[“Ten Things” has been nominated for a “Best Blog” award. You can vote by clicking here.]
Most of my friends know that I really enjoy Halloween. While the free candy part is pretty good, I have always liked a good scare. And this time of the year is full of them. Horror movies are a great example. I especially like that the jolt of adrenalin, increasing heartbeat, and sweaty palms you get when you’re watching some knuckle-head fraternity boy decide that he must go down into the dark basement to see “what’s making those weird noises.” Hey, moron, we know what’s going on down there: It’s a monster that’s going to rip your head off and splatter the walls with what little brains you apparently have! Horror movies are fun because you know it’s not real and nothing bad has really happened. There are some scares I don’t like, however. Driving on Texas highways is one. Some of the others are things I have seen at work. I have been an in-house lawyer for a long time. That means I have seen a lot of things. Some good. Some bad. Some downright scary. As I start to think ahead to 2018 and my “to do” list, I have been thinking back on these scary things. I want to be proactive in 2018 and make sure the Legal Department is taking steps to keep bad things from happening or planning what to do if they do happen. Being proactive (and not reactive) is when in-house lawyers add the most value to the company. In honor of Halloween, this edition of “Ten Things” identifies ten things that should scare the bejesus out of in-house lawyers:
1. Litigation. In my opinion, there is no worse feeling than when you get a notice that someone has sued your company. Unless it appears on its face to be a relatively minor matter, you know that – if it’s litigation in the USA – you’re very likely to be spending a lot of time and money dealing with it. If it’s a jury trial, then the risk just went up sevenfold. Not only that, the more threatening the litigation, the more likely the CEO and Board of Directors will get involved – meaning you’ll have plenty of “help” in figuring out the right path forward and you’ll be spending a lot of time summarizing what you’ve been doing and what you are going to do. If you’re really unlucky, the litigation will involve antitrust law where the standards are mushy and the penalties subject to tripling. While you cannot necessarily prevent anyone from suing your company, here are a few things that can minimize the pain:
- Watch for signs of problems/disputes and get involved early. It’s always possible to turn a rough situation around before it blows up. Legal is uniquely situated to help the business with this. Make sure they come to you at the first sign of problems.
- If you are sued, do an early case assessment to truly understand the risk the litigation presents.
- Look for early mediation or getting the case into alternative dispute resolution, e.g., arbitration. The latter can be very helpful if confidentiality issues are prevalent.
2. Budget miss. In my last post, I wrote about how to prepare an annual legal department budget. From experience, I can tell you that missing a budget (yearly or project) can be a very painful experience. While it may not seem like it should be an important part of an in-house lawyer’s job, making sure you budget properly and manage to that budget are now table stakes in the in-house world. Take this part of your job very seriously. There are three things you can do to help yourself in this area:
- Get the entire Legal Department involved in the budget process. If the Department is oblivious to what the budget is and if spending is off-track, then you have little hope of getting back on track.
- Communicate frequently with outside counsel and vendors. Stay on top of your spending. Don’t be afraid to ask questions and let outside counsel know if there are issues.
- Get really good at project budgeting (and legal project management). It’s an art and a science, but it’s a necessary skill for all in-house lawyers. Hold outside counsel to their budgets.
3. TCPA. There are a lot of crappy laws out there that started with the best of intentions but ultimately have turn into a bonanza for the plaintiff’s bar. California’s “Prop 65” litigation comes immediately to mind. There are others, of course. But, in my opinion, there is none that lays a more terrifying trap for its victims than the Telephone Consumer Protection Act (“TCPA”). The TPCA provides for fines of $500 to $1,500 per violation. Violations consist of unauthorized phone calls or text messages to consumers using an auto-dialer or pre-recorded voice messages. Sounds like a good idea, especially if you’re on the receiving end of such calls. The problem is that if you don’t get the permissions set up exactly right or, for some reason, your marketing department thinks it’s a good advertising plan to buy a phone list and text away without doing the correct due diligence, you could be staring at some very big damages — each unauthorized text is at least $500. Send out 100,000 unauthorized text messages, that’s $50,000,000 or more! Yikes! Here are some things to think about:
- Check your organization to see if there are any type of autodial phone calls or text messages going out. For example, are you sending text message order confirmations to your customers?
- If so, make sure you get the right disclosures and permissions/consent in place. Make sure there is a working “opt out” feature and respect all requests to opt out.
- Don’t buy lists of phone numbers. Create your own database of numbers you know you have the right permissions to use.
- Make sure your executive team and managers all understand that if there is any type of company activity involving auto-dialers or recorded voice messages, Legal needs to know and be involved with the setup.
- Find experienced counsel to work with. The price to get it right is dwarfed by the cost of getting it wrong.
- Consider purchasing software that can automate TCPA compliance, especially around the “Do Not Call” registry.
