By Amy Terry Sheehan and Jill Abitbol
The Cybersecurity Law Report

Law firms store a wealth of sensitive and confidential information electronically, making them prime targets for hackers. Not only does weak data security affect business development and client retention for firms, but can result in legal and ethical violations as well. How can firms meet clients’ increasing data expectations? How can clients determine how robust their current and potential firms’ systems are? What mistakes are law firms making? John Simek, vice president and co-founder of cybersecurity and digital forensics firm Sensei Enterprises, Inc., answered these and other questions about law firm data security in a conversation with The Cybersecurity Law Report. See also “Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment” (Jun. 17, 2015).

CSLR:  What are the specific cybersecurity threats that law firms currently face?

Simek:  Probably the most prevalent threats that we’re seeing now, and not necessarily targeted ones, involve ransomware. At the end of last year, in the northern Virginia area alone, there were four law firms that got hit with ransomware attacks in just one month.

The key is for firms to make sure that their backups are engineered properly to recover from a ransomware infection. Then they are in a position to restore their data without having to pay the ransom. Of those four law firms that were hit with ransomware at the end of last year, two were engineered correctly and two were not.

[See “How to Prevent and Manage Ransomware Attacks” Part One (Jul. 15, 2015); Part Two (Jul. 29, 2015).]

CSLR:  What do you recommend to firms that have not yet proactively engineered proper backups?

Simek:  I tell solo practices and small firms, which tend to use external hard drives for backup, to disconnect that device after they’ve done their backup. That way, in the event their system gets infected, it won’t impact their backup. If their external drive is still connected to their computer, and their computer gets infected, their backup is going to get infected too. It’s a very simple thing. There’s no cost to doing that. It’s just a procedural piece.

I recommend hardware-based backup solutions for mid to larger firms. Hardware-based, also called agent-based, backup is not seen as a drive letter or a network share. The data is moved via software to the backup device.

CSLR:  Do you recommend that firms use cloud backups?

Simek:  Cloud backups are good as well. The key in cloud backups, and particularly for attorneys because of their ethical duties to protect the confidentiality of the data, is to select a cloud solution where the firm can control the encryption key. Not all backup solutions and cloud solutions will allow users to do that.

Carbonite, which is used by a lot of solo to mid-sized firms, allows users to define the encryption key themselves. Some cloud providers do not want users to do that because they fear that if the user forgets the encryption key, their backups will be useless. Although that is certainly a possibility, if a firm is planning to use a cloud-based backup, it will want a provider that allows it that control.

OneDrive, for example, does not allow users to define what that encryption key is. So that means that Microsoft can decode data stored in the cloud if it wanted. With Apple iCloud, Apple also can decode backup content. Apple actually can read iMessages and related content, even though it’s stored encrypted.

From an attorney’s perspective, the ability to define the encryption key is a crucial differentiator, and something they should look for in a cloud solution.

[See “Implementing an Effective Cloud Service Provider Compliance Program” (Nov. 25, 2015).]

CSLR:  In addition to the backups, what other steps should law firms currently be taking to address security threats?

Simek:  Training employees is crucial. Phishing attacks, such as emails where someone is trying to get an employee to wire money to a foreign bank, make up a large percentage of threats. The solution there – and firms tend not to want to do this – is to train employees. The people are the problem. An email message that has a malicious attachment or a malicious link in it won’t have any adverse effect unless someone clicks on it.

Firms have to educate their employees because all of the technology in the world is not going to prevent an attack. Threat actors may be smarter than the current security technology. They may be using malware that nobody has ever seen before, and your firm may be the first kid on the block to get it.

Threat actors can also get information from court filings, which are public record. Somebody can jump on Pacer and find out the name of the case and the attorney of record. They can then send an email message that purports to come from the attorney of record using a bogus email address or a fake domain and say “Here’s an updated complaint in such and such a case.” The receiving attorney will recognize the email and click on the attachment. Through training, firms can teach employees how to recognize and prevent these types of situations.

[See “Designing, Implementing and Assessing an Effective Employee Cybersecurity Training Program (Part Two of Three)” (Mar. 2, 2016).]

CSLR:  What about firms that are reluctant to invest in training because it is non-billable?

Simek:  Well, it can cost them so much more to clean up and recover from an infection, even if it’s reputational damage, than it would to educate their employees.

