As the world grapples with the continued spread of COVID-19, along with the unsettling public health and economic concerns, there are a number of uncertainties surrounding data security and privacy.* Efforts to contain the virus differ from country to country, as do the strategies surrounding the collection of data to aid in “contact tracing” that will surely be the subject of debate for years to come, with legal experts defining—or redefining—just how far governments and tech companies can go.

In order to counter the threat of the virus, countries have been adopting drastic measures, such as utilizing geolocation data and social contact history, leading to a number of complex privacy questions for both public and private entities involved in the process. This has created a substantial need for clarity from legal professionals and data protection authorities (DPAs) across the globe, many of whom are publishing guidance on best practices for collecting and processing personal data related to COVID-19 in order to stay in line with obligations under privacy and data security laws.

Most discussed in the public eye currently is Google and Apple’s recent announcement about their extensive coronavirus partnership. In the next few months, they will unveil updates to their operating systems to enable contact tracing to help identify carriers of the virus so they can be isolated from the public. It works by tracking with whom one comes into contact by recording where one’s Bluetooth connects with other nearby devices. Once approved, government health agencies will be able to utilize the app to track physical proximity among phones. The system is Bluetooth-only, fully opt-in, and collects no location data from users.

It all sounds good in theory; however, security experts are pointing to potential flaws in the system, including techniques that could reveal the identities of COVID-19-positive users and help advertisers track them, or invent false positives from users with malicious intent.

Most countries affected by COVID-19 are adopting their own version of contact tracing, and nearly all are going digital and leveraging the power of smartphones through Bluetooth or geolocation data. The Google and Apple announcement has propelled public attention and concern on the topic of privacy laws.

Governments Consider Surveillance Methods That Push Limits

In China, telecommunications organizations helped the government track and contact those who had traveled through Hubei province in the early days of the virus. Location data was then channeled to China’s Health Commission, which allowed them to trace the steps of those infected.

In Israel, the government passed an emergency law to use mobile phone data to track those who test positive for COVID-19 as well as identify others with whom they have come into contact and may have infected. This method has typically been reserved to counter-terrorism operations, but it is now being used to track infected patients and their phone contacts. If someone found to be positive for COVID-19—or someone who was in close contact with one—disobeys quarantine, they receive a text message or call ordering them to return home. If they don’t, the police are called.

Since the start of the pandemic, countries to the west have been paying close attention to how countries like China and Israel have used data collection and apps as part of their public health response. Many critics have raised concerns about privacy and potential illegal use of data, especially as the virus has spread through Europe and the United States.

The European Union and a “Pan-European” Approach

In the European Union, contact tracing must be compliant with the EU’s privacy law, the General Data Protection Regulation (GDPR), as well as separate laws specific to the given EU country. Still, EU nations can make their own exceptions to the rules temporarily for emergencies. For example, Italy adopted a decree to address the intersection between the GDPR and COVID-19, the need for processing special categories of personal data, and how some data-protection rights could be halted to combat the coronavirus.

GDPR Article 6 provides that processing personal data without consent is lawful where it is necessary for compliance with a legal obligation to protect the public interest or to protect an individual. In fact, it provides specific language on not needing consent for monitoring epidemics, pandemics, and their spread, or in situation of humanitarian emergencies.

Earlier this month, Human Rights Watch and more than 100 other organizations issued a joint call for legal protections on how government can use digital surveillance, including mobile phone location data, to fight the pandemic. Europe is under intense scrutiny by these groups as the European Commission scrambles to develop coronavirus tracking apps, seeking an “EU approach” to contain the disease. As a result, hundreds of researchers from eight countries in Europe have been working on the Pan-European Privacy Preserving Proximity Tracing Project (PEPP-PT) to develop a single app that any county can use and that is compliant with EU privacy laws.

U.S. Law

Although there is no main data-protection law at the federal level in the United States like the GDPR, there are several federal and state laws that offer privacy protection to certain types of data, like health information, employment, and location data.

As the United States continues to control the spread of the virus and develop plans to potentially reopen the economy, government agencies have put into place—or contemplated—a variety of tracking and surveillance technology that examines the limits of personal privacy—everything from geolocation tracking that oversees the location of people through their mobile devices, to facial-recognition programs that analyze pictures to determine who may have come into contact with those who later test positive for the coronavirus. In fact, we know that data-mining firm Palantir Inc. has worked with the Centers for Disease Control and Prevention (CDC) to model the virus and its outbreak and continues to do so.

This is leading to a struggle among those in the tech industry and among government officials to find a balance between the deployment of technology and safeguarding patients’ data, specifically medical information. At the same time, privacy advocates worry that little has been announced about what has already been implemented or about to be deployed as governors across the country determine when and how to reopen their states.

Healthcare and Location Data Biggest Concern in United States

Just like in the European Union, the United States has issued guidance on privacy and data security relating to COVID-19. The Department of Health and Human Services (HHS) has waived sanctions and penalties against covered hospitals for certain provisions under HIPAA. The waiver includes the requirement to obtain a patient’s consent before speaking with friends or family members about care, the requirement to distribute a notice of privacy practices, the patient’s right to request privacy limitations, and the patient’s right to request confidential communications.

As the crisis continues in the United States, much-needed additional guidance is being issued by local, state, and federal agencies.

The United States does have The Health Insurance Portability and Accountability Act Privacy Rule, which protects the privacy of a patient’s health information, although its protections are not unconditional. Just this past February, HHS released a bulletin outlining when disclosure of health data is permitted, which includes for public health reasons and “to prevent an imminent threat.”

