Department of State Releases February 2017 Visa Bulletin

immigration policy visa bulletin stampNo change in Dates for Filing chart again; scant advancement in Final Action Dates chart.

The US Department of State (DOS) has released its January 2017 Visa Bulletin. The Visa Bulletin sets out per-country priority date cutoffs that regulate immigrant visa availability and the flow of adjustment of status and consular immigrant visa application filings and approvals.

What Does the February 2017 Visa Bulletin Say?

The February 2017 Visa Bulletin includes both a Dates for Filing Visa Applications chart and an Application Final Action Dates chart. The former indicates when intending immigrants may file their applications for adjustment of status or immigrant visas, and the latter indicates when an adjustment of status application or immigrant visa application may be approved and permanent residence granted.

If US Citizenship and Immigration Services (USCIS) determines that there are more immigrant visas available for a fiscal year than there are known applicants for such visas, it will state on its website that applicants may use the Dates for Filing Visa Applications chart. Otherwise, applicants should use the Application Final Action Dates chart to determine when they may file their adjustment of status applications.

It is not yet clear which chart the USCIS will select for February 2017 filings. To be eligible to file an employment-based (EB) adjustment application in February 2017, foreign nationals must have a priority date that is earlier than the date listed below for their preference category and country (changes from the last two months’ Visa Bulletin dates are shown in yellow). In January 2017, USCIS announced that EB applications should be filed using the Application Final Action Dates chart.

Application Final Action Dates

EB

All Charge-

ability

Areas Except

Those Listed

China

(mainland

born)

El Salvador,

Guatemala,

and Honduras

India

Mexico

Philippines

1st

C

C

C

C

C

C

2nd

C

15 NOV12 (was 15OCT12)

C

15APR08

C

C

3rd

01OCT16 (was 01AUG16)

01Oct13 (was 08SEP13)

01OCT16 (was 01AUG16)

22MAR05 (was 15MAR05)

01OCT16 (was 01AUG16)

15OCT11

(was 22JUL11)

Other Workers

01OCT16 (was 01AUG16)

01DEC05

01OCT16 (was 01AUG16)

22MAR05 (was 15MAR05)

01OCT16 (was 01AUG16)

15OCT11 (was 22JUL11)

Dates for Filing Visa Applications

EB

All Charge-

ability

Areas Except

Those Listed

China

(mainland

born)

India

Mexico

Philippines

1st

C

C

C

C

C

2nd

C

01MAR13

22APR09

C

C

3rd

C

01MAY14

01JUL05

C

01SEP13

Other Workers

C

01AUG09

01JUL05

C

01SEP13

How This Affects You

On the Application Final Action Dates chart, the cutoff dates for EB-1 will remain “current” for all chargeable countries, including India and China.

The EB-2 cutoff dates for the worldwide allotment as well as El Salvador, Guatemala, Honduras, Mexico, and the Philippines will also remain “current.” Cutoff dates will remain at April 15, 2008 for EB-2 India and will advance by one month for EB-2 China to November 15, 2012.

The EB-3 cutoff dates for the worldwide allotment as well as El Salvador, Guatemala, Honduras, and Mexico will advance by two months to October 1, 2016. Cutoff dates will advance by three weeks to October 1, 2013 for EB-3 China. The cutoff date for EB-3 India will advance by one week to March 22, 2005. The cutoff date for EB-3 Philippines will advance by nearly three months to October 15, 2011.

The EB-5 China cutoff date will advance by one week to April 15, 2014.

As confirmed by the DOS, the EB-1 allotment should remain current in the coming months.

Read the February 2017 Visa Bulletin.

Copyright © 2017 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

2016 Year In Review: Corporate Governance Litigation and Regulation

2016 year in review2016 saw many notable developments in corporate governance litigation and related regulatory developments.  In this article, we discuss significant judicial and regulatory developments in the following areas:

  • Mergers and Acquisitions (“M&A”): 2016 was a particularly significant year in M&A litigation.  In Delaware, courts issued important decisions that impose enhanced scrutiny on disclosure-only M&A settlements; confirm the application of the business judgment rule to mergers approved by a fully informed, disinterested, non-coerced shareholder vote; inform the proper composition of special litigation committees; define financial advisors’ liability for breaches of fiduciary duty by their clients; and offer additional guidance for calculating fair value in appraisal proceedings.

  • Controlling Shareholders: Delaware courts issued important decisions clarifying when a person with less than majority stock ownership qualifies as a controller, when a shareholder may bring a quasi-appraisal action in a controlling shareholder going-private merger, and when the business judgment rule applies to controlling shareholder transactions. In New York, the Court of Appeals followed Delaware’s guidance as to when the business judgment rule applies to a controlling shareholder squeeze-out merger.

