Quimbee logo
DMCA.com Protection Status

Current Issues in Technology

4.8 out of 5 Excellent(79 reviews)
LK
Presenter(s)
Start your FREE 7-day trial
Preview this course and the rest of Quimbee's CLE library for free with a 7-day free trial membership.
Buy this course - $49
Get access to just this course for $49
Play video

Current Issues in Technology

This course is designed to give guidance to lawyers on various issues under the umbrella of technology law. In every aspect of a lawyer’s career, technology plays a role. Technology is so important to today’s lawyer that state bar associations are starting to add a technology element to required CLEs. This course provides a summary of issues related to counseling clients in content of technology-related contracts, document retention policies, and e-discovery issues should litigation ensue.

Presenters

Larry Kunin
Partner
Morris, Manning, & Martin, LLP

Transcript

Jillian Kuehl:  Thank you for tuning into Quimbee's CLE. I'm honored to be joined today by Larry Kunin. Larry is a litigation partner in the Atlanta office of Morris, Manning & Martin, and he serves as the chair of the firm's technology and intellectual property litigation practice. I'm excited to be talking with Larry today about current issues in technology law. Larry, thanks so much for joining me.

 

Larry Kunin:  It's my pleasure to join you.

 

Jillian Kuehl:  Larry, you're a litigator. Let's start by putting you out of business and talk about how people can avoid issues in technology contracts before they even get to you.

 

Larry Kunin:  Sure. I'd like to say as an intro to it, unfortunately with the way our industry works, contracts get drafted by either corporate lawyers, in-house lawyers, even sometimes litigators and the people who draft the contracts don't see how they play out, if you end up in litigation. Through years of litigating contracts, there are certain things that I've noticed that are common in contracts. I got to say the vast majority of contracts I read are actually pretty good contracts, but every now and then I come across something that I think I wish somebody had thought of before they drafted the contract. Frequently, we see people and clients, especially technology clients, who use form contracts for their customer suppliers. The reality is, a form contract may not be good because there could be differences in law, regulation, position to the parties, what's the subject of the contract. The things we're going to talk about today may be something that's familiar to our listeners, but it also may be some, practical pointers to think about.

 

Jillian Kuehl:  Great, well, let's dive right into it. I think we want to start with the common contractual relationships.

 

Larry Kunin:  Sure. Contracts, when you you're representing an entity could be with a customer. That customer could be a hard good in the area of technology. It usually involves either licensing a software. It could involve development of software. There are questions in development we'll get up to a little bit later that have to do with ownership. It could be modification of software. It could be custom modifications that other customers can't use. You've got strategic partners, which would be distributors, joint ventures, outside contractors who may do computer programming for you. Could be your suppliers, which could include entities, such as Microsoft, Oracle that are licensing software to you to then further implement your products and then your employees. There are very varied employee issues that arise. Things like non-competes, other covenants we're not going to cover in this particular seminar, but employee contracts are important with regard to locking down the confidentiality and ownership in work product that specifically includes the development of software. There should be a raised bar and attention to those particular confidentiality issues with employees.

 

Jillian Kuehl:  Should people be thinking about all these relationships as something completely different or are there similarities that you'll have with all these relationships?

 

Larry Kunin:  There are certainly similarities, but where they can be different is again, a supplier of computer printing paper and your copier is not going to have the same sensitivity as somebody who might be developing software for you or software or them. When I am asked to review a contract, or if I'm given an introduction to it before I understand the contract, the first thing I want to know is, okay, whose side are we on? Are we the licensor side or the licensee side? Because how we draft a contract is going to be different, or at least the computer software-related language is going to be different depending on whether we are the licensee or the licensor.

  For example, if I'm somebody who is hiring somebody to develop contract a software for me, it's going to be important that I try to get ownership of that software. There is a whole scheme of rules and regulations under the Copyright Act as to how that occurs. If I'm the licensor, I may try to avoid that issue, and I may want to keep ownership of that software, but license it to the customer, so then I can then further exploit the software for other customers or ventures I may get involved in.

 

Jillian Kuehl:  Let's talk about strategy. How should I approach a technology contract when I see one?

 

Larry Kunin:  The first thing is just because a contract's put in front of you, does not mean that you have to sign that version of the contract. Now, I'm going to pour a little bit of grain salt on that. If Microsoft throws in front of you, their Microsoft Office license, chances are, you're going to sign it, because they're not going to negotiate with you. We get involved in a lot of startup companies, mid-market companies, companies that are developing software on the go, and there is more flexibility in negotiating customer contracts, whether we're on the customer side or whether we're on the licensor side, we just want to understand what exactly is in this contract, but just because it's the other side's form does not necessarily mean that we have to agree to that language. Our needs may be different than someone else. Maybe we're just more in tune with recent developments in technology law, that just because it's in their form from a few years ago, doesn't mean it's correct for today.

  When you read a particular contract, first, you want to make sure when you look at the form, is it a license form? Is it a development form? Is it a supply form? Pay attention to what kind of form it is, so you could begin with the right form in the first place. Then when you read the contract, have a basis for why you might ask for something. For example, I've mentioned a few time ownership rights. Have logic as to why do I want to be the owner of this software if the developer wants to retain the copyright and license it to me? What may be valid argument, I'm paying you to develop this software for me. I don't want it finding its ways into my current or future competitors after I've been the one who paid for the development. That's a logical argument. Make sure you have logical arguments for what you would like to see in the contract, and we'll go through some of those in just a moment.

 

Jillian Kuehl:  Talk to me, you mentioned that, obviously, if you're signing a Microsoft user agreement, there's not going to be a lot of room for negotiation, but there's got to be, is there a gray area where you're not really sure how much room for negotiation there is, and how can you kind of navigate those waters? How can you tell how much negotiation power you have?

 

Larry Kunin:  Well, there's judgment to be made. It's a know your customer situation. It may involve how difficult is the other side? May involve how difficult is your client in flexibility? I'll give an example of some thing I'm involved right now. It has to do with a referral contract. One client or one side says, "If I refer you to certain customers, I get a cut of the revenues. The parties are in the middle of negotiating. How far does that reach? What if I get in touch with one of your customers without your own involvement? Still your customer, but I'm the one who initiated that." Well, you have to basically to test the flexibility of the side is throw out the language that you'd like to see, maybe even a little bit farther, so you have something to give up.

