The recent meeting between the National Association of Corporate Directors’ Audit Committee Chair and Risk Oversight Advisory Councils featured discussions on emerging trends in cyber-risk oversight and their implications for directors.

The conversation focused on four topics:

• The role of the external audit firm
• IT function and the board’s interactions with the CIO
• Identifying cybersecurity vulnerabilities at the board level
• Potential sources for benchmarking company performance on cybersecurity management

Download a complimentary summary of the report.

James Waite, writing in Rental Management Magazine, addresses the problem equipment rental operators can face when a large customer wants to revise a contract or use their own.

“This is fairly commonplace when dealing with larger customers, particularly schools, governmental entities and some contractors,” he writes. “Importantly, there is no ‘established’ set of rules for dealing with these issues, making it difficult for rental operators to know whether they’re accepting merely ‘industry standard’ modifications or instead, assuming potentially catastrophic liabilities.”

He offers a list of provisions that operators should insist on retaining and another list of provisions that should be rejected.

Read the article.

Common law judicial doctrines in almost every state discourage and restrict arbitration agreements covering personal injury or death claims, write Manton G. Grier and Marcus A. Manos of Nexsen Pruet. They see this point particularly regarding admission contracts to nursing homes or assisted-living facilities, which have superior bargaining power and may offer services on a “take it or leave it” basis.  The Federal Arbitration Act (FAA), on the other hand, encourages arbitration of claims.

“Because the arbitration laws stack the deck against a facility, there is no foolproof way to draft an arbitration agreement; what may be found enforceable by one judge may be found unenforceable by another,” they write. “With so many defenses available to plaintiffs, a bullet-proof agreement just doesn’t exist.  Nevertheless, there are five ways a facility can improve the odds that a court will enforce the agreement.”

Read the article.

CobbleStone Systems has published a white paper designed to help companies implement new contract management software, beginning with preparation and continuing through the complete process.

One of the key steps, the paper explains, is getting key stakeholders on board with the process. Implementation will require a plan and participants will have to stick to it.

More guidelines include mapping out the process, starting out simple, and dedicating the time required for the process without rushing.

Download the white paper.

Carrington Coleman of Dallas has published a guide to cybersecurity and corporate governance titled “9 Cybersecurity Tips to Mitigate Your Legal Liability.” The complimentary guide can be downloaded.

Cyber-attacks are increasingly frequent, sophisticated, and devastating to a business’s bottom line, the firm says on its website. There is no doubt that cybersecurity needs to be an important priority to the business and that real attention needs to be paid to the issue. Because a lot of fear-mongering associated with cybersecurity can generate paralysis in organizations, the problem may seem insurmountable and too costly to begin to address. But, in reality, there are easy, pragmatic steps an organization can take — and should be taking — to begin addressing its security vulnerabilities.

Download the guide.

Hidden perils in oilfield master service contracts have the potential to bring even a thriving company to its knees, making even big business with big clients a big mistake, writes  Jordan J. La Raia in Gardere’s Texas Energy Law blog.

“The good news is that even today big and small operating companies usually expect to negotiate (even with the small guys) and a few small requests can make the difference between meeting budget and bankruptcy,” he writes, before discussing three red flags that could be found in the next contract.

Those flags include the areas of insurance, enforceable indemnities, and catastrophic events.

Read the article.

Email discovery is at the nexus of high volume and low relevance. Businesses generate a tremendous amount of email that has to be sifted to find a relatively small number of useful communications. However, although email discovery is burdensome and expensive, it’s also necessary and important. Filtering using email domains is a cost-effective means of culling significant volumes of non-relevant email with minimal human review, reports QDiscovery. That reports follows:

What Is the Email Domain?

The email domain is the part of the email address that comes after the @ symbol. For example, in the email address photosubmissions @ wikimedia.org, “photosubmissions” is the local part and “wikimedia.org” is the domain. Sender and recipient email addresses are captured in the metadata fields FROM, TO, CC, and BCC. Thus, there is no added cost associated with using email domains for data filtering.

Culling Non-Relevant Messages

The eDiscovery vendor or litigation support staff managing the document database can export a list of all the unique email domains in the dataset. There are several possible approaches to reviewing the list and marking non-relevant- or alternatively, relevant- email domains.