  • Indemnification and Jurisdiction: Delaware courts issued decisions clarifying which employees qualify as officers for the purpose of indemnification and articulating an updated standard for exercising jurisdiction in Delaware over actions based on conduct undertaken by foreign corporations outside of the state.

  • Shareholder Activism and Proxy Access: Shareholder activists remained busy in 2016, including mounting successful campaigns to replace CEOs and board members at Chipotle and Hertz. Additionally, the SEC’s new interpretation of Rule 14a-8 has limited the ability of management to exclude a shareholder proposal from a proxy statement on the grounds that it conflicts with a management proposal.  Also, some companies have adopted “proxy rights” bylaws, which codify a shareholder’s right to directly nominate board members.

I.  M&A

A.Enhanced Scrutiny of Disclosure-Only Settlements

In January 2016, the Delaware Court of Chancery issued an important decision, In re Trulia, Inc. Stockholder Litigation,1 making clear the court’s renewed scrutiny of—and skepticism towards—so-called disclosure-only settlements of shareholder class actions. In Trulia, shareholders sought to block the merger of real estate websites Zillow and Trulia.  After litigation was commenced, the parties agreed to a settlement in which Trulia would make additional disclosures in proxy materials seeking shareholder approval of the transaction in exchange for a broad release of present and future claims by the class and fees for plaintiffs’ counsel.

Chancellor Bouchard rejected the proposed settlement and criticized disclosure-only settlements as generally unfair to shareholders.  Chancellor Bouchard noted that the Court of Chancery had previously expressed concerns regarding the incentives of plaintiff counsel to settle class action claims in which broad releases were granted in exchange “for a peppercorn and a fee”—i.e., for fees and immaterial disclosures that provided little benefit to shareholders.2  According to the Court, “these settlements rarely yield genuine benefits for stockholders and threaten the loss of potentially valuable claims that have not been investigated with vigor.”3

Continue reading at the National Law Review…

The White House’s Revisions to its Breach Response Policy For Federal Agencies and Departments Also Affect Contractors

White House data breach responseOn January 3, 2017, the Obama Administration issued a memorandum to all executive departments and agencies setting for a comprehensive policy for handling breaches of personally identifiable information (the “Memorandum”), replacing earlier guidance. Importantly, the Memorandum also affects federal agency contractors as well as grant recipients.

The Memorandum is not the first set of guidance to federal agencies and departments for reporting breaches of personally identifiable information (PII), but it establishes minimum standards going forward (agencies have to comply within 180 days from the date of the Memorandum). The Memorandum makes clear that it is not setting policy on information security, or protecting against malicious cyber activities and similar activities; topics related to the recent fiery debates concerning the 2016 election results and Russian influence.

The Memorandum sets out a detailed breach response policy covering topics such as preparedness, establishing a response plan, assessing incident risk, mitigation, and notification. For organizations that have not created a comprehensive breach response plan, the Memorandum could be a helpful resource, even for those not subject to it. But it should not be the only resource.

Below are some observations and distinctions worth noting.

  • PII definition. Unlike most state breach notification laws, the Memorandum defines PII broadly: information that can be used to distinguish to trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. So, for example, the notification obligation for a federal contractor will not just apply if Social Security numbers or credit card numbers have been compromised.
  • Breach definition. Breaches are not limited phishing attacks, hackings or similar intrusions. They include lost physical documents, sending an email to the wrong person, or inadvertently posting PII on a public website.
  • Training. Breach response training must be provided to individuals before they have access to federal PII. That training should advise the individuals not to wait for confirmation of a breach before reporting to the agency. A belief (or hope) that one will find that lost mobile device should not delay reporting.
  • Required provisions in federal contracts. Federal contractors that collect or maintain federal PII or use or operate an information system for a federal agency must be subject to certain requirements by contract. The Memorandum requires agencies to update their contracts with contractors to ensure the contracts contain certain provisions, such as requiring contractors to (i) encrypt PII in accordance with OMB Circular A-130, (ii) train employees, (iii) report suspected or confirmed breaches; (iv) be able to determine what PII was or could have been accessed and by whom, and identify initial attack vectors, and (v) allow for inspection and forensic analysis. Because agencies must ensure these provisions are uniform and consistent in all contracts, negotiation will be difficult. The Federal Acquisition Regulatory Council is directed to work the Office of Management and Budget to promptly develop appropriate contract clauses and regulatory coverage to address these requirements.
  • Risk of harm analysis. Agencies will need to go through a complex risk of harm analysis to determine the appropriate breach response. Notably, encryption of PII is not an automatic exception to notification.
  • Notification. The rules for timing and content of breach notification are similar to those in many of the state breach notification laws. The Memorandum also advises agencies to anticipate undeliverable mail and to have procedures for secondary notification, something not clearly expressed in most state notification laws. The Memorandum also suggests website FAQs, which can be more easily updated and tailored. Agency heads have ultimate responsibility for deciding whether notify. They can consider over-notification and should try to provide a single notice to cover multiple notification requirements. They also can require contractors to provide notification following contractor breaches.
  • Tabletop Exercises. The Memorandum makes clear that testing breach response plans is essential and expressly requires that tabletop exercises be conducted at least annually.

