Embed Size (px)
Citation preview
26th Annual Issues for
Corporate House Counsel
CLE Seminar
Louisville, Kentucky
Sponsored by the
Kentucky Bar Association
Corporate House Counsel Section
Kentucky Bar Association
514 West Main Street
Frankfort, Kentucky 40601
502.564.3795
www.kybar.org
The Kentucky Bar Association Corporate House Counsel Section
presents:
26th
Annual Issues for Corporate
House Counsel CLE Seminar
This program has been approved in Kentucky for 7.00 CLE credits including
2.00 Ethics credits.
Compiled and Edited by: The Kentucky Bar Association
Office of Continuing Legal Education for
Kentucky Bar Association Corporate House Counsel Section
© 2016 All Rights Reserved Published and Printed by:
The Kentucky Bar Association, February 2016. Editor’s Note: The materials included in this 26th Annual Issues for Corporate House Counsel seminar book are intended to provide current and accurate information about the subject matter covered. The program materials were compiled for you by volunteer authors. No representation or warranty is made concerning the application of the legal or other principles discussed by the instructors to any specific fact situation, nor is any prediction made concerning how any particular judge or jury will interpret or apply such principles. The proper interpretation or application of the principles discussed is a matter for the considered judgment of the individual legal practitioner. The faculty and staff of the Kentucky Bar Association disclaim liability therefor. Attorneys using these materials or information otherwise conveyed during the program, in dealing with a specific legal matter, have a duty to research original and current sources of authority.
26th Annual Issues for Corporate House Counsel CLE Seminar
Table of Contents
Agenda............................................................................................................................. i Speakers ........................................................................................................................ iii Cyber Vigilance in a High Tech World: Tending to Lurking Legal Risks ........................... 1 EEOC Update ............................................................................................................... 17 Intellectual Property for the Occasional IP Practitioner .................................................. 31 The DOL's Busy Year: Raising the Salary Minimum for the FLSA and Cracking down on Independent Contractors .................................................................. 41 The "How To" of Securing Electronic Data: My Adversary Gets to See My Data. What Now? .......................................................................................................... 51 Checklists for Document Preservation/E-Discovery ....................................................... 59 The Top Five Ethical Violations Found in Malpractice Claims ........................................ 63 "....And Here's the Top Ten!" Ethics and Malpractice Avoidance Guide ........................ 97 Summary of Kelley et al. v. TMMK .............................................................................. 105
i
26th Annual Issues for Corporate House Counsel CLE Seminar March 10, 2016
Louisville, Kentucky
8:00-8:30 a.m. Registration & Continental Breakfast 8:30-9:30 a.m. Cyber Vigilance in a High Tech World: Tending to
Lurking Legal Risks (1.00 CLE credit) Kathie M. McDonald-McClure Lisa E. Underwood 9:30-10:00 a.m. EEOC Update (0.50 CLE credits) Leila G. O'Carra 10:00-10:15 a.m. Break 10:15-11:15 a.m. Intellectual Property for the Occasional IP Practitioner (1.00 CLE credit)
P. Douglas Barr Dana Howard 11:15-11:45 a.m. The DOL's Busy Year: Raising the Salary Minimum for
the FLSA and Cracking down on Independent Contractors
(0.50 CLE credits) Sharon L. Gold 11:45 a.m.-1:00 p.m. Luncheon & Annual Section Meeting 1:00-2:00 p.m. E-Discovery (1.00 CLE credit) Christopher M. Piekarski 2:00-3:00 p.m. The Top Five Ethical Violations Found in Malpractice
Claims (1.00 Ethics credit) Jane Broadwater Long
ii
3:00-4:00 p.m. "....And Here's the Top Ten!" Ethics and Malpractice Avoidance Guide
(1.00 Ethics credit) Jane Broadwater Long 4:00-4:15 p.m. Break 4:15-5:15 p.m. Wage & Hour Disputes: A Case Study (1.00 CLE credit) Timothy J. Weatherholt
iii
SPEAKERS
Kathie M. McDonald-McClure Wyatt, Tarrant & Combs, LLP 500 West Jefferson Street, Suite 2800 Louisville, KY 40202 502.562.7526 [email protected]
Kathie McDonald-McClure is a partner with Wyatt, Tarrant & Combs, LLP, where she is a member of the firm's Health Care Practice Group. She focuses her practice on the regulation of provider arrangements and beneficiary inducements, pharmacy board licensure, Medicare and Medicaid enrollment, Medicare reimbursement, secondary payer rules and related payment reform, clinical trial contracting and regulatory compliance, health care information privacy and security, and the adoption, implementation, and meaningful use of certified electronic health records. She is the editor of the Wyatt HITECH Law Blog, which focuses on legal developments related to health information technology, privacy, and security. Ms. McDonald-McClure received her B.S.B.A., with highest honors, from the University of Louisville in 1982, and her J.D. from the University of Louisville School of Law in 1985. She is included in Woodward/White's The Best Lawyers in America® 2009-2014, and was selected as a "Partner in Healthcare" by Business First, 2008-2014. She is a member of the American Health Lawyers Association, Health Care Compliance Association, Healthcare Financial Management Association, the Kentucky and American Societies of Healthcare Risk Management, Association for Conflict Resolution, International Association of Privacy Professionals, and the American, Kentucky, and Louisville Bar Associations.
Lisa E. Underwood
Wyatt, Tarrant & Combs, LLP 250 West Main Street, Suite 1600
Lexington, KY 40507 859.288.7665
Lisa Underwood is a partner with Wyatt, Tarrant & Combs, LLP in Lexington, where she leads the firm's Data Privacy & Security Team, bringing together the firm's experience in privacy and security in banking, healthcare and other industries in order to provide legal assistance on data security and breaches for clients across a multitude of industries. She also leads the firm's Equine and Gaming Team and is a member of the firm's Corporate and Securities Service Team. Ms. Underwood represents businesses in pari-mutuel and data privacy and security matters, as well as legislative, administrative law and regulatory initiatives. She previously served as Executive Director for the Kentucky Horse Racing Commission, as Deputy Commissioner for the Department of Public Protection and Acting General Counsel, Kentucky Horse Racing Commission, and as senior corporate counsel for Mason & Hanger. Ms. Underwood received her B.A. from Sewanee-The University of the South in 1981, and her J.D. from the University of Kentucky College of Law in 1984. She is a member of the International Association of Privacy Professionals (IAPP) and the Kentucky and Fayette County Bar Associations.
iv
Leila G. O'Carra Wyatt, Tarrant & Combs, LLP 250 West Main Street, Suite 1600 Lexington, KY 40507 859.233.2012 [email protected]
Leila O'Carra is a partner with Wyatt, Tarrant and Combs, LLP, where she is a member of the firm's Labor & Employment Service Team. She practices in the areas of labor and employment, higher education, and commercial litigation. Ms. O'Carra received her B.S. from Vanderbilt University in 1998, and her J.D. from the University of Kentucky College of Law in 2003. Prior to joining the firm, she clerked for Hon. Jennifer B. Coffman, U.S. District Court Judge for the Eastern and Western Districts of Kentucky from 2003-2005. Ms. O'Carra is the Legislative Director for the Bluegrass Society for Human Resource Management, and is a member of the Central Kentucky American Inn of Court, the National Association of College and University Attorneys, and the Federal, American, Kentucky, and Fayette County Bar Associations.
P. Douglas Barr Stoll Keenon Ogden, PLLC
300 West Vine Street, Suite 2100 Lexington, Kentucky 40507-1801
859.231.3000 [email protected]
Doug Barr is a member of Stoll Keenon Ogden, PLLC in Lexington, and currently serves as the firm's Managing Director. Mr. Barr is a litigator and a key member and leader of the firm's Business Litigation and Intellectual Property Litigation practice groups. His practice is focused on a wide range of complex business litigation including patent infringement litigation and related patent litigation, intellectual property licensing disputes, trademark infringement, trade secret litigation, fiduciary litigation, complex employment litigation, breach of contract litigation, and internet disputes. Mr. Barr received his B.A., with High Distinction, from the University of Kentucky, and his J.D., with Honors, from Ohio State University. He is a member of the Fayette County, Cincinnati, Kentucky, Ohio, American, and Federal Circuit Bar Associations. Mr. Barr is AV® Preeminent™ Peer Review Rated by Martindale-Hubbell®, is listed in The Best Lawyers in America®, recognized by Chambers USA and is honored as a Kentucky Super Lawyer for his many legal accomplishments.
v
Dana Howard Stoll Keenon Ogden, PLLC 300 West Vine Street, Suite 2100 Lexington, Kentucky 40507-1801 859.231.3000 [email protected] Dana Howard is a member in Stoll Keenon Ogden, PLLC's Lexington office and has been with the firm since 2007. She concentrates her practice on complex commercial and IP litigation cases as well as privacy law issues. Ms. Howard has achieved CIPP/US certification as a privacy professional by the International Association of Privacy Professionals (IAPP). She is a graduate of the University of Kentucky College of Law, where she served as Symposium Editor of the Kentucky Law Journal and was elected to the Order of the Coif. Ms. Howard is an active member of the Fayette County and American Bar Associations, as well as the Fayette County Women Lawyers Association and the American Intellectual Property Law Association.
Sharon L. Gold Wyatt, Tarrant & Combs, LLP
250 West Main Street, Suite 1600 Lexington, Kentucky 40507
859.288.7443 [email protected]
Sharon Gold is a partner at Wyatt, Tarrant & Combs, LLP and a member of the firm's Litigation and Dispute Resolution team. Ms. Gold represents employers in a variety of lawsuits and administrative proceedings brought by employees alleging Title VII, FMLA, ADA, ADEA, FLSA and state law claims. She also counsels employers on legal employment and wage and hour practices in order to prevent lawsuits, and provides internal training to employers, supervisors and employees about various employment law topics. Ms. Gold graduated magna cum laude from the University of Kentucky College of Law, where she was selected to the Order of the Coif, and served as Notes Editor for the Kentucky Law Journal. She has been named a "Rising Star" by the Kentucky Super Lawyers publication. Ms. Gold is a Barrister in the Central Kentucky American Inn of Court, and is a member of the Kentucky and Fayette County Bar Associations.
vi
Christopher M. Piekarski Dzenitis Newman, PLLC 6000 Brownsboro Park Boulevard, Suite F Louisville, Kentucky 40207 502.614.8484 [email protected] Christopher Piekarski is an associate with Dzenitis Newman, PLLC in Louisville, where he focuses on health care law, including medical malpractice and long term care defense. He received his B.S. from Western Illinois University in 2000 and his J.D., cum laude, from the University of Louisville Brandeis School of Law in 2004. Mr. Piekarski was named a Kentucky Super Lawyers® Rising Star in 2013 and 2014 in the area of medical malpractice. He is a member of the Kentucky, Florida, and Ohio State Bar Associations.
Jane Broadwater Long 323 West Main Street, Suite 600
Louisville, Kentucky 40202 502.568.6100
Jane Broadwater Long is Vice President and Claims Counsel of Lawyers Mutual Insurance Company of Kentucky where she manages and supervises claims. Prior to joining Lawyers Mutual, she was in private practice in Atlanta, Georgia, and worked in-house as corporate counsel of litigation and employment law for AFC Enterprises, Inc. She returned to Louisville in 2001 to work for Rice Insurance Services Company, LLC, which provides professional liability insurance to real estate agents in twelve states handling claims. Ms. Long received her undergraduate degree from the University of North Carolina at Chapel Hill and her law degree from the University of Kentucky College of Law. She is a frequent speaker at Kentucky CLE seminars on legal malpractice, legal ethics, and risk management. Ms. Long serves on the Board for KESA and is a member of the Kentucky and Georgia Bar Associations.
vii
Timothy J. Weatherholt Fisher & Phillips, LLP 220 West Main Street, Suite 2000 Louisville, Kentucky 40202 502.561.3982 [email protected] Tim Weatherholt is a partner in the Louisville office of Fisher & Phillips, LLP, where his practice involves representation of management in employment litigation arising under any number of state and federal statutes. He advises and represents clients in developing employment policies and procedures, responding to administrative charges, and dealing with employee separation matters. While attending Vanderbilt Law School, Mr. Weatherholt placed second in the Bass, Berry & Sims Intramural Moot Court competition. After law school, he clerked for the Honorable Joseph H. McKinley, Jr. of the United States District Court for the Western District of Kentucky. Mr. Weatherholt has worked extensively with Toyota entities since entering private practice, and has prepared numerous briefs on a wide variety of topics during TMMK's fifteen-year donning and doffing litigation. He is a member of the Kentucky Bar Association, and serves as Vice-Chair of the Louisville Bar Association's Appellate Section.
viii
1
CYBER VIGILANCE IN A HIGH TECH WORLD: TENDING TO LURKING LEGAL RISKS
Kathie McDonald-McClure and Lisa E. Underwood, CIPP/US © Wyatt, Tarrant & Combs, LLP
A breach of a company’s data security can have disastrous consequences for not only the business itself but also for the directors and officers, management, and for those whose data has been compromised. Businesses, directors and officers are being held more and more accountable for inadequate data security. This article will discuss some of the legal risks of which management should be aware and will provide tips on how to mitigate or shift those risks. We all know the line about why a bank robber robs the bank – "because that’s where the money is."1 Think about your company’s data as the "money" that needs to be protected from the bank robbers. It can be health care data or personal information of customers that can be sold over the internet or it can be intellectual property stolen by a competitor or a foreign nation state. Have you left the vault door open? I. BRIEF OVERVIEW OF TYPES OF RISKS PRESENT
A company should engage in a thorough security risk analysis to determine gaps in data security and a responsive plan of action in the event of a data security incident. A risk analysis along with prompt implementation of responsive action to a data incident also may help mitigate the potential for adverse government agency enforcement action in the event the incident is determined to be a security breach. The following discussion is a brief overview of the types of questions presented when assessing a company’s cybersecurity risk. Examples are given to provoke thought, analysis and discussion. This is not an "all encompassing" list of the risks to which a company may be subject. A data breach or incident can come from many different sources, either internal or external to the company. The activity leading to the breach or incident may be negligent or malicious. A. Insider Risks – Negligence
An internal threat can result from negligent activity of an employee, such as losing a laptop containing sensitive data, using weak passwords, taping passwords to a device, opening nefarious hyperlinks in or attachments to email, failing to disable user accounts of a former employee, or failing to install network operating system security patches. Employee use of mobile devices with access to sensitive or personal information have time and again resulted in security breaches for
1 This line has been attributed to Willie Sutton. He has denied saying it. In any event, it’s a good
saying.
2
companies and special attention should be paid to how to control the risk from their use by employees. Types of questions to ask when thinking through risks from negligent actions of insiders related to mobile devices and flash drives include:
Is company information on mobile devices?
Do you have a process in place to "wipe the device" if the mobile device is lost?
What is your policy on removable storage devices such as USB flash drives? These devices can introduce malware to the company’s computers. In addition, they are easy to lose.
If company data is on a flash drive is it password protected and encrypted?
Employee negligence in clicking on links in phishing emails is quickly becoming a major source of malware risk to companies as hackers are becoming increasingly sophisticated in created authentic-looking emails.
B. Internal Risks – Malicious
A data security incident and breach may result from an intentional act, such as a disgruntled employee (or former employee) sabotaging the company or stealing proprietary information stored in data files. The following provides a starting point for developing a plan of action for dealing with a potential disgruntled employee:
How is your confidential data stored? How do you dispose of it?
Do you have confidential or proprietary information a disgruntled employee might want to steal and then sell, or use to start a competing business? If so, how is that information protected? What information does the disgruntled employee have access to?
To avoid the prying eyes of a disgruntled employee (and others), are your computers set so they are password protected and have a time out feature which requires the password to be reentered after a certain period of inactivity?
With regard to employees who are to be terminated, do you have procedures: o To stop the employee’s access to the computer network
prior to termination of his or her employment?
o To retrieve all mobile devices of the terminated employee?
3
o To wipe any data the former employee might have on his own mobile device?
C. External Risks – Negligence
An example of a negligent external threat is one posed by the external vendor who can access your network before you have ensured you have adequate security controls in place. Do you require a security assessment report from vendors with access to your network? Do you have reliable information about the technical security of vendors who either have access to your network or to whom you supply confidential or personal information? If not, the vendor may be a source of risk. Do you know where your data is stored by your vendors? Vendors handling sensitive data for their customers may store your data "in the cloud," which can include computers located outside the United States. Data stored in computers in a foreign country may not be sufficiently protected or could be subject to foreign government intrusion. See "Vendor Contracts" below.
D. External Risks – Malicious
Examples of malicious external threats include hackers and state actors. It’s no secret that state actors are targeting companies for proprietary secrets. In a 60 Minutes special report by CBS news reporter, Leslie Stahl, on January 16, 2016, John Carlin, the assistant attorney general for National Security with responsibility for counterterrorism, cyberattacks and economic espionage, stated:
They [the Chinese government] want to develop certain segments of industry and instead of trying to out-innovate, out-research, out-develop, they're choosing to do it through theft. We see them put out the strategic plan, and then we see actions follow that plan. We see intrusion after intrusion on U.S. companies.2
Carlin told Stahl that the economic plans are published periodically by the Chinese Politburo. Stahl further reports that, according to the technology research firm INVNT/IP™, the Chinese economic plans are "blueprints of what industries and what companies will be targeted for theft."3
2 CBS 60 Minutes, January 17, 2016, "The Great Brain Robbery, Economic espionage sponsored
by the Chinese government is costing U.S. corporations hundreds of billions of dollars and more than two million jobs," by Lesley Stahl, correspondent, and Rich Bonin, producer. 3 On January 19, 2016, the INVNT/IP Global Consortium released its report, "Theft Nation: How
IP Theft Drives the Chinese National Business Model, and Its Effect upon the Global Economy." See http://www.invntip.com/press/ and http://www.invntip.com/ (the report is available at a cost of $4,900.00).
4
Hackers have broken into computer systems to steal health data, financial data and to install ransom ware. Toolkits to conduct cyber-attacks can be purchased on the internet. Ransomware is becoming more of a problem. The Ponemon Institute conducts an annual survey of businesses regarding their security incidents and security breaches. The resulting report is always interesting and should be reviewed each year when updating your cybersecurity action plan. The "2015 Cost of Cyber Crime Study: Global" by Ponemon ("Ponemon Study") survey of 252 companies illustrates that virtually all of them were subjected to attacks related to viruses, worms, Trojans and/or malware during a four week period. Of the companies surveyed, 64 percent experienced a web-based attack, 62 percent experienced phishing and social engineering attacks, and 35 percent experienced an incident from a malicious insider.4 The Ponemon Study noted that some industries are more likely to fall victim to cybercrime than others and the costs vary from industry to industry. According to the Ponemon Study, attacks by malicious insiders are the most expensive and take the longest to resolve.5
II. IDEAS FOR THE BOARD OF DIRECTORS AND MANAGEMENT TO SHOW
THEY ARE MEETING THE STATUTORY DUTY OF CARE – AND BECAUSE IT’S THE RIGHT THING TO DO
Under Kentucky corporate law, the statutory duty of care imposes on directors and officers the obligation to manage an entity in good faith, on an informed basis, and in a manner that they honestly believe to be in the entity’s best interest.6 For an additional description of the duties of the Board of Directors and tips on fulfilling those duties see "Data Security and Data Privacy Issues for Business Clients," by Lisa E. Underwood.7 With the frequency of data breaches increasing on a daily basis, directors and officers should be aware of their duty to be proactive in trying to prevent threats to their company, as well as to be prepared for a breach when it does happen. The following are the types of actions management can take to try to prevent threats and implement adequate data security:
Understand the cybersecurity issues and risks present for the company. Ask questions of IT staff, HR, legal and the financial department. For a board of directors to be "informed" and to possibly be protected by the
4 Ponemon Institute Research Report "2015 Cost of Cyber Crime Study: Global" p. 11.
5 Ponemon Institute Research Report "2015 Cost of Cyber Crime Study: Global" pp. 13 and 15.
The average annualized cost of attacks from malicious insiders is $144,542 and the average number of days to resolve the incident is 54.4. 6 KRS 271B.8-300(1).
7 Lisa E. Underwood, "Data Security and Data Privacy Issues for Business Clients," University of
Kentucky 15th Biennial Business Law Institute, March 27, 2015, at pp. 4-8.
5
business judgment rule when an event does happen, the board should have asked questions about the company’s policies to protect the security of confidential and personal data maintained on its IT network, in employee computers and mobile devices, access rights by vendors and employees, and efforts to educate employees and independent contractors regarding how to protect company data from malicious intrusions.
Hire a dedicated Privacy Officer and/or Security Officer whose full time job is to implement the following data protection safeguards: administrative safeguards (i.e., data privacy and security policies, training, sanctions, periodic evaluations), physical safeguards (i.e., access to facilities, departments, work stations and transfer, removal, disposal, and re-use of electronic media), and technical safeguards (i.e., levels of authorizations for access, access logs, software that guards against unauthorized access). Depending on the size of the company, it may be appropriate to have additional employees in a dedicated department.
Prepare and implement a written data security plan that describes the administrative, physical, and technical safeguards your company will and has implemented to secure sensitive personal data. Plans often address the following elements, among many others depending on a company’s operations and types of sensitive data it maintains:8 o Assignment of ultimate responsibility to one employee, likely an
officer, for maintaining and implementing the organization’s security policies for the sensitive personal data it maintains (an administrative safeguard);
o Policy and procedure for data mapping (an administrative safeguard). What information do you have, where is it and who has access? What is the company’s data retention program? Does the company have more information than it needs?
o Criteria under which sensitive personal data may either leave the organization or move about inside the organization (an administrative safeguard);
o Computer security log management to protect the network and that continually identifies internal and external threats to the security of the sensitive personal data an organization maintains (e.g., network-based firewall, host-based firewall, OS patching, anti-virus software);
o Technical protocols for end users such as user name and password, encryption, and destroying sensitive data (a technical safeguard).
8 Jena Valdetero and David Zetoony, Data Security Breaches: Incident Preparedness and
Response, Washington Legal Foundation, 2014.
6
Understand which laws, regulations, standards and policies the company is required to be in compliance with and make sure policies and procedures are in compliance with those standards.9 Next, make sure there is compliance with the policies and procedures.
Conduct mandatory employee training on data security and data privacy. Update the training on a regular basis.
Maintain adequate security systems in light of complexity and size of the organization and the amount of personal and nonpublic data in its possession. Evaluate your computer systems with reference to the National Institute of Standards and Technology Cybersecurity Framework (NIST Framework).10 The U.S. Department of Homeland Security (DHS) has this to say about the NIST Framework:
In February 2013, President Obama signed Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity. One of the major components of the E.O. is the development of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (the Framework) to help critical infrastructure sectors and organizations reduce and manage their cyber risk regardless of size or cybersecurity sophistication. An additional component of the EO was the creation of the Critical Infrastructure Cyber Community (C³, pronounced "C-Cubed") Voluntary Program, an innovative public-private partnership led by DHS, helps align critical infrastructure owners and operators with existing resources to assist in using the Framework to manage their cyber risks.11
The DHS goes on to describe the C3 Program as follows:
The United States depends on critical infrastructure12 every day to provide energy, water, transportation, financial
9 Kentucky data breach laws, effective January 1, 2014, set forth definitions for a "security
breach" and notification requirements when there is a "security breach." See infra, "Kentucky Data Breach Laws," at pages 9-14. 10
See NIST Cybersecurity Framework at http://www.nist.gov/cyberframework/index.cfm. See also PWC White Paper, Why You Should Adopt the NIST Cybersecurity Framework, May 2014 at https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/adopt-the-nist.pdf. 11
See DHS website "Using the Cybersecurity Framework" at http://www.dhs.gov/using-cybersecurity-framework. 12
DHS recognizes sixteen critical infrastructure sectors "whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof." These are: 1) Chemical; 2) Commercial Facilities; 3) Communications; 4) Critical Manufacturing; 5) Dams; 6) Defense Industrial Base; 7)
7
systems, and other capabilities that support our needs and way of life. Over the years, improvements in technology have allowed these capabilities to evolve, with most critical infrastructure now dependent on cyber systems to run more efficiently and effectively. With this increased reliance on cyber-dependent systems, however, come increased threats and vulnerabilities. Protecting the cybersecurity of our critical infrastructure is a top priority for the Nation. . . . The C³ Voluntary Program helps sectors and organizations that want to use the Framework by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. Government organizations, and the private sector. At the time of launch, available resources will primarily consist of DHS programs, which will grow to include cross sector, industry, and state and local resources.13
Keep up with regulatory guidance in your company’s industry for clues on how a regulator will treat your company in the event of a breach. For example, there is evidence that if a company has put thoughtful cybersecurity measures in place and responds quickly to a breach the FTC will not issue a fine. If your company takes payment cards, review and comply with the PCI Data Security Standards (PCI DSS).14
Conduct due diligence on the company’s third party contractors and enter into thoughtful contracts with third parties. See "Third Party Contracts" in this Article.
