Day Pitney LLP and Cohen Seglias Pallas Greenhall & Furman PC announce the launch of their joint Title IX Investigations Initiative. This initiative will allow the firms to provide both existing and new clients greater services in the wake of a growing number of Title IX investigations, the firm says.

Title IX, enacted in 1972, prohibits discrimination on the basis of sex in federally funded educational programs and activities. This is a growing area of concern for many public and private schools, colleges and universities. Besides applying to faculty employment and sport team participation, Title IX also applies to how academic institutions are handling complaints of sexual harassment and sexual violence.

“Our collaborative practice will promptly investigate allegations and provide the results of that investigation to the academic institution – the idea is to combine the best practices from law enforcement and internal corporate investigations with experience in working within the unique setting of academia,” says Day Pitney attorney Steven Cash, who has served at the federal and state level in the executive, legislative and judicial branches, including the Manhattan District Attorney’s Investigations Division, and as Counsel on the Senate Committee on the Judiciary.

The New York Times recently reported how some colleges have increased budgets and have even hired teams within schools to handle the increasing number of cases in an article, “Colleges Spending Millions to Deal With Sexual Misconduct Complaints.”

“Our goal is to provide academic institutions with a team that has the necessary skills that are not generally found in educational facilities, including prosecutorial, investigative, and Title IX litigation experience,” said Paul Thaler, Managing Partner of Cohen Seglias’ Washington, DC office. “ In addition we understand the sensitivity required by academic institutions to oversee these investigations.”

The Title IX Investigations Initiative’s team also includes Christopher Carusone, former Chief Deputy Attorney General in the Pennsylvania Attorney General’s Office and Secretary of Legislative Affairs and Executive Deputy General Counsel in the Pennsylvania Governor’s Office; Stanley A. Twardy, Managing Partner at Day Pitney and former United States Attorney for the District of Connecticut; and Helen Harris, Day Pitney partner and White Collar group chair.

Mergermarket has released its Global M&A roundup for the first quarter (Q1) of 2016, including its league tables for legal advisors.

A few key findings include:

• Tax inversion targets, traditionally coming from the Pharma, Medical & Biotech sectors, now appear to be shifting toward other sectors such as Industrials & Chemicals, in a bid to scale up to +$100bn conglomerates. US-based Johnson Control’s US$ 16.2bn bid for Ireland-based Tyco International was the top deal for that sector, and one which also looks set to benefit from Europe’s more favorable corporate tax rates as compared to those of the US. The Tyco/Johnson Controls transaction comprises 73.8% of Q1 total outbound value into targets in the Industrials & Chemicals sector (US$ 21.9bn)
• Law firm Skadden Arps Slate Meagher holds on to the number one spot for deal value for another quarter while Kirkland & Ellis jumped to #2 from #5 in Q1 of 2015. White & Case made a big leap from ninth place in Q1 2015 to third this quarter
• Private equity buyout activity struggled to compete against strategic buyers in 2015, demonstrated by the average price paid last year being just US$ 640.2m compared to a strategic company spending on average US$ 902.8m. However, to date in 2016, the average offer price by a buyout firm has increased slightly to US$ 626.3m, while the average value by strategics has decreased to US$ 607.5m. The following months could provide even more opportunities for buyout firms to secure targets

Download the report.

Jonathan Hudis, a partner in Quarles & Brady LLP‘s Intellectual Property Practice Group, recently edited “A Legal Strategist’s Guide to Trademark Trial and Appeal Board Practice, Third Edition,” published by the Intellectual Property Law Section of the American Bar Association.

In the book, trademark lawyers and specialists who practice before the U.S. Trademark Trial and Appeal Board share insights and analysis from their years of practice. Each chapter also includes a checklist of items to consider during each stage of a Board proceeding.

Hudis practices in the firm’s Washington, D.C. office, helping clients of all sizes establish and grow trademark and copyright portfolios, design and implement procedures to protect their intellectual capital, resolve foreign and domestic disputes, preserve trade secrets, and formulate companywide IP strategies and policies. Well-versed in trademark prosecution and registered copyright protection matters, he formerly served as an adjunct professor of trademark and unfair competition law at the George Mason University School of Law.

Hudis is particularly knowledgeable about Internet-related trademark and copyright protection matters and is a member of several arbitration panels in the areas of Internet domain names.

“The information these authors provide is an invaluable resource for anyone who is involved in litigating proceedings before the Trademark Trial and Appeal Board of the U.S. Patent & Trademark Office, and I am thankful to the Intellectual Property Law Section of the American Bar Association for asking me to be involved,” said Hudis.

By  Jose Tabuena, JD, CFE, CHC

As the compliance field evolves, auditors should take heed of the power of data analytics and predictive models. The area of program evaluation is one that is ripe for opportunity to apply such techniques for both assessing compliance effectiveness and for nudging employee behavior toward supporting an ethical workplace. But keep in mind predictive models yield benefits only if appropriately acted upon.

Behavioral science provides a powerful set of tools for acting on data analytic indications when behavior change is the order of the day. Specifically, “behavioral economics” combines elements from economics and psychology to understand human behavior— even when it’s irrational.