Federal contractors and federal grant recipients that have access to federal PII will need to revisit (or develop) their own breach response plans to ensure they comply with the Memorandum, as well as the requirements of the applicable federal agency or department which can be more stringent. Of course, those plans must also incorporate other breach response obligations the organizations may have, whether those obligations flow from other federal laws (e.g., HIPAA), state laws, or contracts with other entities. Putting aside presidential politics, cybersecurity threats are growing and increased regulation, enforcement and litigation exposure is likely.

Jackson Lewis P.C. © 2017

Congress Set to Embark on Ambitious Tax Reform Package in First 100 Days of Trump Administration Fundamental Tax Reform

Congress, Capitol, Congressional Tax ReformThe 2016 elections have laid the foundation for the most significant Congressional tax reform effort since the enactment of the Tax Reform Act of 1986. In the past several years, the leadership of the Congressional tax-writing committees (i.e., the House Ways and Means Committee and the Senate Finance Committee) have produced the blueprint for tax reform. More recently, President-elect Trump offered his own tax reform package and pledged to work with the Congress to enact tax reform this year. Against this backdrop, we anticipate that the House Ways and Means Committee will move a comprehensive tax reform bill during the first 100 days of the Trump administration. The Senate Finance Committee will likely move at a slower pace, but its leadership is equally committed to tax reform this year.

While the final version of the tax reform legislation is still under development, it may include the following elements:

  1. a compressed rate structure for individuals with a top rate of 33 percent on ordinary income, a 50 percent deduction for investment income, and a corresponding reduction in the availability of various personal credits, deductions, and exclusions

  2. a top corporate rate of 20 percent (although Trump has called for a rate as low as 15 percent) together with a similar reduction of various business tax preferences and credits

  3. a general elimination of depreciation in favor of immediate expensing for depreciable business assets

  4. a repeal of the estate tax and replacement with, for example, a capital gains tax on death, and

  5. a transition to a territorial international tax system under which foreign profits of American companies would generally not be subject to U.S. tax, together with a deemed repatriation provision for previously accumulated earnings

As a result, this legislation will likely impact virtually every taxpayer in the United States.

© 2017 Jones Walker LLP

The Road Ahead for 2017 – Restructuring & Insolvency in Australia

insolvency Australia Road to 2017It is anticipated that, by the middle of the year, Australia will see the most significant reform to the corporate and personal insolvency environment in two decades. The reforms, which appear likely to be supported by all sides of government, are designed to promote business preservation and allow greater flexibility in order to ‘turnaround’ distressed companies.

In 2014 the process of reform began with the Australian Productivity Commission’s release of an Issues Paper and subsequent Report on Business Set-Up, Transfer and Closure. In December 2015 the draft Insolvency Law Reform Bill (the Bill) was released.

The perception among the business community is that the existing insolvency landscape stifled entrepreneurship and forced distressed companies into insolvency at the expense of restructuring. While some commentators lament the missed opportunity to go further and adopt more comprehensive reforms, consensus is that the new legislation will resolve some of the market’s biggest concerns and will encourage a turnaround culture. It is also likely to generate increased interest in the domestic distressed debt market.

Key elements of the Insolvency Law Reform Act 2016 include:

  1. Reduction of the bankruptcy period from three to one year
  2. Introduction of a ‘safe harbour’ defence for directors. Directors will avoid personal liability for insolvent trading if they appoint an adviser to assist with business turnaround.
  3. Unenforceability of certain ipso facto clauses. The proposed new laws will prevent a party from terminating a contract based solely on an insolvency event. Certain contracts such as prescribed financial contracts may be excluded from this restriction.

One of the Productivity Commission’s more controversial recommendations (and which did not make it into the draft Bill) is the introduction of a duty of receivers “to not cause unnecessary harm to the interests of creditors as a whole.” This and other more substantive reforms will be subject to further consultation as the Government has committed to another review. The passage of the Bill will meanwhile continue to shine a spotlight on the more substantive reforms proposed.

In addition to the commencement of the Insolvency Law Reform Act 2016, certain class action proceedings in the Federal Court of Australia are likely to intensify in 2017 in the lead up to a hearing on common issues in 2018. Squire Patton Boggs advises the applicants and most group members in seven class action proceedings that have arisen out of the rating of several structured financial products by Standard & Poor’s (S&P) and Fitch Ratings (Fitch). These follow a successful settlement reached in similar proceedings against S&P, following a landmark win in the main proceedings and a further appeal to the Full Federal Court.

