The Bloomberg Law In-House Forum West was an exclusive full-day live event for general counsel who are actively seeking insights and analysis on how the latest legal and business developments will impact the way they lead their legal departments. By convening top executives and providing the best of Bloomberg Law’s reporting and analysis, this event provided general counsel with the opportunity to meet colleagues across industry sectors, including technology, aerospace, automotive, and biotechnology; hear best practices; and explore case studies that are practical and timely.
Throughout the day, in-house counsel and other legal industry leaders shared strategic insights on effectively managing internal and external investigations to protect their businesses and clients. The forum provided insights on new developments and approaches for investigations, managing risk during investigations, and what happens when investigations fail.
Featured speakers included:
- Bruce Sewell, Former General Counsel and Senior Vice President of Legal and Global Security, Apple Inc.
- Adam Reeves, First Assistant United States Attorney , United States Attorney’s Office, Northern District of California
- Marianne Fogarty, Senior Legal Director, Compliance, Twitter
- Dominique Shelton Leipzig, Partner, Perkins Coie
4:45 pm PDT Update:
Innovative Strategies to Investigation-Based Litigation
Up to this point in the conference, speakers discussed preventative strategies to avoid litigation. In “Insufficient Investigations: The Litigation When You Fail,” experts discussed strategies to minimize the impact of litigation if those preventative strategies don’t work.
A preventative strategy that came up immediately is having internal teams be careful about writing down their opinions on the investigation, especially the risk management team, because any internal communication could become part of litigation down the line. “That can be very damaging if you’ve got an investigation that turns into litigation,” said Robert Daniel, Senior Director of Financial Services Practice at Integreon. “Make sure your risk management team is trained on that.”
“You’re used to that information being privileged and not having to disclose it,” added Kathleen McConnell, Partner at Seyfarth Shaw LLP. “If you go to litigation, you’re going to waive your privilege to some degree. We frequently advise to make sure you’re keeping your communications separate from your investigations and your reports, so it’s very clear what needs to be disclosed.”
Aaron Johnson, Vice President of Litigation, IP Assets & Site Trust at eBay, Inc., discussed the importance of relying on diverse teams to help with quick responses when problems arise. “A lot of in house legal departments have in-house discovery teams,” he said. “They can move very nimbly. With the right tools, you can work outward from an issue to see who has documents pertaining to that. You can be much more targeted and much more focused.”
“Always talk to your IT departments,” said Daniel. “Sometimes the business doesn’t understand [how to produce data or documents] but IT does. You may be surprised by what you might get.”
The panel also discussed what happens when the government launches an investigation against a company. “The technology we have has come a long way, even in the last 2 or 3 years,” McConnell said. “If you know you have damaging documents, you can use those to identify other things in the data set that might [become issues]. That can be very useful for quickly identify things that might be problematic for you. Doing the investigation before the government helps you control the message. The first person with the messaging — that’s sometimes half the battle right there.”
When you find an issue, Daniel added, “Go ahead and be very proactive. I’ve never seen where that hasn’t been a positive. If you know there’s something that’s really bad, go in with it. Don’t wait for them to find it. There’s nothing good that will happen. Go in with a solution. That’s where having an internal team know what you’re producing” is so helpful.
4:10 pm PDT Update:
Data Strategy As Risk Prevention
In “Data-Driven Investigations: New Strategies and Tools,” three industry experts discussed how ever-evolving technologies present emerging risks to companies.
“When a data breach occurs, it’s not a matter of if it’s a matter of when, it’s crucial you have a policy in place,” said Abraham Mertens, Assistant General Counsel of Arista Networks, Inc. “All deletion should be put on hold.” Dominique Shelton Leipzig, Partner at Perkins Coie, agreed. The first question should be, “Where is the incident response plan, and was it followed? Dig it up and make sure you’re consistent with it,” she said.
One issue that came up frequently was third party vendor management, and how much control corporations can and should have over how third party vendors manage their data. “Make sure in your contract that the language is broad enough that you have control over those third parties when you need it,” Mertens said.
“Don’t forget about shadow IT,” said Heidi Maher, Executive Director of CGOC and Privacy Lead for Hybrid Cloud, IBM. “Many organizations out there have this bureaucratic nightmare as far as getting things approved in their organization, and many people go rogue and download their own stuff. That can be a treasure trove for opposing counsel.”
Another recurrent issue is C-suite management’s lack of understanding of data management and cybersecurity. “Even companies who don’t consider themselves to be data companies are still data driven,” said Shelton Leipzig. “Leaders are intimidated by the technology. The only time they talk about data is in a cyber event or data security issue. Data should be managed like any other aspect of a company. C-suite members need to get conversant in data, because it’s a C-suite issue.”