We see the larger firms now starting to invest more money in preventing threats. They’re beginning to see the value of what that training can do.

Some firms have gone so far, and I think this is good, as to test their employees by sending intentional phishing messages to see how many people click on what. Employees are then scored and the firm uses those scores to evaluate whether certain employees need one-on-one education.

CSLR:  Are there any other important security measures that firms should be taking?

Simek:  Patching vulnerabilities and updating are two important measures. The number one reason that firms get compromised is they are not applying patches. When you don’t patch your operating systems or your software, you’re susceptible. It doesn’t cost much to do that.

The second reason is use of outdated software. Firms don’t want to spend money to update and this makes them vulnerable to attacks. They’re still running Windows XP, which is not supported. They’re still running Internet Explorer. Internet Explorer 10 and below are no longer supported. I don’t know if a lot of law firms know that yet. There was an article several years in The New York Law Journal that said that continued use of Windows XP is unethical. So, firms have to upgrade their software and they have to spend money to do that.

CSLR:  What should clients expect from a law firm and would you say that client expectations are a driver for change?

Simek:  Client expectations are definitely a driver. Law firms would be reluctant to spend money on security unless clients were expecting it. The firms that are more advanced with security and related certifications will even use that as marketing plug.

We are starting to see clients hand prospective or current firms an IT security assessment, or some sort of questionnaire, and ask them to complete and submit it as a condition of their provision of legal services to the company. Depending on the client or the firm, the client may require an independent third-party audit.

So yes, definitely, it’s the clients that are driving change and enforcing it primarily through these audits.

[See “Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties” Part One (Apr. 8, 2015); Part Two (Apr. 22, 2015).]

CSLR:  Are companies treating law firms like any other third-party vendor in terms of the security audit or vetting questionnaire?

Simek:  It depends, I think, on the industry and who the client is. The questionnaire or audit can be very targeted, and maybe even more stringent, for law firms because the data that companies are giving to the law firm may be extremely valuable. This is not payroll data. This is not somebody that’s just cranking out W2s for the company, for instance. This is patent information, merger and acquisition information and other confidential data. Depending on the value of the information, the client may be a lot harder on the law firm than they would on some other third-party provider.

CSLR:  How does the completed questionnaire or audit get used by the client and/or the law firm?

Simek:  The results of the audit might demonstrate to the law firm that it is deficient in certain areas of security and it might then communicate its plan to remedy those deficiencies to the client. Especially if it’s a larger client, firms want to do what they can to keep them.

CSLR:  What certifications should law firms have in place?

Simek:  I think it depends on the size. Big firms are obtaining ISO [International Standards Organization] 27001 certification, which costs a lot of money and takes a lot of time. The mid to smaller firms are not going to be able to afford to do that but there are other things that they can do, like self-certification. NIST [National Institute of Standards and Technology] has small business standards that firms can follow, which will at least help assess their infrastructure, and whether they have any weaknesses and whether the assistance of a third-party is needed.

CSLR:  Is data security handled differently depending on practice area?

Simek:  It can be. It depends on the value of the data. Whether it is a law firm or a corporation, a risk assessment needs to be conducted to determine the value of the data being held and the risk of losing it. That information will define how much the firm is going to spend or what efforts the firm is going to make to protect the information or mitigate risk.

CSLR:  When is it appropriate for lawyers to use encryption in their communications?

Simek:  We’re at the stage now where every lawyer should at least have encryption capability, which includes the ability to encrypt communications and the ability to encrypt data at rest (for instance, when putting data on a flash drive).

Encrypted communication is easier today than it used to be. There are now many services that actually manage the encryption communication mechanism. Voltage and Zix are two such services. It can be as simple as clicking on a button in Outlook that says “Encrypt and Send.”

To save money, we advise smaller firms that only need to communicate in encrypted form once in a while to put the confidential information into a Word document, and then password protect that Word document. The password protection encrypts it. This can also be done using Adobe Acrobat or a WinZip file. The confidential information can then be sent as an attachment, and a separate communication would be used to transmit the password.

Firms that receive medical information or PII that falls under HIPAA may use Zix, but they can have the filter set to recognize any medical information or PII content, and then the service will automatically encrypt that message to send it.