The majority of the claims in these proceedings arose following the global financial crisis and the collapse of underlying reference entities including Fanny Mae and/or the swap counterparty Lehman Brothers Australia (in liquidation) (LBA). As a large number of Australian organisations held these products, a number of insolvencies resulted from their collapse in value and/or wipe out and Squire Patton Boggs has acted for creditors of LBA in the insolvency proceedings that ensued to recover money for creditors with these claims.

The products that are the subject of these proceedings include a constant proportion portfolio insurance (CPPI) and synthetic collateralised debt obligations (SCDOs) which were assigned credit ratings by S&P or Fitch. The applicants allege that the ratings agencies were negligent and engaged in misleading and deceptive conduct in assigning high ratings to these products. They contend that had the products not received such high ratings, they would not have invested. S&P and Fitch deny these allegations.

These proceedings have had and will continue to have widespread domestic and international significance due to the number of structured financial products that were sold around the world and were rated by the large ratings agencies using similar methodology. Actions against S&P have been filed in other jurisdictions, including by European institutional investors in Amsterdam, setting a global trend that is likely to continue into 2017. This trend involves ensuring the accountability of credit rating agencies in their assignment of ratings to complex financial products, especially in areas where regulators have as yet failed to achieve similar outcomes. As a result, the continuing progress of these class actions in 2017 is likely to produce lasting implications, in particular further consideration as to the regulation of credit rating agencies.

Continue watching this blog throughout the year to come for updates about these and other topics from our offices across Australia, EU and Europe, UK and US.

© Copyright 2017 Squire Patton Boggs (US) LLP

Intellectual Property Cases to Watch in 2017

The New Year brings excitement and anticipation of changes for the best.  Some of the pending patent cases provide us with ample opportunity to expect something new and, if not always very desirable to everybody, at least different.  In this post, we highlight several cases that present interesting issues and that we anticipate may provide for new and important developments in the patent law this year.

Samsung Electronics Co. v. Apple Inc.

2017 IP cases intellectual propertyThis highly-publicized case, now on remand from the Supreme Court, concerns damages for design patent infringement.

Apple sued Samsung in 2011 for infringement of U.S. Patent Nos. D618,677 (claiming an electronic device having black rectangular front face with rounded corners), D593,087 (claiming an electronic device having a rectangular front face with rounded corners and a raised rim) and D604,305 (claiming a grid of 16 colorful icons on a black screen of an electronic device).  As we reported earlier, a jury found that several Samsung smartphones resembling the iPhone infringe those patents and awarded $399 million in damages to Apple, the entirety of Samsung’s profit from sale of the infringing smartphones.

The Federal Circuit upheld the award. The decision centered on 35 U.S.C. § 289, which provides that an accused infringer manufacturing or using a patented “article of manufacture” is liable to the patent owner “to the extent of his total profit.”  The Federal Circuit rejected Samsung’s argument that damages should not be determined based on the entire smartphone but rather should be limited to individual components covered by the patents, such as a front face or a screen.  The smartphone as a whole was deemed to be an “article of manufacture” in the context of Section 289.  The Supreme Court, in an unanimous (but short) decision, however agreed with Samsung and remanded, stating that an “article of manufacture” is “simply a thing made by hand or machine,” and is broad enough to include both a multicomponent product sold to a consumer and individual components of that product, “whether sold separately or not.”  No test however was provided on how to identify an “article of manufacture” relevant to damages.

On remand, the Federal Circuit will determine whether “the relevant article of manufacture for each design patent … is the smartphone or a particular smartphone component.”  A test for determining what exactly constitutes an “article of manufacture” for the purpose of determining damages in design patent cases is highly anticipated.

TC Heartland LLC v. Kraft Foods Group Brands LLC

This case concerns a choice of venue in patent cases, and a decision by the Supreme Court is expected around June, 2017.

Kraft Foods sued TC Heartland in the District of Delaware, alleging that Heartland’s liquid water enhancer products infringed three of Kraft Foods’ patents.  Heartland moved to either dismiss the action or transfer venue to the Southern District of Indiana, where it is headquartered and incorporated.  In support, Heartland stated that it is not registered to do business and has no presence in Delaware.  After the district court denied its motion, Heartland appealed.  The Federal Circuit affirmed and stated that patent suits may be filed in any judicial district in which the defendant sells an allegedly infringing product (Heartland ships accused products to Delaware, which amounts though to only about 2% of its total sales).  The Federal Circuit has consistently applied this interpretation of the patent venue statute since its 1990 decision in VE Holding, which has since allowed patent holders to file suits in favorable courts that are perceived to be more plaintiff-friendly, such as the Eastern District of Texas. Opponents of this doctrine refer to it as a “forum shopping.”

As we reported before, on December 14, 2016, the Supreme Court agreed to review the Federal Circuit’s decision.  A decision in favor of Heartland would fundamentally change where patent cases can be litigated.  In particular, many patent holders may effectively be barred from bringing suits in the Eastern District of Texas.

