Lawyers – particularly those representing plaintiffs – should give thoughtful attention to the timing of a release clause in any settlement agreement, advises Lisa B. Markofsky in a post for Proskauer Rose LLP.

Failure to do so, she writes, could result in the plaintiff finding that its “compromise” was nothing more than a unilateral agreement to reduce the value of its claim.

The case could turn on “whether the settlement agreement is construed to be (i) a “substituted contract” wherein Plaintiff accepted the promise to perform the compromise as satisfaction of its underlying claim or, alternatively, (ii) an ‘executory accord’ wherein Plaintiff accepted actual performance of the compromise as satisfaction of its underlying claim.”

Read the article.

Join Our LinkedIn Group

Any attorney who regularly drafts stock purchase agreements, voting agreements, or other contracts that use the term “voting power” would do well to take note of a recent ruling, suggest Benjamin F. Jackson and Stephen P. Younger of Patterson Belknap Webb & Tyler LLP.

They write that the New York case Special Situations Fund III QP, LP. v. Overland Storage, Inc. raises several questions: What does the contractual term “voting power” mean? Does it refer only to the power to elect corporate directors, or does it refer to the power to vote on any fundamental matter of corporate governance? Is voting power an attribute of stock, or is it something that shareholders possess?

Leaving this term undefined in a contract could be risky business, they warn.

Read the article.

A recent decision by the United States Court of Appeals for the Third Circuit is a reminder that — for an arbitration clause to apply in certain situations or to certain parties — that intention must be built into the plain terms of the contract.

In a post on the Blank Rome website, partners Stephen M. Orlofsky and Deborah Greenspan discuss White v. Sunoco, Inc. The case involved the “Sunoco Awards Program,” under which customers who used a Citibank-issued “Sunoco Rewards Card” credit card were supposed to receive a 5-cent per gallon discount on gasoline purchased at Sunoco gas stations.

A dispute over the discount led to arbitration.

In its ruling the appellate court found: “[n]owhere does the agreement provide for a third party, like Sunoco, the ability to elect arbitration or to move to compel arbitration.”

Read the article.

Silicon Valley software startup Zenefits and its co-founder Parker Conrad have been fined nearly $1 million by the U.S. Securities and Exchange Commission as part of a settlement over charges that they had misled investors, reports Reuters.

Zenefits will pay a $430,000 penalty and Conrad, who resigned as chief executive from the company in early 2016, has been fined more than $533,000, according to Reuters reporter Heather Somerville.

“The SEC found that Zenefits made ‘false and misleading statements and omissions’ to company investors by failing to disclose that it was not compliant with state insurance regulations,” Somerville reports. “Zenefits employees had sold health insurance without proper licensing, the company said, a violation that led to fines from several states.”

Read the Reuters article.

Join Our LinkedIn Group

By Keli Johnson Swan
Scott & Scott LLP

Virtualization can reduce the number of physical machines required in an environment and have several other benefits, but it can also require an understanding of complex technical and licensing concepts. Failure to properly license the environment can subject the company to unbudgeted licensing and compliance fees. The following list includes several common questions and concerns related to licensing VMware.

I. Third Party Use: Can VMware Tools be accessed by third parties?
Yes, a third party may access VMware Tools on a machine owned by the licensee, but only if a Guest Operating System is installed within a Virtual Machine. The End User License Agreement defines a Guest Operating System as “instances of third-party operating systems licensed by You, installed in a Virtual Machine and run using the Software.” It is critical to note that the customer is responsible for ensuring that any third party it distributes VMware Tools to complies with the terms of the license agreement, or it may be liable for potential copyright infringement and breach of contract claims. See VMware End User License Agreement (“EULA”), Sections 1.3 and 2.5.

II. What other restrictions apply to Third Party Use?
Although a customer may use VMware to deliver hosted services to third parties, there are numerous restrictions regarding what functionality may be shared without VMware’s written consent. Third parties may not use the software as service bureaus or application service provider or similar capacities, and licensee must not transfer or sublicense any software without VMware’s consent. Further, certain benchmark testing results may not be shared externally, nor any reverse engineering information of the software. The license agreement also restricts circumvention of any security protocols, which are also covered by the Digital Millennium Copyright Act (“DMCA”). See VMware End User License Agreement (“EULA”), Section 3.1 and 17 U.S.C §1201.