The U.S. Constitution, specifically the Fourth Amendment, also protects certain expectations of privacy, including one’s physical location. Reference Carpenter vs. U.S., for example, in which the U.S. Supreme Court looked at how to apply the Fourth Amendment to cell phone records, particularly cell-site location information (that looks at a person’s past movements). The government had obtained the records as part of a criminal investigation and argued Carpenter should not have an expectation of privacy in them because he voluntarily provided it to third parties (cell phone carriers). However, the Supreme Court ultimately ruled that the government invaded Carpenter’s reasonable expectation of privacy when it accessed cell-site location information from wireless carriers.

It is likely that as COVID-19 cases continue to exist, creating the need for contact tracing, there will be more discussion in the United States on privacy interests like those discussed in the Carpenter case. As such, the need to quickly address it because of this public health issue seems likely as well.

Main Takeaways

It is evident that contact tracing and testing technology will very much play a role in forming a sound, strong recovery strategy. Understanding what our privacy laws require in specific situations, like pandemics or public emergencies, as well as how they are applied are going to be crucial to continue managing COVID-19 and reopening our economies.

By tapping into people’s phones and medical records, researchers and public health authorities are hoping to quickly identify potentially infected patients and curb the pandemic. In fact, the federal agency in the United States in charge of policing data breaches already announced it will back off enforcement of some privacy rules to make it easier for healthcare facilities and their vendors to share patient records with public health officials.

Scaling back of these health privacy rules—and justifying them during a crisis—raises the question of what happens when the pandemic ends. Will life return to normal, or will we redefine what we historically knew as our right to privacy? Will we have another version of the Patriot Act in the United States? Will we have countries around the world tracing their citizens movements freely under the excuse of this pandemic?

On a more positive note, how will countries across the globe learn from one another to develop best practices for tracking diseases that, hopefully, respect our privacy?

*John Neocleous is the founder and managing partner of NCI Law Group, a multinational law practice in the United States, United Kingdom, and Switzerland.

The healthcare industry remains a significant portion of the U.S. economy and will be so for the foreseeable future.* The U.S. Centers for Medicare and Medicaid Services (CMS) reported that in 2018, the overall share of U.S. gross domestic product (GDP) related to healthcare spending was 17.7 percent. Moreover, national health expenditures are projected to grow at an average annual rate of 5.4 percent for 2019–28 and to represent 19.7 percent of GDP by the end of the period. A large portion of that spending is related to payment for the provision of healthcare services. As such a large portion of the economy, both activity and interest in acquisitions of healthcare services companies has been incredibly robust for at least the last 25 years. There does not seem to be any indication of a significant slow-down any time soon. In middle-market private equity transactions alone, valuation of healthcare services companies continues to rise to unprecedented levels.

Given the large portion of the economy that healthcare represents and the market interest in acquisition activity, an understanding of the major, material healthcare regulatory risks that an acquirer might face is important to an effective and meaningful acquisition. That understanding can assist an acquirer in either eliminating risk or at least mitigating it appropriately. This article will provide a summary of those major, material health regulatory risks, some basic diligence requests to address in pretransaction diligence, and thoughts on representation and warranty issues in transaction documents.

Before discussing risks, a definition of “healthcare services” is important to understanding the types of businesses that face these risks in ways that can be material to the business. For purposes of this article, healthcare services includes businesses that provide professional/clinical healthcare services to patients; brick-and-mortar, in-patient and out-patient healthcare providers; and businesses that provide ancillary healthcare services. To be specific, these healthcare services businesses include, but are not limited to: hospitals and health systems, nursing homes, behavioral health providers, physicians and healthcare professional groups, home health and hospice providers, outpatient clinics, ambulatory surgery centers, out-patient rehabilitation, substance use disorder services, senior housing and services, and continuing-care retirement communities.

Most if not all of the aforementioned healthcare services businesses face a majority of certain material health regulatory risks. These material risks fall within five categories that include government reimbursement, fraud and abuse, licensure, excluded parties, and healthcare privacy-related issues. A summary discussion of each of these risks is contained in the sections that follow.

Category 1: Government Reimbursement

CMS, the administrator of the Medicare and Medicaid programs, is the single largest payer for healthcare services in the United States. The dollars it spends on healthcare services far exceed any other payer, including commercial payers. CMS administers the Medicare program (Parts A, B, and D) through its administrative contractors as well as through managed care plans (Part C). CMS partners with states, which partially fund Medicaid programs, to administer the Medicaid programs. In order to participate in either Medicare or state Medicaid programs, healthcare services businesses agree to comply with a significant regulatory framework mostly in the form of conditions or requirements for participation (a Regulatory Condition) as well as specific requirements relating to the submission of claims for services or supplies provided (a Claim Submission Requirement).

Material liability risks for healthcare services businesses can arise from a significant failure to meet a Regulatory Condition or a Claim Submission Requirement. Random or targeted government inspections and complaints from patients or clients can result in a citation for a failure to meet a Regulatory Condition. Those citations can culminate in civil fines that in some cases may carry per-day penalties. They can also result in potential termination from the Medicare or Medicaid program. Civil penalties can range from minor amounts to major material liabilities for the business. In that respect, understanding what, if any, (i) inspections/citations a healthcare services business has been subject to historically; and (ii) what may be currently outstanding is important to assessing risk in a possible acquisition. Failures to pay civil fines may also result in termination of participation in Medicare or Medicaid.

Complying with Claim Submission Requirements is likely one of the most important issues for healthcare services businesses that participate in government payment programs. Failures to comply can result in demands for recoupment or allegations of overpayments. In some cases, what a business may see as a simple error, the government or its contracted agents view as an intentional act to defraud. A missing provider signature or a failure to document a patient’s vital signs can result in a failure to meet a Claims Submission Requirement. These failures can be minor or they can be significant and carry millions of dollars in repayment liability.