Lexmark International v. Impression Products

On December 2, 2016, the Supreme Court granted Impression Products’ petition to hear a case concerning whether patent exhaustion arises from foreign sales.

Lexmark, a manufacturer of printers and cartridges for those printers, sold the cartridges covered by Lexmark’s U.S. patents in the U.S. and abroad.  Some of the cartridges were sold at a reduced price and, according to a “Return program,” were subject to a single-use/no-resale restriction set forth in the user agreement.  With the goal of protecting quality and reputation of its products, and for other reasons, Lexmark required that customers who bought Return program cartridges return the empty cartridges only to Lexmark for remanufacturing or recycling.  Impression, among others, acquired and re-purposed (which included modifying the original chip) both the foreign- and domestically-sold cartridges, and sold the modified cartridges in the U.S.  When Lexmark took legal actions and other defendants agreed to settlements, Impression however argued that the first sale of the cartridges, either in the U.S. or abroad, exhausted Lexmark’s U.S. rights to exclude.

The district court partially sided with Impression, ruling that Lexmark’s sale in the U.S. exhausted its patent rights, despite the express single-use/no-resale restrictions under the Return Program, but concluded that foreign sales did not exhaust Lexmark’s patent rights.  As we said earlier, on February 12, 2016, the en banc Federal Circuit agreed with Lexmark and confirmed two important aspects of the patent exhaustion doctrine, namely that (1) a patentee can “sell[] a patented article subject to a single-use/no-resale restriction that is lawful and clearly communicated to the purchaser” without exhausting the patentee’s rights to that item; and (2) because foreign sales do not permit “the buyer to import the article and sell and use it in the United States,” an authorized foreign sale of a product does not exhaust a patentee’s U.S. patent rights to exclude associated with that product.

In re Aqua Products

This is a pending en banc case before the Federal Circuit regarding whether it is the patent owner who bears the burden of proving patentability of its amended claims in inter partes reviews before the Patent Trial and Appeal Board.

Aqua Products, Inc., as a patent owner, faced a claim amendment issue.  In particular, after an inter partes review (IPR) of Aqua’s patent on a robotic swimming pool cleaners was initiated, Aqua moved to substitute several of the challenged claims with limitations from the claims that were not challenged, effectively amending the claims.  The America Invents Act (AIA) permits patent owners to move to amend claims of a patent, and 35 U.S.C. § 316(d) states that “the patent owner may file one motion to amend the patent,” with additional motions to amend allowed in limited circumstances.

Applying its rule making authority, the PTO ruled that Aqua failed to demonstrate that its amendments would make the claims-at-issue patentable over the known prior art.  On August 12, 2016, the Federal Circuit granted Aqua’s motion for an en banc hearing and asked Aqua and the USPTO to brief whether the USPTO may require that a patent owner bear the burden of persuasion regarding patentability of the amended claims, even though the AIA assigns the burden of proving unpatentability of the proposed claim amendments to an IPR petitioner.  See 35 U.S.C. § 316(e)).

Argument was heard on December 9, 2016, and a blog post on the upcoming decision will appear in due course.

Swiss-US Privacy Shield Will Replace Swiss-US Data Protection Safe Harbor

Swiss Privacy ShieldOn January 11, 2017, the Swiss Federal Council announced that a new framework will govern the transfer of personal data from Switzerland to the US.  According to the Federal Council, the Swiss-US Privacy Shield Framework “will apply the same conditions as the European Union.”  The International Trade Administration stated that the US Department of Commerce will begin accepting certifications on April 12.  Certification will allow companies to comply with Swiss data protection requirements, facilitating transatlantic commerce.

  • The Federal Council made note of several changes from the Swiss-US Safe Harbor to the Swiss-US Privacy Shield, including:

  • “Stricter application of data protection principles by participant companies”

  • Heightened administration and supervision requirements by US authorities

  • Enhanced cooperation between the Swiss Federal Data Protection and Information Commissioner and the US Department of Commerce

  • A new arbitration body to handle claims

  • Introduction of an ombudsperson in the US Department of State, who will address Swiss persons’ concerns about the processing of their personal data by US intelligence services

Because the Swiss-US Privacy Shield aligns with the EU-US Privacy Shield, the self-certification process should not be overly burdensome.

However, in light of this change, it is important to reassess current business practices to determine whether a company is participating in the transfer of personal data from Switzerland to the US.  If so, companies should remove any references to the Safe Harbor, and should be ready to apply for self-certification.  Further, companies should prepare for changes to internal policies to comply with the new requirements under the Swiss-US Privacy Shield.

Copyright © 2017 Womble Carlyle Sandridge & Rice, PLLC. All Rights Reserved.

Contracting by Tweet: What Impact Can the New Administration Have on Existing Contracts and Future Awards?

