ADR and Governance News from Jim Reiman

March 31, 2016

Friends and colleagues

I trust this finds you well.  This month, as in most months, I’ll focus on three areas:  corporate governance, alternative dispute resolution (“ADR”), and eDocuments and eDiscovery.   Additionally, I’ll include a matter of general interest for my “Interesting Case of the Month.”

In the corporate governance arena, this month’s articles focus on cybersecurity and the confluence of reputational risk and cybersecurity.  Specifically, three articles are presented:  a report of the Institute of Internal Auditors Research Foundation, an article discussing the interrelationship of reputational risk and cyber-risk, and finally, an article discussing the recent settlement by Home Depot of claims relating to its 2014 data breach.

For my ADR practitioner readers, I relate two Ninth Circuit decisions.  The first addresses the enforceability of an arbitration clause and reverses a lower court’s order to compel arbitration pursuant to the Convention on the Recognition of Foreign Arbitral Awards.  The second holds that an arbitration award does not bar a subsequent action arising out of the same injury, but brought under RICO.  Finally, for those involved in international commerce and sovereign state matters, I present a conference report discussing dispute settlement procedures of the World Trade Organization (WTO) and regional trade organizations such as those contemplated by the Trans Pacific Partnership (TPP).

Regarding eDocuments and eDiscovery, I present a Florida Federal Court decision applying the new discovery rule’s proportionality concept and additionally giving guidance to parties seeking protective orders.

Finally, for my “Interesting Case of the Month,” I continue last month’s exception to my practice of presenting a case, and instead present two articles:  one, a New York Times article discussing the implications of China’s President Xi Jinping’s “directive” to the Chinese media, and second, an article discussing the privacy issues inherent in the well-publicized Hulk Hogan case.

This Month’s Articles

Corporate Governance

  • Cybersecurity – What Directors Need to ask: Every sitting and prospective board director today knows that s/he and the board as a whole have a duty to address their company’s cyber-security strategy.  How that is accomplished, however, and the depth of review, are the subject of much debate.  The Institute of Internal Auditors Research Foundation put out a report in late 2014 addressing this subject.  I present it today because it is still timely, but more importantly, because it provides a set of questions that directors may ask and a framework to address the issue.
  • Cyber-reputation: risk turbocharged: The #1 and #2 issues that keep directors awake at night according to multiple surveys are cyber risk and reputational risk.  In terms of risk analysis, however, according to Andrea Bonime-Blanc, the two go hand-in-hand and “the combination of the two is today’s strategic ‘risk of risks’, turbocharged.”
  • Home Depot Quickly Settled Its Data Breach Cases.  Will Others Follow?: In this article appearing in CorpCounsel, the author discusses the March settlement by Home Depot of the class action suit arising out of its 2014 data breach.  While the settlement amount ($19.5 million) was not remarkable, the settlement has gained the attention of the governance and risk community (as well as the class action bar) because of the timing of the settlement – while the motion to dismiss the class action was pending.  I present the article for this discussion, and because it provides an economic perspective to the monetary liability of a data breach.

Alternative Dispute Resolution

  • Determination of Arbitrability: The question of who determines arbitrability – a court or the arbitration tribunal – is the subject of a 9th Circuit opinion presented.  In the case Casa Del Caffe Vergnano v ItalFlavors, the Court of Appeals held that the contract that contained the arbitration clause was a “sham,” hence the parties’ arbitration agreement was “not a contract and is thus unenforceable.”
  • Whether a Prior Arbitration Bars a RICO Action: The question presented in the case UTHE Tech. Corp. v. Aetrium, Inc. is whether a completed arbitration barred plaintiffs from filing and pursuing an action under the Racketeer Influenced and Corrupt Organizations Act (RICO) after securing their arbitration award AND receiving payment in full for that award.  Answer:  it did not.  Why?  “Because the arbitral award did not constitute full satisfaction of [plaintiff’s] pre-existing RICO claim.”
  • WTO v RTA Dispute Resolution: While many argue that the World Trade Organization’s (WTO) Dispute Settlement Body is a success and a proven system, others question its capacity and resources.  As a result, the law firm Sidley Austin convened a panel of five leading WTO law practitioners to “talk freely about the challenges” and potential solutions, including the use of “the dispute settlement mechanisms in regional trade agreements (RTAs). . .as appealing alternatives.”  A report of that program, and the issues and solutions discussed, is presented.

eDocuments

  • Application of the New Proportionality Rule: The Florida District Court, in the Takata airbag product liability suit, is one of the first courts to issue a published order applying the new discovery rule of proportionality in a complex, multi-party, document intensive case.  The order, and its reasoning, are presented.

