September 27, 2014

FOCUS...on the North Florida Chapter


By in-house counsel, for in-house counsel.®

North Florida Chapter News and Information
Chapter President's Letter: In-house Lawyers Between a Rock and a Hard Place
By Michael Herman, SVP/GC/Corporate Secretary, Rayonier Advanced Materials

Widely reported scandals at General Motors and Wal-Mart, as well as some recent court decisions, have reignited debate about the tension between an in-house lawyer's professional obligations to his client, his legal obligations to disclose wrongdoing under certain laws, and his moral obligations to society at large upon discovery of facts that could indicate commission of a crime.

Attorney-Client Privilege

Many non-lawyers in the media and blogosphere (see, for example, an August 26 article in the New York Times) seem to believe that companies and their in-house lawyers "use the attorney-client privilege to shelter wrongdoing," as the Times article put it.  And as the GM and Wal-Mart situations demonstrate, if things go wrong there will likely be second-guessing and Monday-morning quarterbacking, often with the in-house lawyers caught in the crosshairs.  Several GM lawyers have already been fired, and it has been widely reported that the DOJ has launched a criminal investigation into whether GM lawyers and others concealed evidence from regulators.

While most in-house lawyers will hopefully never face a personal situation as serious as this one, the balancing of ethical, legal and moral obligations can at times seem like a tightrope without a net.

At the heart of this debate are two foundational principles of a lawyer's professional responsibilities: The duty to maintain client confidences, and the protections afforded to clients and their lawyers by the attorney-client privilege and attorney work product doctrines. The underpinnings for these principles are clear and convincing, at least to lawyers. They allow the client to provide his lawyer with pertinent facts necessary to facilitate competent representation and sound legal advice, and they allow clients to seek counsel on how to address past actions that may not have been compliant with law. Certainly, a client would be less than forthcoming if he feared breach of his confidences by his own lawyer.

As lawyers well know, these principles are not absolute; there are exceptions, some of which are reasonably clear under each state's code of professional responsibility.  For example, depending on the state’s specific code of professional responsibility, client confidentiality can, should and (often) must be breached to prevent imminent criminal activity.

In the GM situation, attempts are being made to pierce GM’s attorney-client privilege under the so-called “crime-fraud exception,” which generally allows disclosure of otherwise protected information if it was intended to commit or cover up a crime or fraud.  Prosecutors and plaintiffs’ lawyers are alleging that GM lawyers delayed or covered up evidence that certain ignition switches were faulty, which later resulted in driver injuries and deaths. 

Like this one, many privilege exceptions are very fact specific and have been the source of continuing debate and difference of opinion in state and federal courts.

One very recent example: In August of this year, the Delaware Supreme Court ruled, in Wal-Mart Stores, Inc. v. Indiana Electrical Workers Pension Fund IBEW, that Wal-Mart shareholders can obtain privileged corporate documents relating to the internal investigation of Wal-Mart's widely-chronicled FCPA problems. In this case, the shareholders asserted rights under Delaware statutory corporate law, which gives shareholders the right to inspect books and records of a corporation. The shareholders argued that it had a right to these documents to aid its determination whether Wal-Mart's directors had breached their fiduciary duties to the company's shareholders. The court ruled that this situation was covered by the "fiduciary exception" to attorney-client privilege protection. The decision requires shareholders to show "good cause" why the privilege should not be invoked, which will be a case-by-case analysis based on multiple factors.  While the fiduciary exception is not new or unusual (for example, it often arises in ERISA fiduciary duty suits), this case will likely embolden plaintiffs' lawyers, cause concern for company counsel and lead to more litigation, and in the long run drive up the cost of defending and resolving litigation for Delaware corporations.

On the other hand, some courts have been more protective of attorney-client privilege. In June of this year, the D.C. Circuit U.S. Court of Appeals took the unusual step of issuing a writ of mandamus in In re Kellogg Brown & Root et al.  In this case the appellate court reversed a ruling of the district court, which had held that an internal investigation was not privileged because it had not been conducted primarily to facilitate the provision of legal advice. In a unanimous decision, the Court of Appeals ruled that the district court's ruling was contrary to the U.S. Supreme Court's decision in Upjohn v. United States (1981), the seminal federal case recognizing attorney-client privilege in the context of corporate internal investigations.

The recent Wal-Mart decision in Delaware, by a court widely viewed as business-friendly, seems to give shareholders a new tool to seek otherwise privileged documents.  And unless Wal-Mart has already voluntarily waived its attorney-client privilege, it would not be surprising if the DOJ sought to claim the crime-fraud exception to pierce attorney-client privilege to access information in connection with its FCPA investigation.  

Public Company Disclosure Issues

Further complicating an in-house lawyer's decision-making are laws that require disclosure of certain events and facts to the government. Lawyers for public companies are well aware of 8-K and other SEC requirements that require near-real-time disclosure of specified events, including certain events that could be "material" to investors.  Care must be taken to draft these disclosures in a way to comply with SEC requirements, but not disclose any privileged information, lest an adversary claim that the disclosure constituted a privilege waiver.

Moreover, lawyers who “practice” before the SEC are faced with a wholly separate set of standards of professional conduct (referred to as "Part 205" rules, implemented in 2003 as part of Sarbanes Oxley), which sometimes conflict with ABA Model Rule of Professional Conduct 1.6 as it relates to client confidences and privileged information.  Where reporting to the government is not mandatory, in-house lawyers are sometimes faced with the difficult decision of whether to recommend to their client that they "self-report" a potential compliance issue, theoretically because government prosecutors will reward this action with leniency under the U.S Federal Sentencing Guidelines.

The decision of whether or not to “self-report” has been further complicated by an explosion of so-called "whistleblower" laws and regulations relating to alleged violations of accounting, securities, FCPA and various other laws. The risk of a whistleblower beating the company to the government with information of potential wrongdoing is yet another factor to be considered in an in-house lawyer’s decision-making.

A further complicating factor is that employees who often work very closely with in-house lawyers on compliance matters and investigations--such as accountants, internal auditors and compliance personnel--are encouraged by the government and its rules to become whistleblowers. So the in-house lawyer may always be wondering if a member of his compliance team will at some point decide to package up the privileged information he has in his possession (even though the privilege is not his to waive) and present himself to the DOJ or SEC as a whistleblower.

Practical Advice

Part of our jobs as lawyers is to simplify complex issues for our clients. In this case, we need to simplify and apply our judgment to a series of interrelated, complex set of laws, rules, court cases and practices by the federal government. My suggestions to my in-house colleagues are:

1. Know the applicable professional obligations of the state or states in which you are licensed to practice.

2. Know any ethical rules specifically applicable to your area of practice (like the SEC Part 205 rules).

3. Government prosecutors and plaintiffs' lawyers view communications of in-house lawyers with their clients as a potential mother lode of relevant information and will go after them hard, because they believe these communications may contain honest and directly presented information. Federal courts differ from circuit to circuit as to how zealously they will protect the privilege. Therefore, even in-house lawyers must be careful what they write, because it may end up reviewed by a judge, or being turned over to the other side after an adverse privilege ruling. This happened to me a number of years ago with respect to a detailed, strategic analysis I had written to my then-CEO at a prior employer. A Pennsylvania state court judge ignored privilege protections and simply ruled, without reference to any relevant privilege exception or waiver event, that my memo was "probative" to the matters at issue. The case was settled shortly thereafter. 

4. To that end, while it seems unfair, my observation is that courts tend to be less likely to order the disclosure of a privileged document prepared by outside counsel, as opposed to an in-house lawyer. Therefore, if your company is faced with a potentially serious compliance issue, it may be prudent to have outside counsel produce the investigation report on its letterhead, rather than having it published and signed by in-house counsel. 

5. Finally, choose your client wisely. I have been fortunate in my career to work for business people and companies who had high standards of ethics and integrity. Unfortunately, some of our colleagues are not so lucky. Before you accept an in-house position, do your due diligence as to the history and reputation of the company and the decision-makers you will be working with. Even the best-managed companies have compliance challenges, but the ethics and integrity of senior leadership will often determine the outcome.

As a lawyer, your reputation for honesty and integrity is the most valuable asset you own. Guard it jealously.