The U.S. Department of Justice (DoJ) has signaled strong messages on the importance of having an “effective” compliance program finally bringing the conundrum of program measurement to the forefront. Although the Federal Sentencing Guidelines and its “elements” of compliance have existed for over twenty years, the formal standards and processes by which compliance programs are currently measured for effectiveness remain notoriously sketchy. This trend of the government to provide more guidance has continued with the DoJ stating it plans to release a set of sample questions to give companies an idea what investigators and prosecutors are concerned with. Apart from the ability of “effective” compliance programs to reduce the risks of high fines and liability, management has a financial stake in measuring the effectiveness of a compliance program. Operating a compliance program requires a significant investment in time and resources. Poorly functioning compliance programs are likely to waste money, divert scarce resources and operate sub-optimally with respect to mitigating serious, business-threatening risks.

Moreover, the positive effects of a compliance program may include better financial performance. Studies have started to show that in the long-run, a truly ethical and lawabiding corporation is more likely to foster on several measures—customer loyalty, increased employee retention, and strengthened public reputation.

The new DoJ compliance counsel in assisting federal prosecutors develop appropriate benchmarks for evaluating compliance programs, is to provide expert guidance to help prosecutors evaluate whether the implementation of such measures has been effective and has had a remediation effect. Naturally there is acute interest by compliance professionals in the work and impact of the DoJ compliance counsel. This position will be a focus for determining the benchmarks for effective compliance programs, and there is legitimate concern whether sufficient input from the industry compliance community will be considered in connection with future developments. Compliance professionals have had more than 20 years’ of practical experience in direct observation of what effectiveness means for organizational compliance programs, and the DoJ is only now embarking on zeroing in on this in a focused and systemic manner. The hope is that the DoJ will allow for constructive input from the compliance community on the meaningful measures of an effective compliance program.

Applying the “law” is not enough

The legal system is replete with examples where assumptions on how the world works as the basis for establishing laws and regulations has proven dreadfully wrong. Take the value of eyewitness testimony as one example. For a long history, prosecutors could argue for convictions based on the strength of a single eyewitness—the more confident the witness, the more seemingly infallible the testimony. That is, until psychologists conducted controlled studies on the reliability of eyewitness perceptions and the ability to accurately recall from memory.

An auditor evaluating an established compliance program could start with evidence that the organization has consistently implemented the elements of a program as defined by the Federal Sentencing Guidelines. But that is just the beginning. The experienced program evaluator recognizes that measuring implementation is different from the more difficult task of evaluating effectiveness.

After initial resistance, there was eventual recognition by the criminal justice system that eyewitness testimony can be extremely unreliable depending on the circumstances of the event and how potential suspects are presented to the witness. As a result, strict procedures for showing photographs and lineups for suspect identification have evolved. The use of psychologists to provide expert testimony during trials on eyewitness reliability is allowed by many judges. The emergence of DNA testing and the release of wrongly convicted individuals further demonstrate the danger of untested assumptions.

The modern American law school started with the belief that law can be understood and taught as a science. This belief was based on ideology that what mattered was understanding and rationalizing the law applied in courtrooms by judges. The search for the underlying principles provided the basis for the science of law. The body of cases, correctly analyzed, would reveal a set of internally consistent principles inherent in either human nature or culture and expressed case by case through the judges.

This approach of the law as a science has since fallen by the wayside. One only has to look at the divided opinions of the U.S. Supreme Court to recognize the fallacy of the law as a robust science. However, the myth that legal principles result in rational truth still persists. One example is the definition of an effective compliance program under the Federal Sentencing Guidelines. The elements of an effective program seem conceptually sound, but how do we know that applying them actually promotes a culture of compliance and prevents violations of law?

The fallacy is that while legal principles may seem rigorous in theory, they may not reflect actual reality. The idea of a classic mathematical proof is to begin with a series of statements that can be assumed to be true or that are self-evidently true. Then by arguing logically, it is possible to arrive at a conclusion. If the statements are correct and the logic is flawless, then the conclusion will be undeniable.

Scientific theory, on the other hand, can never be proved to the same level of a mathematical theorem. It is only considered highly likely based on the evidence available. Scientific proof relies on perception and observations both of which are fallible and provide only approximations to the truth. This is why experiments are performed to test the predictive power of a scientific hypothesis.

Legal principles often make assumptions about human behavior—such as the accuracy of eyewitness perceptions or the view that investors act rationally in financial markets. But science has started to reveal the weaknesses and subtleties underlying those assumptions.

Applying behavioral science

Principles, such as compliance program components, shouldn’t be taken on faith. When practical, the underlying elements should be field-tested using randomized controlled trials to measure their validity.

For instance, simply having a code of conduct and related compliance policies is obviously not enough to influence employee behavior. So what is it about a code of conduct, how it is written, communicated, and trained to the workforce, that can make a real difference?

In the field of behavioral economics, priming has proven to be an effective tool to subtly encourage honest behavior. Priming occurs when an individual is exposed to a specific stimulus that influences his or her ensuing actions. In studies by behavioral economist, Dan Ariely, experiments were designed to influence honest behavior when researchers “primed” people with a stimulus that involved morality and then observed how often cheating occurred when solving small math problems. When the participants were asked to recall the Ten Commandments, cheating significantly decreased compared with those who were instead asked to recall the names of Shakespeare’s sonnets.