  It's not much different than any negotiation of a contract, an acquisition, a piece of litigation that's out there. You have to push the envelope for what you would like to see in a contract and see how the other side pushes back. That's how you're going to tell if there's flexibility. Then the other thing you got to keep in mind is how important is the other side? Do I really need their service? Kind of like a bet the company-type thing. I must have their data service. I must have their software or vice versa. Oh boy, this is my biggest client. If this is my biggest client, my biggest customer, they're going to have a little bit more pull. That includes, and something we'll also touch upon called a most favored nation's clause, which means, I, the customer gets your best price. Well, you're not going to give that to your smallest customer, but it might give it to your biggest customer.

 

Jillian Kuehl:  Right, right, and negotiation, they call the BATNA, the best alternative to the negotiate agreement is the better alternative you have, the more power you have in the negotiation with this party. Let's move on to the contract pitfalls. What are the specific areas that people should look out for in a contract?

 

Larry Kunin:  Okay. I'm going first read off as a list. The sections that I generally jump into and I read a contract, and then I'm going to jump right into what I think is one of the more important ones, which is the ownership right that I've touched on. Most good contracts that involve technology are going to address ownership rights, who owns what's being licensed or developed. License rights, if there is no dispute over the ownership, you're still going to want an appropriate scope of the license. Indemnity, if something were to go wrong with the work product that is being provided. Confidentiality, a warranty, or disclaimer a warranty, a limitation of liability and a cap on liability. I mentioned the most favored customer, which you may hear from your largest customers. A fairly new one, data security. What are you doing about data security, and who's responsible for data security and what happens if something goes bad?

  Assignment restrictions, which basically means I am a mid-market company. I don't want to license or give you ownership of something for you to turn around and now be owned by Microsoft and assign everything that I did for you and now Microsoft is going to put their foot on me and damage my business, not from an ill way, but just because they're the owner of the intellectual property now. Insurance, when things go wrong in any contract, and here we're talking about technology, is there a requirement that somebody hold insurance? Then the entire agreement clause, we've all seen this where the contract says, this is the entire agreement of the party. It supersedes all other agreements. I'm going to talk a little bit about the importance of putting in additional sentence in there called non-reliance. Then finally, choice of law and venue for a dispute. Something goes wrong, how are you going to deal with it? Where are you going to deal with it? What law is going to apply to it?

  Those are the high-level sections that I usually dive into as an initial take in a contract. If all right, I'm going to jump right into ownership.

 

Jillian Kuehl:  Let's do it.

 

Larry Kunin:  Which I've mentioned this before, when you're dealing with software development, software is a type of intellectual property and the most common intellectual property right that is attached to it is copyright. Copyright is the creation of original works of art that are affixed on a tangible medium. Software like television shows, music recordings, artist paintings are also subject to copyright protection, and the affixing on a fixed, tangible medium is basically putting it on a hard drive. Well, even if you're putting it up in the cloud, it's landing on a hard drive. It is recorded somewhere.

  It's not the idea behind it that's protectable, that would be patent if it qualifies and that's a different topic, but as soon as somebody hits the keyboard and starts typing, they are giving rise to a copyright. The idea is being converted to something, I wouldn't call it tangible because software is not really tangible, but it is a fixed on some type of medium. Then the question comes to who owns it? If I hire Acme Software Development Company and they develop software for me, under the Copyright Act, the IP, the copyright ownership arises in whoever creates the software. If that person is an employee, it's a works made for hire and the company owns it, but if it's a contractor, an independent developer, the independent developer actually owns it. What's very important is how do I, as the person paying for the software, actually get ownership?

  I've seen too many contracts that say the works and the work product under this agreement will be considered a works made for hire by customer. Unfortunately, that is insufficient to transfer ownership because a works made for hire is defined in the Copyright Act. There are nine enumerated copyrights that can be subject to a work made for hire. That includes some of the ones I mentioned, book, painting, music, recording, but software is not one of them. It's okay to have work made for hire language, but how you actually get the ownership to another party is you assign it. You may say something like, "These works are considered a work made for hire to the extent they are not considered a work made for hire. Developer hereby assigns all work product to the customer." That is how you transfer ownership.

  Then you have to deal with what about licensing? When it comes to licensing, this could come up a number of ways. Somebody doesn't want to transfer ownerships, they are going to license it to you. It could come up that even though they're developing software for you, it might have started with a base of software that's theirs. You would have a clause says, "To the extent I don't give you ownership, I'll give you a license for everything else that's in there," but if you have a license watch out for these words that you see in a lot of licenses. "This is here by an exclusive, perpetual, irrevocable license."

  Be careful agreeing to that language if you are the developer or licensor, because the minute you exclusively license it, you can't license to anybody else. If it's perpetual, you can never cancel it, and if it's irrevocable, you can't undo it. If you're going to agree to those things, you better make sure that's what you plan on because that's effectively, it's like an acquisition. I have given all exclusive right to somebody forever. Watch out for that language. Don't enter it so automatically. Think about what the future holds for you.

 

Jillian Kuehl:  When you have a work made for hire clause, but it isn't assigned, what does that litigation look like? Do you then bring in the intentions of the party? Do you look at other communication to figure out?

 

Larry Kunin:   Unfortunately, if you just simply say, "This is a work made for hire," and if the court agrees and there's a little bit of dispute about this, but if the court agrees that a work made for hire is one of the enumerated copyrights under the Copyright Act, that you're simply going to lose as a matter of law. Intent to the parties, and this is maybe something that I should cover at a high level, because it can get very detailed. Contracts are interpreted based on the language in the contract within the four corners. If a court finds that there's an ambiguity, then the court can move on and start looking at things like intent, if necessary. Copyright questions, one where we don't need to go to intent because the law may come in and disrupt what we're looking at. For the reason I just said, that intent normally doesn't come into reading a come contract unless there's an ambiguity, means you got to really be tighten the language in the contract so you don't have that ambiguity.

 

Jillian Kuehl:  Gotcha, so let's move on to the next section of the contract that you brought up, indemnities. Tell me why that's important.

