECURITY IS ADDED VALUE

Generally, regulatory compliance is considered a cost driver. However, the process of regulatory compliance presents opportunities for an organization to continually improve existing systems. It follows that improved security processes should increase efficiency. Ultimately,

it should reduce allocated resources by eliminating duplicative systems and preventing firefighting. These resources can be reallocated to other improvements in order to glean additional value from the increased investment. More importantly, enhanced information security efforts can help prevent and mitigate the cost of penalties, investigations, embarrassment and negative reputational impact associated with a breach. The potential to reduce or prevent costs and distractions, together with the establishment of a marketable capability, is a compelling case for viewing regulatory requirements differently. The legal team can help the organization build the case for enhanced security. Threats to organizations are evolving. Regulations are inevitable, as is enforcement. The overall cost of information security continues to rise, and it is significantly higher in any organization that suffers a breach. Organizations that make concerted efforts to regard information security as a capability instead of a sunk cost can reduce their overall risk and cost, and build trusted relationships with their business partners. The legal team is well positioned to support the organization in achieving these goals, and to establish a trusted advisor role that will pay dividends in the form of engagement and collaboration. ■

Jeff Franks is Legal Counsel for Jabil Inc.’s Defense and Aerospace Division. Prior to joining Jabil, he was Government Business Counsel at a global steel and bearing manufacturer and Acquisition Professional with the U.S. Department of Defense. jeff_franks@jabildas.com Erik Collasius is the Business Security Officer for Jabil Inc.’s Defense and Aerospace Division. He reviews and manages physical and IT related security matters impacting the business. erik_collasius@jabildas.com

SPRING 2018 TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL

Cybersecurity

Privacy and Cybersecurity Issues in M&A By Sheryl Falk and Alessandra Swanson

othing quite beats the exhilarating work involved in a merger or strategic acquisition. From the late nights of strategic discussions to the grueling exercise of due diligence, business interests must be balanced with vital legal decisions. Chief among them are considerations related to the privacy and cybersecurity practices of the target entity. With increased regulation of personal information and rising rates of

security breaches and cybercrime, this area has become critical in the diligence exercise. Querying the target to determine whether a breach has occurred has become standard practice. However, there are other issues to explore that could expose your company to liability in connection with the targetâ&#x20AC;&#x2122;s violation of privacy-focused laws. It is essential to have a plan to identify areas of material risk that may either thwart the deal or require significant

mitigating measures. This article highlights issues that typically arise during corporate transactions, and may serve as a starting point for thinking through privacy due diligence. INITIAL ANALYSIS

Privacy and cybersecurity laws and the accompanying risk are rapidly evolving. While your business team is busy wrapping its arms around traditional areas of diligence, such as employee benefits

TODAY’S GENER AL COUNSEL SPRING 2018

Cybersecurity

and real estate, you need to conduct an initial analysis of the company’s information security infrastructure and business operations to determine the preliminary scope of privacy-focused diligence. This initial diligence sweep may involve obvious areas of interest, e.g., an assessment of whether the company operates in a highly regulated area, such as health care or financial services, or whether it has suffered a significant breach involving personal information. It may also include asking questions about the location of employees, customers and vendors to determine whether the target’s practices may trigger obligations under foreign jurisdictions such as the

your diligence inquiries. For example, merely asking whether the target collects “personal information” will likely not get the complete response needed to assess potential risk. Instead, using the knowledge from the initial sweep, ask specific questions about whether the target may be collecting certain types of regulated information in addition to your general inquiries. For example, if the target is running analytics cookies on its website, ask whether it receives Internet Protocol (IP) addresses back from the trackers. Although many people may not think of IP addresses as personal information (indeed, many still consider IP addresses to be “anonymous”), the collection of

account creation, to newer and increasingly scrutinized practices, such as the collection of location information from a closed app on a smartphone. FIND OUT HOW THE INFORMATION IS USED

Once you’ve identified the information under the target’s purview, it is important to understand how this information is used within its organization, as well as how it is shared outside. At this point, you have likely identified the relevant areas of regulation that apply to your target (HIPAA, GLBA, etc.). During this phase, you will want to compare its uses and disclosures of information against any pertinent restrictions to determine

Once your team gets the green light, use your initial analysis to create an in-depth roadmap for diligence. European Union, which are more sensitive than United States laws with regard to collection of common identifiers. Also of importance during this phase is consulting your team about the deal structure, including whether the purchase will be limited to assets, in which case past liability is of lesser concern, or whether the target will be acquired as part of a merger or interest acquisition, where liability for past breaches and non-compliance with privacy laws will become your company’s obligation. Getting a read on your team’s general risk tolerance, and understanding whether the plan is to leverage representations and warranties insurance, is also paramount to guiding the diligence process. Once your team gets the green light to proceed, use your initial analysis to create an in-depth roadmap for diligence. In particular, you will want to focus on three key issues: (1) what information the target is collecting, (2) what the target is doing with the information and (3) how the target is protecting the information. When examining the target’s information collection practices, be granular with

such identifiers is coming under increasing scrutiny and regulation in the United States, and has been regulated in the European Union for years. For this phase of diligence, it is important that you identify individuals who play certain roles within the target’s organization and ask them to provide answers. The person responding to the diligence requests on behalf of the target may not think to query people in the marketing department, for example, about their information collection activities. The quality of the diligence response may suffer as a result. In addition to asking what information the target collects, you should also ask how this information is collected. This will be helpful in determining whether the target is living up to its promises in any consumer-facing privacy disclosures, such as its website privacy policy, as well as identifying any contracts where the target may have data privacy or security obligations. Depending on what type of products and services the target offers, the means of information collection may range from common practices, such as the collection of consumer information through online

where there are gaps between practices and legal obligations. In addition, similar to the discussion above regarding information collection, the target’s information use practices should be compared with the promises it makes in consumerfacing disclosures and contracts to ensure that it is fulfilling such assurances. This is also the time to identify whether it is engaged in any “high risk” practices, such as telemarketing and text message marketing, where the laws impose strict consent requirements and high statutory fines, and the class-action bar is extremely active. What is perhaps the most important phase of diligence, examining the target’s security controls, can be a two-team job. As an initial matter, your legal team will need to determine what security controls the target has in place to protect the information under its purview, and whether such safeguards satisfy legal and contractual obligations. You may also need to enlist an information technology focused team to examine the effectiveness of these safeguards, and determine whether they sufficiently protect the target’s information. continued on page 37

SPRING 2018 TODAY’S GENER AL COUNSEL

Compliance

Prosecutorial Discretion — the Quick ITC Escape By Asha Allam

he United States International Trade Commission’s (ITC) third decision in five years not to investigate an alleged violation of Section 337 of the Tariff Act, 19 U.S.C. § 1337, appears to contradict its statutory mandate. The ITC is instructed that it “shall investigate” alleged violations of Section 337, yet it dismissed complaints in Hydroxyprogesterone Caproate and Products Containing the Same in 2012, Electronic Hand-Held Pulse Massagers and Components Thereof in 2014 and Synthetically Produced, Predominantly

advertising, or trade secret theft in the importation and sale of products in the United States. Unlike many jurisdictions, filing a complaint at the ITC does not automatically commence litigation. Investigations typically commence 30 days after a company files a complaint asking the ITC to exclude competing imported products from the United States. After this period, known as pre-institution review, the ITC usually institutes a 14-18 month investigation. With its broad authority, expedited proceedings and powerful, nationwide remedies, the

judicial review by the Federal Circuit’s predecessor, the Court of Customs and Patent Appeals, in Syntex Agribusiness, Inc. v. International Trade Commission. Yet, the ITC’s exercise of this discretion since 2012 represents the only three instances of dismissal in at least 20 years. The ITC lacks an analog to the Federal Rule 12(b)(6) motion to dismiss for failure to state a claim, so there are two ways to end a commenced investigation before a hearing: termination or summary determination. Termination happens on narrow grounds — typically

While the outcome of Amarin’s appeal will be unknown for some time, the ITC’s three dismissals demonstrate fleeting opportunities for strategic attack and effective defense. EPA Omega-3 Products in Ethyl Ester or Re-esterified Triglyceride Form in 2017. The October 27, 2017, decision not to institute an investigation based on the Omega-3 Products complaint was an unlikely result in the clash between the ITC’s statutory mandate and limited prosecutorial discretion. On December 1, 2017, the complainants Amarin Pharma, Inc. and Amarin Pharmaceuticals Ireland Ltd. appealed the ITC’s dismissal to the Federal Circuit. While the outcome of Amarin’s appeal will be unknown for some time, the ITC’s three dismissals nonetheless demonstrate fleeting opportunities for strategic attack and effective defense. SECTION 337 AND ITC INVESTIGATIONS

Section 337 requires the ITC to investigate, on complaint or its own initiative, unfair methods of competition such as patent or trademark infringement, false

ITC is an advantageous forum for many litigants. However, the heightened factpleading requirements that trigger these benefits expose a potential loophole in the ITC’s investigative obligations. Prosecutorial discretion — an agency’s authority to decide whether to take action — is limited by the mandate that the ITC “shall investigate” a violation of Section 337 “on complaint.” The ITC’s rules specify the required elements of a complaint, and the agency uses the pre-institution review period to evaluate a filed complaint for sufficiency and compliance. By permitting the ITC to define the circumstances that trigger its investigative mandate, Congress introduced a discretionary element into a compulsory process. This discretion is confirmed by older, public agency memoranda recommending that the ITC not investigate deficiently pled claims, and 1980 and 1981

settlement, consent decree or the complainant’s withdrawal of allegations. Summary determination is more onerous: A respondent must demonstrate by motion that undisputed facts merit adjudication of a dispositive issue in its favor. Because termination is limited, respondents more often use summary determination to seek dismissal for failure to state a claim upon which relief can be granted. Nevertheless, even successful summary determination motions are usually preceded by months of broad discovery and expensive briefing. In Carbon and Alloy Steel Products, Inv. No. 337-TA-1002, respondents won summary determination that the complainant’s false designation of origin claim lacked factual support, and achieved final dismissal before a hearing. However, the determination occurred after 17 months of litigation. Rather than wait for summary