Interesting Case of the Month

  • China Media Must Support The Party: In late February China’s President Xi Jinping announced China’s media policy, making clear that the media exists to support the Party.  The thinking behind this policy, and its implications, are explored.
  • Hulk Hogan Sex Tape Lawsuit’s Privacy Questions: The airwaves and digital media were buzzing this month as Hulk Hogan’s case against Gawker went to trial over Gawker’s publishing a tape showing Hogan having sex with the wife of a friend.  When the jury came back – awarding the Hulk $115 million in compensatory damages – the noise level went even higher.  Lost in the noise were the essential privacy questions at the heart of the dispute – not just Hogan’s but also the woman in the tape, Heather Cole.  Presented is a thoughtful piece by the New York Times addressing these issues.

I hope you find one or more of the below articles of interest and worthy of your inbox’s space.

Warm regards,

Jim Reiman

Articles / Corporate Governance

Cybersecurity – What The Board of Directors Need to Ask

Cybersecurity is the “hot” topic in today’s governance field, and the National Association of Corporate Directors (NACD), governance advisors, accounting/audit firms, lawyers and just about everyone else connected to the world of corporate governance is presenting one or several programs on cybersecurity.  Don’t misunderstand:  the topic is both timely and of great importance.  That said, having sat through several such programs I’ve walked out of most with a heightened awareness of the need to address the issue, but not sure how to go about it and confused by the often contradictory guidance presented.

This month I had the pleasure of attending a program presented by the Chicago chapter of the NACD with Kevin Elliott, Frank Modruson, Shawn Henry and Cam Kerry presenting.   Finally!! Clear, intelligent, balanced, and actionable advice!  If you see any of these individuals as speakers on the subject, I urge you to attend.

Why am I effervescing?  Rather than plain vanilla or impractical advice, they presented questions that directors can and should ask management, and a framework within which to consider the issues.  For example:  Who does the chief information security officer (CISO) report to?  (Answer:  should NOT be the chief information officer (CIO))

While a brief summary of the program is referenced below, the real take away for me and several of those with whom I spoke after the program was the list of questions directors should be asking management.  Many of those questions are set forth in an article recommended by the speakers and which I recommend as well – The Institute of Internal Auditors Research Foundation and ISACA:  Cybersecurity: What the Board of Directors Needs to Ask (2014).  Some of the questions posed:

 

  • Does the organization use a security framework?
    • PCI-DSS for credit card acceptance (retail, finance industries)
    • HIPAA or HITRUST for the healthcare industry
    • ISO 27001, NIST 800-53, COBIT framework
  • What are the top 5 risks the organization has related to cybersecurity?
  • How are employees made aware of their role related to cybersecurity?
  • Are external and internal threats considered when planning cybersecurity program activities?
  • How is security governance managed within the organization?
  • In the event of a serious breach, has management developed a robust response protocol?

  The Institute of Internal Auditors Research Foundation and ISACA: Cybersecurity: What the Board of Directors Needs to Ask (2014)
  NACD Chicago Chapter Program Report/Summary:  Cyber Security: Tales from the Breach

 

 National Institute of Standards and Technology:  Framework for Improving Critical Infrastructure Cybersecurity

 

Cyber-Reputation: Risk Turbocharged

As those of you who have read my articles or heard me speak know, reputational risk is an issue near and dear to my heart.   While I look to ADR and good governance practices to manage and mitigate reputational risk, I’ve also spoken on the interrelationship between data breaches and reputational risk.  I was therefore extremely pleased to see the referenced article by Andrea Bonime-Blanc.

As Andrea puts it, “Reputation risk as it relates to organizations is unlike almost any other risk – it is pervasive and cuts across many other kinds of risk.”  Per Andrea, “Companies that suffer a cyber-attack can find the biggest damage is to their reputation.”  While this is lessening given the growing number and seeming “commonness” of data breaches, it continues to be true.  How companies address and respond to data breaches significantly impacts reputation, which in turn impacts stock price and company value.