Security breach responsive action plan. Prepare and implement a written data breach response plan for post-breach response. The following are actions management can take prior to a breach and in connection with a breach:
Practice a breach response. The incident response team should be formed with members from various departments of the organization including the legal department, IT, human resources, and public relations
Emergency Services; 8) Energy; 9) Financial Services; 10) Food and Agriculture; 11) Government Facilities; 12) Healthcare and Public Health; 13) Information Technology; 14) Nuclear Reactors, Materials and Waste; 15) Transportation; and 16) Water and Wastewater. See http://www.dhs.gov/critical-infrastructure-sectors. 13
See United States Computer Emergency Readiness Team (US-CERT) at https://www.us-cert.gov/ccubedvp. 14
PCI DSS available at https://www.pcisecuritystandards.org/. The settlement agreement in FTC v. Wyndham Worldwide Corp. suggests the FTC will look at whether a company is in compliance with PCI DSS in determining whether the company had "reasonable" data security practices. See FTC v. Wyndham Worldwide Corp., https://www.ftc.gov/system/files/documents/cases.
8
and any department that involved in the creation, access, storage or transmission of confidential or sensitive information. As members of this team, include a representative of your cyber liability insurance carrier, outside legal counsel, and someone from a public relations firm if your company does not have an internal public relations department. Mitigating damage effectively often depends on the shortest possible response time following a breach.
Be careful about statements made during the investigation of a data security incident and after a data incident is made public, especially if the incident may not be a "security breach" under applicable state law. Various considerations come into play: o If law enforcement is involved, they may ask the company not to
disclose that a breach occurred or to keep certain information confidential if the investigation is ongoing.
o The attorney-client privilege should be considered and for example, counsel may want to retain the privilege in connection with some documents and should be careful about sharing documents or information from the documents with others.
o If the incident involved an external threat from an unknown intruder, Homeland Security may offer cyber forensics services at no charge to your company as a way for it to have hands-on insight into the incident. Be aware, however, that using these free forensics services will not be protected by attorney client and work product privileges and may impede your ability to obtain the confidential consultation your company needs to assess whether the incident requires notification under applicable law, and you still may need to pay for a separate cyber security consultant to implement corrective action in your network. Homeland Security typically defers to the results of your own forensics investigation and will ask you to share such results so that it can determine whether there are incident markers that it can associate with other cyber threats cataloged in its database (e.g., IP address, signature block, or malware) in its efforts to isolate threats to national security.
o Some commentators believe the next wave of shareholder suits on the horizon will involve 1934 Securities Exchange Act Rule 10b-5 suits alleging misrepresentations over cybersecurity risks.
The following are actions that can be taken at the Board of Directors level to meet the requirement of having an informed board of directors.
Appoint at least one board member well versed in data privacy and security matters so reports to the board may be independently assessed and verified.
9
Report to the Board on a regular basis on cybersecurity issues and security policies.
Form a Data Privacy and Security board committee, which should include the tech savvy board member and the Privacy Officer and Security Officer.
Remember, any given company suffering from a data breach will be judged in hindsight. Will the company be viewed as having acted reasonably to protect the confidential information it held? What procedures and policies did it have in place and were they followed? What remediation plans did the company have to remedy problems once they were discovered? Were employees trained?
III. ADDITIONAL IDEAS TO PROTECT THE BOARD OF DIRECTORS AND
OFFICERS
To further protect directors and officers, the board should evaluate whether directors and officers are protected by the company’s liability insurance policies. Due to the relative newness of insurance "cyber liability" insurance to protect against a data breach, many other policy forms (commercial general liability, D&O, E&O, etc.) have incorporated explicit exclusions in order to push entities to pay separately for data breach coverage. Cyber liability policies vary widely in coverage types and should be examined closely to ensure that the policy’s coverage adequately aligns with the company’s creation, access, storage, and transmission of confidential or sensitive data. In addition, Kentucky law permits the articles of incorporation to provide for elimination of liabilities of a director to the corporation or its shareholders for monetary damages for breach of his duties as a director. Kentucky law does not, however, allow for the elimination or limitation of the liability of a director for any transaction in which the director’s personal financial interest is in conflict with the financial interests of the corporation or the shareholders, or for acts or omissions not in good faith or which involve intentional misconduct or are known to the director to be a violation of the law.15 Kentucky law also allows for indemnification of directors, officers, employees and agents under certain circumstances. Consider including an indemnification provision in the articles of incorporation as well as a provision for advancement of expenses.16
IV. THIRD PARTY CONTRACTING AND MONITORING
One of the largest areas of risk a company can have in the data privacy and security arena is the risk of a third party with access to your company’s confidential information having a breach involving your company’s data. Another risk is the third party’s access to your company’s system allowing an attacker to
15
KRS 271B.2-020 (2)(d). 16
KRS 271B.8-500-271B.8-580.
10
enter into your system. Third parties with access to confidential electronic data can include joint venture partners, service suppliers, vendors, consultants, franchisees, marketing partners, and business customers. If a breach occurs at the third party level, the people whose data is accessed will not care that it was the third party’s fault. They will look to the company with which they have a relationship. Breaches do occur at the third party level and the consequences can be dire. As an example, the Target data breach in 2013 started with a vendor. That breach compromised over 40 million payment cards.17 It is important when entering into a contract with a third party with access to confidential data to not only have conducted some due diligence on the third party but also to have a good contract in place to make sure the parties have agreed to certain duties and responsibilities.
Consider a three-prong approach when dealing with third party contracting issues:
1. Conduct due diligence on the third party; 2. Draft and negotiate a contract which holds the third party
accountable and protects your company; and 3. Monitor the third party.
A. Due Diligence
Due diligence can include requiring the third party to complete a questionnaire related to its cybersecurity practices and then reviewing the questionnaire to make sure its practices are satisfactory. Or, you can require the third-party to provide you with a satisfactory independent audit of its security practices. Consider requiring updates to the audit over the course of the contract.
B. Drafting Considerations
When drafting or negotiating a contract with a third party, start the process by looking at the "big picture" and asking several questions, such as:
17
Other ramifications from the Target breach included the Chief Executive Officer resigning and a recommendation to the Target shareholders by the proxy advisor Institutional Shareholder Services that seven of ten directors be replaced. ISS’s recommendation and (unsuccessful) efforts demonstrate that shareholders are paying ever closer attention to this area. In November 2015, Target settled a consumer class action suit for $10 million plus agreed to pay an additional $6.75 million in legal fees and expenses. On December 2, 2015, Target agreed to pay the banks $39 million to settle claims. The banks had sued Target to recover costs related to the breach including the expenses for reissuing cards to the affected cardholders.
11
1. Why is your company entering into the contract?
2. What is the third party going to be doing with the data?
3. Does the third party need to have access to some data and not to other data? Have you structured the contract and the access controls so that the third party only has access to the minimal data necessary to perform the third party’s responsibilities under the contract? Does the third party access the data through an encrypted device that your company supplies or do they supply the device? Do you track the devices used for remote access to your network?
4. What kind of data is it? Does it contain health information? Bank account information? Social security numbers? Other personal information? Business confidential information or trade secrets?
5. Whose information will the third party have access to? Employees, former employees, job applicants, students, patients, minors, donors, investors, customers, business partners?
6. Will the data in vendor’s possession be data "at rest" (in storage) or data "in transit," or both?
7. Where is the data processed? Are there any cross border issues?
8. What specific laws or requirements apply? Federal laws to consider in analyzing duties and responsibilities as applicable to your entity may include the Health Information Portability and Accountability Act of 1996 (HIPAA) (applicable to "covered entities" and their "business associates"), the Gramm-Leach-Bliley Act (GLBA) (applicable companies that offer consumers financial products or services like loans, financial or investment advice, or insurance), the Children’s Online Privacy Protection Act (COPPA), and the Video Privacy Protection Act (VPPA). State laws to consider would include the data breach law of any state where an individual who would be impacted by a data breach by your company resides and where the company is located. In addition to the state or states where your company primarily does business with consumers, if there is any possibility that your company will create, access, transmit or store personal information for a resident of either Massachusetts or California, it is advisable to ensure your vendor agreement addresses the stricter data breach requirements for these two states. (See infra, subsection titled, "Covenants, representations and warranties.")
9. Is anyone coming on-site and for what purpose? What is the procedure for permitting access?
12
C. Covenants, Representations and Warranties
The answers to the questions above will lead to certain covenants, representations and warranties in the contract, such as the following: 1. The third party should agree to comply with your company’s
policies and procedures and all applicable laws. 2. The third party should agree not to share the data with anyone
without your company’s consent. 3. If the third party is going to be allowed to access or use the data
on a de-identified basis, include a covenant that the vendor will not re-identify the data.
4. Address the proper notice to be provided to individuals whose
data will be accessed by the vendor. As a general rule, consent is necessary before information may be shared with third parties.
5. Include a commitment to encrypt the data in transit and at rest.
Consider different standards depending on the industry. Consider two factor authentication.
6. Incorporate insurance reps and warranties into the vendor
contract. Ask about the third party’s cyber liability insurance. Are the limits acceptable and does the insurance cover the types of incidents that could occur? Do you want your company to be named as an additional insured?
7. The definitions used in the contract should be carefully analyzed
to make sure each party’s expectations are met. For example, the definition of a security breach should tie to each of the laws covering the data.
a. HIPAA.
The definition of a breach under HIPAA varies from the definition of breach under the Kentucky data breach laws.18 Under HIPAA Omnibus Rule issued in January 2013 pursuant to the Health Information Technology for Clinical and Economic Health Act of 2009 (HITECH), the U.S. Secretary for the Department of Health and Human Services revised the definition of a HIPAA "breach" to clarify that "an impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised." Prior to the Omnibus Rule, HHS had imposed a "risk of harm"
18
KRS 61.931-934; KRS 365.732. See infra, "Kentucky Data Breach Laws," at pages 9-14.
13
standard that required healthcare providers to evaluate the probability that the unauthorized access would result in harm to the individual whose data was accessed. This harm standard was ultimately determined to be too subjective and was jettisoned.
b. Kentucky law.
The Kentucky data breach law’s definition of a "security breach" for public agencies, including public schools, and their non-affiliated third party incorporates a harm standard. In order to constitute a "security breach" that triggers notification, one must determine that the unauthorized acquisition of personal information "may compromise the security, confidentiality, or integrity of personal information and result in the likelihood of harm to one (1) or more individuals."19 For any other business entity or person that conducts business in Kentucky, a "Breach of the security of the system" means "unauthorized acquisition of unencrypted and unredacted computerized data that compromises the security, confidentiality, or integrity of personally identifiable information maintained by the information holder as part of a database regarding multiple individuals that actually causes, or leads the information holder to reasonably believe has caused or will cause, identity theft or fraud against any resident of the Commonwealth of Kentucky."20
8. Check applicable state law requirements to be sure other
requirements of vendors are incorporated. For example:
a. In Kentucky, entities meeting the definition of "agency" under KRS 61.931 are required to include certain language and commitments in any contract with non-affiliated third parties ("NTP") if as a result of the contract the NTP receives personal information, as defined in KRS 61.931, from the agency.21 The Kentucky Agency law requires that
19
KRS 61.931(9). 20
KRS 365.732(1)(a). 21
The definition of "agency" is very broad. The definition includes but is not limited to the executive branch of state government, every county, city, municipal corporation, urban county government, or a department, ad hoc committee, public agency, special purpose governmental entity, instrumentality, of the executive branch or a county or city or municipal corporation or urban county government. The definition of agency also includes public school district, public institution of postsecondary education including every public university in the Commonwealth of Kentucky and KCTCS. Counsel should parse through the definition carefully to determine whether the definition of agency is met. For example, airport boards and water districts meet the definition.
14
any new agreement between a NTP and a Kentucky governmental agency, or any amendment to an existing agreement, must:
i. Specify how the costs of any required notification
and investigation are to be apportioned; and ii. Obligate the NTP to implement, maintain and
update security and breach investigation procedures that are both appropriate to the nature of the information disclosed and at least as stringent as those required of the agency.
b. If Massachusetts law applies, a vendor is required to have
a written information security plan. Massachusetts law provides "every person that owns or licenses personal information about a resident of the Commonwealth shall develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of business of the person obligated to safeguard the personal information under such comprehensive information security program; (b) the amount of resources available to such person; (c) the amount of stored data; and (d) the need for security and confidentiality of both consumer and employee information."22 The definition of "owns or licenses" under Massachusetts law means to "receive, store, maintain, process, or otherwise (have) access to personal information in connection with the provision of goods or services or in connection with employment."23 In addition, Massachusetts law provides specific requirements for a comprehensive information security program and specific requirements for "overseeing" a third party service provider that receives, stores, maintains, processes, or otherwise has access to, to personal information.24
22
201 CMR 17.03 (1). 23
201 CMR 17.02. 24
201 CMR 17.02(2). As an example, a business should provide oversight of service providers by (a) taking reasonable steps to select and retain third party service providers that are capable of maintaining appropriate security measures to protect such personal information consistent with the Massachusetts regulations and any applicable federal regulations and (b) requiring such third party service providers to enter into a contract to implement and maintain appropriate security measures for personal information.
15
c. In California, the California Data Protection Act (CDPA)25 applies to any business that owns or retains personal information of California residents. The CDPA requires that covered businesses: i. Implement and maintain reasonable security
procedures and practices appropriate to the nature of the Personal Information ("PI").
ii. Protect the PI from unauthorized access,
destruction, use, modification or disclosure.26
The CDPA also provides that businesses that disclose PI to an unaffiliated third party in connection with a contract must contractually require the third party follow the same safeguards.27
D. Monitor the Third Party
While having a good contract in place with a third party is essential, a company cannot rely on the contract or due diligence at the beginning of the relationship. A company should monitor its third party access and relationships on an ongoing basis. A company should conduct a data mapping exercise to determine where its data is and who has access. This exercise should be conducted on both an internal and external basis. In other words, look at who inside your company has access to what data and do the same exercise for anyone outside your company with access to your company’s data. Consider tracking third parties with access to your company’s data in a spreadsheet. At the end of the exercise, think about whether anyone has access to data who does need to have it. If so, change the access controls.
V. CONCLUSION
As indicated earlier, the CEO and the CIO stepped down in the wake of the Target data breach. A 2015 Fortune article reported that a survey of 200 corporate directors by the New York Stock Exchange in association with security firm Veracode, reflected a boardroom belief that CEOs should be the first to be held accountable for their company’s data breach. This was followed by the Chief Information Officer, then the entire C-suite, and then the company’s chief information security officer or other person whose job it is to ensure the security of the company’s data and technology.28 Interestingly, 80 percent of directors in
25
Cal. Civ. Code §1798.80-84. 26
Cal. Civ. Code §1798.81.5(b). 27
Cal. Civ. Code §1798.81.5(c). 28
"Here’s who boardrooms are blaming for data breaches," Robert Hackett, Fortune magazine (May 29, 2015) at: http://fortune.com/2015/05/29/boardroom-data-breach-blame/.
16
the NYSE-Veracode survey reported that the topic of data and network security is a topic discussed at nearly every board meeting. The survey also found that Boards lacked confidence in the ability of their companies to handle a data breach. This is all the more reason for Boards and C-Suites to not only make network security management and data breach planning a priority for their company but to ensure it has allotted specific funds in the budget that will make network security management and data breach planning a reality. The best way to protect your Board and the company is by ensuring that cyber security is an enterprise-wide management priority before a breach occurs.
17
EEOC UPDATE Leila G. O'Carra
I. EEOC'S 2015 PERFORMANCE AND ACCOUNTABILITY REPORT
The U.S. Equal Employment Opportunity Commission (EEOC) released its annual Performance and Accountability Report on November 19, 2015, describing record results in the agency's fiftieth year of operation. According to the Report, the EEOC:
Successfully secured over $525 million for victims of discrimination in private, state and local government, and federal workplaces;
Resolved 268 systemic investigations before filing litigation, obtaining more than $33.5 million in remedies;
Reached 336,855 people through participation in 3,700 no-cost educational, training, and outreach events throughout the year. The EEOC's national Training Institute trained over 12,000 individuals at events that focused on the agency's Strategic Enforcement Plan priorities, including small businesses, vulnerable workers, and underserved geographic areas and communities;
Achieved record success in its conciliation of private-sector charges, successfully resolving 44 percent of conciliations and having 64 percent of systemic investigations voluntarily resolved. These achievements led to a 6 percent increase in charge resolutions, even as workers filed more charges of discrimination compared to 2014;
Filed 142 lawsuits alleging discrimination, including 100 individual suits and forty-two suits involving multiple victims or discriminatory policies. The EEOC's legal staff resolved 155 lawsuits alleging discrimination, and at the end of the year, the EEOC had 218 cases on its active docket, of which 22 percent involved challenges to systemic discrimination and 18 percent were multiple-victim cases; and
Resolved 6,360 complaints in its federal sector program and secured more than $94.9 million in relief for federal employees. The EEOC also resolved 3,850 appeals of agency decisions on federal sector complaints, including 42.4 percent of them within 180 days of receipt, and secured more than $10.7 million in relief.
The full 108 page Report is posted on the agency's website. Comprehensive enforcement and litigation statistics for 2015 are not available at the time of this writing.
18
II. UNITED STATES SUPREME COURT RULINGS
A. E.E.O.C. v. Abercrombie & Fitch Stores, Inc., 135 S.Ct. 2028 (2015)
Clothing retailer Abercrombie & Fitch ("Abercrombie") refused to hire Samantha Elauf ("Elauf"), a practicing Muslim, because the headscarf required by her religion violated Abercrombie's "Look Policy" prohibiting "caps" of any kind. Although Elauf's interviewer informed the store manager that she believed "Elauf wore her headscarf because of her faith," the store manager directed her not to hire Elauf. Elauf did not mention her faith and/or religion to her interviewer or the store manager prior to their decision. After Abercrombie refused to hire Elauf, the EEOC sued Abercrombie on Elauf's behalf, claiming religious discrimination under Title VII. The District Court granted the EEOC summary judgment on the issue of liability and awarded $20,000. The Tenth Circuit reversed and awarded Abercrombie summary judgment, concluding that "an employer cannot be liable under Title VII for failing to accommodate a religious practice until the applicant (or employee) provides the employer with actual knowledge of his need for an accommodation." The Supreme Court reversed. Title VII requires employers to reasonably accommodate a "religious observance or practice" if they can do so without "undue hardship." Abercrombie argued that an applicant cannot show disparate treatment under Title VII without showing that the employer had "actual knowledge" of the applicant's need for an accommodation. The Supreme Court disagreed, stating that an applicant "need only show that his need for an accommodation was a motivating factor in the employer's decision." The Supreme Court held that Title VII requires that "an individual's actual religious practice may not be a motivating factor" in refusing to hire. Furthermore, Title VII does not impose a knowledge requirement. Consequently, an employer may violate Title VII "even if he has no more than an unsubstantiated suspicion" regarding the applicant's religious practice. The Supreme Court reasoned that because Title VII prohibits "actions taken with the motive of avoiding the need for accommodating a religious practice," a request for an accommodation or the employer's certainty of the religious practice is not a necessary condition. Lastly, the Supreme Court rejected Abercrombie's argument that a neutral "no cap" policy cannot constitute "intentional discrimination" because "Title VII requires otherwise-neutral policies to give away to the need for an accommodation."
B. Mach Mining v. E.E.O.C., 135 S.Ct. 1645 (2015)
Last spring, the U.S. Supreme Court released an important decision concerning the EEOC's obligation to engage in pre-suit conciliation efforts under Title VII. The decision involves a woman who filed an EEOC charge against Mach Mining, LLC, claiming that she was denied employment as a coal miner based of her gender. Following an investigation, the EEOC found reasonable cause to believe that Mach Mining had discriminated against the woman and other similarly situated
19
women in their hiring process. The EEOC sent a letter to both parties informing them of its decision and advising them that it would "contact [them] to begin the conciliation process." Approximately one year later, the EEOC sent a second letter to Mach Mining announcing that "such conciliation efforts…have occurred and have been unsuccessful." The EEOC then sued Mach Mining in federal court.
In its answer, Mach Mining raised the EEOC's failure to "conciliat[e] in good faith" as an affirmative defense. The EEOC moved for summary judgment on this ground, claiming that its conciliation efforts are not subject to judicial review. Mach Mining argued that the court was authorized to consider the reasonableness of the EEOC's efforts. The trial court agreed with Mach Mining, and the EEOC immediately appealed to the Court of Appeals for the Seventh Circuit. The Seventh Circuit reversed, finding that the EEOC's statutory conciliation obligation was not subject to judicial review. Mach Mining appealed to the U.S. Supreme Court, which granted certiorari to "address whether and to what extent such an attempt to conciliate is subject to judicial consideration." Writing on behalf of a unanimous Supreme Court, Justice Kagan found that the EEOC's conciliation efforts are subject to judicial review. She agreed with the EEOC that Title VII "provides [the agency] with wide latitude over the conciliation process[,]" but concluded that "Congress has not left everything to the [EEOC]." Instead, Justice Kagan wrote that "[a]bsent such review, the Commission's compliance with the law would rest in the Commission's hands alone." The Court then established the following standard of review for conciliation efforts:
[T]he EEOC must inform the employer about the specific allegation, as the Commission typically does in a letter announcing its determination of "reasonable cause." Such notice properly describes both what the employer has done and which employees (or what class of employees) have suffered as a result. And the EEOC must try to engage the employer in some form of discussion (whether written or oral), so as to give the employer an opportunity to remedy the allegedly discriminatory practice.
The Mach Mining decision is a significant victory for employers. Not only does it require the EEOC to comply with Title VII's pre-suit requirements, but it serves as a reminder that the EEOC cannot ignore the rules, regulations, and obligations set for the agency by Congress. Since the Mach Mining decision was handed down, at least one U.S. appellate court has cited the holding as a basis to dismiss a lawsuit brought by the EEOC. See E.E.O.C. v. CVS Pharmacy, Inc., 2015 WL 9239388 (7th Cir. Dec. 17, 2015). A press release about the case, issued in 2014, states in part:
According to the EEOC, CVS conditioned the receipt of severance benefits for certain employees on an overly
20
broad severance agreement set forth in five pages of small print. The agreement interfered with employees' right to file discrimination charges and/or communicate and cooperate with the EEOC, the agency said.
Interfering with these employee rights violates Section 707 of Title VII of the Civil Rights Act of 1964, which prohibits employer conduct that constitutes a pattern or practice of resistance to the rights protected by Title VII, the EEOC said. Section 707 permits the agency to seek immediate relief without the same pre-suit administrative process that is required under Section 706 of Title VII, and does not require that the agency's suit arise from a discrimination charge. … "Charges and communication with employees play a critical role in the EEOC's enforcement process because they inform the agency of employer practices that might violate the law," explained [EEOC attorney John] Hendrickson. "For this reason, the right to communicate with the EEOC is a right that is protected by federal law. When an employer attempts to limit that communication, the employer effectively is attempting to buy employee silence about potential violations of the law. Put simply, that is a deal that employers cannot lawfully make."