III. Conflicting Terms: Does an Order supersede the End User License Agreement?
No. All terms of the Order are subject to the EULA and are not deemed valid until accepted by VMware. The Order may outline specific use of a product but if the terms conflict, look to the EULA. A change to the EULA requires VMware’s written agreement to change standard license terms. See VMware End User License Agreement (“EULA”), Section 4.

IV. Audit Rights and Record Retention: What are VMware’s audit rights?
The EULA grants VMware the right to audit a company at any time during the License Term (identified in the Order) and two years following the expiration of the license term. This provision requires the customer to retain records for up to two years following the expiration of the license term and allow VMware to conduct a software audit to ensure compliance with the license agreement.

VMware or a third-party auditor may audit a customer with “reasonable notice” once in a 12-month period during normal business hours. A customer must immediately remediate any non-compliance. If the audit reveals the customer has underpaid license fees of more than 5% or failed to maintain proper records of software use, it must pay VMware’s costs to audit in addition to any fees for remediation. See VMware End User License Agreement (“EULA”), Section 5.

This provision represents one of the largest risks during a customer’s relationship with VMWare. The customer must accurately maintain all records related to VMware usage and license information. If a customer fails to properly account for its usage, VMware may attempt to extrapolate the data in a light least favorable to the customer, which could significantly increase its monetary damages for non-compliance. Additionally, failure to comply with the terms of the license agreement could result in involuntary termination. See VMware End User License Agreement (“EULA”), Section 10.

V. Termination: Does VMware have the right to terminate the licenses?
Yes. VMware is allowed to terminate the license pursuant to the EULA for the following reasons:

a. Breach of the Agreement
VMware is allowed to terminate the agreement for non-payment of the Order within 10 days of sending the customer a written notice. Additionally, VMware is allowed to terminate the licenses if a customer breaches the terms of the agreement and does not correct the breach within 30 days of receipt of VMware’s written notice. This provision is particularly important because VMware can terminate the licenses for failing to comply with the licensing terms.

b. Insolvency
VMware may also terminate the licenses if a customer becomes insolvent (through the admission in writing or in bankruptcy proceedings).

The End User License Agreement does not contemplate termination by the licensee except upon the termination of the license term. See VMware End User License Agreement (“EULA”), Section 10.

VI. Effects of Termination: What happens to the licenses after Involuntary Termination?
If VMware terminates a license, the customer no longer has the right to install or access the software. Additionally, the EULA requires the customer to immediately stop using the software and uninstall it and return any media. See VMware End User License Agreement (“EULA”), Section 10.

VII. Confidentiality: Can a customer share VMware pricing or purchase orders?
No. Specific information, including license keys, pricing, marketing materials, or any other non-public information exchanged between the customer and VMware are confidential and may not be shared without VMWare’s permission. It is important to note that this provision survives the termination of the agreement. See VMware End User License Agreement (“EULA”), Section 10 and 11.1.

VIII. Data Privacy Implications: Does VMware protect customer data?
The EULA acknowledges that VMware may obtain and share with a worldwide group of companies in furtherance of providing software services, but it agrees to act as the controller of this information and to comply with the applicable data protection legislation. See VMware End User License Agreement (“EULA”), Section 11.4.

Customers should carefully analyze VMware’s license terms and agreement in order to ensure that VMWare’s protections are sufficient for the customer’s needs.

See “VMware Audits – What You Need to Know About Licensing Rules Pt. I.”

Join Our LinkedIn Group

NAVEX Global will stage a unique, once-a-year virtual conference to help particpants learn about current best practices and new emerging compliance issues.

The free webinar will be on Thursday, Nov. 9, 2017.

More than 4,000 legal, audit and compliance professionals are expected for the 2017 Ethics & Compliance Virtual Conference to hear speakers like:

• Shankar Vedantam, Host of the Hidden Brain Podcast and NPR’s Science Correspondent

• Kristy Grant-Hart, CEO, Spark Compliance Consulting

• Richard Bistrong, CEO, Front-Line Anti-Bribery LLC

This year’s conference will have 23 sessions throughout the day with three specialty tracks on Aligning Corporate Risk & Culture, Leading for the Future and Investing in Corporate Culture.

Participants are free to come and go as they please. Anyone unable to access the live webinar may register to obtain access to the sessions later.

Register for the webinar.

Optimus BT will present a free webinar providing a comprehensive overview of Legal Contract Collaboration by Optimus and Forrester for the Microsoft Cloud.