 

Larry Kunin:  Okay, so indemnity is where something goes wrong with whatever is being provided under the contract that is really the fault of the other side. Therefore, they should indemnify you. When it comes to intellectual property, it's important because let's say I retain a developer. That developer develops software. I mentioned a few minutes ago that that software may already have some preexisting elements put into it. Then one day I get a letter from somebody that says, "I found out you're using XYZ software, and actually that software is based on something I developed." Well, either I have the intellectual property rights or I don't. If some of that software is actually developed by somebody else, who's not a part of our contract, my assignment or my license could be invalid or partially invalid.

  Well, as a customer, I shouldn't be responsible for that. What you will frequently see in contracts is a provision that says that developer, licensor will indemnify the customer for third party claims should something like that arise. That's pretty common place. One thing to pay attention to is the ability to control the litigation. Just because the other side is going to indemnify you, does not necessarily mean they should control the litigation. Maybe you want to control the litigation or the claim, which will usually come with, but I at least have to tell the licensor what I'm up to. The reason we'd want to do that is at issue might be your company as a whole. I come up with an idea. I hire someone to develop it for me. I'm off and running and now I get this claim and this claim, if it succeeds could kill my business. Well, in that circumstance, I'd like to control the litigation and the other side will pay for it, but again, I'll usually put in that they get to be in the loop and approve any ultimate settlement.

 

Jillian Kuehl:  Let's move on to confidentiality now.

 

Larry Kunin:  All right, confidentiality. This is one of those things that arises just by the fact we're talking about technology. Technology is inherent with copyrights, non-public code, non-public routines, maybe trade secrets. A confidentiality clause will simply spell out what is confidential and don't use boiler plate language because there may be items that you're using from the other side that really aren't confidential, they're based on public domain information. You want to deal with that, but this is what ultimately protects the other side from disclosing your information. Let's say I hire a reseller for my software, and I need to get into their financials in order to see if I am getting the right commission. Their financials are going to be, they're going to be confidential. You'd like to spell that out. You want to make sure you have an exclusion for, I already mentioned public domain.

  If something's already out there, it's not confidential, but something could be independently developed. I've mentioned those like preexisting elements, maybe I developed something and I further modified it for you. Well, what if I then grab that material and I further develop it? Well, I'm not using your confidential information necessarily. Maybe I am, but if it's independently developed and I combine it with your software, that's not confidential to you. You do want to spell out also, rights to use the information. This could be tax advisors, could be in response to a subpoena, government investigation, those kind of things. There's usually boiler plate language, but it's important to spell that out because if you say you can't disclose my information to any third party and my accountants are third parties, it kind of causes a problem. You want to make sure you have those exclusions, but certainly don't omit a confidentiality clause from a technology-related contract.

 

Jillian Kuehl:  Warranties is next.

 

Larry Kunin:  All right, so when it comes to warranties, a lot of people simply say the software is warranted as per the documentation, or there is a warranty on the working of the software for a period of one year. These are all good things to have. In a way, they narrow the statute of limitations on a claim with regard to the workability of the software, because you might have a six-year statute of limitations for written agreements, but if that written agreement says the warranty is only a year, you've effectively limited claims related to the operation of the software to a year. Then you want to have disclaimer of remedies, and this would be things like I developed software for you. You take that software and you further develop it. I am not responsible for what you may have altered during your independent development. You want to exclude that, and then you want to address remedies.

  What is the remedy for a warranty or a violation of the warranty? It's a good thing for the licensor to limit the warranty to repair. The customer is going to want to have something broader than that, such as you must repair it and if it's incapable of repairing, then I can either cancel the contract. Maybe there is some level of damage I can get maybe a liquidated damage clause put in there for a breach of the warranty. You want to have some type of sentence about the remedies.

  Now, here's what you can't do. In virtually every state, you cannot disclaim all warranties, period. No, you can't say there are no express or implied warranties. Software is provided as is. The problem with doing that is if the other side has no remedy, then the contract could be deemed void for lack of consideration, because the other side really doesn't need to perform. There needs to be some type of remedy. Now, I'm not saying that software can't be provided as is, but you really need to spell out why it's as is. For example, this software is not fully functional and is currently under development and it is up to you to further develop it. Well, now I'm going in eyes wide open. My remedy would just be for the delivery of what you said you were going to deliver, but not the functionality.

 

Jillian Kuehl:  Is there some other limited remedy that people will use as kind of boiler plates? You said they can't exclude all remedies, but was there some kind of traditional limited remedy?

 

Larry Kunin:  Yes, so you can restrict liability and there are two ways to do it. One, is by concept and one is by dollar, and these are held to be widely valid. I've seen courts hold very, very, very strong limitation to liability clause that provides almost no remedy as valid because they provided some remedy. Now, a good customer is going to fight back on a super limitation, but let's cover the two areas that I really talked about. One's going to be by concept. Almost every software license I've seen has a clause that says liability for breach of this contract will not enable the recovery of any incidental, consequential damage, loss profits, downtime, things along those nature. What it is attempting to do is narrow the damage to out-of-pocket expenses. Software defect arises. I have to hire somebody in order to fix it because you couldn't. You have to pay for that person.

  As a result of your or software failing, I had to go out and get replacement software. You have to pay for the difference between what I was supposed to pay you and what I am paying that person, so that I am deemed to be contract neutral. Neutralize the damage. The second way, and it's usually part of the same clause, is to limit the dollar figure. That could be a fixed dollar figure it, if it's a million dollar contract, you could say all liability is going to be limited to $500,000. The more common one I see is liability will be limited to all fees payable to date under this agreement. I've also seen payable during the life of the agreement, that's subject to negotiation. What you need to avoid, and I've seen it too often, is liability limited to the amounts paid under the agreement. The reason that's bad language, if you are the licensor is because what if the customer is behind paying? What if they've been in preexisting breach by not paying you?

  Well, if your contract says paid is the limitation and they haven't paid, that's what the contract says. You want to make sure the word payable is the limitation of liability in the contract, not just paid. Not to mention, if you're the customer, you could limit your own damages by just simply not paying what's due under the contract. That wouldn't be fair. Let me just touch on one other thing. It's also okay to carve out certain types of liability, and what that would be is if there is intentional or willful conduct in the execution of the contract, such as, I know that there's a defect in what I am about to deliver, but I'm going to deliver it anyway. That can be an exclusion, if the parties agree to it in the contract.

