#CPRAM22: Corporate Counsel Roundtable–Leveraging Technology to Prevent Disputes

By Janice L. Sperow

Unlike many other alternative dispute providers that focus exclusively on conflict resolution outside the courtroom, the International Institute for Conflict Prevention & Resolution (CPR) also places a high premium on dispute prevention.

That’s right–curtailing an emerging issue before it becomes a full-blown legal dispute in the first place. CPR has challenged the corporate world to commit to dispute prevention by signing CPR’s Dispute Prevention Pledge for Business Relationships.

Business disputes impose enormous costs in loss of mission, business, focus, revenue, and relationships. Consequently, today’s savvy leaders understand the need to use every tool possible to prevent them–including increasingly available, sophisticated technology.

Four corporate leaders shared how they leverage technology to prevent business disputes at this year’s CPR Annual Meeting. Corporate counsel in-house thought-leaders joined this article’s author, CPR neutral Janice Sperow, La Mesa, Calif.’s Sperow ADR Services. who moderated a March 2 #CPRAM22 discussion on the role of technology in preventing disputes.

The panel explored data transformation’s accelerating role in avoiding litigation, securing compliance, and minimizing risk across a wide range of industries, sectors, and markets. From “big data,” software development, and retail sales, to aerospace and defense, these experts explained how they navigate the benefits and challenges of today’s technology and tomorrow’s automation.  

* * *

The corporate counsel panelists included leaders in their fields: Amy Yeung, General Counsel and Chief Privacy Officer for Lotame Solutions Inc., a Columbia, Md., data collection and management consulting firm; Nick Barnaby, Staff Vice President and Associate General Counsel at aerospace defense contractor General Dynamics Corp. in Reston, Va.; Chris Nelson, head of the Data & Operations Team for Microsoft Corp.’s Compliance & Ethics organization in Redmond, Wash., and Kenneth Oh, Vice President of Privacy for Bath & Body Works, headquartered in Reynoldsburg, Ohio..

Before Lotame, Amy Yeung started her career the conventional way, in law firm practice. She soon went in-house, joining Zenimax Media Inc., a Rockville, Md.-based global video game publisher, as  Associate General Counsel. She then moved to New York-based artificial intelligence platform Dataminr. Continuing to build on her successes, she became Deputy General Counsel at Comscore Inc., in Reston, Va., where she was integral in evolving the company to compliance with new and prospective privacy regulations, in addition to  launching Comscore products. 

Like Amy, Chris Nelson is no stranger to big data. His Microsoft position has primary responsibility for workplace- and business-conduct.  The Data & Operations Team (DOT), brings together data analysts, program managers, and legal professionals to design and operate solutions that increase the effectiveness of investigations, translate learnings into data-driven insights, and build predictive models and analytics that help the company mitigate emerging compliance risks. Chris is also a core member of Microsoft’s Anti-Corruption Technology & Solutions program, a 10-year effort to “bend the curve” of corruption by delivering expertise and anticorruption technology to governments. Chris worked as Microsoft corporate counsel before taking over DOT.

Protecting new technology, Kenneth Oh is a privacy and intellectual property attorney with more than 25 years of experience. He is a former Trademark Examiner with the U.S. Patent and Trademark Office and was of counsel with Washington, D.C.’s Baker & Hostetler, where he advised clients on intellectual property issues, litigated cases, and appeared before the USPTO’s Trademark Trial and Appeal Board. He served as Associate General Counsel at Bentonville, Ark.’s Walmart Inc., and Assistant Vice President, Privacy and IP Corporate Counsel with Miami-based TracFone Wireless Inc. before becoming the Assistant Vice President, Privacy at Bath & Body Works Inc.

Handling large government and other contracts, Nick Barnaby is General Dynamics’ Staff Vice President and Associate General Counsel, where he advises on many of the company’s most significant litigation and disputes.  Nick works on identifying and avoiding potential risks and disputes. Prior to joining General Dynamics, Nick was a partner at Jenner & Block, focusing on internal investigations and commercial litigation.

Moderator Janice Sperow is a full-time neutral, CPR arbitrator and mediator, hearing officer, special master, and Judge Pro Tem who serves on several arbitration panels, including emerging technology, complex commercial, and employment disputes. Formerly a litigator with Morrison & Foerster and then Managing Partner and Head of Litigation & ADR at Ruiz & Sperow, Janice has served as an arbitrator for more than 35 years, overseen more than 450 arbitrations as an arbitrator, and conducted more than 1,000 arbitrations as counsel. Like CPR, she also focuses on dispute prevention.

Despite their differences, the panelists shared one key innovation: they are on the cutting edge in using technology to prevent disputes and mitigate risk.

* * *

The Format: The moderator used a series of questions to launch the dialogue. Here is what the panelists shared with CPR at its annual meeting.

Question: Share with us how your company currently uses technology to prevent disputes and avoid risks.

Chris: Microsoft aggressively uses technology inside the company to fuel its compliance programs and to drive a culture of accountability and business ownership of risk. One of the critical avenues Microsoft uses focuses on increasing the use of data and data fluency on the legal compliance side so that managers and risk owners can translate historically subjective descriptions of risk into objective quantifiable indicators of why a particular risk is trending high or low as compared to the rest of the world–all in the business language they understand and work with daily. It also paints a big picture of how the risk looks over time, its scope, magnitude, and current probability. 