Both the U.S. District Court and the U.S. Court of Appeals for the Seventh Circuit dismissed the case, relying on Mach Mining, and holding that the EEOC was required to and failed to comply with pre-suit obligations including issuing a charge and engaging in conciliation.
III. WORKPLACE WELLNESS PROGRAMS
A. Background
In 2014, the EEOC filed three lawsuits claiming that the companies it sued had wellness programs that violated the Americans with Disabilities Act (ADA) and Genetic Information Non-Discrimination Act (GINA). Last year, after the aforementioned lawsuits were well underway, the EEOC issued proposed ADA and GINA regulations that would, for the first time, explicitly state the details of those statutes' requirements for workplace wellness programs. GINA prohibits group health plans and wellness programs from discriminating against individuals based on genetic information. GINA prohibits collection of genetic information before or in connection with enrollment or at any time for underwriting purposes. Further, GINA prohibits group health plans from offering financial inducements for individuals to provide genetic information, including family medical history, as part of a wellness program.
21
Both GINA and the ADA require that wellness programs seeking participants' medical information must be voluntary.
The ADA prohibits employers from requiring medical examinations or otherwise inquiring about whether an employee has a disability unless the examination or inquiry is job-related and consistent with business necessity. One exception to the general rule, however, permits medical examinations and disability-related inquiries that are part of a voluntary employer wellness program. The EEOC has explained that a "wellness program is voluntary as long as an employer neither requires participation nor penalizes employees who do not participate."
B. The Proposed Rules
1. ADA.
On April 20, 2015, the EEOC published a proposed rule that would provide employers with some definitive guidance for crafting legal wellness programs. The EEOC's proposed rule applies to employers with fifteen or more employees that offer workplace wellness programs that include disability-related inquiries or medical exams. According to the proposed rule, covered wellness programs must be reasonably designed to promote health or prevent disease. Further, covered wellness programs must be voluntary. That is, the employer: (1) may not require employees to participate; (2) may not deny coverage under any of its group health plans for non-participation (or limit benefits except as specifically allowed in the regulation); (3) may not take adverse employment action or retaliate against employees who do not participate; and (4) if the program is part of a group health plan, must provide a detailed notice with information about the program. The notice must be reasonably likely to be understood by employees, describe the medical information that will be obtained and how it will be used, and describe confidentiality measures and restrictions on disclosure of medical information collected. The proposed rule approves incentives or penalties that do not exceed 30 percent of the total cost of employee-only health plan coverage, so long as the tests for voluntariness are met. Reasonable accommodations must be offered to enable employees with disabilities to participate in the employee wellness program and earn any reward (or avoid any penalty) that is part of the plan. Medical information collected through a workplace wellness program may only be provided to the employer in aggregate terms that do not disclose the identity of specific individuals. There is an exception to this provision when further disclosure is required to administer the health plan. In addition, employers are still permitted to inform supervisors or managers regarding work
22
restrictions and accommodations, and to inform safety and first aid personnel as needed to render assistance in an emergency.
2. GINA.
On October 30, 2015, the EEOC issued a proposed rule that would amend its regulations to GINA to permit employers that offer wellness programs to provide limited inducements in exchange for health information about their employees' spouses. There are several requirements that must be met in order for an employer to take advantage of this proposed rule:
First, the spouse must be a participant in the employer's group health plan and must receive health services that the employer offers, including through a wellness program. The program must be reasonably designed to promote health and prevent disease. To meet this standard, the program may not impose an overly burdensome amount of time for participation, require unreasonably intrusive procedures, or place significant costs related to medical examinations on employees. In addition, if the program collects information on a health questionnaire, it must provide follow-up information or advice.
Second, the spouse must provide written authorization showing that his or her provision of health information is knowing and voluntary. The authorization form (which may be electronic) must describe GINA's confidentiality protections and restrictions on the disclosure of genetic information. These protections and restrictions may not be waived.
Third, the inducements may be in the form of a reward (including money or paid time off for the employee) or a penalty (including increased medical plan premiums for declining to participate in the wellness program). The inducements, however, cannot exceed 30 percent of the total annual cost of coverage for the plan in which the employee and any dependents are enrolled. The 30 percent limit includes the spouse's inducement as well as any other inducement to the employee. Inducements are not permitted in exchange for information about an employee's children.
Finally, it is important to note that this proposed rule would not alter GINA's absolute prohibition against the use of genetic information in making employment decisions.
23
The comment period has closed for both proposed regulations, but neither proposed regulation is final.
C. The Litigation
1. EEOC v. Orion Energy Systems, (E.D. Wis., filed August 20, 2014).
In August 2014, the EEOC brought its first formal challenge regarding a wellness program against Orion Energy Systems, Inc., alleging that the company's wellness program violated the ADA by requiring employees to submit to medical examinations and inquiries that were not job-related or consistent with business necessity. In 2009, Orion implemented a wellness program that required employees to self-disclose their medical history as part of health risk assessment (HRA) and to participate in an on-site medical exam, which included a blood draw for certain biometric screenings and a fitness component involving a Range of Motion machine. One employee, Wendy Schobert, openly questioned whether the HRA was voluntary and whether medical information obtained in connection with it was going to be maintained as confidential. Orion management allegedly warned her to stop voicing such objections. Schobert subsequently declined to participate in the wellness program, signing a form to opt out of the HRA. If Schobert had agreed to participate, Orion would have covered the entire amount of her health care costs. Because she declined to participate, Orion shifted responsibility of the entire premium to her – over $400 per month, plus a $50 per month penalty for refusing to participate in the fitness component. Shortly after her refusal to participate, Schobert was fired. The EEOC alleged that Orion retaliated against Schobert because of her objections and decision not to participate in the wellness program, in violation of the ADA's anti-retaliation provision.
2. EEOC v. Flambeau, Inc., (W.D. Wis., filed September 30, 2014).
The EEOC's suit against Flambeau, Inc., similarly alleges that the company's wellness program violated the ADA. Flambeau, a plastics manufacturing company, required its employees to submit to a HRA and biometric screening in exchange for the employer covering roughly 75 percent of the employee's health insurance premiums. Employees who refused to participate faced cancellation of their insurance coverage and unspecified "disciplinary action." One employee, Dale Arnold, was unable to complete the requisite testing on the day appointed by Flambeau because he was on medical leave for congestive heart failure. Upon his return, he attempted to complete the testing, but was denied by Flambeau, who then terminated his health insurance and required Arnold to pay the entire premium cost of his COBRA continuation coverage. The EEOC's complaint alleges that
24
Flambeau's acts "were done with malice or reckless disregard of Arnold's federally protected rights."
On December 30, 2015, U.S. District Judge Barbara Crabb granted Flambeau's motion for summary judgment, finding that the company's wellness program requirements are protected by a statutory "safe harbor" which provides an exemption for activities related to the administration of a bona fide insurance benefits plan.
3. EEOC v. Honeywell, (D. Minn., filed October 27, 2014).
The EEOC targeted Honeywell, Inc., requesting the court to issue a temporary restraining order and enjoin the company from imposing penalties in connection with its wellness program. Honeywell had recently announced that employees who participate in the company's wellness program and their spouses would be required to undergo biometric screening designed for various factors including blood pressure, body mass index, cholesterol, glucose levels, and nicotine usage. Participating employees would qualify for health savings account ("HSA") contributions up to $1,500. Employees who chose not to participate would not qualify for a company-sponsored HSA and would be required to pay a $500 surcharge applicable to their annual health insurance contribution. In addition, non-participating employees would be presumed to be tobacco users and would have to pay a $1,000 tobacco surcharge unless they enrolled in a tobacco cessation program or proved that they are nicotine-free. The EEOC alleges that, based on the dollar amount of penalty for non-participation, the biometric screening cannot be considered voluntary. U.S. District Judge Ann Montgomery denied the EEOC's request for a preliminary injunction in the Honeywell case in November, determining that the Honeywell employees would not face irreparable harm if the financial penalties continued – at worst, the employees would lose out on money that could eventually be reimbursed. The court did not evaluate the merits of the case, but did acknowledge that the EEOC's lawsuits "highlight the tension between the ACA and the ADA and signal the necessity for clarity in the law so that corporations are able to design lawful wellness programs and also to ensure that employees are aware of their rights under the law."
IV. EXPANDING THE DEFINITION OF "SEX DISCRIMINATION" – ARE
TRANSGENDER STATUS AND SEXUAL ORIENTATION PROTECTED CLASSES?
Mia Macy v. Eric Holder, Agency No. ATF-2011-00751, 2012 WL 1435995, was the first ruling from the EEOC that specifically extended Title VII protection to claims based on transgender status. In that administrative action, the EEOC decided that a transgender applicant's complaint of discrimination based on gender identity was cognizable under Title VII of the Civil Rights Act of 1964.
25
Macy, a transgender applicant for a ballistics forensic technician position with the Bureau of Alcohol, Tobacco, Firearms and Explosives ("ATF") claimed that she was not hired because of her transgender status. She alleged that she was initially offered the position pending completion of a background check but that after she informed the ATF of her transgender status, her offer of employment was rescinded. Macy then filed a formal complaint with the ATF, alleging sex discrimination based on her gender identity and sex stereotyping. The ATF refused to process her claim based on her gender identity under the EEOC regulations. Macy appealed to the EEOC. The EEOC found that Macy's claim should have been processed because "claims of discrimination based on transgender status, also referred to as claims of discrimination based on gender identity, are cognizable under Title VII's sex discrimination prohibition …." Although the Macy decision applies only to federal employers, public employee plaintiffs have since used the EEOC's interpretation to argue for the extension of Title VII's reach. Years before the Macy decision, the U.S. Court of Appeals for the Sixth Circuit held that "a label, such as 'transsexual' is not fatal to a sex discrimination claim where the victim has suffered discrimination because of his or her gender non-conformity." Smith v. City of Salem, Ohio, 378 F.3d 566, 574-75 (6th Cir. 2004). Macy goes a step further by finding that "intentional discrimination against a transgender individual because that person is transgender is, by definition, discrimination 'based on … sex,' and such discrimination therefore violates Title VII." Since the issuance of the Macy decision, the federal government has taken numerous actions aimed at prohibiting discrimination in the workplace on the basis of sexual orientation and gender identity.
In April 2014, in official guidance on Title IX, the Office of Civil Rights stated that "Title IX's sex discrimination prohibition extends to claims of discrimination based on gender identity or failure to conform to stereotypical notions of masculinity or femininity..."
In July 2014, President Obama signed an Executive Order prohibiting federal government contractors and subcontractors from discriminating in employment decisions on the basis of sexual orientation or gender identity.
In September 2014, the Equal Employment Opportunity Commission filed two lawsuits on behalf of plaintiffs challenging transgender discrimination. See E.E.O.C. v. R.G. & G.R. Harris Funeral Homes, Inc., 100 F.Supp.3d 594 (E.D. Mich. 2015); EEOC v. Lakeland Eye Clinic, 14-CV-2421 (D. Md.) (settled). In both cases, the plaintiffs claim that their employers fired them because they were transitioning from male to female. This litigation was to be the first to test the EEOC's interpretation, set forth in Macy, in court. However, the Lakeland Eye Clinic case settled, and it appears that the Harris Funeral Homes case will be decided on the "sex stereotyping" theory, without a holding on whether transgender status is a protected class.
26
On October 23, 2014, the U.S. Office of Special Counsel announced its landmark determination that the Department of the Army engaged in gender identity discrimination against a civilian Army quality assurance specialist after she revealed her intention to transition from male to female. The Army agreed to provide remedial training on prohibited personnel practices, particularly on prohibitions against gender identity discrimination. The Army also agreed to provide workplace diversity and sensitivity training.
On July 16, 2015, the EEOC announced that sexual orientation is included within Title VII's prohibition against sex discrimination in Complainant v. Foxx, 2015 WL 4397641 (EEOC Jul. 16, 2015). Foxx worked as an air traffic control specialist in Miami, Florida. He claimed that he was discriminated against in violation of Title VII when he was not selected for a permanent promotion based on his sexual orientation. Foxx alleged that one of his supervisors said, "We don't need to hear about that gay stuff" in response to a story about his male partner, and referred to his relationship as a "distraction in the radar room" on numerous occasions. The EEOC found that the complaint properly stated a claim of sex discrimination because "sexual orientation is inherently a 'sex-based consideration.'"
In the decision, the EEOC further opined that "[s]exual orientation discrimination is sex discrimination because it necessarily entails treating an employee less favorably because of the employee's sex." As such, "[a]n employee could show that the sexual orientation discrimination he or she experienced was sex discrimination because it involved treatment that would not have occurred but for the individual's sex; because it was based on the sex of the person(s) the individual associates with; and/or because it was premised on the fundamental sex stereotype, norm, or expectation that individuals should be attracted only to those of the opposite sex."
Neither Macy nor Foxx are binding on state or federal courts. Neither sexual orientation nor transgender status are listed as protected categories in Title VII. However, it is clear that, for now, the EEOC will continue to target employers who discriminate on the basis of sexual orientation and gender identity. Further, in light of the United States Supreme Court decision in Obergefell v. Hodges, 135 S.Ct. 2584 (2015), that held same-sex couples have a right to marry anywhere in the United States, the EEOC may begin targeting employers that fail to offer equal benefits to opposite and same sex spouses. Justice Anthony Kennedy, writing for the majority, stated that "laws excluding same-sex couples from the marriage right impose stigma and injury of the kind prohibited by our basic charter." Further, "the reasons marriage is fundamental under the Constitution apply with equal force to same-sex couples." Employers should consider all areas of employee benefits to ensure that employees with same-sex spouses receive fair treatment. In at least one instance, the EEOC has found that an employer discriminated against its employee on the basis of sex by failing to provide health benefits to her same-
27
sex spouse. See Cote v. Wal-Mart Stores, U.S.D.C. Mass. 15-CV-12945 (filed July 14, 2015). That matter is now before the U.S. District Court for the District of Massachusetts.
V. PREGNANCY DISCRIMINATION ACT
The Pregnancy Discrimination Act, 42 U.S.C. §2000e(k), dictates that "women affected by pregnancy, childbirth, or related medical conditions shall be treated the same" as other employees who are "similar in their ability or inability to work." The Act has two sections. The first section provides that employers can't discriminate on the basis of pregnancy because it would be sex discrimination and the second section provides that "women affected by pregnancy, childbirth, or related medical conditions shall be treated the same for all employment-related purposes . . . as other persons not so affected but similar in their ability to work." The second section of the law has been the source of repeated questions for employers and employees alike. On July 14, 2014, the EEOC issued controversial guidance on pregnancy discrimination. The guidance lacks the force of law, and the United States Supreme Court has refused to give any deference to the guidance. In Young v. United Parcel Service, Inc., 135 S.Ct. 1338 (2015), the U.S. Supreme Court stated a test detailing when the Pregnancy Discrimination Act requires an employer that provides work accommodations to non-pregnant employees to extend such accommodations to pregnant employees who are similar in their ability or inability to work. Peggy Young was a driver with UPS. When she became pregnant, her obstetrician advised her not to lift more than twenty pounds. Generally, UPS drivers were expected to carry packages of up to seventy pounds, but the company offered accommodations to those injured on the job; those with conditions recognized as disabilities under the Americans with Disabilities Act; and those who lost their DOT certification. When Young requested an accommodation from her employer, UPS advised that she could not work as long as she had a lifting restriction. Young requested a light duty assignment, but her request was denied because pregnancy did not fit into one of the three categories for which accommodations were permitted under the UPS policy. Young was placed on unpaid leave and subsequently sued her employer for failing to provide an accommodation. It was Young's position that female workers should get the same accommodation when they cannot perform their normal jobs as any other worker gets for any other condition that similarly impairs their ability to work. UPS argued that Young couldn't prove the company's decision to deny her an accommodation was based on her pregnancy. UPS claimed it had a "pregnancy-neutral" policy and that Young wasn't treated differently than any similarly situated co-worker. In addition, UPS argued it had no duty to accommodate Young under the ADA because Young's pregnancy didn't meet the definition of a disability.
The District Court found in favor of UPS and rejected Young's argument, holding that those who had suffered on the job injuries, those who lost their commercial driver's certification and those who sought ADA related accommodations were
28
not similarly situated comparators. The Fourth Circuit Court of Appeals affirmed this decision. Upon review by the U.S. Supreme Court, the Court raised questions as to whether Young's interpretation of the Pregnancy Discrimination Act would create an entitlement to special treatment not available to other employees who sought accommodations but who likewise fell outside the neutrally defined eligibility categories set forth in the UPS policy. The Supreme Court found that Young's approach would eliminate the need for an employee to prove intentional bias by her employer, and therefore such an approach would extend beyond the protections desired by Congress. Additionally, the Supreme Court found that the argument put forth by UPS that the Pregnancy Discrimination Act simply defines sex discrimination to include pregnancy discrimination, was too narrow an interpretation. Not finding either parties' position persuasive, and rejecting the EEOC's 2014 guidelines as lacking the "timing," "consistency," and "thoroughness of consideration" necessary to "give it power to persuade," the Supreme Court crafted a new test. In its opinion, the U.S. Supreme Court ruled that the Pregnancy Discrimination Act requires an individual claiming she was subjected to pregnancy discrimination to prove that she is in the protected class (one who can become pregnant); that she requested a workplace accommodation; that the employer refused to accommodate her; and that the employer provided accommodations for other individuals who were equally temporarily unable to do their work. Once the individual has done so, her employer has the opportunity to show that its workplace policy was not biased against pregnant workers, but that a legitimate, non-discriminatory reason for denying the accommodation existed. Generally, the fact that it is more expensive or less convenient to add pregnant women to the category of individuals who will be accommodated is not a sufficient reason.
After an employer has identified a legitimate, non-discriminatory reason for its denial of accommodation to a pregnant employee, the employee can respond by showing the proffered reason is pretextual. The employee may create a question of fact by providing evidence that the employer's policies impose a significant burden on pregnant workers, and that the employer's legitimate, non-discriminatory reasons are not sufficiently strong enough to justify the burden placed on the pregnant employee(s), thereby giving rise to an inference of intentional discrimination. On June 25, 2015, the EEOC issued revised pregnancy discrimination guidance. The revisions are based on the UPS v. Young decision. According to the revised guidance, evidence indicating disparate treatment based on pregnancy, childbirth, or related medical conditions includes (among other things):
Evidence of an employer policy or practice that, although not facially discriminatory, significantly burdens pregnant employees and cannot be supported by a sufficiently strong justification. In Young v. United Parcel Serv., Inc., the Court said that evidence of an employer policy or practice of providing light duty to a large percentage of nonpregnant employees while failing to provide light duty to a large percentage of pregnant workers might establish
29
that the policy or practice significantly burdens pregnant employees. If the employer's reasons for its actions are not sufficiently strong to justify the burden, that will "give rise to an inference of intentional discrimination."
On the topic of light duty, the revised guidance includes the following:
According to the Supreme Court's decision in Young v. United Parcel Serv., Inc., a PDA plaintiff may make out a prima facie case of discrimination by showing "that she belongs to the protected class, that she sought accommodation, that the employer did not accommodate her, and that the employer did accommodate others 'similar in their ability or inability to work.'" As the Court noted, "[t]he burden of making this showing is not 'onerous.'" For purposes of the prima facie case, the plaintiff does not need to point to an employee that is "similar in all but the protected ways." For example, the plaintiff could satisfy her prima facie burden by identifying an employee who was similar in his or her ability or inability to work due to an impairment (e.g., an employee with a lifting restriction) and who was provided an accommodation that the pregnant employee sought.
Once the employee has established a prima facie case, the employer must articulate a legitimate, non-discriminatory reason for treating the pregnant worker differently than a non-pregnant worker similar in his or her ability or inability to work. "That reason normally cannot consist simply of a claim that it is more expensive or less convenient to add pregnant women to the category of those ('similar in their ability or inability to work') whom the employer accommodates." Even if an employer can assert a legitimate non-discriminatory reason for the different treatment, the pregnant worker may still show that the reason is pretextual. Young explains that
[t]he plaintiff may reach a jury on this issue by providing sufficient evidence that the employer's policies impose a significant burden on pregnant workers, and that the employer's "legitimate, nondiscriminatory" reasons are not sufficiently strong to justify the burden, but rather – when considered along with the burden imposed – give rise to an inference of intentional discrimination.
An employer's policy of accommodating a large percentage of nonpregnant employees with limitations while denying accommodations to a large percentage of pregnant employees may result in a significant burden on pregnant employees.[104] For example, in Young the Court noted that a policy of accommodating most nonpregnant employees with lifting limitations while categorically failing to accommodate pregnant
30
employees with lifting limitations would present a genuine issue of material fact.
The revised guidance is available at: http://www.eeoc.gov/laws/guidance/ pregnancy_guidance.cfm (last visited on December 31, 2015).
31
INTELLECTUAL PROPERTY FOR THE OCCASIONAL IP PRACTITIONER P. Douglas Barr and Dana R. Howard
I. INTRODUCTION AND OVERVIEW
A. The Topics that Will Not Be Covered
1. Prosecution/registration issues.
What happens when your client says, "I want to get a patent on my new exercise program Beastmode?" We will not be covering how to apply for or register a patent, trademark or copyright for your client. But, we do want to help you communicate better with your clients about intellectual property issues and understand the different types of intellectual property rights.
a. Does your client want to trademark "BEASTMODE" as the
name of his exercise program? Trademarks are distinctive symbols or words used to identify goods or services in commerce.
b. Does your client want to patent the inventive steps of his
new workout? Patents cover useful, novel, nonobvious products, processes and compositions. (High kicks and lunges are not patentable).
c. Does your client want to copyright the choreography used
in his workout program or a video of the program? Copyrights protect original and creative expressions such as works of art, music, text, compilations and software.
2. In-depth, technical or specific aspects of patent, copyright or
trademark law or highly detailed litigation issues.
B. Topics We Will Cover
1. Basic understanding of traditional sources of intellectual property (patents, copyrights, trademarks) and nontraditional sources (trade secrets, rights of privacy/publicity).
2. General strategies and practice tips for the non-IP lawyer who
confronts the following situation:
a. A client who says "Can you make them take that down?" – Basic strategies and practice tips for helping your clients enforce their IP rights.
b. A client who says, "I got this letter today. I've never heard
of these people. It says I have to pay them $10,000."
32
Basic strategies for responding to/defending against allegations of infringement in a cease and desist letter.
c. A client who asks, "Is it okay if I post this picture/video on
my website?" Basic strategies and tips for advising clients on fair use.
II. SOURCES OF INTELLECTUAL PROPERTY RIGHTS
A. Traditional Source of Rights
1. Copyrights.
Federal copyright law (17 U.S.C. §101, et seq.) protects against the unauthorized reproduction, derivative work, distribution of copies, public performance and public display of protected works. Available damages include actual amount of damages and profits, attorney fees and court costs, injunction to stop the infringing acts and impounding the illegal works. In addition, if the works are registered, statutory damages ($200-$150,000) and criminal sanctions are available. No state law equivalent.
2. Trademarks.
The Lanham Act (15 U.S.C. §1051, et seq.) protects against the unauthorized use in commerce of a mark in connection with the sale or advertising of goods or services. The focus is on the likelihood of confusion created by the unauthorized use. Trademark rights may arise with or without registration of the mark. Available damages include injunctive relief, actual damages and statutory damages. Although monetary damages are available, the preferred remedy is injunctive relief and monetary damages are historically more difficult to obtain. There are also corresponding state law claims that may be made.
3. Patent.
The Patent Act (35 U.S.C. §101, et seq.) protects against any use of a patented invention, regardless of whether the user knew about the patent or not. Damages include injunctive relief, actual damages, statutory damages, attorney fees. No state law equivalent.
B. Nontraditional Sources
1. Trade secrets.
Trade secrets are processes, techniques, formulas, patterns, compilations, programs, devices and/or data that derive independent economic value or competitive advantage from being kept secret and are subject to reasonable efforts to maintain
33
secrecy. Trade secrets are protected by state law. In Kentucky, they are protected under the Kentucky Uniform Trade Secrets Act (KRS 365.880-900). Damages for misappropriation of trade secrets include: injunctive relief; monetary damages (including both actual monetary loss and unjust enrichment) or in lieu of actual damages, the assessment of a reasonable royalty rate for the misappropriation; and exemplary damages up to two-times the damages amount.
