|North Florida Chapter News and Information|
|Chapter President's Letter: In-house Lawyers Between a Rock and a Hard Place|
|By Michael Herman, SVP/GC/Corporate Secretary, Rayonier Advanced Materials|
Widely reported scandals at
General Motors and Wal-Mart, as well as some recent court decisions, have
reignited debate about the tension between an in-house lawyer's professional
obligations to his client, his legal obligations to disclose wrongdoing under
certain laws, and his moral obligations to society at large upon discovery of
facts that could indicate commission of a crime.
Many non-lawyers in the media
and blogosphere (see, for example, an August 26 article in the New York Times) seem to believe that companies and their in-house lawyers
"use the attorney-client privilege to shelter wrongdoing," as the Times article put it. And as the GM and Wal-Mart situations
demonstrate, if things go wrong there will likely be second-guessing and Monday-morning
quarterbacking, often with the in-house lawyers caught in the crosshairs. Several GM lawyers have already been fired,
and it has been widely reported that the DOJ has launched a criminal
investigation into whether GM lawyers and others concealed evidence from
While most in-house lawyers
will hopefully never face a personal situation as serious as this one, the
balancing of ethical, legal and moral obligations can at times seem like a
tightrope without a net.
At the heart of this debate
are two foundational principles of a lawyer's professional responsibilities:
The duty to maintain client confidences, and the protections afforded to
clients and their lawyers by the attorney-client privilege and attorney work
product doctrines. The underpinnings for these principles are clear and
convincing, at least to lawyers. They allow the client to provide his lawyer
with pertinent facts necessary to facilitate competent representation and sound
legal advice, and they allow clients to seek counsel on how to address past actions
that may not have been compliant with law. Certainly, a client would be less
than forthcoming if he feared breach of his confidences by his own lawyer.
As lawyers well know, these
principles are not absolute; there are exceptions, some of which are reasonably
clear under each state's code of professional responsibility. For example, depending on the state’s
specific code of professional responsibility, client confidentiality can,
should and (often) must be breached to prevent imminent criminal activity.
In the GM situation, attempts
are being made to pierce GM’s attorney-client privilege under the so-called
“crime-fraud exception,” which generally allows disclosure of otherwise
protected information if it was intended to commit or cover up a crime or
fraud. Prosecutors and plaintiffs’
lawyers are alleging that GM lawyers delayed or covered up evidence that
certain ignition switches were faulty, which later resulted in driver injuries
Like this one, many privilege
exceptions are very fact specific and have been the source of continuing debate
and difference of opinion in state and federal courts.
One very recent example: In
August of this year, the Delaware Supreme Court ruled, in Wal-Mart Stores, Inc. v. Indiana Electrical Workers Pension Fund IBEW,
that Wal-Mart shareholders can obtain privileged corporate documents relating
to the internal investigation of Wal-Mart's widely-chronicled FCPA problems. In
this case, the shareholders asserted rights under Delaware statutory corporate
law, which gives shareholders the right to inspect books and records of a corporation.
The shareholders argued that it had a right to these documents to aid its
determination whether Wal-Mart's directors had breached their fiduciary duties to
the company's shareholders. The court ruled that this situation was covered by
the "fiduciary exception" to attorney-client privilege protection. The
decision requires shareholders to show "good cause" why the privilege
should not be invoked, which will be
a case-by-case analysis based on multiple factors. While the fiduciary exception is not new or
unusual (for example, it often arises in ERISA fiduciary duty suits), this case
will likely embolden plaintiffs' lawyers, cause concern for company counsel and
lead to more litigation, and in the long run drive up the cost of defending and
resolving litigation for Delaware corporations.
On the other hand, some
courts have been more protective of attorney-client privilege. In June of this
year, the D.C. Circuit U.S. Court of Appeals took the unusual step of issuing a
writ of mandamus in In re Kellogg Brown
& Root et al. In this case the
appellate court reversed a ruling of the district court, which had held that an
internal investigation was not privileged because it had not been conducted
primarily to facilitate the provision of legal advice. In a unanimous decision,
the Court of Appeals ruled that the district court's ruling was contrary to the
U.S. Supreme Court's decision in Upjohn
v. United States (1981), the seminal federal case recognizing
attorney-client privilege in the context of corporate internal investigations.
The recent Wal-Mart decision in Delaware, by a
court widely viewed as business-friendly, seems to give shareholders a new tool
to seek otherwise privileged documents.
And unless Wal-Mart has already voluntarily waived its attorney-client
privilege, it would not be surprising if the DOJ sought to claim the
crime-fraud exception to pierce attorney-client privilege to access information
in connection with its FCPA investigation.
Public Company Disclosure Issues
Further complicating an
in-house lawyer's decision-making are laws that require disclosure of certain
events and facts to the government. Lawyers for public companies are well aware
of 8-K and other SEC requirements that require near-real-time disclosure of
specified events, including certain events that could be "material"
to investors. Care must be taken to
draft these disclosures in a way to comply with SEC requirements, but not
disclose any privileged information, lest an adversary claim that the disclosure
constituted a privilege waiver.
Moreover, lawyers who “practice”
before the SEC are faced with a wholly separate set of standards of
professional conduct (referred to as "Part 205" rules, implemented in
2003 as part of Sarbanes Oxley), which sometimes conflict with ABA Model Rule
of Professional Conduct 1.6 as it relates to client confidences and privileged
information. Where reporting to the
government is not mandatory, in-house lawyers are sometimes faced with the
difficult decision of whether to recommend to their client that they
"self-report" a potential compliance issue, theoretically because
government prosecutors will reward this action with leniency under the U.S
Federal Sentencing Guidelines.
The decision of whether or
not to “self-report” has been further complicated by an explosion of so-called
"whistleblower" laws and regulations relating to alleged violations
of accounting, securities, FCPA and various other laws. The risk of a
whistleblower beating the company to the government with information of
potential wrongdoing is yet another factor to be considered in an in-house
A further complicating factor
is that employees who often work very closely with in-house lawyers on
compliance matters and investigations--such as accountants, internal auditors
and compliance personnel--are encouraged by the government and its rules to
become whistleblowers. So the in-house lawyer may always be wondering if a
member of his compliance team will at some point decide to package up the
privileged information he has in his possession (even though the privilege is
not his to waive) and present himself to the DOJ or SEC as a whistleblower.
Part of our jobs as lawyers
is to simplify complex issues for our clients. In this case, we need to
simplify and apply our judgment to a series of interrelated, complex set of
laws, rules, court cases and practices by the federal government. My
suggestions to my in-house colleagues are:
the applicable professional obligations of the state or states in which you are
licensed to practice.
any ethical rules specifically applicable to your area of practice (like the
SEC Part 205 rules).
prosecutors and plaintiffs' lawyers view communications of in-house lawyers
with their clients as a potential mother lode of relevant information and will
go after them hard, because they believe these communications may contain
honest and directly presented information. Federal courts differ from circuit
to circuit as to how zealously they will protect the privilege. Therefore, even
in-house lawyers must be careful what they write, because it may end up
reviewed by a judge, or being turned over to the other side after an adverse
privilege ruling. This happened to me a number of years ago with respect to a detailed,
strategic analysis I had written to my then-CEO at a prior employer. A
Pennsylvania state court judge ignored privilege protections and simply ruled,
without reference to any relevant privilege exception or waiver event, that my
memo was "probative" to the matters at issue. The case was settled
that end, while it seems unfair, my observation is that courts tend to be less
likely to order the disclosure of a privileged document prepared by outside
counsel, as opposed to an in-house lawyer. Therefore, if your company is faced
with a potentially serious compliance issue, it may be prudent to have outside
counsel produce the investigation report on its letterhead, rather than having
it published and signed by in-house counsel.
Finally, choose your client wisely. I have been fortunate in my career to work
for business people and companies who had high standards of ethics and
integrity. Unfortunately, some of our colleagues are not so lucky. Before you
accept an in-house position, do your due diligence as to the history and
reputation of the company and the decision-makers you will be working with. Even
the best-managed companies have compliance challenges, but the ethics and
integrity of senior leadership will often determine the outcome.
