In my work as a business development coach and trainer, many of my experienced attorney clients have been complaining to me that they are struggling to incorporate business development activities into an already active practice inundated with client demands. Top that with record high numbers of associates quitting (more than one in four in 2021 according to the ABA Journal), and investing in genuine and meaningful relationships with the associates in your firm has never been more important. 

Good associates help you provide your clients with high-quality work, allow you to scale your practice, and can alleviate you from performing mundane tasks, thus providing you with newly found time to be intentional and proactive about the kind of work you want more of. A focus on associate development can be directly related to your future success as a partner. And with both the shift to remote and hybrid work arrangements and the cultural changes in expectations around work among younger generations, there are new challenges and considerations attorneys need to think about while working with junior colleagues.

To create a climate of inclusion that generates loyalty from your associates, expands your book of business, and ultimately improves your firm, consider these steps:

• Meet with associates regularly to connect on non-client/matter related topics. Find out what their goals are. Are they interested in partnership? What kind of work is most interesting to them? What kind of clients are they hoping to work with? A real estate partner we work with blocks out breakfast on the first Friday of every month to meet in person with one of the associates in his department. A partner at a boutique intellectual property firm has a regular reminder in her calendar to schedule a quarterly Zoom “coffee meeting” with each of her associates.
• Whenever possible, provide associates with opportunities on matters that are in line with their individual goals. Do your best to help associates connect the dots between the matter and their career objectives. 
• Include the associate working on your matter(s) in as much of the process as you can: client strategy meetings, calls and emails. Invest extra time providing associates with your insights and a window into your thinking and problem solving.
• Encourage your associate to focus on their professional reputation. Consider collaborating with an associate on a thought leadership piece in line with their ideal career trajectory. An entertainment law partner client recently worked with an associate interested in NFTs on an article about the inclusion of NFTs in talent contracts, ultimately raising the associate’s visibility and credibility in the space along with the partner’s.
• Offer guidance and provide constructive criticism. Help the associates you work with improve and grow as legal practitioners and business developers. Be respectful, truthful, and candid.
• Use the technology available to the firm that your associates are using, whether that is Microsoft Teams, Slack, or something else. You need to meet the associate where they are if you want to foster a successful connection and the most effective working relationship.
• When an associate is working with you on a matter, reach out regularly, checking in to see if they have any questions or if they want to run a thought or strategy by you. Your proactive and supportive approach in helping the associate raise their game as a practitioner will go a long way.
• Acknowledge your colleagues’ value and accomplishments. One of the reasons associates leave firms is because they don’t feel appreciated. Public recognition is a good way to celebrate a success or achievement that has broader business impact. A post on LinkedIn about a positive result highlighting the work of an associate not only ups visibility and extends praise to the individual, but it can also serve as an opportunity to inform the entire firm of the value of the work.
• Be a kind and decent person. Follow the platinum rule: treat people the way they want to be treated, not the way you want to be treated… and most definitely not the way you were mistreated earlier in your career. Offer praise for a job well done. Act with humility, and acknowledge your mistakes or shortcomings.
• Talk about setting work boundaries and then respect them. Perhaps your associate would appreciate the productivity that comes out of a “no meeting Wednesday” rule, or maybe they don’t want to work on Mondays after 5 p.m. so they can make a commitment to themselves or their family. Then make sure you honor that request. This will build trust and show that you care about their well-being.
• Set fair and realistic time expectations. Little is more disheartening than when a partner makes an urgent request, and an associate works all night to get the work product on the partner’s desk first thing in the morning only to watch it sit untouched for three days. Delegate tasks as soon as you can, and do not set false urgent deadlines.
• Do what you can to advocate for your associates. Make introductions, give public praise, vouch for them when opportunities arise, and seek out growth opportunities for those who have proven themselves to be highly capable.

Investing in your relationships with associates is key to the long-term growth of your practice and is essential to the health of your firm. If a relationship with you leads to a genuine bond and real professional growth, the associates at your firm will be excited to work with you. Not only will you and your clients benefit from your improved relationships with your junior colleagues, but it is also likely you will find that helping others to develop and excel is highly gratifying.

On Friday, April 1, 2022, the House of Representatives passed the Marijuana Opportunity, Reinvestment, and Expungement (MORE) Act for the second time in two years, with 220 votes in favor and 204 votes in opposition. The MORE Act is one of at least three pieces of offered legislation that legalizes, or partially legalizes, marijuana at the federal level. After an hour of debate, the House also adopted two amendments aimed at assuaging Republican concerns about impaired driving and workplace safety. All three proposed laws expressly address some financial institutions’ ability to operate in this emerging market.

The MORE Act would not only remove marijuana from Schedule I under the Controlled Substances Act (CSA), but it would usher in a regulatory framework for taxing the sale of cannabis products and using the tax receipts to fund a number of equity and economic programs for those adversely impacted by the War on Drugs. The MORE ACT also will authorize expansive research on cannabis and the impact of the War on Drugs, and it will create a process for expungements of nonviolent federal marijuana convictions across the country.

Related Legislation

The Senate must now decide whether to adopt the MORE Act or one of the other two bills: the Cannabis Administration and Opportunity Act (CAOA), proposed, but not yet filed, by Sen. Chuck Schumer (D-NY), and Rep. Ed Perlmutter’s (D-CO) Secure and Fair Enforcement Banking (SAFE Banking) Act, which was most recently passed by the House in 2021.

The CAOA is expected to have many of the same features as the MORE Act, including (most fundamentally) delisting marijuana from Schedule I under the CSA. It is also expected to:

• transfer jurisdiction over cannabis to the Food and Drug Administration (FDA), the Alcohol and Tobacco Tax and Trade Bureau (TTB) and the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) within the Department of Justice (giving cannabis a status similar to alcohol and tobacco);
• introduce a federal regulatory apparatus;
• direct proceeds of a new federal excise tax to individuals and communities most affected by the War on Drugs;
• provide for expungement of federal nonviolent marijuana convictions; and
• provide for reforms to the treatment of marijuana-related activities or convictions in federal immigration policy.

Unlike the MORE Act or CAOA, the SAFE Banking Act does not remove marijuana from CSA’s Schedule I. While the MORE Act and CAOA focus on comprehensive legislation, the SAFE Act is a more modest and more focused piece of legislation, which aims to protect banking institutions—as well as their insurers—that choose to offer services to a legitimate cannabis-related business operating in accordance with its respective state laws. The bill generally offers protection from penalties of a federal banking regulator against a depository institution for offering services to cannabis-related businesses. Transactions involving activities with a legitimate cannabis-related business would no longer be considered as generating proceeds from unlawful activities, and depository institutions would no longer be liable or subject to any federal law or regulation for providing services to the cannabis industry.

Schedule I Classification

Removing marijuana from the CSA’s list of dangerous “drugs with no currently accepted medical use and a high potential for abuse” would almost certainly lead to an exponential increase of commerce in the cannabis space. It would allow depository institutions to take deposits from cannabis-related businesses, allow payment processors and credit card companies to engage in marijuana-related transactions, encourage the development of more reliable insurance coverage for cannabis-related businesses, and permit financial institutions to more easily loan money—including loans secured by marijuana intellectual property, lines of credit, agricultural loans, and most other commercial lending products available to growers, processors, manufacturers, and retailers of more traditional products—to marijuana-related businesses. Consumers would also benefit from a predictable, safe, and enforceable payment system. That is all to say nothing of the cascading effects such legalization would have on job creation, tax collections, and public health as the black market is (perhaps slowly) replaced with regulated commercial activity.

The Political Horizon

It is not clear whether Sen. Schumer has the votes necessary to carry the CAOA through the Senate; at least one or two Democratic votes against passage (based on the breadth and scope of the legislation, as well as taxation and disposition of funds in “equitable” ways) are likely, and might be enough to offset the handful of Republican Senators who may vote for passage.

While passage of the MORE Act or CAOA in the Senate before the November general election is uncertain, the Senate does appear to have enough votes to pass the SAFE Act, due to strong support throughout the financial services industry and on both sides of the aisle. One potential issue with the SAFE Act—at least for lenders—is that while it expressly permits depository institutions to accept deposits from marijuana-related businesses, it does not necessarily cure some of the problems that limit commercial lending activity. For example, it does not carve marijuana out of the CSA’s list of dangerous drugs. This circumstance means, among other things, that bankruptcy protection will remain unavailable to marijuana-related borrowers. Mastering fifty state law alternatives to a debtor’s bankruptcy might therefore weigh against a lender’s decision to enter into a national market.

That said, the cannabis industry itself, along with the finance industry and powerful corporate interests (such as retailer Amazon) have lined up behind the SAFE Act. The consensus seems that industry does not wish a search for the perfect solution (i.e., full-scale decriminalization and regulation) to get in the way of the good (i.e., allowing a fuller range of financial services for marijuana-related businesses). While passage of the SAFE Act seems increasingly likely as a middle ground between current policy and the aims of the MORE Act and CAOA, Congress may still iron out some of the defective limitations in the SAFE Act through the reconciliation process.

Tax returns and return information generally are protected from disclosure by Section 6103 of the Internal Revenue Code, and unauthorized disclosure can result in penalties. Certain disclosures are permitted, but what happens when a person properly receiving return information “rediscloses” that information?

The IRS recently addressed this question regarding certain redisclosures in Revenue Ruling 2022-7.

Before Section 6103 was enacted in 1976, the confidentiality of tax returns and return information was debated for years. Among the many revelations during the Watergate investigations of President Nixon’s administration was President Nixon’s use of the Internal Revenue Service to go after his political enemies. This use of the IRS as a weapon was considered unacceptable and contributed to Congress’s enactment of Section 6103.

Exceptions to the Rule

Generally, Section 6103 provides that tax returns and return information are confidential and may not be disclosed except as expressly authorized by the Internal Revenue Code. While this general prohibition against disclosure is straightforward, the exceptions in Section 6103 are extensive and complicated, and significantly curtail the broad application of the general rule. Among the exceptions for situations in which it is necessary for tax returns or return information to be disclosed are:

• disclosure with the consent of the taxpayer (Section 6103(c));
• disclosure to a person having a material interest (Section 6103(e), but not under Section 6103(e)(1)(D)(iii) relating to disclosures to certain shareholders); and
• disclosure for investigative purposes (Section 6103(k)(6)).

The Taxpayer First Act (TFA), enacted in 2019, amended Section 6103(a)(3) and (c) to limit redisclosures and uses of return information received pursuant to the taxpayer consent exception. Section 6103(c), as amended by the TFA, explicitly prohibits designees from using return information for any reason other than the express purpose for which the taxpayer granted consent and from redisclosing return information without the taxpayer’s express permission or request. Section 6103(a)(3), as amended by the TFA, imposes disclosure restrictions on all recipients of return information under the taxpayer consent exception (Section 6103(c)). The TFA did not amend the material interest exception (Section 6103(e)) or the investigative disclosure exception (Section 6103(k)(6)), or Section 6103(a) regarding disclosures under those subsections.