2. Rights of privacy/publicity.
Kentucky courts recognize a common law claim for invasion of privacy that encompasses claims for misappropriation of one's name or likeness. See McCall v. Courier-Journal and Louisville Times Co., 623 S.W.2d 882, 887 (Ky. 1981); Thornton v. Western & Southern Financial Group Beneflex Plan, 797 F.Supp.2d 796 (W.D. Ky. 2011). An individual's interest in their name and likeness is in the nature of a property right and claims may be pursued against someone who has appropriated to his own use or benefit, the reputation, prestige, social or commercial standing, public interest or other value associated with another's name or likeness. Damages include nominal damages, injunctive relief, compensatory damages, unjust enrichment and punitive damages. Id.
III. STRATEGIES AND TIPS FOR ENFORCING IP RIGHTS
Preparing the Cease and Desist Letter:
A. Assessing the Nature and Extent of Your Clients' IP Rights 1. Review any registrations, filings, applications.
a. http://apps.sos.ky.gov/business/trademarks/. b. http://www.uspto.gov/. c. http://www.uspto.gov/trademarks/index.jsp. d. http://www.uspto.gov/patents/index.jsp. e. http://www.copyright.gov/.
2. Determine the nature and extent of your clients' use of IP. a. Commercial v. noncommercial. b. Geographic territory. c. Duration.
34
3. Review any license agreements and/or assignment agreements that your client may have.
4. Review any settlement agreements. 5. Review other types of agreements or possible sources of rights,
e.g., agreements regarding the sale of a company, merger agreements, etc.
6. Ask about and review any court pleadings from other possible
enforcement actions.
B. Perform a thorough investigation of the alleged infringement before sending any letter. Gather information about Who? What? When? Where? Why? and What happened right before the infringing event?
C. Determine the tone and purpose of the letter based upon the assessment
of the clients' rights (i.e., the strength of the rights) and the information gathered about the infringer and infringing act.
1. Decide whether the letter needs to have a gentle or aggressive
tone. Is the infringer a competitor, potential customer, end user, Facebook friend? Is this a David v. Goliath scenario? Depending upon whether you decide an aggressive or gentle approach is required, consider appropriate language choices, such as: a. "As you know …" versus "As you may be aware …" b. "We demand …" versus "We request …" c. "Your use violates my client's rights …" versus "It appears
your use may violate my client's rights …" d. "Our investigation conclusively demonstrates …" versus
"We are currently investigating whether …" e. "My client has authorized me to file a lawsuit …" versus
"We are considering all available options …"
2. Set forth clear, specific demands/requests. a. Consider using an enumerated list of demands set off from
the rest of the letter. b. Provide reasonable deadlines for compliance with
demands.
3. Include citations to the applicable law where appropriate. 4. Consider whether a telephone call or business to business
meeting (without lawyers) may be more appropriate.
35
D. Benefits/Risks of Sending a Cease and Desist Letter 1. Benefits include possibility of quick, efficient resolution; a written
record; increased chances of a finding of willfulness if the infringer does not cease the activities (and therefore enhanced damages if litigation becomes necessary).
2. Risks include the possibility that alleged infringer will file an action
for a declaration of non-infringement in a venue more favorable to infringer or that the infringer will initiate cancellation proceedings (for trademarks or copyrights) or inter partes review proceedings (for patents) in USPTO.
3. Risks of not sending a letter include the potential inability to
enforce rights later due to waiver, laches or abandonment, or at least the inability to later obtain an injunction. As a practical matter, waiver, laches and abandonment are more commonly found in intellectual property cases than other types of litigation. Likewise, selective enforcement of rights may also result in a loss of rights.
E. Alternatives
1. License agreements are agreements that grant a party certain
defined intellectual property rights typically in exchange for a royalty or some other payment. A covenant not to sue for infringement may also be considered a license agreement.
2. Coexistence agreements are agreements that set forth the terms
and conditions on which two or more (typically two) different parties agree to simultaneously use the same trademark.
3. Litigation.
a. May be necessary to maintain rights. b. Costly, almost always involves experts.
F. Social Media and Online Enforcement Issues
1. In exchange for immunity from infringement actions under the
Notice and Take Down/Safe Harbor provision of the Digital Millennium Copyright Act, many internet service providers and social media sites provide procedural mechanisms for requesting and having copyright protected materials removed from the site. (The Act applies to copyright but courts have consistently applied the same principle to trademarks.)
2. Many clients confuse intellectual property rights with their rights
not to be defamed and often ask how to have defamatory statements removed from a website or social media site.
36
Removing defamatory remarks from a social media site or website that provides user generated content is more difficult than having copyright protected works or trademarks removed. The Communications Decency Act, 47 U.S.C. §230(c)(1), generally provides that the website host or internet service provider cannot be held liable for defamatory comments posted on the website/blog by others. It states: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." There are certain exceptions where the host or internet service provider exercises control over the comments posted. The CDA preempts inconsistent state law including state defamation law. The CDA is not a defense against claims of copyright, trademark or patent infringement.
3. Case regarding lawyer who circumvented the CDA and used copyright and the DMCA to have a defamatory remark on blogging site Ripoff Report removed. Small Justice LLC v. XCentric Ventures, LLC, 2014 WL 1214828 (D. Mass. Mar. 24, 2014).
4. Social media policies and terms of service/terms of use.
a. Facebook and other social media sites allow the poster to
retain rights to IP. Some social media or blogging sites, however, provide that a poster assigns his rights in the contents of the post to the social media site.
b. By agreeing to terms of service/use, poster grants a non-
exclusive, transferable, royalty free license to Facebook (and possibly other social media sites). Other social media sites have similar terms and conditions. Whether a license is also granted to other users of the site is a different issue. Pinterest expressly provide that its users give a license to other users. Facebook's policy is not as clear.
c. Most social media sites have TOS/TOU policies that
prohibit infringement of third party IP and privacy rights and violation may prevent future use of sites.
d. Most social media sites have well-defined Notice and Take
Down procedures that provide most efficient, effective first step in protecting intellectual property rights.
IV. DEFENDING AGAINST ALLEGATIONS OF INFRINGEMENT
A. Patent and Copyright Trolls (non-practicing entities)
1. What are trolls? What do they do?
a. There are definitional difficulties. Not all NPEs are bad actors.
37
b. The particular actions and business model of the NPE determines whether it is engaging in troll-like behavior. One typical image of a troll is a company or entity that purchases or acquires patents with no intention of putting the patented inventions into practice or using the invention to further its business. Rather, the troll's business model is based upon suing or threatening to sue many others who may or may not be infringing the patents with the expectation that most would prefer to pay the troll a settlement than undergo very expensive patent litigation. Although trolls are traditionally associated with patents, in the previous few years, copyright trolls have emerged.
2. Before you respond to a threatening letter from a troll…
a. Assess clients' rights; trolls' claimed rights; nature of
infringement allegations against client. b. Use Pacer, Google, or other search engine to research
specific troll's litigation patterns.
3. Strategies for advising clients on how to respond to trolls.
a. The Do-Nothing approach may actually be best. b. Negotiate a quick settlement.
c. Aggressively fight back. (e.g., Malibu Media, LLC v. John
Does 1-16, 902 F.Supp.2d 690 (E.D. Penn. 2012)).
4. Recently, there has been new legislation enacted and proposed legislation, both state and federal, that is targeted at deterring and preventing trolls from asserting frivolous claims. There have also been actions brought by the FTC regarding trolls based upon unfair and deceptive practices.
a. Congressional action.
i. SHIELD Act (HR 6245). ii. End Anonymous Patent Act (HR 2024). iii. Patent Quality Improvement Act (S 866). iv. Patent Abuse Reduction Act (S 1013). v. Patent Litigation and Innovation Act (HR 2639).
b. State laws and proposed laws.
i. Vermont statute, 9 V.S.A. Chapter 120.
38
ii. Oregon statute. iii. Kentucky Senate Bill (SB 116). iv. Proposed Revenge Porn Bill (HB 130).
c. Cases.
i. FTC v. MPHJ Technology Investments, LLC, et. al.,
U.S. District Court, Western District of Texas, Case No. 6:14-CV-00011-WSS (FTC sues company and its lawyers for allegedly engaging in nationwide deceptive practices in sending out massive numbers of threatening letters in bad faith.)
ii. MPHJ Technology Investments, LLC v. FTC, et. al.,
U.S. District Court, Western District of Texas, Case NO. 6:14-CV-00011-WSS (Company sues FTC complaining that FTC's investigation and tactics are outside the law and include an effort to deprive the company, and those like it, of counsel.)
d. Issues involved in taking action against trolls.
i. First Amendment. ii. Noerr-Pennington Doctrine. iii. Preemption.
5. Some of the same strategies apply when there is a cease and desist letter from practicing entities.
B. Responding to/Appealing Take-Down Notices Online
There are procedures set forth under many social media notice/take down policies for a poster to appeal a claim that its post violates another's intellectual property rights.
V. ADVISING CLIENTS ON WHEN THEY MAY USE PROTECTED WORKS –
FAIR USE
A. Fair Use Doctrine Applies to Copyrights and Trademarks but not Patents
B. Fair Use Encompasses First Amendment Defense to Copyright and Trademark Infringement Claims
C. Fair Use – Copyright
1. Statutory basis is 17 U.S.C. §107.
39
2. Whether a use is a fair use is not black and white, even if the use is for a purely educational purpose. The determination of fair use is made on case-by-case basis considering the following factors:
a. Purpose and character of the use.
i. Commercial v. non-profit education. ii. A direct economic benefit is not necessary to be
commercial use – stand to profit from use, e.g., generate internet traffic.
b. Transformative v. infringing derivative work.
i. Transformative adds something new with a further purpose.
ii. Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d
1146 (9th Cir. 2007) (Google's use of thumbnail images to create index of websites for search engine not infringement).
c. Nature of work – factual v. creative. d. Amount and substantiality of copyrighted work.
3. There are special statutory exemptions from copyright
infringement for certain activities associated with educational institutions, online educational programs and theological programs, 17 U.S.C. §110.
4. Attributions of credit may be helpful in a finding of fair use (or at
least suggest non-willfulness), but they are not determinative.
D. Fair Use – Trademark
1. Statutory basis is 15 U.S.C. §1115(b)(4) which exempts uses "other than as a mark."
2. Fair use in dilution cases is codified at 15 U.S.C. §1125(c).
a. Comparative advertising. b. Parody, criticism, commentary. c. Noncommercial use. d. News reporting and commentary.
3. Nominative fair use, New Kids on the Block v. News America
Pub., Inc., 971 F.2d 302 (9th Cir. 1992).
40
4. Fair use under the Anticybersquatting Consumer Protection Act,
15 U.S.C. §1125(d)(1)(B)(ii). VI. CONCLUSION/WRAP UP/QUESTIONS
41
THE DOL'S BUSY YEAR: RAISING THE SALARY MINIMUM FOR THE FLSA AND CRACKING DOWN ON INDEPENDENT CONTRACTORS
Sharon L. Gold* I. OVERVIEW OF WAGE AND HOUR LAW REQUIREMENTS
A. Who is Covered by the Fair Labor Standards Act (hereinafter, "FLSA")?
The FLSA applies to employees who work for enterprises engaged in interstate commerce. 29 U.S.C. §207(a). The business must have at least two employees and an annual dollar volume of sales of at least $500,000. Hospitals, businesses providing medical or nursing care for residents, school preschools, and government agencies are covered by the FLSA regardless of volume dollar sales. Unlike most employment laws, there is not a small employer exemption. Individuals may be covered by the FLSA even if their employers do not have the volume dollar sales necessary to be covered under the FLSA, if the employees are engaged in commerce or in the production of goods for commerce. The Department of Labor ("DOL") provides the following examples of those involved in interstate commerce and, thus, covered by the FLSA: "produce goods (such as a worker assembling components in a factory or a secretary typing letters in an office) that will be sent out of state, regularly make telephone calls to persons located in other States, handle records of interstate transactions, travel to other States on their jobs, and do janitorial work in buildings where goods are produced for shipment outside the State. Also, domestic service workers (such as housekeepers, full-time babysitters, and cooks) are normally covered by the law." DOL Fact Sheet, available at http://www.dol.gov/whd/regs/ compliance/whdfs14.pdf. The FLSA does not cover true independent contractors because these individuals are not employees. As will be discussed below, the DOL believes that most individuals are employees and, thus, are misclassified as independent contractors. The DOL estimates that over 130 million workers are covered by the FLSA. Kentucky wage and hour law is similarly broad. It applies to any employer who employs an employee which is defined as any person employed by or suffered or permitted to work for an employer. KRS 337.010(1)(d).
* 250 West Main Street, Suite 1600, Lexington, Kentucky 40507-1746, (859) 288-7443, [email protected], Blog: http://wyattemployment.wordpress.com/.
42
B. What are the Basic Requirements under the FLSA and Kentucky Wage and Hour Act (hereinafter, KWA)?
1. Minimum wage.
Employees must be paid the minimum wage $7.25 per hour (with certain exceptions for tipped employees). KRS 337.285; 29 U.S.C. §206(a). Some states and cities have increased their minimum wage floor above $7.25, including Lexington and Louisville. In February 2014, President Obama signed an Executive Order requiring federal contractors to pay a minimum of $10.10/hour, up from the current minimum wage of $7.25, on certain federal service contracts.
2. Overtime.
Unless an exemption applies, employees are entitled to receive time and a half their regular rate of pay for all hours worked over forty. KRS 337.285; 29 U.S.C. §207(a).
3. Recordkeeping requirements.
Both the KWA and FLSA require employers to maintain certain records.
a. KRS 337.320 provides:
Every employer shall keep a record of: (a) The amount paid each pay period to each employee; (b) The hours worked each day and each week by each employee; and (c) Such other information as the commissioner requires. (2) Such records shall be kept on file for at least one (1) year after entry. They shall be open to the inspection and transcript of the commissioner or the commissioner's authorized representative at any reasonable time, and every employer shall furnish to the commissioner or the commissioner's authorized representative on demand a sworn statement of them. The commissioner may require the statement to be upon forms prescribed or approved by him or her.
43
b. 29 U.S.C. §211(c) provides:
Every employer subject to any provision of this chapter or of any order issued under this chapter shall make, keep, and preserve such records of the persons employed by him and of the wages, hours, and other conditions and practices of employment maintained by him, and shall preserve such records for such periods of time, and shall make such reports therefrom to the Administrator as he shall prescribe by regulation or order as necessary or appropriate for the enforcement of the provisions of this chapter or the regulations or orders thereunder. The employer of an employee who performs substitute work described in section 207(p)(3) of this title may not be required under this subsection to keep a record of the hours of the substitute work.
C. Why It Matters?
1. FLSA remedies.
a. Unpaid wages going back two years (three if willful). b. Liquidated damages if violation was not in good faith. c. Attorney's fees. d. Fines if prosecuted by the DOL. e. Collective action which can be very costly. The average
FLSA settlement in 2014 was for $5.3 million, which was down from the previous year of $6.9 million.
2. KWA remedies.
a. Unpaid wages going back five years. b. Liquidated damages if violation was not in good faith. c. Attorney's fees. d. Fines if prosecuted by the Kentucky Labor Cabinet.
44
3. Increase in DOL enforcement efforts.
In the past few years, the DOL has ramped up its enforcement efforts. In fact, from FY 2009 to FY 2014, the DOL saw a 23 percent increase in agency-initiated investigations. In addition, there was a 20 percent increase in establishments found in violation during the same time frame. There was a 78 percent violation rate in agency-initiated investigations in FY 2014 and $659,000 in back wages recovered by DOL every day. http://www.dol.gov/whd/statistics/. DOL has targeted certain industries, including: fast food, hotel/motel, residential construction, janitorial services, moving companies/logistics providers, agricultural products – multiple sectors, landscaping/horticultural services, health care services, home health care services, grocery stores – retail trade, and retail trade – mass merchants; department stores; specialty stores. See DOL Strategic Plan, available at: https://www.dol.gov/whd/ resources/strategicEnforcement.pdf.
D. White Collar Exemptions
Overview of white collar exemptions: pursuant to 29 U.S.C. §213(a)(1); 29 C.F.R. 541, there are employees who are exempt from overtime requirements. These exemptions long ago became known as the "white collar" exemptions and the primary ones include: 1) Executive; 2) Administrative; 3) Professional; 4) Outside Sales; 5) Highly Compensated; and 6) Computer Professional. Generally, in order to qualify as exempt, an employee has to pass two tests: 1) duties test; 2) salary basis test.
II. DOL'S NOTICE OF PROPOSED RULEMAKING INCREASING THE SALARY
REQUIREMENTS FOR EXEMPT EMPLOYEES UNDER THE FLSA
A. Salary Basis Test – Notice of Proposed Rulemaking
On Tuesday, June 30, 2015, in an attempt to "modernize and streamline" the regulations on exemptions from the Fair Labor Standards Act's ("FLSA") minimum wage and overtime pay requirements, the U.S. Department of Labor issued a Notice of Proposed Rulemaking ("NPRM)" which focuses primarily on increasing federal overtime pay regulatory coverage to nearly 5 million people by raising the minimum salary threshold required to qualify for the FLSA's "white collar" exemptions. Specifically, the Department proposes to: set the standard salary level at the 40th percentile of weekly earnings for full-time salaried workers ($970 a week; or $50,440 a year) in 2016; increase the total annual compensation requirement needed to exempt highly compensated employees (HCEs) to the annualized value of the 90th percentile of weekly earnings of full-time salaried workers ($122,148 annually); and establish a mechanism for automatically updating the salary and
45
compensation levels going forward so as to ensure a useful and effective test for exemption. The Department's regulations have generally required each of the following three tests to be met for the white collar exemptions to apply: 1) the employee must be paid a predetermined, fixed salary that is not subject to reduction because of variations in the quality or quantity of work performed; 2) the amount of salary paid must meet a minimum specified amount; and 3) the employee's job duties must primarily involve executive, administrative, or professional duties. However, some highly compensated employees are exempt from the overtime pay requirement if they are paid total annual compensation of at least $100,000 (must include at least $455 per week paid on a salary or fee basis) and if they customarily and regularly perform at least one of the exempt duties or responsibilities of an executive, administrative, or professional employee. The Department set the levels on data available from the Bureau of Labor Statistics at: http://www.bls.gov/cps/research_nonhourly_earnings_ 2013.htm.
In addition to comments on the salary increase, the DOL asked for comments on whether nondiscretionary bonuses and incentive pay should be included in the calculation of the minimum increased salary. Neither are currently included in the minimum increased salary. The proposed rule requires that the salary be adjusted automatically and proposes two different methods: 1) salary levels pegged to the 40th and 90th percentiles of earnings for full-time salaried workers, respectively OR 2) adjust the standard salary and highly compensated amounts based on changes in inflation, as measured by the Consumer Price Index for all Urban Consumers (CPI-U). Those employees covered by the outside sales exemption, including doctors, lawyers, and teachers are not subject to the salary basis test and, therefore, the new salary increase will not affect their salaries. The NPRM received 264,093 comments! The DOL is considering the comments and will either revise the NPRM in accordance with the comments or will keep the NPRM as is and then there will be an effective date. Business groups have threatened to oppose the rule if it is enacted.
B. NPRM Compliance Tips
Even before the Rule is in effect, it is important to think about how to comply with the increased salary requirement. Here are some tips.
1. Identify exempt employees whose salaries will fall below the new
minimum. 2. Decide whether to increase those workers' salaries to maintain the
exemption or convert them to nonexempt status.
46
3. If an employee is converted to nonexempt status, implement changes attendant to the employee's new status, such as keeping time records (newly nonexempt employees may need training on writing down all compensable time), providing lunch and rest breaks, and paying overtime.
4. Review and update off-the-clock work policies. Consider
implementing a policy regarding after hours use of mobile devices for work-related purposes.
5. Review and update overtime policies. Consider including
language encouraging employees to promptly report any error in overtime pay calculations.
6. Evaluate and update time tracking systems. 7. Establish a procedure to keep track of the new minimum salary
level as it increases every year. 8. Consider employing legal counsel to conduct a wage and hour
audit. 9. Budget for the upcoming changes now.
C. Duties Test Continues to Cause Litigation
The NPRM did not make any changes to the duties test that is utilized to determine if an employee is exempt (for, instance, some thought the proposed rule would require that a certain amount of time be spent in management). However, the DOL did ask for comments on several questions concerning the duties test, including the following:
A. What, if any, changes should be made to the duties tests? B. Should employees be required to spend a minimum amount of time performing work that is their primary duty in order to qualify for exemption? If so, what should that minimum amount be? C. Should the Department look to the State of California's law (requiring that 50 percent of an employee's time be spent exclusively on work that is the employee's primary duty) as a model? Is some other threshold that is less than 50 percent of an employee's time worked a better indicator of the realities of the workplace today? D. Does the single standard duties test for each exemption category appropriately distinguish between exempt and nonexempt employees? Should the Department reconsider
47
our decision to eliminate the long/short duties tests structure? E. Is the concurrent duties regulation for executive employees (allowing the performance of both exempt and nonexempt duties concurrently) working appropriately or does it need to be modified to avoid sweeping nonexempt employees into the exemption? Alternatively, should there be a limitation on the amount of nonexempt work? To what extent are exempt lower-level executive employees performing nonexempt work?
See NPRM. The DOL also asked for comments on whether additional specific occupations should be listed within the regulations. Finally, the DOL solicited comments for "the computer and information technology sectors as to what additional occupational titles or categories should be included as examples in the part 541 regulations, along with what duties are typical of such categories and would thus cause them to generally meet or fail to meet the relevant EAP exemption criteria." Id.
III. MISCLASSIFICATION OF INDEPENDENT CONTRACTORS
A. DOL Guidance
The FLSA defines "employee" as "any individual employed by an employer." 29 U.S.C. §203(e)(1). The term "[e]mploy includes to suffer or permit to work." 29 U.S.C. §203(g). In July of 2015, the DOL released new guidance on the FLSA's "suffer or permit" standard that governs the distinction between employees and independent contractors. The DOL stated that the goal of the guidance is to reduce the increasing number of employees who are misclassified as independent contractors. The Interpretation does not have the force of law, but it does indicate the DOL's focus on misclassification issues.
48
The DOL uses an "economic realities" test to determine whether a worker is an employee. The determinative question: Is the worker economically dependent on the employer or in business for himself? The DOL suggests that the following factors be used: (1) the extent to which the work performed is an integral part of the employer's business; (2) the worker's opportunity for profit or loss depending on his or her managerial skill; (3) the extent of the relative investments of the employer and the worker; (4) whether the work performed requires special skills and initiative; (5) the permanency of the relationship; and (6) the degree of control exercised or retained by the employer. The guidance goes on to discuss each factor in greater detail. Significantly, the DOL opined in the guidance that "applying the economic realities test in view of the expansive definition of 'employ' under the [FLSA], most workers are employees under the FLSA." (Emphasis added).
B. Kentucky Labor Cabinet Memo of Understanding
On July 15, 2015, the Kentucky Labor Cabinet agreed to share information about Kentucky employers with the DOL.
49
C. Compliance Tips for Independent Contractors
1. Identify independent contractors and re-evaluate their status. 2. Review independent contractors' activities. 3. Labels used by employers and workers, even in a contract, will not
be determinative if the workers' activities indicate an employment relationship.
4. Is an independent contractor performing the same type of work as
employees? 5. Evaluate the extent to which independent contractors are
economically dependent on your company. Do the contractors own their own companies? How long have they been working for you? Do they work for anyone else?
6. Consider engaging legal counsel to conduct an audit (ensure
results are protected by the attorney-client privilege).
50
51
THE "HOW TO" OF SECURING ELECTRONIC DATA MY ADVERSARY GETS TO SEE MY DATA. WHAT NOW?