Similar studies provide additional behavioral insights. It is easier to be just a little dishonest. Experiments show that we are more likely to cheat over a small amount of money than a large amount. People also tend to find it harder to be dishonest when interacting with another person than with an impersonal mechanism. The belief that we make rational decisions is a myth that belies the complexity of human behavior.

How do you know a program is working?

How can the auditor tasked with evaluating a compliance program take into account the findings of behavioral scientists? In the short history of the compliance profession, a variety of distinct approaches have been attempted. Yet any approach taken in isolation may yield unreliable information.

An auditor evaluating an established compliance program could start with evidence that the organization has consistently implemented the elements of a program as defined by the Federal Sentencing Guidelines. But that is just the beginning. The experienced program evaluator recognizes that measuring implementation is different from the more difficult task of evaluating effectiveness.

One might look to see if the compliance program incorporates “best practice” features adopted by leading companies. As to the code of conduct, one could inquire whether it was written with simple, understandable text and distributed to all employees. However, experience shows that just because employees received a reasonably well designed code of conduct does not necessarily mean that they understood it, found it useful or took it seriously.

Academic research indicates that the highest indicator of workplace misconduct is fear of retaliation and the confidence employees feel when raising issues. So data on employee willingness to address matters with their immediate supervisor or to use the compliance hotline, as well as their views on what would happen if they reported misconduct, can prove meaningful as a measure of effectiveness.

The current obstacle is the lack of an accepted methodology for consistent measurement along with the absence of a comprehensive set of metrics in which to benchmark your compliance program. The means by which organizations measure the effectiveness of their programs still vary, and in some cases organizations can be lulled into a false sense of security by evaluations that may not be empirically based or reliable.

Which is why the recent moves by the DoJ and particularly the hiring of a compliance counsel are such promising developments. Compliance professionals have been seeking open discussion and analysis on the measurement challenge, including consideration of possible outcome measures by which organizations could demonstrate the impact of their programs (e.g., observed misconduct, frequency and nature of reporting, fear of retaliation, direct measurement in risk areas where this is possible). Doing so could encourage companies to undertake high-quality evaluative efforts, and prompt boards of directors to review and reflect on the results of such efforts.

Subject matter expertise

When considering the compliance program as a broad control and evaluating program elements, don’t neglect the value of technical expertise. While auditors have expertise in the methodology of program evaluation (itself a valuable skill), subject matter expertise is just as essential. It does occur that auditors miss a significant problem because the evaluation approach was structurally blind to the domain and members of the review team not truly understanding the details of “how it works.” And technical folks are nudged outside their core expertise such as when audit and professional services teams strive for high utilization of its staff. Have a fraud specialist on the team for financial controls, a cyber-expert during an information security review, and definitely have a compliance specialist when evaluating a compliance program.

As the field of compliance management continues to mature, reliable means to evaluate compliance program effectiveness will increasingly become imperative. This is true not only for auditors assisting operational leaders who must effectively manage risk, but for those in enforcement who need to make informed decisions, consistent with announced policies, relating to prosecution and punishment.

Originally published in Compliance Week

William J. Kohler has joined Dykema’s Corporate Finance Practice Group as senior counsel in the firm’s Detroit office.

Kohler has held leadership positions at major corporations in the automotive industry throughout his career. Most recently, he served as Chief Legal Officer and Corporate Secretary of global automotive suppliers Dura Automotive Systems, LLC, and Global Automotive Systems, LLC, and previously was Vice President and General Counsel for the North and South American automotive operations of Johnson Controls, Inc.

In a release, the firm said he has advised some of the world’s largest automakers and suppliers. He has led some of the automotive industry’s larger and more complicated acquisitions and divestitures, negotiated specialized supply agreements involving the sale and purchase of billions of dollars in critical components, created key joint ventures, and established international operations and distribution networks. He has also led development of significant intellectual property arrangements, including technology licensing and joint development arrangements, and authored the article “Current and Potential Legal Issues Pertaining to Automated, Autonomous and Connected Vehicles.”

“In addition to his strong background in the automotive sector, Bill brings deep expertise on corporate governance and regulatory matters,” said Wilhelm E. Liebmann, Leader of Dykema’s Corporate Finance Practice Group. “He has ties to leaders in Washington, a good grasp of state and local economic development initiatives and has counseled a variety of clients on cross-border matters.”

“Bill’s résumé and years of experience working with automotive heavyweights make him a great fit at Dykema,” said Brendan J. Cahill, Director of Dykema’s Automotive Industry Group. “His background and experience will be a great value for our clients.”

Kohler received a J.D. from the University of Michigan and a A.B. from the University of Michigan Honors College. He also received an M.B.A. from Michigan State University.

Gardere Wynne Sewell LLP presented the 2016 Donald C. McCleary Gardere Leadership Scholarship to law student Brett Moore at the Dallas Bar Foundation Fellows Luncheon on March 30. Moore is a second-year law student at Southern Methodist University Dedman School of Law.

“Mr. Moore exemplifies the qualities we look for in a scholarship recipient,” says Gardere Chair Holland N. O’Neil. “His drive and initiative embody the spirit of Don McCleary, and it is an honor to present him with the 2016 Donald C. McCleary Gardere Leadership Scholarship.”