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL SPRING 2018

Compliance

determination, an inadequately pled complaint can be dismissed before an investigation starts if the ITC finds a basis not to investigate. Though the ITCâ&#x20AC;&#x2122;s Office of Unfair Import Investigations (OUII) is tasked with evaluating the sufficiency of a complaint during the pre-institution review period, respondents are often better equipped to scrutinize allegations against them. Thus,

respondents are uniquely situated to assist the ITC in determining whether a complaint should be investigated. Although most complaints filed at the ITC will not warrant a non-institution decision, alerting the ITC to weaknesses in the allegations or merits of the case early can still benefit a respondent. Identifying inadequacies may cause a complainant to supplement its allega-

tions or respond to the inadequacies prior to institution of the investigation, thereby providing an early disclosure of contentions. Directing attention to weaknesses bearing on a dispositive issue may prompt the ITC to order early resolution of that issue through its 100-day Pilot Program. Since 2013, the 100-day Pilot Program has been used seven times to

SPRING 2018 TODAY’S GENER AL COUNSEL

Compliance

expedite adjudication of standing, patentable subject matter and the existence of a domestic industry. The Program was completed with an early decision in three investigations, two of which resulted in a determination of no violation. The advantage over summary determination is that respondents may avoid the expense and uncertainty of discovery and motions practice, and receive dismissal in a fraction of the time. COMPLAINANTS BENEFIT

Complainants can also benefit by remaining vigilant of their claims during pre-institution review. By the time a complaint is filed, a company has invested substantial time and money to develop a legal theory and assemble a detailed complaint and exhibits. Given strict pleading requirements and some frequency of respondent default, every

sion not to institute an investigation, in which the ITC cited the deficiencies disclosed to the complainant three weeks earlier. Though the circumstances preventing supplementation of the complaint are publicly unknown, the transparency, predictability and opportunity to cure afforded to the complainant reinforces the impact of the OUII’s review. In addition to supplementation following OUII review, the ITC permits a complainant to amend a filed complaint for any reason prior to institution of an investigation. Except in circumstances involving information learned from respondents or third parties, complaint amendment to add respondents, unfair acts or remedial requests are rarely granted. Circumstances in Flash Memory Chips and Products Containing the Same, Inv. No. 337-TA-735, illustrate the benefit of continued diligence during

Respondents are uniquely situated to assist the ITC in determining whether a complaint should be investigated. complaint must be drafted with sufficient specificity to enable relief without further briefing or evidence. Thus, while the 30-day pre-institution period can frustrate eager complainants, it presents opportunities to cure potential weaknesses that might prevent complete relief, through OUII review and unilateral complaint amendment. OUII review of a complaint systematically occurs after a complaint is filed. As part of its evaluation, the OUII may request that allegations be supplemented or amended after indicating, at a minimum, perceived legal or factual deficiencies. Most complainants comply with these requests; but in Electronic Hand-Held Pulse Massagers and Components Thereof, the complainant failed to respond adequately to the OUII’s request for supplementation of importation allegations central to a Section 337 violation. This failure foreseeably led to a deci-

pre-institution review. The complaint named several respondents, but lacked sufficient support for its importation allegations against three of them. The ITC instituted an investigation against all but those three. When the complainant subsequently moved to amend its complaint to add the three companies with additional, publicly available importation facts, the presiding judge found no good cause for amendment. In denying the motion, the judge prevented the complainant from seeking relief against the three companies in that investigation. The timing of the motion to amend, filed two weeks after the investigation began, and public availability of the supplemental facts, suggest that the complainant could have supplemented its complaint during pre-institution review or asked the ITC to postpone institution until it could supplement with additional support. In other words, the pre-institution period presented a short

window for bolstering the complaint without the risk and expense of motions practice. KEY TAKEAWAYS

The ITC rarely decides not to investigate a complaint. However, the pre-institution review period creates a small window of opportunity for respondents with strong dismissal arguments to present them early and avoid or reduce the expense of ITC litigation. A respondent’s pre-institution diligence may prompt further scrutiny of a complainant’s allegations or result in expedited adjudication of a dispositive issue. Regardless of the outcome, a respondent only stands to benefit from conducting a substantive evaluation of the allegations against it immediately after a complaint is filed. Complainants should also remember to use the 30-day pre-institution period to monitor their allegations and respond definitively to potential pleading deficiencies. Maintaining such post-filing vigilance increases the likelihood that an investigation will be instituted and its scope will be commensurate with the complainant’s requests. The Federal Circuit’s decision in Amarin Pharma, Inc. and Amarin Pharmaceuticals Ireland Ltd.’s appeal of the ITC’s dismissal in Omega-3 Products will confront its predecessor court’s deference in Syntex Agribusiness, and shed light on what the word “shall” requires the ITC do. ■

Asha Allam is a partner at Adduci, Mastriani & Schaumberg LLP. She is an intellectual property and international trade attorney focusing on Section 337 investigations of unfair competition before the United States International Trade Commission (ITC). She has represented domestic and foreign clients appearing as complainants or respondents before the ITC in a broad range of industries. allam@adduci.com

TODAY’S GENER AL COUNSEL SPRING 2018

Cybersecurity

Privacy and Cybersecurity continued from page 33

On the legal side, it is important to combine the review of written policies and procedures with interviews of relevant individuals within the business who have been tasked with information security. This may provide some insight as to whether the target is complying with its own policies, or whether there are compliance gaps. In addition, it may

diligence; once completed, it is helpful to have a thorough discussion about your team’s findings regarding the target’s privacy and cybersecurity practices. At this time, you can apprise the team of any risks identified, as well as whether the target is falling short of meeting its regulatory or other legal obligations. Now is the time to discuss the potential exposure associated with past non-compliance or security incidents, including anticipated costs involving regulatory inquiries or class-action

Using the knowledge from the initial sweep, ask specific questions about whether the target may be collecting certain types of regulated information. be helpful to query whether the target has enlisted the assistance of third-party vendors to conduct risk assessments or penetration testing. Although such reports may be useful in identifying any material issues with the target’s information technology systems, it is important to work with your IT diligence team to the extent that the transaction requires a detailed look at the target’s security controls. This is also the time to get information about any security breaches or material security incidents that the target has suffered. It is vital to get details about the causes of such events, any mitigation measures taken at the time, any required individual or regulatory notification, and whether there have been any regulatory inquiries or lawsuits stemming from the incident. Similarly, it is helpful to get background on any other complaints, regulatory inquiries or lawsuits related to the target’s information practices generally, which can provide insight into whether there is the potential for future legal exposure. MAP OUT MITIGATION

It is important to keep in close contact with the business team while conducting

lawsuits. This may also include an assessment of how much your company will need to invest in the target to bring its privacy practices and data security measures in line with legal and contractual obligations. The mitigation phase will also likely involve an examination of ways your organization can protect itself against liability for the target’s pre-closing privacy and cybersecurity issues. Generally, such mechanisms may include escrow accounts and special indemnities for legal violations and other issues identified during diligence, and representations and warranties insurance for issues not identified that come to light post-closing. In addition, your organization may have coverage if the target has or had a privacy- and cybersecurity-focused insurance policy in place during the relevant period of time. The terms of such policies (including change of control provisions) should be examined carefully by counsel with requisite background. You should also work closely with your business team to understand any deal-related sensitivities, and determine how to best approach the identified privacy and cybersecurity issues with the target. Focusing some time and effort to

draw a roadmap at the front end of the diligence process can help identify and address serious privacy and cybersecurity risks that may impact the deal. There are three key concepts that may help you create your own diligence framework. First, keep in close contact with your business team to understand its risk tolerance, and the potential measures that may be available to mitigate identified risks. Second, incorporate internal privacy counsel into your legal team early in the process — or seek outside counsel if you don’t have a specialist in-house — to assist with initial diligence and provide insight into any significant areas of risk that need to be communicated to your business team. Third, work with your team to understand how the target collects, uses and secures its information, and use this knowledge to provide a full-risk picture to your business team. Every corporate transaction is different, and a solid roadmap will help you navigate the twists and turns that come with privacy and cybersecurity diligence. ■

Sheryl Falk is a partner and litigator in the Houston office of Winston & Strawn LLP. She is co-leader of the firm’s Global Privacy and Data Security Task Force. sfalk@winston.com Alessandra Swanson is an associate in Winston & Strawn’s Chicago office and a member of the firm’s Global Privacy and Data Security Task Force. aswanson@winston.com

SPRING 2018 TODAY’S GENER AL COUNSEL

WORKPLACE ISSUES

#TimesUp By Jennifer Robinson

arvey Weinstein. Kevin Spacey. Charlie Rose. Bill O’Reilly. All powerful persons. All financially successful persons. All accused of sexual harassment and/or sexual assault over extended periods of time. And all have fallen from grace quickly and have been terminated from their jobs. Why was this allowed to go on as long as it did? Some say it is because these men were so powerful and financially successful that their employers were willing to look the other way and their victims were afraid or ashamed to say anything. Others say it is the “culture.” So what finally brought this problem to a boil in 2017? The Silence Breakers and #MeToo. As the New York Times so eloquently put it, “He said. She said. She said. She said. She said. She said.” The truth won’t be silenced anymore, and the truth has a big voice. So what does that mean for your company? In short, it means #TimesUp. It’s time to ensure that your company has a strong policy prohibiting sexual harassment in the workplace and that the policy is vigorously enforced. Now. It starts at the top. Leaders are the organization. When a leader speaks, the

Jennifer Robinson is the office managing shareholder of Littler Mendelson’s Nashville office, and co-chair of the Food and Beverage Industry Group. She counsels and defends employers on a wide range of matters, conducts high-level workplace investigations and follows up with appropriate training. jenrobinson@littler.com

organization speaks. When a leader acts, the organization acts. When leaders fail to act, the organization has failed to act. Your company’s leaders must show with words and actions that they will not tolerate sexual harassment in the workplace. Permitting a “culture” of sexual harassment is not acceptable. The organizational risks of failing to address sexual harassment include: • Adverse publicity. • Damaged reputation. • Client complaints and dissatisfaction.