What happens when a redisclosure is made?

Given these amendments, what happens when a person who receives return information under one of the Section 6103 exceptions rediscloses the information? Does it make a difference if the person redisclosing is a federal, state, or local government official or employee? Revenue Ruling 2022-7 addresses these questions in seven factual situations.

Redisclosure of employee tax noncompliance is permitted

Three situations (Situations 3, 4, and 5 in the Revenue Ruling) involve employers that have a policy of taking disciplinary action against employees who do not properly fulfill their tax obligations. In each situation, the IRS serves a notice of levy with respect to an employee’s tax liability on the payroll department of the employer. The payroll department then notifies management of the employee’s tax delinquency to enable the employer to take appropriate action consistent with its policy. The only difference in the three situations is the status of the employer: the employer is a law firm in Situation 3, a state agency in Situation 4, and a federal agency in Situation 5.

Rationale: By its terms, Section 6103(a) does not regulate or control the use of returns and return information received under the material interest or investigative disclosure exceptions. Moreover, in situations in which redisclosure is permitted, but subject to limitations, the Revenue Ruling says that “requirements for accountings and safeguards that typically apply” to the material interest or investigative disclosure exemptions do not apply to these exceptions. The Revenue Ruling makes clear that persons are not barred because of their status as government employees from redisclosing returns and return information received pursuant to the material interest exception or the investigative disclosure exception. Thus, there are no statutory or regulatory restrictions on the redisclosures of return information made by the payroll employee who works for the law firm, nor for the payroll employees who work for the state and federal agencies.

Redisclosure by guardian of minor’s estate is permitted

The redisclosure of a daughter’s return information by her father is not prohibited when the father is the guardian of the daughter’s estate. In Revenue Ruling Situation 6, G is the father of five-year-old film star H. H’s mother signs H’s return as the parent of a minor child and dies shortly thereafter. G is the guardian of H’s estate under applicable state law. G receives notice that H’s return is under examination by IRS. G does not have a copy of H’s return because it was filed by H’s mother, so G obtains the return and return information from the IRS. When subsequently asked by a news reporter how much income H reported on the return, G replies “three million dollars.”

Rationale: Although the revenue ruling does not state the basis upon which the father received the daughter’s tax return and return information, presumably it is because the father’s status as the daughter’s guardian makes him, by law, entitled to receive the daughter’s tax return and return information. As a minor, the daughter cannot consent to her father receiving her tax return and return information, so the taxpayer consent exception is inapplicable. Redisclosures are prohibited under the taxpayer consent exception (without the taxpayer’s consent to redisclose), but because this exception does not apply, there are no statutory or regulatory restrictions on the redisclosure of the return information.

Redisclosure is prohibited under taxpayer consent exception

In Situation 1, A requests the assistance of a friend, B, with respect to a federal tax matter. A also requests that the IRS provide A’s returns and return information to B. B subsequently discloses return information obtained as a result of A’s request to a third party. In Situation 2, the facts are the same, except that B happens to be a government employee. The Revenue Ruling concludes that B is prohibited from redisclosing A’s return information in both situations because A did not authorize B to further disclose A’s return information.

Rationale: Section 6103(c), as amended by the TFA, explicitly prohibits designees from using return information for any reason other than the express purpose for which the taxpayer grants consent and from redisclosing return information without the taxpayer’s express permission or request. Section 6103(a)(3), as amended by the TFA, imposes disclosure restrictions on all recipients of return information under 6103(c). Whether B is a government employee or not does not change this.

Comment: When a taxpayer needs help from a tax practitioner (lawyer, certified public accountant, or enrolled agent) to deal with the IRS, the taxpayer often files IRS Form 2848, Power of Attorney and Declaration of Representative, to request that the IRS provide the taxpayer’s return information to the tax practitioner. The tax practitioner is prohibited from redisclosing tax return information obtained this way.

Prohibitions and penalties

Although the amendments to Section 6103(a)(3) and 6103(c) prohibit redisclosures by a person who receives return information with the taxpayer’s consent, there was no corresponding amendment to impose a penalty for making an unauthorized disclosure. Section 7213 of the Internal Revenue Code makes an unauthorized disclosure of a tax return or return information by a federal officer or employee and certain other persons a felony punishable by up to five years in prison and a fine not exceeding $5,000. However, TFA did not amend Section 7213 to impose a penalty on the redisclosure by a person who receives return information with the taxpayer’s consent, resulting in a prohibition without a penalty.

But a person who engages in such authorized redisclosure is not free of risk. Section 7431 gives the taxpayer whose return information was redisclosed without the taxpayer’s consent a civil cause of action against the person who knowingly or negligently redisclosed the return information.

For someone who practices before the IRS, such as a lawyer, certified public accountant, or enrolled agent, an unauthorized disclosure would raise concerns about sanctions by the IRS Office of Professional Responsibility. Whether the Office of Professional Responsibility would have the authority to act in such a case is unclear, but the concern exists.

It should also be noted that willfully printing or publishing return information that is obtained in an unauthorized matter is a felony punishable by up to five years in prison and a fine not exceeding $5,000 under Section 7213(a)(3). ProPublica’s publication of “The Secret IRS Files: Trove of Never-Before-Seen Records Reveal How the Wealthiest Avoid Income Tax” last year raises questions about whether ProPublica violated Section 7213(a)(3). Whether ProPublica acted “willfully,” or if the First Amendment trumps Section 7213(a)(3), are discussions for others, but it is obvious that Congress does not want return information that is obtained in an unauthorized manner printed or published, and doing so comes with a high level of risk.

Wading into the murky waters of the exceptions to nondisclosure under Section 6103 is challenging. Possessing another taxpayer’s tax returns and return information brings with it a duty to prevent an unauthorized disclosure. While disclosing tax returns and return information is permitted in certain situations, it is critical to ensure the requirements for a permitted disclosure are met.

Lawyers wear two types of leadership hats. First, they often exercise leadership skills, including people skills, in law practice when working with clients and colleagues. As noted in the 2017 report “Defining Key Competencies for Business Lawyers,” prepared by a task force of the ABA Business Law Section’s Business Law Education Committee, “the lawyers who become the managing partners and some of the best client rainmakers are those with excellent people skills—usually equaling and sometimes surpassing their technical skills.”

Second, lawyers are often tapped for leadership positions in business and nonprofit organizations. Given the skill set necessary for the practice of law, the increasing number of leaders holding JD degrees in large companies is not surprising. An empirical study of Fortune 50 companies (forthcoming in the Tulane Law Review) concluded that over the past three decades, the number of senior executives holding JD degrees increased by eighty-nine percent!

Using leadership skills in a law firm and other organizations often requires lawyers to play a teaching role. For example, the task force report noted that even in a one-time transaction, “a good business lawyer will be a useful resource in teaching the client about options and alternatives.” More generally, management experts have concluded that the ability to teach is an attribute of successful leadership. The title of a 2018 Harvard Business Review article by Sydney Finkelstein says it all: “The Best Leaders Are Great Teachers.” After studying world-class leaders for over a decade, he concluded, “If you’re not teaching, you’re not really leading.”

What can lawyers learn about teaching from award-winning business school professors? I considered this question when conducting field research for Seven Essentials for Business Success: Lessons from Legendary Professors (Routledge, 2022). The book describes the methods used by seven MBA teaching legends, each representing a different business function (including the legal function, with a section on the role of Apple’s general counsel as a member of the senior leadership team).

In addition to their MBA teaching, these professors are involved in projects that have a positive impact on organizations and society. For example, University of Chicago Professor Steven Kaplan, who teaches “Corporate and Entrepreneurial Finance” at the University of Chicago Law School in addition to his MBA teaching, started a new venture program that has resulted in the formation of more than 370 companies, the creation of thousands of jobs, $1.2 billion in funds raised, and $8.5 billion in mergers and exits.

Through interviews and in-class observations of these high-impact professors, I discovered they use a variety of teaching practices that enable them to move beyond what Harvard strategy professor Jan Rivkin calls “lean back” teaching—the traditional lecture in which students are passive recipients of information. He contrasts this approach with a “lean forward” model where learners are actively engaged in the learning process.

In a law firm or business setting, “lean forward” teaching reshapes a traditional presentation or meeting to an active learning experience. Lawyers who embrace the lean forward model have an opportunity to encourage discussions about new opportunities as well as future challenges faced by their clients and firms.

The legendary professors I studied use a number of practices that lawyers can adopt to encourage clients and colleagues to lean forward. Here are three examples.

Use stories. You can enhance the learning experience through frequent use of stories. The professors emphasize this aspect of the teaching process. The book describes a disciplined approach Northwestern marketing professor Florian Zettelmeyer learned when working for McKinsey. As he emphasized in a commencement address: “Great communication is always built around a story…. I literally mean that everything you communicate has to take the form of a story. Every presentation, every speech, every memo, every pitch you make has to be a story in which your key ideas are embedded.”

Because Stanford accounting professor Charles Lee feels that stories bring concepts to life, he devotes lots of time to finding good illustrations. In his words, “I lovingly collect them.” Professor Richard Shell, who teaches the business law core course at Wharton, adds that “nobody learns anything except on the foundation of what they already know. So your selection of examples, images, stories, and metaphors is crucial.”

The professors often use examples to emphasize the practical value of their teaching. When University of Michigan management professor Gretchen Spreitzer discusses the power of gratitude in the workplace, she introduces a tool called a gratitude journal. To illustrate, she describes a retreat her colleagues conducted for the university’s basketball players at the beginning of a season in which the team reached the national championship game. Following the retreat, coach John Beilein decided to keep a gratitude journal, and she shows her class a film clip of him expressing gratitude to the team and staff.

Balance the big picture with simplification. Your ability to achieve an appropriate balance between the big picture and details is an important aspect of teaching in a law firm or as a leader in a company setting. The seven professors frequently remind students of the big picture—their overarching goal and why it is important.

They complement the big picture with evidence-based details. Their challenge, familiar to lawyers attempting to explain complex legal requirements to clients, is to simplify the details enough to make them digestible. MIT operations professor Georgia Perakis teaches a course titled “Data, Models, and Decisions” that is considered one of the most rigorous courses in the MIT Executive MBA program. Given the complexity of the material, her goal is “to try to see how I can go from the complex model to a simple model. If it’s too simple, I will not capture the real complex problem, so I have to find where to be in the middle.” Stanford’s Professor Lee cited Oliver Wendell Holmes, who referred to this goal as “simplicity that lies on the other side of complexity.” “This is a simplicity,” Lee explained, “that arises from understanding the material so completely that you are able to simplify it for others to learn.”