The referenced article addresses “what works – and what doesn’t” and offers “guidelines that leaders (boards and executives) of any type of organization (corporate, NGO, governmental or educational) should consider to understand and tackle the combined threats and effects of cyber-reputation risk – that new turbocharged risk of risks of our time.”

  Andrea Bonime-Blanc, Mitigating Cyber-Reputation Risk

 

Home Depot Data Breach Settlement

As most know, Home Depot suffered a massive data breach (its payment systems at nearly 2,200 U.S. and Canadian stores were breached in a cyberattack that may have stretched from April to September, 2014), which resulted in a class action lawsuit that was filed against the company.  In mid-March, Home Depot and the class representatives announced that they had settled the case, with Home Depot agreeing to pay $19.5 million plus $8.5 million in attorney fees.

As stated in the introduction/summary, the settlement is noteworthy for 2 reasons.  First, its timing.  The matter settled before the court had ruled on a Home Depot motion to dismiss, and before discovery had concluded.  The parties held a mediation, and the settlement was the result of the mediation.

Additionally, I present the case because it, along with the settlement of the Target and other data breach cases, appears to have set a financial benchmark against which companies may determine consumer information data loss liability – approx. $1.00 per customer.  That said, “Home Depot said it has booked $161 million of pre-tax expenses for the breach, including for the consumer settlement, and after accounting for expected insurance proceeds” and that number could rise to $261 million.

 

 Jan Wolfe, Home Depot Quickly Settled Its Data Breach Cases. Will Others Follow? 

 

 Kevin M. McGinty, Early Settlement of the Home Depot Consumer Data Breach Claims – The Start of a Trend?

 

 

Articles / Alternative Dispute Resolution

Casa Del Caffe Vergnano v ItalFlavors, LLC

Caffe Vergano addresses, in the words of the Court, the “significant issue of whether a party to a contract containing an arbitration clause may enforce the clause notwithstanding compelling evidence that the contract was not a binding agreement.”  Fair warning:  the following discussion is highly technical and will likely be of little interest to my non-lawyer readers or lawyers who are not involved in arbitration.  For my arbitrator readers, however, the case addresses several important issues.

The matter arises out of two agreements, both executed by the same parties on the same day.  The first is a franchise agreement (“Franchise Agreement”) between Caffe Vergano and ItalFlavors, a company formed by two brothers to open and operate a Caffe Vergano franchise in the US.  The Franchise Agreement contained an arbitration clause which provided that all disputes were to be resolved by “binding arbitration in accordance with the UNCITRAL Arbitration Rules as presently in force.”

The second agreement, which the parties referred to as a Hold Harmless Agreement, referenced the Franchise Agreement, but provided “The [Franchise Agreement] does not have any validity or effectiveness between the parties . . .as it was prepared and delivered . . . .solely for the purpose of allowing Hector [one of two brothers]. . . to submit a copy of it to the pertinent international agencies in order to obtain an entry visa to work in the United States of America.”

Per the Court of Appeals, the facts are fairly straight-forward and “largely undisputed.”  The two brothers and Caffe Vergano met and entered into the two agreements in Argentina, where Hector lived at the time.  All intended that Hector would move to the US and all understood that ItalFlavors intended to use the Franchise Agreement to secure a visa for Hector.

After the two agreements were signed by all parties, ItalFlavors opened in the US and operated a Caffe Vergano coffee shop.  The coffee shop was not a success, struggled, and closed after several months.

ItalFlavors blamed the business’ failure on Caffe Vergano’s alleged failure to provide promised support, and filed suit in the California courts.  Caffe Vergano responded by filing suit in Federal District Court under the Federal Arbitration Act seeking to bar the State Court action and compel arbitration under the Franchise Agreement’s arbitration clause.

The District Court held that whether the arbitration clause of the Franchise Agreement survived the Hold Harmless Agreement was an issue to be determined by the arbitrators.  It should be noted here that UNCITRAL Rule 23(1) provides:  “The arbitral tribunal shall have the power to rule on its own jurisdiction, including any objections with respect to the existence or validity of the arbitration agreement.”  Nevertheless, the Court of Appeals disagreed with the lower court’s ruling and reversed.  Curiously, the Court of Appeals opinion is silent regarding the UNCITRAL jurisdictional rule.