Emily W. Newman, Esq.
I. INTRODUCTION
While the world becomes paperless, the litigation discovery process seems to grow exponentially. The water cooler office chats are now forever captured in emails, text message, instant messages, and social media. The relationship between the technology and litigation is a paradox at best. While technology provides an enormous benefit by permitting the creation, storage, transmission, and retrieval of large quantities of information, it also captures the smallest bits of information. When you combine lawyers and technology, it opens up a completely new level of discovery, now called E-discovery. Because eradicating litigation (or lawyers) is not an option, we have to find a way to create a tolerable coexistence between technology, litigation, and discovery.
II. WHAT IS E-DISCOVERY? DEFINING, LOCATING AND SECURING
RELEVANT DATA AND DOCUMENTS
E-Discovery refers to any process where electronically stored information (ESI) is sought, located, collected, searched, processed, produced, reviewed, or analyzed in a civil or criminal case. People and businesses are creating, collecting, sending, reviewing, and receiving ESI at immense rates, especially with mobile devices, which is exponentially increasing the amount of discoverable information and litigation costs. This affects every type of business and every type of law. The intangible nature of this information makes it more susceptible to unintentional destruction. Even the unintentional destruction of information can cause a tremendous headache and increase the value of even the smallest claims or issues. Spoliation issues can be high-stakes, case-dispositive, expensive, and governed by vague standards whose application to E-Discovery has not been fully developed. The amendments to Fed. R. Civ. P. 26(b)(1) and 37(e) are effective as of December 1, 2015. New Rule 26(b)(1) further limits the scope of permissible discovery of ESI by imposing a "proportionality" requirement. New Rule 37(e) clarifies the consequences for mishandling ESI. A. Defining Relevant Data and Documents
Discovery of ESI does not necessarily start when a complaint is filed and discovery is sent by the opposing side. "An obligation to preserve may arise when a party should have known that the evidence may be relevant to future litigation . . . ." Beaven v. U.S. Dept. of Justice, 622 F.3d 540, 553 (6th Cir. 2010). Reasonable anticipation of litigation speaks to the
Ms. Newman is a partner at Dzenitis Newman, PLLC, 6000 Brownsboro Park Boulevard, Suite F, Louisville, Kentucky 40207, [email protected].
52
probability – not possibility – of litigation. The mere possibility of a lawsuit does not generally impose a duty to preserve. Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2003). Determining when the duty to preserve is triggered is a question of law. Saksa-Mydlowski v. Ford Motor Co., No. CIV. 02-2950, 2006 WL 931611, *2 (D.N.J. Apr. 10, 2006). Once the duty to preserve is triggered, even if parties do not own or control the evidence, they still must give the opposing party notice of access to the evidence or of its possible destruction. Silvestri v. General Motors Corp., 271 F.3d 583, 591 (4th Cir. 2001). Litigation hold letters are only the start: counsel must oversee compliance and monitor efforts to retain and produce documents. In re Seroquel Products Liability Litigation, 244 F.R.D. 650, 663 (M.D. Fla. 2007).
1. Retention policy.
Part of this process is identifying what needs to be preserved and who may have that information. However, it is also necessary to strike a balance of mitigating risk without over-preserving. Knowing your business, your structure, and keeping key players involved is absolutely necessary. A good retention policy contemplates the types of ESI involved; whether specific legal requirements apply to certain types of ESI; where it is stored; storage cost; storage security; storage capacity; back-ups; who reviews, audits, and enforces the policy; who employees may contact with questions; and an action plan if litigation is threatened or filed. A retention policy should closely collaborate with IT personnel and lawyers who have been involved in this type of production. Their combined experience should help close any holes in the retention policy. Employees also need to be aware of the policy and know what to do and who to notify if they believe the obligation to preserve certain information has arisen. This will help create a pre-litigation paper trail that will combat potential spoliation issues down the road. Each retention policy will be different based on the type of business and documents involved. Further, state or federal law may require certain types of documents to be saved for a certain amount of time even without any anticipation of litigation. How the documents can be stored will differ as well. Again, state or federal law may dictate how to store certain records (HIPPA). This may involve the need for a password for certain documents. Also be aware of the potential exposure of documents by employees misplacing laptops, using personal devices, etc.
2. Litigation hold.
When litigation becomes a probability, you must identify devices and types of ESI in the possession or control of the party from whom the information is sought. You must also consider what information is available or in control of the opposing side and non-parties. You should consider servers, hard drives, personal
53
computers, work computers, tablets, text messages, voicemails, emails, GPS, phones, flash drives, cloud backups, wearable devices, smartwatches, cameras, social media outlets, and any other potential source of ESI. Once the source of the information is identified, sequester all potentially relevant ESI, initiate litigate hold and suspend purge policies internally. If someone else is in control of the information, issue litigation hold letters.
Litigation hold letters or notices should be sent to the relevant key players who may be in possession of the ESI. This may include store managers, hospital administrators or HR personnel, or other individuals who have access to retain or destroy the information. Litigation hold letters help protect the company from sanctions and negative inferences if litigation is filed. The party and their lawyer advising them can be jointly and severally liable for monetary sanctions. While a party to a lawsuit can act at its own peril if they take action contrary to its counsel’s instructions, counsel must still show reasonable and diligent steps taken to ensure preservation including "communicat[ing] the litigation hold order to all key players." Zubulake v. UBS Warburg LLC, 229 F.R.D. 422, 436 (S.D.N.Y. 2004). The scope and complexity of a litigation hold letter generally depends on the size and sophistication of the company, the importance of the data, and the nature of the litigation. Carefully consider to whom the letter is directed and instruct recipients not to discuss it with those outside the company. Companies should err on the side of preservation and contact litigation counsel with questions. This may include suspending normal business practices such as the automatic deletion of emails or the destruction of files after a certain time frame.
The responsibility does not end once the litigation hold letter is sent. Companies and counsel must follow up to confirm the recommended steps were taken. If you receive a litigation hold letter from an opposing party, it is imperative that it be reviewed and responded to, particularly if it seeks to impose a markedly overbroad duty to preserve ESI. The response can help mitigate later disputes about the scope of ESI that was required to be preserved. If the requested documentation does not exist at the time the litigation hold letter is received, let the sender know. Again, the response can help avoid potential sanction or destruction of evidence instruction later in the litigation process. If the received litigation hold letter seeks images, recordings or other time-sensitive information (security footage on a loop) timely action upon receipt of the litigation hold letter is invaluable.
Finally, receipt of a litigation hold letter may be your first notice of a potential claim. Take that opportunity to identify the individuals
54
involved and begin to investigate the "what, when, where and why" of the potential case.
B. Locating Relevant Data and Documents
While defining the relevant data, you must simultaneously begin to locate it. This sounds so easy but with the wide array of computer gadgets utilized in business today and computer information multiplying by the second, it can be a daunting task. When conducting this process leave no stone unturned. Before turning those stones, however, consider whether you need to secure the assistance of a computer forensic expert. The data and documents you have defined as relevant will guide this decision. If you have determined that your case turns on the content in some specific documents, retaining a forensic expert may not be necessary. However, if your case will turn on the date the document was created, who revised the document, or even recovering a deleted document, then you will need a forensic expert to assist you in locating that information. Computers have the uncanny ability to retain information that we mere mortals believed to be deleted and the simple act of turning a computer on may change the data it has stored. A forensic expert possesses the knowledge and tools necessary to ensure that the data you need to locate remains available or remains in its original form for your safe retrieval at a later time. The key is to critically evaluate the facts in the matter at hand and recognize when a forensic expert is needed. Whether you are working with a forensic expert or not, you will begin by determining where the relevant information may be located. Will it be found in word processing documents, spreadsheets, photographs, emails, texts, metadata or all of the above? This will assist you in determining where to look. Emails present a unique circumstance by virtue of the fact that they are frequently sent to multiple parties, then forwarded to even more individuals, and may be sent interoffice or via the Internet. This is the type of rapid proliferation that makes pinpointing the location of relevant information difficult and may require an expansive search to ensure all of the relevant data is discovered. Proceed by identifying the devices on which the relevant data was created, stored, or received. In addition to personal computers and laptops, today’s professionals survive by utilizing portable devices such as tablets and cell phones to conduct their daily business. We transfer information from one computer to the next on diskettes, CDs, DVDs, flash drives, cloud services, websites, and programs such as Dropbox. For these reasons, none of these tools can be overlooked when trying to locate data determined to be relevant to the case. Your IS department will also likely assist in the process. Remember, they are there to ensure that the computer system on which your company’s vital information is stored runs smoothly and is protected should an emergency arise. To accomplish that goal, they create back-up and
55
archival systems for the data. Although those systems are not meant to save every single piece of data created, they may still be a source of relevant data depending on the issues in your case. Simply discussing the systems in place and dating the data available from the department may make the determination. Because computer technology is rapidly advancing, companies are forced to constantly update their computer systems. This may leave an old computer, last used by the employee who is now suing you, in a storage room just waiting to be discovered. Admittedly this is a more unlikely source compared to those discussed above. Nonetheless, it is a potential source of relevant data that should not be summarily ignored.
C. Securing Relevant Data and Documents
Your ability to multi-task will be tested because while you are defining and locating relevant data, you must be sure to secure it as well. If all of these steps are not performed simultaneously, the information you previously defined as relevant may be forever gone by the time you get around to securing it for later use. Fortunately, you will likely have numerous individuals to assist with the securing process. Of course, the "key players" will need to be notified and briefed on their involvement. Although it may seem obvious, they should be reminded that the data in their possession should not be altered or destroyed in any way. If those involved in the litigation are still involved with work that is relevant to the litigation, consider segregating later-created documents to prevent any confusion by your opponent or the court. Printing hard copies of the information also presents a viable option if the metadata will not be at issue in the case. When the metadata is at issue, a forensic expert’s involvement is invaluable. That expert may suggest making a "mirror image" or bit by bit exact duplicate of the storage media. This is best described as an electronic photograph of an individual’s data exactly as it appeared when the image was obtained. In other words, the data on the system is preserved "as is" for later review and analysis. This is not to suggest distrust of the employees involved. Instead, a mirror image alleviates any concern over unintentional alterations or deletions and may serve to undermine any allegations of spoliation your opponent may later assert. It is also a noninvasive tool that will allow you to secure the relevant data but continue with the business at hand. Your company’s IS department should also be included in the process of securing information. From educating those involved on the company’s computer system to backing up the data needed for the case, their involvement, like all other variables, will ultimately depend on the facts and circumstances of the particular case. For example, if you have determined that an employee’s email potentially contains relevant information, the IS department will advise you that many email programs have an "auto delete" feature that automatically disposes of information
56
after a specified period of time. Fortunately, the IS department would also have the ability to suspend that feature until the data is safely secured. Thus, depending on the issues with which you are presented, the IS department may be an invaluable tool for protecting your interests in the litigation.
III. PRODUCING THE DOCUMENTS FOR REVIEW AND EXCHANGE.
After completing the painstaking task of defining, locating, and securing the relevant data, that information will be produced to your attorney and much of it exchanged with your opponent. To ensure the information exchanged is appropriate, accurate and complete, this process, like the gathering process, also requires thoughtful procedures. A. Meeting/Communicating with Attorney
Not to overstate our worth, but meeting with your attorney is one of the most important steps to accomplish early in the litigation and, in some cases, long before. As discussed above, your attorney is there to assist not only with defining, locating, and securing relevant data but also to facilitate the exchange of appropriate information with opposing counsel. To ensure a successful exchange of information, your attorney must determine the scope of your opponent’s requests, proceed with a thorough review of the relevant information gathered, and extract and produce only the relevant information that is discoverable by your opponent. An early meeting between the attorney, risk management personnel and the "key players" involved provides the opportunity to devise a plan for accomplishing those tasks and to set forth everyone’s role in the plan. Continued communication between those involved ensures that everyone remains on the same page as the plan is implemented. Risk management personnel and the key players involved are in the best position to evaluate the procedures, methodologies, and technologies appropriate for preserving and producing their own electronic data and documents. The attorney needs that information to determine the best manner for conducting the actual exchange with opposing counsel. In electronic discovery, unique issues arise. In fact, you may be required to produce actual computer devices. If so, your attorney must consider issues such as the best location for the exchange and naming a proper custodian to care for the device. Whether a computer forensic expert’s assistance would benefit the exchange is also a question that you, and your attorney, will want to answer.
B. The Role of a Computer Forensic Expert
Given the increasing rise of electronic based discovery, computer forensic experts will likely become frequent participants in litigation. With their knowledge of the inner workings of a computer, these experts will serve as educators and guides for the clients, attorneys, and judges who struggle to identify the proper method for locating, securing, and
57
producing relevant electronic data. They will recommend obtaining a "mirror image" of a computer if necessary. They will assist in determining whether the actual devices should be produced for a forensic examination. They will help ensure that electronic records are admissible in court and will do their work with a minimum disruption to your ongoing business. By identifying potential electronic liability issues and, thereby decreasing the potential for electronic surprise, there is also the possibility that they will decrease a party’s risk for sanctions that could be imposed when information is destroyed or altered. In addition to the supporting role, a forensic expert could potentially reveal the "smoking gun" without which the case may be difficult or impossible to win. Indeed, the very data needed to support your position may be recoverable only by one of these experts. With that circumstance in mind, the benefit of a computer forensic expert in certain cases is unmatched.
C. Maintaining Data/Documents not initially Produced but later Needed
Of course, there are always documents identified in discovery that you choose not to produce to your opponent because you believe they are irrelevant, privileged, or both. Although both are valid reasons for not producing the data, your objection does not relieve you of the duty to preserve the information. Your opponent will most likely dispute your position and the court will be left to decide the issue. To make the decision, the data must be available in the proper form for the court to review. You and your attorney will, therefore, be responsible for properly securing the disputed data. This may include, but is not limited to, physically segregating and storing the pertinent electronic devices or obtaining a mirror image of the system. Whatever steps may be necessary to preserve the data, they must be taken. The failure to do so may turn a good case bad or a bad case worse.
IV. CONCLUSION
Technology has undeniably made our lives much easier in many respects. As the modern day hero in business, it makes the creation, transfer and storage of vast amounts of information almost effortless. But all good things must come to an end and they frequently do when litigation is involved. Technology is no different. What was previously viewed as a positive ability to create, transfer, and store data is suddenly seen as a liability aspect when computers and technology are combined with litigation.
This change is likely due to the sobering realization that technology can store amounts of information that are inconceivable to the average person and types of information unknown to the average person. This begs the question: How am I supposed to secure the information I need when I do not know the information I have? The answer is simple. We begin with the longstanding principles that apply to standard discovery and then adapt by acknowledging and considering the unique circumstances that arise with computers and electronic discovery. To implement this adaptation, we must develop a strong familiarity with computers,
58
their abilities, and their "secrets." However, we must also have the ability to recognize when we require the assistance of an expert to facilitate electronic discovery and properly secure electronic data. Otherwise, computers and litigation will never harmoniously coexist.
59
CHECKLISTS FOR DOCUMENT PRESERVATION/E-DISCOVERY 1. WHERE IS INFORMATION STORED – HARDWARE
Identify servers – how many, where, what offices/departments use which servers
List desktops and stand alones in use Search for CDs, DVDs, flash drives, other removable media Have employees reveal home computers they've used for business
purposes Identify notebook computers, tablets, phones, PDAs, voice mail systems,
fax machines, copying machines that might contain relevant information Gather details on all backup systems used during relevant time period Locate tape and other storage media Determine whether email exists in external internet service provider
servers 2. WHERE IS INFORMATION STORED – SOFTWARE
Identify and list all software currently used to create or store information Identify and list all software previously used to create or store information Check for outdated software no longer in use that may have been used to
create data in the past Determine whether different systems use different software as a platform Identify operating systems
3. WHAT TYPE OF MATERIAL IS STORED AND HOW IS IT ORGANIZED/
REFERENCED FOR SEARCH
Determine whether drafts are maintained either automatically or manually Locate storage or final documents only Consider the existence of non-searchable scanned documents, pictures,
diagrams Analyze how information is stored: by job; department; facility; individual
employee
60
Ascertain whether back up is used in place of other storage Does the organization maintain paper copies of electronic information Is paper or electronic information stored offsite
4. WHO IS RESPONSIBLE FOR INFORMATION STORAGE
Begin at level of creation of particular type of information and design a chart of individuals responsible for creation, modification, storage of information
Begin at highest policy making level concerning information retention and
storage and list those involved in policy making and storage both within and outside the organization
List those who may be storing information informally (burning CDs, using
home computers, etc.) List all those who are storing information as part of job description
5. ARE THERE ROUTINE PROCESSES OR PROCEDURES FOR DOCUMENT DESTRUCTION
Identify all outsourcing partners (whether or not they are information
technology outsourcers) For information technology outsourcers, list all persons involved in
working with the organization's information For other outsourcers, determine what information concerning the
organization's products/services outsourcer creates/uses/has access to and who controls that information
6. ARE THERE ROUTINE PROCESSES OR PROCEDURES FOR DOCUMENT
DESTRUCTION
Identify the individuals who set the policies Determine how the policy has been communicated Identify whether employees are reminded of it regularly, and list dates Find any writings concerning policies and whether employees are
required to acknowledge by initialing or signing the policies Identify the persons who monitor/supervise the destruction Identify the persons who administer the destruction If destruction is automated, determine who can suspend
61
Determine whether all copies of information are destroyed Consider whether back-up is covered by routine destruction Learn whether policy applies to paper as well as electronic information Identify information outside the policy – i.e. for personal destruction (voice
mail, etc.) or for permanent storage (personnel records, etc.) 7. WHO IS RESPONSIBLE FOR MONITORING DOCUMENT RETENTION
Determine whether anyone is responsible for monitoring document retention
Determine whether it is the same person as document destruction Describe how policy has been communicated/enforced Identify individuals who keep documents in spite of policy If organization has participated in an electronic information audit, acquire
a copy 8. ARE THERE PROCEDURES IN PLACE FOR SUSPENDING DOCUMENT
RETENTION POLICIES
Define what must be retained and where it is by considering nature of litigation and Items 1, 2 and 3 above
Identify who must be notified Decide how notification occurs – orally, writing, meetings Create notification Impress on all those in Item 4 above the importance of suspending
policies Follow up notification with individual contact with key people to ensure
compliance Monitor compliance Limit the sources included in the suspension of the destruction policy so
that information unrelated to the litigation continues to be destroyed.
62
9. ARE THERE PROCEDURES IN PLACE FOR NOTIFYING EMPLOYEES WHO HAVE MATERIAL NOT CONTROLLED BY ORGANIZATION TO PRESERVE INFORMATION
Identify employees with material at home, etc. Monitor notification of outsourcers Consider information on stand alones, desktops, notebooks, PDAs, etc.
10. ARE THERE PROCEDURES IN PLACE TO SUSPEND THE DESTRUCTION
OF DOCUMENTS NOT YET SUBJECT TO ORGANIZATION'S DOCUMENT RETENTION POLICY
Identify persons with material in process not yet stored permanently Create notification specifically for that information Design process to monitor new information being added to "permanent"
storage and whether it needs to be outside the document destruction protocols
11. ESTIMATING COST OF REVIEW OF DOCUMENTS AND SUSPENSION OF
DOCUMENT RETENTION SCHEME
Estimate cost of retaining information that would be destroyed Estimate cost of reviewing information for privilege/confidential/proprietary
information Consider the cost of acquiring and using outdated software/hardware to
access legacy data Define cost of restoring backups and not recycling backup media
12. METHOD OF REVIEWING AND MODIFYING PRESERVATION AS
DISCOVERY PROCEEDS
Routinely monitor procedures being used and communicated Regularly remind those identified in Item 4 to continue compliance Schedule times during litigation to review protocols to limit the documents
being retained as issues in the litigation are narrowed After the end of litigation, review process and revise procedures Reinstitute destruction policy Recover any sensitive information disclosed in discovery
63
THE TOP FIVE ETHICAL VIOLATIONS FOUND IN MALPRACTICE CLAIMS Lawyers Mutual Insurance Company of Kentucky
This presentation is based on the ABA's 2011 Spring National Legal Malpractice Conference program "Top Five Ethics Violations and Resulting Claims for Legal Malpractice" that discussed client identity, scope of representation, conflicts of interest, doing business with a client, and getting paid and getting out as the major ethics problems leading to malpractice claims. Panelists were Kelly L. Faglioni, Partner, Hunton & Williams LLP; Professor Bruce Green, Fordham University School of Law; and Brent Weidner, Claims Manager, Beazly. I. CLIENT IDENTITY
A. The Problem
Many lawyers consider it easy and obvious to identify their clients and what duties are owed them. While it may seem counterintuitive, confusion over client identification often occurs and leads to both ethics violations and malpractice claims. The ABA panelists pointed out these situations when problems over client identification often arise:
Prospective clients
Joint representations
Corporate affiliates
Unincorporated entities: LLCs, partnerships, associations, consortium, pre-incorporation
Controlling shareholders
Individuals v. entities: board members, officers, employees, constituents
Third party payors
Other third parties: beneficiaries, lenders, investors, joint venturers, opposing parties
Additional client identification problems concern:
Curbstone request for legal advice
Persons with diminished capacity (e.g., older adults and minors)
Passive or straggler clients (are they former clients or current clients?)
Invalid termination of client
Internet contacts – Contacts made on lawyer websites and unsolicited email
B. The Application of the Kentucky Rules of Professional Conduct (KRPC) to
the Problem
It may come as a surprise to some that the KRPCs do not govern the formation of the lawyer-client relationship. This is a matter of law. Once a lawyer acquires a client, however, the KRPCs establish the ethical
64
standards for client relations that include scope of the representation, communications, confidentiality, conflicts of interest, fees, and disengagement. (See KRPC 1.1 – 1.18) Violation of these rules because a lawyer did know who his client was can lead to both bar disciplinary action and malpractice claims.
C. Kentucky Law on Formation of the Lawyer-Client Relationship
A Kentucky Court of Appeals decision nicely summarized the law on the formation of the lawyer-client relationship, third-party beneficiary issues, and duties owed to a minor. What follows is a recap of this decision as it appeared in Lawyers Mutual's Winter 2012 newsletter.
"The Kentucky Court of Appeals Addressed Attorney-Client Privity and Lawyer Liability to Third Parties in Anderson v. Pete"* This opinion is an excellent review of Kentucky malpractice law covering when an attorney-client relationship comes into existence and when duties are owed to unrepresented intended beneficiaries of an action. The underlying case concerned a wrongful death action against the employer of a driver killed in a motor vehicle accident and loss of consortium for the deceased's wife, Elizabeth. Plaintiff's lawyer, Pete, did not name two minor children, Michael and Malik, as plaintiffs and the action did not include claims for loss of consortium/parental love and affection for the children. After the case was lost and the appeal dismissed, a professional negligence case was brought against Pete on behalf of Michael and Malik. Pete filed a motion for summary judgment "alleging the suit was barred because there was no attorney-client relationship between Pete and the children and because any other claims of the Estate had since been barred by the statute of limitations. The motion was granted by the Jefferson Circuit Court on the grounds that Michael and Malik did not have privity with Pete, and thus did not enjoy an attorney-client relationship with Pete and lacked standing to sue for professional negligence."
Privity The Court of Appeals first considered whether there was a basis to conclude that Michael and Malik had an attorney-client relationship with Pete as Elizabeth claimed she believed:
The existence of an attorney-client relationship "is a contractual one, either expressed or implied by the conduct of the
65
parties." Daugherty v. Runner, 581 S.W.2d 12, 16 (Ky. App. 1978). Restated, the attorney-client relationship need not necessarily arise by contract, but may also arise through the conduct of the parties. Lovell v. Winchester, 941 S.W.2d 466, 468 (Ky. 1997). If the relationship is to arise through the parties' conduct, it must be born of a "reasonable belief or expectation" on the part of the would-be client that the attorney has agreed to undertake the representation. Id.