Reimbursement diligence. In order to assess these types of risks with a potential target, acquirers should at the very least examine:

• documents relating to investigations, audits, surveys, site visits, and inquiries by governmental agencies and contractors
• documents relating to corrective action plans imposed on the business or implemented by the business
• documents relating to unpaid civil monetary penalties or administrative penalties and civil settlements
• documents relating to any self-disclosures or voluntary disclosures made to any governmental authority
• documents relating to internal audit reports of billing and coding reviews or audits
• documents relating to any third-party reports and related deliverables from consultants engaged to billing and coding audits or reviews

In addition to conducting appropriate diligence, the material transaction document should contain representations and warranties from the seller that broadly address: (i) general compliance with healthcare laws; (ii) compliance with government programs and claims filing obligations; (iii) the absence of any material overpayment or claims filing repayment obligations; and (iv) no affirmative inappropriate or illegal conduct.

Category 2: Fraud and Abuse

Fraud and abuse in the healthcare system has been a concern of federal and state regulators almost since the inception of organized health care and certainly became a significant issue with the passage of legislation creating the Medicare and Medicaid programs. Major fraud and abuse laws include the Federal Anti-Kickback Statute (AKS), 42 U.S.C. §1320a-7b(b), the Physician Self-Referral Prohibition (the Stark Law), 42 U.S.C. §1395nn, and the Criminal and Civil False Claims Acts, 18 U.S.C. §287 and 31 U.S.C. § 3729. These laws prohibit certain business practices as well as provide for penalties relating to fraudulent claims to government payment programs.

Fraud and abuse liability can come in many forms and can result in both civil and criminal liability depending on the conduct and issues at hand. Moreover, fraud and abuse liability is rarely immaterial to a transaction unless the target involved is a large business facing a civil liability, and given the size of the target, the liability will not be material to its business operations. Even in those circumstances, however, the acquirer will likely not want to inherit the liability.

Fraud and abuse diligence. In order to assess these types of risks with a potential target, acquirers should at the very least examine:

• contracts between the target and other healthcare businesses or vendors
• documents or memos analyzing any arrangement the target feels fits into a safe harbor to the AKS or exception to the Stark Law
• business relationships with physicians and other healthcare professionals whether via ownership or compensation
• business relationships with any individual or entity in a position to refer business paid for by governmental programs to the target business
• marketing activities of the target
• bonus and compensation plans
• documents relating to governmental actions and other issues mentioned in the section on Claim Submission Requirements above

In addition to representations and warranties from the seller mentioned above in relation to government reimbursement, the material transaction document should contain representations and warranties with respect to fraud and abuse matters that address: (i) specific compliance with major federal and state fraud and abuse prohibitions; (ii) the absence of adverse criminal or civil settlements or civil monetary penalties; and (iii) the absence of any threatened or current civil or criminal litigation relating to fraud and abuse matters.

Category 3: Licensure

As one of the most regulated industries in the United States, an acquirer can expect that most, if not all, of the target companies they are looking to acquire have some type of license or permit to do what they do in health care. Ensuring that a target business has the correct licenses, has complied with all of the regulatory requirements relating to retention of those licenses, and has not been subject to any type of adverse finding by a licensure authority are integral to assessing any material risk in a potential transaction.

It is important to recognize that there are simple risks relating to licensure that might result in immaterial fines. However, multiple instances of immaterial fines might add up to revocation of a license that is necessary to operate the business. As a result, understanding the target’s regulatory compliance history through appropriate diligence is important to assessing risk.

Licensure diligence. In order to assess this type of risk with a potential target, acquirers should at the very least examine:

• all current regulatory permits, licenses, certifications, accreditations, certificates of need, and other required approvals that the target may have relating to its business
• documents relating to investigations, audits, surveys, site visits, and inquiries by governmental agencies and contractors
• documents relating to corrective action plans imposed on the business or implemented by the business
• documents relating to unpaid civil monetary penalties or administrative penalties and civil settlements
• documents relating to any suspension, termination, or revocation of a license
• documents relating to any refusal to approve a license

Relative to licensure, seller’s should also provide, via the material transaction document, representations and warranties to the buyer that: (i) affirmatively state the seller has all of its required licenses; (ii) none of those required licenses have been subject to suspension, revocation, or termination; and (iii) there is no current action to suspend, revoke, or terminate a required license.

Category 4: Excluded Parties

Generally, excluded parties in the healthcare context are persons or entities (i.e., businesses) that have either been excluded from participation in federal healthcare programs or excluded from participation in federal contracts. The U.S. Department of Health and Human Services’ Office of the Inspector General (OIG) has the authority to exclude individuals and entities from participating in federal healthcare programs, which include Medicare, Medicaid, and any other healthcare program funded directly or indirectly by the federal government. Exclusion in its most basic sense means that no payment can be made for any items or services furnished, ordered, or prescribed by an excluded individual or entity. The OIG maintains a searchable list of excluded individuals and entities on its website.

In addition to OIG exclusions, the U.S. General Services Administration (GSA) maintains a comprehensive list of individuals and entities that have been excluded from participation in federal contracts. The GSA’s excluded parties list system contains a list of persons and entities that have been excluded by federal government agencies from receiving federal contracts or federally approved subcontracts, and from certain types of federal financial and nonfinancial assistance and benefits.