As a lawyer, your reputation
for honesty and integrity is the most valuable asset you own. Guard it
|Return to Top|
|Annual Meeting (October 8, 2014)|
|By Blake Menzel, ACC North Florida Board Member|
Please make plans to join us for the ACC North Florida
Chapter’s Annual Meeting and Ethics CLE, sponsored by McGuireWoods, on
Wednesday, October 8, 2014, at the River Club, One Independent Dr., Suite 3500,
Jacksonville, FL 32202. Visit and network with your fellow in-house
counsel from all around the greater Jacksonville area, meet the current ACC
North Florida Officers and Board Members, help us elect next year’s Officers
and Board, and satisfy some of your ethics CLE hours as well.
During the Annual Meeting, we take just a few minutes to elect
the chapter’s Officers and Board Members for next year, and we provide an
overview of the kinds of programs and benefits you can expect and enjoy as a
Member of the ACC North Florida Chapter. The main event is Tom Spahn’s always engaging Ethics CLE presentation,
which this year is titled, “Confidentiality – Strength and Scope of the Duty –
Part I.” Tom is a Partner with McGuireWoods and has served on the ABA Standing
Committee on Ethics and Professional Responsibility. He has spoken at more than
1,200 CLE programs on ethics and other topics, and was selected as the 2013
metro-Washington, D.C., “Lawyer of the Year” for “Bet the Company Litigation”
by Best Lawyers. Every year, we hear
that Ken’s presentations are some of the best ethics presentations our members
have ever seen.
So, come on out to the Annual Meeting, help us elect next
year’s leadership, learn about upcoming events, get some CLE Ethics hours, and
wrap it all up with some networking at the post-meeting reception hosted by
McGuireWoods. Reserve your spot now by RSVPing to firstname.lastname@example.org. We look forward to seeing you!
Please be sure to check our Chapter page for other upcoming events by clicking here.
|Return to Top|
|Member Spotlight: Eric Herbst, Deutsche Bank’s Vice President, Counsel for the Litigation & Regulatory Investigations Group|
We recently had an opportunity to
have lunch with Eric Herbst, Deutsche Bank’s Vice President, Counsel for the Litigation
& Regulatory Investigations Group. We both have known Eric for a while, and
first met him when he became a regular attendee at the North Florida Chapter’s
meetings and events. This member spotlight gave us a great reason to meet Eric
for lunch and learn more about him, his family and his work-life journey, which
ultimately landed him here in Jacksonville as part of a company – Deutsche Bank
– with a rapidly growing presence here in Jacksonville. We enjoyed getting to
know him and wanted to share with you a bit about what we learned.
We will start with a little
information about Eric’s history. Eric was born in Landstuhl, Germany, into a
US military family stationed abroad. He
lived in Germany until the 4th grade. He used to be fluent in
German, but may be a bit rostig (rusty) at the
moment. In German, Eric’s last name,
Herbst, means autumn, which also happens to be Eric’s favorite season. Sadly
for Eric, whether he has realized it yet or not, Jacksonville does not have
much of an autumn. Eric currently resides in St. Johns County with his wife,
Wendi, and two young children (ages 5 and 7). Although Eric came to North
Florida to work for Deutsche Bank, he has come to love the area’s atmosphere
and friendly people.
After moving to the United States
in 4th grade, and finishing his early education, Eric then went on
to complete his Bachelor of Science Degree in both Computer Science and
Political Science at Albright College in Eastern Pennsylvania. After college,
Eric attained his law degree from William & Mary and took and passed the Virginia Bar. Eric is a member of the
Virginia Bar and has an in-house certificate in Florida.
After law school, Eric clerked
for Judge Widener at the 4th Circuit Court of Appeals in Abingdon,
Virginia. After clerking for Judge Widener, Eric moved on to big-firm life at
White & Case’s office in Washington, D.C., and focused on litigation and
anti-trust work while he was there. After 6 years with White & Case, Eric left
law firm life behind and joined Deutsche Bank, moving to Jacksonville from
Washington D.C. At Deutsche Bank Eric is
responsible for a docket of legal and regulatory matters in the United States
for the Bank. Additionally, he manages a
team of support staff who assist the department in various capacities.
We not only learned about Eric
and his legal prowess; we also learned a fair amount about Eric as a person –
as opposed to lawyer drone. Once Eric finishes navigating tricky legal matters
all day, he heads home to the much more enjoyable, but often just as tricky,
world of kids! Eric enjoys spending time with his wife and kids, and enjoys
traveling as much as possible. While Eric enjoys traveling to all sorts of new
and interesting places, his favorite place he has visited is Bermuda – we do
not blame him. In addition to caring for his family, and perhaps in an attempt
to make home seem just a little bit like the blue relaxing waters of Bermuda,
Eric enjoys spending time caring for his salt water aquarium; most uniquely his
To close out our visit with Eric in
almost the same way we began, we will again reference the German influence in
Eric’s life. We know he likes to travel, so it makes sense Eric specifically
noted a desire to travel back to Germany one day – it should be lovely! We also
know he loves his wife and kids, and spends a great deal of time with them,
which is why we think it’s just grand that Eric knows all of the words to the
theme song from Sesame Street… in German.
We did not ask Eric to show off his vocals at the lunch table, but looking back
on it now, we think perhaps we should have – maybe another time. If you have
not met Eric yet, look for him the next time you are at one of the ACC events
and introduce yourself. If you are feeling adventurous, try it in German -- guten tag (good day) or hallo (hello).
That was all about Eric! We would love to know more about you. If you
have time to meet for lunch and talk about yourself, let us know. Our treat!
|Return to Top|
|Galloway, Cody Anne
|Stocker, Daniel A.
||DB Services New Jersey, Inc.|
||DB Services New Jersey, Inc.|
|Yohe, Kathleen A.
||DB Services New Jersey, Inc.|
|Rice, Gayle L.
||DB Services New Jersey, Inc. |
|Beyl, David J.
|Higgins, Justin M.
|Huntley, Jessica K.
|Jordan, Jason G.
|Lakhani, Shyam M.
|Maxey, Renee J.
|Wallace, Kyle M.
|Barrett, David W.
||Fidelity National Information Services, Inc.|
|Kamlet, Courtney S.
||Fidelity National Information Services, Inc.|
|Morey, Andrew A.
||RTI Surgical, Inc.|
||Wounded Warrior Project|
|Return to Top|
|By Sharon McLaughlin, Esq. (Special Counsel, Inc.)|
The job market for attorneys is
highly competitive. Therefore, ensuring
that you have a well-written and polished resume that is organized, succinct
and presents your experience and qualifications in the best possible light is
very important. This article is intended
to give you a basic guide in doing just that as well as a handful of tips and
resume do’s and don’ts.
You should always begin a resume
with your contact information at the top of the first page, centered. It’s important to include your full, legal
name (preferably no nicknames), address (street address, city/state/zip), phone
number and personal email – this is the information a prospective employer will
use to contact you, so it should be up-to-date.
In addition, it’s best to provide a phone number where you can be
readily reached, such as your personal mobile number. Using a work or home number isn’t generally recommended.
In law school, we were taught to
keep our resumes to one page in length.
However, as you gain years of legal experience, your accomplishments,
practice, employers, etc. will change and grow. As such, it’s expected that your resume will also
change and grow. It’s perfectly
acceptable for your resume to spill on to more than one page if you have been
practicing for 3+ years.
Typically, one of the first
things a prospective employer wants to see when they are reviewing your resume
is your education, including all degrees, fields of study, schools and year of
degree(s) completion. Thus, it’s a
customary and recommended practice to create a section for education and list
your degrees individually. It is further
recommended that the education section be placed near the top so that it’s one
of the first things the reviewer sees.
It’s generally best to list yourcompleted degrees (e.g., B.A., M.A.,
Ph.D., J.D., L.LM., etc.), the field of study (e.g., major), the full name and
location of the school (e.g., Harvard Law School - Harvard University,
Cambridge, MA) and the year of degree completion. I personally do not recommend that you
include partially completed degrees or coursework as they are often not
relevant and may simply clutter your resume.
While the identity of the school
from which you earned your degree is necessary, it can often work for you or
against you. If your school(s) is not
well perceived due to rank, reputation, non-ABA accreditation, etc., this may put
you at a disadvantage. Alternatively, if
the person reviewing your resume is an alumnus of your school(s) or there are
other alumni within the company, this is definitely helpful. In addition, your school(s) can be a huge
advantage if it’s well-respected and highly ranked.