Amy: Lotame pulls together a lot of big data sets for commercial advertising purposes, but many companies also use these same data sets to address risk. For example, insurance and financial companies use them to round out their own data for benchmarking, context, and discrimination avoidance. Prior companies, such as Dataminr, capture social media content for immediate use on the ground, such as in the Ukraine conflict, to protect employees and personnel at risk by feeding them real-time data. Other companies use the data for anticipatory prevention such as crafting policies or developing training to address predicted risks.

Kenneth: Bath & Body Works focuses on technology use to protect privacy. In today’s world, it would frankly not be possible to practice privacy law without technology, AI, and third-party vendor software that track data, systems, and populates necessary information fields. Technology reduces the risk of human error as the AI manipulates the data.

Nick: General Dynamics likes to use technology to address the root causes of disputes. Most disputes trace back to three sources or drivers: poor business partners, poor assumptions, or poor contractual terms. For example, technology-assisted due diligence of potential suppliers or partners can uncover more information quicker than a manual review. It may reveal information that can permit the parties to structure a deal which addresses that information directly before a problem arises, or even information that permits a company to choose not to partner with a particular entity.

Question: Dispute prevention looks both backward and forward. We hope to learn from past disputes and avoid repeating them.  We also hope to use data to predict potential future problems and avoid them. How has your company used technology both to prevent repeat problems and to avoid future risks?

Chris: Microsoft has been on a multi-year journey to learn how to capture lessons from disputes, workplace investigations, and corruption cases to then try to hone them into a compass that can help point in the direction of likely problems in other places to ideally avoid them, since most risks are serial in nature. Microsoft then feeds those lessons back to the management teams to implement and thereby can avoid a whistleblower case, for example, before it happens. While Microsoft understands that reactive capabilities are critical and therefore it has hotlines, complaint, and ethical issue avenues for problems requiring immediate redress, its focus also includes a proactive approach, for if we do not proactively apply what we learned, then we have as a society have learned nothing. Reactive posturing is a long-term losing proposition.

Amy: Post-mortems are critical on all levels: individual, enterprise, strategic. Plus, the data sets can serve as an independent check to confirm that the company is on the right track. The data become a movable white board to hold us all accountable and to avoid repeating mistakes because we all share in the lessons learned based upon the data.

Question: What are some of the most underused technologies in the corporate world today? Technology that could really help prevent disputes and risk but that we are simply not taking full advantage of?

Nick: Data currently used for business purposes could often be leveraged to mitigate risk if seen through that lens. For example, a budding contract dispute in a long-term contract can often mask a bigger underlying issue, such as a failure to meet a contractual obligation. If we used the information we collect in the aggregate for business purposes for prevention purposes, we could often address concerns before they ripen into full-blown disputes. General Dynamics, and likely many other companies, could use the information they already capture for business uses and repurpose it for risk-management purposes and to escalate the issue more quickly to higher-level decisionmakers before it blossoms into litigation.

Ken: Technology tools work exceptionally well for version- and document control. [Version control tracks systemic changes in software engineering.] We actually have many tools right now that we do not fully understand and use to their maximum capabilities.

Chris: The type of tool most needed and underused depends on the type of risk. For example, for financial risks, data architecture and structure are key. At the executive level, if the company is deciding where to deploy personnel to manage risk, then visualization and constant monitoring are essential.

Question: Greater technology use certainly achieves greater benefits. But it also comes with its own challenges. What are some of the issues you have faced with increased reliance on technology and how have you navigated them?

Amy: The greater the footprint grows, the more resources the company needs to devote to it. For example, most companies adopted email without pre-planning or thought. Now, emails frequently represent litigation fodder. Well, many companies are not currently thinking of today’s email equivalent–the data and technology we are using or adopting today and how it will be used in disputes down the road. Thus, one of the key challenges both at the enterprise and commercial level is the thoughtful planned and integrated structure for technology use at your company. Earlier architecture and ongoing monitoring of data uses can create a much more seamless integration of technology and avoid some types of risk before they occur.

Nick: General Dynamics very deeply values transparency and trust. So, one of the challenges we face in any adoption of new technology is managing the culture around its implementation, requiring us to focus on alignment and trust so employees understand the purpose, need, and benefit of the technology. General Dynamics empowers employees to use and adopt the technology themselves rather than imposing it on them.

Question: How does data ethics fit in?

Amy: Awareness and enactment of data privacy regulations has definitely increased dramatically. Consumers are also becoming more conscious of the varying uses of their data. We data professionals are really looking at the ethics involved in data use and taking responsibility. We do a gut check: Are our assumptions correct? Did we start with the right questions to begin with? Is this the right thing to do?

Question: What has really been worth it in terms of return on investment? If you had to choose one technology that has most impacted your company’s bottom line in terms of dispute and risk cost savings, what would it be?

Kenneth: Privacy software. Frankly, it would subject the company to statutory liability and damages not to properly monitor the use and privacy of customer data with available technology.

Chris: Microsoft uses its own really deep stack of technological tools. In addition, Microsoft spends on securing rich, valuable data sources, especially when working with governments. We also spend on data fluency, making sure we have the personnel who can bridge the risk managers to the backend data.

Nick: Technology limiting and eliminating the environmental impact of our operations. Investing in remedial technology beyond legal requirements to reduce any lingering liability from past environmental issues that occurred before people understood the environmental impact of the chemicals and materials used.

Question: How has data automation affected your own department? Has it helped prevent disputes and minimize risk?

Ken: Access to data quickly has allowed us to prevent disputes.