Our Supreme Court has recently laid to rest any dispute over whether an attorney may have an attorney-client relationship with a minor in the case of Branham v. Stewart, 307 S.W.3d 94, 95 (Ky. 2010). In Branham, the high Court held that an attorney representing a minor's next friend on behalf of a minor is in an attorney-client relationship with the minor as a real party in interest and owes professional duties to the minor. Id. at 95. The minor is also said to be in privity with the attorney, despite their minority. Id. at 99.
….
In the present circumstances, since Michael and Malik stood to be awarded one-half of any damages recovered in the wrongful death action, it seems quite reasonable that Elizabeth would have believed that Pete was representing the children and raising any and all available claims on their behalf. As such, we are compelled to reverse the trial court's summary judgment.
Third Party Beneficiary Liability
Next the Court considered whether Pete owed Michael and Malik duties as third-party beneficiaries intended to be benefited by Pete's performance:
[T]here "is no privity requirement for legal malpractice actions in Kentucky." Sparks v. Craft, 75 F.3d 257, 261 (6th Cir. 1996). Instead, an attorney can be held "liable for damage caused by his negligence to a
66
person intended to be benefited by his performance irrespective of any lack of privity." Hill v. Willmott, 561 S.W.2d 331, 334 (Ky. App. 1978), quoting Donald v. Garry, 19 Cal.App.3d 769, 97 Cal. Rptr. 191 (1971). When an attorney is retained to file a wrongful death action by the administrator of an estate, the attorney clearly intends to benefit both the client estate and the individuals in the estate who will receive a share of the damages under KRS 411.130 should he successfully defend the suit. They are two sides of one coin that cannot be logically divided from one another. Indeed, the individuals named in KRS 411.130(2) are the real parties in interest in such a suit. Vaughn's Adm'r, 179 S.W.2d at 445. Thus, on remand, even if Pete is found not to be in privity with Michael and Malik because discovery reveals that the parties contracted for him to represent Elizabeth solely and not the children, he will still have owed duties to Michael and Malik as intended beneficiaries of the wrongful death action. Thus, the result is inescapable that Pete owed a duty to Michael and Malik – whether as attorney to client or as attorney to intended beneficiary.
*No. 2010-CA-000472-MR, 10/7/2011. Motion for discretionary review has been filed.1
D. Managing the Risk
1. ABA panelists suggested these risk management procedures:
a. Use file-opening procedures that clearly identify the client. b. Always use letters of engagement to document who the
client is. c. Have as firm policy that joint representations are
discouraged.
1 The Kentucky Supreme Court affirmed this decision in Pete v. Anderson, 413 S.W.3d 291 (Ky.
2013).
67
d. Have as firm policy that representing individuals within client entities is discouraged.
e. Always use letters of nonengagement when a prospective
client does not become a client. f. Be thoroughly familiar with the professional responsibility
rule on Organization as Client (KRPC Rule 1.13). 2. Letters of engagement.
The first risk management action that should be taken with every new matter is the preparation of a comprehensive letter of engagement including fee terms and conditions. The following checklist identifies key considerations in crafting a comprehensive LOE for a new matter:
a. Client identification. b. Related-party identification. c. Conflict of interest, attorney-Client privilege, and
confidentiality issues. d. Scope of representation. e. Related matters and limiting the scope of representation. f. Identification of goals. g. Scope of authority. h. Staffing the engagement. i. Legal fees and expenses.
i. Retainers. ii. Rate changes.
j. Billing procedures.
i. Format. ii. The client's responsibilities for fee payment. iii. How often the client will be billed. iv. When payment is expected to be made.
68
v. The firm's options when fees and costs are not paid timely.
vi. Whether interest will be charged for late fee
payment. vii. What fees are due if the client discharges the
lawyer before completion of the representation. k. Scheduling major steps. l. File retention and destruction. m. Dispute resolution. n. Withdrawal or termination. o. Signature by lawyer and client.
3. Declined and terminated representations.
a. Always use letters of nonengagement for declined representations that are best sent by certified mail, return receipt requested. It is guaranteed that a former pro-spective client with a complaint or claim never receives nonengagement letters sent by regular mail. A typical letter:
i. Thanks the prospective client for making the
personal contact, calling, or coming into the office. ii. Includes the date and subject matter of the
consultation. iii. Provides clearly that representation will not be
undertaken. iv. Repeats any legal advice or information given –
making sure that it complies with the applicable standard of care.
v. Advises that there is always a potential for a statute
of limitations or notice requirement problem if the matter is not promptly pursued elsewhere. Providing specific statute of limitations times should be avoided because of the limited information typically received in a preliminary consultation. If, however, it appears that a limitations period will expire in a short period of time, the declined prospective client should be informed of this
69
concern and urged to seek another lawyer immediately.
vi. Advises that other legal advice be sought. vii. Avoids giving an exact reason for the declination,
why the claim lacks merit, or why other parties are not liable.
viii. Encourages the person to call again.
b. Do not leave a terminated client in doubt that the lawyer-
client relationship is over or forget that a terminated client is a high risk for making a malpractice claim or bar complaint. Always document a termination with a disengagement letter that:
i. Confirms that the relationship is ending with a brief
description of the reasons for withdrawal. ii. Provides reasonable notice before withdrawal is
final. iii. Avoids imprudent comment on the merits of the
case. iv. Indicates whether payment is due for fees or
expenses. v. Recommends seeking other counsel. vi. Explains under what conditions the lawyer will
consult with a successor counsel. vii. Identifies important deadlines. viii. Includes arrangements to transfer client files. ix. If appropriate, includes a closing status report.
4. Diminished capacity representations.
The risk of misunderstandings in diminished capacity client representations is large and requires heightened risk management practices. What follows are two recommendations on how to manage this increased risk.
a. Letter of engagement (LOE): Always use a letter of
engagement in diminished capacity client representations that clearly identifies who the client is, the scope of the engagement, the fee agreement, and any special
70
instructions. In the scope paragraphs, cover specifically what will be done and what will not be done for the client. An example of a special instruction is client consent to reveal confidential information. It will usually be necessary to modify the language of a standard LOE to an easy to read/easy to understand format tailored to the ability of the client to comprehend.
b. Fee agreement: Do all that can be done in the LOE to
avoid fee issues. Ask for a substantial "evergreen" retainer at the inception of the representation. Charge a fixed fee collected in advance, if that is feasible. Keep in mind that withdrawing from representing a diminished capacity client is problematic. Withdrawing and suing the client for fees carries a great risk of both a malpractice claim and a bar complaint – a losing proposition for a lawyer when the adversary is a client with diminished capacity that the lawyer has dropped.
5. Website risk management guidelines.
a. Prepare and keep on file a written firm policy on the purpose of the website, what it is supposed to do, and what it is not intended to do. Include detailed guidance on specific features of the site and how they are to function, and specifically, how legal advice, if any, is to be provided through the website. This guidance should include how information is to be displayed that avoids misleading site visitors into believing they are getting legal advice for their matter; how terms and conditions and disclaimers are prominently featured to assure that site visitors assent to them; and how prospective client email is managed to avoid issues of attorney-client relationships, confidentiality, and failure to respond to an email.
b. Keep a complete paper and disk copy of each iteration of
the website for at least five years. Be sure it reflects how site visitors manifest assent to terms and conditions and disclaimers. Use "click wraps" or "click throughs" that require a site visitor to click on a disclaimer to show affirmatively the visitor's assent before accessing the website and before information can be sent to the firm. Be sure that the site visitor cannot finesse the click wrap procedure. Click wraps may be appropriate for several of the website pages.
c. Use plain English in drafting disclaimers – think in terms of
the least sophisticated site visitor. Do not assume that terms such as "lawyer-client relationship" or "confidential," that have specific meaning for lawyers, are understood by site visitors.
71
d. Be sure that disclaimers are prominently displayed on the home page. While it may be undesirable to pepper the disclaimer notice on every page of the website, that is the percentage way to go. Rulings that have not accepted disclaimers as effective often note their brevity or inconspicuous display on a website. Use click wraps liberally.
e. Use letters of non-engagement in response to prospective
client emails when the firm declines representation. Respond to all emails – do not leave a site visitor dangling. Advise site visitors not to consider that their email was received until they receive a confirming email from the lawyer. Save emails to disk just as you would file written correspondence from and to potential clients. It is hard to defend against a claim without some record of what occurred.
f. Design prospective client information intake procedures so
that only the minimum information necessary to perform a conflict of interest check is initially received. Use a click wrap to warn site visitors about sending too much information initially and to protect the firm from a conflict of interest issue if the site visitor does not comply.
g. In managing information received from prospective client
site visitors consider the teaching point that a website disclaimer of confidentiality can lead to problems of waiver of the lawyer-client privilege and client confidentiality if the prospective client's matter is accepted by the firm. Conversely, accepting the information as confidential may lead to a conflict of interest issue if the prospective client is declined. [An ethics expert] offers this disclaimer language as one way of dealing with this issue:
"By clicking 'accept' you agree that our review of the information contained in the email and any attachments will not preclude any lawyer in our firm from representing a party in any matter where that information is relevant, even if highly confidential and could be used against you, unless that lawyer had actual knowledge of the content of the email. We will otherwise maintain the confidentiality of your information."
72
6. Closing letters avoid passive and straggler client claims.
A closing letter should:
a. Make it clear to the client that no more services or bills will be rendered – the representation is concluded.
b. Return documents to the client in a timely manner (thereby
avoiding their loss), and provide the client courtesy information for future consideration of the matter (e.g., wills should be reviewed periodically).
c. Establish a firm date for the termination of the
representation that could prove invaluable for malpractice statute of limitations purposes if later accused of malpractice.
II. SCOPE OF REPRESENTATION
A. The Problem
Malpractice claims arise from failure to observe KRPC 1.2, Scope of Representation and Allocation of Authority Between Client and Lawyer. Trouble areas are:
1. Failure to use a LOE to document scope. 2. Failure to thoroughly describe the scope of the representation in a
LOE. 3. Mushrooming scope during the representation. 4. In limited scope representations (e.g., unbundling legal services)
failure to adequately delineate which services the lawyer will perform and which services will not be performed.
5. Accepting budget restrictions on research, staffing, and costs for
the representation imposed by a client or third-party payor (e.g., insurance company).
B. The Application of KRPC 1.2 to the Problem
Key provisions of KRPC 1.2 are:
1. 1.2(a): Subject to paragraphs (c) and (d), a lawyer shall abide by a client's decisions concerning the objectives of representation and, as required by Rule 1.4, shall consult with the client as to the means by which they are to be pursued.
73
2. Comment (2): On occasion, however, a lawyer and a client may disagree about the means to be used to accomplish the client's objectives. Clients normally defer to the special knowledge and skill of their lawyer with respect to the means to be used to accomplish their objectives, particularly with respect to technical, legal and tactical matters. Conversely, lawyers usually defer to the client regarding such questions as the expense to be incurred and concern for third persons who might be adversely affected.
3. 1.2(c): A lawyer may limit the scope of the representation if the
limitation is reasonable under the circumstances and the client gives informed consent.
4. Comment (6): The scope of services to be provided by a lawyer
may be limited by agreement with the client or by the terms under which the lawyer's services are made available to the client. When a lawyer has been retained by an insurer to represent an insured, for example, the representation may be limited to matters related to the insurance coverage. A limited representation may be appropriate because the client has limited objectives for the representation. In addition, the terms upon which representation is undertaken may exclude specific means that might otherwise be used to accomplish the client's objectives. Such limitations may exclude actions that the client thinks are too costly or that the lawyer regards as repugnant or imprudent.
C. Managing the Risk
1. Basic scope risk management procedures.
a. Always use an LOE in every representation that thoroughly describes the services the lawyer will perform for the client. Often the scope of the engagement turns out to be broader than the lawyer thinks as a result of poor client communications at the time of the engagement. Be careful to cover matters not included in the scope that a client might think are covered; e.g., when accepting a workers' compensation matter, be sure to inform the client that any potential tort claim is not within the scope of the representation. See also Daugherty v. Runner, 581 S.W.2d 12 (Ky. App. 1979), when the lawyer thought he was representing the client in a personal injury accident matter only and the client believed he was also representing him in a medical malpractice matter.
b. If during the representation scope "mushrooms" because
of new developments, always update the LOE to cover this added responsibility.
c. Document communications with the client about case
developments.
74
d. Document cost-benefit discussions and client imposed limitations on research and number of lawyers working on the matter.
2. Risk managing limited scope representations (excerpted from
"Limited Scope Representation," Kentucky Bench & Bar, May 2000).
Commentators discuss limited scope representations in two contexts – areas of law and functional services. The areas of law that frequently involve limited scope representations are real estate, personal bankruptcy, estate planning, divorce, and child support. On a functional basis legal service is unbundled into consultation and advice, correspondence review, research, docu-ment preparation, investigation and discovery, negotiation, court appearance, and appeal. Regardless of the context in which a limited scope representation is cast the professional responsibility duties and risks remain the same. Key considerations in assessing limited scope risks are
Matter screening: As a general rule you should be competent to practice all of the client's matter even if you will handle only a part. If you cannot, there is a risk of not meeting your duty to advise on the totality of the circumstances (see box with matter screening checklist).
Client Screening: In unbundled services representations, in addition to the usual client screening considerations, it is essential to evaluate whether the client is competent to "practice" any part of the matter that will be the client's responsibility. What are the client's communications skills etc.? If you have reservations about a client's competence, don't accept the limited scope representation.
Scrivener: Lawyers frequently reduce contracts to writing with the understanding that they are only recording the terms and conditions as determined by the parties, owe no other duties to the parties, and are not responsible for underlying deficiencies in the transaction. The role of the scrivener is easily misunderstood and should be carefully explained to the parties to avoid an allegation of
75
a conflict of interest or that other duties were owed.
Litigation document drafting: Ghostwriting pleadings for pro se clients is a sensitive issue. Does the lawyer risk violating Professional Conduct Rule 3.1 Meritorious Claims and Contentions or Civil Procedure Rule 11 when all the lawyer does is draft pleadings for the client's presentation to the court? KBA Ethics Opinion 343 (1991) approved limiting a representation to assisting in drafting pleadings for indigents. The opinion adopted the majority view that the attorney's name should appear on the pleading even though representation is limited to its preparation. The lawyer should not thereafter provide the client behind the scenes representation. This is inconsistent with the limited scope representation and takes advantage of the leniency typically shown pro se litigants. The Ethics Committee deferred to the courts on the Rule 11 and Rule 3.1 issue, but observed that they should apply to ghostwritten pleadings. I agree. If your name is on the pleading, you need to do the investigation necessary to comply with the rules. When drafting litigation documents for pro se clients be sure to advise on any costs of filing and all deadlines.
Research: If retained to do research only, clearly delineate who is responsible for the facts on which the research is based. If the client places time limitations on the research as a cost control, do not take the representation unless you are sure the time allowed is adequate for a competent effort. Identify any issues not covered by the research if time precludes their consideration
Independent legal advice: Be especially careful when asked to provide outside independent legal advice for an ongoing matter. In addition to all the other limited scope risk concerns, the client usually is in a hurry and the matter is often complex. If you do not have the immediate competence and time to adequately consider the issues, do not take the representation. Do not give business advice – do not express an opinion whether a transaction is a good deal or an appraisal is fair.
76
Warn of the dangers of not investigating an issue further to include what could happen if that is not done. Make sure the client understands your limited scope of representation is advising on the legal consequences of the proposed transaction so the client can make an informed decision whether to continue. Document the file as thoroughly as possible.
Opinion letters: Spell out scope limitations of an opinion letter by specifying its purpose, authorized uses, and restrictions in the letter. Set out the facts and assumptions on which the opinion is based. Be specific about facts based on your own knowledge and those provided by others who bear responsibility for their accuracy. If others are preparing evaluations on other aspects of the transaction, clearly exclude those parts from your opinion. If you are relying on an expert opinion as part of your analysis (e.g., an environmental assessment), spell it out in your opinion. Be complete – include the pros and cons of the matter. Do not expose yourself to the accusation that you misled by omission. Material limitations must be disclosed.
Strictly adhere to scope limitations: Resist the temptation to go beyond the agreed scope limitations. If you do, the door is opened to show you assumed full responsibility for the matter.
Limited scope letter of engagement: It is axiomatic that all client representations should be documented with a letter of engagement. This is even more crucial when accepting a limited scope representation. One risk management expert recommends that when providing unbundled services the limited scope engagement record contain the following information:
o The client's situation and goals. o The tasks the lawyer will accomplish. o The available options and opportunities. o The anticipated costs of various tasks
necessary to achieve the client's goals. o Tasks not assigned the lawyer.
77
o The benefits and risks of the tasks that the lawyer will undertake.
o Tasks the client has agreed to perform. Rule 1.2(c) permits limiting scope "if the client consents after consultation." A lawyer's fiduciary obligations in limited scope representations are not qualitatively altered. The client must receive a thorough consultation on the significance of limitations on representation. This consultation is similar in nature to the full disclosure and informed consent required when resolving a conflict of interest. The following is a gloss of ideas from various commentators that show a lawyer's limited scope duties in the context of an adequate client consultation:
Develop the full factual circumstances of the representation – not just those facts pertaining to the limited representation.
Explain all the legal implications of the client's situation to include rights, remedies, and courses of action – not just those that are pertinent to the limited representation. A lawyer has a duty not to ignore circumstances surrounding a representation indicating legal issues for the client because they are outside the scope of representation. A typical example of a violation of this duty is when a lawyer fails to advise on a potential third-party claim while representing a client on a workers' compensation claim. This duty applies equally to limited scope representations. Make sure the client has the big picture.
Explain the implications of a limited representation in terms easily understood by the client. Stress what the lawyer will do and not do – and the risk and opportunities of proceeding on that basis.
When appropriate, advise the client to see another lawyer on legal issues outside the scope of the limited representation stressing time limitations considerations.
Suggest that the client consider seeking a second opinion on the adequacy of the
78
proposed limited representation for the client's needs. (footnotes deleted)
3. The special problem of insurance company imposed budget,
staffing, and cost limitations on scope.
In Kentucky the insured is your client and not the insurance company. It is unethical to limit the representation of an insured to his disadvantage to accommodate an insurance company's requirements.
III. CONFLICTS OF INTEREST
A. The Problem
Most lawyers do not understand conflicts – most lawyers do not want to understand conflicts. Searching for conflicts in a situation is the antithesis of how lawyers want to practice. Considerations that restrict the number of clients that may be served go against the grain – this is a natural tendency lawyers must recognize as a matter of good risk management. The problem most often arises because a lawyer would rather "fire" one client and keep the other, or otherwise rationalize away the conflict than step completely aside which is often the only professionally responsible answer to the conflict presented. From a risk management perspective it is critical to appreciate that there are no de minimis conflicts of interest. Everyday adequate, but less than perfect, legal advice is given. It is not malpractice or negligence, but results were disappointing to the client or not as good as they might have been (e.g. client believes that $10,000 was left on the table because you were slightly out-negotiated at settlement). Then the client learns of some sort of conflict. Even if the conflict was harmless and totally irrelevant to the case outcome this provides an "Aha! Motive" for the lawyer's less than perfect advice and results in a malpractice or breach of fiduciary duty claim. The teaching point is that a lawyer should never ignore a potential or actual conflict and resolve it promptly.
B. The Application of the Kentucky Rules of Professional Conduct to the
Problem
The KRPCs establish the ethical standards for conflicts of interest that cover basic conflict standards for current clients, specific rules for special situations, former client conflicts, and imputation of conflicts of interest. (See KRPCs 1.7-1.10) One of the specific rules is KRPC 1.18, Duties to Prospective Client. This program will cover the conflict of interest problems presented by prospective clients and the "Hot Potato" current client a lawyer would like to terminate to accept a new, more lucrative, client with adverse interest to the current client.
79
"Avoiding Prospective Client Conflicts of Interest and Malpractice Claims" (excerpted from the Fall 2011 Lawyers Mutual Newsletter) The most sensitive time in client intake procedures is when a lawyer first consults with a prospective client to determine the nature of the requested representation. In addition to gaining enough information to evaluate whether the matter warrants taking, the lawyer must also obtain enough information to do a conflict of interest check. If the prospective client is declined, getting too much information exposes the lawyer to a disqualification motion if the lawyer later represents a party adverse to the former prospective client in the same or substantially related matter. Fortunately for Kentucky lawyers the 2009 revision of the Kentucky Rules of Professional Conduct included new rule SCR 3.130(1.18) Duties to Prospective Client. Rule 1.18 is one of those rules that in addition to establishing ethics standards, also provides useful practical guidance. It is a must read for all lawyers, especially those who are new to the profession. Key provisions of the Rule include:
Providing guidance on who is and is not a prospective client.
Establishing that the fiduciary duties of confidentiality and avoidance of conflicts of interest apply to prospective clients.
No matter how brief the consultation, any information learned by a lawyer can only be used or revealed as Rule 1.9, Duties to Former Clients, allows.
A conflict of interest is created when the lawyer receives information that could be "significantly harmful" to the former prospective client.
Comment 5 to the Rule permits, with the prospective client's informed consent, conditioning consultation with the understanding that information revealed to the lawyer will not preclude the lawyer from representing a different client in the matter.
Waiver of a conflict of interest is permissible with the written informed consent of the affected client and the former prospective client.
Prospective client conflicts of interest are imputed to other members of a firm, but screening is permissible to overcome the disqualification.
80
When is information "significantly harmful?" Rule 1.18 lacks a definition for the "significantly harmful" standard for determining when information learned from a declined prospective client creates a conflict of interest. We know of no Kentucky authority on this issue, but a recent Wisconsin ethics opinion offers this helpful analysis:
Wisconsin Formal Ethics Opinion EF-10-03: Conflicts arising from consultations with prospective clients; significantly harmful information (12/17/ 2010). Information may be "significantly harmful" if it is sensitive or privileged information that the lawyer would not have received in the ordinary course of due diligence; or if it is information that has long-term significance or continuing relevance to the matter, such as motives, litigation strategies, or potential weaknesses. "Significantly harmful" may also be the premature possession of information that could have a substantial impact on settlement proposals and trial strategy; the personal thoughts and impressions about the facts of the case; or information that is extensive, critical, or of significant use.
The opinion includes these instructive examples of significantly harmful:
Sensitive personal information: A court disqualified a law firm from representing the wife in a child custody proceeding because the father had previously consulted with, but chose not to retain, a lawyer in the firm…. During the father's consultation with the lawyer, the father gave the lawyer a copy of his journal, told the lawyer facts that were not in the journal, and disclosed his concerns about the children and his former wife. He even acted on advice he received from the lawyer during the conference. The Arkansas Supreme Court concluded that a prospective client would not know whether the information disclosed during the consultation "could be significantly harmful," and further concluded that disqualification was warranted based on finding that the information was "significantly harmful." Sturdivant v. Sturdivant, 367 Ark. 514, 241 S.W.3rd 740 (2006).
81
Premature possession of the prospective client's financial information: Such information could have a substantial impact on settlement proposals and trial strategy and therefore be significantly harmful. Artificial Nail Technologies, Inc. v. Flowering Scents, LLC, 2006 WL 2252237 (D. Utah Aug. 4, 2006) (unpublished opinion).
Settlement position: Likewise, the percentage of settlement that the prospective client is willing to accept and the concessions that the prospective client is willing to make could be significantly harmful. ADP, Inc. v. PMJ Enterprises, LLC., 2007 WL 836658 (D. N.J. Mar. 14, 2007) (unpublished opinion).
Litigation strategies: Furthermore, a prospective client's personal thoughts and impressions regarding the facts of the case and possible litigation strategies are significantly harmful, even though the lawyer claims that when he read and responded to the email, he was not aware of and did not open the email attachments that contained the information. Chemcraft Holdings Corp. v. Shayban, 2006 WL 2839255 (N.C. Super Oct. 5, 2006) (unpublished opinion).
Information that could be used to the detriment of the prospective client: Any information that could be reasonably used to the detriment of the prospective client, such as information that would be useful in impeaching the testimony of the prospective client, is by definition, information that could be significantly harmful.