Moore, who has consistently been named to the dean’s list, is heavily involved in law school organizations and activities at SMU. He is one of 15 law students elected to Barristers, an exclusive service organization that selects members based on scholarship, leadership, service and character. He serves as the public event co-director for the Board of Advocates and competes on the group’s Negotiations Team. He also is a member of the Phi Delta Phi International Legal Honors Fraternity.

Moore also was the recipient of the Carl W. Summers Jr. Endowed Scholarship, and he is heavily involved in community service projects, including the preparation of an apartment for an underprivileged family as part of the InterFaith Housing Coalition.

Moore graduated magna cum laude from Vanderbilt University in 2011 with a Bachelor of Arts degree in economics. While at Vanderbilt, he ranked as the best debater on the school’s Moot Court Team and served as co-president of the Vanderbilt Habitat for Humanity.

The Donald C. McCleary Gardere Leadership Scholarship is awarded annually to a second-year SMU law student in memory of former Gardere Managing Partner Don McCleary. Recipients are evaluated and chosen based on excellence in academics, leadership, character and involvement in both law school and the community, core values embraced by McCleary.

McCleary served as Gardere’s managing partner from 1991 through 1995, before he passed away in 1996. His vision for Gardere included participation in local, state and national public affairs, humanitarian activities and pro bono work. He established many of the community outreach programs that have become the hallmark of the firm, including the Annual Gardere MLK Jr. Oratory Competition, which this year celebrated its 24th anniversary in Dallas and its 20th anniversary in Houston.

DLA Piper announces its participation in BLocal, an initiative launched today to strengthen Baltimore’s economy.

BLocal brings together 25 Baltimore-area businesses committed to using their collective hiring and purchasing power to benefit the city and its residents. The initiative includes HopkinsLocal, launched by Johns Hopkins in 2015 to promote economic growth and employment opportunities in Baltimore.

As part of its commitment to BLocal, DLA Piper will hire a minimum of two young people in Baltimore for summer internships each year. The firm also pledged to provide pro bono legal services to city residents for matters relating to workforce development and the creation and development of minority and women-owned enterprises. Alongside its broader efforts to enrich public education in Baltimore, DLA Piper will also mentor middle school students at the Baltimore Leadership School for Young Women.

“Since our founding in Baltimore more than 100 years ago, pro bono and community service have been a core part of the firm’s identity,” said Charles Scheeler, attorney in DLA Piper’s Baltimore office who is leading the firm’s work with BLocal. “As we continue to find new ways to give back to a city that has given us so much, we are honored to partner with Johns Hopkins and the many prestigious companies that have joined together to help bolster Baltimore’s economy.”

Companies involved in BLocal will support the community through a variety of initiatives, including providing summer jobs for young people, investing in renovation and construction projects, mentoring small business owners and city youth, and purchasing goods and services from companies led by women and minorities. For more information about BLocal, please visit: http://hopkinslocal.jhu.edu/blocal.

Donald Trump’s prediction that the U.S. economy was on the verge of a “very massive recession” hit a wall of skepticism from economists who questioned the Republican presidential front-runner’s calculations, reports Reuters.

In a wide-ranging interview with the Washington Post published on Saturday, the billionaire businessman said a combination of high unemployment and an overvalued stock market had set the stage for another economic slump. He put real unemployment above 20 percent, Reuters said.

“There is a very low probability of a massive recession, less than 10 percent,” said Sung Won Sohn, an economics professor at California State University Channel Islands in Camarillo. “If it happens, it would be because of what is happening overseas, especially in China and Europe.”

Read the article.

Governments invest billions of dollars annually in automating government financial management, customs, and tax systems respectively. But aside from a few cases that are repeatedly quoted, there is little rigorous evidence of the impact of these investments on government efficiency and accountability to deliver services, reports Zahid Hussain, Lead Economist, South Asia Finance and Poverty group, for the World Economic Forum.

“An examination of the roughly 530 e-government projects funded by the World Bank in the past twenty years, for example, reveal that almost a third are unsatisfactory, and perform worse than a typical project,” the report says.

The conclusion is that digital technologies can indeed be transformative; but only if accompanied by “analog complements,” Hussain writes.

Read the article.

Baker Botts has posted an on-demand video webinar hosted by partners Manny Grillo, Shalla Prichard and Jim Prince titled “Baker Botts Corporate Series: Staring Down the Barrel,” in which the moderators discuss the state of the energy finance market and the related legal developments.

The firm says the video shares insights from the finance and restructuring market and highlights some of the latest developments and trends. The program takes a look at the impact of last year’s deal activity and what it will mean for this year. The panelists comment on what they have seen and expect to see this year from both a legal and business perspective and the opportunities created by the markets.

Watch the video.

The colorful litigator who represented the late “D.C. madam” Deborah Palfrey and threatened this week to release call logs of his former client that he says are “very relevant” to the 2016 presidential election says those records already are digitized and posted online, reports U.S. News.

The report says Montgomery Blair Sibley threatened that the records will become public if he fails to reset a 72-hour countdown clock, which could cut short his soft two-week ultimatum for federal courts to consider lifting a 2007 gag order that covers the records, lest he deem that order void.

“The records are stored on four servers around the world, Sibley says, and dozens of reporters will receive a website link if the clock is not reset. He says he loaded the information online in January, when he decided to publicly claim the records are relevant to the presidential race,” writes Steven Nelson.