Return to Top
Annual Meeting (October 8, 2014)
By Blake Menzel, ACC North Florida Board Member

Please make plans to join us for the ACC North Florida Chapter’s Annual Meeting and Ethics CLE, sponsored by McGuireWoods, on Wednesday, October 8, 2014, at the River Club, One Independent Dr., Suite 3500, Jacksonville, FL  32202.  Visit and network with your fellow in-house counsel from all around the greater Jacksonville area, meet the current ACC North Florida Officers and Board Members, help us elect next year’s Officers and Board, and satisfy some of your ethics CLE hours as well.

During the Annual Meeting, we take just a few minutes to elect the chapter’s Officers and Board Members for next year, and we provide an overview of the kinds of programs and benefits you can expect and enjoy as a Member of the ACC North Florida Chapter. The main event is Tom Spahn’s always engaging Ethics CLE presentation, which this year is titled, “Confidentiality – Strength and Scope of the Duty – Part I.” Tom is a Partner with McGuireWoods and has served on the ABA Standing Committee on Ethics and Professional Responsibility. He has spoken at more than 1,200 CLE programs on ethics and other topics, and was selected as the 2013 metro-Washington, D.C., “Lawyer of the Year” for “Bet the Company Litigation” by Best Lawyers.   Every year, we hear that Ken’s presentations are some of the best ethics presentations our members have ever seen. 

So, come on out to the Annual Meeting, help us elect next year’s leadership, learn about upcoming events, get some CLE Ethics hours, and wrap it all up with some networking at the post-meeting reception hosted by McGuireWoods. Reserve your spot now by RSVPing to  We look forward to seeing you!


Please be sure to check our Chapter page for other upcoming events by clicking here.

Return to Top
Member Spotlight: Eric Herbst, Deutsche Bank’s Vice President, Counsel for the Litigation & Regulatory Investigations Group

We recently had an opportunity to have lunch with Eric Herbst, Deutsche Bank’s Vice President, Counsel for the Litigation & Regulatory Investigations Group. We both have known Eric for a while, and first met him when he became a regular attendee at the North Florida Chapter’s meetings and events. This member spotlight gave us a great reason to meet Eric for lunch and learn more about him, his family and his work-life journey, which ultimately landed him here in Jacksonville as part of a company – Deutsche Bank – with a rapidly growing presence here in Jacksonville. We enjoyed getting to know him and wanted to share with you a bit about what we learned.

We will start with a little information about Eric’s history. Eric was born in Landstuhl, Germany, into a US military family stationed abroad.  He lived in Germany until the 4th grade. He used to be fluent in German, but may be a bit rostig (rusty) at the moment.  In German, Eric’s last name, Herbst, means autumn, which also happens to be Eric’s favorite season. Sadly for Eric, whether he has realized it yet or not, Jacksonville does not have much of an autumn. Eric currently resides in St. Johns County with his wife, Wendi, and two young children (ages 5 and 7). Although Eric came to North Florida to work for Deutsche Bank, he has come to love the area’s atmosphere and friendly people.

After moving to the United States in 4th grade, and finishing his early education, Eric then went on to complete his Bachelor of Science Degree in both Computer Science and Political Science at Albright College in Eastern Pennsylvania. After college, Eric attained his law degree from William & Mary and took and passed the Virginia Bar. Eric is a member of the Virginia Bar and has an in-house certificate in Florida.

After law school, Eric clerked for Judge Widener at the 4th Circuit Court of Appeals in Abingdon, Virginia. After clerking for Judge Widener, Eric moved on to big-firm life at White & Case’s office in Washington, D.C., and focused on litigation and anti-trust work while he was there. After 6 years with White & Case, Eric left law firm life behind and joined Deutsche Bank, moving to Jacksonville from Washington D.C.  At Deutsche Bank Eric is responsible for a docket of legal and regulatory matters in the United States for the Bank.  Additionally, he manages a team of support staff who assist the department in various capacities.

We not only learned about Eric and his legal prowess; we also learned a fair amount about Eric as a person – as opposed to lawyer drone. Once Eric finishes navigating tricky legal matters all day, he heads home to the much more enjoyable, but often just as tricky, world of kids! Eric enjoys spending time with his wife and kids, and enjoys traveling as much as possible. While Eric enjoys traveling to all sorts of new and interesting places, his favorite place he has visited is Bermuda – we do not blame him. In addition to caring for his family, and perhaps in an attempt to make home seem just a little bit like the blue relaxing waters of Bermuda, Eric enjoys spending time caring for his salt water aquarium; most uniquely his clown fish.

To close out our visit with Eric in almost the same way we began, we will again reference the German influence in Eric’s life. We know he likes to travel, so it makes sense Eric specifically noted a desire to travel back to Germany one day – it should be lovely! We also know he loves his wife and kids, and spends a great deal of time with them, which is why we think it’s just grand that Eric knows all of the words to the theme song from Sesame Street… in German. We did not ask Eric to show off his vocals at the lunch table, but looking back on it now, we think perhaps we should have – maybe another time. If you have not met Eric yet, look for him the next time you are at one of the ACC events and introduce yourself. If you are feeling adventurous, try it in German -- guten tag (good day) or hallo (hello).

That was all about Eric!  We would love to know more about you. If you have time to meet for lunch and talk about yourself, let us know.  Our treat!  

Return to Top
Welcome to New Members
Galloway, Cody Anne Hunter Crom, LLC
Stocker, Daniel A. DB Services New Jersey, Inc.
Wu, Pei-Yuan DB Services New Jersey, Inc.
Yohe, Kathleen A. DB Services New Jersey, Inc.
Rice, Gayle L. DB Services New Jersey, Inc. 
Ayub, Michel Deutsche Bank
Beyl, David J. Deutsche Bank
Fister, Mark Deutsche Bank
Higgins, Justin M. Deutsche Bank
Huntley, Jessica K. Deutsche Bank
Jordan, Jason G. Deutsche Bank
Lakhani, Shyam M. Deutsche Bank
Maxey, Renee J. Deutsche Bank
Park, Tony Deutsche Bank
Patel, Rupesh Deutsche Bank
Vila, Michael Deutsche Bank
Wallace, Kyle M. Deutsche Bank
Aguilar, Maria Everbank
Barrett, David W.  EverBank 
Hilbert, Ryan Fanatics, Inc.
Anderson, Bjorn Fidelity National Information Services, Inc.
Kamlet, Courtney S. Fidelity National Information Services, Inc.
Cziotka, Andras Nanotherapeutics, Inc.
Morey, Andrew A. RTI Surgical, Inc.
Bongiovanni, Kathryn Wounded Warrior Project
Return to Top
Newsletter Articles
Resume Tips for Lawyers
By Sharon McLaughlin, Esq. (Special Counsel, Inc.)

The job market for attorneys is highly competitive.  Therefore, ensuring that you have a well-written and polished resume that is organized, succinct and presents your experience and qualifications in the best possible light is very important.  This article is intended to give you a basic guide in doing just that as well as a handful of tips and resume do’s and don’ts.


You should always begin a resume with your contact information at the top of the first page, centered.  It’s important to include your full, legal name (preferably no nicknames), address (street address, city/state/zip), phone number and personal email – this is the information a prospective employer will use to contact you, so it should be up-to-date.  In addition, it’s best to provide a phone number where you can be readily reached, such as your personal mobile number.  Using a work or home number isn’t generally recommended. 


In law school, we were taught to keep our resumes to one page in length.  However, as you gain years of legal experience, your accomplishments, practice, employers, etc. will change and grow.  As such, it’s expected that your resume will also change and grow.  It’s perfectly acceptable for your resume to spill on to more than one page if you have been practicing for 3+ years. 


Typically, one of the first things a prospective employer wants to see when they are reviewing your resume is your education, including all degrees, fields of study, schools and year of degree(s) completion.  Thus, it’s a customary and recommended practice to create a section for education and list your degrees individually.  It is further recommended that the education section be placed near the top so that it’s one of the first things the reviewer sees.

Completed Degrees

It’s generally best to list yourcompleted degrees (e.g., B.A., M.A., Ph.D., J.D., L.LM., etc.), the field of study (e.g., major), the full name and location of the school (e.g., Harvard Law School - Harvard University, Cambridge, MA) and the year of degree completion.  I personally do not recommend that you include partially completed degrees or coursework as they are often not relevant and may simply clutter your resume. 


While the identity of the school from which you earned your degree is necessary, it can often work for you or against you.  If your school(s) is not well perceived due to rank, reputation, non-ABA accreditation, etc., this may put you at a disadvantage.  Alternatively, if the person reviewing your resume is an alumnus of your school(s) or there are other alumni within the company, this is definitely helpful.  In addition, your school(s) can be a huge advantage if it’s well-respected and highly ranked. 