Year of Graduation
Year of graduation is a sticking
point with some candidates. Initially,
please note that it’s one of the most important pieces of information on your
resume. Why? It can be a quick and easy gage of your level
If an attorney omits the year of
completion for their law degree, this may indicate that the candidate is hiding
it – this is a common trend among candidates that feel that they may be considered
“too senior” for a role. This is a bad
practice for multiple reasons: (1) if an
employer senses you are not being forthright and honest, they may reject your
candidacy; (2) if the year you earned your degree is missing, your resume may
simply be disregarded and not considered; (3) if any employer is looking for a
candidate with lesser experience, it’s better to know that from the outset and
not waste anyone’s time.
Academic Honors and Achievements
Finally, if you graduated with
honors or have other academic achievements that you feel may distinguish you,
it’s a great idea to list them under the applicable degree – example:
BOSTON UNIVERSITY SCHOOL OF
LAW, Boston, MA
cum laude, 2005
Hennessey Distinguished Scholar
Awards in Evidence, Corporations and Contracts
Editor, Boston University Law Review
of Texas, Austin, TX
B.S., with Highest Honors, in History 2002
format for listing your legal experience on your resume is listing your
employment in chronological order, beginning with your most recent/current
recommended that you list each employer individually and include the full name
of the employer, location, title and practice area and dates of employment. With regard to dates, it’s important to
include the month AND year to avoid the appearance of gaps in employment.
Under each employer, list your primary
duties and responsibilities succinctly, but with sufficient detail to
understand the depth of your experience and responsibility. For ease of reading and an organized
presentation, it’s a good idea to use bullet points when listing your duties
that some attorneys utilize is creating a “summary of experience” that lists or
narrates all of their experience in one section and merely providing dates of
employment for employers versus
individually listing duties and responsibilities under each employer. This is
not recommended. Prospective employers want to see exactly
what you were doing at each place of employment. If you’ve been practicing the same area of
law for many years and have changed employers one or more times, it’s expected
that there will be some duplication of duties and responsibilities in your current
and past employment.
Again, if you
have been practicing for 3+ years, don’t worry that your resume may spill on to
two or three pages.
mistake among junior attorneys is not including licensure on their resume – maybe
because they haven’t updated it since they passed the bar exam. Be sure to include a licensure section on
your resume and list all states, courts or other government bodies (e.g.,
USPTO) to which you are admitted and licensed to practice law.
find other language skills to be valuable.
Thus, if you are fluent in more than one language, it’s recommended that
you include a “language” section on your resume and list your language skills. Please specify that you are fluent and whether
you are able to speak, read and/or write in that language.
FORMATTING AND SPELL
Formatting is extremely important since appearance makes the first
impression. It’s a good idea to keep the text succinct, easy to read (e.g., not
too small or too large – 11pt font is fairly standard), organized (e.g., bullet
points) and in a modern font that is not only aesthetically appealing (e.g.,
Cambria, Times New Roman, Arial). Note: A
common mistake is not consistently using the same font throughout the
Also, it may surprise you how many experienced attorneys fail to
perform a basic spell- or punctuation-check on their resume. Please be sure to review your resume as you
would any other work product and ensure that there are no errors in content,
punctuation or spelling.
While these resume tips are not exhaustive of every
way to create a strong resume, they’re definitely a great start to creating a
polished and professional resume.
Sharon A. McLaughlin, Esq. is a Regional Search Director
with Special Counsel in Houston, TX (www.specialcounsel.com).
|Return to Top|
|Maximizing Legal Project Management with Outside Counsel|
|By Erika C. Birg, Esq. and Frank Morreale, Esq. (Nelson Mullins Riley & Scarborough LLP)|
In the past few years, Legal Project Management (“LPM”)
has seen a growing following, but it remains somewhat of a mystery to
many. LPM has been defined as “the
application of the concepts of project management to the control and management
of legal cases or matters.” Steven B.
Levy, Legal Project Management: Control
Costs, Meet Schedules, Manage Risks, and Maintain Sanity, DayPack Books
(2009) ISBN 1-4499-2864.
new economic reality is that law firms and legal departments are being called
upon to do more with less. That means we
all have to be more efficient. Thus,
outside counsel and their clients have taken many different steps to employ
project management techniques (primarily from the manufacturing realm) in
managing legal projects, including: (1) e-discovery, (2) loan deals, (3)
repetitive (or massive) litigation, and (4) special projects.
simple truth: If a legal project is
going to be completed within budget, it has to be managed appropriately. So, the question is how will you structure
that management? In the end, there is no
magic recipe. The three key components
are: (1) identifying the goal, (2)
implementing a solution, and (3) adapting the solution for continual
improvement. How that can be done is
best designed between client and attorney through an open dialogue.
Where to Begin?
If your outside counsel are not already talking to you
about their LPM projects or skills and you have not already implemented
techniques in your legal department, the very first step is to ask.
the conversation about LPM means talking about goals: What do
you hope to achieve? As the adage
says, if you do not have a destination in mind, any road will take you
there. Initial goals can be as simple
as: (1) implementing periodic, standardized
reporting on costs compared to budget; (2) developing prototype discovery
responses; and (3) developing communication protocols to ensure the proper
people stay informed as the project commences.
identifying the goals, you should consider:
How will you measure value in achieving the goal? Does the value need to be quantifiable or
will anecdotal evidence suffice? Will
the results of any efficiencies be reported internally or externally? If so, how will you want to measure that
efficiency from the outset? It is too
late to put down those yardsticks once the project is started. And, if you have difficulty figuring out how
you will measure success against the goal, you may also have difficulty
achieving the goal because you will not have a clear path from initiation to
the goal is established and the measurement for success is decided, then client
and attorney can discuss openly how to achieve those goals: the implementation phase. Implementing your LPM strategy may mean many
different things, as the steps can vary as much as the initial goal. Step 2, nevertheless, starts by simply
asking: What tools are available to us to help us achieve the goal?
you employing software as a primary method for implementation? Does it do what you need it to do for a
successful project? Can you customize
it? Do you need something as simple as
checklists or a basic database? Or do
you need more powerful tools?
solutions for LPM are indeed very basic, but they are profoundly valuable. Establishing a checklist for counsel listing
whether they have identified all of the proper witnesses, searched for the
appropriate documents, or considered all available affirmative defenses can be
an invaluable but very simple LPM tool.
(For more on the effectiveness of checklists in other industries, see Atul Gawande, The Checklist Manifesto: How
to Get Things Right (Metropolitan Books 2010).)
recent events have shown that your company or your client is about to be
involved in a number of similar suits, then one goal obviously will be to
maintain consistency with the answers, briefing, legal offense and
defense. (Also, if you will be having
multiple counsel across jurisdictions, another goal would be how best to keep
them all reading out of the same playbook.)
Implementing LPM begins with talking to your lead counsel and assessing
what technology tools can be used to allow attorneys to communicate
confidentially and to maintain the document room where ideas, briefs, and research
can be shared. Ask them to help you
brainstorm about how to keep everyone rowing in the same direction. Moreover, you will want to coordinate
e-discovery, and you must be consistent in responding to production requests,
answering interrogatories, and responding to requests for admission. Preparing readily available templates
accessible to the team will shorten response times and reduce costs. One person should be responsible for: (1) tracking and ensuring compliance with the
approved responses, and (2) monitoring
the costs from jurisdiction-to-jurisdiction so you can budget accordingly. (Paralegals make excellent project managers
for complex litigation.) Work with counsel
to establish a list of issues and then establish which tool will do the job. (Lean4Legal PM®,
http://www.ermlegalsolutions.com/ is one available solution.)
key components of implementation are:
(1) open and direct communication (the key words for outside counsel
here, are “no surprises”), and (2) ongoing measurement against the success
metrics identified at the beginning.
Most successful LPM techniques and practices incorporate checkpoints to
measure progress toward goal achievement.
It may be just measuring against budget, but it may also mean measuring
consistency and error rate. So, for
example, if a budget and timeline were instituted for the motion to dismiss
phase, but those are exceeded by an agreed amount, e.g., more than 10%, does
everyone feel safe in discussing what happened?
How the parties resolve to reconcile the differences will depend in
large part on their ability to identify and define the reasons for the
overages. If neither party feels safe in
having that crucial conversation regarding how to handle the problem, then it
is unlikely to get resolved in a manner that fosters the trusting relationship
for which both client and counsel strive.
What Went Right?
The “P” in LPM could as
easily be “process” as it is “project.”