A target company that has in the past or is currently employing an excluded individual or has had, or has, a contract with an excluded party can have material risks associated with it. If the excluded individual or contractor “touched” (i.e., was associated with) significant federal dollars, the target entity could face material liability. Beyond simply a repayment of those associated dollars, there are also potential civil penalties that can be assessed. The civil penalties can become significant. As a result, there is a general expectation that healthcare services companies will have checked the appropriate databases periodically to screen for ineligible individuals and entities and steer clear of them.

Excluded parties diligence. In order to assess this type of risk with a potential target, acquirers should at the very least examine:

• whether the company has a process in place that screens for excluded parties
• whether the company has ever had exposure to an excluded party and how that exposure was handled

In addition to the previously described representations and warranties, the material transaction document should contain one specific to exclusions that provides that the seller has not hired an excluded party and periodically checks to ensure it is not associating with excluded parties.

Category 5: Healthcare Privacy Issues

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national privacy standards to protect individuals’ medical records and other personal health information (PHI). It also establishes physical and electronic security standards for PHI. HIPAA applies to “Covered Entities,” which include healthcare providers, insurers, and other stakeholders that may use or disclose PHI. HIPAA requires Covered Entities to develop and follow procedures that ensure privacy and security of PHI and sets limits and conditions on the use and disclosure of PHI without patient authorization. Compliance with HIPAA is not only for Covered Entities, but also for their business associates (e.g., claims processors and bill collectors). Covered Entities that must share PHI with a business associate should have a written Business Associate Agreement (BAA) in place that requires the third party to comply with HIPAA requirements.

HIPAA violations can result in civil or criminal liability depending on the nature and extent of the violation. The civil penalties can end up being quite costly, ranging anywhere from $100 to $50,000 per violation. Additionally, Covered Entities must provide notification of a privacy breach to affected individuals, the Secretary of HHS, and in some circumstances, the media. Thus, acquirers should focus diligence efforts on existing HIPAA compliance processes and any prior or ongoing privacy-related investigations to assess not only the potential financial implications, but also the reputational implications.

Healthcare privacy diligence. In order to assess this type of risk with a potential target, acquirers should at the very least examine:

• the company’s HIPAA compliance policies and procedures covering at least the last three years
• any HIPAA training materials and information on how personnel received HIPAA training
• all BAAs in place over the last three years
• documents relating to HIPAA compliance tracking and assessment
• documents relating to any security breaches or incidents, follow-up response, and disclosure of the breaches/incidents to individuals or third parties
• list of complaints or allegations of privacy/security breaches involving the company

Given the increased scrutiny on privacy compliance, the material transaction document should contain targeted representations and warranties from the seller that address HIPAA privacy and security compliance as well as the absence of any privacy or security breaches.

An Additional Note on Regulatory Compliance Programs

Regulatory compliance programs have become an increasingly important part of the healthcare industry. Despite there not being a significant regulatory requirement to have a compliance program, healthcare service providers are strongly encouraged to make them a priority. Additionally, as providers often became subject to federal False Claims Act allegations in particular, they became more aware of the U.S. Federal Sentencing Guidelines for Organizations and the process by which the guidelines can provide some mitigation in sentencing for organizations with effective compliance and ethics programs. Moreover, the OIG embarked on a campaign to encourage healthcare services providers to voluntarily develop and implement programs through its compliance program guidance.

The purpose of compliance programs is to help healthcare services providers develop controls for adherence to applicable healthcare law. Regulatory compliance programs are designed to monitor compliance and correct compliance issues before they become a significant problem. Most importantly, well-developed and effective compliance programs have become the yard stick by which buyers can measure a target company’s “culture of compliance.” Essentially, if a buyer finds that a company has a well-developed and effective program, they can get some comfort with respect to the company’s overall regulatory compliance. As a result, most if not all buyers conduct some form of diligence relating to a seller’s regulatory compliance program.

Regulatory compliance diligence. In order to assess this type of risk with a potential target, acquirers should at the very least examine:

• whether the company has an established compliance committee and officer
• documents relating to regulatory compliance policies, procedures, and training materials
• documents relating to corporate compliance tracking, assessment, and response
• meeting minutes from the company’s compliance committee, if applicable

Although not a must-have, buyers should include in the material transaction document a targeted representation and warranty from the seller that specifically addresses the sellers implementation of a regulatory compliance program that meets OIG guidance, the federal sentencing guidelines, or both.

As transactions involving healthcare services providers increase, an understanding of the major areas of material risk discussed in this article will be an important tool for any business lawyer involved in such a transaction. This summary provides an outline for practitioners to help them ensure that important pretransaction regulatory diligence is conducted and the material transaction document allocates risk appropriately through representations and warranties.

*Ari J. Markenson, J.D., M.P.H., is a partner and co-chair of the Health Care and Life Sciences Industry Group at Winston & Strawn, LLP. Cynthia Suarez, Esq., is an associate in the Health Care and Life Sciences Industry Group at Winston & Strawn, LLP.

On May 4, 2020, U.S. Securities and Exchange Commission (“SEC”) Chairman Jay Clayton (“Chairman”) and SEC Director of the Office of Municipal Securities Rebecca Olsen (“Director”) recommending that municipal securities issuers and obligors (each of these, herein, “issuer(s)”) provide robust, timely, and accurate disclosures regarding the impact of and uncertainties caused by the COVID-19 health crisis. This statement issued on April 8 by the Chairman and the Director of the Division of Corporation Finance William Hinman concerning disclosures by public companies in light of COVID-19. Both statements urge current and, to the extent feasible, forward-looking disclosure, as outlined in the corporate issuer disclosure statement.