  In other words, I'm not going to be limited in my damages and therefore intentionally or recklessly deliver something that's non-working. Kind of reminds me of the old Pinto case at Ford, although that was a punitive damage case, where Ford actually had done a calculation of what's the expected loss of life and the amount of claims that could come out of that. They thought it was cheaper to just go ahead and make the defective product. Same thing here on a much lesser scale is I intentionally deliver non-working software. I shouldn't be limited to the damages in the limitational liability clause.

 

Jillian Kuehl:  You mentioned most favored customer earlier. Can you explain more what that is?

 

Larry Kunin:  Yep. Most favored customer, most favored nations it's called. This is where you give a customer a deal where they are going to get the best price on a product. If you are licensing to them some type of software that is, I wouldn't call it necessarily off the shelf because some software needs modification, but it's the product that you sell to a lot of different people and you license it at $3,000 per user. Now, you go out to somebody else and you license it at 2,500 per user to get their business. Well, if you've got a most favored nation clause with the first customer, you would have to lower the price to that 2,500 because they get the best price. Try to get rid of this clause, if you are the licensor that. Now, I say again, if it's your largest customer, if it's a 40% of your revenue customer, and that's what they want, or they're going to go somewhere else, you might have to give up on this, but you don't see it a lot in contracts other than really big institutional contracts.

  It really does restrain your business and your potential ability to grow the business, including with that particular customer, but if you're the customer and you can get this clause, take it.

 

Jillian Kuehl:  Talk to me about data security, because this is something, it doesn't seem like anyone really has fully figured out. There was a big data breach at the federal government just last week, I believe. How does data security get worked out in these contracts?

 

Larry Kunin:  All right, this is kind of a Johnny come lately clause that we're seeing in contracts. It's because we're, again, we're talking about technology contracts. You are transferring information back and forth between the companies. You might be a company that is a data-hosting company. You may be doing data processing for somebody where you're getting a hold of their employee information. You may be processing healthcare claims as a third party administrator. You might be a vendor to Home Depot or Target, which if you remember those data breaches, those were actually vendor breaches. Then Home Depot and Target found themselves on the wrong end of claims, but really wasn't them who did it.

  Well now, you see technology contracts, if there's going to be any exchange of personally identifiable information, bank numbers, credit cards, anything along those lines, there should be a clause in the contract that talks about data security that, whether the person should be audited on a periodic basis. Who is responsible for the data security? What happens if there's a breach? Who's responsible for remedying the breach and getting notice out to people? You could build indemnification in there as a result of a breach of a data security and the release of data that the vendor, who's the recipient of the data, will indemnify you for claims related to the data breach. There should be now some type of clause that addresses that if we're talking about an exchange of data or processing data on behalf of somebody or hosting data. If it's just a straight software license and I'm not touching your data, you don't necessarily need it, but if data's at issue and that data has sensitive information, it should be in there.

 

Jillian Kuehl:  When you say it's a Johnny come lately clause, do you think it's pushing companies to be more protective of their data and beefing up security? Or is it really just making sure we know where liability goes when there inevitably is a breach?

 

Larry Kunin:  It's both. It's an awareness, which a lot of companies are becoming aware. I would say there's less of an issue of aware because it's so widely publicized how there are data breaches every day. I think people understand it's an issue. It's just, we see contracts that don't address what happens. This is more of when I say the Johnny come lately, is that people started to realize I better build in, what are your data security steps? In fact, we see this in RFPs now, requests for a proposal. We will see a question to our client, please talk about the data security that you have in place, details about your IT department, software that you may use for data security, audits that you've had on your system. You may actually see that in the RFP process. If you see it in the RFP process, you can pretty well bet that you're going to see it in the first draft of the contract.

 

Jillian Kuehl:  We talked about assignment a little bit earlier. Can you tell me a little bit more about an assignment clause specifically?

 

Larry Kunin:  Yeah, so the assignment I'm talking about here is assignment of the contract itself, not assignment of the ownership I was talking about. If I sell the assets of my company, could I sell this contract to somebody if I just simply want to sell the contract to somebody? Can I do that? That raises particular issues with regard to the future of your business. I've seen this come out a few different ways. I've got somebody who is interested in buying my company. I need to assign the contract to them. If I have a non-assignment clause, that purchaser is probably going to be a little bit less interested in me, if this is a key contract. You want to make sure you have the ability to sign in certain circumstances. A lot of times, what we'll see are clauses that say you can't assign without our consent, unless it's part of a sale of substantially all of the assets of the company or a merger.

  Then you could even have further limits on that, and here's an example. We had a client, institutional client, they acquired a company that had a site license, unlimited site license. I don't want to mention the software that was at issue, but this smaller target, let's say of 100 people had a site license for the software, which meant whether they were 100 people, 120 people, 150 people, they were licensed. Now, they get acquired by a Fortune 20 company. All of a sudden, some executives said, "Well, we just acquired a company that has a site license, and we've got 10,000 customers. Don't we get to use it?"

  Well, that wasn't really the intent of having a license of 150, but you could just put that in your assignment clause, that if you have a merger or a sale of the company as a whole, the license cannot be used for a substantially large base than the original company. That can guard your company from having, what if I was going to sell to that 10,000 person company? Would it be cheaper for them to just go acquire somebody and merge it in? I would say in the one dispute I had, cooler heads prevailed on the logic, but don't leave that loophole in the assignment clause. Just clearly spell out what are the circumstances somebody can assign and what are the carve outs or limits to that?

 

Jillian Kuehl:  What role does insurance play in these types of contracts?

 

Larry Kunin:  It relates mostly to the data security I mentioned, but it could be even a simple breach of contract or negligence by somebody. It is smart to put in a contract that if somebody's providing a service to me, such that they're more likely to be a defendant, I'm more likely to be a plaintiff, is a requirement that they carry insurance to cover whatever may go wrong. Now, having said that, most insurance policies don't cover breach of contract. Just because I don't perform what I'm supposed to won't cover that, but it might cover things like software performance, which may build into it some kind of negligence.

  My failure to deliver wasn't a matter of intent, but with some kind of negligence or just something wrong in the software. Where we're really starting to see it is cyber policies for data breach that we just talked about, which is a requirement that the side that's going to be getting my information, my data again, is what we're talking about, is going to have insurance that will jump in, should there be a data breach so I don't have to get into a fight with them over it.Then everything is delayed and the forensic examination's delayed, it would be nice to have an insurance policy that can jump in.