Chris: Data transformed the de-escalation of the energy after an investigation or dispute. After a dispute, the stakeholders meet and determine the critical failure points. At the end of the meeting, they are energized to avoid the same problems in the future. But a manual audit approach does not have a good return on investment and tends to deenergize the good intentions and follow up. Data has transformed that phenomenon. Now, people have data and a model showing where to look next for the problem to surface and to avoid it, rather than anecdotal memories. Vertically integrating the process to avoid waiting to get answers and analytics in the middle of the process has really helped as well.

Nick: Technology has helped us diagnose legal spend and determine patterns with data analysis rather than an old-school subjective review of legal bills.

Question: Predictions–Experts predict that we will see more technological advances in the next decade than we did in the past century. Given our world’s accelerated data transformation, what area do you predict will see the greatest advancements in dispute prevention over the next five years?

Kenneth: AI.

Nick: A more-hope-than-a-prediction that conscientious folks will use technology for good purposes, such as preventing disputes, and not just to gain an advantage.

Amy: Consolidation and integration of technology uses and functions.

Chris: Natural language processing.

Moderator: Personalized and genetics-based healthcare.

* * *

Key Themes & Takeaways:

  • With greater technological advancement, comes greater responsibility.
  • Use technology in a language business managers understand to achieve common goals.
  • Real-time data allow on-the-ground, in-the-moment decision-making to mitigate immediate risks, such as supply-chain blockage due to extreme weather or civil unrest.
  • Keeping knowledgeable and current on developing technology allows companies and individuals to pivot nearly instantaneously to new business opportunities.
  • Technology-assisted due diligence can more easily permit companies to partner and align themselves with others that share their goals and values.
  • Capturing data over time illustrates the serial risks companies face, their pattern, and where they are likely to surface next.
  • Technology allows society to turn its past lessons more easily into future remedies.
  • Repurpose and leverage data already captured and monetized for business uses to prevent disputes.
  • Understand and use all the features of your technology.
  • The nature of the risk will often dictate the best technological tool to prevent it.
  • Data ethics must be a conscious part of all technology use.
  • Ultimately, technology is only as good as the uses to which we, as humans, put it.

* * *

Take the Pledge:

If you agree that dispute prevention should play a vital role in our economy and society but are not sure where to begin, start by taking the CPR Dispute Prevention Pledge for Business Relationships. If you would like to become more active in dispute prevention, join CPR’s Dispute Prevention Committee, or if the intersection with technology sparks your interest, join CPR’s Technology Advisory Committee. Contact CPR Senior Vice-President Ellen Parker at eparker@cpradr.org. For other questions or information about this article or the roundtable, contact Janice Sperow at janicesperow@sperowadr.com

CPR members can access the roundtable video and other #CPRAM2022 sessions after signing in here.

* * *

Author Janice Sperow is a full-time neutral, arbitrator, mediator, dispute prevention facilitator, and Hearing Officer specializing in mass claims, healthcare, technology, employment, and all commercial matters. She works on domestic and international matters at her La Mesa, Calif., firm, Sperow ADR Services. Her previous CPR Speaks article was “Increased Mobile Health Triggers Increased FTC Enforcement, and Points to a Need for Dispute Prevention Efforts,” CPR Speaks (Nov. 4, 2021) (available here).

[END]

Notes from AM 19/ Preparing For the Robo-Revolution: Arbitrating Smart Contract Disputes

By Shannon Collins

Following up on last week’s CPR Speaks post on the CPR Institute’s 2019 Annual Meeting—see “The ‘Risky Business’ of NAFTA, BITs, ITAs and Global Trade” (March 21)–blockchain, artificial intelligence and “smart” contracts were the focal points of CPR AM19’s Session 7, “Preparing for the Robo-Revolution: Arbitrating Smart Contract Disputes.”

On Friday, March 1, panelists Daniel E. Gonzalez, a Miami partner in Hogan Lovells; Andrew James Lom, a partner in the New York office of Norton Rose Fulbright; Lee Schneider, a New York-based general counsel at block.one, a Grand Caymans company that publishes protocols enabling blockchain transactions; and moderator David L. Earnest, Shearman & Sterling partner in Washington alerted attendees to the increasing use and necessity of technology in arbitration, as well as the legal professional overall.

The session’s topics included the use of technology in arbitration today, an overview of blockchain and an introduction to Ricardian contracts.

Daniel Gonzalez started the panel off by discussing the arbitration technology. He noted that general counsels are pushing for more use of technology because they strongly believe it will increase efficiency. Software can be used to help appoint arbitrators, conduct document review, aid in document production, manage costs and assist with research.

Picking arbitrators with artificial technology poses several issues, Gonzalez explained. While it can assess a likely outcome of a case using algorithms, these algorithms rely on correlation on a purely mathematical level, while legal disputes are based on causation.

These algorithms can also be biased, which seems counterintuitive, but they are programmed by people. People are inherently biased and the data sets that they use as a base for the algorithm may reflect those biases, which in turn can affect the outcomes.

Lee Schneider echoed this concern, noting that people working in artificial intelligence are grappling with getting the right data set because if the data is skewed, then it can result in biases. Programmers must be careful and judicious about the elements of the data sets.

The discussion noted that even if they are carefully coded, algorithms can still fail to see the human factor in disputes that an arbitrator may see. An arbitrator could be swayed on a deeply personal level by an argument and rule in a way that is inconsistent with their history. The algorithms cannot account for this. In arbitration, this means there will be accurate data available for the arbitrator to consider when ruling on a case.