Be yourself. Being yourself is perhaps the most important lesson from the professors because it provides the authenticity necessary to become a successful leader and teacher. According to profound educator Parker Palmer in his essay “The Heart of a Teacher,” this is the “secret hidden in plain sight: good teaching cannot be reduced to technique; good teaching comes from the identity and integrity of the teacher” (his emphasis). Two of the professors received inspiration from Steve Jobs, who noted that “your time is limited, so don’t waste it living someone else’s life…. Don’t let the noise of others’ opinions drown out your own inner voice. And most importantly, have the courage to follow your heart.”

The ability to be yourself, combined with other practices used by legendary professors, enables you to exercise the teaching skills that are necessary for effective leadership in your law practice and when leading other organizations. In the words of noted Harvard Business School professor Chris Christensen, your teaching experience “allows you to combine the momentary and the infinite” by addressing immediate concerns while also laying a foundation for the future.

Longtime ABA member George Siedel is the Thurnau Professor Emeritus of Business Law and the Williamson Professor Emeritus of Business Administration Emeritus at the University of Michigan’s Ross School of Business. This article is adapted from his book Seven Essentials for Business Success: Lessons from Legendary Professors (Routledge, 2022).

On April 4, 2022, Ontario became the first province in Canada to regulate online gambling, legalizing what was previously a grey market in this space. The following are five critical things to know about this new regime.

Dual Track Process. Any company that wishes to become an approved Operator of an online gaming site in Ontario must meet the separate requirements imposed by both (A) the Alcohol and Gaming Commission of Ontario (“AGCO”), the Regulator of Ontario’s regulated iGaming market, and (B) iGaming Ontario® (“iGO”), which is a subsidiary corporation of AGCO responsible for conducting and managing iGaming when provided through private Operators. Both of these entities have different responsibilities and impose specific requirements on prospective Operators. For example, as a first step, prospective Operators must sign a non-disclosure agreement with iGO to get a copy of the mandatory Operating Agreement and Letter of Agreement, followed by other mandatory operating requirements (i.e., completing anti-money laundering submissions, setting up secure data exchange services, etc.). At the same time, prospective Operators must undertake a parallel process with AGCO (i.e., seeking Independent Testing Laboratory (“ITL”) certification for the company’s online games and critical gaming systems, registering as an Internet Gaming Operator, implementing various control activities/measures in order to comply with the requirements of the Gaming Control Act, 1992 and the Registrar’s Standards for Internet Gaming, ensuring staff training, etc.). IGO’s website advises that Operators should expect a minimum of ninety (90) days to complete the steps required to become registered by the AGCO and execute an Operating Agreement with iGO, but there are no timing guarantees. Ultimately, approved iGaming Operators are listed on the igamingontario.ca website.

Detailed Regulations. The Registrar’s Standards for Internet Gaming (“Standards”) is a forty (40) plus page detailed document that sets out the Standards and Requirements made by the Registrar under the Gaming Control Act, 1992 applicable to regulated internet gaming sites in Ontario. These “Standards and Requirements” are divided into the six identified risk themes, under which theme-specific Standards and Requirements are provided. These risk themes include: (1) Entity Level; (2) Responsible Gambling; (3) Prohibiting Access to Designated Groups and Player Account Management; (4) Ensuring Game Integrity and Player Awareness; (5) Information Security and Protection of Assets; and (6) Minimizing Unlawful Activity Relating to Gaming. Each of the “themes” above contain further sub-subsections and requirements that impose detailed obligations upon Operators that must be translated into specific action items. (For example, “Entity Level” requirements including creating codes of conduct, creating and documenting formal control activities to achieve specific regulatory outcomes, implementing personnel screening processes, ensuring senior-level oversight, and audit requirements, just to name a few.)

Operators are also responsible for the actions of third parties with whom they contract for the provision of any aspect of the Operator’s business related to gaming in Ontario and must require the third party to conduct themselves on behalf of the Operator as if they were bound by the same laws, regulations and standards. There are very detailed requirements regarding responsible gambling, controls on marketing, advertising and promotional activities to avoid targeting high-risk, underage or self-excluded persons (individuals who wish to exclude themselves from gaming sites), ensuring that Operators provide assistance for players who may be experiencing harms from gaming is readily available and systematically provided, for example. No one said that AGCO is making it easy!

It’s not just about the Operators. It is worth noting that many of the detailed rules and regulations described above in the Standards apply not just to Operators but also to “gaming-related suppliers” (as defined under the Ontario Regulation 78/12 made under the Gaming Control Act, 1992). These include persons (entities) who manufacture, provide, install, test, maintain or repair gaming equipment or who provides consulting or similar services directly related to the playing of a lottery scheme or the operation of a gaming site. These entities must be registered with AGCO and, as noted above, must comply with many of the (flagged) requirements set out in the Standards. AGCO notes that various ancillary providers may fall into this category and require registration, including platform providers, suppliers that manufacture, develop, provide and/or run games and game systems, customer electronic wallet providers, odds makers, sports integrity monitoring organizations and independent test labs. Gaming-related suppliers also have very detailed requirements to meet pursuant to ACGO’s Internet Gaming Go-Live Compliance Guide available at https://www.agco.ca/lottery-and-gaming/guides/internet-gaming-go-live-compliance-guide.

There are no Canadian residency requirement or language requirements. Operators are not required to have a business established in Canada, and foreign companies can apply to become licensed Operators. Additionally, Operator websites are not required to be offered in the French language. However, as part of the customer service requirements set out in the Standards, player complaints and disputes must be resolved under Ontario and Canadian law.

Very detailed Information Technology, Security Management and Data Governance/Protection Standards. In order to validate minimum age and other requirements, Operators must collect detailed personal information from players which must be saved upon registration before a player account is created. This personal information includes name, date of birth, address, method of identification for subsequent log on (such as user name), player contact information, and information required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) and the regulations under it.

Not surprisingly, the Standards also contain detailed Information Technology requirements to ensure core assets (gaming equipment and systems, including hardware, software, applications, and all associated components of gaming equipment and the technology environment) are protected and that customer information and funds are adequately safeguarded. For example, Operators must ensure that access privileges to gaming systems are granted, modified and revoked based on employment status/job requirements and all activities associated with these actions are logged and traceable to specific individuals. Connections/interfaces to gaming systems must be monitored, hardened and assessed to protect against security threats and vulnerabilities and disaster recovery sites must be put in place.

Operators and gaming related suppliers have ongoing obligations to keep current on current security threats and risks to the security, integrity and availability of their gaming technology and related components that they operate or supply. All “Sensitive Data” (defined under the Standards as including, but not limited to, player information and data relevant to determining game outcomes), must be secured and protected from unauthorized access or use at all times and data must be backed up in a manner to ensure that it be completely and accurately restored. Data collection and protection requirements for player personal information must meet the requirements set out in Ontario’s Freedom of Information and Protection of Privacy Act, the provincial public sector statute that applies to AGCO.

The Standards also include detailed architecture and infrastructure, data and information management, and system account management requirements. There is also a separate set of minimum standards for software used in gaming systems (including modified commercial off the self software, proprietary developed software and software specifically developed by iGO or the Ontario Lottery and Gaming Commission) which reflect best practices for software development and ongoing management lifecycles, including testing, patching/upgrades, change management.

In addition to the Standards and as mentioned above, AGCO requires that any games and supporting critical gaming systems must be certified by an ITL that is registered with the AGCO before the systems are made available for play in Ontario. Within the AGCO, the Technology Regulation and iGaming Compliance Branch is responsible for ensuring that Operators and gaming-related suppliers meet specific go-live compliance measures as set out in AGCO’s Internet Gaming Go-Live Compliance Guide (see https://www.agco.ca/lottery-and-gaming/guides/internet-gaming-go-live-compliance-guide).

The Guide sets out in detail other technology requirements that must be met before the Operator can be approved, including the requirements for each operator and gaming-related supplier who runs critical gaming systems to (i) provide a Technology Compliance Confirmation for review by the AGCO; (ii) develop a Control Activity Matrix (“CAM”)and for operators to submit their CAMs for review by the AGCO; (iii) ensure that ITL certifications are in place before going live; and (iv) meet the requirements related to the AGCO Internet Gaming Notification Matrix and AGCO Secure Data Exchange.

While there is no question that many in Ontario welcome the idea of an online gaming market that will operate lawfully in Ontario (and generate new tax revenues for the Province’s coffers), it remains to be seen whether the initial strict and complex compliance requirements for such operators and gaming related suppliers imposed by ACGO and iGO will be sufficient to mitigate certain concerns, including those related to increased access to gaming and problematic gambling, or whether additional changes will be required.

Lisa R. Lifshitz

1. Introduction

According to the 2021 ABA Private Target Mergers Acquisitions Deal Points Study,^{[1], [2]} 99% of the acquisition agreements studied included a “compliance with all laws” (Compliance) representation and warranty (RW). Within those RWs reviewed, 82% included some RW on whether the target received notice of a violation or law, 30% included some RW on whether the target received notice of an investigation of a violation of law, 19% were RWs that covered past and present compliance, and 2% included some type of knowledge qualifier. While the study includes health care deals (the largest portion of the deals, at 15.4%), it also included approximately 14 other industry sectors.^[3]

It isn’t surprising to see such a high level of Compliance RW inclusion in transaction documents. In fact, it would seem odd not to expect a seller or borrower to agree to the most basic of RWs, which often can be as simple as:

Compliance with Law. Seller has, since X, complied, in all material respects, with all provisions of all foreign, federal, state and local laws and regulations relating to Sellers and the Company’s business, including, but not limited to, those relating to Seller’s ownership of real or personal property, the conduct and licensing of the Company’s business, and all environmental matters.

However, there are significant reasons why, despite the generality and wide scope of most Compliance RWs, that such an RW just isn’t enough in a health care transaction.

The U.S. health care industry represents a significant portion of the U.S. economy. It is one of the largest portions of U.S. gross domestic product (GDP). The U.S. Centers for Medicare and Medicaid Services (CMS) reported that in 2020, the overall share of U.S. GDP related to health care spending was 19.7%. That figure is now likely a bit of an outlier because, according to Health Affairs, “[US] health care spending increased 9.7 percent to reach $4.1 trillion in 2020, a much faster rate than the 4.3 percent increase experienced in 2019.”^[4] The significant increase from 2019 to 2020 was the result of federal expenditures for health care that were mostly in response to the COVID-19 pandemic.^[5] However, while that 19.7% share may shrink a bit in the coming years to 18% or so, its still expected to come back to that level by 2030.^[6] All in all, the health care industry is a large portion of the U.S. economy and is steadily growing. Health care transactions continue to grow in number and size each year.

While health care is a large business in the United States, it is also personal; life and limb are literally at stake. In that respect, as the number of practitioners and treatment providers grew and as technology changed how care can be and is provided, government-imposed guard rails (i.e., regulation) grew and became more prevalent. Depending on what data is being used and the source of the data, the U.S. health care industry is the most, the second-most, or at least in the top 10 of the most regulated industries in the country. Often that estimation of how highly regulated the industry is includes the regulation of health care providers and suppliers and manufacturers of supplies, drugs, and medical devices.