  I want to take a side step here to talk about ransomware, which is a particular harsh type of data breach where somebody gets into your system and then they encrypt everything and lock it. Then they demand you pay 50,000, 500,000, a million dollars, and we've seen this in the news. Ransomware is growing so fast that cyber carriers are actually getting out of the industry or the premiums are skyrocketing. You may not be able to get ransomware insurance, but you should be able to get cyber insurance for a common data breach.

 

Jillian Kuehl:  What is it that's allowing ransomware to explode somewhere recently?

 

Larry Kunin:  It's the technology by the crooks is advancing. There was a time when they were hacking into emails, hacking into systems, exploiting open back doors on the internet, installing malware through phishing emails that somebody opens and it creates the back door and they put something on the system and start monitoring your data. Well, malware took the next step, which is once I'm in the system, I run an encryption program and the only way to unencrypt is with the key. Then I send an email to the company and I say, "You've been locked out and here's how much it's going to cost."

 

Jillian Kuehl:  It just seems like that's some type of technology that would've been in existence for a while, but I guess there are some new development that they're able to come up with that's allowed to-

 

Larry Kunin:  The crooks are just getting more sophisticated and finding the better mouse trap. We saw this with the Colonial Pipeline, where they got shut down and there's actually a dispute over, not dispute, but kind of an unknown. Did the federal government help pay the ransomware? Did they not? If they did, did they get permission? The government's been somewhat secretive about it. Frankly, I agree with that because this is a matter of security. You want to really feed the criminals as to what's really the belief of the federal government, but having said it, it's a growing industry and on the other side, on the good guys side, the good guys are always going to be a step behind. Because the good guys don't know what to develop until they see something go wrong. Well already, there's software out there that blocks against ransomware, but the bad guys are going to keep developing and getting around that. It's going to be a cat and mouse for a long time, it's probably here to stay.

 

Jillian Kuehl:  Right. That's the story of humanity, I guess, is the good guys trying to play catch up to the bad guys. Let's move on, so something you'll see in a lot of different contracts is an entire agreement clause. Tell me about that.

 

Larry Kunin:  Sure, so I mentioned earlier that almost every contract we've seen has one of these clauses called a merger clause, an integration clause, an entire agreement clause. It basically says this agreement represents the entire agreement of the parties and supersedes all prior agreements, representations, et cetera. We all see that and that's all fine and good. There are two things that I'd like to point out. One, be careful when you sign this document that there isn't some other ancillary agreement you don't intend to supersede. You have a prior license agreement, you have a side license for something and you renegotiate the main agreement, and that agreement incorporated the amendment or the amendment incorporated that agreement. You unintentionally override that side agreement. You really like to make sure that you don't do that.

  There's a few ways to do that, which is just exclude them from the entire agreement clause or alternatively, you could just say this supersedes this agreement to the extent of the subject matter here in. If the side agreement was a different subject matter, you'd be okay. Here's the sentence I hardly ever see in a contract that's extraordinarily helpful. It would be a specific sentence that says, neither party relies on any representation of the other party. It's not the same thing as this, agreement supersedes a representation. It actually says, I did not rely on any representation of the other party. Here's why it's important, and there is law to back this up. I know there's a case in Florida that held this way. A way around the limits in a contract, and we see this all the time, especially in software contracts, is a fraudulent inducement claim. I have a limited warranty. I have a limitation of liability clause and that's not going to satisfy me, but things went so bad in the software development. They're so far beyond budget. They're so over time. They clearly misrepresented their capabilities.

  They will sue not only for breach a contract, but in the alternative for fraudulent inducement, which means you said something that I relied upon and entered in this contract, and it turns out what you said was false. Therefore, I want to undo this contract or at least sue for the value of that fraud, because you get a choice between resending or suing for the value of the fraud. Well, there is a case out there that I mentioned, and I think it was in Florida, that it had one of these sentences that said, I did not rely. The court said, "Wait a minute. On the one hand you say in your fraudulent inducement claim, you made a false representation, and it's a required element of the claim, I now plead. I reasonably relied on that representation, but yet I'm looking at the contract and the contract says you did not reasonably rely, so which is it? Did you reasonably rely? Did you not reasonably rely?"

  I tell people, put that sentence in your contract, you could kill a fraudulent inducement claim. Now, the customer might fight against it, but chances are, you could get that clause by.

 

Jillian Kuehl:  Another common clause is a choice of law clause. How's that work here?

 

Larry Kunin:  All right, so almost every contract has or should have what law applies to the contract. The common states that will be used are the state where the licensor or developer resides. It could be the state of the customer. I've seen language that just says simply state of the customer. It's a form, and you just look at where the customer is located and it could be the state of incorporation. Generally, there needs to be some nexus to the parties. A party in Georgia and a party in Florida who have business only in the Southeast, it would be improper to say the laws of Alaska will apply. There's really no nexus. You might get away with that one, but you won't get away with venue, and it's important.

  Lawyers understand this, clients don't always understand this, choice of law is not choice of venue. You could sue in Florida court and apply Delaware law. If you want a lawsuit or the dispute to be handled in a particular jurisdiction, you need to say, "Any disputes arising out of this agreement will be held in a court of competent jurisdiction in the state of Florida." Then that's where the dispute's going to be. Also, I'm going to mention state versus federal. The reason it's important to say state or federal court of competent jurisdiction, is to make sure you've got yourself covered with both state and federal, because you can't stipulate to federal jurisdiction. You might have federal jurisdiction depending on what the dispute is, whether it implicates a federal statute, which these contract claims usually will not. If the parties are residents of different states, but the parties don't get to say, "We agree to federal jurisdiction." If there's no federal jurisdiction, it's no federal jurisdiction.

  You need to make sure you've covered yourself by also saying state jurisdiction. There's also some state law out there that says you must file in a federal court located in X county, in the state of, and it turns out there is no federal court in that county. Well, you might lose your choice of forum. The next thing to think about is, do I really want to be in court or do I want to be in arbitration? Arbitration is a growing interest to people. I don't have a recommendation one way or the other, because I like to look at what the contract is before deciding whether or not arbitration would be appropriate. I tend to like court above arbitration as a default, but there are certain types of contracts and certain types of disputes where arbitration is very helpful. It's a much more flexible venue.