Gonzalez brought up questions of “robo-arbitrators,” which are not yet replacing arbitrators, but that Gonzalez says will play an increasing role in the process and is something we should all embrace. Not many institutions have rules specifically requiring “natural persons,” Gonzalez informed the room, which brings interesting determinations of whether Due Process is satisfied with the use of a robot as arbitrator. Another concern with robo-arbitrators is their inability to provide reason for a decision. They purely provide an outcome.

Gonzalez also discussed technology specifically in the context of construction disputes. Drone technology collects data that can be useful for monitoring tagging of each piece of equipment or material as well as tagging workers. By using a tagging system, the supply chain and the project’s progress can be tracked entirely from inception to construction, thereby ensuring transparency and efficiency.

The tagging systems are an example of the kind of data that can benefit by storage on a blockchain. As explained by Andrew Lom, the blockchain is a database where data lives in blocks. The chain links these blocks together through a crypto-relationship. These blocks are sealed once a new block is added to the chain and it is incredibly difficult to alter a block once the new block is added, because additions are conspicuous and documented.

Lom emphasized that the blockchain is not automated or perpetual. You need people to pay attention to the database, he said. This doesn’t mean that it would always need to be monitored, but without attention, then it could fall apart, because alterations in blocks of data could go unnoticed.

The blockchain serves as a useful tool on which smart contracts can be stored. A smart contract is a self-executing contract. Lom equates it to when a bank is authorized to automatically pay the minimum on a credit card. It is done automatically without the debtor’s need for immediate implementation.

Smart contracts are written in code like a computer program. Ricardian smart contracts are contracts that are written partially in computer code and partially in human-readable language. (A smart contract usually describes the terms and contains codes that execute electronically under the contract’s terms, while a Ricardian contract is similarly linked to code, but is usually fully realized whether executed or not.) According to Lee Schneider, this introduces the human element into drafting smart contracts. Humans serve as a check for the execution of the contract. They can discover when something goes wrong and resolve the issue.

Andrew Lom posed the problem of bugs in the code. If the code is flawed, could that constitute a drafting error? A person would have to catch it and correct it. Could that correction potentially be modifying the substance of the contract?

These are questions and problems that will be answered only in time. As for now, Schneider noted, we are all participating in a digital world.

* * *

The author is a CPR Institute Spring 2019 intern.

Uber Eliminates Mandatory Arbitration of, and NDAs for, Sexual Assault and Harassment Claims

AnnaBy Anna M. Hershenberg, Esq.

Uber Technologies Inc. announced that it will no longer require its customers, drivers or employees to arbitrate sexual assault or harassment claims, and that it would allow victims to decide whether to enter into non-disclosure agreements or confidentiality provisions as a part of any settlement with the company.

Uber is the second tech company to announce it has changed its dispute resolution policies in response to the #MeToo movement, following Microsoft’s December move.  Brad Smith, “Microsoft endorses Senate bill to address sexual harassment,” Microsoft blog (Dec. 19, 2017)(available at http://bit.ly/2mR65jR).

In a blog post yesterday, “Turning the lights on,” Uber’s Chief Legal Officer Tony West announced the details of three major changes to Uber’s policies. Tony West, “Turning the lights on,” Uber blog (May 15, 2018) (available at https://ubr.to/2KrVhD1).

First, Uber states it “will no longer require mandatory arbitration for individual claims of sexual assault or sexual harassment claims by Uber riders, drivers or employees.” The company instead will allow victims to choose whether to mediate, arbitrate or litigate their individual claims.

In an interview with the New York Times, West confirmed that the “waiving of arbitration only applied to those claims and not for other legal claims, like discrimination.” Daisuke Wakabayashi, “Uber Eliminates Forced Arbitration for Sexual Misconduct Claims,” New York Times (May 15, 2018)(available at https://nyti.ms/2GjbBTW).

West also noted that the new policy applies “to people currently in arbitration with Uber over sexual assault or harassment claims.” Id. 

The Uber blog post specifically states that the company waives application of mandatory arbitration to “individual” claims, still barring class actions. Notably, as of the writing of this blog post, Uber’s driver agreement still contains a mandatory arbitration clause.  Uber US Terms of Use (Dec. 13, 2017)(available at https://ubr.to/2jrKPBW).

Second, Uber will no longer require people who settle sexual harassment or abuse claims with the company to sign confidentiality provisions or NDAs that forbid them from speaking about their experience in order to “help end the culture of silence that surrounds sexual violence.” Tony West, “Turning the lights on,” Uber blog (May 15, 2018)(available at https://ubr.to/2KrVhD1).

This does not appear to prohibit victims from agreeing to keep the terms of the settlement confidential. “Whether to find closure, seek treatment, or become advocates for change themselves, survivors will be in control of whether to share their stories,” the blog post states.

Third, Uber has committed to publishing “a safety transparency report that will include data on sexual assaults and other incidents that occur on the Uber platform.” Id.

Soon after Uber announced these changes, competitor Lyft announced the same changes, and said on Twitter it would join Uber in producing a safety report.  Johana Bhuiyan, “Following Uber’s lead, Lyft is also allowing alleged victims of sexual assault to pursue cases in open court.” Recode (May 15, 2018)(available at https://bit.ly/2ILLXfO).

Some news sources have linked Uber’s policy change to its hopes for an initial public offering in 2019, and mounting public pressure following a CNN investigation, which found that 103 U.S. Uber drivers had been accused of sexual assault or abuse in the past four years.  Daisuke Wakabayashi, “Uber Eliminates Forced Arbitration for Sexual Misconduct Claims,” New York Times (May 15, 2018)(available at https://nyti.ms/2GjbBTW); Stephanie Forshee, “Uber CLO Explains Decision to Scrap Mandatory Arbitration Clauses and NDAs Around Sexual Harassment, Assault,” Corporate Counsel (May 15, 2018)(available at https://cnnmon.ie/2I35QyI); see also Sara Ashley O’Brien, Nelli Black, Curt Devine and Drew Griffin, “CNN investigation: 103 Uber drivers accused of sexual assault or abuse,” CNN Money (April 30, 2018) (available at https://cnnmon.ie/2I35QyI).