CSLR:  Are clients being more selective about the data that they’re giving to the law firms in the first place?

Simek:  Not really. They’re not withholding the data. They’re just asking and making sure that the law firm is prepared to receive it and to properly protect it. Absent that assurance, there’s the likelihood the client will find another law firm.

CSLR:  What types of remote access or mobile device policies should law firms have in place?

Simek:  For anything related to the data the firm holds or the firm’s infrastructure, employees should know what is expected of them, what they should do, what they are allowed to do, and within what boundaries. This would require policies on remote access, computer usage, social media, internet usage, email, bring your own device, bring your own network and bring your own cloud.

The necessary policies are unique for every firm depending on the type of practice and type of attorneys. There is no template. To be effective, the policies need to be customized for every firm.

[See “How to Reduce the Cybersecurity Risks of Bring Your Own Device Policies” Part One (Oct. 14, 2015); Part Two (Nov. 11, 2015).]

CSLR:  What is the biggest challenge you face when you are asked to respond to an incident?

Simek:  Capturing data. The number one thing that we run into when we respond to these things is that there is minimal logging, if any, going on. Nobody had the foresight to configure their devices or their systems to capture information on an ongoing basis. That’s a killer for the investigations.

CSLR:  Why are lawyers or firms not configuring their devices or systems to capture information?

Simek:  Because the default is not to. All these devices, systems and applications have the ability to capture information but it’s not turned on by default.

CSLR:  In the event of a security incident, when and how should a law firm contact its clients?

Simek:  You just hit on a real touchy nerve. If you ask a lawyer or a managing partner, they’ll say they never want to tell the clients. However, 47 states have data breach notification laws. The unfortunate part is that most lawyers don’t want to conform to them, even if they’re legally bound to. They’re also ethically bound to notify clients of a data breach.

But whenever a law firm gets breached, the argument I always get is “Well, but we don’t know with 100% certainty what data was accessed.” Yeah, that’s true. You don’t know with 100% certainty, but you’ve got a pretty good idea. And in some cases, when there is notification of clients, the clients aren’t anxious for the breach to be made public.

In some instances, the client will insist on contract terms that set forth the number of days or hours within which they should be notified of an incident.

[See “Synthesizing Breach Notification Laws in the U.S. and Across the Globe” (Mar. 2, 2016).]

CSLR:  Have clients and law firms been able to get to a place where both sides are comfortable on the data security issue?

Simek:  It has been a wake-up call for a lot of firms. We are seeing firms use client surveys and audits to detect and remedy security deficiencies. By doing that, they are maintaining client relationships.

© 2015 – 2016 The Cybersecurity Law Report. All rights reserved.

The Texas Plain Language law will mandate that auto finance contracts be written at an 11th-grade reading level by 2017, writes Nicole Munro of Hudson Cook LLP in an article published in Auto Dealer Today.

The Consumer Financial Protection Bureau already has a “know before you owe” program aimed at simplifying mortgage disclosures and a few states have had “plain language” laws on the books for awhile, but there has been no discernible move by other states to follow the readability route — until now, she writes.

“Requiring that documents be written in language an 11th grader can understand seems perfectly reasonable. Requiring that legal documents setting forth the rights and duties of parties to a transaction involving tens of thousands of dollars be written in 11th-grade prose? Not so much,” she writes.

Read the article.

Janis Hui Ozaki has joined Dykema as senior counsel in the firm’s Los Angeles office. She joins Dykema’s Litigation Department.

In a release, the firm said Ozaki has extensive experience handling business and real estate disputes, including those relating to leasing, purchase and sale agreements, contract breaches, partnership disputes, and fraud. She has represented clients in Hong Kong, China, Mexico and Canada. She speaks fluent Cantonese and conversational French, and is part of the Hong Kong Association of Southern California, the Chinese Chamber of Commerce of Los Angeles, the Southern California Chinese Lawyers Association, the Asian Pacific American Bar Association, the National Asian Pacific American Bar Association, ProVisors, and Bruin Professionals.

Ozaki was named a Rising Star by Super Lawyers from 2012-2016 and has been listed annually among the Top Women Attorneys in Southern California by Los Angeles Magazine. She also is a lecturer in law at the UCLA School of Law.