“Understand the powerful role you have to be a clarion bell around data trends,” she continued. “Bubble those up to your senior leaders. Make sure it gets on the agenda. The SEC is saying If companies don’t have somebody on their board who understands data from a cyberprivacy perspective, you need to explain why that’s the case. Fill that role now and protect the company.”
3:15 pm PDT Update:
Evolving Investigative Policies for Evolving Social Needs
In “The Trigger: Internal Investigation Trends,” four industry leaders discussed how corporations are adapting their internal investigation techniques to a changing social climate. One of the main topics of discussion: data privacy. “Companies are looking to see what they can collect, can they sell it, how people who will buy it will use the data,” said Marianne Fogarty, Senior Legal Director of Compliance at Twitter. “All these [considerations] create additional touchpoints and additional vulnerabilities where things can go wrong.”
Elizabeth O’Callahan, Vice President of Legal at NetApp, said that one way her company protects privacy is by “making sure it’s on a need basis that access is permitted,” she said, adding that having a “tiger team” to handle data incidents is paramount today. “You will need legal, compliance, IT, boots on the ground to find out what happened, an external advisor, corporate communications and corporate suite” involvement, she said. Fogarty added that information security is a critical part of her tiger team at Twitter.
Jessica Nall, Partner and Chair of White Collar Defense and Corporate Investigations Practice at Farella Braun + Martel, explained some modern challenges of data-driven investigations. “Most of the communications that are going to be the most important to tell you what happened is not going to be email. It’s going to be in all different apps,” such as Telegraph and Whatsapp. “It’s very difficult and fraught,” she said. “Not every company owns cell phones that employees use. In the outside counsel role, conducting internal investigations, it’s certainly the case that key documents are not on email. The government assumes that if you can’t prove your communication was above board, it must have been the opposite.”
“You really want to emphasize training,” Fogarty said. “For years, people have been aware of how free people can be in email. Now people are more aware of that and they think text or Slack is different. It’s not. Literally any form of communication can end up coming back to bite you.”
Another pressing consideration: whistleblowing from disgruntled employees. Wendy Weiss, Senior Managing Director at Ankura, said that in her previous career with the government, “97% of cases came from whistleblowers who saw a pattern of practice from within the company, who would take it to compliance or legal, and were told to just be quiet, or they were demoted.”
“In our internal discussions we’ve talked about how you should pay attention to those complaints inside the company,” Weiss said. “You should let the whistleblower know that you’ll look into it. If you don’t, those are the people who knock on the government’s door with a false claims complaint. They can be quite expensive cases — fees are composed of triple damages plus penalties.”
Finally, the experts discussed current methodology on #metoo complaints. “Where do we draw the line? It’s a question that our society hasn’t answered yet and it is definitely impacting corporate policy,” Nall said. “It’s based on conduct that may have happened years ago with no record keeping around it. It can be very difficult to investigate an allegation that happened 10 years ago that somebody did something at a party that happened 2 miles from the office.”
O’Callahan added that creating a cohesive set of behavioral expectations across all employees is crucial. “Harassment is sometimes in the eye of the beholder. The person may have different cultural norms or different space issues,” she said. “It’s important to make sure all employees have the samexpectations of behavior, and they’re advised touching is inappropriate, and to stay away from personal comments. We’re trying to create this space safe for all of us.”
Using Data to Provide Better Reader Information
In “Bloomberg Law: Ask An Analyst,” two Bloomberg Law staffers shared recent findings about pressing legal needs in the industry. Molly Huie, Team Lead of Data Analysis and Surveys at Bloomberg Law, and Meg McEvoy, Legal Analyst of Legal Operations and Markets at Bloomberg Law, shared some results from their recent 500 person survey across multiple areas of the law.
“We designed the survey to be broad and baseline, but it allows us to slice and dice the data and get something really specific,” Huie said. The two touched on several issues that have been discussed at today’s Bloomberg Law In-House Forum West, especially in the compliance arena.
Most interesting: 95% of respondents (and 60% of the people in the room) reported that they have a legal operations function, and 74% said that they’re customizing their own legal technology. Both topics were covered extensively today in “Legal Operations: Creating a New Approach.”
12:35 pm PDT Update:
The Investigation Team: Skills and Talent
In “The Investigation Team: Skills and Talent,” attorneys and compliance experts discussed how they would handle the investigations of two hypothetical scenarios.
The first scenario involved CEO misconduct with another employee. All three experts agreed that immediately seeking outside counsel was the best first step. “You’re already putting the human resources team in a unique position from the start,” said Michael Green, Head of Compliance at Arm.