Most issuers in the municipal market file only (i) annual financial disclosure reports and (ii) notices of listed events listed under SEC Rule 15c2-12. The impacts of COVID-19 would generally not fall within the scope of the Rule 15c2-12 notice events, absent a severe impact such as an issuer’s rating downgrade or a missed debt service payment. In the municipal disclosure statement, the SEC urges issuers to make supplemental “voluntary, unaudited and non-routine disclosures regarding [their] current financial status and operating conditions,” and the SEC encourages issuers to make available to investors “as much information about their current financial and operating condition as is reasonably practicable.” The SEC stresses the “need for timely financial information” and observes that, due to the unpredictable nature of the pandemic and its effects on current market conditions, the practice of providing historical financial information in an annual filing may not adequately enable investors to assess an issuer’s current and projected financial state in order to make an informed investment decision.

Recognizing the higher risk of liability that might result from issuers’ enhanced required and/or voluntary disclosures, the SEC notes that such disclosures may be accompanied by “meaningful cautionary language—including, for example: (1) a description of relevant facts or assumptions affecting the reasonableness of reliance on and the materiality of the information provided, (2) a description of how certain important information may be incomplete or unknown, and (3) the process or methodology (audited vs. unaudited) used by the municipal issuer to produce the information—[which] will not only improve the quality of the disclosure but also will reduce legal and other risks.” According to the statement, the Chairman and the Director “would not expect good faith attempts to provide appropriately framed current and/or forward-looking information to be second guessed by the SEC.”

To date, issuers have filed several thousand disclosures concerning the effects of COVID-19 on the Electronic Municipal Market Access (“EMMA”) system operated by the Municipal Securities Rulemaking Board (“MSRB”), which serves as the official source for municipal securities disclosures and related market data. Following the municipal disclosure statement, we expect that issuers planning to bring bond issues to market, or that are filing annual or quarterly reports, or that are filing Rule 15c2-12 event notices, will disclose the impact of COVID-19 on their financial and operating condition in the same offering documents or required filings. Issuers who do not anticipate issuing bonds or making required disclosures in the near future should consider (i) providing voluntary disclosure on the current and reasonably anticipated future impact of COVID-19 on their financial condition and operating results, and (ii) the risks associated with providing such voluntary disclosure.

On May 22, 2020, the SEC announced that its conference entitled “Spotlight on Transparency: A Discussion of Secondary Market Municipal Securities Disclosure Practices” has been rescheduled for June 16, 2020. The conference is open to the public via live webcast from 1 p.m. to 4 p.m. ET at www.sec.gov, and will be archived on the Office of Municipal Securities webpage for later viewing. The conference will bring together a variety of municipal securities market participants, including issuers and investors, to discuss the state of secondary market disclosure in the municipal securities market, including COVID-19-related disclosure.

Certain literary or graphic characters may, in some cases, enjoy copyright protection. Think James Bond—or Batman, and even his Batmobile. Recently, the Ninth Circuit was called upon to determine whether the Moodsters, “anthropomorphized characters representing human emotions,” are subject to the same copyright protection as Batman. Sadly, the Ninth Circuit concluded they do not.

The Moodsters were created by an expert on children’s emotional intelligence and development, Denise Daniels. She created the Moodsters to “help children cope with strong emotions like loss and trauma.” In 2005, Ms. Daniels and her team released an initial product called The Moodsters Bible. The Moodsters Bible told the story of five characters who were “color-coded anthropomorphic emotions,” each representing a different emotion: pink forlove, yellow for happiness, blue for –sadness, red for anger, and green for fear. Two years later, Ms. Daniels and her team released a 30-minute television pilot featuring the Moodsters called, “The Amoodsment Mixup.” In 2015, Ms. Daniels and her team had developed a line of toys and books featuring the Moodsters that were sold at Target and other retailers.

Ms. Daniels claimed that she pitched the Moodsters concept to several entertainment companies, including the Walt Disney Company and its affiliate, Pixar, between 2005 and 2009. She claimed she had contact with Thomas Staggs, the CFO of the Walt Disney Company, and that he had informed her that he would share information about the Moodsters with Roy E. Disney, the son of Disney’s founder. Ms. Daniels also claimed that at some point she spoke with film director Pete Docter about the Moodsters.

In 2010, Disney began development of its movie Inside Out, which was released in 2015. Inside Out focuses on five anthropomorphized emotions “that live inside the mind of an 11-year-old girl named Riley.” The emotions represented are joy, fear, sadness, disgust, and anger. The film was directed by Peter Docter, who also co-wrote the screenplay. He claimed that he got the idea for the film by “the manner with which his 11-year-old daughter dealt with new emotions as she matured.”

In 2017, Daniels sued Disney for breach of implied in fact contract in connection with Inside Out. She then filed an amended complaint, which joined her company, The Moodsters Company, and sued for copyright infringement “of both the individual Moodsters characters and the ensemble as a whole.” Disney moved to dismiss, which was granted by the district court on the grounds that “The Moodsters are not protectable by copyright.” Daniels appealed that ruling to the Ninth Circuit. (This article does not address Ms. Daniels’s implied contract claim.)

The Ninth Circuit began by recognizing that, “[a]lthough characters are not an enumerated copyrightable subject matter under the Copyright Act, … there is a long history of extending copyright protection to graphically depicted characters.” For instance, the Ninth Circuit cited to its prior decision in DC Comics v. Towle, 802 F.3d 1012 (9^th Cir. 2015), in which it held that the Batmobile was entitled to copyright protection. In the Towle case, the Ninth Circuit adopted a three-pronged test for determining whether a character is entitled to copyright protection: (1) the character has “physical as well as conceptual qualities;” (2) the character is “sufficiently delineated to be recognizable as the same character whenever it appears” and “display(s) consistent identifiable character traits and attributes;” and (3) the character is “especially distinctive” and “contain[s] some unique elements of expression.” The Ninth Circuit examined whether The Moodsters satisfied this three-pronged test.