• Employee complaints. • Turnover. • Loss of trained and effective workers. • Decreased morale. • High legal costs to resolve formal complaints. WHAT IS WORKPLACE SEXUAL HARASSMENT?

One form of sexual harassment is “economic harassment,” often referred to as quid pro quo. It is an abuse of power that typically involves a threat or promise of a benefit linked to sex. It

TODAY’S GENER AL COUNSEL SPRING 2018

could be obvious, such as “sleep with me and you’ll get that promotion,” or more subtle, such as “we can talk about that assignment over drinks and dinner tonight.” An important point to consider in the wake of these sex scandals is that consent is a function of power, and you have to have some power in order to give consent. The other form of sexual harassment is “environmental harassment” — unwelcome conduct based upon someone’s gender that unreasonably interferes with an employee’s job performance or creates an intimidating, hostile or offensive work environment. This often is referred to as a “hostile

Here are some steps a company can take to prevent sexual harassment: • Understand and promote your anti-harassment policy. • Distribute sexual harassment information to all employees. • Encourage a “speak up” culture of reporting. • Train everyone in the company on respectful relationships in the workplace. The last step for managing and preventing cannot be emphasized enough. Your company must set (or reset) the tone at the top. The highest levels of

Your company’s leaders must show with words and actions that they will not tolerate sexual harassment in the workplace. work environment.” It can include physical conduct, such as sexual assault, offensive or unwanted touching, kissing or groping, or extensive hugging. Environmental harassment also comes in the form of both verbal conduct (jokes, offensive or derogatory slurs/terms) and nonverbal conduct (leering, watching/sending porn or making lewd gestures).

the company must embody a respectbased workplace, and must demonstrate that it is a priority for them and for all employees. HOW TO DEAL WITH A COMPLAINT

Company policies must require management to respond to complaints. The investigation must be in good faith, treated in as confidential a manner as

View our digital edition for instant access on your tablet or desktop D IGI TA L .T OD AY S G E NE R A L C OUN S E L . C OM

possible and be thorough. A good-faith investigation constitutes a defense to any future claim and limits liability. If your company lacks the time or resources to conduct a proper investigation internally, consider outsourcing it. Two key points should be remembered when commencing any sexual harassment investigation: (1) it is dangerous to dismiss the allegations as, “it’s just another #MeToo” and (2) it is equally dangerous to act immediately and ask questions later. While the failure to conduct a good-faith investigation leaves the company at risk, there are also liability risks for unduly hasty terminations. Anonymous reports present a special problem. Many employees do not feel comfortable identifying themselves, whether they are reporting conduct directed at them or at others, but their complaints should not be discounted. Rather, they should be investigated so that companies can achieve maximum feedback on how their employees are acting. The final point to understand and embrace is that an open-door culture for complaints is smart business. Employees will likely feel more empowered to report harassing behavior in light of the #MeToo campaign, which has sparked a dialogue about inappropriate conduct. This is good! The company has the opportunity to address a complaint head-on, end any inappropriate behavior, take action, protect employees and elevate the organization’s culture. ■

SPRING 2018 TODAY’S GENER AL COUNSEL

THE ANTITRUST LITIGATOR

Antitrust and Exclusive Dealing By Jeffery M. Cross

n exclusive dealing agreement restricts a distributor or retailer to selling only the products or services of a specific manufacturer or producer. Many of my clients that manufacture or produce goods or services sold through distributors or retailers ask me about the antitrust ramifications of exclusive dealing restraints. Exclusive dealing is a common restraint in many industries. Franchisees of hamburger chains do not sell the hamburgers of competing chains. Gas stations selling a brand of gasoline do not sell multiple brands. Agreements in these industries contain exclusivedealing restrictions. Exclusive dealing can take many forms. One form is a requirements contract where a distributor or retailer agrees to take all of its requirements from a single source. Another form is a market share discount or rebate agreement. A manufacturer agrees to discounts or rebates if a buyer agrees to buy certain percentages of its needs from the manufacturer. The Rule of Reason applies to vertical exclusive dealing restraints. This is because there are several plausible pro-competitive justifications. From

Jeffery Cross is a columnist for Today’s General Counsel and a member of the Editorial Advisory Board. He is a partner in the Litigation Practice Group at Freeborn & Peters LLP and a member of the firm’s Antitrust and Trade Regulation Group. jcross@freeborn.com

the buyer’s side, exclusive dealing assures supply, affords protection against increases in price, enables long-term planning, and obviates the expense and risk of storage in the quantity necessary for a commodity having fluctuating demand. For the supplier, exclusive dealing restrictions make possible substantial reductions in selling expenses, give the

seller protections against price fluctuations, and offer the possibility of a predictable market to a new entrant to whom it is important to know its capital expenses. They can help a seller trying to gain a foothold in a market protect against counterattacks by the incumbent, and protect against free riding on the marketing promotions of the manufacturer.

TODAY’S GENER AL COUNSEL SPRING 2018

Exclusive dealing can have anticompetitive effects. Through exclusive dealing, a manufacturer may be able to prevent a rival manufacturer or new entrant from having access to distributors, and thus access to customers. Even if the limitation on access is not absolute, the arrangement may prevent access to a large enough portion of the market to deprive rivals of the economies of scale necessary to compete. Or the exclusive

shifts back to the plaintiff to show that the justifications do not fit the facts of the case, or that they are not cognizable under antitrust laws. A plaintiff could also attack the defendant’s justifications as not necessary to achieve the procompetitive purposes, or more restrictive than necessary. If the defendant’s justifications withstand these challenges, the plaintiff has the ultimate burden of persuasion

antitrust court has held that exclusive dealing contracts terminable in less than a year are presumptively lawful. Of course, the length of time that an exclusive dealing contract will be deemed to raise anti-competitive concerns will vary with the industry. Similarly, the ease of termination by a distributor or retailer of an exclusive dealing contract is another test of whether foreclosure poses an anti-

The ultimate concern of exclusive dealing is that it allows a dominant manufacturer or supplier to raise prices or restrict output because rivals are unable to compete. dealing arrangement could block a rival’s access to inputs, distributors, or even customers, so as to raise the rival’s costs and make it less able to compete. The ultimate concern of exclusive dealing is that it allows a dominant manufacturer or supplier to raise prices or restrict output because rivals are unable to compete effectively enough to blunt the dominant manufacturer’s efforts to raise prices or reduce output. RULE OF REASON

The modern approach in applying the Rule of Reason to exclusive dealing restraints is a step-wise, burden-shifting approach. The plaintiff has the initial burden to show a prima facie case of anti-competitive effect. The plaintiff can do so by direct evidence of an increase in price or decrease in output. Or the plaintiff can do so indirectly by defining a relevant market and showing high market shares and barriers to entry. A high market share infers market power, which in turn infers anti-competitive effects. If a plaintiff is successful in establishing a prima facie case of anti-competitive effect, the burden shifts to the defendant to proffer plausible pro-competitive justifications. If the defendant does so, the burden

to show that the anti-competitive effects outweigh any pro-competitive benefits. For an exclusive dealing restraint to have an anti-competitive effect, a rival must be foreclosed from access to distributors, an input or customers. Historically, foreclosure was the critical test of exclusive dealing. The threshold for when foreclosure creates an inference of anti-competitive effect is not well established, however. Some courts and commentators suggest any foreclosure below 40 percent is unlikely to have an anti-competitive effect. Foreclosure is still important under a modern Rule of Reason approach, but as a “screen” to exonerate an exclusivedealing restraint. Use of foreclosure as a screen to exonerate exclusive-dealing agreements generally has three aspects: (1) is the duration of the exclusive dealing restriction limited? (2) is the exclusive dealing agreement easily terminable? and (3) are there alternative methods of distribution? All three aspects of foreclosure suggest that rivals are not really foreclosed from competing. DURATION IS KEY

Although there is no bright line test regarding the duration of an exclusive dealing arrangement, one prominent

competitive risk. One oft-cited decision held that an exclusive-dealing contract terminable by distributors on 60-days’ notice did not pose an anti-competitive risk. Another court held that an exclusivity clause terminable on 30-days’ notice would be close to a de minimus restraint. The factors of short duration and ease of termination reflect the idea that rivals are free to compete to contract with distributors and retailers. In this regard, courts have held that competition for an exclusive dealing arrangement may constitute a vital form of rivalry that the antitrust laws should encourage and protect. Finally, another consideration in determining whether an exclusive dealing arrangement poses anti-competitive risks is whether there are alternative methods of distribution. Such alternative routes would eliminate any foreclosure effect. Of course, implicit in this analysis is the question of whether the alternate form of distribution will be sufficient to blunt any efforts by the dominant competitor to exercise market power by raising price or reducing output. ■

SPRING 2018 TODAY’S GENER AL COUNSEL

A New Weapon for Creditors in Europe BY JEF KLAZEN, ANDREW STAFFORD, REBECCA HUME, D. FARRINGTON YATES AND JAMES P. BOOTH

ince January 2017, certain claimants and judgment creditors domiciled in 26 European Union (EU) member states enjoy access to a new weapon in the fight against evasive debtors. Under Regulation (EU) No 655/2014, creditors can apply for a European Account Preservation Order, or EAPO, to freeze a debtor’s bank accounts across Europe. The regulation simplifies European cross-border asset preservation by introducing a standardized application process, backed by automatic recognition across the 26 EAPO member states to which the regulation applies. Although the United Kingdom and Denmark have opted out of the framework, judgment debtors resident in those countries are not insulated to the extent that they hold bank accounts in any of the other member states. For cases that satisfy the requirements discussed below, consider deploying an EAPO at the earliest opportunity. The potential commercial benefits of the new EAPO regime are obvious: Get more done, faster and at a lower cost. But the EAPO will not always be the tool of choice, as a jurisdiction’s domestic

TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL SPRING 2018

Jef Klazen is an attorney at Kobre & Kim LLP, focusing his practice on international enforcement of judgments and arbitration awards, as well as related cross-border asset tracing and recovery. jef.klazen@ kobrekim.com

Andrew Stafford QC is an English barrister and Queenâ&#x20AC;&#x2122;s Counsel with Kobre & Kim LLP. He represents corporations, hedge funds and high-net-worth individuals in complex, high-value litigations spanning multiple jurisdictions. andrew.stafford@ kobrekim.co.uk

Rebecca Hume is a lawyer at Kobre & Kim LLP. She handles international judgment enforcement, fraud and asset tracing, insolvency litigation, complex commercial disputes, and joint venture and partnership disputes. rebecca.hume@ kobrekim.ky

SPRING 2018 TODAY’S GENER AL COUNSEL

D. Farrington Yates is a bankruptcy lawyer with Kobre & Kim LLP who focuses on complex, crossborder insolvencies and restructurings. farrington.yates@ kobrekim.com

laws may offer more appropriate relief. Selecting the best weapon requires careful thought; and to best use the new regime, creditors should seek advice from strategic and legal experts in cross-border enforcement.