“Janis is a great addition to our Los Angeles office as senior counsel,” said Michael P. Wippler, Managing Member for Dykema in Los Angeles. “She’s a talented attorney who’s made a name for herself in Southern California along with her extensive work with clients in several countries. She has a track record of strong client service and will be a valuable addition to our team.”

Ozaki received her J.D. at the UCLA School of Law and her B.A. in economics at Dartmouth College.

Gardere Wynne Sewell LLP announces that Partner Cristina Portela Solomon has been inducted as president of the Houston Association of Women Attorneys, effective April 1.

The AWA is the only organization in the Houston area that focuses exclusively on the advancement of women law students, lawyers and judges. Ms. Solomon’s appointment was formally announced at the organization’s AWA Premier Women in Law Luncheon held on March 23.

“Cristina has established herself as one of the most respected and capable attorneys in the Houston legal community,” says Gardere Chair Holland N. O’Neil. “She is a tireless advocate for the advancement of women in the practice of law, as evidenced by her impressive professional achievements and dedication to AWA.”

Solomon is a partner in Gardere’s labor and employment practice group.

“She is a seasoned trial lawyer who represents clients on employment matters in both state and federal court,” the firm said in a release. “She devotes a significant amount of her practice to trade secret litigation and has developed a reputation throughout Texas for successfully prosecuting and defending cases involving emergency relief in injunctive proceedings. Solomon, who is fluent in Spanish, often represents clients in employment matters throughout Latin America and Mexico.”

Under the AWA bylaws, the president must first serve as president-elect for the year preceding her term. Each year, the president-elect is nominated by the incoming president and approved by a majority vote of AWA members. In addition to serving as the organization’s president-elect, Solomon has acted as chair of the AWA Foundation’s Board of Trustees and also served on the nominating committee for the annual Premier Women in Law luncheon, the foundation’s primary fundraising event.

“Cristina has assembled a remarkable Board, who will continue building on the accomplishments of the organization,” says Christina Ponig, the outgoing AWA Houston president. “The Board is poised to do great things this year in the Houston legal community, guided by Cristina’s capable leadership. This will be an outstanding year for the AWA.”

The AWA Houston began in 1976 as a small group of women attorneys gathered in an empty courtroom to discuss ways to combine their strengths to improve opportunities for all women lawyers and promote recognition of their capabilities. Today, the AWA hosts a variety of fundraisers, educational events and scholarships designed to empower women to maximize their potential for success in the legal profession.

Hogan Lovells announced that Julie Brill, a Commissioner at the U.S. Federal Trade Commission (FTC), will join the firm’s Washington, D.C. office as a partner and co-director of the Privacy and Cybersecurity Practice on April 1. Her FTC service will conclude on March 31.

As co-director of the Privacy and Cybersecurity practice, Brill succeeds co-director and founding partner Christopher Wolf, who will transition to a senior status at the firm. She will be joined in leadership with Marcy Wilder, co-director of the Privacy and Cybersecurity practice; Harriet Pearson, leader of the firm’s Cybersecurity Solutions Group and Cyber Risk Services business unit; and Eduardo Ustaran, a partner in the firm’s London office, and leader of the firm’s European data protection practice.

“Julie’s keen intelligence and reservoir of knowledge about privacy and data security law, combined with her commitment to consumer privacy, make her a natural leader for our privacy practice,” the firm said in a release. “She is renowned as a global leader in privacy law and public policy, and is widely-recognized for her distinguished work at the FTC. We are confident she will build upon her years of experience to provide exemplary client service and practice leadership.”

Brill was appointed to the FTC by President Obama and unanimously confirmed as a commissioner in 2010.

Prior to serving on the Commission, she was an Assistant Attorney General in North Carolina and Vermont for more than 20 years. Before joining the Vermont Attorney General’s office, she was an associate at a New York law firm.

Brill earned her B.A. from Princeton University magna cum laude, and her J.D. from New York University School of Law, where she had a Root-Tilden Scholarship for her commitment to public service.

Akerman LLP, a top 100 U.S. law firm, announced the expansion of its Corporate Practice Group with New York partners Lorenzo Borgogni and Jack Habert. Joining from Proskauer Rose and Willkie Farr & Gallagher, respectively, they enhance Akerman’s core strengths in complex M&A and capital markets transactions.