The Court recognized that Disney did not contest the first prong—that each of the individual Moodsters had physical as well as conceptual qualities. Given that they had physical qualities, “[t]he Moodsters are not mere literary characters.” 

However, it was the second prong that proved to be the biggest hurdle for Ms. Daniels and her Moodsters. The Ninth Circuit reasoned that “a character that lacks a core set of consistent and identifiable character traits and attributes is not protectable, because that character is not immediately recognizable as the same character whenever it appears.” The Ninth Circuit contrasted The Moodsters with recognizable characters like Godzilla or James Bond who, though their physical characteristics could change over time, maintain “consistent and identifiable character traits and attributes across various productions and adaptations.”

The Ninth Circuit continued by noting that the use of “a color to represent a mood or emotion is an idea that does not fall within the protection of copyright.” In fact, it noted that “the idea of color psychology is involved in everything from decorating books to marketing and color therapy,” and that “color and emotion are also frequent themes in children’s books, such as Dr. Seuss’s classic, My Many Colored Days.” The Ninth Circuit also noted that “colors themselves are not generally copyrightable” nor “is the `idea’ of an emotion copyrightable.”  Thus, the Ninth Circuit concluded that Daniels could not “copyright the idea of colors or emotions, nor [could] she copyright the idea of using colors to represent emotions where those ideas are embodied in a character without sufficient delineation or distinctiveness.”

It was this last issue, “sufficiently delineated,” that especially troubled the Ninth Circuit. First, the Court noted that the physical appearances of the Moodsters had “changed significantly over time.” When they first appeared in the 2005 Bible, they had an insect-like appearance. By the time they appeared in retail stores in 2015, they looked “like small loveable bears” with “a detective’s hat and small cape.” While the Moodsters’ representation of the five human emotions had not changed over time, the descriptions of each character had. For instance, the 2005 Bible described each character with a few short paragraphs; however, these descriptions were no longer mentioned in the 2007 television pilot. Furthermore, in every iteration of the Moodsters, they had different individual names. Finally, while initially each character related to its emotion in its own way (for instance, the “anger” Moodster would become angry), the Moodsters were “mood detectives” by 2015, trying to help a young child discover his emotions.

The Ninth Circuit then contrasted the ever-changing Moodsters with that of the Batmobile that it considered in Towle. The Court noted that over a 25-year period, “the Batmobile had numerous identifiable and consistent character traits and attributes,” and that it was always referred to as “a crime fighting car” and it had jet engines and modern weaponry; it could “navigate through landscapes impassible for an ordinary vehicle.”

Finally, even if the Ninth Circuit concluded that the Moodsters could satisfy the second prong, they would also fail the third prong in that they were not “especially distinctive.” The Ninth Circuit compared the Batmobile, which consistently had the same name over time, with the Moodsters, who had at least three entirely different sets of names over time. Therefore, they were not “especially distinctive” and could not meet the third prong of the Towle test either. 

The Ninth Circuit did disagree with the lower court, however, in its conclusion that the Towle test was the only possible analysis for determining whether a character was entitled to copyright protection. The Ninth Circuit recognized that it had decided nearly 60 years ago in Warner Bros. Pictures v. Columbia Broadcast System, 216 F.2d 945 (1954), that a character could be entitled to copyright protection if it constituted “the story being told” in a particular work. However, “a character is not copyrightable under this test where `the character is only the chessman in the game of telling the story’.” The Ninth Circuit noted that this is a “high bar since few characters so dominate the story such that it becomes essentially a character study.”

The Ninth Circuit concluded, however, that even under the Warner Bros. test, the Moodsters were not entitled to copyright protection. Given that the Moodsters were introduced in the 2005 Bible with short descriptions, “these pithy descriptions do not constitute the story being told” as required by the Warner Bros. test. By the time of the 2007 television pilot, there was even less character development such that, “The Moodsters are mere chessmen in the game of telling the story.” Thus, even under the alternative Warner Bros. test, the Moodsters were not copyrightable.

Finally, Ms. Daniels argued that even if the individual Moodsters were not copyrightable, then the ensemble of the five Moodsters should be entitled to copyright protection. The Ninth Circuit rejected this claim on the ground that whether you described the Moodsters individually or as an ensemble, it did not change the analysis as to their “distinctiveness” or the “degree of delineation.”

The Ninth Circuit’s decision in the Daniels case makes clear that it is extremely rare that a particular character will be entitled to copyright protection. Only those characters which are or have a consistent level of distinctiveness or degree of delineation could possibly qualify for copyright protection.

Clawbacks are provisions that assure a former equity owner receives fair, full consideration when it sells its equity. Such provisions enable the former owner to participate in the consideration received in a subsequent sale of the business by the remaining owner or owners.

Whether a buy-sell agreement was previously in place among equity owners or not, a departing business partner wants to be assured that at the time of sale it receives full value for its interest. In many cases, there is concern that shortly after the sale of its interest, the remaining owners will sell their interest for a significantly higher price.

Although federal and state securities laws may protect a departing owner from the remaining owners not disclosing an imminent sale, or that a higher offer has been made for the business, it is prudent for counsel for the departing owner to consider inclusion of a clawback provision in the sale agreement.