4. Phishing attack. I almost went with “data breach” here. While a breach is very scary, I think it’s worth focusing more on a particular type of “breach” – the “Phishing Attack.” A Phishing Attack is a form of social engineering where an outsider attempts to impersonate some company (e.g., your email provider) or someone (e.g., your CFO) in order to get you to take some type of action, from clicking on a malware link to wiring money. The worst part about a Phishing Attack is that anyone can be duped, even members of the Legal Department. The most effective way to combat Phishing is through training. I’d start with a general reminder to the entire employee base about some of the most easily recognizable tricks to watch out for. Then I would make training about Phishing risks part of your general mandatory compliance training program. Here are some common tactics to watch out for:
- A scammer sending an e-mail pretending to be from a government organization, particularly with a message of high importance;
- Someone claiming to be from your bank, asking for your account information;
- Someone claiming to be on of your company’s executives or managers, asking you to wire funds or send a confidential file;
- An e-mail message with a false sense of urgency directing you to provide information or take action that you wouldn’t normally take;
- Anything too good to be true (e.g., free money scams, sweepstakes scams, any offer of “freebies”); and
- Targeted attacks taking advantage of personal and professional relationships, organizational hierarchies, and human curiosities.
5. Violence at the workplace. This is probably the worst one on the list, i.e., there is some type of violent incident at your company offices. It’s an unpredictable world out there so the best you can do is to try to limit the ability of unauthorized persons to gain access to your facilities and/or if the worst happens have a plan in place on how to respond. Here are a few things to keep in mind:
- Develop a culture of “see something, say something.” Your employees should be trained to spot people who do not belong on your campus and know where to report.
- Make sure you have a good background check process that can spot persons with violent backgrounds before they get hired.
- Employees and managers should also know the signs that indicate a fellow employee might be a danger to others. OHSA puts out a helpful guide that identifies key indicators (click here).
- Take all threats of violence seriously. Too frequently you hear “I thought he was joking” when someone is discussing a serious workplace violence incident. If you or someone become aware of a threat, don’t pass it off as “blowing off steam.” Take action to ensure that your fellow employees and the work area are safe.
- Develop a written plan that covers incidents of workplace violence. A key facet of this plan should be contact numbers and information for local first responders. Legal’s best partner here is HR and corporate security. You should work closely with both to create, implement, and test your plan.
6. Trade secret theft. A key job that often falls to in-house counsel is protecting the company’s trade secrets and intellectual property. What this usually means is if someone tries to steal your trade secrets, Legal is the first phone call. If so, you do not want to be standing around wondering what to do. You need to develop a plan that – in addition to protecting your company’s trade secrets – sets out what to do if there is a problem. Here are some things to work on:
- Ensure you have up-to-date agreements for your employees to sign, including confidentiality, non-solicitation, non-compete, invention disclosure, and so forth. This is your first line of protection from internal threats.
- Have a good exit interview process to remind departing employees of their obligations (and to ensure that access to key systems is terminated, laptop and other company property is returned, etc.)
- Beef up campus security and make all visitors check-in. Require escorts for non-employees. Don’t let visitors roam free on your campus.
- Have trusted outside counsel identified in advance so that if there is a problem and you need emergency measures (e.g., a TRO), you know who to call.
- Treat confidential information as truly confidential. Mark it properly, secure it, and limit distribution. It’s hard to argue something is a trade secret if you did not even bother to mark it as confidential or widely distributed it to most employees.
- Understand the general legal process in your state or country that you would follow if you needed to sue to get trade secrets back.
7. Someone quits. The way this usually happens is your day is humming along fine, you’re feeling good about everything, you’re almost caught up with your to do list, and then you get a visit from one of your critical team members who tells you they are leaving for a better opportunity and this is their two weeks’ notice. Ugh. Instantly all your plans for a smooth day or week go right out the window and you are scrambling to figure out how you are going to cover this person’s work, begin a search for a replacement, and preserve all of their valuable knowledge about a zillion different things, including passwords to key systems, names, emails, and so much more. Well, you cannot prevent someone from leaving, but you can make them want to stay and/or have a plan in place just in case they do walk out the door. Here are the keys:
- It’s not always about money. Sometimes people leave because they do not feel appreciated or do not feel they are getting opportunities. Take time to focus on the simple things that can make some feel appreciated and valued. And, remember to delegate. Pushing responsibility down not only makes your life easier it presents challenges and opportunities for others. Delegation is not about just dumping work on someone. To delegate properly takes work and practice. Be sure you know the difference.
- Have a succession management plan in place. No one stays in the same job forever. You need to plan ahead for things like retirement or, like the example above, people moving on to something they feel is better. Regardless of the “why” you need a plan in place to develop talent within the Legal Department and identify successors to key members of the Department so that if someone leaves, you have a plan already in place for how you will replace them.
- Make sure the departing employee prepares a detailed transition memo setting out all of the specific projects they are working on (and contacts, deadlines, etc.), along with their general responsibilities (and key dates and contacts).