Eapo Supplements Domestic Relief Although individual EU member states had already provided protecJames Booth is an tive measures, English barrister obtaining preservawith Kobre & Kim tion orders across LLP who focuses on Europe could cross-border commercial litigation. His often be complex, experience includes cumbersome and disputes related to expensive. The EU financial products recognized that and services, insolthe conditions vency proceedings and United States for granting this regulatory enforcetype of domestic ment matters. relief — and the james.booth@ speed at which kobrekim.co.uk that relief could be implemented — varied considerably among member states, and resolved to tackle the problem. The EAPO is the intended solution: It supplements — rather than replaces — existing domestic relief. Parties will still have access to conventional enforcement tools in cases for which the EAPO is not a good fit. An EAPO prevents dissipation of a specified amount of money from a debtor’s bank accounts, pending the enforcement of an achieved or likely judgment. The nationality and domicile of the debtor does not matter: The EAPO affects the bank account itself. As a consequence, debtors domiciled in the United States, for example, may still be vulner-

able to an EAPO in the event that bank accounts are located within an EAPO member state. EAPOs can freeze funds in bank accounts in the debtor’s name or (to the extent possible under domestic law) held on his or her behalf. The creditor must satisfy the court that a bank account in a third party’s name is being held on the debtor’s behalf. Once issued, all EAPO member states automatically recognize the EAPO. An applicant may apply once to freeze funds held in accounts across the EAPO member states. Importantly, an EAPO application does not prevent a creditor from applying for comparable domestic relief as well. But a creditor cannot apply for multiple EAPOs against the same debtor with respect to the same claim. Although it might sometimes be sensible to seek an EAPO in addition to domestic relief, the creditor must ensure that the restraint obtained is neither duplicative nor excessive. Obtaining an EAPO Applications are made ex parte on a standardized paper form and are usually determined without an oral hearing. The application process’s administrative nature may improve consistency among the EAPO member states and help minimize costs. The framework sets fixed time limits (measured in days) by which the courts in EAPO member states must consider applications and issue EAPOs. In theory, it should not matter whether an application is made in Germany or Greece; all EAPO applications are equal under the regulation. The regulation also standardizes requirements for granting an EAPO: There must be an “urgent need” for an EAPO and a “real risk” that, without the preservation measure, “subsequent enforcement of the creditor’s claim against the debtor will be impeded or made substantially more difficult.” If the creditor applies for a prejudgment EAPO or applies before substantive proceedings are filed, the court must be

satisfied that the creditor’s underlying claim is “likely to succeed.” In the latter case, if the court issues an EAPO, the applicant must commence the substantive claim within 14 days of the order or 30 days from the date of lodging the application, whichever is later. There will be a premium on preparing a convincing and developed case on the papers to ensure that the prejudgment threshold is crossed while, at the same time, preserving the sense of urgency. Courts will normally grant prejudgment EAPOs on the condition that the creditor provides security to ensure that a debtor would be compensated for any damage suffered from a wrongly issued EAPO, and to deter abuse of the framework. There will likely be significant variations in the amounts of security ordered among the EAPO member state courts. Over time, as more EAPOs are issued, variations may become smaller, or at least more predictable. If the creditor doesn’t know where a debtor’s bank accounts are located, then on the application of the creditor, the court may ask for assistance from the designated “information authority” (e.g., a minister or governmental office) of the EAPO member state(s) in which accounts are suspected to reside (an “Article 14 request”). Through mechanisms made available under domestic law, the information authority will obtain sufficient information about the debtor’s bank(s) and account number(s) as to make an EAPO effective and deliver its findings back to the requesting court. The account information is provided only to the court, protecting the debtor from disclosure of personal data to the creditor through the back door. This mechanism is available only where the creditor has already obtained an enforceable judgment or, in exceptional circumstances, where the creditor has obtained a judgment that is not yet enforceable. Upon receipt of the account information from the information authority, the court will issue the EAPO. To shield the debtor’s information from the creditor, the order will not identify account

TODAY’S GENER AL COUNSEL SPRING 2018

numbers but will state instead that the account information was obtained pursuant to an Article 14 request. If the court is unable to identify the account itself, it will direct the target bank to obtain the necessary details from the information authority. A fixed 30-day moratorium, starting when information is provided to the information authority, prevents the debtor from being informed that personal data

Certain statements in the regulation and its preamble, however, suggest that it may not be possible. This uncertainty is likely to be clarified by the courts in future litigation. The enforcement landscape thus remains unchanged for creditors domiciled in the United States and possibly for judgments rendered there. Creditors will need to avail themselves of whatever asset discovery and preservation

If the creditor applies for a prejudgment EAPO, or applies before substantive proceedings are filed, the court must be satisfied that the creditor’s underlying claim is “likely to succeed.” has been disclosed. Although the regulation does not specify on whom this moratorium is binding, presumably it binds not only the information authority but also the bank that has disclosed the account information. Might Not Be The Best Tool The EAPO is no panacea. It is only available for applicants domiciled in one of the EAPO member states, and can only bind bank accounts located within such states. For example, a creditor may obtain an EAPO if its principal place of business is in France, but not if its principal place of business is in the United States. Furthermore, relief is not available in respect to arbitral proceedings, nor can it be granted in support of certain disputes, including all claims against a debtor whose bankruptcy proceedings have commenced.The regulation does not expressly consider whether an EAPO can be obtained in support of a judgment that was originally issued by a court of a non-EAPO member state, but was subsequently recognized by the court of an EAPO member state.

tools are available under the domestic law of individual jurisdictions. Despite being a relatively complex instrument, the regulation defers to domestic law for internal procedures relating to the enforcement and implementation of an EAPO. Some fragmentation between EAPO member states will inevitably remain as to how quickly and effectively an EAPO can be enforced. One area of likely fragmentation is how effectively EAPO member states comply with an Article 14 request, as the compliance mechanism is a matter left to the domestic law of each EAPO member state. However, the regulation does require each member state to make available in its domestic law an effective and efficient method for obtaining the requested information, including but not limited to (1) compelling the banks to provide the requested information to the information authority; (2) providing the information authority with direct access to a database of account holders; or (3) compelling the debtor to provide the requested information to the information authority, accompanied by an in personam order prohibiting the

withdrawal or transfer of funds pending the EAPO. There will be significant differences in the speed, practicality and cost of the three proposed mechanisms. Therefore, certain jurisdictions may develop reputations for either inefficiency or efficiency, depending on which mechanism they deploy. For EAPO member states electing debtor compulsion (the third method listed above), there is an obvious risk that Article 14 requests will alert the debtor to the likely imminence of EAPOs or other asset-preservation measures arriving in other jurisdictions. Similarly, because under the regulation, domestic law dictates the amounts exempted from preservation for, e.g., living costs — and even sanctions against banks for non-compliance with an EAPO — jurisdictions may develop reputations as potential “EAPO safe havens” for delinquent debtors. The EAPO has the potential to save certain creditors time, effort and costs; and it represents a welcome step in better harmonizing European protective measures. However, it is far from a perfect solution, and certain features may cause new fragmentation across the EAPO member states. The measure is likely to prove a blunt instrument for cases involving low account balances or assets concentrated in a small number of jurisdictions. Therefore, creditors should always give careful consideration as to whether the EAPO is the best tool for the job, and seek advice as to whether deployment of domestic measures is more appropriate in their circumstances. ■

SPONSORED SECTION

Is the Government Your Friend or Foe When a Data Breach Occurs? By Samantha Green, Esq.

our organization has just been hacked. Precious information has just been stolen. This is theft and you are the victim. Should your immediate reaction be to call the appropriate law enforcement authorities or do the opposite and keep the incident close to your corporate chest? While the benefits of immedi-

ately involving the proper authorities often outweighs the risk, there are also compelling reasons for companies to choose to keep a major breach out of the hands of the government. This piece will explore both sides of a data breach response plan to determine a course of action that best helps your

company mitigate the damage, while protecting sensitive information swiftly and effectively. FIVE REASONS TO INVOLVE THE GOVERNMENT IN A DATA BREACH

1. It is a Regulatory Requirement Many organizations have the FBI or other local government authorities on speed dial as part of their breach protocol. One reason they include the government in their incident response plan is that many industries have a regulatory requirement to involve the feds as soon as a breach is recognized. While there isnâ&#x20AC;&#x2122;t a national data breach law, research your stateâ&#x20AC;&#x2122;s law on whether you need to notify a government agency and/or those whose personal information has been compromised by the breach. Some industries, such as healthcare and financial services, may have notification requirements under the Health Insurance Portability and Accountability Act (HIPAA), or through regulatory agencies including the Securities and Exchange Commission (SEC). If your organization has to abide by a state or regulatory requirement, getting to know your local law enforcement authorities ahead of time may help companies feel more prepared and comfortable handing over network control when a breach occurs. It also builds a mutual trust between your IT department and their team. Having an ongoing relationship with the authorities allows you to expose them to your networks and provide information about your security systems so that when you are in crisis mode, they can jump right in to solve the problem with less handholding. 2. They Have Specialists Trained to Handle Hackers Federal authorities have specialized tools and personnel to deal with mega-sized breaches and detect the source. Since the government is constantly monitoring how hackers work, they are aware of patterns that can help your organization predict what to expect next so you can adjust your plan accordingly.