  You usually can get stuff done a little quicker. You get direct access to arbitrators, but arbitrator arbitrations have very, very, very limited appeal rights. You have to realize that you are going to have that pitfall with arbitration. Those are really the considerations for the venue. Then something to tack onto that is, do you want a dispute resolution clause or an escalation clause that says before anybody goes to court, or before anyone goes to arbitration, if that's the choice of forum, the parties will put their complaint in writing, and it will go to the project manager who will have 15 days to resolve the dispute with the other project manager. If that doesn't work out, then it goes to the vice presidents, vice president of sales or vice president of product development, whatever the case may be. Only if the dispute remains, do you then go to arbitration or court, if you have not also decided we'll go to pre lawsuit mediation, which is a voluntary settlement process, but with the assistance of a neutral mediator who tries to get the parties to settle. You'll see that sometimes that before somebody can file a lawsuit, they have to go to mediation. Again, I don't have a recommendation as to which you do because every contract is different.

 

Jillian Kuehl:  When you say you prefer courts to arbitration just generally, just by default, is that for the reason you said, is that arbitration generally, you don't have a right to appeal, and if you lose, you want to be able to have some kind of option?

 

Larry Kunin:  Yeah, and if the likely dispute's going to be a question of law, I may really want to be in court, so I get a judicial determination because juries decide facts. Judges decide law. Well, depending on what your contract is, I've seen some really complicated software development contracts, and you're going to throw that to a jury of your peers? I would much rather have a seasoned arbitrator decide those facts. What I'll look at in part is, is the dispute in the future likely going to be a legal dispute, or is it going to be a factual dispute? Factual disputes, I'd prefer to go to arbitration. Legal disputes, I'd rather go to a court. Again, not a hard, fast rule, but that's kind of my defaults.

 

Jillian Kuehl:  I've heard some people say that one of the benefits to arbitration is that it's less costly. It's a little more efficient than the court system. Now, I've also heard that that's not as true anymore, that arbitration, the arbitration courts are kind of becoming their own bureaucracy. Do you have an opinion on that?

 

Larry Kunin:  I do. I do not find arbitration necessarily less expensive in state and federal court. It probably is more often than not, but if you've got a complicated dispute that's going to require complicated document production, as well as depositions. A deposition's a deposition, and producing 1,000 documents is producing 1,000 documents. You will save some time with like, pre-trial work, jury instructions, and things like that, but overall, arbitration is not as cheap. Again, you do lose most rights to appeal. At least you're not going to have those appellate costs either. An arbitration does not necessarily go faster. I think more recently it will, because of COVID, because the courts got very back up in COVID and arbitration switched over to doing online arbitrations and mediations much quicker. Mediation arbitration seems like they're a little bit ahead on disputes in court right now.

  I've told clients that is a consideration. If you want go to court, you may not actually get a trial for two, two and a half years. You go to arbitration, we might be done within a year. That's a consideration. I want to point out, I mentioned jury a few times. What some people will do is say that the parties waive a jury. Got to be careful with the state you're in because some states do not allow you to wave a jury in advance. Georgia is one of those, California is one of those. Other states will allow jury waivers. What I've never understood, I've never seen a court address this, agreeing to arbitration is essentially agreeing to a jury waiver. The same policy that says you can't waive a jury would seem to apply to arbitration, but for some reason it doesn't.

 

Jillian Kuehl:  Let's move on to document retention policies. Can you first explain what that is?

 

Larry Kunin:  Sure, and I don't really want to spend too much money on this. Money, too much time on this, but it could save, it could save some money in the future. These days with the amount of electronic information we have, we have emails. We have hosted email, we have cloud email. We have SharePoint locations where documents are up on the cloud and shared. We have storage, locally and up on the cloud. We've got different communication forum, Slack and things like that, that normally will have the less of a retention to them. Then you're going to have your corporate documents these days that are electronic. Whether it be tax documents, regulatory documents, it's just so much out there has grown exponentially with the electronic world, that it's smart to have a document retention policy.

  In fact, in litigation, lot of litigants will ask very quickly, "I want to see your document retention policy and what have you done to preserve documents day-to-day in the company? What did you do when litigation arises?" Let me just cover some of the things that that will be in a document retention policy. The purpose, should be stated, which is to conserve computer storage, improve efficiency, make documents more accessible. I'm going to give you the side note why that's important. When you get in litigation, an obligation to preserve all evidence in all forms of evidence that in any way, touch on that litigation. If you've got something that goes wrong with a customer, you're going to want to preserve all communications with all of the sales people and the business people and programmers who worked with that particular customer.

  There's always a fear that a company is going to be deemed to delete the stuff just to kind of cover their tracks. If I just keep deleting, delete and deleting, I'll delete the bad evidence. Well, if you've got a valid purpose towards your ongoing deletion, every email gets deleted after one year on a rolling basis, for example. The purpose is to conserve computer storage, improve efficiency, and make documents more easily accessible because I got a lesser of a volume to them. That's why it's important. You want to define the top types of documents to which the policy applies. Now, I haven't seen too many policies that apply to text messages, for example, but if you get into litigation, you're probably going to be, not probably, you will be obligated to preserve text messages. Not everything you preserve will be in the retention document. The document should say, "What are the retention periods for each document type?" Again, maybe email is a year max, your tax documents, at least seven years, maybe forever. Regulatory documents, you want to keep forever. Health-related information, you probably should keep definitely keep forever.

  You should have procedures for suspending the policy for certain documents. Again, that's useful if you get a litigation hold. Describe how the policy will be implemented and communicated to people because the policy's not good if it's not enforced, then people don't know about it. You want to identify an audit procedure or at least an audit company to check that the policy is being followed. Again, what you don't want to have happen is a situation where you're caught arbitrarily deleting documents timely, and some documents untimely and some documents early, because that opens up the question. Hmm. Why did you delete certain documents earlier than another? You want it to be somewhat consistent. What's going to be in your policy will depend on the industry, your geography. Are you regulated? How sophisticated is your IT? What's your ERP system? Are you local or hosted or both?