Trump tweets government contractsAmong the many subjects to receive President-elect Trump’s attention in advance of his swearing in on January 20 are venerable defense contractors and their performance of major systems contracts.  The Boeing Company (Boeing) and Lockheed Martin (Lockheed) have both felt the “heat of the tweet” – Boeing for the projected cost of the next generation of presidential aircraft and Lockheed for its F35 Joint Strike Fighter.  The pointed attention has led some to question the authority of a president to alter existing contractual relations or to impact the award of future contracts.  Can a president require contractors to lower prices on existing contracts or direct that future awards not be made to companies that fail to adopt practices the president favors, e.g., retaining jobs in the United States?  A president always has the bully pulpit to pressure high-profile government contractors to “voluntarily” take actions to their detriment and in favor of the government, but what legal tools or contractual remedies are available if a president forces a particular outcome?

The legal obligations of the United States to its contractors, with some exceptions, is little different from the obligations of a buyer in a private contract.  The courts long ago established that the United States as buyer must “turn square corners” when dealing with its contractors.  Maxima Corp. v. United States, 847 F.2d 1549 (Fed. Cir. 1988).  There also exists in every government contract a duty of good faith and fair dealing.  See John Cibinic, Jr., James F. Nagle, Ralph C. Nash, Jr., Administration of Government Contracts 296-314 (4th ed. 2006).  Aspects of government contracts that make them different from commercial contracts, e.g., socio-economic provisions that promote specific government policies, do not alter the basic and implied duties of a buyer to a seller.  The written contract captures the exchange of promises of the parties and embodies all express and implied duties and remedies for their breach.

With this as background, could the new president require that Boeing or Lockheed, for example, unilaterally reduce the prices for their aircraft or face adverse consequences?  First, authority to bind the U.S. Government to contracts, or amendments to contracts, is housed in authorized contracting officers.  See FAR 1.602-1.  Contracting officer authority is delegated from agency heads to government employees considering their experience in government contracting and administration, their education or special training in business administration, law, accounting, engineering, or related fields, their knowledge of acquisition policies and procedures, and their completion of acquisition training courses.  FAR 1.603-2.  Once authority is delegated, contracting officers are to act independently while ensuring that contractors receive impartial, fair and equitable treatment.  See Schlesinger v. United States, 390 F.2d 702 (Ct. Cl. 1968); see also FAR 1.602-1.  While contracting officers can and should look to others for advice, including to higher-ups, see FAR 1.602-2(c) (“Contracting officers shall . . . [r]equest and consider the advice of specialists in audit, law, engineering, information security, transportation, and other fields as appropriate”), the decision of a contracting officer must remain that of the contracting officer.

This is not to suggest that contracting officers are immune to pressure from government officials in influential positions, including the president.  However, contracting officers are bound to apply the law when awarding and administering contracts.  See FAR 1.602-1(b) (“No contract shall be entered into unless the contracting officer ensures that all requirements of law, executive orders, regulations, and all other applicable procedures, including clearances and approvals, have been met”); FAR 1.602-2 (“Contracting officers are responsible for . . . ensuring compliance with the terms of the contract”).  Contracting officers are allowed wide latitude to exercise business judgment which might provide an avenue for a contracting officer to accommodate certain presidential desires but the contracting officer must nonetheless operate within the constraints of the law and the terms of any existing contract.  Id.

The classic tool the government has when it finds an existing contract no longer in its interest is the termination for convenience.  See FAR 52.249-2(a) (fixed price contracts); 52.249-6(a)(1) (cost reimbursement contracts).  What constitutes the government’s “interest” is very broad.  Surely, a contracting officer could find it in the government’s interest to terminate a contract for a major system that the contracting officer deemed, perhaps because of encouragement from the top of the executive branch, to be too expensive.  However, a termination for convenience is not cost free to the government.  Contractors terminated for convenience are entitled to recover their cost incurred to the date of the termination, profit or fee on that cost, and termination settlement expenses.  FAR 52.249-2(g); 52.249-6(h).  In addition, the termination of any contract where there is a continuing requirement is a drastic action.  The government would need to begin a new procurement to satisfy the requirement, conduct the procurement pursuant to law, including obtaining full and open competition unless an exception existed, and begin a program all over again.  Practically, the government is unlikely to take this path because it would be costly and delay ultimate delivery of the system.  Thus a contractor willing to endure the public approbation of being identified with “fraud, waste and abuse” likely can survive simply because the consequences of terminating a contract are so drastic.

An even more drastic government approach would be for the government to terminate an unpopular contract for default.  This would absolve the government of all monetary obligations for the termination.  This may sound exceedingly extreme, but the history of the longest-running and largest termination for default in the Department of Defense’s history, the Navy’s A-12 aircraft, shows that an over-budget contract that became politically unpopular can meet such a fate.