Read the article.

Four of Hillary Clinton’s closest aides appear to have adopted an unusual legal strategy, hiring the same ex-Justice Department attorney to represent them in the FBI’s investigation of Clinton’s private email server, reports Politico.

“The united front suggests they plan to tell investigators the same story — although legal experts say the joint strategy presents its own risks, should the interests of the four aides begin to diverge as the probe moves ahead,” writes Rachael Bade.

She explains that the aides’ decision to use a so-called “joint-representation” or “common-defense” strategy suggests the staffers believe they’re in this together and are unlikely to turn on each other.

Read the article.

Photo by Michael Vadon

Less than 24 hours after Donald Trump threatened to sue for votes ahead of a potentially contested GOP nominating convention, a move that could foreshadow a new phase in the GOP’s ugly primary fight, his campaign backed down, reports Time.

A Trump senior advisor later said that Trump’s “lawsuit” was not in fact meant for a court of law, but for the Republican National Committee’s committee on contests — which under GOP rules hears complaints over the allocation and selection of delegates.

“It’s clear why. Election lawyers and party operatives said challenges to the arcane state-by-state delegate selection rules being used to outfox Trump would face an unwelcome reception in court,” the report says.

Read the article.

While the feds have certainly put hurdles in place to prevent abuse, outsourcing IT in a highly regulated industry like banking may very well lead to higher standards and quality outcomes, writes Bruce Harpham for CIO.

“Banking has changed since the global financial crisis in 2008. The steady increase in regulations from Washington, the states and international organizations are now impacting IT leaders,” he writes in the article. “As regulators examine vendor relationships and outsourcing arrangements more closely, there is a significant risk that poorly managed IT could trigger an audit finding, a fine or negative publicity.”

The article discusses some risks to manage as IT leaders plan to review and renew IT service providers in 2016.

Read the article.

By Amy Terry Sheehan and Jill Abitbol
The Cybersecurity Law Report

Law firms store a wealth of sensitive and confidential information electronically, making them prime targets for hackers. Not only does weak data security affect business development and client retention for firms, but can result in legal and ethical violations as well. How can firms meet clients’ increasing data expectations? How can clients determine how robust their current and potential firms’ systems are? What mistakes are law firms making? John Simek, vice president and co-founder of cybersecurity and digital forensics firm Sensei Enterprises, Inc., answered these and other questions about law firm data security in a conversation with The Cybersecurity Law Report. See also “Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment” (Jun. 17, 2015).

CSLR:  What are the specific cybersecurity threats that law firms currently face?

Simek:  Probably the most prevalent threats that we’re seeing now, and not necessarily targeted ones, involve ransomware. At the end of last year, in the northern Virginia area alone, there were four law firms that got hit with ransomware attacks in just one month.

The key is for firms to make sure that their backups are engineered properly to recover from a ransomware infection. Then they are in a position to restore their data without having to pay the ransom. Of those four law firms that were hit with ransomware at the end of last year, two were engineered correctly and two were not.

[See “How to Prevent and Manage Ransomware Attacks” Part One (Jul. 15, 2015); Part Two (Jul. 29, 2015).]

CSLR:  What do you recommend to firms that have not yet proactively engineered proper backups?

Simek:  I tell solo practices and small firms, which tend to use external hard drives for backup, to disconnect that device after they’ve done their backup. That way, in the event their system gets infected, it won’t impact their backup. If their external drive is still connected to their computer, and their computer gets infected, their backup is going to get infected too. It’s a very simple thing. There’s no cost to doing that. It’s just a procedural piece.

I recommend hardware-based backup solutions for mid to larger firms. Hardware-based, also called agent-based, backup is not seen as a drive letter or a network share. The data is moved via software to the backup device.

CSLR:  Do you recommend that firms use cloud backups?

Simek:  Cloud backups are good as well. The key in cloud backups, and particularly for attorneys because of their ethical duties to protect the confidentiality of the data, is to select a cloud solution where the firm can control the encryption key. Not all backup solutions and cloud solutions will allow users to do that.

Carbonite, which is used by a lot of solo to mid-sized firms, allows users to define the encryption key themselves. Some cloud providers do not want users to do that because they fear that if the user forgets the encryption key, their backups will be useless. Although that is certainly a possibility, if a firm is planning to use a cloud-based backup, it will want a provider that allows it that control.

OneDrive, for example, does not allow users to define what that encryption key is. So that means that Microsoft can decode data stored in the cloud if it wanted. With Apple iCloud, Apple also can decode backup content. Apple actually can read iMessages and related content, even though it’s stored encrypted.

From an attorney’s perspective, the ability to define the encryption key is a crucial differentiator, and something they should look for in a cloud solution.

[See “Implementing an Effective Cloud Service Provider Compliance Program” (Nov. 25, 2015).]

CSLR:  In addition to the backups, what other steps should law firms currently be taking to address security threats?

Simek:  Training employees is crucial. Phishing attacks, such as emails where someone is trying to get an employee to wire money to a foreign bank, make up a large percentage of threats. The solution there – and firms tend not to want to do this – is to train employees. The people are the problem. An email message that has a malicious attachment or a malicious link in it won’t have any adverse effect unless someone clicks on it.