That is because, once you have developed that process, it is absolutely
critical that the parties invest the time to review how the process progressed
so it can be effectively employed for the next project. Where did you find hiccups? Where were there problems? If they were discussed along the way, was the
resolution that you reached then the same resolution you would have decided
upon now in hindsight? If problems or
issues were not discussed along the way, why not? Who had ownership of the issue to bring it to
Communication about the
highs and the lows of the process undertaken is necessary to develop a better
understanding of how to be successful in the next venture. No one can measure true success without
talking about it.
Joining the LPM
movement is not about learning a secret handshake or adopting a strict set of
rules implemented by others. It is about
devising predictable pathways to achieve your goals using a combination of
knowledge management, adherence to process, and clear communication.
Erika (email@example.com) is a member of the Florida and Georgia bars; she works out of Nelson Mullins’ Atlanta and Jacksonville offices to help clients protect their business interests in complex commercial litigation cases. Frank (firstname.lastname@example.org) is a member of the Florida and New York bars; he is a member of Nelson Mullins’ business litigation team.
More information about the authors of this article can be found at Erika's Bio and Frank's Bio
|Return to Top|
|Inland Cargo Liability for Overseas Export Shipments in the Wake of Regal-Beloit|
|By Jameson Rice, Esq. (Holland & Knight LLP)|
The Supreme Court of the United States in Kawasaki
Kisen Kaisha LTD v. Regal-Beloit Corp., 561 U.S. 89, 100 (2010), held that
the Carmack Amendment (“Carmack”) (codified at 49 U.S.C. § 11706 (railroads)
and § 14706 (motor carriers)) does not apply to import cargo originating
overseas carried under a through bill of lading. But the Court expressly withheld judgment on
which federal law applies, Carmack or the Carriage of Goods by Sea Act (“COGSA”)
(46 U.S.C. § 30701 note), when export cargo is damaged during the inland leg of
an overseas move, and, as is often the case, the through bill of lading extends
the application of COGSA beyond the tackle to inland carriage, which is expressly
permitted under COGSA. Carmack and COGSA
each impose substantially different default liability schemes. Carmack’s default scheme imposes liability
akin to strict liability on railroads and motor carriers, with the carrier
liable for the “actual loss or injury to the cargo” unless a lesser liability is
agreed to, whereas COGSA’s default scheme imposes liability on ocean carriers
of $500 per package or customary freight unit unless a greater value is
According to the Supreme Court in Regal-Beloit (interpreting
Carmack as it applies to railroads), Carmack cannot apply to U.S. bound cargo originating
overseas because there is no “receiving rail carrier.” The Court determined that the “receiving rail
carrier” as that term is used in Carmack, is only the carrier that initially
receives the goods at the point of origin, which must also be subject to
Surface Transportation Board jurisdiction.
Six years earlier, in a related case, Norfolk Southern Railway Co. v.
Kirby, 543 U.S. 14 (2004), the Supreme Court used a “conceptual approach” to
hold that for “essentially” maritime contracts, COGSA preempts state law when its
terms are extended to inland carriage under a through bill of lading.
Since Regal-Beloit, lower courts have grappled
with Carmack versus COGSA liability for overseas export cases. The Supreme Court’s holding could lead to the
interpretation that Carmack should apply whenever there is a “receiving rail
carrier,” but (i) there is no apparent policy justification for imposing
different liability schemes based upon the direction of the goods, i.e. import
versus export, and (ii) the logic underlyingKirby would suggest application of COGSA in both import and export
contexts. The issue remains
unsettled. What follows is a brief
explanation of the cases since Regal-Beloit in which cargo damage has
occurred during the inland portion of an international export move involving
ocean carriage under a through bill of lading.
American Home Assurance Co. v. Panalpina, Inc., No. 07–cv–10947, 2011 WL
666388, 2011 A.M.C. 733 (S.D.N.Y. Feb. 16, 2011).
In Panalpina, Judge Jones of the Southern District of New
York held that even though the freight forwarder issued the relevant through
bill of lading, not the rail carrier, the
rail carrier was the “receiving rail carrier” because it was the first rail
carrier that accepted the cargo at the shipment’s point of origin and thus subject
Hartford Fire Insurance Co. v. Expeditors International, No. 10–cv–5643, 2012 WL
2861433, 2012 A.M.C. 1934 (S.D.N.Y. July 9, 2012)
Expeditors was another Southern District of New York case,
but the court reached a different conclusion.
It held that the ocean freight forwarder, not the motor carrier, was the
“receiving rail carrier” and thus Carmack did not apply to the motor carrier. Carmack also did not apply because (i) the
claim was based on the bill of lading, which clearly incorporated COGSA, and (ii)
under Kirby: “Where a bill of lading ‘requires substantial carriage of
goods by sea, its purpose is to effectuate maritime commerce-and thus it is a
maritime contract.’” Id. at *6.
Royal & Sun Alliance Insurance v. Service Transfer, Inc., No. 12–cv–97, 2012 WL
6028991, 2013 A.M.C. 345 (S.D.N.Y. Dec. 4, 2012)
The Royal & Sun court rejected Carmack and
held that the first carrier is not necessarily the “receiving carrier” under
Carmack. Rather, “the ‘receiving’
carrier is the ‘principal’ party to the contract governing the subject shipment
and is responsible for the whole carriage,” Id.at *4, which, in this case, was the ocean carrier.
Norfolk Southern Railway v. Sun Chemical, 735 S.E.2d 19 (Ga. App. Ct. 2012)
In Sun Chemical, the court
determined that the ocean carrier that issued the through bill of lading was
the “receiving carrier,” and the bill of lading was a maritime contract. Therefore, it applied COGSA and rejected
Carmack. The court further concluded
Southern District of New York’s more recent decision in Expeditors
implements Kirby’s and Kawasaki Kisen’s objectives of
promoting efficient maritime contracting more effectively than the earlier Panalpina
decision, and that federal law requires us to uphold the bargained-for terms of
the through bill of lading before us . . . .
Id. at 27.
CNA Ins. Co. v.
Hyundai Merchant Marine Co. Ltd., 747 F.3d 339 (6th Cir. 2014).
The CNA court examined the above cases and, as in Sun
Chemical, concluded that “the Southern District of New York seems to have done a turnabout
on this, from applying Carmack originally to now rejecting it outright.” Id. at 368. The court concluded that if the bill of
lading is a maritime contract under Kirby then:
Following the [Regal-Beloit] opinion all the way through—including the discussion
of Kirby and COGSA—the inverse of the holding is almost as clear as the
holding, albeit not as easily stated as a bright-line rule: when the journey
does begin with a Carmack-defined receiving carrier, Carmack may still not
apply to a multimodal through bill with a substantial sea component, for all
the reasons set out in Kirby . . . .
Id. The court held that Carmack did not apply.
Assurance v. A.P. Moller-Maersk, 2014 A.M.C. 908 (S.D.N.Y. 2013) .
This was a later decision in the same case as the Panalpina decision. Since Panalpina, Judge Jones retired from
the bench, and a new judge was assigned.
In this decision, which was entered after Sun Chemical but beforeCNA, the new judge granted a motion for reconsideration of the Panalpinadecision and concluded that Judge Jones’ order was erroneous in part, but
did not disturb the ruling that Carmack applied, not COGSA. Id. at 911. The case was subsequently transferred to yet
another judge. See Am. Home
Assurance v. A.P. Moller-Maersk, No. 07 Civ. 10947,
2014 WL 1303610 (S.D.N.Y. March 31, 2014)
The Moller-Maersk decision weakens to some extent the conclusion
in Sun Chemical and CNA that there is a trend away from applying
Carmack. However, it is also true that sinceRegal-Beloit, only Judge Jones of the Southern District of New York, who
has stepped down from the bench, and her successor judges in the same case,
have applied Carmack to inland damage to export cargo destined overseas under a
through bill of lading. Still, with the
limited number of decisions, and some variance in rationale, it remains too
early to tell how courts will continue to decide such cases.