While we address broader issues relating to the need for robust industry-specific RWs in health care–related transactions in this article, it’s important to note at the outset the two large issues that make transactions involving health care businesses different from, for example, the sale of a paper mill. First, as we’ve mentioned, health care involves life and limb, and most, if not all, health care businesses carry some level of special risk to the clients, consumers, patients, etc. associated with that business. Second, the significant regulation in the industry and risks relating to non-compliance call for different treatment of the promises and expectations agreed to between buyer and seller or lender and borrower.

2. Material Risks in a Highly Regulated Industry^[7]

A comprehensive discussion of every liability risk that could be present in a health care transaction is well beyond the scope of this article. However, an overview of some of the material risks that exist in health care transactions is important to understanding the need for robust industry-specific RWs. These material risks include government reimbursement, fraud and abuse, licensure, excluded parties, and health care privacy-related issues.

a. Government Reimbursement

To participate in federal health care programs (FHCPs),^[8] health care businesses agree to comply with a significant regulatory framework, mostly in the form of requirements for participation and specific requirements relating to the submission of claims for services or supplies provided.

Material liability risks for health care businesses can arise from a failure to meet one of the applicable regulatory requirements relating to participation in a FHCP or claims submissions. Citations for a failure to meet participation requirements can result in civil fines, which in some cases can be astronomical. A failure to pay civil fines may also result in termination of participation in one or more FHCPs. Non-compliance with claims submission requirements can also be serious. Non-compliance can result in demands for recoupment, allegations of overpayment, and in some cases federal False Claims Act (FCA) liability. Penalty multipliers built into enforcement statutes, such as the FCA, can turn an underlying $100,000 liability into a $20,000,000 obligation.

b. Fraud and Abuse

Fraud and abuse in FHCPs have been a concern since the enactment of major federal and state programs. Major fraud and abuse laws include the federal Anti-Kickback Statute (AKS), 42 U.S.C. §1320a-7b(b); the Physician Self-Referral Prohibition (the Stark Law), 42 U.S.C. §1395nn; and the Criminal and Civil False Claims Acts, 18 U.S.C. §287 and 31 U.S.C. §3729. These laws prohibit certain business practices and provide for penalties relating to fraudulent claims to FHCPs. Depending on the conduct involved, liability can be civil and/or criminal. Like the FCA liability described above, penalties and penalty multipliers built into these statutes can result in significant obligations and termination from one or more FHCPs. Moreover, actual or potential fraud and abuse liability is rarely immaterial to a transaction unless its civil and the target involved is so large that the liability is immaterial to its business operations.

c. Licensure

Practically all health care businesses require some type of license or permit to do what they do. Acquiring and maintaining those licenses and permits requires compliance with certain statutory and regulatory obligations. Material risks exist for an acquirer relating to permits and licenses when a target has either engaged in serious non-compliance or been the subject of multiple instances of immaterial non-compliance that in the aggregate become serious. Either scenario might result in possible suspension or revocation of a license or permit, an outcome that can wipe out a business’s value overnight.

d. Excluded Parties

Excluded parties are basically persons or entities that have been excluded from, directly or indirectly, doing business with the federal government. The U.S. Department of Health and Human Services Office of Inspector General (OIG) has the authority to exclude individuals and entities from participating in FHCPs. Exclusion in its most basic sense means that no payment can be made for any items or services furnished, ordered, or prescribed by an excluded individual or entity. In addition to OIG exclusions, the U.S. General Services Administration maintains a comprehensive list of individuals and entities that have been excluded from participation in federal contracts. A target that employs (or previously employed) an excluded individual or has (or previously had) a contract with an excluded party can have material risks associated with it. In addition to a possible repayment of the dollars connected to the excluded person, there are civil penalties that may also be assessed that can become significant.

e. Health Care Privacy Issues

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national privacy standards to protect individuals’ medical records and other personal health information (PHI). It also establishes physical and electronic security standards for PHI. Compliance responsibilities are primarily on “Covered Entities”^[9] under the law, but they also extend to a covered entity’s business associates.^[10] Enforcement relating to violations of HIPAA has grown exponentially since it was first enacted. HIPAA violations can result in civil or criminal liability, depending on the nature and extent of the violation. The civil penalties can end up being quite costly; with inflationary adjustments the numbers now range from $120 to $60,226 per violation. Additionally, Covered Entities must provide notification of a privacy breach to affected individuals, the secretary of HHS, and, in some circumstances, the media. The notification costs relating to a significant breach could be in the millions of dollars.

3. “All Laws” vs. Necessary Risk Allocation and Due Diligence in a Highly Regulated Industry

Industry-specific RWs are the norm in the market, especially where the industry is highly regulated. There are sellers and borrowers that might argue that a buyer or lender should be comfortable with a standard Compliance RW qualified by materiality and knowledge. However, as we discuss below, such a standard RW (particularly with qualifications) is simply not enough to adequately allocate risk between buyer and seller or lender and borrower on many issues involving health care businesses, especially the material issues outlined above. There are three major reasons for incorporating detailed industry-specific RWs in transactions documents: (1) attracting the attention of the seller or borrower to material issues; (2) ensuring the proper risk allocation between the parties; and (3) buyer or lender diligence.

a. Attracting the Attention of a Seller or Borrower

RWs are often heavily negotiated aspects of transaction documents. Detailed industry-specific RWs in the health care context are frequently designed to ensure that a seller or borrower is expected to focus on the material issues that are significant to the buyer or lender in consummating a deal in a highly regulated industry. While the review of general RWs may be given a quick glance by a seller or borrower and their counsel, pages of detailed RWs on specific topics relating to health care compliance are unlikely to go unnoticed. Sellers and borrowers often spend significant time reviewing and negotiating the “Health Care Matters” RW and its related subsections. As a result, detailed RWs on health care compliance topics provide some comfort to a buyer or lender that the seller or borrower has considered its past and current compliance and the promises it is making in relation thereto.

Additionally, should pre-closing termination or post-closing indemnification rights be triggered, there is specificity surrounding what the trigger was. The parties don’t get that same type of specificity with a general Compliance RW. The lack of specificity could lead to legal wrangling over whether a particular matter was meant to be covered by the Compliance RW, despite the fact that such an RW is often drafted broadly.

b. Risk allocation

Detailed industry-specific RWs in the health care context, even if redundant with the Compliance RW, provide for issue-by-issue specificity and clarify the importance of which party has accepted risk on certain material compliance issues. The detail provided in a “Health Care Matters” RW will often draw out any issues during negotiations between the parties. For example, there is very little ambiguity as to risk allocation when a seller or borrower makes an RW that “in the last 6 years it has not had, nor is it currently subject to, any adverse criminal or civil settlements or civil monetary penalties.” If a seller or borrower objects to the RW as a whole or to some specific issue covered by it, a buyer or lender may take that as a red flag. The red flag may lead to the negotiation of an issue-specific indemnity, a change in the indemnity and survival of RWs as a whole, or, in the worst case, a termination of the transaction. Additionally, as discussed a bit further below, the red flag can also signal that additional diligence is needed.

c. Due Diligence

Detailed industry-specific RWs serve a very important diligence function in transactions involving highly regulated industries. Often RWs will call out specific conduct, reference compliance with statutory or regulatory requirements, detail licenses held and compliance with licensure requirements, and address a host of other industry issues.

The diligence process for a buyer or lender can go only so far. The detail provided in a “Health Care Matters” RW and its related subsections serves as an additional backstop against matters that may not have been adequately disclosed or addressed in the diligence process. While they certainly need to be transaction-specific, most “Health Care Matters” RWs at least cover the following issues:

• General compliance with health care laws (usually a defined term in the transaction document);
• compliance with government programs and claim-filing obligations;
• specific compliance with major federal and state fraud and abuse prohibitions;
• the absence of any material overpayment or claim-filing repayment obligations;
• the absence of affirmative inappropriate or illegal conduct;
• the absence of adverse criminal or civil settlements or civil monetary penalties;
• the absence of any threatened or current civil or criminal litigation relating to fraud and abuse matters;
• affirmative statement that the seller has all of its required licenses;
• affirmative statement that none of those required licenses have been subject to suspension, revocation, or termination; and
• affirmative statement there is no current action to suspend, revoke, or terminate a required license.

As mentioned, if a seller or borrower objects to the RW as a whole or to some specific issue covered by it, a buyer or lender may take that as a red flag. The red flag may at the very least signal that additional diligence is needed.

4. Conclusion

The health care industry is a significant portion of the economy, and there are ever increasing numbers of transactions and increasingly high dollar amounts involved in those transactions. The federal government is the largest payer for healthcare. Healthcare is personal, because risk to life and limb is involved. As a result, we have an industry that is highly regulated and involves significant risks. General Compliance RWs aren’t enough to address the material risks that are present. Detailed industry-specific RWs serve very strategic and important risk allocation and diligence functions to ensure that buyers and lenders adequately achieve what they expect of the bargain.

1. The study includes publicly available acquisition agreements for transactions for which definitive agreements were executed and/or completed in 2020 and the first quarter of 2021 that involved private targets being acquired by public companies. ↑

2. Note that the 2021 ABA US Public Target Deal Points Study does not include similar information on the existence of “compliance with laws” RWs. ↑

3. Industry sectors in the 2021 ABA Private Target Mergers Acquisitions Deal Points Study included Aerospace & Defense, Auto & Parts, Chemicals & Basic (Natural) Resources, Construction & Materials, Financial Services, Food & Beverage, Health Care, Industrial Goods & Services, Media, Personal & Household, Goods, Oil & Gas, Retail, Technology, Telecom, and Travel & Leisure. ↑

4. Micah Hartman, Anne B. Martin, Benjamin Washington, Aaron Catlin, and The National Health Expenditure Accounts Team, “National Health Care Spending in 2020: Growth Driven by Federal Spending in Response to the COVID-19 Pandemic,” Health Affairs 41:1, 13-25, 2022. ↑

5. Ibid. ↑

6. John A. Poisal, Andrea M. Sisko, Gigi A. Cuckler, Sheila D. Smith, Sean P. Keehan, Jacqueline A. Fiore, Andrew J. Madison, and Kathryn E. Rennie, “National Health Expenditure Projections, 2021–30: Growth to Moderate as COVID-19 Impacts Wane,” Health Affairs 41:4, 474-486, 2022. ↑

7. Portions of Section 2 of this article were adapted from a previous article written by Ari J. Markenson and Cynthia Suarez in the ABA Business Law Section, Business Law Today, published on June 3, 2020. See https://businesslawtoday.org/2020/06/material-regulatory-risks-healthcare-services-acquisitions/ ↑

8. Federal health care programs defined in 42 U.S.C. §1320a–7b(f). ↑

9. See 45 C.F.R. §160.103 ↑

10. Ibid. ↑

Personal data is being used by a broader range of entities for a broader range of purposes every day. Privacy and data security issues are constantly evolving, with developments due to technology, public policy, and breaking news. These issues now impact virtually every company in every industry, both in the United States and around the world. As a consequence of the Internet of Things, smart phones, and the ability to collect data from almost anywhere, more and more companies are gathering and using personal data. Increasingly, privacy and data security law can tell you how your company can in fact use and protect this valuable asset.