A departed shareholder may feel that his or her business efforts, or the critical capital provided, greatly contributed to the company’s growth and that dividends from those efforts will continue for at time after his or her departure. A clawback provision allows a departed owner to share in the proceeds of a later sale as if its shares were not previously sold.

From the remaining owner’s perspective, a clawback may be the final negotiated piece that convinced the departing partner to sell and that does not have an economic cost if there is no subsequent sale. If there is a subsequent sale, the clawback amount is paid by the buyer. Although the funds may come from proceeds otherwise payable to the remaining owner, hopefully the funds actually received from such sale will be sufficient to more than satisfy the owner.

Moreover, whether the sale price was fixed by prior contract or negotiated at the time of the sale, the value received by the departed owner may have been based primarily, if not exclusively, on the value of the business as a going concern with no consideration based on a potential sale. This is a common occurrence when the remaining owner states that he or she desires to continue to run the operation as a family business for the indefinite future and not with the purpose of selling to a competitor or other third party.

If there was a buy-sell provision included from the beginning of the partnership, the remaining equity owners will argue that the absence of a clawback provision in such instrument should be determinative that there should not be one added at a later time. This is not always a persuasive argument if there is no requirement to sell.

Once the decision is made to include a clawback provision in the sale document, there are many factors that should be considered in crafting such a provision.

• Whether the decision to separate the partners, causing the business to divert funds from operations to the buyout, is made by the remaining partner or the departing partner often influences the sale price, as well as determining whether a clawback is appropriate.
• Whether the departing partner was active in management or a passive investor. In the first instance, the departing owner claims his or her efforts contributed to the growth of the business and that the value of the contribution continues for a period post-sale. A passive investor may not be able to make a similar claim.
• Clawbacks may also be useful in the termination of contingent payments that form a part of many pay-out provisions. A future buyer may not want to continue contingent payments to former owners, particularly if such payments can’t be quantified or the terms of which may impact the buyer’s ability to change procedures in the acquired business. A clawback benefits the future buyer by allowing it to end the contingent payments for a fixed amount. The departed equity owner benefits by getting an earlier fixed payment, and the remaining owners have one less difficult issue to negotiate.
• Clawback provisions may last one year after the sale or for several years. I have utilized provisions that last up to 10 years, although ranges of three to five years are more common. An active partner involved for many years in a mature business (i.e., bakery or funeral home) with slow, steady growth will claim the clawback should continue for a longer period than a young, fast-growing business where the future efforts of active managers contribute to the future growth. There is a point where the claim of residual value expenses negates the rationale for a clawback to continue.
• Recognizing that the departed partners’ influence will diminish over time, it is not uncommon for the clawback percentage to decline over time. For example, if the second sale occurs within the first 12 months after the sale of the departed shareholder’s interest, such shareholder will receive the value for its equity as if no original sale had occurred. The percentage may decline to 50 percent of the value in the second and third years after the original sale and only 25 percent in years four and five. To illustrate, if a 30-percent owner of a business received $3 million to sell his or her interest in 2020 (representing a $10 million enterprise value), but less than a year later the business is sold for $15 million, then the former owner would receive an additional $1.5 million, representing 30 percent of the subsequent sale price less the $3 million already received. If the sale occurred in 2024, the former owner would receive only $375,000, or 25 percent of the differential.

By recognizing the value of clawbacks and drafting provisions that fit the unique facts of the situation, attorneys can ensure that fair value has been provided to the departed equity owner and that no additional funds will be expended by the remaining owners if no future sale occurs.

Last July, I wrote an article for where I argued that as a basic tenet of our profession, Canadian lawyers should be required to have a minimum understanding of technology, privacy, and cybersecurity in order to adequately service their clients. The same is true for lawyers in the U.S.

Regardless of whether there is a mandatory legal duty of technological competence required of lawyers by our law societies, arguably lawyers practicing law during this time of pandemic now have an even greater duty to understand and deploy the necessary technological measures and practices to protect client data from unwanted intrusion.

In Ontario, § 3.1.1. of the Rules of Professional Conduct sets out the various positive duties of competence that lawyers are supposed to possess. For example, a “competent lawyer” is a lawyer who has and applies relevant knowledge, skills, and attributes in a manner appropriate to each matter undertaken on behalf of a client, applying appropriate legal skills, pursuing appropriate professional development to maintain and enhance legal knowledge and skills, and adapting otherwise to changing professional requirements, standards, techniques, and practices.

Unfortunately, Canada currently lags behind the United States in recognizing this duty. As Massachusetts lawyer Robert J. Ambrogi notes in his excellent blog , the ABA formally approved a change to the Model Rules of Professional Conduct in 2012 to clarify that lawyers have a duty to be competent, not only in the law and its practice, but also in technology. By way of reminder, Model Rule 1.1 provides that “a lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation”.

Comment 8 to Model Rule 1.1 specifically requires U.S. attorneys to maintain technological competence as follows:

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.

To date, 38 U.S. states have adopted the duty of technological competence. While California has not formally adopted the change to its rules of professional conduct, Ambrogi notes that the state has issued an ethics opinion (State Bar of California Formal Opinion No. 2015-193) that expressly acknowledges a duty of lawyers to be competent in technology, i.e. requiring lawyers who represent clients in litigation either to be competent in e-discovery or associate with others who are competent. The opinion expressly cites the ABA’s Comment 8 and states:

Maintaining learning and skill consistent with an attorney’s duty of competence includes “keeping abreast of changes in the law and its practice, including the benefits and risks associated with technology.”