  That's all going to come in and control what your policy is. For example, I laid out healthcare under HIPAA. You really got to retain the patient records forever, essentially, because it's owned by the patient. That's the safe way. That's why if I represent a healthcare company, and more often than not, when I represent a technology company, by their nature, technology companies tend to hold onto everything. I don't have to worry about preservation, but it is still nice if we at least have a formal policy, because I will have clients that get sued. Then I got to talk to them about preservation and they go, "We didn't have a policy," and so they do have an inconsistent destruction. Now, that's not necessarily bad because they didn't have a policy that they violated, but it still could open up the door to why were certain documents deleted on an ongoing basis, and other ones are still there?

 

Jillian Kuehl:  When it comes to educating employees, like you said, at tech companies, they're kind of used to this. They're used to preserving documents and stuff, but even I used to work construction. Even there, guys are exchanging emails and text messages, and I'm sure they're not aware of any kind of data policies. How do you educate employees? Do you recommend having annual or quarterly meetings to explain these types of policies? How do employees get to understand this sort of thing?

 

Larry Kunin:  Yeah, I would say you probably want to do it more often than every year, but that would be the minimum, but also look at your employees. If what you're talking about is a factory and people really aren't using email and they're not using their phones, that's different than somebody who's at a management level or in accounts payable or in the contracting department, where they're going to have to learn about this stuff. Almost every company I know has company meetings at some level. Department meetings, group meetings, and it should be mentioned in those meetings periodically. Especially when the policy comes out, the policy should be given to everybody or at least put in a SharePoint site and people ask to please go read the policy and then have some type of education about it because you know what happens when employees see a document that's 10 pages long, how many of them are actually going to read it?

  Very few, so you're going to want some type of summary presentation or bullet point document that could take only a couple minutes to read. Then you've got the full policy sitting behind it. It just helps to have actually had some kind of live meeting, or I've seen companies even have like questionnaires that forces you to read the policy and then ask 10 questions. If you just send out an email and say, "Hey, we got a new policy, go look at it," it's kind of hard to show you have it. Now having said that, I do know clients who are in heavily regulated industries, and they'll go through training every single month on every change of the regulation where they have to basically take online courses and then they have to fill out questionnaires at the end. It's all part of compliance. Sometimes it's a federal regulatory agency that dictates how you do that, so you don't have to come up with it on your own.

  As part of the document retention process, I tell people to also, this is an opportunity to remind employees about the following that have to do with email. Email is just the most horrendous thing that's ever occurred to litigation, unless you got the smoking gun email, and you're on the other side. What I mean by that is, think about your iPhone. I see an email from somebody I can't really crank out a formal letter type response, because I'm on my iPhone, so I type out some kind of informal, truncated response and I hit send. Well, a copy of that's now on my iPhone. Then it's going to go up to the cloud through the Apple server, so there's another copy. Then it's going to go from the Apple server over to, if I'm sending it to a partner, our exchange server, and then from the exchange server now down to their email, they're not in the office, and so our exchange now uploads that email to their iPhone.

  I just sent a very informal communication that has about six copies minimum of it to only one person who's in an internal person. Now, imagine if I copied five people and four of those people hit reply all, and two of those hit reply all. Suddenly, what was once one letter is now 106 emails copied all over the place and people tend to be very informal in email. Email is not a substitute for a conversation. Text messages might be, but email is a substitute for a writing and it lives forever. People have to think about that. Also, employee need to think about, and they should be reminded as part of this process, your email, your company email is not private. Company owns that email.

  Now, if you do go to Gmail through your browser, unless there's a policy that says you can't even do that, there is an expectation of privacy there, but you should not be using work email to communicate with your divorce lawyer, for example. You might be waiving the attorney client privilege.

 

Jillian Kuehl:  Oh, wow. [crosstalk 00:59:32], yeah.

 

Larry Kunin:  You got to be very, very careful and again, just remember it lives forever. If you are okay with it being on the front page of the New York Times, have at it, but if you don't want it on the front page of the New York Times, you might not want to draft it. How many times have we seen that in the news, the political news over the last 10 years or so?

 

Jillian Kuehl:  Right. I was going to say, that's good advice for everyone, not even lawyers for anything, anyone puts on the internet, you be prepared for it to be on the front page of the New York Times.

 

Larry Kunin:  Yep.

 

Jillian Kuehl:  We've got a few minutes left here. Let's close up with talking about eDiscovery, because that's the reason why document retention is so important is eDiscovery. Tell me a little bit about that and why it's so important.

 

Larry Kunin:  Yep, so eDiscovery used to be like something you had to do in addition to the rest of your Discovery. I did not just want to copy your contracts and your letters, but I want to get a copy of your email. Well, now everything's being done electronically. We're even signing contracts with DocuSign electronically. We're submitting tax returns electronically. Everything is electronic. The amount of Discovery has grown exponentially, but yet over time, it's becoming a little bit easier to navigate that because we've got tools that could go in and grab documents, grab email boxes, grab stuff off the cloud, it could even de-duplicate them. We can see where the sources were for each of them. We don't have to go flipping through manual files in a file cabinet. I'm not even sure the last time I saw mass rows of file cabinets.

  We, even lawyers do our filings electronically now. With COVID, I've been out of the office, I would say, more often than I've been in the office. When I go in and check my inbox, there's two pieces of paper there from the last two weeks because I got everything electronically. I didn't miss a thing, so eDiscovery is important because you're going to have opposing parties not only looking for the information, they're going to look at what's missing from the information. One of the big errors I see, I'm going to point out two, it has to do on the preservation side. The minute you get a demand letter, the minute you draft a demand letter, the minute you get a complaint, the minute you decide you're going to file a complaint, an obligation to preserve evidence arises, and the lawyer can get in trouble if the lawyer doesn't talk to the client about what needs to be preserved and who needs to be notified and where is the information?

  Well, here are two mistakes that I see. Communication goes out to the employees and it says, "Please retain everything including text messages." Okay, great. If you check your iPhone or if you check your Android phone and you go to your messaging, the settings for it, you're probably going to find that there's a default to delete them. When text messages disappear, they're harder to get back. Emails are a little easier because they're generally going to be backed up somewhere, but they can disappear and I'm going to come to ... That's going to be the second error that I sometimes see and people just forget about the text messages.