These issues affect a broad range of critical topics for all companies, including start-ups and fully established companies, ranging from business partnerships to overall business plan issues, broad compliance challenges, contracting issues, market opportunities and, of course, realistic acquisition opportunities. Lawyers in an increasingly broad variety of fields therefore must understand the key principles surrounding the use and disclosure of personal data when providing virtually all aspects of legal advice to companies, in both regulated and unregulated industries, including compliance, mergers and acquisitions, litigation, and the full range of specific privacy and data security laws and regulations. This means that business lawyers need a basic understanding of privacy and data security law, at least at the level of understanding what issues are relevant for a company and why these issues matter. For some companies, particularly start-ups, if you are not thinking about these issues from the beginning, you may find that your start-up or more established company is missing opportunities and reducing its chances for future success.

A Brief History

Privacy used to be only a constitutional law issue in law and in law schools, with limited implications for businesses and law firms. It dealt primarily with abortion, birth control, search and seizure, and whether you had to disclose your membership in the Communist party (along with some common law torts). Privacy was not really a significant issue for corporate America.

Privacy law started to become an issue for companies involving personal data and consumers/individuals and their relationship to companies in the mid-1990s. From tentative and narrow beginnings, privacy law is now an enormous compliance and regulatory issue across the country and the world, for companies in virtually all industries. It is relevant if you have data about employees, customers, consumers, or anyone else. It is front-page news today on a regular basis, leading to highly publicized concerns about artificial intelligence, big data, discrimination, security breaches, and a broad variety of privacy concerns. It is a top of mind issue for consumer advocates, regulators, and legislators around the country.

Overall US Privacy Approach

The overall approach to privacy in the US consists of a large (and growing) number of laws and regulations, at state, federal, and international levels. These laws have (to date) been (1) specific by industry segment (e.g., health care, banking); (2) specific by practice (e.g., telemarketing); or (3) specific to particular data categories (biometrics, genetic information, facial recognition).

Today, there is no generally applicable US privacy law at the federal level covering all industries and all data (although that may be changing), but there is increasing complexity in the regulatory environment.

We are starting to see state-level laws (such as the California Consumer Privacy Act) that apply across industries. We also are seeing a new set of “specialty” privacy laws that deal with emerging technologies such as facial recognition and location data.

US law at both the state and federal level also includes data security obligations for any company that collects personal information. These requirements generally create compliance obligations for “reasonable and appropriate” security, with varying levels of additional detail depending on the specific law.

Outside the US

There are separate privacy and security rules related to data used in and coming from foreign countries. Where these laws exist (and they exist in a growing number of countries), the rules usually are tougher in other countries beyond the US, meaning that those countries are more protective of individual privacy.

Many of these laws apply to US companies, either because those companies have a presence in these countries of because of the “extra-territorial reach” of those laws (such as the European Union’s General Data Protection Regulation (GDPR)). Moreover, there are increasing pressures related to the transfer of persona data from these countries, particularly the transfer of data from the European Union to the US.

Going Forward

These issues are affecting a broad range of company operations, including core corporate strategy issues. For example, because US privacy law currently is primarily sectoral, determining where your company fits into these sectors is crucial. In the health care space, if your business model is direct to consumer, you typically have modest explicit legal obligations today (although regulators are watching you in any event). If you partner with health insurers or hospitals, in many cases you may become subject to the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules as a service provider to these entities.

Thinking about where your business operates also matters (especially in evaluating if you are subject to laws in other countries or state-specific laws). These principles now matter for overall compliance, product design, customer and vendor relationships, marketing opportunities and, critically, mergers and acquisition activity, as purchasers now are drilling down into data assets, data rights and privacy and security compliance. For the foreseeable future, these issues will become increasingly important and complicated, across virtually all segments of corporate America.

This article draws from the introduction to Missing the Target: Why Stock Market Short-Termism Is Not the Problem (Oxford University Press, 2022). More on this book can be found here.

Look at the ten largest US firms by stock value in 2020, shown in this table:

Source: Fortune 500, https://fortune.com/fortune500/2020/search/?f500_mktval=desc (last visited July 9, 2020).

A stock market that accords a value of several trillion dollars to Amazon, Apple, Google, Facebook, and Microsoft is not one that we should worry about being too short-term oriented. These five are quintessentially longer-term companies that do much research and development—anemic R&D is seen as a core cost of a short-term stock market, but it’s not shortchanged at these companies. Because their current money making cannot justify their stocks’ high prices, the stock market is paying for their future earnings and growth—as it has right from when they first sold their stock decades ago. Yes, their power, political influence, and market share are legitimate concerns, but their time horizons are not. These companies’ longstanding sky-high value contradicts the widespread idea that the stock market is unable to look beyond the next quarter’s financial statements.

Yet fear that stock-market-driven short-termism is seriously harming the US economy is pervasive. A widely-held view among Washington policymakers, corporate executives, the media, and the public is that frenzied, short-term stock market trading has coupled with Wall Street’s unquenchable thirst for immediate results to disrupt US firms and badly hurt the economy. Something must be done to reverse short-termism’s impact. Jobs are destroyed and technological progress is stunted, while solutions seem, in the public view, so easy to implement that one is angered at their absence. Corporate executives and their allies castigate stock market short-termism for inducing poor economic performance, which, they say, could be improved if executives and boards had more autonomy from stock markets.

But I show in this book, first, that the evidence for stock-market-driven short-termism is much weaker than is usually thought and, second, that working to lengthen corporate time horizons will not bring us closer to the fairer and environmentally stronger society that policy leaders seek. The two issues—the corporation’s time horizon and its purpose—are largely separate issues that public discourse often conflates. A long-term factory could keep workers employed and be good for stockholders too over the long run but still degrade the environment. And so, this book also provides friendly advice on why to avoid this policy path.

* * *

Stock-market-driven short-termism is the rare corporate structural issue that both resonates with the public and has a place in political rhetoric. Most corporate law issues are technical—for experts, for lawyers, and for corporate interests. But especially when businesses are threatened with closure, political leaders react and often justify their response as not just seeking to save a local business with loyal employees who did nothing wrong but also as fighting Wall Street short-termism.

Consider how senators reacted to the shutdown of a major paper mill in Wisconsin. Hedge fund activists were said to have forced the Wausau Paper Company to close its paper mill—throwing lifetime employees out of work and devastating the mill town. In response, Wisconsin’s Democratic senator, Tammy Baldwin, joined with Georgia’s Republican senator, David Perdue (Georgia also has major paper mills) to sponsor a major anti-hedge-fund bill aiming to reduce the influence of hedge funds on businesses. The sponsors described it as a “bipartisan reform to protect Main St from Wall St hedge funds” so as to “fight against increasing short-termism in our economy.”^[1] Senators who had proposed a prior version of the bill castigated predatory activists who “demand[] short-term returns and buybacks at the expense of the company’s long-term future.” This short-termism, they said, must end:

[T]here is [a] growing chorus who believe short-termism is holding America back . . . . [S]hort-termism . . . is the focus on short time horizons by both corporate managers and financial markets. It results in corporate funds being used for payouts to shareholders in the form of dividends and buybacks rather than investment in workers, R&D, infrastructure, and long-term success.^[2]

The senators’ statement shows why stock market short-termism is not just a specialists’ issue but also a political one: it’s blamed for the Wausau mill closing and other setbacks, and for widespread US economic degradation. That’s what I examine in this book: Does stock market short-termism really worm its way in to do major damage to the economy? Was the Wausau closing really the result of a pernicious short-term stock market? Even if it was, does the problem scale up to the economy-wide level to cripple US R&D, investment, and long-term business focus, as the senators argue? Or is the Wausau closing better seen as a local misfortune that’s mistakenly categorized as due to a dysfunctional time horizon and then exaggerated as indicating an economy-wide problem?

Political convenience can lead politicians to blame the stock market’s purportedly faulty time horizon for economic setbacks for which its responsibility is minor or nil. Faulting Wall Street is politically satisfying and looks like forward-moving action both to voters and to senators trying to do their best. But the evidence is that doing so avoids the hard political effort to address the disruption’s root causes and effects. True, many shortcomings could be pinned on large corporations. But excessively truncated time horizons and a crippling inability to bring forward good new technologies and products or to stick with tried-and-true good ones, to do the underlying R&D when needed, and to adapt to new markets and political realities are not among the large corporation’s major faults. The evidence, we shall see, does not support the idea that the stock market’s time horizon is damaging the economy in any major way.

Dislocations and closings are real problems for those thrown out of work, yes, but lengthening Wall Street’s time horizons to more highly value good results years down the road will do little or nothing for the US worker, for greater equality, or for the environment and climate degradation. It’s not the best target if there’s a major R&D shortfall. Aiming at purportedly truncated time horizons to fix these problems is aiming at the wrong target.

Even the Wausau paper mill result in Wisconsin deserves further thought. Paper manufacturing had been in a long-term decline in the United States when Wausau closed its Wisconsin mill, government data tells us.^[3] The company was slow to adjust to the country’s declining use of print paper. The cause was obvious: computerization changed how businesspeople communicated, emails meant fewer letters and fewer office memos, and online media and ebooks meant fewer printed newspapers, magazines, and books.^[4] The senators and their supporters viewed the Wausau paper mill as a victim of stock market short-termism, but the workers’ and their families’ pain was more likely due to the company’s excessive long-termism. It clung for too long to an outmoded business plan, leading to the company having to abruptly pivot to the realities of declining paper use.

But the political impact is clear: a mill closes, workers lose jobs, and senators blame Wall Street short-termism, extol legislation to diminish Wall Street influence, and paint vivid imagery of Wall Street “wolf packs” hunting down companies to close and jobs to eliminate. If stock market short-termism wasn’t central—and it wasn’t—to the Wausau paper mill shutdown, other policies are in order.

The senators blamed the financial market messenger bringing an unwanted message. Accelerating technological change, not the stock market, was the real culprit. The senators’ action was a symbolic gesture of sympathy for affected constituents. But they were not helping long-term adjustment—and their plans would maybe even slow it down.

They found a scapegoat, not a solution.