For new contracts, the government has the ability to set requirements and select the awardee.  Could the government establish a requirement that all companies who ship jobs overseas are excluded from government contracting?  Or more subtly, could a bias against such companies infect the selection process?

The out-going Obama Administration in its latter stages liberally used the president’s Executive Order power to implement socio-economic policies for government contractors.  Typically, these policies were ones likely to face opposition in the Republican-controlled Congress.  Using the president’s power over contracting, President Obama issued Executive Orders that led to new requirements on paid sick leave, fair pay and safe workplaces, and LGBT rights.  There seems no reason that the Trump Administration might not attempt this same path to limit awards to contractors who do not fit the Administration’s view of “Making America Great Again.”

Such an attempt might run into problems, however.  The Obama Administration’s Executive Orders affirmatively imposed new social requirements on contractors where those requirements were not prohibited by law or regulation.  A Trump Administration Executive Order prohibiting contract awards to companies who move jobs overseas, for example, might run squarely into the Competition in Contracting Act’s (CICA) mandate for “full and open competition.”  Although CICA contains exceptions to full and open competition, promoting US jobs by discouraging offshoring is not one of them (although awards to inverted domestic corporations are prohibited by statute and regulation, see FAR 9.108-2).

Finally, bias in source selection for new contracts is difficult to detect.  Every selection official, indeed every human, has biases, but as a matter of law, those biases cannot lead to an award inconsistent with solicitation selection criteria.  See FAR 15.303(b)(4).  Unwarranted bias in the procurement process is controlled through the bid protest, a review by a third-party to determine whether a selection authority acted arbitrarily, capriciously, or abusively, or not in conformance with law.  See FAR part 33.  A source selection authority influenced by desires of a new president that were not included in a solicitation could be brought to task through the bid protest process.

The new Administration is not without power to influence government contracting and contractors through the bully pulpit.  From a purely legal standpoint, however, the Administration’s powers are circumscribed by the remedies available to contractors and challenges that prospective offerors can bring through the bid protest process.  We shall see how the Trump Administration proceeds and report further if there are any developments.

© 2017 Covington & Burling LLP

Law Firm Data Breaches: Big Law, Big Data, Big Problem

law firm data breachesThe Year of the Breach

2016 was the year that law firm data breaches landed and stayed squarely in both the national and international headlines. There have been numerous law firm data breaches involving incidents ranging from lost or stolen laptops and other portable media to deep intrusions exposing everything in the law firm’s network. In March, the FBI issued a warning that a cybercrime insider-trading scheme was targeting international law firms to gain non-public information to be used for financial gain. In April, perhaps the largest volume data breach of all time involved law firm Mossack Fonesca in Panama. Millions of documents and terabytes of leaked data aired the (dirty) laundry of dozens of companies, celebrities and global leaders. Finally, Chicago law firm, Johnson & Bell Ltd., was in the news in December when a proposed class action accusing them of failing to protect client data was unsealed.

A Duty to Safeguard

Law firms are warehouses of client information and how that information is protected is being increasingly regulated and scrutinized. The legal ethics rules require attorneys to take competent and reasonable measures to safeguard information relating to client. (ABA Model Rules 1.1, 1.6 and Comments). Attorneys also have contractual and regulatory obligations to protect information relating to clients and other personally identifiable information, financial and health, for example.

American Bar Association’s 2016 TechReport

Annually, the ABA conducts a Legal Technology Survey (Survey) to gauge the state of our industry vis-à-vis technology and data security. The Survey revealed that the largest firms (500 or more attorneys) reported experiencing the most security breaches, with 26% of respondents admitting they had experienced some type of breach. This is a generally upward trend from past years and analysts expect this number only to rise. This is likely because larger firms have more people, more technology and more data so there is a greater exposure surface and many more risk touch-points.

Consequences of Breach

The most serious consequence of a law firm security breach is loss or unauthorized access to sensitive client data. However, the Survey shows there was a low incidence of this, only about 2% of breaches overall resulted in loss of client data. Other concerning consequences of the breaches are significant though. 37% reported business downtime/loss of billable hours, 28% reported hefty fees for correction including consulting fees, 22% reported costs associated with having to replace hardware/software, and 14% reported loss of important files and information.

Employing & Increasing Safeguards Commonly Used in other Industries

The 2016 Survey shows that while many law firms are employing some safeguards and generally increasing and diversifying their use of those safeguards, our industry may not be using common security measures that other industries employ.

1. Programs and Policies. The first step of any organization in protecting its data is establishing a comprehensive data security program. Security programs should include measures to prevent breaches (like policies that regulate the use of technology) and measures to identify, protect, detect, respond to and recover from data breaches and security incidents. Any program should designate an individual, like a full-time privacy officer or information security director, who is responsible for coordinating security. However, the numbers show that the legal industry may not be up to speed on this basic need. Survey respondents reported their firms had the following documented policies:

Document or records management and retention policy: 56%

Email use policy: 49%

Internet use/computer use policy: 41%

Social media use: 34%

2. Assessments. Using security assessments conducted by independent third parties has been a growing security practice for other industries; however, law firms have been slow to adopt this security tool, with only 18% of law firms overall reporting that they had a full assessment.