  You'll call IT and you'll say, "Turn off all auto delete on the emails." Like remember I said before, you may have an automatic deletion after a year, turn that off. Just turn that off. Only really for the people who need to be turned off. I mean, can you imagine Microsoft, they're in multiple lawsuits every single day. Can you imagine if they always held stuff? I mean, they'd have hard drives the size of California stacked up somewhere. It just can't be, everything is preserved all the time, everywhere in the company just because there's a lawsuit over a particular contract, but people do forget about that, and so they need to be specifically reminded to turn that off.

  The second error I've seen and it's just a careless error is everything is fine. Everything's on hold, and an employee, a key employee leaves the company. I've seen companies on just the knee jerk. It's the process we do. We grab their laptop. We re-image their laptop, and we wipe out their email box. Then somebody goes, "You did what? We're in a lawsuit. We need his emails." I've seen that error too many times. If you don't actually follow through with preservation and identifying the information, well, then the party can get in trouble and the lawyer can get in trouble. In a case I like to talk about, it's the Phoenix Four case versus Strategic Resources out of the Southern District in New York, which was really the district that took the lead in eDiscovery cases about a decade or so ago. This was a case where the lawyer did exactly what the lawyer was supposed to do. Talked to the client about preservation, sat down with the client, identified who were the custodians, identified where the servers were.

  Then there were depositions that were taken and after the depositions were taken, one of the servers crashed and an IT person came in, looked at the server and said, "Hey, do you know you guys have a hidden partition on this drive?" They looked at the hidden partition and there were a lot of relevant documents on it. Now, how you get a hidden partition is if you don't know how a server works is you may create an artificial, what we call a virtual drive, virtual drive T that actually looks through a location on a server, and if you delete that drive, the information will be left on a server, but nobody can actually look at it. From my laptop, I can't go into the server and look at it. They immediately notified the other side. They disclosed the information. They disclosed what happened. They produced all the information and the court sanctioned the party anyway, and the lawyer.

  The reason why was the court said you didn't ask them about the architecture of the system, which would've revealed the mapping to the server, which would've revealed the hidden ... Well, first of all, I think that's a ridiculous opinion. Lawyers are not technology experts, we're lawyers, but the point is, make sure you talk to your client about where the information is and by the way, the sanctions were not serious there. Basically, the court just said, I'm going to order that they can retake the depositions with that information, and you just have to pay for the cost of that extra deposition.

  There's a lot of opinions. I don't think we have to go through them about the obligations of a lawyer, what either they or what the client should have known with regard to where the location of information is. I don't want to scare everybody with sanctions because that's what lawyers did about 10 years ago, 12 years ago, when eDiscovery became big. Everyone said sanctions, sanctions, sanctions, and that is a threat, but the reality is to get sanctions and get serious sanctions in a case has to be pretty egregious. It has to be basically carelessness or intent in destroying something. That something needs to be at least theoretically relevant. Just because some employee left and their mailbox got deleted, and it turns out that they were just copied as an FYI on three emails, out of 1,000 in the company, probably nothing relevant there.

  Then got to think about emails. You have a sender, you have the recipient, you have CCs, you might have blind CCs. You have a copy of the email in an inbox somewhere, a sent box somewhere, maybe a deleted box somewhere, maybe filed in a different box somewhere. There's multiple copies of the email, as I mentioned before. If you can get a copy of those emails, then you really haven't lost anything. Unless it's somebody who sent emails to themselves, or somebody who was sending emails to a former employee who departed before the litigation arose. The deletion of their email box was valid. You lost one end of it, but you've got to go through all these steps. It's like six or seven steps before you actually get to where you're sanctioned, but it's a technology issue. It all starts again, with representation of a client.

  They don't have to be a technology client, but if they've got one of these technology contracts, we're talking about your volume's probably going to be even bigger. If you're doing data processing, it's going to be even bigger. If you're developing software, it's going to be even bigger. Because you've got software at issue as well. Then one, I do want to touch on this opinion that came out of Florida. There was a question raised on whether a lawyer could advise a client to alter their website after litigation arose. What if that litigation was an accusation that you have disclosed confidential information on your website, or you have a defamatory statement on your website, or you are making a claim that you con contractually agreed with of me you wouldn't make. Well, rather than just sit there and accumulate damages or increase the risk of an injunction, why can't I tell the client fix the problem?

  This was raised with the Florida Ethics Board who put out an advisory opinion, who said it is okay for the lawyer to tell the client to alter the evidence, as long as you make a verifiable copy of that evidence before you change it. We will talk to clients about like take down notices. You got a picture on your website that's covered by a copyright, take it down, but take a snapshot of your website before you take it down, so we have the evidence of what was there and when, and when you took it down. That's actually a form of destruction that is allowed.

  Similarly, I had a client once they were accused of having confidential information from somebody who sent a cease and desist letter and said, "You've stolen our confidential information. We demand that you immediately destroy all of it and then contact us about the damages." I went, "Well, wait a minute, so you want me to destroy the evidence? Is that what you're saying?" What I had the client do was, "Okay, they told us to destroy, so we're going to destroy. But before we do that, we're going to create an isolated standalone hard drive, and we're going to copy all of the information from everybody's email box over there and all of their document directories. Then they can go in and delete it. We'll be bulletproof with them because they're the ones who asked us to delete it. Then the only copy be we're going to have is one preserved for the litigation that they threatened." There's no judge, who's going to say that that was improper to preserve that evidence.

 

Jillian Kuehl:  Right, right. Well, Larry, obviously there's so much more we could get into with this, but we're out of time. This was fascinating. Frightening at times. The ransomware stuff was a little bit frightening, but overall fascinating. I really do appreciate your time. For the audience, if you guys enjoyed this, we are adding courses regularly. If you go to quimbee.com/cle, we have courses covering dozens of topics at this point, and you can sign up for our unlimited subscription to get as many courses as you want for one monthly fee. You can do our bundles, where you get all of your requirements for your jurisdiction. You can sign up for individual courses, one-on-one. That's all at quimbee.com/cle. Larry, thank you again for your time.

 

Larry Kunin:  My pleasure.




Start your FREE 7-day trial
Preview this course and the rest of Quimbee's CLE library for free with a 7-day free trial membership.
Buy this course - $49
Get access to just this course for $49

Course materials

HandoutSupplemental Materials

Practice areas


Course details

On demand
1h 11m 26s

Credit information