The webinar will be Thursday, Nov. 2, 2017, beginning at 11 a.m. ET / 8 a.m. PT.

Forrester, a leading analyst firm, along with Optimus, a leading Microsoft Cloud Contracts Platform, will be conducting this webinar to provide an overview of the key issues facing business and legal collaboration with a presentation along with scenario based demos of Contracts and Legal solutions for both SharePoint & Office 365.

The presentation will also highlight integrations with Outlook and Word to improve legal work productivity.

“We will review various aspects of the Contract Lifecycle including document and outlook based collaboration, contract metadata management, review and approval workflows, electronic signature integration, contracts search, repository and document generation processes, reporting and metrics, alerts setup and management, among others,” the company says on its website.

Register for the webinar.

Businesses are adapting to the new reality of cybersecurity threats by shoring up technology and educating employees regarding best practices and risks associated with an online presence, writes Marc C. Tucker, a partner in Smith Moore Leatherwood LLP.

“A business’s electronic data is quickly becoming its most valuable asset— an asset worth protecting,” he explains. “If data is trusted to a third party, the parameters of what is expected to keep your data safe should be memorialized in a contract with that service provider.”

“Strategic third-party contracting practices will not eliminate all cyber risks but is an additional arrow in the quiver as you strive to protect sensitive data.”

Read the article.

Join Our LinkedIn Group

Determine, Inc. and Jason Busch of Spend Matters will co-host a webinar titled Contract Compliance — Why it Matters to Procurement, on Tuesday, Oct. 24 at noon Eastern time.

The webinar will be available on-demand for anyone who registers.

Presenters will discuss why ensuring contract compliance through effective contract management isn’t an afterthought; it’s at the functional heart of successful end-to-end procurement savings, efficiency and supplier performance.

Topics include:

• CLM – the nexus of compliance, stakeholders, suppliers and customers
• Why compliance is the new savings
• Integrating contracts and procurement seamlessly
• How process management simplifies collaboration

Register for webinar.

Join Our LinkedIn Group

First Coast News reports that federal judges in Florida handed down $9,164,404.12 in fines Wednesday on prominent Jacksonville litigation firm, Farah & Farah, P.A.

Farah & Farah and the Wilner Firm filed 1,250 frivolous tobacco claims against the Engle Trust Fund, the court found.

“Engle is a class action lawsuit named for a Miami pediatrician who defeated tobacco companies in court,” First Coast News explains. “A multi-million dollar fund paid by tobacco companies was set up for Floridians and their survivors who suffered illnesses due to cigarette smoking from 1994-2006. The class action in 2008 was estimated to include 700,000 people.”

Some cases filed by the attorneys were for deceased clients, non-smokers, those who did not suffer from one of the required diseases, and 572 that did not authorize the attorneys to file lawsuits on their behalf, the report says.

Read the First Coast News article.

Join Our LinkedIn Group

Image by C_osett

General Motors will pay $120 million to settle claims from dozens of states in its massive ignition switch defect scandal, reports The Detroit Free Press.

Earlier this year, the U.S. Supreme Court ruled that GM could no longer avoid hundreds of suits from victims of the defective ignition switches in accidents occurring before GM filed for Chapter 11 bankruptcy in 2009. according to reporter Eric D. Lawrence.

“The settlement is tied to violations of consumer protection laws and is on top of GM’s previous penalties and settlements of an estimated $2.5 billion, including $900 million to settle a U.S. Department of Justice criminal case,” Lawrence writes.

The settlement does not resolve federal multi-district litigation involving what has been reported as possibly hundreds of plaintiffs.

Read the Free Press article.

Join Our LinkedIn Group

Image by Open Grid Scheduler / Grid Engine

The Associated Press is reporting that a Missouri appeals court on Tuesday that vacated a $72 million award to an Alabama woman who claimed her use of Johnson & Johnson products that contained talcum contributed to her ovarian cancer has thrown the fate of awards in similar cases into doubt.

“The appeals court cited a Supreme Court ruling in June that placed limits on where injury lawsuits could be filed, saying state courts cannot hear claims against companies not based in the state where alleged injuries occurred. The case involved suits against Bristol-Myers Squibb over the blood-thinning medication Plavix,” writes the AP’s Margaret Stafford.

More than 1,000 plaintiffs have filed similar lawsuits in St. Louis against New Jersey-based J&J. “In four of five trials held so far, jurors awarded more than $300 million combined. Only two of the 64 cases attached to Fox’s case lived in Missouri,” according to Stafford.