* * *

By corporate short-termism I mean overvaluing current corporate results at the expense of future profits and well-being. In recent years, stock market short-termism has also become intertwined in public rhetoric with conceptualizations of corporate social responsibility, corporate purpose, and the need to emphasize corporate attention to the environment, stakeholders, and the risk of climate catastrophe, the so-called ESG issues. There is a widely held view that shifting the large US corporation from its supposed short-term orientation to a longer one is needed to ameliorate a raft of social and economic problems, such as employment, equality, and R&D. According to this thinking, lengthening the stock market’s time horizon will release a dammed up investment tide, while also doing much to save the planet from climate catastrophe. It’s satisfying to think so, because if the stock market’s time horizon is the main culprit and long-term companies are inherently environmentally friendly, then there is less need to do the hard political and economic work to more directly handle these problems. But we’ll see in Chapter 3 that these corporate responsibility considerations are for the most part not time horizon issues; making the large firm more long-term focused will have little or no impact here.

Stock market short-termism and lawmaking ideas on how to handle it are also prominent in part because they implicate interests. Employees with good jobs, along with their policy supporters, see stock market short-termism as degrading employees’ well-being and as fostering risky, economically costly policies throughout corporate America. Much of the public rhetoric on short-termism aims to help employees and advance social well-being, but the beneficiaries often end up being executives seeking autonomy. Liberal-minded judges, policymakers, and political leaders are more likely to accord executives more autonomy from the stock market when these leaders see themselves as helping the economy, employees, and the environment; they support corporate structure outcomes—more power and more autonomy for executives—that if presented to them directly and starkly, would induce them to be more skeptical.

In corporate policymaking circles, executives and their allies often see stock market short-termism as hurting the economy. Many insist that insulating management from the stock market’s purported short-termism would bolster the economy. That many executives genuinely believe that the stock market hurts the economy does not undermine the fact that these beliefs align with their interests. Misdiagnosis—attributing too many societal problems to a stock market time horizon problem—leads to stock market rules that insulate executives and boards from feedback, allowing some strategic mistakes to persist unnecessarily.

* * *

Getting this right is important because misdiagnosis leads us to policies that fail to cure real problems. The real target is a better-performing, more equitable economy. Aiming at the purported damage emanating from a purportedly excessively short-term stock market will miss that bigger and better target for something small and not particularly problematic.

Consider government support for R&D and for better climate and environmental policy.

Government’s declining support for research and development. R&D is weakening in the United States, the critics say, and stock market short-termism is to blame. Stock buybacks, exacerbated by short-termism, starve large firms of the cash they need to invest and to do more R&D. If those diagnoses were correct, a policy of insulating firms and their executives from stock market pressure could have cogency.

But corporate R&D spending is rising, not falling. Perhaps R&D should be rising more, yes. But a more obvious R&D weakness, as I show in Chapter 4, is the spectacular fall in US government R&D spending. Government-backed R&D often leads to breakthroughs in basic technology that greatly boost prosperity. If the decline-in-R&D culprit is mostly the sharply shrinking government support for basic research, then no amount of new time-horizon-focused stock market rules will fix the problem.

Figure 1: R&D spending in the United States rising as a proportion of GDP, 1977–2021. Source: Federal Reserve Bank of St. Louis, FRED https://fred.stlouisfed.org/tags/series?t=r%26d (accessed Jan. 4, 2022). The underlying data is from U.S. Dep’t of Commerce, Bureau of Econ. Analysis, National Income and Product Accounts, U.S. Dep’t of Commerce, Table 5.6.5, lines 2 & 6, http://www.bea.gov/itable/ [https://perma.cc/HM9A-7XM3].

Thinking that stock market short-termism’s truncating of corporate time horizons is the primary cause of weakened US R&D leads policymakers astray—to aim at the wrong target.

Weakened environmental and climate change rules. Critics complain that corporations contribute gravely to climate change and environmental degradation, with stock market short-termism particularly to blame. But weak corporate respect for the environment is not due to individual firms’ shortened time horizons but to the ability of firms to push the costs of environmental and climate damage away from themselves and onto others. They can do this in the short-term and the long-term, and can profit from offloading environmental costs while others pay. Indeed, maintaining a factory with toxic emissions into the future may look long-term to some and could save jobs but be bad for the environment. The right focus is not on when the damage is done—the time horizon problem—but rather on who suffers from the damage.

In too much public discourse, the stock market’s time horizon is mixed up with what the corporation aims for—profits instead of doing good in and of itself. But these two are largely separate: a firm can be long-term and profit-focused, or it can be short-term and generous. Thinking that time horizons and purpose are one and the same, or that changing the firm’s time horizon will make it less profit-focused, weakens our resolve for implementing better environmental regulation and climate solutions. What we need are better rules that prevent players—corporate and individual—from externalizing environmental costs to society while keeping the profits and convenience for themselves. No amount of tinkering with stock market time horizons will fix that problem. Thinking that tinkering with time horizons can fix it misses the real targets—the corporation’s (and our own) warped incentives—and prevents us from reaching the best solution.

Or any solution.

* * *

Consider the following when you think about how plausible it is that the stock market’s time horizon is persistently and perniciously too short: Tech companies that had their initial stock offerings in 2018 and 2019 before the Covid-19 slowdown included Dropbox, Survey Monkey, Cloudflare, and Spotify. Not one was profitable;^[5] the stock market bought them on a future-oriented view. Similarly, a slew of money-losing biotech companies made their initial stock offerings in 2018. In 2019 seven of the top ten biotech IPOs had no approved drug—hence, the market valued those companies for their long-term prospects not their immediate marketing capabilities—and still they collectively raised more than $1.95 billion from the stock market.^[6] Future possibilities, not current profits, drove investors, who were betting on the firms’ potential successes in drugs that would treat maladies such as autoimmune disorders and cancer.^[7]

This is not an accidental or one-time event. Recall the companies that were the largest by stock market capitalization in 2020—listed in Table 1. Years ago, when Amazon first sold its stock to the public, it had no earnings but still was accorded a half-billion-dollar value by the stock market, while Apple, Facebook and Google obtained a stock price about one hundred times their earnings when they first sold their stock—more than five times the stock market’s overall ratio of stock price to earnings.^[8]

All this indicates the stock market does value the distant future and has been doing so for decades.

Moreover, the logic behind the theory that there is pervasive economy-wide short-termism is not strong. For stock-market-driven short-termism to deeply afflict the US economy—as opposed to damaging only some firms, here and there—normal market processes must fail. When one big firm is too short-term and gives up long-term profit, others can jump in to profit from the short-termers’ neglect. The United States’ dynamic venture capital and private equity sectors make money from opportunities big firms don’t take. Or another big public firm that isn’t tied up by the stock market can pick up the slack. They all have the profit incentive to do so.

The Covid-19 crisis opened another window into short-termism. The consensus view among short-term critics is that the stock market overreacts to quarterly earnings changes. A few pennies up in quarterly profit and the stock soars. A few pennies down and the stock price plummets. Surely there’s some truth to this; but how seriously detrimental is it? In the first months of 2020, the Covid-19 lockdown froze more and more economic activity and gross domestic product plummeted, with forecasters then expecting a severe 2020 GDP decline of 5.8%. Unemployment rose to post–World War II highs. The Covid-19 lockdown and resulting decline in much economic activity crushed corporate earnings. By early June 2020, second quarter earnings were estimated to be down by more than 40% compared to the prior year—a swift and steep drop.^[9]

Yet during that time the stock market, after a modest decline, recovered strongly. The 40% estimated earnings decline was not matched by a 40% stock market fall, and the stock market reached an all-time high at the end of 2020. The critics who see the stock market as excessively short-run and obsessively quarterly focused need to explain why we did not see Covid-19-induced stock market declines as steep as the Covid-19-induced fall in earnings.

The easiest explanation is that the stock market is nowhere nearly as short-run oriented as critics say it is. The stock market’s long-run expectation was that the economy would recover in a year or two, when a good-enough vaccine or a cure became available, and it priced stocks for the long-run, not the immediate short-run. Yes, there is a coldness to a stock market assessing long-term economic value as a medical tragedy unfolded, but the stock market’s reaction to the Covid-19 crisis was hardly a short-term stock market at work.^[10]

* * *

Broader social and economic reasons help to explain why stock market short-termism is seen as seriously pernicious, as opposed to a small issue that might be better handled. These reasons are rooted in part in rapid economic change and in hard-to-resolve, perhaps irresolvable, conflict.

Economic change is accelerating. New technologies rise, dominate, and then are superseded. Markets open and close. Companies with high-flying stocks find themselves after several years with outmoded technologies, and their stock price falls. Long-established papermakers find people buy less paper than before. Retailers sell books one year and VCR tapes the next until DVD mailers put the VCR rental firms out of business and then online streaming forces the DVD distributors to recede. Newspapers are read on tablets; books are ordered, delivered, and read online; banks become virtual. Physical capital assets become obsolete before they have worn out. All these make the stock market jump, as new technologies change old ways.

The pace of economic change quickens and disrupts more jobs. Both those who are affected and their political protectors react, blaming the stock market for inducing the changes and being too short-term. Even if new technologies make many people better off, those who do not benefit—the employees and executives whose working lives, personal lives, and sense of self are diminished—do not sit still. They act and constitute a sympathetic audience for leaders who blame financial market short-termism for the disruption. And executives who want more autonomy from financial markets applaud and seek more autonomy from stock markets. Corporate lawmakers give them a sympathetic hearing.

We have more than a simple problem of technical data interpretation at hand. We are not just examining whether the stock market is too slow or too fast, but whether it is the conduit for disrupting too many people’s lives and livelihoods. Instead of a pure time horizon problem, we have serious underlying conflict and social dislocation, with the rhetoric of short-termism having become a means for criticizing the economy and the corporation. The rhetoric of stock market short-termism has become a manifestation of political, policy, and social combat as much as it is an economic problem for data inquiry, analysis, and a weighing of the evidence.