3. It Helps the Public at Large There a benefit to the common good when the authorities are involved. The more breaches authorities see, the better they can start to detect patterns, compile information that can lead to arrests and possibly prevent future attacks. 4. The Government Can Find Hackers in Dark Places Stolen data from your networks may appear for sale on some underground forums, like the dark net, which are always under surveillance by the authorities. These are not locations you want to be trolling around, so it is best left to the experts. When the authorities are involved and know your information, they may be able to detect the stolen information, and ultimately find those that attacked your organization’s network. 5. It’s Required by your Company’s Insurance Policy Finally, before putting your data breach procedures into place, make sure you look at your cyber insurance policy. Many policies mandate that certain authorities be contacted immediately after a breach is detected or the policy is nullified. If you know in advance that your organization prefers to handle breaches without government intervention, consider negotiating with your insurance carrier upfront to exclude this requirement. FIVE REASONS NOT TO INVOLVE THE GOVERNMENT IN A DATA BREACH

While there are many good reasons to call the authorities, there are also legitimate motives for handling a breach internally. 1. Your Company’s Confidential Information is Exposed If the government is involved, they will need to gain access to your systems to search for evidence. This means they now have access to all of your data, including confidential data and documents you may not want other regulatory government authorities to know about. While that data is not supposed to be shared between

those responding to a breach and regulatory bodies, no company wants anyone in the government viewing data that is not meant for their eyes. 2. Attorney/Client Privilege May be at Risk With access to all of your company’s data, there may potentially be a compromise of documents carrying the attorney/client privilege. This could be resolved if you have an agreement with the authorities before a breach, but it’s an important factor to take into consideration before handing over your network. 3. The Government’s Role is not Defined The U.S. government made a policy choice to give organizations principal responsibility for responding to cyberattacks. Therefore, when the government is involved, their duty to assist the organization is not clearly defined. There will need to be a discussion during a time of crisis to understand their function and plan of action, when heads aren’t always cool. This often leads to valuable time being lost ironing out the roles and responsibilities. It also takes a lot of trust to hand over the keys to the company’s data vault, so without knowing exactly what the government will be doing, your IT team may be reluctant to let them in.

The government decides if/when to prosecute which could bring public attention to the breach. Publicizing a breach may result in future civil litigation or additional government investigations. While there is no right or wrong answer, your data breach response plan should detail if the government is your first call or on the Do Not Call list. No matter which way you proceed—or who is involved—a successful data breach response comes down to outlining a clear course of action with defined roles and responsibilities. With so much at stake and the clock ticking, you can’t afford to waste precious time sorting out who to contact and when. Before a breach occurs, identify the appropriate team of experts that are trained to quickly secure your network, fix the issues, and prevent the spread of sensitive information and more data breaches.

Samantha Green serves as the Manager of Thought Leadership for Epiq. In this capacity she serves as a subject matter expert on all aspects of electronic discovery, data privacy and litigation readiness, drawing on her more than 15 years of litigation and consulting experience. Samantha has published numerous articles and whitepapers, and

4. Compromised Time & Resources Along with not having a defined role, each organization’s IT infrastructure is different. It is complicated for an outsider to delve right into a very developed, unfamiliar web of servers and networks. In order to take the wheel to investigate a breach, it takes significant time and resources to get the government up to speed, which actually may take resources away from dealing with the breach. 5. Loss of Company Control One of the most compelling reasons not to involve the government is that if they get involved, you may lose the ability to control the investigation and keep it quiet.

has authored chapters for ABA, Inside Counsel and West publications. She has spoken nationwide and provided more than a hundred CLEs on topics relating to eDiscovery, ligation readiness, international data privacy, cybersecurity and the Federal Rules. sagreen@epiqglobal.com

TODAY’S GENER AL COUNSEL SPRING 2018

RESOURCE ALIGNMENT IS A BIG LAW DEPARTMENT CHALLENGE BY LAUREN CHUNG

t is no surprise that cost control was ranked as the top challenge facing law departments, according to the 2017 HBR Consulting Law Department Survey. In the midst of cost pressures and increasing legal demand, the survey indicates that law departments have risen to the challenge and are effectively managing their spending. As a result, today’s law departments are keeping total legal spending flat. So, how did they do it? The survey shows that law departments took active measures to control outside counsel costs and focused on building capabilities to handle more work in house. The top three methods for effective management of outside counsel costs are implementing alternative fee arrangements, enforcing billing guidelines and keeping work in house. Applying more rigor to the management of outside counsel has become instrumental for law departments. They are demanding accountability and transparency from their law firms, which has led to tighter budgeting, thoughtful planning and regular communication. However, what stands out among the top outside counsel cost control methods is the practice of keeping work in house. The 2017 survey indicated that handling legal work in house yields the most cost savings for law departments. Over recent years, there has been increased emphasis on leveraging internal resources to change the legal service delivery model in a way that drives operational efficien-

cy and controls costs. This method has proven successful in driving efficiency. RESOURCE ALIGNMENT

As law departments face rising legal demands and cost pressures, general counsel find themselves challenged to allocate resources in a more cost effective and efficient manner. Many law departments lack a formal process or strategy to properly align work with appropriate resources. As a result, senior-level attorneys often spend a significant portion of their days performing administrative or lower value tasks instead of focusing on more strategic work. Resource misalignment creates challenges for the law department including: • Lower productivity: When the skills and expertise of the internal resources are not properly aligned and leveraged, it directly impacts the department’s productivity level. Attorneys have less time to focus on work that best utilizes their skills and advances the strategic goals of the business. • Higher legal costs: There is a direct cost impact associated with inefficient resource allocation. Analyzing the time spent by senior attorneys on work that is low risk and more complex typically reveals substantial cost incurred by the law department. • Poor employee engagement: Effectively managing legal talent is foundational to the success of an continued on page 53

Lauren Chung serves is a managing director at HBR Consulting LLP. She leads the Law Department Advisory practice and works with general counsel and law department leadership on strategic, process and operational improvement initiatives. She publishes and speaks regularly on law department management best practices and the use of metrics to demonstrate the value of the legal function. LChung@ hbrconsulting.com

SPRING 2018 TODAYâ&#x20AC;&#x2122;S GENER AL COUNSEL

Business Continuity Plan By Kevin Collins and Jason Hutt

TODAY’S GENER AL COUNSEL SPRING 2018

for the Legal Department

an your legal department meet the company’s needs during an emergency? What if the emergency involves access to your computer networks during a cyber incident, lack of access to your office during a natural disaster or a pandemic that sidelines most of your legal team? During any of these events, the business line will be calling to seek information about data breach disclosure requirements, to seek a review of contracts for force majeure, or to find out whether the diligence on an important business transaction is complete in time for closing. This combination of external threat and its impact on the legal department’s ability to meet its mission and sustain its business processes during and after a significant disruption is at the heart of business continuity planning. Unfortunately, many companies, and many more legal departments within those companies, have not developed an effective business continuity plan (BCP). Often a BCP gets included in an alphabet soup of resilience programs led by the Chief Information Officer (CIO), such as continuity of operations (COOP), critical infrastructure protection (CIP), disaster recovery plan (DRP) and information system contingency plan (ISCP). For lawyers, the acronyms are enough to make your head spin. Most of those programs are about technological resilience and appropriately led by the CIO. However, the legal department

needs its own BCP, so you know how your team will continue to function during an emergency.

SUSTAINING CRITICAL FUNCTIONS

Continuity planning includes developing the ability to continue critical functions and processes during and after an emergency event. One standards organization defines continuity as “strategic and tactical capability, pre-approved by management, of an organization to plan for and respond to conditions, situations, and events in order to continue operations at an acceptable pre-defined level.” A BCP focuses on sustaining an organization’s mission and business processes during and after a disruption. In this case, the “organization” is the legal department. Four major steps are required for establishing a BCP: (1) risk assessment, (2) business impact analysis, (3) resources/ needs assessment, and (4) business continuity plan. The first step is to conduct a proper risk assessment. This includes identifying internal and external threats that might impact your department’s ability to meet its objectives. For example, catastrophic flooding, tornadoes, fire, active shooter, computer virus, earthquake or other potential threats. You will need to brainstorm a list of threats and then review it in light of probability of occurrence. Although probability is a mathematical concept, frequency rather than probability could be used to describe the risk. Consider the recent

Continuity planning includes developing the ability to continue critical functions and processes during and after an emergency event.

Kevin Collins is a partner at Bracewell LLP. He is a former Assistant United States Attorney, who specializes in corporate responses to major catastrophic accidents and natural disasters. Kevin has focused on process safety since he assisted the Baker Panel in investigating and issuing its report on safety culture and corporate oversight of British Petroleum’s North American refineries in 2005. kevin.collins@ bracewell.com

Jason Hutt is chair of the environmental department at Bracewell LLP. His advice and advocacy are informed by a technical understanding of how energy and key industrial sectors operate, as well as the challenges clients must navigate to achieve their business objectives. jason.hutt@ bracewell.com

SPRING 2018 TODAY’S GENER AL COUNSEL

frequency of “500-year rainfall events” in Houston. The city has experienced three such events in the last three years. An effective (and updated) legal department BCP would prioritize the risk of flooding in the risk assessment section. The second step, business impact analysis, is to determine what impact each

These assessments require coordination with the information technology department and lead to the next step.