“You need to have that independence,” agreed Jane Fogarty, Vice President and Senior Counsel at SYNNEX Corporation. “If the head of HR reports to the CEO, it’s really the CEO’s team. I’d be very conscious over trying to maintain privilege over that investigation. You’ve got to have some kind of feel for what you’re playing with. If it was the CEO I wold be talking to external counsel pretty soon. The last thing you want to do is take an investigation to the board that’s unfounded.”
The panelists also considered the potential negative consequences for the other employee involved in the scenario. “If I’m going to make a complaint against the CEO, all of a sudden my personal life is going to be carte blanche,” Fogarty said. “We have to get to the bottom of how much are we going to be protecting our people so we’re not pulling apart their private lives.”
“If their social media isn’t public, you generally can’t compel them to reveal what’s there,” added Margaret Keane, Partner at DLA Piper. “A number of companies have learned that engaging in pretexting can come back to bite you very badly.”
In the second scenario, the panelists discussed a situation where an employee has paid a bribe to a government official in a foreign country in which the corporation does business. “It’s tempting to get outside counsel to make a determination on it, but you need to look at the practices in that country,” Green said. “You need to have knowledge of the skeletons that are out there.”
“Local privacy counsel is essential,” Keane added. “You can’t assume you can do there what you can do here.”
Even once the problem is resolved, Fogarty added, it’s essential to make sure that “the culture in that office is the culture you want globally for the organization. The cultural piece comes about from education, making people are visiting that site, understanding how things are done in that country. Unless you know that country very well you have to get external legal advice in that country.”
11:35 am PDT Update:
Evolving Perspectives on the Role of In-House Counsel
In “Legal Operations: Creating a New Approach,” three experts in in-house operations discussed how in-house counsel’s role is evolving, especially in light of new technologies.
Stephanie Corey, Co-founder and General Partner at UpLevel Ops LLC and Co-founder of CLOC, said that there’s “a new form of general counsel” than there used to be. “I’m seeing more proactive GCs I did than 20 years ago,” she said. “It’s not about putting out fires. It’s about putting training in place. They want to be brought to the table earlier. Their job is to be in every high level business conversation.”
Ken Sokol, Director of Solution Architecture at Epiq, talked about how much of contemporary evolution in legal departments is focused on adopting evolving technologies, and keeping up with the rate at which those technologies are changing. “This is a rapidly evolving area of practice,” he said. “The use of cloud based applications is really evolving. It’s hard to keep up even when you’re doing it all the time like we do.”
Sokol explained one of the often overlooked concerns is “total cost of ownership.” He emphasized that it’s important that departments consider, ““How much is it going to cost to implement the software in our data centers? It’s an iceberg. There are so many costs under the water.”
“Technology is a tool,” said Craig Lee, Director of Brainspace. “It’s all about workflow and process. Resources and expertise available, and processes, are really key. Machine learning is a tool, but it still has to be in the hands of someone with expertise. It still has to be in a workflow that meets time, demands and budget.”
“We’re always asking clients ‘what are you trying to solve?’ There’s a lot of evolution in your own corporations, and law firms and consultancies. What I’m attracted to at this moment in our industry is that machine learning is really facilitating collaboration.”
10:50 am PDT Update:
Understanding and Regulating Evolving Technological Capabilities
In “Setting the Stage: Government Investigation in High-Tech Industries,” two attorneys and two government officials spoke about how corporations and the government can work together to resolve problems and adapt to changing technological capabilities, both in understanding those capabilities and regulating them.
“On the civil side, it’s in every company’s interest to embrace that dialogue when you get the investigative demand from the Federal Trade Commission or Department of Justice,” said Thomas Dahdouh, Regional Director, Western Region of the Federal Trade Commission. “When we are looking at filings on M&A and we’re calling you as a customer, often we’re under incredible time pressures. It’s in your interest to talk to us. It’s a great opportunity to interact with the agency and see the issues. In our investigations, the economists report directly to the commission. Sometimes their findings are not the same as the lawyers. Being able to present your side of the issue to the economists [is key]. There are multiple communications going on. I would encourage you to use all those levers.”
“It’s important to be focused on the preventative,” said Conor French, General Counsel of Zipline International. “That’s not a conversation about cooperation, it’s about collaboration. Avoid getting to this place in the first place. It’s important to take steps to mitigate the risk. General counsel need to be the stewards of doing the right thing. You set the tone in the company,” he added. “People need to realize they can’t hide behind the company. Some level of individual culpability and understanding your actions matter make a difference in the culture of doing the right thing.”
Joan Meyer, Parter at Pierce Bainbridge, spoke at length about evolving concerns of corporations. “In this rapidly changing environment we’re in, there’s a lack of protecting data,” she said. “What can we do in revising roles to put in additional protections so consumer data is not being misused or manipulated in a way? That’s a huge issue today, as well as systems protections. Companies are getting a lot more focused on that issue. It’s a top priority today.”