Uber’s Tony West, however, insists that the new policies are aimed at winning back the “public’s trust,” “respect of customers [Uber] lost through [its] past actions and behavior,” and, in the words of the company’s new “cultural norm,” to “do the right thing, period.”  Tony West, “Turning the lights on”, Uber blog (May 15, 2018) (available at https://ubr.to/2KrVhD1); see also Dara Khosrowshahi, Uber’s new cultural norms, Linked In (Nov. 7, 2017)(available at https://bit.ly/2jaoiL7)(the author is the company’s chief executive officer).

The legal profession’s use of mandatory employment arbitration also has recalibrated, at least at some firms, in the wake of the #MeToo movement. In March, major law firms, including New York-based Skadden, Arps, Slate, Meagher & Flom, San Francisco’s Orrick, Herrington & Sutcliffe and Los Angeles’ Munger, Tolles & Olson announced they would no longer require employees to sign onto mandatory employment arbitration agreements. The moves followed a Twitter attack invoking #MeToo directed primarily at Munger.

And on Monday, Yale Law School sent a letter on behalf of top law schools asking law firms that recruit on their campuses to “disclose whether they require summer associates to sign mandatory arbitration agreements and nondisclosure agreements related to workplace misconduct, including but not limited to sexual harassment.” Staci Zaretsky, “Elite Law Schools Demand That Biglaw Firms Disclose Whether Students Will Be Forced to Sign Arbitration Agreements,” Above the Law (May 14, 2018)(available at https://bit.ly/2ILJMZU).

 

Ms. Hershenberg is Vice President of Programs and Public Policy at CPR. She can be reached at ahershenberg@cpradr.org.

CPR Appoints New Cyber Panel Ahead of Anticipated Increase in Data Security Disputes

By Kate Wilford, Hogan Lovells (London)

The International Institute for Conflict Prevention and Resolution, a New York-based organisation offering Alternative Dispute Resolution (ADR) services, has recently announced the launch of a new specialised panel of neutrals, commissioned to deal with cybersecurity disputes. The Cyber Panel is composed of experts in cyber-related areas such as data breaches and subsequent insurance claims. In a press release, Noah Hanft, President of CPR, described the new panel as guiding the “critical effort” by businesses to “prevent and/or resolve cyber-related disputes in a manner that best protects operations, customers and reputation” due to attacks now occurring with increased frequency and sophistication.

CPR’s decision to establish a specialist cyber panel addresses a perceived need for arbitrators and mediators with relevant expertise, given that data protection and security breaches are regarded as an increasingly common cause of technology, media, and telecommunications (TMT) disputes, and therefore a significant growth area for commercial dispute resolution. According to the 2016 International Dispute Resolution survey on TMT disputes conducted by the School of International Arbitration at Queen Mary University of London, respondents predicted a 191% increase in disputes related to data/system security breaches, the largest growth area identified by the survey.  Despite the fact that only 9% of respondents had encountered such disputes over the last five years, 79% of respondents thought that they were either likely or very likely to arise over the next five years. The survey also suggested that data breaches are most often caused by employee action, followed by malicious third party attacks, with both being more common than breaches caused by system failures.

Given the significant reputational and financial damage that can result from a data security breach, it is crucial to resolve subsequent disputes through the use of a reliable procedure which is tailored to the wider commercial context. This is why TMT companies are increasingly often turning to international arbitration which, as the survey shows, was respondents’ preferred mechanism for resolving disputes in the sector. Compared to the 43% of respondents who expressed a preference for arbitration, only 15% chose court litigation as their most favoured option. However, at present, litigation remains the most used mechanism in practice, used in relation to 44% of TMT disputes over the last five years. In that regard, the authors of the survey add that many of these disputes arise from contracts which were concluded long before arbitration grew in popularity and consequently, they do not include an arbitration clause. If this is true, we are likely to witness a significant increase in the number of TMT arbitrations. Indeed, 82% of respondents believed that there was likely to be a general increase in TMT arbitrations.

In general, the survey suggests that TMT companies may require more confidence in international arbitration in order to make this theoretical preference a reality. One way in which this could be addressed is by increasing the number of arbitrators with specialist knowledge of the sector and the specific issues in dispute. This approach appears to correspond with the views of the respondents to the Queen Mary University of London survey, which identified the technical expertise of the decision maker as an important aspect when deciding on a dispute resolution mechanism, as well as decision makers. In light of this conclusion, it was a logical step for CPR, which already has a series of specialist panels in other areas, to appoint a specialised Cyber Panel which may appeal to parties faced with disputes relating from data security breaches. More generally, there seems to be a wide consensus that cybersecurity-related arbitration is going to be an area of future growth.

Kate Wilford is a Senior Associate in Hogan Lovells’ London office. She represents international companies in large-scale, international commercial disputes. Her practice focuses on international arbitration (most frequently under the ICC, LCIA and UNCITRAL rules) and associated court litigation, including challenges to and enforcement of arbitral awards. Ms. Wilford’s full bio can be accessed HERE.