Year of Graduation

Year of graduation is a sticking point with some candidates.  Initially, please note that it’s one of the most important pieces of information on your resume.  Why?  It can be a quick and easy gage of your level of experience. 

If an attorney omits the year of completion for their law degree, this may indicate that the candidate is hiding it – this is a common trend among candidates that feel that they may be considered “too senior” for a role.  This is a bad practice for multiple reasons:  (1) if an employer senses you are not being forthright and honest, they may reject your candidacy; (2) if the year you earned your degree is missing, your resume may simply be disregarded and not considered; (3) if any employer is looking for a candidate with lesser experience, it’s better to know that from the outset and not waste anyone’s time.

Academic Honors and Achievements

Finally, if you graduated with honors or have other academic achievements that you feel may distinguish you, it’s a great idea to list them under the applicable degree – example: 


           J.D., summa cum laude, 2005


            Dr. John Ordronaux Prize

            Edward F. Hennessey Distinguished Scholar

            Dean's Awards in Evidence, Corporations and Contracts


            Article Editor, Boston University Law Review

      University of Texas, Austin, TX

         B.S., with Highest Honors, in History 2002


The best format for listing your legal experience on your resume is listing your employment in chronological order, beginning with your most recent/current experience first. 

It is recommended that you list each employer individually and include the full name of the employer, location, title and practice area and dates of employment.  With regard to dates, it’s important to include the month AND year to avoid the appearance of gaps in employment.  

Under each employer, list your primary duties and responsibilities succinctly, but with sufficient detail to understand the depth of your experience and responsibility.  For ease of reading and an organized presentation, it’s a good idea to use bullet points when listing your duties and responsibilities. 

A practice that some attorneys utilize is creating a “summary of experience” that lists or narrates all of their experience in one section and merely providing dates of employment for employers versus individually listing duties and responsibilities under each employer.  This is not recommended.  Prospective employers want to see exactly what you were doing at each place of employment.  If you’ve been practicing the same area of law for many years and have changed employers one or more times, it’s expected that there will be some duplication of duties and responsibilities in your current and past employment. 

Again, if you have been practicing for 3+ years, don’t worry that your resume may spill on to two or three pages.


A common mistake among junior attorneys is not including licensure on their resume – maybe because they haven’t updated it since they passed the bar exam.  Be sure to include a licensure section on your resume and list all states, courts or other government bodies (e.g., USPTO) to which you are admitted and licensed to practice law.


Many employers find other language skills to be valuable.  Thus, if you are fluent in more than one language, it’s recommended that you include a “language” section on your resume and list your language skills.  Please specify that you are fluent and whether you are able to speak, read and/or write in that language.


Formatting is extremely important since appearance makes the first impression. It’s a good idea to keep the text succinct, easy to read (e.g., not too small or too large – 11pt font is fairly standard), organized (e.g., bullet points) and in a modern font that is not only aesthetically appealing (e.g., Cambria, Times New Roman, Arial).  Note: A common mistake is not consistently using the same font throughout the document. 

Also, it may surprise you how many experienced attorneys fail to perform a basic spell- or punctuation-check on their resume.  Please be sure to review your resume as you would any other work product and ensure that there are no errors in content, punctuation or spelling. 

While these resume tips are not exhaustive of every way to create a strong resume, they’re definitely a great start to creating a polished and professional resume.


Sharon A. McLaughlin, Esq. is a Regional Search Director with Special Counsel in Houston, TX (

Return to Top
Maximizing Legal Project Management with Outside Counsel
By Erika C. Birg, Esq. and Frank Morreale, Esq. (Nelson Mullins Riley & Scarborough LLP)

In the past few years, Legal Project Management (“LPM”) has seen a growing following, but it remains somewhat of a mystery to many.  LPM has been defined as “the application of the concepts of project management to the control and management of legal cases or matters.”  Steven B. Levy, Legal Project Management: Control Costs, Meet Schedules, Manage Risks, and Maintain Sanity, DayPack Books (2009) ISBN 1-4499-2864.

The new economic reality is that law firms and legal departments are being called upon to do more with less.  That means we all have to be more efficient.  Thus, outside counsel and their clients have taken many different steps to employ project management techniques (primarily from the manufacturing realm) in managing legal projects, including: (1) e-discovery, (2) loan deals, (3) repetitive (or massive) litigation, and (4) special projects. 

The simple truth:  If a legal project is going to be completed within budget, it has to be managed appropriately.  So, the question is how will you structure that management?  In the end, there is no magic recipe.  The three key components are:  (1) identifying the goal, (2) implementing a solution, and (3) adapting the solution for continual improvement.  How that can be done is best designed between client and attorney through an open dialogue.

 Where to Begin?

If your outside counsel are not already talking to you about their LPM projects or skills and you have not already implemented techniques in your legal department, the very first step is to ask. 

Starting the conversation about LPM means talking about goals:  What do you hope to achieve?  As the adage says, if you do not have a destination in mind, any road will take you there.  Initial goals can be as simple as:  (1) implementing periodic, standardized reporting on costs compared to budget; (2) developing prototype discovery responses; and (3) developing communication protocols to ensure the proper people stay informed as the project commences.

In identifying the goals, you should consider:  How will you measure value in achieving the goal?  Does the value need to be quantifiable or will anecdotal evidence suffice?  Will the results of any efficiencies be reported internally or externally?  If so, how will you want to measure that efficiency from the outset?  It is too late to put down those yardsticks once the project is started.  And, if you have difficulty figuring out how you will measure success against the goal, you may also have difficulty achieving the goal because you will not have a clear path from initiation to conclusion. 

What Next?

Once the goal is established and the measurement for success is decided, then client and attorney can discuss openly how to achieve those goals:  the implementation phase.  Implementing your LPM strategy may mean many different things, as the steps can vary as much as the initial goal.  Step 2, nevertheless, starts by simply asking:  What tools are available to us to help us achieve the goal

Are you employing software as a primary method for implementation?  Does it do what you need it to do for a successful project?  Can you customize it?  Do you need something as simple as checklists or a basic database?  Or do you need more powerful tools?

Some solutions for LPM are indeed very basic, but they are profoundly valuable.  Establishing a checklist for counsel listing whether they have identified all of the proper witnesses, searched for the appropriate documents, or considered all available affirmative defenses can be an invaluable but very simple LPM tool.  (For more on the effectiveness of checklists in other industries, see Atul Gawande, The Checklist Manifesto: How to Get Things Right (Metropolitan Books 2010).)

If recent events have shown that your company or your client is about to be involved in a number of similar suits, then one goal obviously will be to maintain consistency with the answers, briefing, legal offense and defense.  (Also, if you will be having multiple counsel across jurisdictions, another goal would be how best to keep them all reading out of the same playbook.)  Implementing LPM begins with talking to your lead counsel and assessing what technology tools can be used to allow attorneys to communicate confidentially and to maintain the document room where ideas, briefs, and research can be shared.  Ask them to help you brainstorm about how to keep everyone rowing in the same direction.  Moreover, you will want to coordinate e-discovery, and you must be consistent in responding to production requests, answering interrogatories, and responding to requests for admission.  Preparing readily available templates accessible to the team will shorten response times and reduce costs.  One person should be responsible for:  (1) tracking and ensuring compliance with the approved responses,  and (2) monitoring the costs from jurisdiction-to-jurisdiction so you can budget accordingly.  (Paralegals make excellent project managers for complex litigation.)  Work with counsel to establish a list of issues and then establish which tool will do the job.  (Lean4Legal PM®, is one available solution.)

Two key components of implementation are:  (1) open and direct communication (the key words for outside counsel here, are “no surprises”), and (2) ongoing measurement against the success metrics identified at the beginning.  Most successful LPM techniques and practices incorporate checkpoints to measure progress toward goal achievement.  It may be just measuring against budget, but it may also mean measuring consistency and error rate.  So, for example, if a budget and timeline were instituted for the motion to dismiss phase, but those are exceeded by an agreed amount, e.g., more than 10%, does everyone feel safe in discussing what happened?  How the parties resolve to reconcile the differences will depend in large part on their ability to identify and define the reasons for the overages.  If neither party feels safe in having that crucial conversation regarding how to handle the problem, then it is unlikely to get resolved in a manner that fosters the trusting relationship for which both client and counsel strive.