First, a lawyer or paralegal on the eDiscovery team can look for generally known domains. Project managers and eDiscovery consultants are also a good resource in this regard.

Second, the custodians can be asked to review the list. Since they’re the most familiar with the content of their own mail they can make the most comprehensive review. A second advantage of this strategy is that it imposes no out of pocket costs on the client. However, it obviously does require the custodians’ full cooperation, which may not always be possible or practicable.

Lastly, in dynamic culling the list is marked up on a rolling basis by the document reviewers in the course of making the substantive responsiveness review.

All email addresses that share a certain domain (e.g., amazon.com) can then be batch-tagged as non-relevant and filtered out of the dataset. Occasionally reverse culling may be appropriate; under this approach, email addresses from relevant domains (e.g., the other parties to the case) are batch-tagged to be retained and all other domains are filtered out.

Email domains can easily be used to identify messages in obviously non-relevant categories such as:

– Online shopping and other commercial solicitations;
– Customer loyalty rewards programs;
– Travel-related websites and notifications;
– Professional associations;
– Newsletters, digests, and other mailing list alerts;
– Social media notifications;
– Spam.

In the same spirit, full email addresses can be used to identify and exclude communications with friends and family.

Using Email Domains for Privilege Review

Email domains can likewise be used to identify potentially privileged communications and segregate them for later privilege review. The email domain list is reviewed for outside counsel, consulting experts, eDiscovery vendors, and other litigation consultants. Tagging email domains is a safety net to catch messages from and to email addresses of people whose names didn’t make the search list, such as support staff and others with limited client contact.

As intellectual property licensing continues to grow more prevalent, legal practitioners and business personnel are being asked to craft and negotiate agreements that can significantly impact a business’s ability to compete in a particular field or market, according to an article posted by Farella Braun + Martel LLP.

Authors Eugene Mar and Erik Olson collect a number of best practices learned the hard way—through litigation of agreements and arrangements that went awry. “Whether negotiating a complex cross-license of intellectual property rights or drafting a supplier agreement, practitioners should consider the license provisions and practice notes discussed below to ensure that a party’s licensing objectives are met,” they write.

Read the article.

Reed Smith has posted a discussion on drafting and negotiation commodities contracts, with a focus on Chinese counterparties with emphasis on successful enforcement in China.

Simon Jones, William J.G. Barber, Calvin Chan, Ivan Chiang  wrote the article.

“It is inevitable that some commodity trades end in dispute, particularly in current markets where prices are generally low and have been falling. This may happen in any jurisdiction, although this article focuses on China and how you can minimise risks relating to enforcement,” the authors wrote in the introduction.

Read the article.

A Bloomberg BNA article by two Holland & Knight lawyers on blockchain technology and its potential application to the legal industry sets out basic concepts and terminology surrounding smart contracts.

While there is no universally accepted definition of smart contracts, write partner Joe Dewey and associate Shawn Amuial, “most people involved with the blockchain would expect at least the following three elements in order to consider something to be a smart contract: i) the transaction must involve more than the mere transfer of a virtual currency from one person to another (i.e., a payment transfer), ii) the transaction involves two or more parties (as every contract must), and iii) the implementation of the contract requires no direct human involvement after the smart contract has been made a part of the blockchain.  It’s this last element that makes these contracts “smart,” and therefore, merits a more detailed discussion.”

Read the article.

Although major organizations rely on contracts to define nearly every aspect of their business, from sales to vendor relationships to liability, sub-par processes are undermining efficiency and efficacy in the general counsel’s office.

A complimentary white paper from Exari discusses survey findings that highlight gaps in risk and revenue insight created by poor contract management practices.

Exari surveyed more than 90 corporate and general counsel to better understand the impact of common contracting trends and pain points on productivity and risk assessment at organizations handling large volumes of contracts. The report lays out these findings, as well as tactics for preventing key contract information from slipping through the cracks, empowering general counsel to take a seat at the executive table during high-stakes events or crises.

Download the white paper.