Firms have to educate their employees because all of the technology in the world is not going to prevent an attack. Threat actors may be smarter than the current security technology. They may be using malware that nobody has ever seen before, and your firm may be the first kid on the block to get it.

Threat actors can also get information from court filings, which are public record. Somebody can jump on Pacer and find out the name of the case and the attorney of record. They can then send an email message that purports to come from the attorney of record using a bogus email address or a fake domain and say “Here’s an updated complaint in such and such a case.” The receiving attorney will recognize the email and click on the attachment. Through training, firms can teach employees how to recognize and prevent these types of situations.

[See “Designing, Implementing and Assessing an Effective Employee Cybersecurity Training Program (Part Two of Three)” (Mar. 2, 2016).]

CSLR:  What about firms that are reluctant to invest in training because it is non-billable?

Simek:  Well, it can cost them so much more to clean up and recover from an infection, even if it’s reputational damage, than it would to educate their employees.

We see the larger firms now starting to invest more money in preventing threats. They’re beginning to see the value of what that training can do.

Some firms have gone so far, and I think this is good, as to test their employees by sending intentional phishing messages to see how many people click on what. Employees are then scored and the firm uses those scores to evaluate whether certain employees need one-on-one education.

CSLR:  Are there any other important security measures that firms should be taking?

Simek:  Patching vulnerabilities and updating are two important measures. The number one reason that firms get compromised is they are not applying patches. When you don’t patch your operating systems or your software, you’re susceptible. It doesn’t cost much to do that.

The second reason is use of outdated software. Firms don’t want to spend money to update and this makes them vulnerable to attacks. They’re still running Windows XP, which is not supported. They’re still running Internet Explorer. Internet Explorer 10 and below are no longer supported. I don’t know if a lot of law firms know that yet. There was an article several years in The New York Law Journal that said that continued use of Windows XP is unethical. So, firms have to upgrade their software and they have to spend money to do that.

CSLR:  What should clients expect from a law firm and would you say that client expectations are a driver for change?

Simek:  Client expectations are definitely a driver. Law firms would be reluctant to spend money on security unless clients were expecting it. The firms that are more advanced with security and related certifications will even use that as marketing plug.

We are starting to see clients hand prospective or current firms an IT security assessment, or some sort of questionnaire, and ask them to complete and submit it as a condition of their provision of legal services to the company. Depending on the client or the firm, the client may require an independent third-party audit.

So yes, definitely, it’s the clients that are driving change and enforcing it primarily through these audits.

[See “Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties” Part One (Apr. 8, 2015); Part Two (Apr. 22, 2015).]

CSLR:  Are companies treating law firms like any other third-party vendor in terms of the security audit or vetting questionnaire?

Simek:  It depends, I think, on the industry and who the client is. The questionnaire or audit can be very targeted, and maybe even more stringent, for law firms because the data that companies are giving to the law firm may be extremely valuable. This is not payroll data. This is not somebody that’s just cranking out W2s for the company, for instance. This is patent information, merger and acquisition information and other confidential data. Depending on the value of the information, the client may be a lot harder on the law firm than they would on some other third-party provider.

CSLR:  How does the completed questionnaire or audit get used by the client and/or the law firm?

Simek:  The results of the audit might demonstrate to the law firm that it is deficient in certain areas of security and it might then communicate its plan to remedy those deficiencies to the client. Especially if it’s a larger client, firms want to do what they can to keep them.

CSLR:  What certifications should law firms have in place?

Simek:  I think it depends on the size. Big firms are obtaining ISO [International Standards Organization] 27001 certification, which costs a lot of money and takes a lot of time. The mid to smaller firms are not going to be able to afford to do that but there are other things that they can do, like self-certification. NIST [National Institute of Standards and Technology] has small business standards that firms can follow, which will at least help assess their infrastructure, and whether they have any weaknesses and whether the assistance of a third-party is needed.

CSLR:  Is data security handled differently depending on practice area?

Simek:  It can be. It depends on the value of the data. Whether it is a law firm or a corporation, a risk assessment needs to be conducted to determine the value of the data being held and the risk of losing it. That information will define how much the firm is going to spend or what efforts the firm is going to make to protect the information or mitigate risk.

CSLR:  When is it appropriate for lawyers to use encryption in their communications?

Simek:  We’re at the stage now where every lawyer should at least have encryption capability, which includes the ability to encrypt communications and the ability to encrypt data at rest (for instance, when putting data on a flash drive).

Encrypted communication is easier today than it used to be. There are now many services that actually manage the encryption communication mechanism. Voltage and Zix are two such services. It can be as simple as clicking on a button in Outlook that says “Encrypt and Send.”

To save money, we advise smaller firms that only need to communicate in encrypted form once in a while to put the confidential information into a Word document, and then password protect that Word document. The password protection encrypts it. This can also be done using Adobe Acrobat or a WinZip file. The confidential information can then be sent as an attachment, and a separate communication would be used to transmit the password.

Firms that receive medical information or PII that falls under HIPAA may use Zix, but they can have the filter set to recognize any medical information or PII content, and then the service will automatically encrypt that message to send it.

CSLR:  Are clients being more selective about the data that they’re giving to the law firms in the first place?