Read the AP article.

Join Our LinkedIn Group

A lawsuit recently brought against General Electric Co. raises the question: Can your employer be trusted to manage your retirement fund exclusively for your own benefit?

Los Angeles Times reporter Michael Hiltzik explains that the suit alleges that GE managed the plan for its own benefit by loading it with mutual funds owned by its own subsidiary.

“The funds charged high fees while also underperforming the investment markets, a double-barreled drawback that cost employees millions in potential gains,” according to Hiltzik.

Plaintiffs claim that a large portion of the funds was invested in GE-owned mutual funds, and the company pocketed the management fees paid by its own employees. All but one of the five GE funds underperformed its benchmark investment index.

Read the LA Times article.

Join Our LinkedIn Group

The Walt Disney Company is going to battle with its insurer, AIG, as it seeks coverage for a massive settlement in the “pink slime” defamation case, Variety is reporting.

Disney is trying to force AIG to submit to arbitration on the coverage dispute. While the underlying litigation is not identified, the dates line up with Disney’s court battle with Beef Products Inc. in South Dakota, according to reporter Gene Maddaus.

BPI sued Disney, alleging that ABC News had damaged its business with a series of reports on “pink slime.” Disney settled the case partway through trial in June.

“In August, Disney disclosed that it had incurred legal costs of $177 million, the bulk of which was believed to be due to the BPI settlement,” Maddaus writes. “The total settlement was believed to be significantly larger, once insurance claims were factored in.”

Read the Variety article.

Join Our LinkedIn Group

NAVEX Global will present a free webinar, “Using Metrics to Improve Your Third-Party Risk Management Program,” on how to set up a third-party risk management program for success.

The event will be Thursday, Oct. 26, at 10 a.m. PDT/1 p.m. EST.

Participants will learn how companies with advanced programs manage their third-party risk and due diligence processes and will get industry benchmarks to size up your program.

Expert presenters will discuss the steps that should be taken to improve a program and minimize risk — regardless of organization size or number of third parties managed.

Organization following the steps have:

• Reduced their risk of legal or regulatory action
• Appropriately defined “high risk” third parties
• Found the most powerful screening and monitoring methods
• Measured the effectiveness of their third-party due diligence programs

Register for the webinar.

While the majority of businesses at risk for criminal hacking are major institutions that deal with a lot of data — such as banks — the idea that small and midsize businesses aren’t a target is mistaken, reports the Chicago Tribune.

Reporter Corilyn Shropshire credits that analysis to Richard Sypniewski, CEO and managing director of Sagin, a management consulting and IT management firm.

Sypniewski said nonprofit institutions are at greater risk for criminal hacking than some other targets.

“According to [a Better Business Bureau] study, 90 percent of cyberattacks on business come from phishing emails and 90 percent of those phishing emails are ransomware, in which scammers breach a company’s operating system with software designed to block access or hold data hostage until a sum of money is paid,” writes Shropshire.

Read the Chicago Tribune article.

Join Our LinkedIn Group

Contracting parties frequently use terms such as “commercially reasonable efforts,” “reasonable efforts,” “best efforts” or similar standards when describing their expectations regarding the performance of a party’s obligations, according to a post on the website of Morrison Foerster. However, these terms are inconsistently interpreted by courts and are often subjectively applied.

The post’s authors discuss how these three contracting terms have been interpreted in recent court decisions and considerations with respect to the use of such terms by contracting parties.

The article concludes with a list of best practices when negotiating and drafting agreements to avoid conflict.

Read the article.

Carl R. Pebworth, a partner in Faegre Baker Daniels, asks and answers the question: What tort obligations does a design professional on a construction project owe to non-parties — like, for example, the persons who will use what has been designed after it is built?

he discusses an Illinois case in which a court addressed whether an engineer who had contracted to design a “replacement” for a bridge deck had a professional obligation to “improve” the bridge deck after it failed and third-party motorists were killed.

“As long as the design professional sticks to what the designer has contracted to do and does that work professionally, the designer cannot be obligated to go beyond those duties,” Pebworth writes.

Read the article.

Join Our LinkedIn Group

Image by Open Grid Scheduler / Grid Engine

Johnson & Johnson said a $417 million verdict in a talc powder cancer case should be thrown out because three jurors were excluded by fellow panelists from the decision-making process, reports Bloomberg Technology.