This post was originally published at http://www.hldataprotection.com/2017/08/articles/cybersecurity-data-breaches/cpr-appoints-new-cyber-panel-ahead-of-anticipated-increase-in-data-security-disputes – the Hogan Lovells Chronicle of Data Protection blog. It was also republished on the firm’s international arbitration blog, ARBlog and is republished here with permission.

CPR Launches New Cyber Panel Focused on Security Disputes and Related Insurance Claims

A cyber security breach occurs, possibly exposing consumer or other sensitive information. What happens next, at the corporate level?

Certainly underlying any serious cyber event are the questions of who is responsible, who is going to do what to remedy it and who is going to pay for it, including related insurance issues that will arise.

“With attacks occurring with both greater frequency and sophistication, smart companies and their counsel are adopting proactive strategies to prevent and/or resolve cyber-related disputes in a manner that best protects operations, customers and reputation,” said CPR President & CEO, Noah J. Hanft.

With CPR’s announcement, today, of a new CPR Cyber Panel, now those strategies can even more squarely include CPR, as well as thoughtful options outside of traditional litigation. The CPR Cyber Panel contains neutrals who are expert in data breaches and other cybersecurity issues, as well as those experienced in handling related insurance coverage disputes.

“Mediation of cyber security disputes and insurance claims if done by the right individuals can drive substantial value to all parties,” said Daniel Garrie, a longtime CPR Distinguished Neutral, Editor-in-Chief of Law & Cyber Warfare and CPR Cyber Panel member. “Of course, it is critical that your mediator have the mediation experience and real-world technical cyber expertise to ensure the right outcome. If done by the right individual supported by a quality ADR organization with strong rules and protocols, an entity will be able to realize the benefits a cyber security neutral.”

In the Law360 article, “Growing Demand for Mediation of Data Breach Disputes,” Barton LLP Partner and CPR Cyber Panel member Kenneth N. Rashbaum stated, “For reasons of financial savings, efficiency and plain peace of mind, those who prepare agreements in technology areas have increasingly turned to mediation and other dispute resolution clauses and this, in turn, has created a demand for mediators with backgrounds that comprise multiple practice areas, including cybersecurity, privacy, technology transactions and litigation. And they should open to dispute-mitigation alternatives. For example, arbitration clauses have been around for a very long time but newer and possibly less expensive modalities include ‘cooling-off and mediation’ provisions that require the aggrieved party to notify her counterpart of the disputed matter and then, only after a certain period of time, the parties will proceed to mediation and can only go further, to arbitration or litigation, if mediation fails.”

“One of the things CPR has particularly prided itself on, over its 40 year history, is being both tuned in and highly responsive to the needs of our members and the ADR community as a whole,” said CPR’s Helena Tavares Erickson, Senior Vice President,
Dispute Resolution Services and Corporate Secretary. “CPR’s new Cyber Panel is a perfect example of that dynamic in action: We were told about increasing cyber-related dispute resolution needs, and we acted. We encourage the community to let us know its needs as we are ready to act.”

CPR’s Panels of Distinguished Neutrals comprise those among the most respected and elite mediators and arbitrators in the world. They include prominent attorneys, retired state and federal judges, academics, as well as highly-skilled business executives, legal experts and dispute resolution professionals who are particularly qualified to resolve all business disputes including those involving multi-national corporations or issues of public sensitivity.

Focusing in more than 20 practice areas, CPR’s esteemed arbitrators and mediators have provided resolutions in thousands of cases, with billions of dollars at issue worldwide. Admission to one of CPR Panels occurs only after an individual is reviewed and approved by CPR and/or a select panel of high-end users, peers and/or academics. Candidates are screened for their ADR expertise and training, and candidate references are asked to comment specifically on the applicant’s qualifications to serve on complex commercial disputes. Qualification to the CPR roster is demanding and available openings are limited.

“Once again, Noah Hanft and CPR are leading the way in dispute resolution,” concluded Steven J. Antunes, Senior Litigation Counsel at AEGIS Insurance Services, Inc. “As the law regarding cyber security evolves and the claims become more sophisticated , the most cost effective manner in which to resolve cyber-related disputes may very well be through mediation.”

Removing Anger in a Mediation Allowed Parties to Settle

StephenGilbert By Stephen P. Gilbert

I conducted a mediation several years ago between two companies in the healthcare field, one a small high-tech company (“Company A”) and the other a much larger conglomerate. The smaller company had invented certain cutting edge technology (“Technology A”), which held great promise but required a substantial investment of money and personnel (scientists and engineers), each of which Company A had little of, to finish the R&D work and bring Technology A to market.

Company A had entered into a joint development agreement with the conglomerate to conduct the R&D work and, if possible, commercialize the technology, which Company A hoped would be used in some of the conglomerate’s products. The agreement provided that if Technology A were commercialized and used in the conglomerate’s products, the conglomerate would pay a running royalty to Company A. The few scientists and engineers of Company A worked closely with the scientists and engineers of the conglomerate and disclosed significant confidential information to them to aid in the R&D work. The conglomerate also loaned substantial capital to Company A (covered by a promissory note) because Company A was operating on a shoestring.  The agreement contained a stepped dispute resolution clause: in case of a dispute, executives of the two companies were to confer to try to resolve the dispute; if that did not work, they would go to mediation; and if that did not work, to arbitration.

A year or two after entering into the joint development agreement, the conglomerate acquired a small company (“Company B”), which had developed its own technology (“Technology B”), which, with sufficient and successful R&D work, could be used instead of Technology A in the conglomerate’s products. Both Technology A and Technology B were also potentially useful in third-party products, not just the conglomerate’s products.