Jameson Rice (Jameson.Rice@hklaw.com) is a member of Holland & Knight’s Transportation
Sector. Holland & Knight was named
the 2014 "Law Firm of the Year" in Admiralty & Maritime Law by
U.S. News – Best Lawyers® and its partners are ranked in Chambers &
Partners, USA 2014 Nationwide rankings for Transportation: Road
(Carriage/Commercial); Rail (for Railroads); Shipping Litigation and Shipping
Finance; and all areas of Aviation. His
biography may be found here: http://www.hklaw.com/Jameson-Rice/
|Return to Top|
|Unintended Risks of Bring Your Own Device Programs|
|By C. Matthew Detzel, Esq. (Akerman LLP)|
the last few years, new acronyms like “BYOD” (Bring Your Own Device) and “MDM”
(Mobile Device Management) have been added to the in-house attorney’s lexicon
as a result of the astonishing proliferation of smartphones and tablets being
used in the workplace.  Companies adopt BYOD policies and programs to
protect against risk and prevent litigation.
As several recent court decisions illustrate, an organization’s BYOD
policy might actually expose it to greater risk or open it up to
litigation. This article surveys some of
the potential issues that companies and corporate counsel should be prepared to
face after implementing a BYOD program.
recent decision by a California appellate court in Cochran v. Schwan’s Home Service, Inc. provides an apt
example. In Cochran, the court considered the appropriate application of a
particular California statute, Labor Code section 2802, to employees’ use of
personal mobile phones to conduct business for their employer, Schwan’s Home
Service. Ultimately, the Cochran court held that the purpose of
the particular California statute at issue was to prevent employers from
passing their operating expenses on to their employees and that the statute
required reimbursement of all reasonable expenses incurred by employees for the
mandatory use of their personal phones for business calls. Schwan’s BYOD policy failed to appropriately
provide for this reimbursement, resulting in class action litigation on behalf
of its California employees.
the claim considered by the Cochran
court involved voice calls, the holding appears sufficiently broad enough that
it could similarly require reimbursement of employee expenses incurred for data
service necessary to access company e-mail, calendars, or company files and
statute at issue in Cochran may be
unique to California, but several states have passed laws requiring employers
to notify employees when monitoring their electronic communications. See, e.g., Del. Code Ann., Tit. 19, §
705 (2005); Conn. Gen.Stat. Ann. § 31-48d.
Companies with employees in multiple jurisdictions should remember that
one size may not fit all for BYOD programs.
It may be prudent for corporate counsel to review BYOD policy on an
annual or semi-annual basis to ensure compliance with the applicable regulatory
may also find themselves subject to claims that retaining access to the
personal communications or data of exiting employees after termination violates
the Stored Communications Act, 18 U.S.C. § 2701 et. seq. (the “SCA”), as in Lazette
v. Kulmatycki. In Lazette, the court sustained the
plaintiff’s claim under the SCA against her former employer, where the
plaintiff claimed her former boss reviewed substantially all of her personal
e-mail that remained accessible from the employer-supplied mobile device she
returned upon termination of her employment.
The court rejected the former employer’s defense that plaintiff’s
acceptance of its mobile device policy defeated the plaintiff’s claim under the
SCA, explaining that “[r]andom monitoring is one thing; reading everything is
determining the appropriate compromise between corporate data security and
employee privacy, corporate counsel and their clients will have to consider how
their choices on BYOD policy may impact future exposure. Lawyers may need to caution clients that BYOD
policies allowing extensive monitoring of, control over, and access to employees’
personal devices could expose the company to future litigation. Although very few courts have considered
claims implicating BYOD programs to date, company monitoring of employees’
privately-owned devices is certain to raise questions for in-house attorneys in
the near future. For instance, what is
the scope of the company’s duty to preserve and produce personal data stored or
maintained on an employee’s device?
an employee is also an individual defendant or is central to the litigated
claims, the answer appears to be that the company and the individual employee
share this duty to preserve and can be sanctioned for failing to do so. In First
Mariner Bank v. Resolution Law Grp., P.C., et al., the defendant employee
traded his mobile device in to his wireless carrier for a credit towards the
purchase of a newer device well after litigation had commenced, and the court
sanctioned both the defendant employer and defendant employee for failing to
preserve the data on his mobile device.
litigants have already begun targeting organizations with intentional
spoliation claims premised, in part, on the organizations’ right to use,
monitor, or control disposition of data on personal devices. For example, in Gabb v. International Brotherhood of Boilermakers, the court considered
a claim for intentional spoliation of evidence brought by a plaintiff alleging
her employer destroyed text message evidence of sexual harassment from the
personal devices of other employees.
Similarly, in Nkemakolam v. St.
John's Military School, the court considered a claim that the defendant
school intentionally took possession of students’ phones and deleted
photographic and video evidence of the physical abuse alleged by plaintiff.
this backdrop, the ability to remotely wipe all data from an employee’s device
using MDM software may pose considerable liability risks for organizations if
not used with caution. For instance, use
of remote wipe may unintentionally destroy or otherwise render irretrievable
the only copy of critically important information at issue in litigation. Under circumstances similar to those in Goodman v. Praxair Services, Inc. where
the possibility of litigation is anticipated, courts may be willing to impose
sanctions for spoliation of evidence, such as instructing the jury to draw an
adverse inference against the company, even where the wipe activity may be
routine procedure whenever an employee is terminated.
Companies should consider this potential hazard when
first establishing or updating guidelines for remotely wiping data on
employee-owned personal devices.
as reliance on BYOD programs expands, so too may the common-law duties of care
and definition of the scope of employment be stretched to cover the new
territory. Civil plaintiffs may eventually
seek to use the terms of corporate BYOD policies as offensive weapons to
bolster negligence claims, especially with respect to hiring and supervision of
employees. In the hopes of finding
deeper pockets, civil plaintiffs may also argue BYOD policies expand the reach
of doctrines like respondeat superior
to cover situations where a plaintiff suffers injury from the negligence of an
employee who causes an automobile accident, outside of normal work hours,
because she was reading or sending a business e-mail on her mobile device while
summary, it is important for companies to anticipate that along with the benefits
offered by adoption of BYOD programs in the workplace may come additional
exposure to liability. By thinking
proactively and discussing these concerns presented with other departments,
in-house counsel can raise awareness within the organization and help to
develop internal procedures for minimizing or avoiding any disruptive impact on
 For those unfamiliar with BYOD, many a primer detailing best practices for
crafting effective, comprehensive BYOD policies can be found with an internet
Author: C. Matthew Detzel, Esq. (Akerman LLP) Bio
|Return to Top|
|Workers’ Compensation: Cost Drivers in an Ever Changing Work Environment|
|By Michael D. Kendall, Esq. (Marks Gray, P.A.)|
Today’s work environment is not
your grandparent’s work environment.
Actually, today’s work environment is not likely the same work
environment that many of you reading this article started in. Instead, the work environment is constantly
changing and employers are (or should be) changing with it to maintain a competitive
edge and to attract and maintain quality employees. However, the changes employers make to the
work environment should be made with proper consideration of potential workers’
compensation risks and costs. There are
many “silent” risks in a changing work environment that often serve as cost
drivers for workers’ compensation insurance coverage that are not realized by
employers until claims start to arrive and then it is too late to consider
controlling the cost.
Temporary Workers and
Employers are now hiring a large
number of temporary workers and contractors instead of traditional employees in
an effort to curb expenses like health insurance, pension plans and other
fringe benefits often included as part of the overall compensation package for
employees. The cost of hiring temporary
workers is often less than the cost of hiring permanent employees with
benefits. If employers have a short term
project, it is generally more cost-efficient to hire a temporary employee. However, for jobs that are expected to last
six months or longer, it may pay to hire a full-time employee.
Using an agency to provide
temporary employees can control the costs to the employer. The agency is responsible for and bears the
financial burden of recruiting, screening, testing and hiring workers; payroll
expenses and paperwork; payroll and withholding taxes; unemployment and
workers’ compensation insurance; and any employee benefits they may wish to
provide. If the employer knows there is
not a long-term need for a permanent full-time employee, a temporary employee
provided through a temporary agency is a cost-effective way to obtain quality,
pre-screened candidates and at the same time, minimize any additional
costs/risks to workers’ compensation insurance premiums. Studies show that frequency and severity
rates of on-the-job injuries are significantly higher with temporary
workers. No matter what a person’s experience
is, care must be taken to see that dangerous tasks are performed safely. Employers should never assume a temporary
worker is fully prepared to work unsupervised, even if hired through an agency.
Another twist on the traditional
full-time employee is to hire someone as an independent contractor. Employers believe, and in many cases
correctly so, that hiring an independent contractor means that the employer is
not responsible for workers’ compensation coverage. However, the choice to hire independent
contractors can often lead to the misclassification of independent contractors
which in turn leads to increased costs litigating employment status.