C. Managing the Risk
Avoiding former prospective client malpractice claims (excerpted from the Fall 2011 Lawyers Mutual Newsletter):
A lawyer's worst nightmare is to discover that a prospective client the lawyer orally declined did not understand this and believed that he was a client of the lawyer – sometimes reasonably so. Typically, after the statute of limitations has run, the prospective client will inquire about the status of his case. Upon learning that the lawyer has done nothing on it, a malpractice claim soon follows. To avoid this risk always use letters of nonengagement for declined representations that are best sent by certified mail, return receipt requested. Former prospective clients with a complaint or claim never receive
82
nonengagement letters sent by regular mail. A typical letter:
Thanks the prospective client for making the personal contact, calling, or coming into the office.
Includes the date and subject matter of the consultation.
Provides clearly that representation will not be undertaken.
Repeats any legal advice or information given -- making sure that it complies with the applicable standard of care.
Advises that other legal advice be sought.
Advises that there is always a potential for a statute of limitations or notice requirement problem if the matter is not promptly pursued elsewhere. (Providing specific statute of limitations times should be avoided because of the limited information typically received in a preliminary consultation. If, however, it appears that a limitations period will expire in a short period of time, the declined prospective client should be informed of this concern and urged to seek another lawyer immediately.)
Avoids giving an exact reason for the declination, why the claim lacks merit, or why other parties are not liable.
Returns any original documents or property the prospective client may have provided during the interview.
Encourages the person to call again. We have also cautioned about the malpractice risk of negligent referral of prospective clients as follows:
Many lawyers do not appreciate that declining a matter and referring a prospective client to another lawyer may result in malpractice liability. This is true even though the referring lawyer receives no fee and has no further participation in the representation. A preliminary consultation with a prospective client is sufficient to create a duty to exercise ordinary care and skill when referring that person to another lawyer. The applicable standard of care is based on the nature of the declined representation.
Often it will be enough to confirm that the recommended lawyer is licensed to practice law in Kentucky. Licensure gives rise to a presumption that the lawyer is competent and possesses the requisite character and fitness. If the declination is because the
83
matter requires special skill or knowledge, the referring lawyer must be careful to ascertain that the suggested lawyer has the necessary competence. If the matter requires immediate action, the referring lawyer should advise that the new lawyer be consulted expeditiously. Recommending the right lawyer without cautioning that prompt action is necessary can also be a negligent referral.
D. The "Hot Potato" Client
The Hot Potato Client conflict of interest issue arises in two situations:
After accepting a new client, a prospective client seeks representation in an unrelated lucrative matter adverse to that new client; and
After accepting a new client, the lawyer suddenly realizes this creates a conflict in an unrelated matter with an existing, but less preferable client.
The question then becomes may a lawyer resolve either conflict situation by dropping the client like a 'hot potato' for the prospective client or for the later in time acquired client? The following analysis of the questions is taken from the May 2006 Bench & Bar article "What Do Hot Potato Clients Have in Common With Thrust Upon Clients?":
A seemingly easy fix to resolving a conflict on an unrelated matter between two clients is to disengage from one client converting that client to a former client. This move invokes Kentucky Rule of Professional Conduct (KRPC) 1.9 that governs former client conflicts. The essence of that rule is that if the matter of a current client that is adverse to a former client is not substantially related to the representation of the former client, the lawyer does not have a conflict of interest. As charming as this analysis is, it has proven unacceptable in the great majority of jurisdictions considering it. Lawyers Mutual's Fall 1999 Newsletter illustrated the hot potato client problem and the rationale for rejecting the former client solution:
An Iowa lawyer got suspended from practice for violating the Hot Potato Client rule. He was representing a client in a bankruptcy action at the time he accepted the defense of a new client involved in an automobile accident. Turns out that the plaintiff in this personal injury case was his bankruptcy client. The lawyer claimed that
84
he did not realize this until after he had begun representing the second client. As there was only a little more to do to finish the bankruptcy action he unilaterally withdrew from representation. The lawyer said he believed the bankruptcy client could complete the bankruptcy on his own. Eureka! By withdrawing the lawyer converted the bankruptcy client to a former client. Since there was no substantial relationship between the bankruptcy action and the personal injury case, no more conflict of interest – and the billing is good! …. Unfortunately, the Iowa lawyer was unaware of the rule that you don't cure a conflict of interest by dropping a current client like a hot potato to accept a new client with a more lucrative matter. …. When a lawyer accepts a client there is a fiduciary obligation of loyalty to complete the work if at all possible. Withdrawal is appropriate only for compelling professional reasons. Fee optimization doesn't meet the test. If you inadvertently find yourself representing two clients resulting in an unconsented conflict of interest, your professional responsibility [almost always] requires withdrawal from both representations.
The Restatement of the Law Governing Lawyers, Third, comes to the same conclusion on hot potato clients:
If a lawyer is approached by a prospective client seeking representation in a matter adverse to an existing client, the present-client conflict may not be transformed into a former-client conflict by the lawyer's withdrawal from the representation of the existing client. A premature withdrawal violates the lawyer's obligation of loyalty to the existing client and can constitute a breach of the client-lawyer contract of employment.
…. The best way to solve the hot potato situation, if feasible, is to get both clients to consent to waive the conflict. Some lawyers try to anticipate the problem by getting an advance
85
waiver for possible future conflicts in a letter of engage-ment. While it is difficult to describe potential future conflicts in sufficient detail to enable clients to give informed consent, advance waivers are permissible according to the ABA. Use the KBA Ethics Hotline if in doubt about how to proceed. (footnotes deleted)
E. ABA Panelists Conflict of Interest Risk Management Recommendations
1. Avoid any appearance of a conflict. 2. Notify clients of a possibility of or potential conflict that may
become adverse. 3. Avoid, or discuss with clients, representing competitors. 4. Advance no legal position adverse to the interest of a client. 5. Do not engage in representation of a new client involving differing
interests with a current client whether conflicting, inconsistent, diverse, or discordant.
6. Do not engage in positional or issues conflicts.
IV. DOING BUSINESS WITH A CLIENT
A. The Problem
The following excerpt from the September 2000 Bench & Bar article "Investing in Client.Com" explains the enhanced fiduciary obligation lawyers have when doing business with a client:
It is important to understand when entering a business transaction with a client that a fair arm's length deal is not good enough. We all know the standard lawyer's fiduciary obligation, but may not be aware of the enhanced fiduciary obligation when doing a deal with a client. The rules are more in the nature of those that govern trustee and beneficiary dealings in which any trustee advantage is presumed to have been without adequate consideration and the result of improper influence. The burden is on the trustee to prove otherwise. The public policy concern is client vulnerability to lawyer overreaching as a result of client trust and the lawyer's superior knowledge and skills. For this reason a strict scrutiny standard applies to lawyer-client business dealings. In applying this standard courts have held that such transactions are presumptively fraudulent and the lawyer has the burden of showing it to be completely fair. Some courts use the stranger test – only if a reasonable
86
lawyer would advise the client to enter the same transaction with a stranger is a lawyer's contract with a client fair. In a Kentucky case the court held:
Although the law sometimes shuts its eyes to grasping shrewdness practiced by all trades upon another dealing at arm's length, unfairness such as here displayed will not be condoned when employed by a lawyer dealing with his client. Even when a conveyance by a client to his attorney is fair upon its face, it is presumed invalid, and the burden of establishing its fairness is upon the attorney. Hunt v. Picklesimer, 290 Ky. 573, 162 S.W.2d 27 (1942).
As a result of strict scrutiny and the presumption of invalidity almost all business transactions with lawyers challenged by clients are voided. This point cannot be stressed too much. If you are going to do a business transaction with a client, it must be bulletproof to have any chance of withstanding challenge when the deal goes bad or the client simply changes his mind. Failure to do so raises the risk of bar discipline, restitution, disgorgement of profits, and civil liability for fraud or breach of trust. (footnotes deleted)
B. The Application of the Kentucky Rules of Professional Conduct to the
Problem
KRPC 1.8 Conflict Of Interest: Current Clients; Specific Rules:
(a) A lawyer shall not enter into a business transaction with a client or knowingly acquire an ownership, possessory, security or other pecuniary interest adverse to a client unless: (1) the transaction and terms on which the lawyer acquires the interest are fair and reasonable to the client and are fully disclosed and transmitted in writing in a manner that can be reasonably understood by the client; (2) the client is advised in writing of the desirability of seeking and is given a reasonable opportunity to seek the advice of independent legal counsel on the transaction; and (3) the client gives informed consent, in a writing signed by the client, to the essential terms of the transaction and the lawyer's role in the transaction, including whether the lawyer is representing the client in the transaction. ....
87
Comment (1) A lawyer's legal skill and training, together with the relationship of trust and confidence between lawyer and client, create the possibility of overreaching when the lawyer participates in a business, property or financial transaction with a client, for example, a loan or sales transaction or a lawyer investment on behalf of a client. The requirements of paragraph (a) must be met even when the transaction is not closely related to the subject matter of the representation, as when a lawyer drafting a will for a client learns that the client needs money for unrelated expenses and offers to make a loan to the client. It also applies to lawyers purchasing property from estates they represent. It does not apply to ordinary fee arrangements between client and lawyer, which are governed by Rule 1.5, although its requirements must be met when the lawyer accepts an interest in the client's business or other nonmonetary property as payment of all or part of a fee. In addition, the Rule does not apply to standard commercial transactions between the lawyer and the client for products or services that the client generally markets to others, for example, banking or brokerage services, medical services, products manufactured or distributed by the client, and utilities' services. In such transactions, the lawyer has no advantage in dealing with the client, and the restrictions in paragraph (a) are unnecessary and impracticable. (emphasis added)
C. Managing the Risk
1. The ABA panelists discussed stock ownership and other
investments in clients. Other business relationships covered were litigation financing, landlord-tenant, customer of client's business, and client requested referrals. The panel's recommendations were succinct:
a. Don't do business with clients. b. If you must, then disclose and document. c. Consider requiring independent counsel or paying for it. d. Get advance consents to foreseeable conflict issues.
2. Lawyers Mutual recommends that when doing business with a
client include in the required documentation:
a. The nature of the transaction and each of its terms including all circumstances of the transaction known to the lawyer.
b. The nature and extent of the lawyer's interest in the
transaction and any potential adverse effects the transaction could have on the client including the effect they could have on the lawyer's and client's relationship.
88
c. The ways in which the lawyer's participation in the transaction might affect the lawyer's exercise of professional judgment on concurrent legal work for the client, if any.
d. A clear statement of the risks and advantages to each of
the parties to the transaction. e. An agreement that if future circumstances affecting the
lawyer's independent judgment occur, renewed disclosure and consent must precede continued representation.
f. The kind of advice the client would have received if the
client had been a stranger. g. Specific advice stressing the importance of seeking
independent legal counsel to obtain a detailed explanation of all risks associated with the business transaction.
h. Signatures by both client and lawyer.
This list is a combination of disclosure recommendations in Wolfram, §8.11.4, Modern Legal Ethics; the ABA/BNA Lawyers' Manual on Professional Conduct, Business Transactions with Clients, 51:501 at 51:506, and the 2009 revision to KRPC 1.8(a).
V. GETTING PAID AND GETTING OUT
A. The Problem
The ABA panelists identified these situations that lead to difficulty in collecting fees and terminating a representation either because of a fee dispute or completion of the service:
1. Taking work outside the lawyer's experience. 2. Taking clients the lawyer might otherwise not take – a difficult
client or a "dog of a case." 3. Clients demanding alternative fee arrangements. 4. Changes in basis of fees mid-representation. 5. Lawyer's aversion to discussing billing rates, costs, and difficulty in
budgeting. 6. Improper exiting of litigation over fee disputes. 7. Failure to communicate that work is done.
89
B. The Application of the Kentucky Rules of Professional Conduct to the Problem
1. KRPC 1.16, Declining or Terminating Representation, governs
when and how a lawyer may withdraw from a representation. The Rule has three cardinal principles on withdrawal that every lawyer must know.
a. If the matter is before a tribunal, a lawyer may withdraw
only with the permission of the tribunal even though good cause for withdrawal exists.
b. A client may discharge a lawyer at will and the lawyer must
withdraw. If the matter is before a tribunal, however, withdrawal still requires approval by the tribunal. In all other situations the client's right to discharge a lawyer is absolute and the lawyer must take immediate steps to withdraw.
c. The withdrawing or discharged lawyer must take action to
protect the client's interest. These steps include giving reasonable notice of withdrawal, allowing time for retention of another lawyer, and promptly returning papers and property to which the client is entitled.
2. Rule 1.16 permits withdrawal over failure of a client to pay a
lawyer's fees in these two situations:
a. The client fails substantially to fulfill an obligation to the lawyer regarding the lawyer's services and has been given reasonable warning that the lawyer will withdraw unless the obligation is fulfilled; and
b. The representation will result in an unreasonable financial
burden on the lawyer or has been rendered unreasonably difficult by the client.
3. KRPC 1.16 requires assisting the client upon withdrawal as
follows:
(d) Upon termination of representation, a lawyer shall take steps to the extent reasonably practicable to protect a client's interests, such as giving reasonable notice to the client, allowing time for employment of other counsel, surrendering papers and property to which the client is entitled and refunding any advance payment of fee or expense that has not been earned or incurred. The lawyer may retain papers relating to the client to the extent permitted by other law.
90
4. Comment (9) to the Rule provides this guidance on assisting a client upon withdrawal or termination:
Even if the lawyer has been unfairly discharged by the client, a lawyer must take all reasonable steps to mitigate the consequences to the client. A lawyer must return the client's file, papers, and property after termination if the client requests the file. The lawyer may retain a copy of the file. A lawyer may charge a reasonable copying charge, but may not condition return of a client's files, papers, and property upon payment of the copying charge, unless the lawyer has previously provided a copy, either during the representation or after cessation of the representation. A lawyer must make one copy of the file and materials available to the client even without payment if the client's interests will be substantially prejudiced without the documents. (emphasis added)
C. Managing the Risk
1. Understanding the risks (excerpted from the May 2001 Bench & Bar article "How to Fire a Client"):
Malpractice and ethics violations can result from either the act of withdrawal or from the manner in which the withdrawal is done: Act of Withdrawal: The risk of an unjustified act of withdrawal is that the client will be considered abandoned by the lawyer. The lawyer is then exposed to liability for a claim for all damages proximately caused by the unjustified withdrawal as well as bar discipline. A Kentucky lawyer was disciplined for an unjustified withdrawal when he abruptly closed an Eastern Kentucky office without even notifying a client. Manner of Withdrawal: There is a risk even when a lawyer has justifiable grounds for withdrawal, if the withdrawal is done in a manner that does not adequately protect the interests of the client. An Ohio lawyer was disciplined for failing to arrange for another lawyer to represent one of her clients. The lawyer received court permission to withdraw, citing deterioration of the attorney-client relationship, the client's failure to communicate with her, and the client's failure to pay her fees as grounds for termination. She, however, never specifically told her client she was withdrawing. The unrepresented
91
client then received an unfavorable judgment based on a divorce decree that contained an error. As in all malpractice claims, to have merit the lawyer's withdrawal must be the proximate cause of damage to the client. If the underlying matter had no merit, the lawyer will not be liable to the client no matter how unjustified the withdrawal was. Unfortunately, if the matter had merit, the lawyer becomes a virtual guarantor of a successful outcome for the client. Either the client will successfully recover from being abandoned by prevailing in the underlying matter or achieve the same result by suing the lawyer for malpractice. While a meritless underlying matter will save the withdrawing lawyer from malpractice liability, it will not serve as a defense to a disciplinary complaint for unjustifiable withdrawal. (footnotes deleted)
2. Risk management considerations (excerpted from the May 2001
Bench & Bar article "How to Fire a Client"):
Risk managing client firings is critical because the potential liability is so great when accused of an unjustified withdrawal. Before you decide to withdraw from representation for whatever reason consider these loss prevention concepts. One of them could help you avoid an unpleasant experience.
The essentials of Rule 1.16 must be clearly understood. Any withdrawal must comply with the rule's professional responsibility standards. Any effort to abbreviate them with a termination or escape clause is not effective and may lead to a false sense of security if a withdrawing lawyer fails to appreciate the binding authority of Rule 1.16.
If you discover a conflict of interest during a representation, withdrawal is mandatory unless it is resolved. Lawyers who loath to give up a case will often fail to see a conflict or ignore it. This can result in a malpractice claim because the client upon discovering the conflict will attribute motive to the lawyer for any unsatisfactory aspect of the representation. In fact the representation may have been optimal, but the client will not see it that way and a jury can be expected to be hard on what looks like a treacherous lawyer. Other risks assumed for failing to withdraw are disqualification motions by opposing counsel and bar disciplinary
92
actions. In many conflict cases withdrawal from representing one or more clients is the best risk management – and remember that Rule 1.16 mandates withdrawal in unresolved conflicts cases.
If a client accuses a lawyer of malpractice, the lawyer has an instant personal interest conflict. The question then becomes whether to immediately withdraw or obtain client consent to continue representation in an effort to repair the mistake. If there is no question that malpractice occurred (e.g., a missed mortgage in a title search or a missed statute of limitations) the lawyer has little choice but to notify the client of the malpractice, withdraw, and advise the client to seek counsel. If there is a reasonable possibility of repairing the error, it is often advisable to continue the representation if client consent can be obtained. You should consult your malpractice liability insurer before either withdrawing or continuing representation. For example, Lawyers Mutual has an aggressive program of claims repair and is invaluable in helping policyholders decide whether to withdraw or seek to continue representation.
Always do a complete file review just before filing an action. This is often a last clear chance to terminate the client from hell, the dog case, or the non-paying client without material adverse effect. Once a matter is before a court withdrawal becomes much more problematic.
Whenever a lawyer retires or leaves the firm, do a complete file review of all matters under the supervision of that lawyer to assure that no client is inadvertently abandoned or that a client thinks his representation includes lawyers no longer on the matter.
Whenever possible withdrawal should be a clean break – a clear-cut decision with the client's agreement in writing. Use a disengagement letter that:
Confirms that the relationship is ending with a brief description of the reasons for withdrawal.
Provides reasonable notice before withdrawal is final.
Avoids imprudent comment on the merits of the case.
93
Indicates whether payment is due for fees or expenses.
Recommends seeking other counsel.
Explains under what conditions the lawyer will consult with a successor counsel.
Identifies important deadlines.
Includes arrangements to transfer client files.
If appropriate, includes a closing status report.
After sending the disengagement letter you must carefully follow through on the duty to take necessary actions to protect the client's interest and comply with the representations in the disengagement letter. This avoids a malpractice claim over the manner of withdrawal.
Finally, a complete copy of the file must be retained. A fired client or one that fired you has a high potential to be a malpractice claimant. The first line of defense is a complete file with a comprehensive disengagement letter. This is the best evidence for showing competent and ethical practice in terminating a client. (footnotes deleted)
D. ABA Panelists "Getting Paid and Getting Out" Recommendations
1. Document the engagement. 2. Document "finish" – use representation closing letters. 3. Get retainers – preferably evergreen. 4. Inquire about the client's goals and costs of achieving those goals. 5. Watch out for clients in bankruptcy. 6. Document budget conversations. 7. Get out – don't get in deeper. 8. Don't sue your client for fees.
E. Lawyers Mutual's Risk Management Advice (excerpted from the
November 2009 Bench & Bar article "Money Is the Root of All Fees")
The first line of defense in avoiding fee disputes is a comprehensive written fee agreement. The second line is to bill in a way that is fair, understandable to the client, and consistent with good business practices.
94
Common billing mistakes
The bill is as big as the client's file – looks like over-practicing the matter.
Client gets a large bill that is the first thing the client has heard from the lawyer since the initial interview.
Secret identities – no names and no billing rates for the work done.
Over-qualified personnel for the work or conversely charging lawyer rates for administrative work.
Too many meetings, telephone calls, and research hours – looks like over-practicing the matter.
Billing for several lawyers reviewing or preparing to discuss the file – looks like over-practicing the matter.
Billing for "soft costs" without the client's prior agreement and general overhead costs (heat, air conditioning, etc.).
Itemized bills with generic terms such as "phone call" or "meeting" with no substantive information.
All telephone calls take exactly .3 hours; all dollar amounts are nice round numbers or end in five; and inserted along with all the routine itemized expenses is a charge for expert witness fees of several thousand dollars.
Billing for billing – this adds insult to injury.
A too quick billing reduction if client complains strongly implies that the lawyer must be overcharging.
Billing out of cycle with the client's preference. Good billing practices There are a many helpful checklists on billing. One of them is: 1. Improve client communications – at the outset
explain the entire billing process. 2. Prepare a client for the total cost of legal services
being provided. 3. Prepare written fee letters outlining the specific
terms of an engagement. 4. Use retainer arrangements, especially when a
client's ability to pay is in question. 5. Identify for the client the people being assigned to
work on a matter. 6. Use the billing process to communicate details of
the work performed. 7. Reach an agreement about what time and costs will
be charged to a client and what will not be charged. 8. Discuss billing formats and what information will
make invoices easier for the client to process.
95
9. Provide a budget, as a matter of firm policy, on all matters in excess of a specified amount.
10. Schedule periodic meetings with clients to discuss ways to improve service.
11. Review invoices to ensure that they contain no mistakes.
12. Send regular reminders for invoices that remain unpaid. (footnotes omitted)
F. Lawyers Mutual's long-standing risk management advice when
considering suing clients for fees is to use the following checklist:
1. Was a good result obtained in the underlying case? 2. Is the size of the fee sufficient to warrant the risk of a malpractice
counterclaim? 3. Has a disinterested lawyer of experience reviewed the file for
malpractice? 4. How reasonable were the fees? 5. Will work on the matter as reflected on billing withstand cross-
examination?
a. Does billing indicate over-practicing?
i. Too many meetings, telephone calls, and research hours.
ii. Billing for several lawyers reviewing or preparing to
discuss the file. iii. Over-qualified personnel for the work.
b. Are entries vague?
i. No names and no billing rates for the work done. ii. Itemized bills use generic terms such as "phone
call" or "meeting" with no substantive information. c. Subject to being misconstrued?
i. Billing for "soft costs" (copying, fax) and general overhead (heat, air conditioning).
ii. All telephone calls take .3 hours; all dollar amounts
are nice round numbers or end in five.
96
6. How much non-billable time will be spent defending any malpractice counterclaim?
7. Will any judgment obtained be collectible? 8. Will you recover more than you spend?
97
"…AND HERE'S THE TOP TEN!"
ETHICS AND MALPRACTICE AVOIDANCE GUIDE Asa P. Gullett III and Benjamin Cowgill, Jr.
I. INTRODUCTION
"Top Ten" lists seem to be more popular than ever, perhaps because they appeal to our need to receive reliable information in a format that we can digest quickly as we rush through our hectic lives.
Accordingly, with USA Today as our model and David Letterman as our muse, we hereby break with all grand traditions of subtle and sophisticated ethics analysis and offer a few simple lists that speak volumes to any lawyer who wishes to avoid malpractice claims and Bar complaints.
So… from the home office in Frankfort (as Letterman might say), we are proud to present:
II. TOP TEN WAYS TO AVOID MALPRACTICE AND MISCONDUCT
10. Be mindful of how your practice setting affects your risk of receiving a malpractice claim.
Areas of law most likely to generate a malpractice claim:
Area of Law LMICK1 2014 LMICK2 2013 LMICK3 2012 2011 ABA
Personal injury (for plaintiff)
23% 28% 30% 15.59%
Real estate 28% 30% 22% 20.33%
Collection & bankruptcy
11% 8% 9% 9.2%
Workers' comp 7% 5% 3% 2.02%
Estate, trust & probate 9% 6% 10% 10.67%
Family law 8% 8% 9% 12.14%
Criminal law 2% 3% 3% 5.65%
Corporate & business org.
1% 1% 2% 6.79%
Labor law 1% 1% 1% 2.19%
Personal injury (for defendant)
5% 2% 2% 3.26%
Revised November 2015. 1 Lawyers Mutual Insurance Company of Kentucky.