Sometime after acquiring Company B, the conglomerate terminated the joint development agreement, requested payment on the promissory note (as it had the right to do) and eventually started marketing products incorporating Technology B.

Company A accused the conglomerate of purposely trying to harm Company A and prevent commercialization of Technology A. The actions of the conglomerate to which Company A pointed included acquiring Company B, terminating the joint development agreement, demanding payment of the debt, and using Company A’s confidential information to help develop and commercialize Technology B. Company A said it would now have to try to raise money to pay the debt and at the same time would have to try to find a new R&D partner, since it still could not afford the R&D work required (nor did it have sufficient personnel) to commercialize Technology A.

Company A said commercialization of Technology A would now be substantially delayed or altogether prevented and that it might have to cease operations. It noted that the conglomerate would not have to pay any royalty for using Technology B in its products because the conglomerate owned that technology through its acquisition of Company B and, if the conglomerate wished to do so, it could license Technology B to third parties without worrying about competition from Technology A, since Technology A was not yet ready to be commercialized (and might never be).

After reviewing the two confidential mediation statements and speaking ex parte with each side prior to the mediation session, it seemed settlement was possible but getting there would not be easy.

There were about ten people from each side present at the joint mediation session: Company A had business people, investors, technologists, and outside counsel; the conglomerate had business people, in-house lawyers, and outside counsel. There were no technologists from the conglomerate present. I suspected this mediation was make or break for Company A; I doubted it had the money to litigate against the conglomerate.

Each side made a short, polite opening statement, and we then split up for caucus sessions. I started with the Company A team. It was the first time I was speaking in a caucus session with anyone on the Company A team other than its outside counsel. Company A did not mince words: it was positive that all of the conglomerate’s actions had been part of a long-term plan to harm it and delay commercialization of or kill Technology A. Everything it said about the conglomerate was laced with anger.

I went to see the conglomerate team. The conglomerate felt it had done nothing wrong. That was the same message that had been conveyed to me by its outside counsel during my discussions with them before the mediation session.

One of the conglomerate’s in-house counsel who was present had been involved with the joint venture when he was a junior member of the conglomerate’s legal department (he was now significantly higher up in the department). I asked what he had done with respect to the joint venture, and it became apparent he was a goldmine of information. He had participated in drafting the joint venture agreement, had helped “administer” that agreement for the conglomerate, knew about the substantial money it had spent and R&D efforts its technologists had made on Technology A, knew (at a high level) about the technical problems that had been encountered, and knew (at a detailed level) how the decisions to abandon the technology and terminate the agreement had been made. He also knew about the “wall” the conglomerate had put in place between its people working on Technology A and those working on Technology B.

During the pre-mediation session ex parte discussions, I had asked each side that, if possible, people familiar with the joint venture relationship be at the mediation, but the depth and breadth of this individual’s knowledge was more than I could have hoped for. I asked if he would feel comfortable sharing some of this information with the other side, and I also asked lead in-house and lead outside counsel if they would feel comfortable with his doing so. They asked why; I said I thought it might be helpful, added that I didn’t see any downside (since all the information would likely be disclosed during discovery if mediation didn’t work), and received yesses from everyone. Then I went to see the Company A team.

I told them I had had a helpful discussion with the other side and asked if they would be interested in hearing some information directly from the other side (since I could never do as good a job as the conglomerate’s people could of imparting the information). The Company A team said it saw no downside, and I asked both sides to reconvene for a joint session.

It was less than two hours since the original joint mediation session had started. I asked the in‑house counsel who had given me all the information to address the other side. I said that in particular what might be helpful for the other side to hear was the history of the conglomerate’s effort to develop Technology A, the problems it had encountered, and how it had come to make the decisions to abandon Technology A and terminate the agreement.

The conglomerate’s in-house counsel began by recounting the history of his involvement and then turned to the R&D efforts that had been made and the money that was spent. At first, the Company A team just listened but soon started asking questions, which the in-house counsel answered without hesitation. I didn’t speak again until there seemed to be a logical break point, at which time I suggested we have lunch.

After lunch, he was asked more and more questions by a few members of the Company A team, some rather pointed. Others from the conglomerate’s team started to chime in. It was a lively, sometimes loud discussion. I said little except to suggest breaks when I felt it was appropriate and to remind everyone it would be better if people spoke one at a time so everyone could hear what was being said. We broke for dinner and agreed to reconvene the next morning.

The next morning, the Company A team started by discussing what it would like to see in a settlement. Bargaining ensued. Agreement was reached late afternoon, and a heads of agreement (which provided for subsequent negotiation of a comprehensive agreement) was negotiated and executed, after which we all shook hands, each side thanking the other for participating and congratulating it on reaching agreement.

It was then that the key decision-maker of Company A shared with me and with the key decision-maker of the conglomerate the following. At the end of the first day, while the Company A team was returning to its hotel, he said to his team that in view of what they had heard from the conglomerate’s in-house counsel who had spoken at length and provided answers to their questions, they might have been wrong about what had happened and about what they had been sure was the conglomerate’s bad faith. His team sat at dinner that evening talking about what they had heard and came to agree with him. Once that happened, their feelings of anger dissipated and they started to focus on how to resolve the dispute.

We were lucky to have in attendance a smart individual from the conglomerate’s side who had sufficient first-hand knowledge of the entire situation and could present information (including answering probing and pointed questions from the other side) in a non-confrontational, believable way. There is no way of my knowing, but I think it would have been difficult, if not impossible, to have reached settlement at that time if the anger Company A felt and had expressed to me so strongly had not been removed.