Adam Reeves, First Assistant United States Attorney in the United States Attorney’s Office of the Northern District of California, said that it’s often in a company’s best interest to cooperate when an investigation arises.
“Realistically I think companies that choose not to cooperate essentially undertake unforeseen risks around access to information,” he said. “The government is going to use all of its tools to ascribe responsibility. Corporations that choose not to cooperate sometimes are shutting down access to basic activity that could be very helpful. There are risks of miscommunication. Often times crimes are intentionally obscured in arcane business records. The government knows what it’s looking for, but it doesn’t necessarily know where.” Meyer added that corporations who readily participate receive cooperation credit, which makes a huge difference. Investigations, she said, are looking at “When they identified the problem and took efforts to remediate the issue.”
“One of the greatest things about our district is the startup creativity and energy that’s remarkable in the startup industry of northern California,” Reeves added. “People in government are proud to be part of it. There is and should be a sensitivity in the government about investigations around growth… As we investigate, we have to have an appreciation for dynamism and change.”
“We are unapologetic cheerleaders for the free market,” Dahdouh said. “Many barriers to entry are government created. We have robust advocacy [in areas] like occupational licensing. It’s a huge area where there are legitimate concerns about government impeding entry.”
“If you work with us, we will work with you,” Reeves said. “No one will listen more carefully than we will about the details of your business if it takes us to the deepest understanding about what happened.”
10:00 am PDT Update:
Bruce Sewell, Former GC of Apple, On The Company’s Seminal Legal Fights
In the keynote interview of Bloomberg Law’s In House Forum West, on June 20 in San Francisco, Bruce Sewell spoke at length about some of Apple’s most important legal fights, especially Apple’s role in the San Bernardino shooting, where the company refused to aid the FBI in “cracking” the encryption on the shooter’s work-issued iPhone.
The former General Counsel and Senior Vice President of Legal and Global Security at Apple also offered the audience advice on handling situations where there are legal issues that have potentially severe consequences for the company. “We’re talking about cases that are potentially very expensive, not just in terms of money spent to work on the case, but in penalties assessed to us,” Sewell said, “so we’re talking about big money.”
Sewell explained that in situations like this, the three key stakeholders who must work in concert are the CEO and executive management team, the legal team, and the PR team that deals with reputational and publicity issues. “Those three stakeholders have to be in absolute coordination and concert with one another,” Sewell said. “You don’t want media guys getting ahead of the legal defense, you want to make sure the CEO doesn’t tweet anything embarrassing.”
His advice for government investigations: “Be patient, don’t develop your defenses too quickly, be sure that you have your narrative you’re going to disclose to the investigators that is water-tight before you disclose those defenses. Understand what they’re after,” Sewell said. “Patience and being prepared. Intuitive, but harder to do when you’re in the heat of the moment.”
The key issue in the San Bernardino issue, Sewell explained, was that the FBI tried to access the shooter’s phone so many times that the phone permanently locked. “The company was under incredible pressure to cave and give the government what it was looking for,” he said, and explained that the key to navigating that situation was synergy between those three stakeholders. “What happened fairly early on is that Apple realized this was an existential moment. We were going to do something that could turn off a massive number of customers and create a stain on the company. We had to expose what was happening in the litigation and be absolutely clear in our sympathy for the victims of the crime and avoid any kind of assistance to terrorists. We had [Apple CEO] Tim Cook saying we cannot and will not endanger all of our customers by building this backdoor, and then me giving testimony before the house judiciary.”
“There were times we were very much adversaries, but underlying that was a history of Apple working with the government to solve crimes like kidnappings,” Sewell said. “We said ‘we can’t build this backdoor, but what we will do is meet with the FBI and local police departments to train them on what you can get from phones.’ The FBI did the wrong thing when they got the shooter’s phone and foreclosed getting some of the evidence. We started training people on how to get evidence from phones so that doesn’t happen again.”
Another key takeaway: Sewell advocated for managing expectations for investigative outcomes by communicating clearly with the other stakeholders at a company. “There’s some prework you want to do with your team and executive board to make sure they understand the potential range of outcomes and you’ve given them the probability of getting a good outcome vs a bad outcome,” he said. Then, “They’ve seen the development of the defenses and generally feel there wasn’t some error made by the legal team that resulted in the bad result.”
Read exclusive interviews with forum speakers:
Elizabeth O’Callahan, vice president, legal, at NetApp
Jane Fogarty, vice president and senior counsel with SYNNEX Corporation
Heidi Maher, executive director of the Compliance and Governance Oversight Council and privacy lead for Hybrid Cloud, IBM