What Went Right?

The “P” in LPM could as easily be “process” as it is “project.”  That is because, once you have developed that process, it is absolutely critical that the parties invest the time to review how the process progressed so it can be effectively employed for the next project.  Where did you find hiccups?  Where were there problems?  If they were discussed along the way, was the resolution that you reached then the same resolution you would have decided upon now in hindsight?  If problems or issues were not discussed along the way, why not?  Who had ownership of the issue to bring it to the forefront? 

Communication about the highs and the lows of the process undertaken is necessary to develop a better understanding of how to be successful in the next venture.  No one can measure true success without talking about it.


Joining the LPM movement is not about learning a secret handshake or adopting a strict set of rules implemented by others.  It is about devising predictable pathways to achieve your goals using a combination of knowledge management, adherence to process, and clear communication.


Erika (erika.birg@nelsonmullins.comis a member of the Florida and Georgia bars; she works out of Nelson Mullins’ Atlanta and Jacksonville offices to help clients protect their business interests in complex commercial litigation cases. Frank (frank.morreale@nelsonmullins.comis a member of the Florida and New York bars; he is a member of Nelson Mullins’ business litigation team.

More information about the authors of this article can be found at Erika's Bio and Frank's Bio

Return to Top
Inland Cargo Liability for Overseas Export Shipments in the Wake of Regal-Beloit
By Jameson Rice, Esq. (Holland & Knight LLP)

The Supreme Court of the United States in Kawasaki Kisen Kaisha LTD v. Regal-Beloit Corp., 561 U.S. 89, 100 (2010), held that the Carmack Amendment (“Carmack”) (codified at 49 U.S.C. § 11706 (railroads) and § 14706 (motor carriers)) does not apply to import cargo originating overseas carried under a through bill of lading.  But the Court expressly withheld judgment on which federal law applies, Carmack or the Carriage of Goods by Sea Act (“COGSA”) (46 U.S.C. § 30701 note), when export cargo is damaged during the inland leg of an overseas move, and, as is often the case, the through bill of lading extends the application of COGSA beyond the tackle to inland carriage, which is expressly permitted under COGSA.  Carmack and COGSA each impose substantially different default liability schemes.  Carmack’s default scheme imposes liability akin to strict liability on railroads and motor carriers, with the carrier liable for the “actual loss or injury to the cargo” unless a lesser liability is agreed to, whereas COGSA’s default scheme imposes liability on ocean carriers of $500 per package or customary freight unit unless a greater value is declared.

According to the Supreme Court in Regal-Beloit (interpreting Carmack as it applies to railroads), Carmack cannot apply to U.S. bound cargo originating overseas because there is no “receiving rail carrier.”  The Court determined that the “receiving rail carrier” as that term is used in Carmack, is only the carrier that initially receives the goods at the point of origin, which must also be subject to Surface Transportation Board jurisdiction.   Six years earlier, in a related case, Norfolk Southern Railway Co. v. Kirby, 543 U.S. 14 (2004), the Supreme Court used a “conceptual approach” to hold that for “essentially” maritime contracts, COGSA preempts state law when its terms are extended to inland carriage under a through bill of lading.   

Since Regal-Beloit, lower courts have grappled with Carmack versus COGSA liability for overseas export cases.  The Supreme Court’s holding could lead to the interpretation that Carmack should apply whenever there is a “receiving rail carrier,” but (i) there is no apparent policy justification for imposing different liability schemes based upon the direction of the goods, i.e. import versus export,  and (ii) the logic underlyingKirby would suggest application of COGSA in both import and export contexts.  The issue remains unsettled.  What follows is a brief explanation of the cases since Regal-Beloit in which cargo damage has occurred during the inland portion of an international export move involving ocean carriage under a through bill of lading.

American Home Assurance Co. v. Panalpina, Inc., No. 07–cv–10947, 2011 WL 666388, 2011 A.M.C. 733 (S.D.N.Y. Feb. 16, 2011).

In Panalpina, Judge Jones of the Southern District of New York held that even though the freight forwarder issued the relevant through bill of lading, not the rail carrier,  the rail carrier was the “receiving rail carrier” because it was the first rail carrier that accepted the cargo at the shipment’s point of origin and thus subject to Carmack.

Hartford Fire Insurance Co. v. Expeditors International, No. 10–cv–5643, 2012 WL 2861433, 2012 A.M.C. 1934 (S.D.N.Y. July 9, 2012)

Expeditors was another Southern District of New York case, but the court reached a different conclusion.  It held that the ocean freight forwarder, not the motor carrier, was the “receiving rail carrier” and thus Carmack did not apply to the motor carrier.  Carmack also did not apply because (i) the claim was based on the bill of lading, which clearly incorporated COGSA, and (ii) under Kirby: “Where a bill of lading ‘requires substantial carriage of goods by sea, its purpose is to effectuate maritime commerce-and thus it is a maritime contract.’”  Id. at *6.

Royal & Sun Alliance Insurance v. Service Transfer, Inc., No. 12–cv–97, 2012 WL 6028991, 2013 A.M.C. 345 (S.D.N.Y. Dec. 4, 2012)

The Royal & Sun court rejected Carmack and held that the first carrier is not necessarily the “receiving carrier” under Carmack.  Rather, “the ‘receiving’ carrier is the ‘principal’ party to the contract governing the subject shipment and is responsible for the whole carriage,” *4, which, in this case, was the ocean carrier. 

Norfolk Southern Railway v. Sun Chemical, 735 S.E.2d 19 (Ga.  App. Ct. 2012)

In Sun Chemical, the court determined that the ocean carrier that issued the through bill of lading was the “receiving carrier,” and the bill of lading was a maritime contract.  Therefore, it applied COGSA and rejected Carmack.  The court further concluded that:

the Southern District of New York’s more recent decision in Expeditors implements Kirby’s and Kawasaki Kisen’s objectives of promoting efficient maritime contracting more effectively than the earlier Panalpina decision, and that federal law requires us to uphold the bargained-for terms of the through bill of lading before us . . . .

Id. at 27.

CNA Ins. Co. v. Hyundai Merchant Marine Co. Ltd., 747 F.3d 339 (6th Cir. 2014).

The CNA court examined the above cases and, as in Sun Chemical, concluded that “the Southern District of New York seems to have done a turnabout on this, from applying Carmack originally to now rejecting it outright.”  Id. at 368.  The court concluded that if the bill of lading is a maritime contract under Kirby then:

Following the [Regal-Beloit] opinion all the way through—including the discussion of Kirby and COGSA—the inverse of the holding is almost as clear as the holding, albeit not as easily stated as a bright-line rule: when the journey does begin with a Carmack-defined receiving carrier, Carmack may still not apply to a multimodal through bill with a substantial sea component, for all the reasons set out in Kirby . . . .

 Id.  The court held that Carmack did not apply.

American Home Assurance v. A.P. Moller-Maersk, 2014 A.M.C. 908 (S.D.N.Y. 2013) .

This was a later decision in the same case as the Panalpina decision.  Since Panalpina, Judge Jones retired from the bench, and a new judge was assigned.  In this decision, which was entered after Sun Chemical but beforeCNA, the new judge granted a motion for reconsideration of the Panalpinadecision and concluded that Judge Jones’ order was erroneous in part, but did not disturb the ruling that Carmack applied, not COGSA.  Id. at 911.  The case was subsequently transferred to yet another judge.   See Am. Home Assurance v. A.P. Moller-Maersk, No. 07 Civ. 10947, 2014 WL 1303610 (S.D.N.Y. March 31, 2014)


The Moller-Maersk decision weakens to some extent the conclusion in Sun Chemical and CNA that there is a trend away from applying Carmack.  However, it is also true that sinceRegal-Beloit, only Judge Jones of the Southern District of New York, who has stepped down from the bench, and her successor judges in the same case, have applied Carmack to inland damage to export cargo destined overseas under a through bill of lading.  Still, with the limited number of decisions, and some variance in rationale, it remains too early to tell how courts will continue to decide such cases. 