Explaining its decision, the Court of Appeals first considered the standard of review, holding: “We review a district judge’s order to compel arbitration de novo. [citation omitted]   Similarly, legal conclusions regarding the existence of a valid, binding contract are reviewed de novo and factual findings underlying it for clear error.”  The Court then held that “Because this case arises under Chapter 2 of the Federal Arbitration Act, the issue of whether the [Franchise Agreement] constituted a binding agreement is governed by federal common law, [citation omitted] which, in turn, looks to ‘general principles for interpreting contracts.’”

Finally, the Court reviewed the facts and came to the conclusion that “the declaration in the Hold Harmless Agreement signed contemporaneously with the [Franchise Agreement] proves that the latter was a mere sham to help Hector . . . obtain a visa. Thus, we conclude that the [Franchise Agreement] was not a contract and is thus unenforceable.”  Finding the Franchise Agreement void, its embedded arbitration agreement was also found to be void, although the Court did not expressly state such.

 The full opinion, Casa Del Caffe Vergnano USA Corp V. Italflavors LLC,

 

UTHE Tech. Corp. v. Aetrium, Inc.

In UTHE, the Court of Appeals for the Ninth Circuit (albeit by a different panel of judges than those deciding the Caffe Vergano case) considered whether plaintiffs may bring an action against defendants under the Racketeer Influenced and Corrupt Organizations Act (RICO) notwithstanding having arbitrated their dispute, an arbitration award having been made, and defendants having paid that award in full.  Additionally, the Court considered whether plaintiff’s RICO suit was barred by the “one satisfaction” rule, “an equitable principle designed to prevent double recovery of damages arising from the same injury.”

The Court of Appeals, in what at first blush seems a remarkable decision, found for plaintiff and permitted the RICO action to be filed.  Analysis of the facts make the decision less remarkable.  Of note with respect to the “one satisfaction” rule – RICO permits treble damages, and the RICO claim was not addressed in the arbitration.

Briefly, in 1993 UTHE filed suit against US defendants (“US Defendants”) and a “number of individuals in Singapore (“Foreign Defendants”) alleging a conspiracy to unlawfully take over one of UTHE’s overseas subsidiaries.”  UTHE’s complaint claimed RICO violations against both the US Defendants and the Foreign Defendants.  That “action was dismissed on the basis of forum non conviens because an arbitration clause in a relevant agreement required that UTHE arbitrate its claims against the Foreign Defendants in a proceeding governed by Singapore law (the Singapore arbitration).  Additionally, “UTHE’s suit against the US Defendants was stayed by the district court pending the resolution of the Singapore arbitration against the Foreign Defendants.”  Per the Court of Appeals, “UTHE’s right to eventually pursue its own claims against the [US] Defendants in federal court remained unaffected by the district court’s order.”

Flash forward 20 years.  The arbitration against the Foreign Defendants finally concluded in 2012 with the arbitration panel finding in favor of UTHE and awarding UTHE damages in excess of US$ 9 million.  The Foreign Defendants paid such award in full.  Nonetheless, UTHE filed a motion in the US District Court to re-open the stayed proceedings there so that it could pursue its RICO action.  The District Court permitted the re-opening of the case, but granted summary judgement against UTHE “holding that the full satisfaction of the arbitration damages award extinguished UTHE’s claim against the [US] Defendants for treble damages under RICO.”

The Court of Appeals reversed, holding:

“The Singapore arbitration was limited in scope to those claims against the Foreign Defendants arising under Singapore law, and could not fully resolve UTHE’s legal claims against the [US] Defendants, which were pending in the federal court action.  Specifically, Singapore law could not provide for the resolution of Plaintiff’s RICO claims, which were asserted in the original federal lawsuit.  As UTHE’s legal expert noted, “the concept of treble damages is not recognized under Singapore law.” Accordingly, as more fully explained below, the one satisfaction rule does not operate to extinguish Plaintiff’s claim to RICO damages.”