“Growing client needs in New York and other key markets are driving the expansion of our practice across the United States,” said Mary Carroll, Corporate Practice Group Chair. “Lorenzo and Jack are highly accomplished lawyers who have been involved in a variety of high profile domestic and international transactions. Their combined backgrounds and cross border experience support the work of our clients across diverse markets.”

In addition to Borgogni and Habert, Akerman’s Corporate Practice Group recently welcomed partner Mason “Max” Drake, co-resident in Chicago and New York, and partner Paul Quinn, co-resident in Chicago and Fort Lauderdale. Drake joined from Greenberg Traurig LLP, Quinn from Paul Hastings LLP.

Lorenzo Borgogni
Borgogni represents public and private companies in domestic and cross-border mergers and acquisitions, with a focus on Italian buyers. He has structured, negotiated and completed more than $40 billion worth of M&A transactions for deal principals, including funds and strategic buyers and financial advisors. His experience includes cash and stock-for-stock mergers, tender offers, stock and asset purchases, leveraged/management buyouts, spin-offs, going-private transactions, and joint ventures and divestitures across multiple sectors, including financial services and healthcare.

He also advises clients in connection with takeover defense initiatives and corporate governance matters, including proxy fights, consent solicitations and activist matters. In addition, Borgogni represents domestic and foreign issuers in connection with offerings of debt and equity securities.

Jack Habert
Habert concentrates his practice on negotiating and documenting structured finance and complex derivatives transactions and the regulatory analysis of securities, commodities and insolvency issues relating to such transactions. He advises major financial institutions, investment advisers, mutual funds, hedge funds and other corporate entities as either providers or end users of such financing and derivatives transactions.

From September 2010 through January 2012, Habert served as an attorney fellow at the SEC’s Division of Trading and Markets. In this role, he advised and assisted the agency with drafting rules that implemented various provisions of Dodd-Frank, including joint rules with the Commodity Futures Trading Commission on the definitions of swap and security-based swaps, swap and security-based swap dealers, and major swap and security-based swap participants, as well as SEC rules about business conduct standards, new trading platforms, clearing and reporting security-based swaps and conflicts of interest in asset-backed securities.

National law firm Wilson Elser announced that Arron Nesbitt, partner, and Linda Knight, of counsel, have joined the firm’s Denver office.

“Arron and Linda are excellent additions to the firm,” said Joseph Bermudez, regional managing partner of Wilson Elser’s Denver office. “Their abilities as litigators in several of our key practice areas will add tremendous value to Wilson Elser and for our clients.”

Formerly a partner with Taylor Anderson LLP in Denver, Nesbitt focuses his practice in the areas of wrongful death, catastrophic personal injury, mass tort and other complex matters in state and federal courts nationally, routinely for product liability and trucking clients.

Nesbitt also is a trial attorney, averaging one jury or bench trial per year over the course of his 17-year career.

Admitted to practice in Arizona, California, Colorado and Texas, Nesbitt also serves as defense counsel for excess carriers in specialty insurance litigation and has served as national product liability counsel for various manufacturers of automobiles, medical devices, stun guns and other products.

Nesbitt, who is AV Preeminent rated by Martindale-Hubbell, obtained his B.A. degree from Northern Arizona University (1993) and his J.D. degree from Golden Gate University School of Law (1999).

Knight, previously an associate with Taylor Anderson, practices in a variety of civil litigation defense areas, including specialty insurance litigation for primary and excess carriers, premises liability, product liability, tort defense, real estate litigation and general commercial litigation.

Selected for inclusion in Rising Stars for Colorado Super Lawyers, Knight earned her B.A. degree from the University of Denver (2004) and her J.D. degree from the University of Denver Sturm College of Law (2007), where she was a member of the Appellate Team and staff editor of the Transportation Law Journal.

The national law firm of Quarles & Brady LLP announced that Chicago partner Mark W. Bina has been reappointed to the Illinois Supreme Court’s Attorney Registration and Disciplinary Commission (ARDC).

Bina will serve another year on the commission which is the state agency overseeing the licensing and discipline of all Illinois-licensed attorneys. He also sits on the ARDC’s Hearing Board which serves as a fact-finder conducting evidentiary hearings for attorneys charged with misconduct, and also sits on the ARDC’s Oversight Committee.