1. Senators Tammy Baldwin (Wisconsin) and David Perdue (Georgia), Brokaw Act: Bipartisan Reform to Protect Main St from Wall St Hedge Funds, www.baldwin.senate.gov/imo/media/doc/Brokaw%20Act%20OnePager.pdf. ↑

2. Senators Tammy Baldwin (Wisconsin) and Jeff Merkley (Oregon), The Brokaw Act: Strengthening Oversight of Activist Hedge Funds, www.baldwin.senate.gov/imo/media/doc/3.7.16%20-%20Brokaw%20Act%201.pdf. ↑

3. Jeffrey P. Prestemon et al., U.S. Dep’t of Agric., The Global Position of the U.S. Forest Products Industry 3, fig. 2 (E-Gen. Tech. Rep. SRS-204, 2015). ↑

4. Alon Brav, J.B. Heaton & Jonathan Zandberg, Failed Anti-Activist Legislation: The Curious Case of the Brokaw Act, 11 J. Bus. Entrepreneurship & L. 329 (2018). ↑

5. Ben Eisen, No Profit? No Problem! Loss-Making Companies Flood the IPO Market, Wall St. J., Mar. 16, 2018; Alex Wilhelm, Over 80% of 2018 IPOs Are Unprofitable Setting New Record, Crunchbase News, Oct. 2, 2018, https://news.crunchbase.com/news/over-80-of-2018-ipos-are-unprofitable-setting-new-record/; Cloudflare S-1 filing, Aug. 15, 2019, www.sec.gov/Archives/edgar/data/1477333/000119312519222176/d735023ds1.htm. Much of the data on these IPO issues originates with Jay Ritter’s IPO database, to be further discussed later in chapters 2 and 6. ↑

6. Melanie Senior, The Biopharmaceutical Anomaly, 38 Nature Biotechnology 798 (2020); Eisen, supra note 9. ↑

7. Kate Rooney, More Money-losing Companies Than Ever Are Going Public, Even Compared with the Dotcom Bubble, CNBC News, Oct. 1, 2018; Joanna Glasner, While Tech Waffles on Going Public, Biotech IPOs Boom, TechCrunch, July 2018. ↑

8. More specifically, the S&P 500’s price to earnings ratio was 9, 15, and 19, when the three went public. Microsoft was, comparatively speaking, the laggard, with a price-to-earnings ratio of 25 when the stock market overall was selling at about 16 times its prior year’s earnings. ↑

9. Factset, Earnings Insights, July 10, 2020, www.factset.com/hubfs/Resources%20Section/Research%20Desk/Earnings%20Insight/EarningsInsight_071020.pdf (last visited July 13, 2020). ↑

10. Matt Levine, the Bloomberg columnist, sharply analyzes this Covid-19 short-term versus long-term contradiction. Matt Levine, Stocks Are Trying to Forget 2020, Bloomberg Opinion—Money Stuff, June 1, 2020. A New York Times story on the stock market’s strength despite the Covid-19 hit to the economy reflects the forward-looking nature of the stock market, where—in theory—investors buy stock based on long-term expectation for profits and dividends they expect companies to generate, rather than on how they’re faring when the shares are purchased. Matt Phillips, “This Market Is Nuts”: Stocks Defy a Recession, N.Y. Times, Aug. 19, 2020, at A1, A10. The Federal Reserve’s low interest policy during the Covid-19 economic setback—which buoys the stock market—cannot be ignored here. ↑

For further reading, in addition to Missing the Target: Why Stock Market Short-Termism Is Not the Problem,  please see author Mark J. Roe’s related work in The Business Lawyer:

Mark J. Roe & Federico Cenzi Venezze, Will Loyalty Shares Do Much for Corporate Short-Termism?, 76 Bus. Law. 467 (2021).

Mark J. Roe, Corporate Short-Termism—In the Boardroom and in the Courtroom, 68 Bus. Law. 977 (2013). (This article is also presented in The Best of The Business Lawyer: 75 Years of Corporate Law, edited by Karl John Ege and John F . Olson.)

A few years ago, my company did not yet have a leader dedicated to Diversity, Equity, and Inclusion (DEI).^[1] It was 2019, and I recognized the potential risk and critical opportunity for our company from oversight by our Board of Directors^[2] to employee engagement. I took my passionate commitment to my legal team, to see if there was any appetite to engage on DEI. My team is diverse in gender, ethnicity, and other characteristics. So, it didn’t come as a surprise that there was definite interest to lead on DEI at our company. That same month, we organized the Amyris Legal DEI Initiative.

We started in our own camp: inquiring with our outside law firms on what they each did to incorporate DEI in how they provided their services to our team. We wanted to know if our law firms prioritized diversity in their own hiring, what measures they took to be inclusive in their professional development practices, how well their partnership composition statistics reflected diversity, and whether they were inclusive of diverse partners in the disposition of power across their own leadership. Being a smaller public company, we recognized that hiring/firing a law firm based solely on its DEI metrics wasn’t a viable option for us. But we believed that communicating our commitment to DEI could have real impact in our profession. We believed that inclusive professional practices lead to more creative and holistic advice and were, therefore, relevant from our client perspective. By conducting our review, we sent a message to our outside law firms: DEI matters to us as lawyers, and we were watching how each of our law firms was measuring up. Last fall, we conducted a follow-up DEI pulse survey with our outside law firms. We refreshed our message of commitment to DEI, and this time our survey was informed by my membership in the Leadership Council on Legal Diversity. This year, our Legal DEI Initiative formalized our position by developing our DEI Standards of Engagement that we now require our outside law firms to comply with when doing work for our company.

After engaging with our law firms, we decided to start leveraging cultural events and international holidays to educate on, and encourage dialogue around, DEI. Starting with International Women’s Day in 2019, I sourced “You Go Girl” t-shirts for us all to wear, and we took a group photo in our t-shirts and posted it on our intranet site and my LinkedIn page. It was a fun, simple gesture that modeled positive, inclusive messaging across our company. Later that spring, on behalf of our Legal DEI Initiative and in my executive capacity, I joined over 200 other public company GC/CLOs in an amici curiae brief to the Supreme Court that argued Title VII’s prohibition of employment discrimination included discrimination based on sexual orientation or gender identity (the Supreme Court agreed, 6–3, in July 2020). And in June 2019, we collaborated with our company’s LGBTQ+ employee affiliation group to co-sponsor a happy hour event to celebrate PRIDE month. Again, an easy way for our Legal DEI Initiative to show up in a positive way to message inclusivity with our own employees.

In August 2019, I joined the board of my company’s women’s group as its executive sponsor. My first move was to launch the first mentoring program at my company, by and for women. The program was so successful that it is now in its second iteration. In addition to this company-wide program, I have used my position on the board to forge alliances across my company’s employee affiliation groups, as I believe that collaboration on educational efforts and inclusive programming will render our company culture richer for everyone.

That fall, when it was my turn to do a “Talks in 20” at our employee townhall—where an executive presents and answers questions for 20 minutes on a topic that is relevant to the company’s mission and growth—I chose to present on “Diversity/Inclusion: Foundation Blocks for a Winning Company.” I brought my own angle to the topic: my diverse perspective as half French-Algerian; my passion for sports (women’s soccer, surfing, race car driving) and the issue of equal pay for women professional athletes; and my respect for female leadership and accomplishments in science and business. I outlined statistics from Boston Consulting Group^[3] and McKinsey^[4] on how diverse employees provide a company with creative approaches to business ideas and solutions, and how a company’s inclusive leadership not only drives higher revenues but allows for disruptive leadership in that company’s industry. It was a rich and engaging exchange that lasted well past 40 minutes. I took that as an indication that DEI was front-and-center in our employees’ minds.

When our country witnessed the atrocity of George Floyd’s murder in May 2020, my team’s DEI Initiative assumed a leadership position in our company’s internal dialogue about this tragedy and the concomitant social justice issues that had seized center stage across our country. We organized our company’s first Roundtable on Diversity, Inclusion, Education, and Acceptance on the last day of June—a symbolic gesture of solidarity with our LGBTQ+ community—that included representatives from all of our employee affiliation groups and our CPO. Our team’s DEI Initiative moderated the event and managed both the Q&A with our company’s employees (more than 50% joined the lunchtime Zoom event) and follow-up on employee-requested deliverables. This roundtable event is now serving as the foundation for a company-wide DEI committee. Since the first quarter of 2021, my DEI Initiative has been running quarterly sensitivity and educational sessions on topics from hate incident bystander training to transgender inclusion in the workplace.

In January 2021, my team launched its second initiative: AMRS Legal Gives Back. Focused on efforts to give back to the community, on behalf of both our legal team and our company, this initiative seeks to address issues of social justice that surround us today. Last year, this initiative donated a set of seven books to multiple local elementary schools to educate about cultural diversity and understanding amid rising incidents of hate and violence against Asian Americans and Pacific Islanders. And this year, we’re coordinating with an edtech company in Brazil to donate paper microscopes to fifth-grade public school students in the Brazil province where we’re building our new manufacturing facility. By supporting our community through the lens of education, we believe we’re fulfilling our ethical obligations to give back to others—to, in our own small way, make our piece of the planet safer, better, more equitable.

I’m also focused on cultivating future diverse leaders in the law. For the past three years, for ten weeks every winter, my team has had the pleasure of working with a diverse group of externs from Northwestern Law’s annual Bay Area externship program. And this summer, my team will welcome a first-year law student participating in Gibson Dunn’s Summer Diversity Internship program. By supporting diversity within the structure of legal education, I intend to contribute to the development of our profession into one that better represents the diversity of our society and its legal needs.

Lawyers are ethically bound to uphold the laws and to defend the legal rights of all peoples, and therefore, I see leadership on DEI as a natural extension of our professional ethical obligations. Employees come to the legal team for a range of assistance, advice, guidance. And so, it is altogether appropriate for lawyers to lead on DEI within their companies. I do it with a mission of promoting DEI through education; by engaging in DEI, you will find a purpose that resonates with you as a leader. By better understanding ourselves and each other, we can impact positive change both at our company and in our local and global communities. You will also build a legal team comprised of champions of equity and belonging. When you do, you will certainly witness increased education, awareness, and collaboration among your employees, and across your executive leadership teams. This engagement will both inspire and fortify you to lead with a broader perspective, and it will enrich your experience of practicing law.

Editor’s note, April 29, 2022: This article’s discussion of the author’s initial recognition of the opportunity for further engagement on DEI issues at her company has been updated.

1. I’m pleased to note that, as of this spring, my company has a Diversity, Equity, Inclusion & Belonging leader who is focused on building a program attuned to our company’s mission and responsive to our employees’ needs. ↑

2. In addition, in August 2021, the SEC approved Nasdaq’s new board diversity rule (Rule 5605(f)), requiring its listed companies to have at least two diverse members or provide reasons for not meeting its new standard. And in late 2021, the two leading proxy advisory firms (the Institutional Shareholder Services and Glass, Lewis & Co.) updated their guidelines to recommend a vote against the chair of the nominating committee of a board of directors which fails to meet certain diversity thresholds (gender and race/ethnicity) in its composition. ↑

3. https://www.bcg.com/en-us/publications/2018/how-diverse-leadership-teams-boost-innovation ↑

4. https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/delivering-through-diversity ↑

Ten years ago, the average person did not know what facial recognition was. Now, especially after its use in locating persons involved in the January 6, 2021, riots at the US Capitol, almost everyone knows its utility and power to find anyone who shows up in a video or “snap.” Many from both the left and the right sides of the aisle see its unregulated use as an intrusion into the privacy of the individual. State legislators, as explained below, are exercising their power to regulate the use of facial recognition by law enforcement and by private companies. The states are taking facial recognition regulation into their own hands while the federal government is at a standstill on passing privacy laws curbing the use of this powerful new software tool.

We pose and smile for selfies with friends and put them on Facebook, TikTok, Instagram, and Snapchat. We look up as we walk outside and see cameras on every street intersection pole, or at the city park. We believe they are looking for cars going through red lights or watching out for crime. What we may not realize is that our favorite apps and ever-present street cameras are using facial recognition to identify us and, using advanced A.I. software, tag us as we move from location to location. We also may not be aware that cameras can identify us by our gait and body movement, as well as our face. “Walk that way” has a new meaning.