For example, if an employer hires
an independent contractor and that contractor is injured in the course and
scope of the contractual obligations, the independent contractor may seek
coverage under the employer’s workers’ compensation policy. However, if truly an independent contractor,
workers’ compensation is not available.
By definition, an independent
contractor is working for the employer pursuant to agree upon “contractual
terms.” These terms should be
memorialized is a written contract that fully sets out the terms of the
agreement. Often employers think that
just classifying someone as an independent contractor is sufficient but if
forced to later litigate employment status, that classification can be hard to
justify if not memorialized in a written contract.
In order to properly classify
someone as an independent contractor, the Florida Legislature has developed a
checklist and employers should consult this checklist when hiring the
independent contractor. Employers need
to confirm that the independent contractor maintains a separate business with
his or her own work facility, truck, equipment, materials, or similar
accommodations. Also, confirm that the
independent contractor holds or has applied for a federal employer
identification number, unless the independent contractor is a sole proprietor
who is not required to obtain a federal employer identification number under
state or federal regulations. Next, and
perhaps most importantly, confirm that the independent contractor receives
compensation for services rendered or work performed and confirm that such
compensation is paid to a business rather than to an individual. An independent
contractor can perform work, or is able to perform work, for any entity in
addition to or besides the employer at his or her own election without the
necessity of completing an employment application or process.
Those who work away
from corporate facilities
Many employers today offer
employees the option to “work from home.” This option is offered to attract
quality employees that may not take the position because of conflicts with a
traditional work day or with location/geographical obstacles. As of 2011, approximately 34 million people
reported working from home occasionally and that number is projected to
increase to approximately 63 million by the year 2016. Not only are employees working remotely from
home, some are working from their cars, some from hotel rooms (sales force) and
some from co-locations of the employer.
This change in the “traditional” workplace presents various risk
management problems that are often not considered when an employer makes the
decision to offer alternative employment locations. For example, if an employer allows the employee
to work from home and he trips over his dog when he is getting up from the desk
in his home-office, is he covered by workers’ compensation? Yes.
Employers who offer
non-traditional work environments are providing much desired flexibility to
employees while absorbing all of the increased risk. In the ever-changing work environment,
employers should strongly consider offering flexibility for employees when it
comes to where and when the employees work.
However, employers should consider the risks to such changes so as to
not be surprised later if the risks result in outcomes that increase the
overall cost to the organization in the form of workers’ compensation claims.
An aging workforce
and chronic conditions
Today’s work force is
considerably “older” than the workforce of 20 years ago. The increase in the average age of workers
directly correlates to increased exposure to work accidents. The U.S. Bureau of Labor Statistics estimates
that by 2015 “one in every five American workers will be over 65, and in 2020,
one in four American workers will be over 55.”
An aging workforce directly correlates with a variety of chronic health
conditions and outcomes. The older an
employee gets the more likely that employee is to have non-work related chronic
conditions and thus the increased likelihood of an on-the-job injury.
Employers can take action to
limit or minimize the risks to an aging workforce and the increased likelihood
of on-the-job injuries. In today’s workforce,
employers should take proactive steps to get employees thinking about their
individual health and promote healthy lifestyles. Employers can consider providing healthy meal
options in cafeterias. Employers can promote
and offer tobacco cessation assistance and weight loss programs. These types of programs focus on the
employee, offer encouragement and support and can have a positive impact on
morale while at controlling an otherwise uncontrollable cost driver. We are all going to get older and if we work
together to keep employees healthy we increase productivity and control the
risks inherent with an aging workforce.
Michael D. Kendall, Esq. is the Chair of Mark Gray's worker's compensation practice area. His practice focuses on representing insurance carriers and employers in Worker's Compensation matters. His bio can be found here.
|Return to Top|
|Vendor Management and Privacy|
|By Jack Pringle, Esq. and Lyndey Zwing, Esq. (Adams and Reese LLP)|
When the infamous
bank robber Willie Sutton (reputedly)
was asked why he robbed banks, he answered “because that’s where the money is.”
Thomas J. Curry, Comptroller of the Currency, cited Sutton’s quote in a recent speech explaining why financial institutions are
such attractive targets for cybercriminals. Not surprisingly, the Office of the Comptroller of the Currency (OCC)
and other bank regulators have recognized the critical importance of
information security in protecting (among other things) “the money.”
These days, banks
aren’t the only businesses grappling with the challenges of protecting valuable
assets from criminals. As a report on
cybersecurity published in The Economist
recently pointed out, the internet was built for connectivity, not security.
Companies in many industries are discovering that the benefits of connecting
and sharing information with others (including doing business in “the cloud”)
come with a price: their valuable information assets (and those of their
customers) are increasingly at risk.
risks extend beyond the (fire)walls of a business and frequently involve
third-party vendors. The Target breach -- and an HVAC contractor's role in same
-- underscored just some of the myriad risks associated with third-party
vendors. One lesson is that although business partners may be at fault when
information security or networks are compromised, the ultimate responsibility
for those incidents -- the financial, legal, and reputation damages -- cannot
easily be shifted from the business to the otherwise-responsible third parties.
The OCC understands
the potential risks of doing business with third-party vendors. Its OCC Bulletin 2013-29 (the "Guidance")
identifies a number of issues that banks must consider when assessing and
managing risks associated with third-party relationships.
holistic approach to risk management is particularly instructive for any
business connecting with vendors and entrusting third parties with valuable
information (e.g. personal identifying information, intellectual property,
competitively sensitive information).
Effective Information Risk Management throughout the Life of the Vendor
Relationship (A Work in Progress and Process)
risk is dynamic (emerging technologies, the ever-changing threat landscape, an
evolving legal and regulatory landscape), it cannot be "managed" at
any given single point in time. For these reasons, the Guidance emphasizes that
management of vendor information risk, like all information security and risk
management, is an ongoing process or project, involving a combination of
people, policies, and technology that is assessed and adjusted based upon
The “lifecycle” of a
vendor relationship includes the following milestones:
- Planning. Identify the potential
information risks associated with a vendor before those risks arise;
- Vendor Selection. Evaluate and choose vendors with
an eye towards addressing and minimizing those risks;
- Contract Negotiation. Insist upon written contracts that
take into account the value of information assets and address information
risk as appropriate; and
- Ongoing Oversight. Monitor vendor performance over
the life of the relationship.
Information Assets and Risks)
- Designate those individuals and
groups with specific responsibility for vendor management that will
continue during the life of the relationship;
- Identify those information assets
(e.g. personal identifying information, intellectual property,
confidential information, trade secrets) that will be shared with a vendor
(or put at risk as a result of a vendor relationship);
- Consider the laws and regulations
applicable to the business and the third-party vendor, plan for how the business
will assess potential vendors, negotiate a contract with appropriate
information privacy and security provisions, and oversee the vendor's
performance of the parties' contract;
- Determine the potential negative
consequences (e.g. financial risk, legal and regulatory risk, reputation
risk) that a third-party data breach, system outage, or network intrusion
might have on your business..
(Make Sure the Vendor Can and Will Protect Information)
- Undertake a proper investigation
before selecting a third party to manage information assets. Due diligence
at a minimum requires an assessment of a vendor's legal and regulatory
compliance, financial condition, and business experience and
- Consult reference information
available on the Web and elsewhere (including background and reference
checks through the Better Business Bureau,
the Federal Trade Commission, state
attorneys' general offices, state departments of consumer affairs, etc.)
to learn about a prospective partner’s business and history; customer
complaints or litigation; Securities and
Exchange Commission and other regulatory filings; and its
website and other marketing materials.
- Review the vendor's risk
management and information security programs (and any written
documentation, including policies, processes, and internal controls, which
may be associated with those programs), consider any certifications (ISO/IEC, NIST)
the vendor may hold, and review the results of any information security
assessment or audit the vendor may have conducted.
- Evaluate the vendor's resilience,
or ability to respond to various service disruptions or breach events.
Does the company have a disaster recovery or business continuity plan? And
what kind of incident-reporting and management programs does the
vendor have in place, especially in the event of a data breach? In
other words, has the vendor considered information risk in creating its
own processes and systems?
Contract Negotiation (Define Rights and
- Negotiate a written contract
specifying the rights and responsibilities of the parties, particularly
when a business has direct privacy and information security obligations.