ASSETS REQUIRED TO FUNCTION

The resources/needs assessment involves identifying the assets the legal department needs to function. These resources

and how the legal department will meet its resource needs during an incident. The BCP should also define levels of functional service over pre-defined time frames such as 2 hours post incident, 24 hours, 48 hours and 96 hours. Providing this information in simple tables and charts rather than in a densely

An effective plan will include discussion of how the legal department will meet its resource needs during an incident. of these threats might have on the legal department’s operations. This includes:

• Identification of your critical business assets (for legal departments, that is often your legal team); • Functions (the services your team provides the business line); • Processes (how the legal department operates); and • Resources (software systems, phone lines and hard copy backups of critical documents). An effective business impact analysis will review: • How the loss or damage will manifest itself; • The degree for potential escalation of loss over time after the initial incident; • The minimum services and resources needed to enable business processes to continue to operate at a minimum acceptable level; and • The time frame for when the legal department’s activities, functions and services will be fully recovered. Key aspects during the business impact analysis step are defining the minimum service level the legal department can provide — both in terms of functions and timing — and estimating how long it will take to get back to full functionality after the initiating event.

can be any asset (human, physical, information, or intangible). They can be facilities, equipment, or other materials. The assessment requires coordination and input from information technology, facilities, and other departments within the company. For these interactions to work well, the legal department requires a clear picture of its needs. For example, does the business line need the legal department to review contracts for force majeure clauses to suspend commercial responsibilities during a natural disaster? If so, then accessible electronic or hard copy backups of commercial agreements are the priority. (Remember, the hypothetical situation is that the natural disaster has impacted the legal department’s normal access to these documents.) Alternatively, are court notifications in multiple jurisdictions important? If so, then secondary communication strategies or automatic notification systems to specific third parties may be warranted. In every instance in which the legal department is directly impacted, you will want to know whether there are backup email servers in other geographic locations, whether there is a simple webmail application for basic communication, and whether there are alternative data servers for specific key documents. After the first three steps are completed, your team is ready to draft the BCP. An effective BCP will include discussion of risk, impact, resource needs

written report will be more useful during an emergency. Once drafted, the legal department should test the BCP through an annual tabletop exercise and record successes and possible areas for improvement. Between 2005 and 2016, tropical storms, floods and other severe weather resulted in more than one trillion dollars in losses alone. Part of the economic losses were displacement and dysfunction of businesses. Legal departments cannot escape those problems; and they should be prepared. ■

VISIT TODAYSGENERALCOUNSEL.COM FOR THE L ATEST NEWS, ANALYSIS, AND COMMENTARY FOR GCS AND OTHER IN-HOUSE COUNSEL.

TODAY’S GENER AL COUNSEL SPRING 2018

Resource Alignment continued from page 49

in-house legal function. Keeping attorneys engaged and invested in their work results in the delivery of highquality legal services. On the other hand, resource misalignment leads to talent retention issues as well as sub-optimal outcomes. To alleviate the challenges outlined above, law departments should consider following these key steps to support resource optimization and alignment: • Understand and define the scope of work: The leadership team within an organization should first understand the scope of work handled by the legal team and the value associated with their work. To do so, it is important to identify the tasks and matters handled by the various groups within the law department. This includes determining if the work is within the scope of legal. The goal should be to shift non-legal work to the business. For legal-related tasks, a key next step is to examine the risk and complexity associated with the work. Higher risk and in-depth assignments have the greatest potential

THE GOAL SHOULD BE TO SHIFT NONLEGAL WORK TO THE BUSINESS. impact on the organization from a financial, operational and reputational standpoint, whereas low risk work has minimal or insignificant potential impact. Once the value of various assignments is understood, the law department can balance strategic priorities with efficient execution. • Leverage the right resources: The risk assessment of any given task should

determine work assignments. Work that registers as low risk tends to be more routine and suited for junior attorneys or legal support staff, because this type of work requires little to no oversight by management. Highly complex work (such as major strategic transactions) requires additional expertise, and is associated with greater costs and time to complete. Although this may seem like an obvious concept, aligning the best resources to the right work is a major challenge for law departments because many have not developed a discipline and process to support staff alignment. • Make resource alignment an ongoing process: Resource optimization is not a point-in-time exercise, but rather a continuous improvement effort. This means law departments must regularly use data, risk analysis and business planning sessions to allocate in-house legal resources to highest value functions and most cost effective usage. PROCESS AND TECH OPTIMIZATION

Although resource alignment creates a solid framework, it is the supporting processes and technology that enable law departments to achieve operational excellence. According to HBR’s 2017 survey, many law departments are distributing legal work to the appropriate internal resources while leveraging technology to decrease inefficiencies. The four key methods for keeping work in house include: • Increasing use of technology: In recent years, law departments have made healthy investments in technology. The survey showed that technology spend is currently two percent of total inside legal spending. It is important to note that there are certain technology platforms gaining notable traction. The top tools considered for implementation in the next one to two years include legal spend analytics,

contract management, artificial intelligence, document management, and eSignature platforms. Each of these tools enables law departments to be more productive in how they manage, deliver and report on their work. • Automating routine tasks: The use of eSignature is a prime example of how tasks are being automated within law departments. Significant time and effort is utilized by legal staff to support the contract approval process. eSignature automates this process and, as a result, creates time for legal staff to focus on higher level work. • Re-engineering the work process: A major challenge facing law departments is managing the intake of work. For many law departments, work comes in from many different sources — email, phone, in-person conversations, etc. Centralizing the intake process for agreements (for example, using a contract life cycle management tool) supports automated workflow and tracking. These capabilities fundamentally change the work process from intake to continuous management. • Standardizing work: Law departments should ensure consistency in the work they deliver. For instance, consider creating go-to templates and playbooks when fielding requests. In doing so, law departments can further drive operational efficiency. A thoughtful approach is needed to enable law departments to achieve operational excellence, and ultimately take more work in house. Law departments that are striving for this goal ask themselves: Are the right resources in place to ensure work is done in the most cost-effective and efficient manner? Is the legal staff armed with optimized processes and tools? By putting controls in place and answering these questions, law departments will begin to experience more efficient staffing, streamlined work processes and aligned technology that directly correlate with better cost management. ■

HOW TO GET THE BEST LEGAL SERVICES By Nancey Watson

T 54

he goal of this article is to explain how alternative fee arrangements (AFAs) can be of benefit to legal departments, and give an overview of the main types that are used. A discounted fee is not an alternative fee arrangement. According to the American Bar Association, “AFAs are not about charging more than what an hourly rate might be — they are about charging an appropriate fee, based on what value the client receives and how that client perceives value. Alternative billing should be based on what is fair and reasonable to both the client and the lawyer. Keeping track of time should be the lawyer’s measure of cost, not necessarily a measure of the value he or she is providing the clients in their legal needs.” Put another way, “Price is what you pay; value is what you get.” —Warren Buffett I interviewed Stuart Dodds, Director of Global Pricing and Legal Project Management at Baker McKenzie a while ago about AFAs and pricing. He confirmed that “the most common approach within the legal sector when determining the price of a matter is to build it from the bottom up, i.e., using a cost-based approach. Although this accurately reflects the costs incurred by the law firm themselves, this is often of little interest to in-house attorneys as they are more focused on the fee and the eventual outcome.” Market-based pricing is occurring more frequently within the legal sector, but we all know that there is no guarantee that the matters being priced are comparable. Market pricing is pricing a matter for X dollars. An example of this would be contract drafting. Some contracts are based on a template; charging for the time it would take to complete it would not be profitable, so the lawyer would charge a fixed fee for the contract. A true AFA is based on aligned goals, including risk sharing. Value-based pricing is building strong momentum within the legal community. The objective is to build a close relationship by encouraging risk/reward-sharing incentives and developing value-based compensation models that reflect the value of the

work. Both the client and the law firm agree to the work and deliverables by relating fees to the actual value delivered to the company by outside counsel. Pricing approaches vary by practice area, complexity of the project, and the familiarity the company and law firm have with the particular kind of matter(s). Often, fixed fees are applied for higher volume type matters such as immigration and some types of employment law, contracts and trademarks. For complex matters such as M&A and litigation, AFAs are more difficult to agree upon. They can usually be settled by using a mix of AFAs, such as hourly fees plus fixed fees for certain elements of the work, because parts of the engagement cannot easily be defined. They can also be tied into success fees. The key is to ensure that open dialogue takes place between in-house counsel and outside counsel in order to agree upon the approach that best aligns the fee to the value the client puts upon the work. A transparent conversation about AFAs and fees will be more successful if the general counsel and outside counsel are on the same page. Often neither party feels comfortable asking the tough questions required to avoid negative surprises. There are many questions that should be discussed: • How urgent is the matter? If it is urgent, what resources will be required and how much overtime will the law firm need? • What is the issue, and what is at stake? How complex are the legal matters that relate to the issue? What knowledge, expertise and experience are required by the law firm? • Which attorneys will be assigned to the matter, and what level of expertise will be required? What results Nancey Watson are expected, and how difficult will is President of NL it be to attain them? Watson Consulting • What risks are involved for both Inc. She is a proposal parties? What meetings, documenstrategist to a wide range of professional tation and communication will be services — global, required? Are these chargeable? VALUE-BASED AFAs

Fixed fees instead of hourly billing can be determined in different ways. There can be a monthly retainer; a charge per matter or per litigation engagement; or a charge for each phase of a single litigation, for an entire portfolio, or for all litigation matters. The advantage for legal departments includes eliminating the risk of unpredictable costs for unexpected fluctuations, and passing continued on page 59

national, mid-size and boutique, including legal departments. She will be presenting the session “Beyond the RFP: Linking Strategy and Values to the Proposal for Legal Services Process” at the Canadian Corporate Counsel National Conference and ICW World Summit, May 1, 2018. Nancey@NLWatson Consulting.com

Risks of Contractual Joint Ventures for Government Contracts BY KAY TATUM, JOHN R. PRAIRIE AND GEORGE E. PETEL

arties pursuing government contracts or grants enter into joint ventures for many reasons, including to take advantage of expertise of the other parties, access proprietary technology, qualify for a contract for which a party would not otherwise be qualified, or pool financial resources. Nevertheless, there is no uniform understanding of what a joint venture is and what its legal implications are. In particular, joint venture participants often are unaware of the legal implications of operating as a contractual joint venture, as opposed to establishing a separate

Kay Tatum is a partner in Wiley Reinâ&#x20AC;&#x2122;s Corporate and Government Contracts practices in Washington, DC. She assists clients in all phases of the transaction, from initial strategy to consummation, and has experience in a variety of public and private financing methods. ktatum@wileyrein. com

legal entity. Unfortunately, many organizations end up regretting being part of a contractual joint venture. A joint venture is an association of persons engaged in pursuing a business enterprise for profit. However, it does not necessarily indicate any particular legal form of association. Parties can associate by forming a legal entity such as a partnership, corporation or limited liability company; by entering into a written contract to create a joint venture; or by implying a contract with their actions. In any case, the legal implications of doing business as a joint

venture are determined by state law. Parties often associate by entering into a joint venture agreement because they do not want to go to the trouble of forming and maintaining a separate legal entity. However, many parties do so without fully understanding the legal implications of doing business through a contractual affiliation. Unfortunately, participants often fail to consult legal counsel regarding the consequences of a contractual joint venture until after a problem has arisen. The problem triggering the consultation routinely relates to one joint venture participantâ&#x20AC;&#x2122;s concern

John R. Prairie is a partner in Wiley Reinâ&#x20AC;&#x2122;s Government Contracts Practice in Washington, DC. He represents defense contractors in bid protest and claims litigation. He also assists small and emerging firms navigate the complex requirements of performing federal contracts. jprairie@wileyrein. com

about its liability for actions of the other participant, a desire to terminate (or withdraw from) the joint venture, or an opportunity that will be in competition with the joint venture or the other participant.