Simek:  Not really. They’re not withholding the data. They’re just asking and making sure that the law firm is prepared to receive it and to properly protect it. Absent that assurance, there’s the likelihood the client will find another law firm.

CSLR:  What types of remote access or mobile device policies should law firms have in place?

Simek:  For anything related to the data the firm holds or the firm’s infrastructure, employees should know what is expected of them, what they should do, what they are allowed to do, and within what boundaries. This would require policies on remote access, computer usage, social media, internet usage, email, bring your own device, bring your own network and bring your own cloud.

The necessary policies are unique for every firm depending on the type of practice and type of attorneys. There is no template. To be effective, the policies need to be customized for every firm.

[See “How to Reduce the Cybersecurity Risks of Bring Your Own Device Policies” Part One (Oct. 14, 2015); Part Two (Nov. 11, 2015).]

CSLR:  What is the biggest challenge you face when you are asked to respond to an incident?

Simek:  Capturing data. The number one thing that we run into when we respond to these things is that there is minimal logging, if any, going on. Nobody had the foresight to configure their devices or their systems to capture information on an ongoing basis. That’s a killer for the investigations.

CSLR:  Why are lawyers or firms not configuring their devices or systems to capture information?

Simek:  Because the default is not to. All these devices, systems and applications have the ability to capture information but it’s not turned on by default.

CSLR:  In the event of a security incident, when and how should a law firm contact its clients?

Simek:  You just hit on a real touchy nerve. If you ask a lawyer or a managing partner, they’ll say they never want to tell the clients. However, 47 states have data breach notification laws. The unfortunate part is that most lawyers don’t want to conform to them, even if they’re legally bound to. They’re also ethically bound to notify clients of a data breach.

But whenever a law firm gets breached, the argument I always get is “Well, but we don’t know with 100% certainty what data was accessed.” Yeah, that’s true. You don’t know with 100% certainty, but you’ve got a pretty good idea. And in some cases, when there is notification of clients, the clients aren’t anxious for the breach to be made public.

In some instances, the client will insist on contract terms that set forth the number of days or hours within which they should be notified of an incident.

[See “Synthesizing Breach Notification Laws in the U.S. and Across the Globe” (Mar. 2, 2016).]

CSLR:  Have clients and law firms been able to get to a place where both sides are comfortable on the data security issue?

Simek:  It has been a wake-up call for a lot of firms. We are seeing firms use client surveys and audits to detect and remedy security deficiencies. By doing that, they are maintaining client relationships.

© 2015 – 2016 The Cybersecurity Law Report. All rights reserved.

The Texas Plain Language law will mandate that auto finance contracts be written at an 11th-grade reading level by 2017, writes Nicole Munro of Hudson Cook LLP in an article published in Auto Dealer Today.

The Consumer Financial Protection Bureau already has a “know before you owe” program aimed at simplifying mortgage disclosures and a few states have had “plain language” laws on the books for awhile, but there has been no discernible move by other states to follow the readability route — until now, she writes.

“Requiring that documents be written in language an 11th grader can understand seems perfectly reasonable. Requiring that legal documents setting forth the rights and duties of parties to a transaction involving tens of thousands of dollars be written in 11th-grade prose? Not so much,” she writes.

Read the article.

Janis Hui Ozaki has joined Dykema as senior counsel in the firm’s Los Angeles office. She joins Dykema’s Litigation Department.

In a release, the firm said Ozaki has extensive experience handling business and real estate disputes, including those relating to leasing, purchase and sale agreements, contract breaches, partnership disputes, and fraud. She has represented clients in Hong Kong, China, Mexico and Canada. She speaks fluent Cantonese and conversational French, and is part of the Hong Kong Association of Southern California, the Chinese Chamber of Commerce of Los Angeles, the Southern California Chinese Lawyers Association, the Asian Pacific American Bar Association, the National Asian Pacific American Bar Association, ProVisors, and Bruin Professionals.

Ozaki was named a Rising Star by Super Lawyers from 2012-2016 and has been listed annually among the Top Women Attorneys in Southern California by Los Angeles Magazine. She also is a lecturer in law at the UCLA School of Law.

“Janis is a great addition to our Los Angeles office as senior counsel,” said Michael P. Wippler, Managing Member for Dykema in Los Angeles. “She’s a talented attorney who’s made a name for herself in Southern California along with her extensive work with clients in several countries. She has a track record of strong client service and will be a valuable addition to our team.”

Ozaki received her J.D. at the UCLA School of Law and her B.A. in economics at Dartmouth College.

Gardere Wynne Sewell LLP announces that Partner Cristina Portela Solomon has been inducted as president of the Houston Association of Women Attorneys, effective April 1.

The AWA is the only organization in the Houston area that focuses exclusively on the advancement of women law students, lawyers and judges. Ms. Solomon’s appointment was formally announced at the organization’s AWA Premier Women in Law Luncheon held on March 23.

“Cristina has established herself as one of the most respected and capable attorneys in the Houston legal community,” says Gardere Chair Holland N. O’Neil. “She is a tireless advocate for the advancement of women in the practice of law, as evidenced by her impressive professional achievements and dedication to AWA.”

Solomon is a partner in Gardere’s labor and employment practice group.