New York City police reportedly used facial recognition from 15,000 cameras 22,000 times to identify individuals since 2017.^[1] Fear of crime is driving us, or being used to drive us, to give up our privacy by allowing law enforcement to use those ubiquitous street cameras to identify where we are, and even to listen to our words to recognize us. This technique, commonly called “voiceprint” identification, lets surveillance equipment instantly turn our words into searchable text as we walk down the street.

The legal issue of advanced technologies taking away our right of privacy is not new. In 1890, a young Boston lawyer, Louis Brandeis, co-wrote a Harvard Review article asserting that privacy was a fundamental right even if not listed as a right in the US Constitution. Brandeis was upset that two new inventions, the Kodak camera and the Edison dictating machine, were invading our private lives, exposing them to the public without our consent:

Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops.” ^[2]

In 1928, almost four decades later, then-Supreme Court Justice Brandeis penned his famous Olmsted v. US dissent on the issue of privacy. The case involved law enforcement wiretapping a new device located on the sidewalk: the public telephone. Brandeis explained:

Whenever a telephone line is tapped, the privacy of the persons at both ends of the line is invaded, and all conversations between them upon any subject, and although proper, confidential, and privileged, may be overheard.^[3]

Justice Brandeis advocated limiting law enforcement’s use of wiretapping. His views on regulating privacy rights eventually became law. Nine decades later, state legislators are again working to rein in the use of new technology: the pervasive placement of high-quality cameras and corresponding use of A.I. software. The concept of facial and biometric recognition has been around since the 1960s. However, the technology to make facial recognition accurate and fast has only been achieved in the last two decades with improvements in “computer vision” algorithms, faster processers, ubiquitous broadband, and inexpensive cameras. Law enforcement showed the world the effectiveness of the cameras and biometric A.I. software after the January 6^th Insurrection by accurately identifying hundreds of perpetrators within days.

Several states and municipalities are seeking to protect persons from abuse of biometrics by private companies and by law enforcement. The new laws generally attempt to limit private firms from using facial recognition without opt-in consent, or to limit law enforcement’s use of biometric identification tools.

Illinois Law Allows a Private Right of Action

Illinois led the way in this legislative trend by limiting private firms’ ability to collect biometric data without consent. In 2008, the state passed the Biometric Information Privacy Act, or BIPA. BIPA arose in response to a software company that collected fingerprint data at cash registers to allow for easy checkout but then, when the company went bankrupt, attempted to sell the customers’ fingerprint data as a bankruptcy asset. BIPA defines a biometric identifier as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” The law requires written consent for an entity to collect, capture, purchase, receive, disclose, or disseminate biometric information. Most significantly, it gives a person a right of action “against an offending party.” Damages are set per violation: $1,000 if caused by negligence and $5,000 if intentional.

The private right of action is one of the most controversial aspects of various privacy laws being proposed around the country. With a private right of action, plaintiffs’ attorneys are enforcing the privacy law by constantly seeking out potential defendants who are allegedly violating the law. Without a private right of action, state attorney generals must decide who to sue, if there are resources to sue, and if it is politically a good move to sue. Companies are often adamantly opposed to laws creating a private right of action, as such suits can result in large, complex class actions lasting for years and, potentially, very large judgements and settlements.

One result of the Illinois BIPA’s private right of action is that many online web firms and off-line companies are either stopping their use of biometric identification or more carefully obtaining opt-in consent from their customers and employees. The door opened for class actions and large judgments when in 2018, the Illinois Supreme Court ruled in Rosenbach v. Six Flags that BIPA did not require a showing of damages, only a showing that a violation occurred.^[4] Then in February 2022, the Illinois Supreme Court held in McDonald v. Symphony Bronzeville Park that the Illinois Workers’ Compensation Act does not protect companies from statutory BIPA damages. The McDonald case involved a nursing home collecting employees’ fingerprints without their consent, and the court found that the BIPA claims for statutory damages were not barred by the exclusivity provisions of the Illinois Workers’ Compensation Act.

In 2021, Facebook paid $650 million in a historic settlement of a BIPA lawsuit. Class members are to be awarded at least $345 each, though the payments have been delayed. Notably, Facebook announced it would stop using facial recognition just a few months later. Other plaintiffs and their attorneys also sued other web platforms including TikTok, Snapchat, and Google under BIPA. In 2021, TikTok announced that it settled an Illinois class action for $92 million.^[5] Shortly thereafter, in June 2021, TikTok changed its privacy policy to state that TikTok “may collect biometric identifiers” including “faceprints and voiceprints.” Plaintiffs filed a class action suit against Snapchat in 2020 for violations of BIPA.^[6] The case is currently before the Seventh Circuit on the issue of whether the minor plaintiff is subject to the Snapchat terms and conditions’ arbitration requirement. Microsoft, Amazon, and Shutterfly have also been sued for alleged BIPA violations. Reportedly, these cases involved photos uploaded from Flickr that were later used by IBM to “train” facial recognition software to help accurately identify people of color. The project was called “Diversity of Faces.” The IBM training database was then used by Microsoft and Amazon to improve their facial recognition systems.

Non-web firms have also been sued under BIPA. In 2021, for example, in Rosenbach v. Six Flags, Six Flags settled an Illinois class action for $36 million for fingerprints taken without consent.

Other States Take Action

Other states have also passed statutes limiting companies’ biometric use, but none with the “teeth” of a private right of action like Illinois’s BIPA. Texas was one of those states. In 2009, Texas passed the “Capture or Use of Biometric Identifier Act,” or CUBI. CUBI imposes a penalty of “not more than” $25,000 for each violation. However, unlike Illinois, there is no private right of action. In February 2022, Texas Attorney General Ken Paxton took action under the CUBI legislation and filed suit against Facebook, claiming that Facebook owed billions to the state for violating CUBI for not obtaining user consent when collecting the biometric data of more than 20 million Texas residents.

Still other states have passed laws limiting law enforcement’s use of facial recognition and biometric data. In October 2020, Vermont passed the “Moratorium on Facial Recognition Technology,” prohibiting law enforcement from using facial recognition. The Moratorium provides “a law enforcement officer shall not use facial recognition technology or information acquired through the use of facial recognition technology unless the use would be permitted with respect to drones….” Notably, the Vermont law expanded the definition of facial recognition to include recognition of “sentiment”:

“Facial recognition” means… the automated or semiautomated process by which the characteristics of a person’s face are analyzed to determine the person’s sentiment, state of mind, or other propensities, including the person’s level of dangerousness.

The COVID pandemic has been a busy time for new facial recognition laws. In 2021, Virginia enacted the “Facial recognition technology; authorization of use by local law-enforcement agencies” legislation (HB 2031) prohibiting local law enforcement and campus police from “purchasing or deploying” facial recognition. The Virginia statute did not prevent local law enforcement from using facial recognition deployed by others. Also, by prohibiting just “local law-enforcement agencies,” the law allowed other Virginia law enforcement agencies to use the technology. Interestingly, the law addressed only facial recognition and not the recognition of gait, fingerprints, voiceprints, or state of mind.

The same year, Massachusetts passed the “Facial and Other Remote Biometric Recognition” legislation limiting state law enforcement’s use of facial recognition. The law expressly included in the definition of facial recognition the “characteristics of an individual’s face, head or body to infer emotion, associations, activities or the location of an individual… gait, voice or other biometric characteristic.” The law required a court order or an immediate emergency where there could be a risk of harm to a person for use of facial recognition. It also limited all law enforcement agencies in the state, not just local law enforcement as in Virginia.

In 2021, Maine passed the “Act To Increase Privacy and Security by Prohibiting the Use of Facial Surveillance by Certain Government Employees and Officials,” which is similar to the “Facial and Other Remote Biometric Recognition” legislation in Massachusetts. However, Maine’s law applied to all government employees, not just law enforcement. Maine also allowed government employees to use facial recognition without a court order as long as the state employee was investigating a “serious crime” and believed there was “probable cause to believe that an unidentified individual in an image has committed the serious crime,” or under a limited number of additional exceptions. Massachusetts, by contrast, required a court order issued by a court that issues criminal warrants. Utah passed a similar law to that of Maine in 2021, limiting the government’s use of facial recognition except for investigations where there is a “fair probability” the individual is connected to the crime.

In other states:

• New York passed a 2021 law prohibiting facial recognition in schools.
• Washington state passed a law prohibiting government agencies from using facial recognition except with a warrant or in an emergency.
• In 2014, New Hampshire limited government agencies from using biometric data but allowed them to use it to solve a crime without a warrant.
• A 2020 Maryland law prohibits employers from using facial recognition during interviews without a signed consent.
• California passed a new law that banned law enforcement from using facial recognition in their body cameras but not in other police surveillance cameras. The law expires on January 1, 2023.
• Similarly, Oregon limited law enforcement from using facial recognition on body cameras.

While there appears to be a new trend in privacy rights among states, the majority of states—like Colorado and Montana—have failed in attempts to enact facial recognition legislation. Today as when Justice Brandeis opined on the topic 94 years ago, we are still balancing our right of privacy from the law enforcement with our fear of crime and the need to allow law enforcement to freely act. In addition, while Illinois, Texas, and California are limiting private companies from using biometric data without prior opt-in consent, most states have not enacted regulation to prevent private firms from using the technology, for now.

While the federal government is not addressing the thorny issue of facial recognition, states appear to be on a roll and are taking matters into their own hands. It is clear that both the left and the right of the political spectrum are seeking to curb the use of facial recognition and biometric software by law enforcement. Also, the implementation of a private right of action by Illinois has produced results in terms of keeping companies in line with regard to privacy rights. We should expect to see more state legislation granting private rights of action in cases related to violations of limitations on facial recognition and biometric data use, particularly in states with strong plaintiffs’ bars.

1. Amnesty International, “Surveillance city: NYPD can use more than 15,000 cameras to track people using facial recognition in Manhattan, Bronx and Brooklyn,” (June 3, 2021) https://www.amnesty.org/en/latest/news/2021/06/scale-new-york-police-facial-recognition-revealed/ ↑

2. Samuel D. Warren and Louis Brandeis, “The Right to Privacy,” Harvard Law Review, Vol. IV, No. 5 (1890), https://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html ↑

3. Olmsted v US, 277 U.S. 438 (1928) ↑

4. Rosenbach v. Six Flags Ent. Corp., 129 N.E.3d 1197(Ill. 2019) ↑

5. In Re: Tiktok, Inc., Consumer Privacy Litigation ILND 1:20-cv-04699; Joe Walsh, “TikTok Settles Privacy Lawsuit For $92 Million,” Forbes (February 25, 2021) https://www.forbes.com/sites/joewalsh/2021/02/25/tiktok-settles-privacy-lawsuit-for-92-million/ ↑

6.  Clark v Snap Inc. Case 3:21-cv-00009-DWD (US District Court Southern District of Illinois) (2021) ↑