Jameson Rice ( is a member of Holland & Knight’s Transportation Sector.  Holland & Knight was named the 2014 "Law Firm of the Year" in Admiralty & Maritime Law by U.S. News – Best Lawyers® and its partners are ranked in Chambers & Partners, USA 2014 Nationwide rankings for Transportation: Road (Carriage/Commercial); Rail (for Railroads); Shipping Litigation and Shipping Finance; and all areas of Aviation.  His biography may be found here:

Return to Top
Unintended Risks of Bring Your Own Device Programs
By C. Matthew Detzel, Esq. (Akerman LLP)

Over the last few years, new acronyms like “BYOD” (Bring Your Own Device) and “MDM” (Mobile Device Management) have been added to the in-house attorney’s lexicon as a result of the astonishing proliferation of smartphones and tablets being used in the workplace. [1]  Companies adopt BYOD policies and programs to protect against risk and prevent litigation.  As several recent court decisions illustrate, an organization’s BYOD policy might actually expose it to greater risk or open it up to litigation.  This article surveys some of the potential issues that companies and corporate counsel should be prepared to face after  implementing a BYOD program.

The recent decision by a California appellate court in Cochran v. Schwan’s Home Service, Inc. provides an apt example.  In Cochran, the court considered the appropriate application of a particular California statute, Labor Code section 2802, to employees’ use of personal mobile phones to conduct business for their employer, Schwan’s Home Service.  Ultimately, the Cochran court held that the purpose of the particular California statute at issue was to prevent employers from passing their operating expenses on to their employees and that the statute required reimbursement of all reasonable expenses incurred by employees for the mandatory use of their personal phones for business calls.  Schwan’s BYOD policy failed to appropriately provide for this reimbursement, resulting in class action litigation on behalf of its California employees.

While the claim considered by the Cochran court involved voice calls, the holding appears sufficiently broad enough that it could similarly require reimbursement of employee expenses incurred for data service necessary to access company e-mail, calendars, or company files and data. 

The statute at issue in Cochran may be unique to California, but several states have passed laws requiring employers to notify employees when monitoring their electronic communications. See, e.g., Del. Code Ann., Tit. 19, § 705 (2005); Conn. Gen.Stat. Ann. § 31-48d.  Companies with employees in multiple jurisdictions should remember that one size may not fit all for BYOD programs.  It may be prudent for corporate counsel to review BYOD policy on an annual or semi-annual basis to ensure compliance with the applicable regulatory landscape.   

Companies may also find themselves subject to claims that retaining access to the personal communications or data of exiting employees after termination violates the Stored Communications Act, 18 U.S.C. § 2701 et. seq. (the “SCA”), as in Lazette v. Kulmatycki.  In Lazette, the court sustained the plaintiff’s claim under the SCA against her former employer, where the plaintiff claimed her former boss reviewed substantially all of her personal e-mail that remained accessible from the employer-supplied mobile device she returned upon termination of her employment.  The court rejected the former employer’s defense that plaintiff’s acceptance of its mobile device policy defeated the plaintiff’s claim under the SCA, explaining that “[r]andom monitoring is one thing; reading everything is another.” 

In determining the appropriate compromise between corporate data security and employee privacy, corporate counsel and their clients will have to consider how their choices on BYOD policy may impact future exposure.  Lawyers may need to caution clients that BYOD policies allowing extensive monitoring of, control over, and access to employees’ personal devices could expose the company to future litigation.  Although very few courts have considered claims implicating BYOD programs to date, company monitoring of employees’ privately-owned devices is certain to raise questions for in-house attorneys in the near future.  For instance, what is the scope of the company’s duty to preserve and produce personal data stored or maintained on an employee’s device?   

Where an employee is also an individual defendant or is central to the litigated claims, the answer appears to be that the company and the individual employee share this duty to preserve and can be sanctioned for failing to do so.  In First Mariner Bank v. Resolution Law Grp., P.C., et al., the defendant employee traded his mobile device in to his wireless carrier for a credit towards the purchase of a newer device well after litigation had commenced, and the court sanctioned both the defendant employer and defendant employee for failing to preserve the data on his mobile device.

Additionally, litigants have already begun targeting organizations with intentional spoliation claims premised, in part, on the organizations’ right to use, monitor, or control disposition of data on personal devices.  For example, in Gabb v. International Brotherhood of Boilermakers, the court considered a claim for intentional spoliation of evidence brought by a plaintiff alleging her employer destroyed text message evidence of sexual harassment from the personal devices of other employees.  Similarly, in Nkemakolam v. St. John's Military School, the court considered a claim that the defendant school intentionally took possession of students’ phones and deleted photographic and video evidence of the physical abuse alleged by plaintiff.

Against this backdrop, the ability to remotely wipe all data from an employee’s device using MDM software may pose considerable liability risks for organizations if not used with caution.  For instance, use of remote wipe may unintentionally destroy or otherwise render irretrievable the only copy of critically important information at issue in litigation.  Under circumstances similar to those in Goodman v. Praxair Services, Inc. where the possibility of litigation is anticipated, courts may be willing to impose sanctions for spoliation of evidence, such as instructing the jury to draw an adverse inference against the company, even where the wipe activity may be routine procedure whenever an employee is terminated.

Companies should consider this potential hazard when first establishing or updating guidelines for remotely wiping data on employee-owned personal devices.

Furthermore, as reliance on BYOD programs expands, so too may the common-law duties of care and definition of the scope of employment be stretched to cover the new territory.  Civil plaintiffs may eventually seek to use the terms of corporate BYOD policies as offensive weapons to bolster negligence claims, especially with respect to hiring and supervision of employees.  In the hopes of finding deeper pockets, civil plaintiffs may also argue BYOD policies expand the reach of doctrines like respondeat superior to cover situations where a plaintiff suffers injury from the negligence of an employee who causes an automobile accident, outside of normal work hours, because she was reading or sending a business e-mail on her mobile device while driving. 

In summary, it is important for companies to anticipate that along with the benefits offered by adoption of BYOD programs in the workplace may come additional exposure to liability.  By thinking proactively and discussing these concerns presented with other departments, in-house counsel can raise awareness within the organization and help to develop internal procedures for minimizing or avoiding any disruptive impact on their clients.   

[1]  For those unfamiliar with BYOD, many a primer detailing best practices for crafting effective, comprehensive BYOD policies can be found with an internet search.

Author:  C. Matthew Detzel, Esq. (Akerman LLP)   Bio

Return to Top
Workers’ Compensation: Cost Drivers in an Ever Changing Work Environment
By Michael D. Kendall, Esq. (Marks Gray, P.A.)

Today’s work environment is not your grandparent’s work environment.  Actually, today’s work environment is not likely the same work environment that many of you reading this article started in.  Instead, the work environment is constantly changing and employers are (or should be) changing with it to maintain a competitive edge and to attract and maintain quality employees.  However, the changes employers make to the work environment should be made with proper consideration of potential workers’ compensation risks and costs.  There are many “silent” risks in a changing work environment that often serve as cost drivers for workers’ compensation insurance coverage that are not realized by employers until claims start to arrive and then it is too late to consider controlling the cost.

Temporary Workers and Independent Contractors 

Employers are now hiring a large number of temporary workers and contractors instead of traditional employees in an effort to curb expenses like health insurance, pension plans and other fringe benefits often included as part of the overall compensation package for employees.  The cost of hiring temporary workers is often less than the cost of hiring permanent employees with benefits.  If employers have a short term project, it is generally more cost-efficient to hire a temporary employee.  However, for jobs that are expected to last six months or longer, it may pay to hire a full-time employee.   

Using an agency to provide temporary employees can control the costs to the employer.  The agency is responsible for and bears the financial burden of recruiting, screening, testing and hiring workers; payroll expenses and paperwork; payroll and withholding taxes; unemployment and workers’ compensation insurance; and any employee benefits they may wish to provide.  If the employer knows there is not a long-term need for a permanent full-time employee, a temporary employee provided through a temporary agency is a cost-effective way to obtain quality, pre-screened candidates and at the same time, minimize any additional costs/risks to workers’ compensation insurance premiums.  Studies show that frequency and severity rates of on-the-job injuries are significantly higher with temporary workers.  No matter what a person’s experience is, care must be taken to see that dangerous tasks are performed safely.  Employers should never assume a temporary worker is fully prepared to work unsupervised, even if hired through an agency.

Another twist on the traditional full-time employee is to hire someone as an independent contractor.  Employers believe, and in many cases correctly so, that hiring an independent contractor means that the employer is not responsible for workers’ compensation coverage.  However, the choice to hire independent contractors can often lead to the misclassification of independent contractors which in turn leads to increased costs litigating employment status.  