If a vendor will have access to personally identifiable information or
other confidential or sensitive information, then the contract must define
the specific information that will be provided to the vendor, as well as
the vendor's obligations with respect to that information. If legal or
regulatory requirements (e.g. GLB, HIPAA, various state statutes) govern
information provided to the vendor, then the vendor's compliance with all
such authority should be spelled out clearly in the contract.
- Spell out in detail the
information security safeguards to be employed by the vendor, and the
oversight rights to ensure vendor compliance with those safeguards. The
business may require annual third-party assessments, audits and/or
examinations of the vendor's security systems and practices, in order to
ensure ongoing compliance with the contract.
- Designate the requirements and
procedures to be followed by the vendor in the event of a security breach,
including timely notification, full cooperation, and assignment/allocation
of responsibility for response, mitigation, and remediation activities.
- Include reimbursement,
indemnification, and applicable insurance requirements (including
cyberliability insurance) as appropriate and necessary.
- Define the events that will bring
about default and termination under the contract, and consider the
transition from that vendor to another provider and the effect it may have
on the business.
(Assess, Adjust and Adapt)
- Maintain clear roles and
responsibilities for monitoring the performance of the vendor over the
life of the relationship.
- Evaluate a vendor’s performance
and compliance periodically. In the same way a business must continually
assess, adjust, and adapt to evolving information risk, so too must its
- Consider whether information
security standards, insurance requirements, and other obligations set out
in the contract must be revised based upon the parties' experience,
changes in the legal or technological landscape, or other factors.
Nicholas Taleb has written that “It
is preferable to take risks one understands than understand risks one is
taking.” Understanding the risks of connecting with and entrusting
information to third parties, and taking steps to manage those risks is an
essential requirement for doing business in the information age- and protecting
Authors: Jack Pringle and Lyndey Zwing are attorneys with Adams and Reese LLP.
|Return to Top|
|ACC National Article and News|
|Considering CASL: Creating or Altering Your Communications Policy and Procedures|
The collective groans were palpable among counsel involved
in the Canadian legal community on July 1 when the long-awaited Canadian
anti-spam legislation (CASL) went into effect. Many organizations are not sure
if this broad and complicated law applies to them, and the name of the
legislation is not particularly helpful. The use of the word “spam” is
definitely misleading, as the law applies to electronic communications well
beyond those that are commonly thought of as such. In fact, the law is highly
restrictive, and certain elements of it apply to just about any commercially
related message that may be sent from or to an individual in Canada. It also
applies to the installation of a program (e.g., a website cookie) to a computer
in Canada. Below are some considerations to keep in mind when determining what
changes need to be made to your communications policy, as well as when creating
one for the first time.
Read the Fine Print
The preamble to CASL states that the purpose of the law is
to “promote the efficiency and adaptability of the Canadian economy by
regulating certain activities that discourage reliance on electronic means of
carrying out commercial activities.”
The legislation is based on three broad areas in governing
Expressed or implied consent is required before sending a commercial electronic
Each commercial message must clearly identify the individual and the
organization sending the message.
All commercial messages will need to include a method for the recipient to
unsubscribe from receiving commercial messages.
An important first step is to read through the legislation (S.C. 2010, c.
23) and guidance materials provided by the Canadian government. The website
is found here: www.crtc.gc.ca/eng/casl-lcap.htm. Beyond
the sense of the scope and purpose of the law, as well as some guidance on
interpretation, the website gives important information on the specific burdens
each organization will face, and thus, the starting point for weighing the
risks between the cost of implementation of compliant procedures versus the
potential liability of a violation (i.e., up to CA$1 million for individuals
and up to CA$10 million for businesses). Currently, only administrative actions
can be brought, but private right of actions will come into effect in
Reading through the legislation, it seems that there are as
many exceptions to the rules as there are restrictions. The law will require every
organization that has contacts in Canada to ask specific questions on who is
communicating, how they are communicating and why they are communicating. A
thorough investigation into these questions could provide some surprising
answers and pose some unique challenges in developing procedures that comply
with CASL, yet do not impede the organization’s ability to effectively conduct
Creating internal processes for employees to follow will
most likely be the easy part (and that will be challenging enough). The real
complications will be in understanding the communications of independent
contractors, consultants, board members, volunteers and other agents who may
communicate on behalf of the organization. Additionally, the organization will
need to know if it has subsidiaries, partners or other affiliates who
communicate on its behalf. What mechanisms, if any, does the organization have
in place to control these communications? CASL makes it clear that the
liability will fall on the organization for which the communications are sent
on its behalf (Sections 32, 45 and 53). Effective training will be crucial to
ensure understanding and compliance with the procedures. Another option for
consideration will be to modify the contracts with your non-employed agents,
where applicable. Due diligence checks with future vendors may need to include communication
policy and procedures that take CASL into account.
All electronic communications are impacted by CASL (Section
6), and this is not limited to mass emails, but also includes one-on-one
emails, text messages, list servers, social media and websites. Does the
(Section 8)? Does any link or email redirect the user to a different system
that is not accurately identified (Section 7)? Is it apparent to the user how
to subscribe and unsubscribe from the social platforms hosted by the
organization? Each organization will need to engage the various departments
controlling these types of communications to ensure the appropriate
identification and procedures are in place to allow the recipient to understand
exactly with whom they are communicating and how to stop communications.
Knowing why the staff and agents of an organization are
communicating will enable the organization to take advantage of the variety of
implied consents and exceptions available in CASL. Below are a few samples of
implied consents and exceptions, but particular care must be used. Generally, these
have a short lifespan or are restricted to the recipient’s business function.
Additionally, many of them are subject to the unsubscribe provision (Section
11), meaning that even if implied consent exists, no commercial electronic communication
can take place if the recipient has unsubscribed from receiving electronic
Section 6(5)(b): Business inquiries
Section 6(6): Effectuating a business
Sections 10(9)(a) and (10): Existing business
Sections 10(9)(a) and (13): Existing
Section 10(9)(b): Email address conspicuously
displayed on a website
Section 10(9)(c): Recipient gave the
organization a business card
Charity organizations will want to explore the exceptions
they have been granted from CASL compliance to Section 6 for electronic
communications specifically for the purposes of raising funds.
Getting Expressed Consent
CASL does a better job of defining a commercial message by
what it is not than by what it is; however, CASL explicitly states “an
electronic message that contains a request for consent to send a message … is
also considered to be a commercial electronic message” [Section 1(3)]. Expressed consent does not expire until the individual
explicitly unsubscribes; thus, having expressed consent from recipients is the
best mechanism to ensure compliance. Unfortunately, expressed consent is not always
easily obtained. With the law in effect, organizations are prohibited from
email campaigns to obtain consent from individuals for whom no basis for
implied consent exists. Marketing departments will need to work across the
organization’s various departments to ensure multiple methods are available to
obtain expressed consent. Requests for expressed consent can be made on
websites, event applications and multiple other methods where the public may
reach out to the organization. Additionally, no electronic communication made on
the basis of implied consent or an exception should go out without an
invitation to provide expressed consent.
Your IT Department is
If the compliance procedures are to be truly effective and
not overly burdensome on the staff and agents trying to comply, the IT
department will need to be brought in early. Technological solutions will be an
absolute must. Not only is it important to have effective means for the staff
and agents to determine with whom they can and cannot communicate, the law also
sets out particular requirements on what the organization will need to show in
order to prove it had the necessary consent, regardless of expressed or
implied, to send the electronic communication (Section 13). Furthermore, the IT
department can create dynamic unsubscribe mechanisms that carefully define what
type of communications the recipient wants to receive. This will help the
organization prevent establishing a “nuclear option” of restricting all
communications, which is neither warranted by law nor desired by the recipient.
Other laws to take into
The complications of CASL become readily apparent during the
development of the compliance procedures; however, the legal implications do
not stop there. It is very simple to require a phone call in place of
electronic communications with people in Canada with whom no consent exists;
however, Canada’s National Do Not Call List (DNCL) needs to be considered. It
is also not hard to imagine requirements going into place for independent
contractors that could start to impinge on their classification in the Fair
Labor Standards Act (FLSA), such as the required use of an organization’s email
system and computer, as well as other restrictions that may hamper their choice
in how and when they choose to work.