2 Lawyers Mutual Insurance Company of Kentucky.
3 Lawyers Mutual Insurance Company of Kentucky.
98
9. Be mindful of how the stage of the case affects the risk that you will do or fail to do something that becomes the basis of a malpractice claim.
When an error is likely to occur during various stages of case development:
Stage of Case 2011 ABA Study
2007 ABA Study
2003 ABA Study
1999 ABA Study
Preparation, filing of documents
24.86% 25.51% 23.08% 25.24%
Pre-trial, pre-hearing advice
8.55% 11.29% 19.47% 8.18%
Commencement of action
17.31% 17.32% 15.59% 15.66%
Advice 20.19% 12.68% 15.07% 6.79%
Settlement/ negotiation
6.79% 7.67% 8.20% 6.38%
Trial or hearing 5.33% 5.56% 5.07% 5.10%
Title opinion 4.46% 5.21% 4.03% 13.01%
Investigation/ other than litigation
3.25% 6.04% 2.19% 16.26%
Appeal activities 1.60% 2.36% 2.15% 1.11%
8. Be mindful of how the nature of your task affects the risk that you
will do or fail to do something that will result in a malpractice claim.
Activities at issue in malpractice claims presented to LMICK during 2012, 2013 and 2014:
Activity 2012 % Total
2013 % Total
2014 % Total
Commencement of action or proceeding 28.38% 19.08% 24.66%
Pre-trial or pre-hearing 13.51% 16.79% 13.94%
Consultation or advice 3.38% 3.82% 6.91%
Settlement and negotiation 8.11% 6.11% 10.14%
Title opinion 14.19% 13.74% 11.01%
Prepare, transmit or file document (other than pleading)
10.81% 15.27% 12.69%
Trial or hearing 2.70% 3.82% 4.41%
Written opinion (other than title) 0% 0% 0%
Tax reporting or payment 1.35% 2.29% 1.25%
Post-trial or hearing 4.05% 7.63% 4.79%
99
7. Be mindful of the types of error you are most likely to commit.
a. LMICK claims experience in FY 2012, FY 2013 and FY 2014. Errors alleged in malpractice claims presented to LMICK during 2012, 2013 and 2014:
Alleged error 2012 % Total
2013 % Total
2014 % Total
Failure to know or properly apply the law
20.95% 11.45% 19.40%
Failure to obtain the client's consent 0.68% 1.53% 3.46%
Error in public record search 10.14% 12.98% 9.09%
Failure to know or ascertain deadline correctly
4.73% 7.63% 6.01%
Procrastination in performance of services/lack of follow-up
4.05% 1.53% 5.58%
Failure to calendar properly 10.14% 10.69% 8.60%
Inadequate discovery of facts or inadequate investigation
9.46% 9.92% 7.90%
Failure to react to calendar 2.03% 0.76% 2.93%
Planning error in choice of procedures 19.59% 18.32% 10.63%
Conflict of interest 0.68% 3.05% 3.14%
Fraud 3.38% 5.34% 3.80%
Failure to file a document, where no deadline involved
2.03% 1.53% 0.90%
Failure to understand or anticipate tax 0.68% 0.76% 0.96%
Clerical error 2.70% 1.53% 2.85%
Failure to follow client's instructions 6.76% 3.05% 5.69%
Improper withdrawal from representation
0% 1.53% 2.41%
Libel or slander 0% 0.76% 1.07%
Lost file, document or evidence 0.68% 2.29% 0.70%
Malicious prosecution or abuse of process
1.35% 5.34% 4.41%
100
b. Other studies, showing types of alleged error by category and sub-category.
1. Administrative errors.
Error LMICK 2012 LMICK 2013 LMICK 2014 ABA 2011
Procrastination 4.05% 1.53% 5.58% 9.68%
Failure to calendar properly
10.14% 10.69% 8.60% 4.34%
Failure to react to calendar
2.03% 0.76% 2.93% 2.34%
Failure to file document – no deadline
2.03% 1.53% 0.90% 3.17%
Clerical error 2.70% 1.53% 2.85% 3.54%
Lost file – document evidence
0.68% 2.29% 0.70% 7.05%
Total 21.63% 18.33% 21.56% 30.13%
2. Substantive errors.
Error LMICK 2012 LMICK 2013 LMICK 2014 ABA 2011
Failure to know law 20.95% 11.45% 19.40% 13.57%
Planning error – procedure choice
19.59% 18.32% 10.63% 7.39%
Inadequate discovery/ investigation
9.46% 9.92% 7.90% 7.82%
Failure to know or ascertain deadline
4.73% 7.63% 6.01% 6.91%
Conflict of interest 0.68% 3.05% 3.14% 4.28%
Failure to understand or anticipate tax
0.68% 0.76% 0.96% 1.37%
Public record error search 10.14% 12.98% 9.09% 3.03%
Error in math calculation 0% 0% 0% 0.69%
Total 66.23% 64.11% 57.13% 45.07%
3. Client relations.
Error LMICK 2012 LMICK 2013 LMICK 2014 ABA 2007
Failure to obtain client consent
0.68% 1.53% 3.46% 5.31%
Failure to follow client instruction
6.76% 3.05% 5.96% 3.22%
Improper withdrawal of representation
0% 1.53% 2.41% 2.70%
Total 7.44% 6.11% 11.83% 11.22%
101
4. Intentional wrongs.
Act LMICK 2012 LMICK 2013 LMICK 2014 ABA 2011
Malicious prosecution 1.35% 5.34% 4.41% 3.43%
Fraud 3.38% 5.34% 3.80% 5.53%
Violation of Civil Acts 0% 0% 0% 1.27%
Libel or slander 0% 0.76% 1.07% 0.96%
Total 4.73% 11.44% 9.28% 10.19%
c. Experience at LMICK and the ABA 2007 study both indicate that
missing deadlines is one of the most serious dangers.
Deadline Error LMICK 2012 LMICK 2013 LMICK 2014 ABA 2007
Failure to know deadline 4.73% 7.63% 6.01% 6.38%
Failure to calendar 10.14% 10.69% 8.60% 7.44%
Failure to react to calendar 2.03% 0.76% 3.93% 3.57%
Total 17.00% 19.08% 17.54% 17.39%
6. Be mindful of the kind of grievance your client is most likely to make
in a Bar complaint.
Type of misconduct alleged Rule potentially violated Percentage of Total
Lack of diligence 1.3 31%
Lack of competence 1.1 26%
Conflict of interest 1.7-1.9 11%
Fraud or misrepresentation 8.3(c) 7%
Inadequate communication 1.4 6%
Excessive or improper attorney's fees
1.5 4%
Misappropriation of client funds 1.15 3%
Failure to follow client directives 1.2 2%
5. Be knowledgeable in matters of legal ethics, law office management
and protection against risk. Recommended reading:
Kentucky Rules of Professional Conduct (Supreme Court Rule 3.130), contained in Kentucky Rules of Court (West Pub. 2011 Edition). Annotated Model Rules of Professional Conduct, American Bar Association, (Sixth Edition, 2007). Stephen S. Blumberg and Willis S. Baughman, Preventing Legal Malpractice – California Case Studies. Profile of Legal Malpractice Claims, ABA Standing Committee on Lawyers Professional Liability (2007).
102
Long & Levit, The Law Office Guide to Purchasing Legal Malpractice Insurance (West Pub. 2007). Mallen & Smith, Legal Malpractice (West Pub. 2011 Edition). Todd B. Eberle, Richard H. Underwood, Timothy S. Chase, Kurt X. Metzmeier, Tracy J. Taylor, Kentucky Legal Ethics Opinions and Professional Responsibility Deskbook, (University of Kentucky College of Law Office of Continuing Legal Education, 4th Edition 2008).
4. Be proactive in preventing malpractice from occurring.
Lawyers Mutual Insurance Company of California has done outstanding work in developing checklists for risk management programs. The following is their list of major categories in which malpractice may arise: Legal Malpractice Avoidance Checklist a. Calendar every case, not just those in litigation. b. Confirm in writing your decision to accept a case or your decision
to withdraw or decline representation. c. Do not sue clients for fees. d. Take only those matters in which you have experience or
associate with someone who does have experience or knowledge about a specific case.
e. Maintain good client relations. f. Do not have a personal or a financial involvement with your
clients. g. Research potential conflicts of interest before you take the case. h. Investigate your case carefully before bringing a lawsuit or filing a
claim. i. Document everything leaving a paper trail understandable by third
parties. j. Know when to reject potential clients or cases. k. Know what to do upon receipt of a malpractice claim. l. Obtain client consent before proceeding in a vital area of the case.
103
3. Be responsive when you receive a Bar complaint.
a. Do not fail to make a timely response to any Bar complaint or investigation.
b. Do not make matters worse by attempting to cover up your
mistake.
2. Be healthy and sober.
Studies throughout the nation have repeatedly demonstrated that alcohol, drugs and mental illness (including depression) are substantial contributing factors in many, and perhaps most, cases of professional misconduct that result in suspension or disbarment.
1. Be honest.
No matter what else happens in your professional career, no matter what else you may do or fail to do, pledge to yourself that you will be honest in dealing with whatever comes along. See SCR 3.130 (8.3). It is, without question, the single most effective thing you can do to limit your exposure to a malpractice claim or a disciplinary suspension. Even in an age of top ten lists, some things never change.
III. PETE'S TOP TEN
1. Don't go into business with a client.
2. Keep your client on the same page with you and be able to prove it.
3. Don't think the standard of care moves with your profit margin.
4. Avoid people and causes you dislike.
5. Don't throw good money after bad in the courthouse.
6. Be careful.
7. File your case before the deadline.
8. Don't assume your clients are your friends.
9. Behave like a human being.
10. Take good care of your old dog.
104
IV. TOP TEN – KATJE KUNKE, PRESIDENT, WISCONSIN LAWYERS MUTUAL INSURANCE COMPANY
1. Stop lying to your calendar about who is in charge of your life. 2. "No" is a complete sentence. Corollary: Somebody married my ex-
husband. 3. If you don't like your client, you better love your carrier. 4. Conflicts of interest piss everyone off. 5. Your client already knows how this is going to turn out. 6. Never give bad news to a hungry client. 7. You have to let clients make dumb choices. 8. What your client heard matters more than what you said. Corollary:
Nobody remembers what anyone said. 9. They may call it "Practice," but they're kidding. 10. When they smile and nod, your client is not understanding or agreeing
with you.
105
SUMMARY OF KELLEY ET. AL. V. TMMK Timothy J. Weatherholt
This paper will serve as a summary of many of the facts and litigation issues presented in the putative class action lawsuit filed against Toyota Motor Manufacturing, Kentucky, Inc. ("TMMK") in 1999. The case lasted for over fifteen years and made four trips to the Kentucky Supreme Court. It spent years in both the judicial forum and the administrative forum. Ultimately, Toyota prevailed in the judicial case and resolved the residual administrative case on extremely favorable terms. The case provides several lessons on how strategic choices and creative lawyering can substantially affect the outcome of litigation. Before discussing the details of the case, it would probably be useful to provide a bit of background. TMMK has operated a manufacturing facility in Georgetown, Kentucky since 1986. TMMK currently manufactures the Camry, Avalon, Venza, and, as of 2015, the Lexus. The TMMK facility spans 7.5 million square feet. TMMK employs around 6,500 total employees. The first tier of production/skilled maintenance employees are referred to as "team members." Team members are "non-exempt" under the Kentucky Wages & Hours Act ("Kentucky Act"), as are "team leaders," who serve as lead people on the actual production lines. Skilled maintenance team members/leaders are assigned throughout the facility, and generally service specific departments and/or lines. Paint shop team members/leaders (production and skilled maintenance) and Bumper Paint team members/leaders were the only categories of employees at issue in the case. The department at issue in the litigation – Paint – is actually comprised of two separate Paint shops – Paint I and Paint II. Paint I has been in existence since the plant opened; Paint II began operations in 1992. Both Paint I and Paint II have roughly twenty-five to thirty processes each. Examples include ED Input, Moonroof, Cavity Wax, Wet Sand, and Mix Room. The Paint I locker room was located on a second floor mezzanine level until 2003, when it was moved to the plant floor. The Paint II locker room has remained in the same place during the entire relevant period. Before arriving at their process, Paint team members went to their locker room, put on, or donned a paint suit (one-piece, jump suit-styled garment similar to the ones favored by Elvis in his later years, only without the sequins and gold embroidery), and then walked to their respective work process. It took roughly twenty to thirty seconds to don the paint suit, and roughly the same amount of time to doff the paint suit, though that number was the subject of debate in the litigation. The length of the walk varied depending on the location of the process. Some one-way walk times were less than two minutes, while other one-way walk times were closer to four minutes, though that number was also a subject of debate during the litigation. I. CASE SUMMARY
A. Part One: The First Iteration of the Judicial Case (1999-2003)
The lead attorney on this case, Jeff Savarise, was thirty-nine when this case began. When the case ended, he was fifty-four. The case began on August 31, 1999, when TMMK team member Jeff Sergent and four other
106
TMMK Paint Department team members filed a judicial complaint under the Kentucky Act in the Circuit Court of Scott County, Kentucky. The five named Plaintiffs purported to represent a putative class of over 1,000 similarly-situated current and former employees who worked in TMMK's Paint Department and Bumper Paint Department. Their Complaint alleged they were denied wage payments, including overtime payments, for time spent donning and doffing required protective coveralls, or paint suits. Their Complaint also alleged they were denied wage payments for time spent putting on protective shoes and walking between locker rooms and work stations.
In 1999, it did not appear this case would be overly complex. In two cases from the mid-1980s, the Kentucky Court of Appeals concluded wage and hour claims under the Kentucky Act could not be brought directly in circuit court; rather, the Kentucky Labor Cabinet, an administrative body, had both original and exclusive jurisdiction over such claims. While a 1996 amendment to KRS 337 had the potential to complicate the analysis, no Kentucky court had yet considered the effect of the amendment. Consequently, TMMK filed a Motion to Dismiss in light of what appeared to be the controlling law. On November 22, 2000, the Scott Circuit Court granted TMMK's Motion to Dismiss. The Court of Appeals unanimously affirmed on January 11, 2002, and the Kentucky Supreme Court denied discretionary review on February 12, 2003. Yet, the case was far from over . . .
B. The Administrative Investigation and Its Aftermath (2003-2007)
Because Plaintiffs in the judicial case could not turn to the Scott Circuit Court for relief, their lone alternative was to proceed before the Kentucky Labor Cabinet. Another team member had, in fact, already made similar but distinct claims to the Labor Cabinet before the Kentucky Supreme Court denied discretionary review. From 2003-2007, the lead investigator for the Labor Cabinet made thirty-seven on-site inspections and interviewed approximately 770 team members. In 2005-06, several events occurred that significantly altered the case. In November 2005, the U.S. Supreme Court decided its first wage and hour case in nearly a half century, IBP, Inc. v. Alvarez, 546 U.S. 21 (2005). The Court held that:
The donning and doffing of clothing/gear that is "integral and indispensable" to employees' work is a "principal activity" under the FLSA and is, therefore, compensable.
The subsequent walking time after donning and before doffing is compensable.
The time spent waiting to doff is compensable but time spent waiting to don is not compensable.
"Exertion" is not, in fact, necessary to constitute work.
107
Yet, the Supreme Court did not resolve several other questions, such as:
What types of donning and doffing are "integral and indispensable" and what types are not?
What is the legal status of the de minimis doctrine (the notion that small amounts of time can be disregarded) in light of IBP?
Is there a quantity of time that is de minimis?
In TMMK's view, IBP was easily distinguishable, particularly given the cumbersome gear at issue in that case. Nevertheless, in an effort to resolve this matter, and in the interest of positive team member relations, TMMK voluntarily offered the Paint shop team members pay for eight minutes of donning/doffing/walking time per day, which was based on the walk-time of the employees whose job processes were furthest from the locker rooms and covered the entire five-year statutory recovery period under the Kentucky Act. (TMMK also moved the paint suit lockers line side and delayed the start of the line so team members could change on the clock going forward). Nearly 95 percent of the team members accepted this payment and released any related claims against TMMK. Only about eighty-five team members rejected the offer. The Kentucky Labor Cabinet, however, refused to cease its investigation. The Labor Cabinet issued Tentative Findings of Fact on May 19, 2006 – a document somewhat tantamount to a complaint in litigation – and contended TMMK violated the Kentucky Act by not paying for donning/doffing time. Both TMMK and numerous team members challenged the Tentative Findings, and the case proceeded administratively. Numerous discovery-related documents, motions, and orders followed. In a major ruling, the Hearing Officer agreed with TMMK, after extensive briefing, that the recovery period should be limited to five years preceding the issuance of the Tentative Findings. The Cabinet had insisted the statute was tolled for the three and one-half year investigation. This ruling – at the time – had a major impact on the potential scope of damages. The case was scheduled for an administrative hearing in June 2007. While this was transpiring, the Kentucky Supreme Court heard an unrelated wage case and, in August 2005, held Kentucky circuit courts have original, although not exclusive, jurisdiction over wage claims. Parts Depot, Inc. v. Beiswenger, 170 S.W.3d 354 (Ky. 2005). Approximately fourteen months later – and with an administrative hearing just a few months away – Plaintiffs filed a CR 60.02(f) (the Kentucky equivalent of Federal Rule 60(b)(6)) motion to reopen the long-dismissed judicial case based upon "extraordinary circumstances" – a change in law. Despite the near universal rule against reopening fully appealed, final judgments, the Scott Circuit Court elected to reopen the 1999 judicial case. The Hearing Officer then held the administrative proceeding in abeyance shortly thereafter, despite the fact that the matter was scheduled for a June 2007 hearing. Thus, TMMK again found itself in a most unexpected place – the judicial forum.
108
C. Return to the Judicial Forum (2007-2014)
Not only was TMMK back in the judicial forum, but the Scott Circuit Court subsequently held the team members' ultimate recovery period dated back to the five years prior to the judicial complaint, or August 31, 1994. This had the effect of permitting the approximately 1,144 team members who already signed the waiver to recover for the 1994-2001 period as well. Thus, TMMK's exposure, in a true nightmare scenario, had the potential to exceed $50 million. At this point, creative lawyering became crucial. Our first approach was to seek a writ of prohibition – an original action against the Judge in the case, arguing that he acted outside of his jurisdiction. We understood this would be a difficult argument in light of existing case law, but we thought, at a minimum, it would buy us some time. As it turns out, the argument almost succeeded. The Court of Appeals denied our motion, but the Supreme Court reversed in March 2009. Then the Supreme Court, after requesting supplemental briefing in light of an unrelated case, reversed itself in June 2010. While the June 2010 reversal was a bitter disappointment, the Court's opinion contained language suggesting TMMK would prevail in an actual merits review. The problem, however, was that TMMK had little desire to take the case through several years of discovery and a trial in order to obtain a merits review. In that regard, the length of the writ proceeding worked to TMMK's benefit. On January 1, 2011, the Kentucky Supreme Court adopted a new civil rule, CR 23.06, allowing parties to challenge class certification findings in a similar manner as Federal Rule 23(f) permits such challenges in federal court. Thus, we knew we could appeal an adverse class certification decision. The question was whether we could bootstrap the argument that the case never should have been reopened along with such an appeal. Moreover, Jeff Savarise had wondered for years why Kentucky courts even permitted class actions under the Kentucky Act in the first place. The Kentucky Act provides, "[s]uch action may be maintained in any court of competent jurisdiction by any one (1) or more employees for and in behalf of himself, herself, or themselves." This language omits the phrase "and other employees similarly situated" after the word "themselves." Given that the authors of the Kentucky Act appeared to merely copy this portion of the FLSA, yet omitted the five critical words conferring the right to class relief, it seemed apparent Kentucky plaintiffs could not bring a class action. Yet, no law firm had previously made this argument. We made the argument to the Scott Circuit Court, and later to the Court of Appeals as part of our CR 23.06 appeal after the Scott Circuit Court granted class certification. In November 2013, the Court of Appeals reversed the Scott Circuit Court and found both that the case never should have been reopened and that class actions could not be brought under the Kentucky Act (albeit in dicta). The Court did not address any concern with considering the reopening question in the context of a CR
109
23.06 appeal. The Supreme Court denied discretionary review in April 2014. Thereafter, the case returned to the administrative forum and settled on terms favorable to TMMK – with the approximately eighty-five team members who did not accept the 2006 release accepting that exact same offer.
II. LESSONS LEARNED
We learned, and re-learned, a number of lessons during the fifteen-plus years we handled this case that we will keep in mind going forward.
A. Have Faith in the Lower Courts
It would be fair to say we were all frustrated with the decision to reopen the judicial case in 2007. But even more problematic from an exposure standpoint was the subsequent decision to permit a recovery period for up to five years preceding the judicial complaint, or from August 31, 1994. This, in essence, allowed a potential twelve-year recovery period. When our writ failed, and we were faced with the prospect of litigating the case before the Scott Circuit Court in 2010, it was not a comfortable feeling. The more we appeared in Scott Circuit Court, however, the more we felt like the Court was appreciating our various positions. Even though the Court ruled against our argument regarding the Kentucky Act and class actions, it was apparent the Court strongly considered our novel argument.
Additionally, in a decision not discussed above, the Court ruled in our favor in February 2012, finding that Plaintiffs could not obtain both full liquidated damages and prejudgment interest – an issue well-settled under the FLSA but not under Kentucky law. This had the effect of reducing the potential exposure by millions and allowed us to proceed more confidently going forward.
B. Have Faith in the Higher Courts
Judges at the appellate level will undoubtedly have strong opinions on the role of the courts. It just so happened that TMMK became embroiled in the middle of an apparent dispute among the Court members regarding the granting of writs of prohibition. In 2009, the Kentucky Supreme Court reversed the Kentucky Court of Appeals and found the Scott Circuit Court abused its discretion in reopening the case. This 5-2 decision focused primarily on the merits. The court heard Plaintiffs' petition for rehearing primarily because it had recently issued an opinion in another case that severely limited the writ mechanism. The Supreme Court was apparently anxious to further clarify the strict limits of the writ mechanism, and it unfortunately used our case to do so. This did not mean, however, that the Supreme Court failed to grasp that the reopening decision would be found to be in error based on a merits review, as opposed to a writ review. The Supreme Court, we believed, telegraphed this in its 2010 opinion, and our belief was proven correct when the Supreme Court denied discretionary review in April 2014.
110
C. Be Creative
It is difficult to posit a completely novel legal argument. As noted above, we had wondered for years about the curiously worded Kentucky Act, and when the Kentucky Supreme Court affirmed the reopening decision in 2010, we had the opportunity to test this argument. Hours of research helped further refine our position. Many cases will present an issue that can be resolved creatively, but few allow for this type of argument. It was a privilege to be a part of advancing a unique position, and it could assist Kentucky defendants, including perhaps TMMK, at some point, for years to come. Another creative argument that we did not have the opportunity to brief to the Court concerned the fact that certain portions of the time at issue (time worked in weeks where the team member worked under forty hours in a given week) was non-compensable under the law. No Kentucky litigant had ever briefed this issue, but the federal law is only concerned with unpaid overtime and minimum wages. So, the difference between thirty-seven hours and thirty-eight hours in a workweek would not mean additional compensation was due. This was not a case dispositive argument, but it certainly could have helped to reduce any damage exposure.
D. Keep Up With the Law
The Kentucky Supreme Court's decision to adopt CR 23.06 fundamentally changed the case in our favor. Absent that change, we would not have been able to advance our appellate arguments until after a trial on the merits. Because we were aware of the pending rule long before it finally took effect, it allowed us to gain a tactical advantage.
E. Don't Overpay While Good Options Remain
In 2011, we were obviously frustrated with the state of the case. Even though we had the ability to advance an interlocutory appeal pursuant to CR 23.06, we were understandably skeptical of the courts. While it was tempting to settle the case at that point, that would have been the equivalent of pulling money out of a down stock market. We felt the courts had not yet considered our strongest arguments, and our steadfast approach proved to be successful.
111
112