Merrill DataSite is offering a complimentary evaluation tool that addresses the challenges faced in the ever-changing world of corporation compliance. This tool provide a process for evaluating compliance challenges and a method for considering solutions.

The process also helps readers learn more about specific compliance challenges, as well as this three-step program to determine a company’s specific needs:

• Assess the current compliance challenges and impacts
• Review the existing program against a standard of best practices
• Create a comprehensive program that ensures effective compliance

Download the paper.

Most contracts prose is dysfunctional, but training is available to help contracts professionals draft clearly and concisely, write Chris Lemens and Kenneth A. Adams on ACC Docket. It helps to supplement training with centralized initiatives, they contend.

“Any given contract will likely be riddled with deficient usages that collectively turn contract prose into ‘legalese’ — flagrant archaisms, botched verbs, redundancy, endless sentences, meaningless boilerplate, and so on.”

They write that it’s possible to train contracts personnel in how to draft and review contracts consistent with a set of guidelines.

Among those guidelines: lose the archaisms, gain control of verbs, stop using the phrase “best efforts,” and don’t rely on mystery usages.

Read the article.

An article on Holland & Hart’s Health Law Blog provides a 40-point checklist that can be used when preparing or reviewing contracts involving the work of physicians.

Kim Stanger, Pia Dean and Bill Mercer wrote the article.

Topics covered include regulatory compliance, written agreement, nature of relationship, services, schedule, location, independence, intellectual property, use of information, outside services, qualifications, representations and warranties, performance standards, medical records, employer obligations, compensation, benefits, exempt status, referrals, assignment of fees, liability insurance, workers compensation insurance, indemnification, terms, termination, post-termination obligations, confidentiality, noncompetition, nonsolicitation, penalties for violation, notice, assignment, governing law and venue, alternative dispute resolution, entire agreement, meaningful use assignment, construction, no third-party beneficiaries, and survival of terms.

Read the article.

Keyword searching is one of the workhorses of eDiscovery. The first part of this series from QDiscovery covered responsiveness review, privilege review, targeted issue searches and more. The article picks up with the second part of keyword searches, starting with grammar.

2) Grammar – The second part of a good keyword search is constructing the search string by making the most effective use of operators, wildcards, and search parameters.

QD EDD Basics Keyword Searches Part 2

– Boolean operators – AND, OR, and AND NOT;
– Wildcards – * (multi-character expander) and ! (single character expander) at the beginning or end of a term;
– Nested searches – parentheses to “nest” or connect search terms, i.e., “(this OR this) AND that”;
– Fuzziness – an instruction to the search engine that some of the characters can differ from the term as written, which is useful in finding proper names with variant spellings as well as technical terms and other hard to spell words;
– Proximity parameters – within sentence, within paragraph, or within a certain number of words.

Search strings run the gamut from simple “this term or that term” searches to complex searches that draw on the full battery of technical options. While the basic “grammar” of a keyword search will be familiar to lawyers from searching in case law databases, it’s sound practice to work with an experienced project manager or eDiscovery consultant to build a complex search. An eDiscovery support professional can:

– Suggest keyword variants;
– Give advice on when and how to use operators, etc.;
– Collate multiple keyword lists to eliminate duplicates (overlap isn’t always obvious with complicated terms);
– Reconcile inconsistencies within the search string.

3) Validation – Just as no battle plan survives first contact with the enemy, no keyword search (should) survive first contact with the ESI. It’s important to review, analyze, and refine the keyword search in light of the results. Even more than in the second stage of building the search, a good project manager or consultant can provide invaluable assistance at the final validation stage.

a) Review a “hit count” report – The hit count report will provide the total number of documents that have hits on the search terms and also break out the number of hits per term. The total volume must be considered in light of whether it’s feasible to review the search results given discovery deadlines, staffing availability, and the budget for the review. If the data volume is still inordinately high after the keyword search is run, search terms with high hit counts should be evaluated to see if it’s possible to narrow them, such as by removing wildcards or adding a proximity search term.