Bina is a member of the firm’s Litigation & Dispute Resolution and Health Law Practice Groups, working in state and federal trial and appellate courts across the country. In his health care practice, Bina works on regulatory and compliance issues, including disciplinary proceedings, administrative agency appeals, fraud and abuse issues, internal and governmental investigations, subpoenas, and risk mitigation.

He received his law degree from John Marshall Law School and his bachelor’s degree, with distinction, from Indiana University.

In petrochemical projects, the engineering, procurement and construction (EPC) contracts are often negotiated after the technology licenses have been negotiated between the technology licensors and the project owner, write Sean Goldstein, Jean Shimotake and Raymond Azar of White & Case LLP.

“Both sets of agreements are also typically settled before financing is sought for the project. Given the significant interrelationship between the EPC contracts and license agreements, and common lender requirements for the bankability of such project documentation, these timing differences may give rise to a number of issues.” they write.

They discuss issues for the EPC contractor, project owner and lenders, along with possible solutions.

Read the article.

A second federal judge in Washington ruled Tuesday that a conservative legal watchdog group may question the State Department and potentially several top aides to Democratic presidential contender Hillary Clinton about her use of a private email server while she was secretary of state, reports The Washington Post.

U.S. District Senior Judge Royce C. Lamberth granted a request from Judicial Watch, which has sought public records of talking points used by Susan E. Rice, then the U.S. ambassador to the United Nations, in television appearances after the deadly Sept. 11, 2012, attacks on U.S. facilities in Benghazi, Libya.

“His decision came about five weeks after another federal judge in Washington, U.S. District Judge Emmet G. Sullivan, ruled that current and former top State Department and Clinton aides could be questioned under oath about her email arrangement in a separate Judicial Watch FOIA case,” the newspaper says.

Read the article.

Trump University isn’t the only Donald Trump endeavor that has landed in court, reports Mother Jones magazine.

“The tycoon has launched — or lent his name to — a slew of business ventures that have yielded frustrated customers and investors who have sought legal recourse. There are hundreds of lawsuits extending over 43 years that name Trump or one of his businesses,” says the magazine.

The report includes a list of some of those legal skirmishes that began when Trump joined his father’s business and continue through his run for the GOP nomination, such as Trump Management, Trump Tower, Trump’s Atlantic City casinos, Trump SoHo, Trump Baja, Trump Model Management, and more.

Read the article.

A cousin and the self-styled common-law wife of the late John O’Quinn, the man deemed “King of Torts” by Forbes after his death in a Houston car accident in 2009, are engaged in a fight over the place of interment of the litigator’s body. That fight has seen the alleged “wrongful disinternment” of his body from a gravesite on the lawyer’s 5,000-acre Texas ranch to a Louisiana cemetery, reports The Houston Chronicle.

O’Quinn’s won more than $21 billion in verdicts and settlements for his clients, estimates his charitable foundation.

O’Quinn, who died at 68, and Darla Lexington were together for more than a decade and shared his River Oaks home but never married. Lexington accuses Service Corporation International affiliate Geo. H. Lewis & Sons of failing to get her permission to move O’Quinn’s casket or inform her that he’d been buried in Louisiana.

Read the article.

An increasing presence in contractual transactions is the automatic renewal clause known as the “Evergreen Clause,” writes Andrew C. Voorhees of Weltman, Weinberg & Reis Co., LPA.

“An Evergreen Clause allows for an agreement to continue for a defined period if the existing agreement is not renegotiated or properly cancelled within a specified time. Evergreen Clauses can be found in both consumer and commercial contracts, including Residential Lease Agreements, Advertising Contracts, Gym Memberships, and many other service-based agreements,” he explains. “The question is whether Evergreen Clauses are enforceable, as their effect is to automatically bind a contracting party to an agreement beyond the original contract term.”

Read the article.

“Boilerplate” is standardized language used in common documents to reduce the time spent in negotiation and document preparation, explains Brad Reid, Senior Scholar, Dean Institute for Corporate Governance and Integrity at Lipscomb University, in an article published on the HuffingtonPost. He says it would be a mistake not to analyze boilerplate, because it may vary.

His article provides a brief and incomplete educational overview of some forms of boilerplate.

He covers such topics as choice of language provision, dispute resolution provisions, arbitration or mediation provisions, waiver of a jury trial, amendment and anti-waiver language, amendment and anti-waiver language, assignments and delegations, third party beneficiaries, force majeure, and more.