For example, if an employer hires an independent contractor and that contractor is injured in the course and scope of the contractual obligations, the independent contractor may seek coverage under the employer’s workers’ compensation policy.  However, if truly an independent contractor, workers’ compensation is not available. 

By definition, an independent contractor is working for the employer pursuant to agree upon “contractual terms.”  These terms should be memorialized is a written contract that fully sets out the terms of the agreement.  Often employers think that just classifying someone as an independent contractor is sufficient but if forced to later litigate employment status, that classification can be hard to justify if not memorialized in a written contract. 

In order to properly classify someone as an independent contractor, the Florida Legislature has developed a checklist and employers should consult this checklist when hiring the independent contractor.  Employers need to confirm that the independent contractor maintains a separate business with his or her own work facility, truck, equipment, materials, or similar accommodations.  Also, confirm that the independent contractor holds or has applied for a federal employer identification number, unless the independent contractor is a sole proprietor who is not required to obtain a federal employer identification number under state or federal regulations.  Next, and perhaps most importantly, confirm that the independent contractor receives compensation for services rendered or work performed and confirm that such compensation is paid to a business rather than to an individual. An independent contractor can perform work, or is able to perform work, for any entity in addition to or besides the employer at his or her own election without the necessity of completing an employment application or process.

Those who work away from corporate facilities

Many employers today offer employees the option to “work from home.” This option is offered to attract quality employees that may not take the position because of conflicts with a traditional work day or with location/geographical obstacles.   As of 2011, approximately 34 million people reported working from home occasionally and that number is projected to increase to approximately 63 million by the year 2016.  Not only are employees working remotely from home, some are working from their cars, some from hotel rooms (sales force) and some from co-locations of the employer.  This change in the “traditional” workplace presents various risk management problems that are often not considered when an employer makes the decision to offer alternative employment locations.  For example, if an employer allows the employee to work from home and he trips over his dog when he is getting up from the desk in his home-office, is he covered by workers’ compensation?  Yes.

Employers who offer non-traditional work environments are providing much desired flexibility to employees while absorbing all of the increased risk.  In the ever-changing work environment, employers should strongly consider offering flexibility for employees when it comes to where and when the employees work.  However, employers should consider the risks to such changes so as to not be surprised later if the risks result in outcomes that increase the overall cost to the organization in the form of workers’ compensation claims.

An aging workforce and chronic conditions 

Today’s work force is considerably “older” than the workforce of 20 years ago.  The increase in the average age of workers directly correlates to increased exposure to work accidents.  The U.S. Bureau of Labor Statistics estimates that by 2015 “one in every five American workers will be over 65, and in 2020, one in four American workers will be over 55.”  An aging workforce directly correlates with a variety of chronic health conditions and outcomes.  The older an employee gets the more likely that employee is to have non-work related chronic conditions and thus the increased likelihood of an on-the-job injury. 

Employers can take action to limit or minimize the risks to an aging workforce and the increased likelihood of on-the-job injuries.  In today’s workforce, employers should take proactive steps to get employees thinking about their individual health and promote healthy lifestyles.  Employers can consider providing healthy meal options in cafeterias.  Employers can promote and offer tobacco cessation assistance and weight loss programs.  These types of programs focus on the employee, offer encouragement and support and can have a positive impact on morale while at controlling an otherwise uncontrollable cost driver.  We are all going to get older and if we work together to keep employees healthy we increase productivity and control the risks inherent with an aging workforce. 


Michael D. Kendall, Esq. is the Chair of Mark Gray's worker's compensation practice area.  His practice focuses on representing insurance carriers and employers in Worker's Compensation matters.  His bio can be found here.

Return to Top
Vendor Management and Privacy
By Jack Pringle, Esq. and Lyndey Zwing, Esq. (Adams and Reese LLP)

When the infamous bank robber Willie Sutton (reputedly) was asked why he robbed banks, he answered “because that’s where the money is.” Thomas J. Curry, Comptroller of the Currency, cited Sutton’s quote in a recent speech explaining why financial institutions are such attractive targets for cybercriminals. Not surprisingly, the Office of the Comptroller of the Currency (OCC) and other bank regulators have recognized the critical importance of information security in protecting (among other things) “the money.”

These days, banks aren’t the only businesses grappling with the challenges of protecting valuable assets from criminals. As a report on cybersecurity published in The Economist recently pointed out, the internet was built for connectivity, not security. Companies in many industries are discovering that the benefits of connecting and sharing information with others (including doing business in “the cloud”) come with a price: their valuable information assets (and those of their customers) are increasingly at risk.

Information security risks extend beyond the (fire)walls of a business and frequently involve third-party vendors. The Target breach -- and an HVAC contractor's role in same -- underscored just some of the myriad risks associated with third-party vendors. One lesson is that although business partners may be at fault when information security or networks are compromised, the ultimate responsibility for those incidents -- the financial, legal, and reputation damages -- cannot easily be shifted from the business to the otherwise-responsible third parties.

The OCC understands the potential risks of doing business with third-party vendors. Its OCC Bulletin 2013-29 (the "Guidance") identifies a number of issues that banks must consider when assessing and managing risks associated with third-party relationships.

The Guidance's holistic approach to risk management is particularly instructive for any business connecting with vendors and entrusting third parties with valuable information (e.g. personal identifying information, intellectual property, competitively sensitive information).

Implement Effective Information Risk Management throughout the Life of the Vendor Relationship (A Work in Progress and Process)

Because information risk is dynamic (emerging technologies, the ever-changing threat landscape, an evolving legal and regulatory landscape), it cannot be "managed" at any given single point in time. For these reasons, the Guidance emphasizes that management of vendor information risk, like all information security and risk management, is an ongoing process or project, involving a combination of people, policies, and technology that is assessed and adjusted based upon particular circumstances.

The “lifecycle” of a vendor relationship includes the following milestones:

  • Planning. Identify the potential information risks associated with a vendor before those risks arise;
  • Vendor Selection. Evaluate and choose vendors with an eye towards addressing and minimizing those risks;
  • Contract Negotiation. Insist upon written contracts that take into account the value of information assets and address information risk as appropriate; and
  • Ongoing Oversight. Monitor vendor performance over the life of the relationship.

Planning (Identify Information Assets and Risks)

  • Designate those individuals and groups with specific responsibility for vendor management that will continue during the life of the relationship;
  • Identify those information assets (e.g. personal identifying information, intellectual property, confidential information, trade secrets) that will be shared with a vendor (or put at risk as a result of a vendor relationship);
  • Consider the laws and regulations applicable to the business and the third-party vendor, plan for how the business will assess potential vendors, negotiate a contract with appropriate information privacy and security provisions, and oversee the vendor's performance of the parties' contract;
  • Determine the potential negative consequences (e.g. financial risk, legal and regulatory risk, reputation risk) that a third-party data breach, system outage, or network intrusion might have on your business..

Vendor Selection (Make Sure the Vendor Can and Will Protect Information)

  • Undertake a proper investigation before selecting a third party to manage information assets. Due diligence at a minimum requires an assessment of a vendor's legal and regulatory compliance, financial condition, and business experience and reputation.
  • Consult reference information available on the Web and elsewhere (including background and reference checks through the Better Business Bureau, the Federal Trade Commission, state attorneys' general offices, state departments of consumer affairs, etc.) to learn about a prospective partner’s business and history; customer complaints or litigation; Securities and Exchange Commission and other regulatory filings; and its website and other marketing materials.
  • Review the vendor's risk management and information security programs (and any written documentation, including policies, processes, and internal controls, which may be associated with those programs), consider any certifications (ISO/IEC, NIST) the vendor may hold, and review the results of any information security assessment or audit the vendor may have conducted.
  • Evaluate the vendor's resilience, or ability to respond to various service disruptions or breach events. Does the company have a disaster recovery or business continuity plan? And what kind of incident-reporting and management programs does the vendor have in place, especially in the event of a data breach? In other words, has the vendor considered information risk in creating its own processes and systems?