“The three were wrongly left out of deliberations on the fourth-largest U.S. jury award of the year because they didn’t agree with the other nine jurors that baby powder was the cause of a lifelong user’s ovarian cancer, the company said in a request for a new trial,” according to reporter Edvard Pettersson.

The jury foreperson said that the three jurors who were excluded from the discussions about damages had expressed doubts that J&J’s product was a fault.

Read the Bloomberg article.

Join Our LinkedIn Group

By Eric Begun
King & Fisher

You’re thinking that something about the title of this post sounds familiar, right? Information technology (IT) vendors and third party service providers have been in the spotlight for security breaches for some time (see, for example, vendor-based security lapses affecting Target, CVS, and Concentra, as just a few), and it doesn’t sound surprising that an IT vendor has been sued related to a security incident. After all, whether you’re an IT vendor or an IT customer, if you draft or negotiate contracts for a living, these situations are what you try to contract for, right?

Right…but…the recent federal class action suit filed in Pennsylvania against Aetna and its vendor surfaces several new privacy and security considerations for vendors and their customers. The vendor in question was not an IT vendor or service provider. Instead, the plaintiff’s allegations relate to Aetna’s use of a mailing vendor to send notification letters to Aetna insureds about ordering HIV medications by mail. According to the complaint, the vendor used envelopes with large transparent glassine windows – windows that did not hide the first several lines of the enclosed notification letters. The plaintiff asserts that anyone looking at any of the sealed envelopes could see the addressee’s name and mailing address – and that the addressee was being notified of options for filling HIV medications. As a result, the vendor and Aetna are alleged to have violated numerous laws and legal duties related to security and privacy.

For all vendors and service providers, but especially those that don’t focus primarily on privacy and security issues, the Aetna complaint is enlightening. To these vendors and service providers, and to their customers: Do your customer-vendor contracts and contract negotiations contemplate what Aetna and its mailing vendor may not have?

• Do your contracts for non-IT and non-healthcare services fully consider the risk of privacy and security litigation? A noteworthy facet of the Aetna case is that the mailing vendor was sued for privacy and security violations that were not exclusively due to the customer’s acts or omissions. That is, while the contents of the mailer certainly were key, the vendor’s own conduct as a mailing services provider (not an IT or healthcare provider) was instrumental in the suit being filed against the vendor (and Aetna). Vendor services that previously didn’t, or ordinarily don’t, warrant privacy or security scrutiny, may, after all, need to be looked at in a new light.
• Do your contract’s indemnification and limitation of liability clauses contemplate the possibility of class action litigation? Class action litigation creates a path for plaintiffs to bring litigation for claims that otherwise could not and would not be brought. Class action litigation against data custodians and owners for security breaches is the norm, and the possibility and expense of class action litigation is frequently on the minds of their attorneys and contract managers who negotiate contracts with privacy and security implications. But, for vendors and service providers providing arguably non-IT services to these customers – the idea of being subject to class action litigation is often not top-of-mind.
• Before entering into a contract, have you considered whether the specific vendor services being provided to the particular customer in question implicate laws you hadn’t considered? Vendors that operate in the information technology space – and their customers – generally are well-aware of the myriad of privacy and security laws and issues that may impact the vendors’ business, including, as a very limited illustration, the EU General Data Protection Regulation, HIPAA, New York Cybersecurity Requirements, Vendors that aren’t “IT” vendors (and their customers), on the other hand, may not be. For example, the Aetna mailing vendor may not have contemplated that, as alleged by the Aetna plaintiff, the vendor’s provision of its services to Aetna would be subject to the state’s Confidentiality of HIV-Related Information Act and Unfair Trade Practices and Consumer Protection Law.
• Have you considered which specific aspects of vendor services may directly impact potential legal liability, and have you adequately identified and addressed them in the contract? No, this is not a novel concept, but it nonetheless bears mention. A key fact to be discovered in the Aetna litigation is whether it was Aetna, or the vendor, that made the decision to use the large-window envelopes that, in effect, allegedly disclosed the sensitive and personally identifiable information. Given the current break-neck pace at which many Legal and Contract professionals must draft and negotiate contracts, however, unequivocally stating in a contract the details and descriptions of every single aspect of the services to be provided is often impractical (if not impossible). But, some contract details are still important.

Whether or not this class action suit is an outlier or is dismissed at some point, consider data security and other privacy and security issues in contracts and how vendor or service provider conduct may give rise to a security breach or security incident.

Join Our LinkedIn Group