8. Government investigation. Another really scary moment in an in-house lawyer’s career is the first time (or anytime) they get handed a notice from a government agency seeking documents and other information about your company. If you don’t know this already, I am sorry to tell you that this is probably not good news. You are getting this notice because the government agency is interested in your business. It may be part of a general review of an industry, it may be that some party or whistleblower made a complaint about your company, or – the worst case – it could involve some type of criminal behavior on the part of one or more of your executives, such as anti-bribery, anti-trust, or some other law or regulation. Unless you are very experienced at this, any time you receive an investigatory notice from the government you should be reaching out to your outside counsel immediately. This is not the time to “learn on the job” or take a head-in-the-sand outlook that maybe “it’s nothing at all.” Take it seriously from the start. Hopefully, it does turn out to be nothing but it is so much better to be overly cautious than find out you have placed your company in a bad position because you did not fully comprehend what you were doing trying to deal with it yourself. Some things to keep in mind:
- Make sure you loop in your corporate communication teams immediately. Odds are good that the investigation will become public very quickly and you need to be prepared to respond to press and PR issues, especially in terms of protecting your company’s brand.
- Always be respectful and truthful with government investigators. As much as you might want to be a smartass or self-righteous or condescending to this government official, doing so is probably – other than outright lying – the worst mistake you can possibly make. Keep it inside and keep it professional. This is also another reason why experienced outside counsel is so valuable.
- While the initial request for information and documents may be voluminous on its face, in my experience government regulators will work with you to narrow the requests. They don’t want a lot of extraneous and irrelevant documents and information. Just know that you can likely narrow the scope of the request significantly. But, you cannot wait until the day before the response is due to start these discussions. Act in good faith and with reasonable cooperation and you will find – generally – the government agency will respond in kind.
9. Destruction of evidence. Litigation sucks. Unfortunately, here in the USA at least, fights over discovery (i.e., the production of documents and other evidence) have become a huge part of the overall sucky process. Discovery is intrusive and expensive. And those are the good points. Just when you think that the worst is over, you find out that someone in your company thought it would be a good idea to start trying to delete all their emails. Even worse, they sent emails to others encouraging them to delete all their emails too. And, of course, you already know that all the emails this person tried to delete are fully recoverable and all the emails they wrote encouraging others to destroy emails must be turned over to the other side. All of this means a major nightmare for in-house counsel as there will be a very good chance of sanctions by the court, the difficult task of “explaining” all of these emails to the jury, and the likelihood of an adverse inference instruction where the judge tells the jury that they may infer that the documents (if they could not be recovered) were destroyed because they contained something “bad” in them. Here’s what you need to do:
- Train your employees on how to write and prepare smart email and documents, including the rules around not destroying or encouraging others to destroy documents – especially once litigation has begun.
- Create a proper litigation hold process. At a minimum, your process must require everyone receiving the hold notice to acknowledge that they understand their obligations. And, there must be regular reminders that go out about the need to not delete any relevant documents and emails.
- Work with the folks in IT to ensure they understand the hold process and the need to suspend deletion of emails and other files. Your hold process is at risk unless the IT department is fully engaged and understands their responsibility to help preserve evidence – and the pain that a mistake on their part can cause.
10. Employees drafting their own contracts. It is hard to find a more unpleasant “treat” in your candy bowl than a contract one of the company employees cobbled together themselves, usually from something they downloaded online or cut and pasted from an existing agreement. While their intentions were good, all in-house lawyers know that this type of self-help is no help at all, and usually creates a mess that you need to fix (if you caught it before it was signed) or the company needs to live with (if you did not). A few things you can do to minimize this from happening:
- Create form agreements and put them in a place where employees can easily find them (such as the Legal Department website).
- Enforce a strict policy that all contracts must come from the Legal Department (and get the tone from the top set to get the message out).
- Communicate with your business colleagues about the why using contracts they found through Google or reusing existing contracts can be a bad idea. Your co-workers mean well, generally, but they probably have no idea about the dangers and problems they are causing. Taking the time to educate them can be the quickest way to keep the graduates of the Self-Help School of Law on the sidelines.
There are many other scary things that in-house lawyers must deal with on a day-to-day basis. I picked just a few of the ones I find the most terrifying. I’d be interested in hearing about yours, so feel free to share and comment. That’s all for this special Halloween edition of “Ten Things.” Remember: Stay off Texas highways and don’t go down in the basement.
October 31, 2017
My “Ten Things” book is now available for sale. Described by the American Bar Association as “The one book all in-house counsel need to own!” Click here for details on how to order. Perfect for your library, or as a holiday gift to clients or members of the legal department (or your next legal offsite).
If you find this blog useful, please click “follow” in the top right and you will get all new editions emailed to you directly. “Ten Things” is not legal advice nor legal opinion and represents my views only. It is intended to provide practical tips and references to the busy in-house practitioner and other readers. If you have questions or comments, please contact me at firstname.lastname@example.org.