Continuing, the Court noted:

Because the Singapore-based arbitral tribunal had no jurisdiction over the [US] Defendants, who were not parties to the Purchase Agreement or to its arbitration clause, it could not circumscribe UTHE’s rights to pursue the full measure of its legal remedies against the [US] Defendants in federal court. Accordingly, the arbitration award states that it is made “without prejudice to [UTHE’s] rights in the U.S. Action.”  Thus, neither the arbitration award nor the one satisfaction rule forecloses UTHE’s ability to pursue a treble damage award against the [US] Defendants; it does not amount to double recovery, nor does it permit UTHE to obtain any damages beyond which it could have otherwise been entitled in the federal district court lawsuit.

 The full opinion, UTHE Technology Corporation v. Aetrium, Inc., Harry Allen,No. 13-16917 (9th Cir. 2015)

 

WTO v Regional Trade Agreement Dispute Resolution

While arbitration is often the form of dispute resolution employed in sovereign state trade disagreements, the dispute resolution mechanisms of the World Trade Organization (WTO) and applicable bi-lateral or multi-lateral trade agreements are also employed.  “Many consider the large number of dispute reports a testament to the success of the WTO’s dispute settlement system, but others fear that the future success of that system is by no means assured.  Recently, there have been delays in the dispute settlement process.  Some argue that the factual intensity and overall complexity of disputes is pushing the limits of the system’s capacity and stretching the resources of the WTO’s Secretariat to the breaking point.”  In light of those challenges, “[s]ome suggest that the dispute settlement mechanisms in regional trade agreements (RTAs) may offer appealing alternatives to the WTO, especially where underlying disciplines in RTAs are more expansive than those offered under the WTO covered agreements.”

Such is the backstory and introduction to a conference organized by the law firm Sidley Austin in Geneva titled:  “WTO Dispute Settlement in 2016: Blue Skies or Storm Clouds Ahead?”  While the subject and report are too arcane for this newsletter, those of my readers who practice in the area (or aspire to practice in the area) will find the conference report and discussion well worth the read.

 Sidley Austin LLP, “WTO Dispute Settlement in 2016: Blue Skies or Storm Clouds Ahead?”

 

Articles / e-Documents

Proportionality and FRCP 26(b)(1)

The Takata airbag litigation has, as one would expect, been vigorously litigated and involves tens of thousands of documents.  The suit involves claims that Takata Corp. and various auto manufacturers (including Honda, BMW, Ford, Mazda, Nissan, Subaru, Toyota and others) “knew or should have known about defects in inflators in Takata air bags that result in the air bags exploding during collision.”

Discovery matters in the case were submitted to a special master, and the Master issued a report (Report) regarding disputed provisions of a proposed stipulated order regarding the protocol governing the production of documents and electronically stored information (the “Protocol”).  The parties could not agree upon two issues, which were determined by the Circuit Court Judge:  i) the procedure for redacting irrelevant information from responsive documents, and ii) whether relevant parent documents and documents that are not attachments from responsive document families can be withheld entirely.

“The Special Master approved of Defendants’ proposal for both matters.  Specifically, as to the first issue, the Special Master recommended that a producing party be allowed to redact information pertaining to seven categories of information deemed irrelevant: 1) pricing, profits, non-public financial information; 2) parts, suppliers, or costs; 3) design, development, and engineering; 4) marketing and business strategy; 5) other makes and models; 6) non-U.S. products; and 7) service and quality issues.  As to the second issue, the Special Master recommended that a producing party be allowed to withhold irrelevant parent documents.”

The District Court, noting that the Discovery Rules (specifically Rule 26(b)(1)) governing the scope of discovery had been amended) held that it was appropriate to review the Report de novo.

The Court summarized plaintiff’s objections as follows:  “allowing irrelevance redactions will potentially allow redaction of highly relevant information from responsive documents, will impair Plaintiffs’ discovery efforts; and will lead to unnecessary litigation over the redactions.”

The Court, rejecting plaintiffs’ arguments, quoted Chief Justice Roberts’ 2015 Year-End Report on the Federal Judiciary in which the Chief Justice wrote:  “The recently amended Rule 26(b)(1) of the Federal Rules of Civil Procedure crystalizes the concept of reasonable limits on discovery through increased reliance on the common-sense concept of proportionality.”  Continuing to cite the Chief Justice’s Report, the Court stated:  “Parties may obtain discovery regarding any non-privileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources. the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.”