Each organization’s assessment of risk, and the resulting
policy and procedures put into place, will vary considerably. As with many new
pieces of legislation, there are many questions and much uncertainty regarding
interpretations and applications. Over time, it is hoped that the law will be
better defined, and organizations will be able to implement more precise
procedures that do not hamper legitimate commercial electronic communications.
|Return to Top|
|ACC National News and Information|
Recruit a New
Member Today and Reap the Benefit.
ACC community grows stronger with every member. Share with your colleagues how
ACC has helped you do your job better, and help them benefit from what ACC
offers. From now through September, invite an in-house peer to join ACC, and
you could receive a free CLE/CPD webcast and more. Learn more at www.acc.com/strongertogether.
2014 ACC Annual Meeting: Rates Increase
After Sept. 17
Act now to save
on 2014 ACC Annual Meeting (Oct. 28–31, New Orleans, LA) registration rates.
With 100+ CLE/CPD programs and 30+ networking hours, this is the event to enhance your practice
skills, stay up-to-date on the latest legal industry trends and expand your
professional network. Join thousands of your peers at the world’s largest
gathering of the in-house community, and bring home practical tips you can put
to use immediately. Learn more and register at am.acc.com. [LINK: http://www.acc.com/education/am14/]
Enhance Your Business Skills
Bring more than
your legal skills to the table. Attend business courses offered by ACC and the
Boston University School of Management to enhance your business management
skills, earn CLE/CPD credits and network with peers. Upcoming programs include
· Project Management for the In-House Law
Department (Sept. 29–30)
· Mini MBA for In-House Counsel (Dec. 3–5)
· Risk Management & In-House Counsel (Oct.
take place in Boston, unless otherwise noted. Learn more and register at www.acc.com/businessedu. [LINK: http://www.acc.com/education/businessedu/index.cfm]
ACC Compliance Portal: New Topic Added!
Check out our
newest cross-border topic on Third Party Risk Management — available within the
ACC Compliance Portal. Consisting of various key resources, such as
thought-leadership videos, sample forms, quick references and relevant
articles, this resource bundle provides valuable insight on how to best manage
third-party risks. To learn more about this or other ACC resources on popular
compliance topics, visit here. [LINK: http://www.acc.com/ethicsxchange/bundle.cfm?ctpid=445]
Be a Strategic Asset to Your Board
ACC and the
National Association of Corporate Directors have joined together to bring you a
new event: The Insider’s Guide to the Boardroom. This unique educational
program is designed specifically for corporate law department leaders who want
to be seen as a strategic partner to the business, contributing more than legal
advice. The event takes place Sept. 15 in Chicago. Find out more and register
today. [LINK: https://www.registrationheadquarters.com/events/?42fbf07c4ab44d519d5d7e415d1a4152a&mmurlid=46159071]
Featured Partner: Modus and Practical Law
challenges with help from two ACC Alliance partners who can help you prepare
for whatever may come. Look at these two unique offers:
· Modus [LINK: http://discovermodus.com/] is a data
management company that helps organizations assess, strategize and leverage
critical business intelligence obtained from people, processes and data, to
optimize legal and enterprise-wide business results. Modus offers ACC
members a free three to four hour eSynthesis
strategy session to audit people, processes, data and finances to identify
areas for improvement. Learn more at http://discovermodus.com/services/consulting-services.
· Practical Law [LINK: http://us.practicallaw.com/] provides legal know-how that gives
lawyers a better starting point. Their expert team of attorney editors creates
and maintains thousands of practical resources across all major practice areas.
They go beyond primary law and traditional legal research to allow you to
practice more efficiently and improve client service. Request a free trial
today at http://startwithpracticallaw.com.
[LINK: http://us.practicallaw.com/about/start-with-practical-law?utm_campaign=USLD32441/002 ]
Find out more
about all of the Alliance partners at www.acc.com/alliance.
Clamantis: Advocating for the In-House Bar
For In-House Privilege in the DC Circuit Court
In late June, the DC Circuit Court adopted the ACC perspective on the role of
privilege protection in the conduct of internal investigations. Reversing
a particularly dangerous district court decision, the DC Circuit provided
privilege protection to internal investigations if just one of the significant
purposes of an internal investigation is the seeking of legal advice. Many
courts have been less protective of privilege in these circumstances, so we are
particularly pleased with this result and will be leveraging it elsewhere. The
name of the case is In re Kellogg Brown & Root, Inc. et al., and the
ACC brief can be found at tinyurl.com/acc-privilege. [LINK: http://www.acc.com/advocacy/upload/In-re-KBR-031914.pdf]
ACC and ACC
Europe Challenge Second-Class Citizen Status of German In-House Lawyers
year, the Federal Social Court in Germany required inside — not outside —
lawyers to participate in the less lucrative state pension scheme, arguing that
in-house lawyers were not as independent as their outside
counterparts. ACC and its European Chapter supported an effort to petition
the Bundestag to overrule this erroneous decision. Although that petition
effort failed, ACC is working with German in-house lawyers to use every
available tool we have to fight back against this development. For more
information, please visit tinyurl.com/acc-germany. [LINK: http://advocacy.acc.com/2014/06/sign-german-petition-to-protect-in-house-counsel/]To find out more on ACC's current
advocacy initiatives, please visit advocacy.acc.com. [LINK: http://advocacy.acc.com]
|Return to Top|
|Job Digest [Last Updated 9/27/14]|
|By Blake Gibson, ACC North Florida Board Member|
Welcome to the ACC North Florida Job Digest! Please check back often as this digest will be updated frequently throughout the quarter and until the next newsletter is published. If you are an employer and have a job to post in this digest, please contact Blake Gibson (email@example.com).
Role: Asset & Wealth Management Attorney
# of Years: 5+
Overview: Deutsche Bank Asset
& Wealth Management Legal Group – Product & Regulatory Position
Position sought for Deutsche Bank’s Legal Department in Jacksonville, FL
supporting Deutsche Bank’s the Alternatives and Real Assets Group (ARA) of the
U.S. Asset & Wealth Management (AWM) division
Role: Global Transaction Banking Attorney
# of Years: 4+
Overview: Seeking qualified
attorney in Deutsche Bank’s Legal Department in Jacksonville who will support
the Bank’s Global Transaction Banking cash management and trade services
Role: Global Markets Attorney, AVP (3 openings)
# of Years: 3-5
Overview: 3-7 years litigation or regulatory experience at a major law firm, with substantial civil discovery experience. In-house experience in financial services industry valued.
& Wyoming, Inc.
Role: SVP of Compliance
# of Years: 5+
Overview: The Senior Vice
President of Compliance (SVP, Compliance) will oversee Genesee &
Wyoming Inc., and its affiliate railroads, regulatory compliance programs,
ensuring that the company exercises due diligence and sound internal controls
operating in compliance with federal, state and FRA regulations. This position
will be responsible for the quality assurance measures and support necessary to
monitor, review and analyze the compliance with federal and state regulations
applicable to freight railroads. The Senior Vice President of Compliance will
direct overall management, administration and implementation of operational
compliance activities. This position will be responsible for providing
support, as needed, to regional and railroad operations for compliance
investigations and audits. The SVP of Compliance will work closely with senior
management to evaluate and respond to suspected compliance violation, and for
consistent enforcement, disclosure and remedial action protocols. The position
will monitor operational and direct observation administrative systems.
Company: Genesee & Wyoming, Inc.
Role: Employee and Labor Relations Director, Employment
# of Years: 7+
Overview: We are currently hiring for an Employee and Labor Relations Director. The position will either be located out of our Rochester, New York or Jacksonville, Florida Office. The Employee and Labor Relations Director will be responsible for the development and implementation of labor and employee relations initiatives and strategies under general supervision of the Vice President, Employee and Labor Relations.
Company: Wounded Warrior Project
# of Years: 5+
Overview: Provide support and perform a variety of paralegal and/or administrative duties for the legal department under the supervision of the Assistant General Counsel.
Company: Wounded Warrior Project
Role: Legal Assistant
# of Years: 3+
Overview: The Legal Assistant is primarily responsible for providing direct administrative support to Wounded Warrior Project’s (WWP) General Counsel, Assistant General Counsel, Staff Attorneys, and other members of the legal department. Assists with telephone coverage for the legal department, budget and accounting functions, meeting coordination, calendar management and scheduling, making travel arrangements, drafting, data entry, researching, filing and photocopying; assists with other administrative duties as assigned.
|Return to Top|