In addition, search terms with unexpectedly low hit counts should also be scrutinized. Particular terms may need to be broadened by removing search limitations or reducing the fuzziness percentage. Overall low hit counts may indicate that the keyword list needs to be augmented.

b) Sample the search results – Analyzing the hit count report is most effective in conjunction with sampling the search results. For the terms with high hit counts, review a small sample of the results to determine if there are significant false positives. Draw the sample from a range of data sources (e.g., custodians, network folders) for a more accurate picture of the search results. Assigning unique color-coding to terms or concept groups of terms when the search is initially run will expedite this review.

c) Refine the terms – The final step is to refine the keyword search by adding, removing, narrowing, or broadening terms based on the review and analysis of the hit count report and sampling. It may be necessary to repeat the cycle several times before finalizing the search string. Any keyword search agreement made with opposing counsel should to take this validation process into account by including discretion to modify the search string or providing for a mechanism to revisit the agreed terms.

Software publishers regularly audit their customers to help ensure that the customers are properly licensing their software. Some software publishers conduct audits directly, but many choose to audit through companies such as the BSA | The Software Alliance (“BSA”), or the Software & Information Industry Association (“SIIA”), writes Keli Johnson Swan in Scott & Scott‘s Software Audit Blog.

Her article continues:

The first step in addressing the software audit is to understand the scope of the audit. The following are some key points to identify the scope of the audit.

1. Review the date of the initial audit letter. In a traditional audit with no look-back period, an auditing entity is only interested in the software installed as of the date of the audit. This is particularly important in environments that change frequently because a company that is undergoing an audit should preserve all information on its network as of the initial audit date (the “effective date”) in order to accurately capture its installation information and avoid potential spoliation of evidence allegations. It is important to make no changes to the network until the audit is completed to avoid prejudicing the outcome of the matter.

2. Include only software published by the auditing entity’s members or the publisher conducting the audit. The auditing process can be overwhelming and sometimes a company may simply forward the raw data from a network scan. This is problematic for several reasons, not the least of which is protecting against disclosing unnecessary information and privacy and security issues. It is important to include only the software within the scope of the audit. Additionally, it is important to conduct a secondary review of the audit data in order to avoid accidentally include false positives or free trial versions of software, since the auditing entity will penalize the audit target for every software installation for which it is unable to locate a license.

Software audits can be a convoluted process, so it is important for a company to seek advice from a legal expert with experience in software licensing in order understand all of the risks involved with various strategies when faced with a software audit.

In the post-Enron and post-financial crisis era, anti-corruption compliance programs have been a key focus for boards of directors, audit committees and senior management of many multi-national companies, writes Arkady Bukh of New York’s Bukh Law Firm. This trend of increased enforcement of the U.S. Foreign Corrupt Practices Act that began five years ago has continued in the United States.

His white paper provides a brief overview of the FCPA, explaining that the act is a federal criminal statute that applies to businesses whose principal offices are in the United States; it is an anti-bribery and anti-corruption statute covering these companies’ international operations. The act features two principal parts: the anti-bribery provisions and the accounting provisions.

One section is titled “Issuers, Materiality and Extraterritorial Application of the FCPA.”

The final section explains why FCPA compliance is crucial.

“The stakes in today’s business environment are particularly high and a bad choice about operational risk could be fatal. A robust compliance program and fully integrated ethics program can limit the damage should a violation occur. There are two critical measures that allow any company to protect and enhance its reputation in the face of a corruption incident: a demonstrable commitment from management to doing ethical business and the use of effective internal programs to detect and prevent corruption,” Bukh writes.

(Article researched and written by Arkady Bukh and Nick Wooldridge of LV Criminal Defense, 520 S 4th Street, Las Vegas, NV 89101, 702-623-6362. Read more about FCPA – http://www.lvcriminaldefense.com/federal-crimes/fcpa/)

Read the white paper.

Morae Legal President and Chief Executive Officer Shahzad Bashir recently sat down for a conversation with Ballard Spahr partner and former DuPont General Counsel Tom Sager. A transcript of their conversation is available for download.

Their far-reaching conversation covered a variety of topics related to the evolution of the law department and how they can better perform to the expectations of today’s corporations. They discuss such issues as the pressure to perform under the scrutiny of measurable quality and efficiency, how to ignite a law department’s business performance, and looking ahead at the future.