RISKS OF CONTRACTUAL JOINT VENTURES In many states, a contractual joint venture is treated like a general partnership. Each partner is jointly and severally liable for the liabilities of the joint venture. Consequently, in the event

SPRING 2018 TODAY’S GENER AL COUNSEL

that significant liabilities arise because of one party’s faulty performance, the government customer may be George E. Petel is able to recover an associate in Wiley damages from the Rein’s Government joint venture and Contracts Practice in Washington, DC. He each joint venture counsels governparticipant. By ment contractors contrast, a joint on a broad range of venture in the issues, participates in form of a limited merger and acquisition due diligence liability entity reviews and advises provides a layer clients on governof protection for ment contracts each party against issues and risks. the other party’s gpetel@wileyrein. com liabilities. In that case, a party’s liability for damages caused by the other party typically would be limited to its investment in the joint venture entity and any profits from the joint venture. General partners also typically owe each other fiduciary duties of care and loyalty. The duty of loyalty can prevent a joint venture participant from competing with the joint venture or terminating the joint venture before the purpose has been accomplished. The joint venture agreement may have specific provisions about the participants competing with or terminating the joint venture, but in states where fiduciary duties cannot be waived, a party desiring to do so would likely be faced with claims that the party’s fiduciary duties cannot be contracted away. Some states, including Delaware, allow members of a limited liability company to waive certain fiduciary duties, but other states do not.

KEY POINTS TO ADDRESS Despite the risks, sometimes organizations conclude that they prefer doing business as a contractual joint venture rather than forming a limited liability entity. In that case, they should take care to draft their joint venture agreement to minimize the pitfalls of a contractual

affiliation. Four of the most important contractual provisions to focus on are (1) choice of law, (2) waiver of fiduciary duties, (3) statement of purpose and (4) termination. Legal counsel should be consulted to see if it is feasible to choose a state law to govern the joint venture agreement that would enforce a contractual disclaimer of being general partners with each other and of being jointly and severally liable for each other’s liabilities. Legal counsel should also determine to what extent the parties may waive their fiduciary duties to each other. With a favorable choice of law and clear drafting, each party may be able to insulate itself from liabilities of the others. By waiving fiduciary duties, the parties can reduce the possibility that unexpected duties to the other joint venture party may interfere with the parties’ respective businesses outside the joint venture. The purpose clause should be narrow, such as “to submit a proposal in response to a designated solicitation, to perform the contract if it is awarded to the joint venture and to pursue other opportunities only to the extent the parties unanimously agree in writing.”

venture partner in which it has lost faith. It is easier to expand the purpose by mutual agreement if the joint venture is going well than to try to narrow the scope unilaterally in a joint venture that is going poorly. The termination clause should be clear. The term of the joint venture should expire upon the completion of performance and final closeout of all government contracts awarded to the joint venture. In addition, each party should have the right to withdraw from the joint venture upon a material, continuing event of default of the joint venture agreement by the other party. However, such a provision should be subject to a proviso that a party may not withdraw if it would result in a default by the joint venture on a contract or grant, or cause the joint venture to fail to meet its obligations under any proposal it has submitted. Such a right of withdrawal may give the non-defaulting party some leverage in dealing with the defaulting party. Government contractors and grant recipients should seek to avoid entering into contractual joint ventures under the laws of states that deem the joint

Participants often fail to consult legal counsel regarding the consequences of a contractual joint venture until after a problem has arisen. Parties sometimes want to lock in the other party, however, by providing as a purpose clause “to pursue any contract in a designated program and to perform any contracts awarded to the joint venture.” But if the first contract does not go well and one party is not adequately performing its responsibilities, the other party may find itself with the limited options of not pursuing any more contracts in the designated program, or pursuing them with a joint

venture participants to be general partners with joint and several liability. If there are compelling reasons to do so, however, participants should consult with counsel to prepare their joint venture agreement so it will not create unintended liabilities. ■

TODAY’S GENER AL COUNSEL SPRING 2018

Best Legal Services continued from page 55

the budgeting risk to the law firm. The AFA can be structured to provide an incentive for expanding the number of cases to get a volume discount. The best situations in which to consider an AFA are when a large portfolio of litigation matters is on the table, when phase-based billing is possible, and in litigation matters where client and law firm are familiar with the type of cases that arise. In a budgeted fee with a collar, the work is measured at an agreed hourly rate or fixed fee. If it exceeds the budgeted amount by an agreed upon percentage, then the company pays a percentage of the overrun. If it is less, the law firms reimburse the client. This ensures predictable legal spend, minimizes the risk of

percentage of the difference between the estimated exposure and the amount the company ultimately pays in damages or settlement, plus avoided litigation costs. A reverse contingency aligns the company’s and the law firm’s incentives in defense cases in ways that are not possible with standard hourly billing. It allows in-house attorneys to demonstrate to the law firm the impact of litigation, both in terms of exposure and legal cost to the company’s business. Reverse contingencies are well suited for large, sophisticated matters where in-house attorneys need the best possible result but are under pressure to minimize the total cost of litigation, where the law firm and company have a pre-existing relationship, and where the law firm understands the client’s business. Success fees require general counsel and outside counsel to first define what results will constitute success. For

Collars mitigate, but do not eliminate, the risk of unpredictability in the amount of lawyer time needed for a piece of litigation. unpredictable cost, and shifts some of the cost overrun back to the law firm. It requires periodic review to ensure the budget is on track. The best times to consider it are when the company needs the benefit of a fixed fee for a large, standalone piece of complex litigation or when motivation for a fixed fee is driven by a desire to minimize the time and attention needed from in-house counsel on the billing process. Collars mitigate but do not eliminate the risk of unpredictability and variability in the amount of lawyer time needed for a piece of litigation. Reverse contingencies are similar to contingency fees, but the contingent fee is based on a percentage of the amount saved for the company. It is set as a

example, this may be early resolution at or below a particular cost; winning a dispositive motion; or defending through trial but reducing the overall cost below an agreed threshold. The law firm reduces its regular fees (budgeted, hourly or flat) to share in the downside of the outcome, and receives a share of the upside. Success fees reduce expenses if the law firm is unable to deliver a successful outcome. Such an agreement focuses on defining what the company’s objectives are, so there are early, clear metrics against which performance is measured. It forces early case assessment and helps manage expectations. Higher legal spend occurs only when the law firm delivers measurable value.

Success fees are best considered when the dispute involves complex issues and uncertain levels of investment such that front-end collaboration on the company’s goals are focused on the result and when creativity and quality of outside counsel are key components of achieving success as defined by general counsel and law firm. Holdbacks are an overlay on traditional hourly billing, fixed fees or blended rates. At the outset, the in-house attorneys and the law firm agree on performance metrics against which the law firm will be measured. A percentage of the fee is “held back” by the client. The parties meet at regular intervals to assess the firm’s performance against the metrics, and the holdback amount is paid to the law firm based on this evaluation. Holdbacks can be used in connection with a specific matter, or for part or all of the company’s business with the law firm. They encourage outside counsel to share in the downside risks of litigation, with the potential for participating in the upside. The company, in turn, is better protected against cost overruns and incurring large costs for unsuccessful outcomes. It can make the decision between retaining a higher rate firm but one that is better equipped for the matter vs a lower-rate but less experienced firm more cost neutral. It allows the general counsel to demand that the higher-rate firm prove that its rates are justified by their lawyers’ expertise and experience. It requires ongoing dialogue regarding law firm performance and whether it is meeting the client’s objectives. It is best used for large matters or portfolios of matters that justify the investment, and works best where the company and the law firm have an ongoing relationship. Building a bonus into the holdbacks if certain criteria are met can further encourage the law firm to commit to the process of defining and evaluating performance and value. ■

TODAY’S GENER AL COUNSEL SPRING 2018

LEGAL DEPARTMENTS LE AD INDUSTRY-WIDE CHANGE BY MERRY NEITLICH

or more than 25 years, internationally renowned legal futurist Richard Susskind has been researching and opining on alternative ways law firms might work best with their clients. All his books, lectures and keynote addresses have driven home the point that law firms must change from the traditional billable hour and become more focused on service delivery based on client preferences — creating better efficiencies, using more technologies and offering predictability. During that same time frame the feeling grew that law firms were calling the shots — continuing to bill primarily by the hour, grudgingly discussing alternative ways of delivering their services, then raising their hourly rates annually. From the legal department’s vantage an hourly fee-based model does not encourage true partnering because it focuses on profitability for law firms. However, creating alternative fee arrangements generally turns out to be disappointing as well. In-house counsel want predictability as well as efficiencies not available by the billable hour. About five years ago, a group of in-house counsel from large corporations started to meet informally. They

expressed specific frustrations with how their departments were run and surfaced issues surrounding the way legal services were being delivered by law firms. They agreed that legal departments owned a fair share of blame for inefficiencies because they didn’t know how to create an easier and more productive way to work. They started to share information, processes and technologies such as e-billing, e-discovery and knowledge management. In addition, they discussed how they might work with outside law firms to minimize costs, frustrations and repetitive tasks. They expressed a unanimous desire for law firms to approach them about what would make delivery of services better for the client. These leaders became the founders of the Corporate Legal Operations Consortium (CLOC). They included Connie Brenton from NetApp, Mary O’Carroll from Google, Jeff Franke from Yahoo, Christine Coats from Oracle, Lisa Konie from Adobe, Steve Harmon from Cisco and Brian Hupp from Facebook. In 2016, CLOC incorporated as a nonprofit trade association. Since then it has grown to include over 1200 members, 600 member companies and

ALTERNATIVE FEE ARRANGEMENTS GENERALLY TURN OUT TO BE DISAPPOINTING AS WELL.