3. Standards/Frameworks. Other industries use security standards and frameworks, like those published by the International Organization for Standardization (ISO) to provide approaches to information security programs or to seek formal security certification from one of these bodies. Overall, only 5% of law firms reported that they have received such a certification.

4. Encryption. Security professionals view encryption as a basic safeguard that should be widely deployed and it is increasingly being required by law for any personal information; however only 38% of overall respondents reported use of file encryption and only 15% use drive encryption. Email encryption has become inexpensive for businesses and easier to use with commercial email services yet overall only 26% of respondents reported using email encryption with confidential/privileged communications or documents sent to clients.

5. Cybersecurity Insurance. Many general liability and malpractice polices do not cover security incidents or data breaches, thus there is an increasing need for business to supplement their coverage with cybersecurity insurance. Unfortunately, only 17% of attorneys reported that they have cyber coverage.

Conclusion

It is important to note that the figures revealed by the 2016 Survey, while dismaying, may also be extremely conservative as law firms have a vested interest in keeping a breach of their client’s data as quiet as possible. There is also the very real possibility that many firms don’t yet know that they have been breached. The 2016 Survey demonstrates that there is still a lot of room for improvement in the privacy and data security space for law firms. As law firms continue to make the news for these types of incidents it is likely that improvement will come sooner rather than later.

Supreme Court Solicits Opinions on Breadth of Remedies under ERISA—Including Indemnity and Contribution

Supreme Court ERISA RemediesEarlier this week, the Supreme Court got back to work in the New Year. One of the court’s first orders of business was to invite the Acting Solicitor General to file a brief expressing the views of the United States in a handful of cases. Fenkell v. Alliance Holdings, Inc., a somewhat controversial ERISA case, landed amongst the chosen few. Specifically under Fenkell, the Supreme Court invited the Acting Solicitor General to opine on whether ERISA permits a cause of action for indemnity or contribution by an individual found liable for breach of fiduciary duty in light of the existing circuit split on the issue.

While the facts of Fenkell are largely irrelevant for this discussion, the important takeaway is that an ERISA employee stock ownership plan fiduciary led the effort to offload an unprofitable company onto its employees in a complicated leveraged buyout. The involved and resulting breach of ERISA fiduciary duties is not contested. Rather, the ringleader, Fenkell, challenged (and continues to challenge) the judge’s order requiring him to indemnify his co-fiduciaries. Simply put, the indemnification order seemed appropriate to the court given the control that Fenkell exerted over the other fiduciaries—the court noted the other fiduciaries’ “inexperience” as fiduciaries and their deference to Fenkell as the controlling owner, sole director, president, and CEO of Alliance. Stated another way, Fenkell was the “conductor,” and the other fiduciaries involved were the “mere musicians.”

In an earlier review, the Seventh Circuit rejected each of Fenkell’s arguments and followed its 30-year-old precedent which allows for indemnification and contribution among co-fiduciaries. In support of its decision to uphold its prior interpretation, the Seventh Circuit reiterated that “[i]f we are to interpret ERISA according to the background principles of trust law—as the Supreme Court has repeatedly instructed us to do—then indemnification and contribution are available equitable remedies under the statute.” Accordingly, the Seventh Circuit found ERISA’s equitable remedial power, as well as its foundation in principles of trust law, supportive of an order for contribution or indemnification among co-fiduciaries based on degrees of culpability.

While this case has not yet been taken up, argued in front of, or decided by the Supreme Court, the Acting Solicitor General’s brief may shed new light on the direction the Supreme Court may take to settle the circuit split. In the meantime and at a minimum, this case and the Supreme Court’s request for the U.S.’s view should remind us that:

  • Under ERISA, if defendants are found to be liable for breaches by co-fiduciaries, then co-fiduciary liability is joint and several.
  • Inexperience—and even fear of retribution from management (e.g., your boss)—will not excuse a failure to discharge fiduciary duties under ERISA.
  • Whether “mere musicians” will ultimately be able to seek protection (in terms of indemnification and/or contribution) from their “conductor” will, under current law, involve lengthy litigation and depend on the reviewing court.

Because fiduciary (and co-fiduciary) duties and conduct will most certainly continue to be closely scrutinized, best practice requires steadfast resolve to work hard as fiduciaries, acting solely in the interest of the participants and beneficiaries in order to discharge their duties of loyalty and prudence. To help ensure this compliance, it is good practice to undergo periodic fiduciary training.

© MICHAEL BEST & FRIEDRICH LLP