“She is a seasoned trial lawyer who represents clients on employment matters in both state and federal court,” the firm said in a release. “She devotes a significant amount of her practice to trade secret litigation and has developed a reputation throughout Texas for successfully prosecuting and defending cases involving emergency relief in injunctive proceedings. Solomon, who is fluent in Spanish, often represents clients in employment matters throughout Latin America and Mexico.”

Under the AWA bylaws, the president must first serve as president-elect for the year preceding her term. Each year, the president-elect is nominated by the incoming president and approved by a majority vote of AWA members. In addition to serving as the organization’s president-elect, Solomon has acted as chair of the AWA Foundation’s Board of Trustees and also served on the nominating committee for the annual Premier Women in Law luncheon, the foundation’s primary fundraising event.

“Cristina has assembled a remarkable Board, who will continue building on the accomplishments of the organization,” says Christina Ponig, the outgoing AWA Houston president. “The Board is poised to do great things this year in the Houston legal community, guided by Cristina’s capable leadership. This will be an outstanding year for the AWA.”

The AWA Houston began in 1976 as a small group of women attorneys gathered in an empty courtroom to discuss ways to combine their strengths to improve opportunities for all women lawyers and promote recognition of their capabilities. Today, the AWA hosts a variety of fundraisers, educational events and scholarships designed to empower women to maximize their potential for success in the legal profession.

Hogan Lovells announced that Julie Brill, a Commissioner at the U.S. Federal Trade Commission (FTC), will join the firm’s Washington, D.C. office as a partner and co-director of the Privacy and Cybersecurity Practice on April 1. Her FTC service will conclude on March 31.

As co-director of the Privacy and Cybersecurity practice, Brill succeeds co-director and founding partner Christopher Wolf, who will transition to a senior status at the firm. She will be joined in leadership with Marcy Wilder, co-director of the Privacy and Cybersecurity practice; Harriet Pearson, leader of the firm’s Cybersecurity Solutions Group and Cyber Risk Services business unit; and Eduardo Ustaran, a partner in the firm’s London office, and leader of the firm’s European data protection practice.

“Julie’s keen intelligence and reservoir of knowledge about privacy and data security law, combined with her commitment to consumer privacy, make her a natural leader for our privacy practice,” the firm said in a release. “She is renowned as a global leader in privacy law and public policy, and is widely-recognized for her distinguished work at the FTC. We are confident she will build upon her years of experience to provide exemplary client service and practice leadership.”

Brill was appointed to the FTC by President Obama and unanimously confirmed as a commissioner in 2010.

Prior to serving on the Commission, she was an Assistant Attorney General in North Carolina and Vermont for more than 20 years. Before joining the Vermont Attorney General’s office, she was an associate at a New York law firm.

Brill earned her B.A. from Princeton University magna cum laude, and her J.D. from New York University School of Law, where she had a Root-Tilden Scholarship for her commitment to public service.

Akerman LLP, a top 100 U.S. law firm, announced the expansion of its Corporate Practice Group with New York partners Lorenzo Borgogni and Jack Habert. Joining from Proskauer Rose and Willkie Farr & Gallagher, respectively, they enhance Akerman’s core strengths in complex M&A and capital markets transactions.

“Growing client needs in New York and other key markets are driving the expansion of our practice across the United States,” said Mary Carroll, Corporate Practice Group Chair. “Lorenzo and Jack are highly accomplished lawyers who have been involved in a variety of high profile domestic and international transactions. Their combined backgrounds and cross border experience support the work of our clients across diverse markets.”

In addition to Borgogni and Habert, Akerman’s Corporate Practice Group recently welcomed partner Mason “Max” Drake, co-resident in Chicago and New York, and partner Paul Quinn, co-resident in Chicago and Fort Lauderdale. Drake joined from Greenberg Traurig LLP, Quinn from Paul Hastings LLP.

Lorenzo Borgogni
Borgogni represents public and private companies in domestic and cross-border mergers and acquisitions, with a focus on Italian buyers. He has structured, negotiated and completed more than $40 billion worth of M&A transactions for deal principals, including funds and strategic buyers and financial advisors. His experience includes cash and stock-for-stock mergers, tender offers, stock and asset purchases, leveraged/management buyouts, spin-offs, going-private transactions, and joint ventures and divestitures across multiple sectors, including financial services and healthcare.

He also advises clients in connection with takeover defense initiatives and corporate governance matters, including proxy fights, consent solicitations and activist matters. In addition, Borgogni represents domestic and foreign issuers in connection with offerings of debt and equity securities.

Jack Habert
Habert concentrates his practice on negotiating and documenting structured finance and complex derivatives transactions and the regulatory analysis of securities, commodities and insolvency issues relating to such transactions. He advises major financial institutions, investment advisers, mutual funds, hedge funds and other corporate entities as either providers or end users of such financing and derivatives transactions.

From September 2010 through January 2012, Habert served as an attorney fellow at the SEC’s Division of Trading and Markets. In this role, he advised and assisted the agency with drafting rules that implemented various provisions of Dodd-Frank, including joint rules with the Commodity Futures Trading Commission on the definitions of swap and security-based swaps, swap and security-based swap dealers, and major swap and security-based swap participants, as well as SEC rules about business conduct standards, new trading platforms, clearing and reporting security-based swaps and conflicts of interest in asset-backed securities.