Contract Negotiation (Define Rights and Responsibilities)

  • Negotiate a written contract specifying the rights and responsibilities of the parties, particularly when a business has direct privacy and information security obligations. If a vendor will have access to personally identifiable information or other confidential or sensitive information, then the contract must define the specific information that will be provided to the vendor, as well as the vendor's obligations with respect to that information. If legal or regulatory requirements (e.g. GLB, HIPAA, various state statutes) govern information provided to the vendor, then the vendor's compliance with all such authority should be spelled out clearly in the contract.
  • Spell out in detail the information security safeguards to be employed by the vendor, and the oversight rights to ensure vendor compliance with those safeguards. The business may require annual third-party assessments, audits and/or examinations of the vendor's security systems and practices, in order to ensure ongoing compliance with the contract.
  • Designate the requirements and procedures to be followed by the vendor in the event of a security breach, including timely notification, full cooperation, and assignment/allocation of responsibility for response, mitigation, and remediation activities.
  • Include reimbursement, indemnification, and applicable insurance requirements (including cyberliability insurance) as appropriate and necessary.
  • Define the events that will bring about default and termination under the contract, and consider the transition from that vendor to another provider and the effect it may have on the business.

Ongoing Oversight (Assess, Adjust and Adapt)

  • Maintain clear roles and responsibilities for monitoring the performance of the vendor over the life of the relationship.
  • Evaluate a vendor’s performance and compliance periodically. In the same way a business must continually assess, adjust, and adapt to evolving information risk, so too must its business partners.
  • Consider whether information security standards, insurance requirements, and other obligations set out in the contract must be revised based upon the parties' experience, changes in the legal or technological landscape, or other factors.


Nassim Nicholas Taleb has written that “It is preferable to take risks one understands than understand risks one is taking.” Understanding the risks of connecting with and entrusting information to third parties, and taking steps to manage those risks is an essential requirement for doing business in the information age- and protecting your “money”.


Authors: Jack Pringle and Lyndey Zwing are attorneys with Adams and Reese LLP.

Return to Top
ACC National Article and News
Considering CASL: Creating or Altering Your Communications Policy and Procedures
By ACC National

The collective groans were palpable among counsel involved in the Canadian legal community on July 1 when the long-awaited Canadian anti-spam legislation (CASL) went into effect. Many organizations are not sure if this broad and complicated law applies to them, and the name of the legislation is not particularly helpful. The use of the word “spam” is definitely misleading, as the law applies to electronic communications well beyond those that are commonly thought of as such. In fact, the law is highly restrictive, and certain elements of it apply to just about any commercially related message that may be sent from or to an individual in Canada. It also applies to the installation of a program (e.g., a website cookie) to a computer in Canada. Below are some considerations to keep in mind when determining what changes need to be made to your communications policy, as well as when creating one for the first time. 

Read the Fine Print

The preamble to CASL states that the purpose of the law is to “promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities.” 

The legislation is based on three broad areas in governing electronic communication:

Consent: Expressed or implied consent is required before sending a commercial electronic message.

Identification: Each commercial message must clearly identify the individual and the organization sending the message.

Unsubscribe: All commercial messages will need to include a method for the recipient to unsubscribe from receiving commercial messages.

An important first step is to read through the legislation (S.C. 2010, c. 23) and guidance materials provided by the Canadian government. The website is found here: Beyond the sense of the scope and purpose of the law, as well as some guidance on interpretation, the website gives important information on the specific burdens each organization will face, and thus, the starting point for weighing the risks between the cost of implementation of compliant procedures versus the potential liability of a violation (i.e., up to CA$1 million for individuals and up to CA$10 million for businesses). Currently, only administrative actions can be brought, but private right of actions will come into effect in 2017. 

Reading through the legislation, it seems that there are as many exceptions to the rules as there are restrictions. The law will require every organization that has contacts in Canada to ask specific questions on who is communicating, how they are communicating and why they are communicating. A thorough investigation into these questions could provide some surprising answers and pose some unique challenges in developing procedures that comply with CASL, yet do not impede the organization’s ability to effectively conduct business.

Who Communicates?

Creating internal processes for employees to follow will most likely be the easy part (and that will be challenging enough). The real complications will be in understanding the communications of independent contractors, consultants, board members, volunteers and other agents who may communicate on behalf of the organization. Additionally, the organization will need to know if it has subsidiaries, partners or other affiliates who communicate on its behalf. What mechanisms, if any, does the organization have in place to control these communications? CASL makes it clear that the liability will fall on the organization for which the communications are sent on its behalf (Sections 32, 45 and 53). Effective training will be crucial to ensure understanding and compliance with the procedures. Another option for consideration will be to modify the contracts with your non-employed agents, where applicable. Due diligence checks with future vendors may need to include communication policy and procedures that take CASL into account. 

Communicating How?

All electronic communications are impacted by CASL (Section 6), and this is not limited to mass emails, but also includes one-on-one emails, text messages, list servers, social media and websites. Does the organization’s website deposit cookies or JavaScript on the visitor’s computer (Section 8)? Does any link or email redirect the user to a different system that is not accurately identified (Section 7)? Is it apparent to the user how to subscribe and unsubscribe from the social platforms hosted by the organization? Each organization will need to engage the various departments controlling these types of communications to ensure the appropriate identification and procedures are in place to allow the recipient to understand exactly with whom they are communicating and how to stop communications.

Why Communicate?

Knowing why the staff and agents of an organization are communicating will enable the organization to take advantage of the variety of implied consents and exceptions available in CASL. Below are a few samples of implied consents and exceptions, but particular care must be used. Generally, these have a short lifespan or are restricted to the recipient’s business function. Additionally, many of them are subject to the unsubscribe provision (Section 11), meaning that even if implied consent exists, no commercial electronic communication can take place if the recipient has unsubscribed from receiving electronic communications. 

Section 6(5)(b): Business inquiries

Section 6(6): Effectuating a business transaction

Sections 10(9)(a) and (10): Existing business relationship

Sections 10(9)(a) and (13): Existing non-business relationship

Section 10(9)(b): Email address conspicuously displayed on a website

Section 10(9)(c): Recipient gave the organization a business card

Charity organizations will want to explore the exceptions they have been granted from CASL compliance to Section 6 for electronic communications specifically for the purposes of raising funds.

Getting Expressed Consent

CASL does a better job of defining a commercial message by what it is not than by what it is; however, CASL explicitly states “an electronic message that contains a request for consent to send a message … is also considered to be a commercial electronic message” [Section 1(3)].  Expressed consent does not expire until the individual explicitly unsubscribes; thus, having expressed consent from recipients is the best mechanism to ensure compliance. Unfortunately, expressed consent is not always easily obtained. With the law in effect, organizations are prohibited from email campaigns to obtain consent from individuals for whom no basis for implied consent exists. Marketing departments will need to work across the organization’s various departments to ensure multiple methods are available to obtain expressed consent. Requests for expressed consent can be made on websites, event applications and multiple other methods where the public may reach out to the organization. Additionally, no electronic communication made on the basis of implied consent or an exception should go out without an invitation to provide expressed consent. 

Your IT Department is Your Friend

If the compliance procedures are to be truly effective and not overly burdensome on the staff and agents trying to comply, the IT department will need to be brought in early. Technological solutions will be an absolute must. Not only is it important to have effective means for the staff and agents to determine with whom they can and cannot communicate, the law also sets out particular requirements on what the organization will need to show in order to prove it had the necessary consent, regardless of expressed or implied, to send the electronic communication (Section 13). Furthermore, the IT department can create dynamic unsubscribe mechanisms that carefully define what type of communications the recipient wants to receive. This will help the organization prevent establishing a “nuclear option” of restricting all communications, which is neither warranted by law nor desired by the recipient.

Other laws to take into account

The complications of CASL become readily apparent during the development of the compliance procedures; however, the legal implications do not stop there. It is very simple to require a phone call in place of electronic communications with people in Canada with whom no consent exists; however, Canada’s National Do Not Call List (DNCL) needs to be considered. It is also not hard to imagine requirements going into place for independent contractors that could start to impinge on their classification in the Fair Labor Standards Act (FLSA), such as the required use of an organization’s email system and computer, as well as other restrictions that may hamper their choice in how and when they choose to work.

Each organization’s assessment of risk, and the resulting policy and procedures put into place, will vary considerably. As with many new pieces of legislation, there are many questions and much uncertainty regarding interpretations and applications. Over time, it is hoped that the law will be better defined, and organizations will be able to implement more precise procedures that do not hamper legitimate commercial electronic communications.

Return to Top
ACC National News and Information
By ACC National

Recruit a New Member Today and Reap the Benefit.