Merry Neitlich is the founder and managing partner of EM Consulting. She assists law firms and corporate legal departments in creating strong legal operations programs, and conducts internal client feedback interviews with executives and other clients of the legal department in order to continuously improve internal client satisfaction. merry@emconsults. org

SPRING 2018 TODAY’S GENER AL COUNSEL

LEGAL OPERATIONS CORE COMPETENCIES

26 percent of the Fortune 500. CLOC spans 40 states and 36 countries. “Everybody kept saying the legal services industry is broken, that radical change is badly needed, but only a few,

Legal Operations at Yahoo. “No one had tried to define true north for this industry. Most legal departments focused on law firms as the only ones really needing to change.”

“MOST LEGAL DEPARTMENTS FOCUSED ON LAW FIRMS AS THE ONLY ONES NEEDING TO CHANGE.” like industry thought leader Richard Susskind, were even looking at the issues industry wide,” says Jeff Franke, Assistant General Counsel of Global

According to Franke, the challenges the legal services industry face go way beyond law firms’ unwillingness to change their basic operating model.

“We need change with respect to the six core ecosystem players: corporations, law firms, regulators, law schools, tech providers, and outside service providers.”

MAKING LEGAL OPERATIONS A DISCIPLINE The industry has come a come a long way from the days when general counsel were seen primarily as risk managers who relied on outside counsel to support a corporation’s legal needs. Today, forty to sixty percent of all corporate legal work is done in-house, and operations excellence has become a critical necessity.

TODAY’S GENER AL COUNSEL SPRING 2018

Unfortunately, historically the only way to develop that excellence has been from the ground up: legal operations did not exist as a discipline. No one offered a “how to guide” on this complex topic. CLOC, through its members and leadership, quickly created a thoughtful, effective base of knowledge, templates, benchmarking capability and best practices to help solve the frustrations they were feeling. Their efforts led to the creation of CLOC’s 12 Core Competencies, a reference model for legal operations excellence. The Association of Corporate Counsel (ACC) has jumped into legal operations in a big way as well. Amar Sarwal, Chief Legal Officer and Senior VP of Advocacy and Legal Services, spearheads the ACC Legal Operations program and has aligned it fully with the ACC Value Challenge. In addition to supporting and advancing the legal operations profession, ACC views its role as assisting the general counsel’s office to fully leverage legal operations. According to Sarwal, “Our role will not only make the legal operations function more coherent but also help unify the process for its stakeholders. We help many legal departments that have previously not had a legal ops function. Wherever a department finds itself in this process, we can share concepts, leadership strategies, conferences, tools, and written guidelines. Both the ACC program and CLOC are committed to the success of the legal department.”

WHAT YOUR DEPARTMENT CAN DO Franke says, “A legal department might begin by defining the largest areas of frustration working with outside law firms, vendors and legal project management. Ask your law firms to visit. Consider how the two of you might work together to create better communications and stronger relationships. As an example, we spend money just to pull stats for our quarterly reviews. It would be wonderful if law firms did this for us. Law firms need to understand that as legal departments are tasked with

running a business within our company’s business, we need law firms on board, too.” Those looking to deepen their involvement might explore CLOC’s 12 Core Competencies and select a few to start the analysis process. What technologies do you already have and which ones are most important? Which will relieve your biggest frustrations and headaches with outside firms? Do you have a legal operations team in-house devoted to creating

• Assess the overall levels of maturity in each area. • Focus on the maturity areas most likely to “move the needle” towards your objectives. The legal operations function at major corporations has changed from an uncoordinated set of disparate actions to a more carefully defined, cross-disciplinary profession loosely aligned across hundreds of companies and government

THE LEGAL OPERATIONS FUNCTION AT MAJOR CORPORATIONS HAS CHANGED FROM AN UNCOORDINATED SET OF DISPARATE ACTIONS TO A MORE CAREFULLY DEFINED, CROSSDISCIPLINARY PROFESSION. 63 better efficiencies and partnering with outside firms? How might you start this process? Pratik Patel, Vice President of Innovation and Products at Elevate Services, says without a legal operations function, the result is often overworked teams and inefficient practice of law. “Legal operations can tame the chaos of running the legal department,” he says. “Without the legal ops function, lawyers are forced to design and develop the business aspects of their function in selfservice models or in silos, often leading to limited or non-existent processes and pedestrian use of technology.” Developing a framework around legal operations and prioritizing the competency areas can build efficiencies that better align with a company’s business objectives. Patel recommends four simple steps to get started: • Identify the law department’s business objectives. • Gauge each core competency’s ability to influence those objectives.

entities. The focus is on changing not only the way corporate legal departments deliver legal services but on the way the legal services industry should function. Corporate legal departments are in the driver’s seat. The first CLOC conference in 2016 drew 500 registrants. In 2017 there were 1,000 attendees and CLOC leaders are predicting that the upcoming April 22 to 25 Institute in Las Vegas will secure more than 2,500 attendees. ■

SPRING 2018 TODAY’S GENER AL COUNSEL

BACK PAGE FRONT BURNER

Sharing Protected Information with Potential Litigation Funders By Todd Presnell

he battle rages on. As litigation financiers increasingly supply monetary ammunition to fund the prosecution of plaintiff companies’ claims, defendants return fire by seeking disclosure of information shared with the potential litigation funder. The central issue is whether disclosure of privileged communications or work-product to a third-party litigation financing firm waives these protections. The answer invokes the differing waiver analyses of the privilege and work-product doctrine, and application of the common interest doctrine. The attorney-client privilege protects confidential communications between lawyer and client so that the lawyer may supply legal advice. With some exceptions, disclosure of lawyer-client communications to a third party negates the confidentiality requirement and waives the privilege. Most courts have ruled that disclosing privileged communications to a litigationfunding firm prior to the firm’s engagement waives the privilege. Todd Presnell is a The work-product doctrine is not a partner at Bradley. He is a trial lawyer, and privilege, but generally protects from dishas served as lead covery a party or her lawyer’s documents counsel in federal and created because of impending litigation. state courts, argued The doctrine’s waiver standards are narbefore the Sixth, rower than waiver principles associated Seventh, and Tenth Circuit Courts of Apwith the attorney-client privilege. Workpeals, the Tennessee product waiver occurs when disclosure Court of Appeals, substantially increases the possibility and briefed cases for the party’s adversary to obtain the before the United information. States Supreme Court and the Tennessee Courts have issued mixed opinions as Supreme Court. He is to whether a party waives its protections a recognized expert in by disclosing work-product material to the area of evidentiary a litigation-financing firm prior to the privileges. firm’s engagement. The majority view is tpresnell@bradley. com that a party does not waive work-product

protections by supplying information to a putative financier, especially where there is a non-disclosure agreement. In Viamedia, Inc. v. Comcast Corp. (N.D. Ill. June 30, 2017), the court rejected a defendant’s waiver argument in part because the non-disclosure agreement made it less likely that the information would fall into an adversary’s possession. Not all courts agree with this analysis. In Acceleration Bay LLC v. Activision Blizzard, Inc., D. Del. Feb. 9, 2018, the court rejected the work-product doctrine because the party created the materials “with a primary purpose of obtaining a loan, as opposed to aiding in possible future litigation,” and because the work-product doctrine does not apply to documents prepared for a nonparty to litigation, “even if the nonparty is a party to closely related litigation.” The common interest doctrine is not an independent privilege. It is a non-waiver doctrine that permits parties with a common legal interest to share otherwise protected information. Courts, like the Acceleration Bay court, find that a party and putative financier have no common legal interest in litigation prior to entering into a litigation-funding contract. While this doctrine may protect information, including privileged information, shared postcontract, it may be of little help in protecting information shared pre-contract. In sum, the battle continues amid some uncertainty. While not a universal truth, the work-product doctrine provides the most protection for information shared pre-contract, especially where the parties enter a nondisclosure agreement. Sharing lawyer-client communications pre-contract likely waives the privilege, but sharing them under a postcontract common interest agreement may afford greater protection. ■

EXPERIENCE A DIFFERENT CONFERENCE

COLLABORATE ON THE LATEST CYBER DETECTION AND DEFENSE WITH PEERS AND THOUGHT LEADERS

UPCOMING

DATA PRIVACY AND CYBERSECURIT Y FORUM BOSTON APRIL

NEW YORK MAY

WASHINGTON, D.C. NOVEMBER

DALLAS NOVEMBER

LOS ANGELES DECEMBER

SAN FRANCISCO MARCH 2019

“The Exchange” Event Series is a think-tank of interactive brainstorming in an all-inclusive discussion format, outside the traditional panel presentation with PowerPoint. REGISTER TODAY SPECIAL RATES USE CODE CYBERBOX

T O D AY S G E N E R A L C O U N S E L . C O M / I N S T I T U T E @TodaysGC

YOU NEED AN ARBITRATOR WHO UNDERSTANDS HEALTHCARE DISPUTES. WE HAVE THE EXPERTISE. You expect in-depth knowledge from your healthcare professionals and you want that same level of expertise when you have a healthcare dispute. The AAA’s National Healthcare Panel of accomplished arbitrators and mediators includes respected attorneys, former federal and state judges, physicians, nurses, and other industry experts who have the experience to address a wide range of issues including reimbursement disputes between healthcare payors and providers. Trust the American Arbitration Association® when you need an arbitrator or mediator with real industry knowledge.

adr.org

| +1.800.778.7879