Read the article.

About a year after Erin Callan took over as C.F.O. of Lehman Brothers, the then-150-year-old investment-banking institution that turned out to be at the heart of the financial crisis, Callan downed a bottle of sleeping pills on Christmas Eve. It was also six months after Callan resigned from the firm under mounting pressure, and just three months after Lehman filed for bankruptcy, according to a story in Vanity Fair.

In a new book, she tells how she went from being one of Wall Street’s most powerful female executives to feeling like she was set up to take some of the blame for one of the biggest financial collapses in modern history.

She writes how she had been in the job for just three months when she alone was tasked with delivering financial results to investors spooked by Bear Stearns’ fire-sale to JPMorgan, for $2 a share, just two days earlier. Both Lehman’s president and CEO gave her the job of assuring investors that was not the case, the magazine article says.

“Since I was the sole presenter on the call, every public statement about Lehman that was part of the speech and the Q&A is totally attributed to me. Just me,” she wrote.

Read the article.

A legitimate fear among companies negotiating license agreements exists, and that is the fear of the license counterparty filing for bankruptcy, reports Christopher A. Ward and Cortney E. Mendenhall of Polsinelli PC.

“Given the business interruption that ultimately could occur as a result of a restructuring event, it is vital for practitioners to address bankruptcy or insolvency issues upfront during the negotiation of the license agreement,” they write. “This is especially true for licensees who often rely heavily, if not exclusively, on a licensor for significant aspects of their business.”

They discuss several negotiation and drafting tips that practitioners can utilize to help protect their licensee clients in the event of a bankruptcy filing under chapter 11, of Title 11, of the United States Code (the “Bankruptcy Code”) by the licensor counterparty.

Read the article.

Portland, Oregon-based Compli offers an on-demand webinar designed to help companies avoid unethical conduct that can drag them into news headlines, costing the companies dearly by impacting both their reputation and their bottom line.

The webinar covers the key elements for a successful ethics and compliance program, and how to keep your company from making the same costly mistakes.

Speakers are Ambyr O’Donnell, corporate law consultant, and Rick Ruden, Complí’s resident ethics and compliance expert. The discuss:

• New and noteworthy ethics and compliance issues emerging in the media
• The 5 key elements of a successful ethics and compliance program
• How these issues impact you

Watch the on-demand webinar.

Buying or selling a business is a detail-intensive ordeal, and one of the most crucial parts of the final sales agreement is the non-compete agreement, according to an article posted by Brad Denton of Denton Peterson, PC.

“A non-compete agreement is a contract where the seller agrees not to compete directly with the buyer within mutually agreed-upon parameters. Clearly, any potential buyer is obligated by common sense to have this agreement set in stone before completing a big transaction. If no non-compete agreement is in place, nothing prevents the seller from setting up shop next door with the same product right after the sale is finalized,” the article says.

He covers such topics as geographic limitations, time period restriction, blue pencil rule, step-down provisions, and selling businesses vs. employment contracts.

Read the article.

As Donald Trump rolls through the political calendar, his campaign has already begun focusing on a new battle that may have a broader set of consequences — finding delegates who will be loyal to his cause at the Republican National Convention, reports ABC News.

“Part of the battle has come in the form of emails to delegates and supporters trying to lock down crucial votes. The other half is a five-person task force that has been quietly being trying to amass the 1,237 votes needed,” the network reports.

“Emails obtained by ABC News show the Trump campaign calling on supporters in Michigan to watch for precinct-level delegates who may defect to a rival candidate during a contested convention”

Read the article.

Now that Marco Rubio is out of the race, for the first time in U.S. political history, every presidential candidate — of both parties — supports at least states’ rights to do as they please with regard to marijuana legalization, according to a report in Rolling Stone.

Bernie Sanders, who pledges to end the drug war, is the most progressive on marijuana policy. And fellow Democrat supports states’ rights to legalize, but proposes to reschedule instead of deschedule cannabis, the newspaper says.

Donald Trump believes there should be more research on cannabis. Ted Cruz says he would not support legalization, but he believes states have a right to determine the legality for themselves. John Kasich also is opposed to marijuana use, but would defer to states’ rights, the report says.

Read the article.