The two covered topics including:

• The three reasons general counsel are reluctant to change
• The new pressures law departments face from the c-suite
• Why cost remains the most important metric
• How to collaborate for optimum performance

Read the transcript of the conversation.

Keyword searching is one of the workhorses of eDiscovery, reports QDiscovery in an article on its website. The article continues:

Keyword searching sees heavy use in the areas of:

Responsiveness review – Substantive keywords are used to identify likely responsive documents in the collection dataset before the documents are given to the legal team for review or produced to the other side. Alternatively, keywords may be used in conjunction with Technology Assisted Review (“TAR”) to test the accuracy of responsiveness predictions or to flag key documents for manual review.

Privilege review – Although keyword searching has been losing ground to TAR as the go-to solution for responsiveness review, it remains the primary means for identifying privileged communications and work product. Privilege searches primarily target names (i.e., law firms, lawyers, paralegals, legal support staff, consultants, associated email domains). The secondary focus is on legal terms like plaintiff and defendant; click here to download a starter list of non-name privilege keywords.

Targeted issue searches – Keyword searching is useful throughout the life of the case for finding documents that relate to particular people and issues. For example, keyword searching is helpful in preparing for depositions by focusing on a deponent’s documents and communications about key topics.

Use of keyword searching in general is driven by two interlocking goals. The first is to improve review efficiency by narrowing the scope of review to documents most likely to be relevant. The second goal is to improve feasibility and cost-effectiveness of reviewing large volumes of ESI by culling non-relevant documents prior to the costly attorney review stage. While the first point applies equally to each of the three review areas, the second is most important for responsiveness review. The average volume of ESI has increased to the point that it is now impractical to make a linear (document-by-document) review of the full collection dataset even in smaller eDiscovery cases.

The three parts of a good keyword search are the keywords themselves, the “grammar” or construction of the search string, and validating the results.

1) Keywords – The three main sources for substantive keyword terms and phrases are the pleadings, the client, and opposing counsel. For illustration I’ll draw on my prior litigation experience in patent infringement defense work.

a) Complaint and Answer – A starter list of keywords is found in the pleadings. Between the allegations on their face and the lawyer’s experience with the legal subject matter, a list can be compiled of relevant names, fact allegations, and typical key terms. In a patent infringement case, obvious keywords are the:

Names of the parties;
Inventors’ names;
Other names listed in the patent, such as assignees and patent lawyers;
Patent number and last three digits of the patent number (e.g., “the ‘574 patent”), the common shorthand in the field;
Distinctive words and phrases used in the patent to describe the invention;
Product names of the alleged infringing products.
b) Client – In most cases it is the client that is most knowledgeable about the subject matter of the case. As such, the client is an invaluable resource for keywords like:

Product names of competitors’ products;
Project and product names used internally at the company during R&D and pre-launch marketing planning;
Industry acronyms and shorthand;
Product code numbers.
In many cases, the client will already have identified a small number of critical documents based on the allegations in the pleadings. Like the pleadings, these documents can be mined for additional keywords.

c) Opposing counsel – Whether to include opposing counsel in developing the keyword list is a strategic decision. The potential benefit is that an agreed list heads off later disputes over the search terms, as discovery fights tend to be both costly and a time-consuming distraction from the substantive issues. However, keyword negotiations may be fruitless or even create unnecessary work if opposing counsel is either unreasonable or unsophisticated about search methodologies or eDiscovery processes in general.

Assuming the proposed list compiled from the first two categories is already reasonably comprehensive, opposing counsel is most likely to add terms going to legal issues; for example, knowledge and state of mind.

Read Part 2.

Maureen Holland of D4, LLC has written a case study describing how expert consultants inexpensively applied analytics to find documents that would not have been found though traditional review and saved the client $134,955.

She explains that near-duplicate detection is an advanced analytics technology used to identify near-duplicate — or duplicate — documents based purely on textual content and then groups those documents together for review according to similarity.

In this case study, D4 used near-duplicate detection to compare key production documents gathered across similar matters against source ESI, in order to find the original, electronic versions of documents needed for review and production on a new matter.

Read the case study.