Concluding, the Court wrote:  “As the Chief Justice’s comments highlight, a party is not entitled to receive every piece of relevant information.  It is only logical, then, that a party is similarly not entitled to receive every piece of irrelevant information in responsive documents if the producing party has a persuasive reason for why such information should be withheld.”

The Court next found that Takata provided “persuasive reason for allowing them to redact certain irrelevant information:  that disclosing such information could provide its competitors with competitively sensitive information to the ultimate detriment of each Defendant.”  The Court thus modified the Report to properly balance “the producing parties’ desire to protect their competitively sensitive information, with the importance of the issues at stake in this action and the importance of the discovery in resolving the issues at hand.”

Regarding the issue of whether the producing party may withhold irrelevant parent documents from responsive families of documents, the Court held:  “it would make little difference if the producing party provides a fully redacted document or does not provide the document at all.”  Thus, the Court allowed the withholding of irrelevant documents.  However, it required the “producing party [to] provide contextual information for any withheld parent document, as provided in the Report.”

As one commentator noted:  “This opinion is important for two reasons. First, it is one of the first to apply the recently amended Federal Rule 26(b)(1) and recognize that the amendments “crystalize the concept of reasonable limits on discovery through increased reliance on the common-sense concept of proportionality.”  Second, it is one of the few opinions to offer meaningful guidance to parties that, even with the entry of a protective order, remain concerned about protecting sensitive information that is otherwise irrelevant to the litigation at hand.”

The full order, In re Takata Airbag Products Liability Litigation, MDL No. 2599, Order Adopting In Part Report And Recommendation (March 1, 2106)

 

LexUniversal, Court Approves ESI Protocol Permitting Parties to Redact or Withhold Irrelevant Information from Responsive Documents and Document Families

Articles / Interesting Case of the Month

China’s President’s Charge to China’s News Media:  Chinese Media Must Serve the Party

Those of you who know me know of my time in China and my deep interest in that country.  Thus, I closely follow economic and social developments and trends in the PRC, and read with great interest President Xi Jinping’s speeches in February concerning the Chinese press, and the Chinese media’s coverage of those speeches.

As related by the New York Times, “The blanket coverage reflected the brazen and far-reaching media policy announced by Mr. Xi on his choreographed tour: The Chinese news media exists to serve as a propaganda tool for the Communist Party, and it must pledge its fealty to Mr. Xi.”  While the Times’ report may be a bit extreme, consider Mr. Xi’s own words according to Xinhua, the state news agency: “All news media run by the party must work to speak for the party’s will and its propositions, and protect the party’s authority and unity.”

What does all this mean?  The New York Times and others have written thoughtful pieces which I commend to those following China.  Below is the initial NYT article that caught my interest, and two additional pieces on the subject.

Edward Wong, New York Times, Xi Jinping’s News Alert: Chinese Media Must Serve the Party

 

David Schlesinger, Anne Henochowicz, Yaqiu Wang, Foreign Policy, Why Xi Jinping’s Media Controls Are ‘Absolutely Unyielding

 

David Bandurski, Hong Kong Free Press, Mirror, Mirror On The Wall: Xi Jinping’s Map For All-Dimensional Media Control

 

Hulk Hogan / Gawker Privacy Battle

The news services were all abuzz this month covering the trial (and jury award – $115 million in compensatory damages for Hogan) resulting from the Gawker’s publishing a tape of wrestler Hulk Hogan having sex with the wife of a friend.  Per Gawker’s attorney, “Gawker is defending its First Amendment right to join an ongoing conversation about a celebrity when others are talking about it and the celebrity is talking about it.  This is a crucial issue not only for Gawker, but for all media organizations.”  Per Hogan’s counsel, “conversation” is the critical word:  “There’s a world of difference between discussing something and showing a pornographic video, something that goes online and can be seen forever.”

Also at issue:  what is newsworthy, and what about the privacy of the woman in the tape?

Erik Eckholm, New York Times, Hulk Hogan’s Suit Test Limits of Online Press Freedom

 

Carolina Miranda, Los Angeles Times, Hulk Hogan Verdict Raises Crucial Privacy Issues In The Digital Age