Stephen P. Gilbert (www.spgadr.com) is a CPR Distinguished Neutral, CEDR Accredited Mediator, American Arbitration Association Commercial Master Mediator, Fellow of the College of Commercial Arbitrators, Fellow of the Chartered Institute of Arbitrators, Fellow of the American College of e-Neutrals, Member/Panelist of the Silicon Valley Arbitration & Mediation Center, and was a computer programmer, a chemical engineer, and a patent attorney.

Avoiding and Resolving Information Technology Disputes (CPR Master Guide)

By Meghna Talwar

The latest survey released by Queen Mary University of London, in collaboration with Pinsent Masons (“the Survey”), highlights the growth of ADR in Technology, Media and Telecommunications (TMT) disputes. The Survey records 67% of the total disputes which are IT related.

Foreshadowing this important development, in 2005, CPR’s IT Committee released its master guide titled “Avoiding and Resolving Information Technology Disputes” which provides detailed information about resolution of IT disputes with the help of ADR mechanisms. The master guide’s 7 chapters provide different methods for addressing IT disputes from avoiding them in the first place to resolving them by arbitration. The first chapter gives companies a head start to set things in place prior to dealing with external parties. The chapter provides cues on how companies can assess, prioritize and define their goals and identify the possibility of dispute in the long run in order to plan their resolution techniques right from the beginning.

Chart 5 of the Survey states that 61% of the disputes related to IT systems are caused due to delay. The survey also mentions that such delay may be caused due to several attributing factors rather than one cause. Chapter 2 of the master guide suggests practices which companies may adopt to avoid delay. The chapter which is titled “Avoiding Disconnect Between Negotiation and Implementation” describes ways in which companies can formulate healthy negotiations with other parties thereby building a strong working relation with them. The chapter also focuses on how parties can develop a good understanding of the project as well as their own interpersonal relations which could ultimately lead to limiting the risk of contracting any disputes.

While Chapter 2 discusses building strong relations, Chapter 3 encapsulates the technique of building a strong project foundation based on strong partnerships. The chapter highlights the advantage of building partnerships at an early stage and describes methods to sustain such partnerships once they are formed. Also, the chapter offers interesting suggestions on conducting workshops with stakeholders to create synergistic relationships.

Often guidelines are limited to dos and don’ts of a process which are purely theoretical in nature. However, Chapter 4 of the master guide carries out case study of an IT dispute which enables companies to understand the practical implications of the master guide. The case study is an interesting concoction of facts and analysis with suggestions from the IT professionals who comprised the CPR IT Committee. Thus, the master guide provides a well-rounded view of IT disputes and the complications involved therein.

The Survey states that 50% of the respondents prefer mediation followed by 47% who prefer arbitration. Hence, there is an earnest intention on the part of the companies to resolve disputes without resorting to courts. However, it would be effective to resolve disputes at a preliminary level. Chapter 5 of the master guide speaks about the use of hierarchical positions to defuse disputes at an early stage. The chapter also emphasis on the need for protecting stakeholders, thereby maintaining a dispute-free atmosphere.

Chapter 6 introduces the concept of appointing a standing neutral. The chapter describes a standing neutral as someone who is appointed as a neutral in advance of any conflict. The appointment of a standing neutral could save the parties a substantial amount of time and cost in a way that the parties would get neutral assistance immediately on detecting a dispute without having to search for it when the dispute arises.

It is understandable that in certain cases it is impossible to avoid disputes despite adopting prevention mechanisms. Proliferation of social media is an example of unavoidable disputes. The Survey recorded 93% disputes arising out of social media attacks and 54% disputes arising out of traditional media attack. Chapter 7 of the master guide describes the dispute resolution program which companies may adopt if avoidance strategies do not work. The Survey points out the importance of Dispute Resolution (DR) policies which companies adopt. It stated that only 25% of the respondent companies did not have a DR policy. Thus, Chapter 7 could be helpful for companies which fall within the 25% bracket and could give the remaining 75% some tips for improvement, if required. The chapter also introduces the CPR Rules on Expedited Technology Dispute Resolution which includes rules for both arbitration and mediation proceedings.

The CPR master guide was introduced long before the introduction of the Survey. However, from the Survey it is quite evident that the issues revolving around IT disputes that were discussed in the manual remain to be a cause of concern, even today. Hence, the master guide proves to be an effective tool for addressing such problems and acts as a catalyst to innovate and introduce mechanisms for resolving IT related disputes.

Meghna Talwar is a fall intern at CPR.

To order a copy of CPR’s Master Guide, “Avoiding and Resolving Information Technology Disputes,” click HERE. And be sure to browse our many other publications in The CPR Store HERE.

 

The Future of Online Dispute Resolution: Transformation & Preservation

On June 5, 2015, CPR President & CEO Noah Hanft delivered the keynote address at “ODR 2015,” held at Pace University Law School — an event that brought together the world’s leading online dispute resolution (ODR) practitioners, policymakers, entrepreneurs, members of the judiciary and academics.

Over the past few years, use of online dispute resolution has grown and matured in ways that are astonishing, both in the range of uses and the speed with which it has been embraced. Mediation and arbitration are rapidly moving online. Consumers, businesses and lawyers increasingly expect to be able to resolve any issues that arise 24 hours a day and 7 days a week, right from their laptops and tablets. Transactions also now routinely cross the globe, and disputants are unwilling to sort out complex issues of jurisdiction every time a problem crops up.

Enter ODR, which is the application of information and communications technology to the practice of dispute resolution. Demand is growing steadily. Continue reading