The ACC community grows stronger with every member. Share with your colleagues how ACC has helped you do your job better, and help them benefit from what ACC offers. From now through September, invite an in-house peer to join ACC, and you could receive a free CLE/CPD webcast and more. Learn more at

2014 ACC Annual Meeting: Rates Increase After Sept. 17

Act now to save on 2014 ACC Annual Meeting (Oct. 28–31, New Orleans, LA) registration rates. With 100+ CLE/CPD programs and 30+ networking hours, this is the event to enhance your practice skills, stay up-to-date on the latest legal industry trends and expand your professional network. Join thousands of your peers at the world’s largest gathering of the in-house community, and bring home practical tips you can put to use immediately. Learn more and register at [LINK:]

Enhance Your Business Skills

Bring more than your legal skills to the table. Attend business courses offered by ACC and the Boston University School of Management to enhance your business management skills, earn CLE/CPD credits and network with peers. Upcoming programs include the following:

·      Project Management for the In-House Law Department (Sept. 29–30)

·      Mini MBA for In-House Counsel (Dec. 3–5)

·      Risk Management & In-House Counsel (Oct. 7–9)

All programs take place in Boston, unless otherwise noted. Learn more and register at [LINK:]

ACC Compliance Portal: New Topic Added!

Check out our newest cross-border topic on Third Party Risk Management — available within the ACC Compliance Portal. Consisting of various key resources, such as thought-leadership videos, sample forms, quick references and relevant articles, this resource bundle provides valuable insight on how to best manage third-party risks. To learn more about this or other ACC resources on popular compliance topics, visit here. [LINK:] 

Be a Strategic Asset to Your Board

ACC and the National Association of Corporate Directors have joined together to bring you a new event: The Insider’s Guide to the Boardroom. This unique educational program is designed specifically for corporate law department leaders who want to be seen as a strategic partner to the business, contributing more than legal advice. The event takes place Sept. 15 in Chicago. Find out more and register today. [LINK:]

Featured Partner: Modus and Practical Law

Meet the challenges with help from two ACC Alliance partners who can help you prepare for whatever may come. Look at these two unique offers:

·     Modus [LINK:] is a data management company that helps organizations assess, strategize and leverage critical business intelligence obtained from people, processes and data, to optimize legal and enterprise-wide business results. Modus offers ACC members a free three to four hour eSynthesis strategy session to audit people, processes, data and finances to identify areas for improvement. Learn more at [LINK: ]

·     Practical Law [LINK:] provides legal know-how that gives lawyers a better starting point. Their expert team of attorney editors creates and maintains thousands of practical resources across all major practice areas. They go beyond primary law and traditional legal research to allow you to practice more efficiently and improve client service. Request a free trial today at [LINK: ]

Find out more about all of the Alliance partners at


Vox Clamantis: Advocating for the In-House Bar

A Win For In-House Privilege in the DC Circuit Court

In late June, the DC Circuit Court adopted the ACC perspective on the role of privilege protection in the conduct of internal investigations. Reversing a particularly dangerous district court decision, the DC Circuit provided privilege protection to internal investigations if just one of the significant purposes of an internal investigation is the seeking of legal advice. Many courts have been less protective of privilege in these circumstances, so we are particularly pleased with this result and will be leveraging it elsewhere. The name of the case is In re Kellogg Brown & Root, Inc. et al., and the ACC brief can be found at [LINK:]

ACC and ACC Europe Challenge Second-Class Citizen Status of German In-House Lawyers

Earlier this year, the Federal Social Court in Germany required inside — not outside — lawyers to participate in the less lucrative state pension scheme, arguing that in-house lawyers were not as independent as their outside counterparts. ACC and its European Chapter supported an effort to petition the Bundestag to overrule this erroneous decision. Although that petition effort failed, ACC is working with German in-house lawyers to use every available tool we have to fight back against this development. For more information, please visit [LINK:]To find out more on ACC's current advocacy initiatives, please visit [LINK:]

Return to Top
Job Digest
Job Digest [Last Updated 9/27/14]
By Blake Gibson, ACC North Florida Board Member

Welcome to the ACC North Florida Job Digest!  Please check back often as this digest will be updated frequently throughout the quarter and until the next newsletter is published.  If you are an employer and have a job to post in this digest, please contact Blake Gibson (

Posting 1

Company:      Deutsche Bank

Role:               Asset & Wealth Management Attorney

# of Years:     5+

Overview:      Deutsche Bank Asset & Wealth Management Legal Group – Product & Regulatory Position Position sought for Deutsche Bank’s Legal Department in Jacksonville, FL supporting Deutsche Bank’s the Alternatives and Real Assets Group (ARA) of the U.S. Asset & Wealth Management (AWM) division 

Posting 2

Company:      Deutsche Bank

Role:               Global Transaction Banking Attorney

# of Years:     4+

Overview:      Seeking qualified attorney in Deutsche Bank’s Legal Department in Jacksonville who will support the Bank’s Global Transaction Banking cash management and trade services businesses.

Posting 3

Company:      Deutsche Bank

Role:               Global Markets Attorney, AVP (3 openings)

# of Years:     3-5

Overview:      3-7 years litigation or regulatory experience at a major law firm, with substantial civil discovery experience.  In-house experience in financial services industry valued.

Posting 4

Company:      Genesee & Wyoming, Inc.

Role:               SVP of Compliance

# of Years:     5+

Overview:      The Senior Vice President of Compliance (SVP, Compliance) will oversee  Genesee & Wyoming Inc., and its affiliate railroads, regulatory compliance programs, ensuring that the company exercises due diligence and sound internal controls operating in compliance with federal, state and FRA regulations. This position will be responsible for the quality assurance measures and support necessary to monitor, review and analyze the compliance with federal and state regulations applicable to freight railroads. The Senior Vice President of Compliance will direct overall management, administration and implementation of operational compliance activities.  This position will be responsible for providing support, as needed, to regional and railroad operations for compliance investigations and audits. The SVP of Compliance will work closely with senior management to evaluate and respond to suspected compliance violation, and for consistent enforcement, disclosure and remedial action protocols. The position will monitor operational and direct observation administrative systems.

Posting 5

Company:      Genesee & Wyoming, Inc.

Role:               Employee and Labor Relations Director, Employment

# of Years:     7+

Overview:   We are currently hiring for an Employee and Labor Relations Director. The position will either be located out of our Rochester, New York or Jacksonville, Florida Office. The Employee and Labor Relations Director will be responsible for the development and implementation of labor and employee relations initiatives and strategies under general supervision of the Vice President, Employee and Labor Relations.

Posting 6

Company:      Wounded Warrior Project

Role:               Paralegal

# of Years:     5+

Overview:      Provide support and perform a variety of paralegal and/or administrative duties for the legal department under the supervision of the Assistant General Counsel.

Posting 7

Company:      Wounded Warrior Project

Role:              Legal Assistant

# of Years:     3+

Overview:      The Legal Assistant is primarily responsible for providing direct administrative support to Wounded Warrior Project’s (WWP) General Counsel, Assistant General Counsel, Staff Attorneys, and other members of the legal department.  Assists with telephone coverage for the legal department, budget and accounting functions, meeting coordination, calendar management and scheduling, making travel arrangements, drafting, data entry, researching, filing and photocopying; assists with other administrative duties as assigned.

Return to Top
left corner
In This Issue
right corner
North Florida Chapter News and Information
Chapter President's Letter: In-house Lawyers Between a Rock and a Hard Place
Annual Meeting (October 8, 2014)
Member Spotlight: Eric Herbst, Deutsche Bank’s Vice President, Counsel for the Litigation & Regulatory Investigations Group
Welcome to New Members
Newsletter Articles
Resume Tips for Lawyers
Maximizing Legal Project Management with Outside Counsel
Inland Cargo Liability for Overseas Export Shipments in the Wake of Regal-Beloit
Unintended Risks of Bring Your Own Device Programs
Workers’ Compensation: Cost Drivers in an Ever Changing Work Environment
Vendor Management and Privacy
ACC National Article and News
Considering CASL: Creating or Altering Your Communications Policy and Procedures
ACC National News and Information
Job Digest
Job Digest [Last Updated 9/27/14]
Sidebar Bottom
left corner
Newsletter Tools
right corner
Search Past Issues
Print-Friendly Issue
Forward to a Friend
Subscribe to This Newsletter
Subscribe via RSS
Sidebar Bottom
left corner
2014 Chapter Sponsors
right corner



Sidebar Bottom
left corner
ACC North Florida Chapter Quick Links
right corner
•  Chapter Website
•  Upcoming Events
•  Chapter Leadership
•  Chapter Photos
•  Chapter LinkedIn
Sidebar Bottom