The global ascendance of COVID-19 has only spurred the activities of phishing, malware, and ransomware attacks. Rob , Corporate Vice President for  Microsoft 365 Security, reported in his April 8, 2019, blog that every country in the world has seen at least one COVID-19-themed attack, with China, the United States, and Russia being hit the hardest.

Given the heightened security risks of working during a pandemic, I believe more than ever that technological competence must be read into the “duties of competence” that all lawyers are “supposed to possess” today, even if some regulators haven’t caught up with this new reality.

What does technological competence look like for lawyers practicing during a pandemic?

First and foremost, lawyers must take steps to ensure they have in place reasonable measures to protect client data against unauthorized access. Technology that contains or is used to access client data should be hardened against the increased threat of third-party hackers and malware, using firewalls, encryption tools, appropriate up-to-date antivirus technology/URL threat protection, and other security software. Outdated legacy software should be shelved, free unsupported versions of software should no longer be used, and all security patches and updates received from vendors should be implemented in a timely fashion. Lawyers should only use dedicated VPNs and secured Wi-Fi to access critical networks.

Additionally, lawyers wishing to better protect their clients’ confidential information should consider the following tips:

(1) Zoom wisely. Videoconferencing has been a boon to organizations that have traditionally relied on face-to-face meetings to get things done. But as anyone following recent headlines regarding the vulnerabilities of video conferencing services can attest, it is not without privacy and security risks.

The Office of the Federal Privacy Commissioner in Canada recently provided a series of privacy tips for using videoconferencing services  The suggestions are both timely and useful for lawyers practicing anywhere.  For example the OPC recommends that users that sign up for a new account with a videoconferencing service should use unique passwords, not existing social media accounts, to sign into a new service. Meetings should be made private or only accessible to invited participants, and they should not be publicly posted to social media to prevent unwanted guests from joining. Disable features such as “join before host,” screen sharing, or file transfers to minimize the threat of “Zoombombing,” gate crashing, and other intrusions. Video conferencing calls should be protected with a password if possible, especially if the parties intend to discuss sensitive personal information. Each call should have its own password to prevent uninvited participants. Lawyers that host should consider disabling their participants’ ability to record the call.

Other helpful advice includes being careful about where one sits during the call, as background details can reveal a lot of information that you might not want to share. Anyone using a web browser for the video call should open a new window with no other browser tabs and close other applications to avoid inadvertently sharing notification pop-ups (e.g., incoming emails) with other participants and the videoconferencing service provider. Of course all personal home assistants (Alexa, Siri, Google Home, etc.), and smart speakers should be turned off during videoconference to avoid accidentally triggering the assistant and/or recording the call.

(2) Retain and Dispose of Confidential Information Securely. Now is not the time to discard highly sensitive client confidential information with your used coffee grounds and pet litter. Significant data breaches have occurred when documents containing personal information and health information were found tumbling around in alleyways and on city streets. Working from home does not mean that lawyers cease to have a duty to protect sensitive client data from prying eyes or other third party exposures. Sensitive information should be securely stored (whether in locked cabinets, boxes, or otherwise). Invest in a decent paper shredder and use it. Or save all of your confidential information until you can return it your office for secure disposal.

(3) Have adequate (and secure) backup. It’s critical for lawyers and their law firms to invest in the acquisition of professional backup, recovery, and restoration software, and to establish a relationship with a reputable backup/data recovery provider, so that if any confidential or client data is inadvertently lost, the organization can seek to recover such data with a minimum of panic and fuss. Law firms and lawyers should never rely on free backup software downloads to protect sensitive client data.

Not all backup and restore software is created equally. Lawyers should choose vendors whose software (i) can safely remove malware or other viruses, verify that the backups do not contain infections, and ensure that any restored files are clean to forestall additional infections; (ii) has two-factor authentication enabled to prevent credential theft, leading to unlawful access and deletion of backup data; and (iii) has the backup data stored on immutable storage media.

(4) Develop and Maintain Data/Cyber Breach Incident Response Plans. All law firms should ensure that they have a proper privacy/cybersecurity incident response plan in place. The plan should clearly identify the specific contact information for the individuals or committee initially tasked with investigating, containing, and managing the breach, as well as those charged with evaluating risk and handling mitigation.

If you do make a mistake and expose client data, you will need to know who to contact internally immediately in order to contain the risk and threat exposure promptly. It’s much too late to figure all of this out in the middle of the incident. To avoid the loss of valuable time, this incident response plan should be carefully crafted in advance and approved by firm management. All lawyers and staff should be made familiar with it. It’s also critical to have such a plan in place to forestall internal confusion that could lead to inadvertent disclosures of such incidents on social media or elsewhere.

It is worth reminding lawyers that law firms may have to comply with mandated time-sensitive reporting obligations to federal, provincial, or state privacy regulators, and potentially other regulators, individuals, and third party organizations, depending on the nature of the breach and the type and sensitivity of the data involved. Additional service providers, such as preferred cybersecurity experts, credit monitoring services, and media firms should also be chosen and retained in advance. Plans should be reviewed at least annually and updated as required to stay current and effective. Smaller firms and solo practitioners should adopt modified versions of these plans as relevant to them.

Regardless of whether lawyers are now formally obliged to check off one more box on their yearly state bar annual filing or other regulatory report, one may argue that all lawyers today already have a positive and meaningful duty of technological competence. Our clients deserve nothing less.

Lisa R. Lifshitz

The COVID-19 pandemic hit employers hard and fast—it caused employers to deal with loss of revenue, tough decisions about workforce and pay issues, and new laws and other guidelines that had to be analyzed and implemented quickly, with little time for planning or preparation. As states begin the process for what is hoped to be an eventual return to some sort of “new” normal, employers must be ready to recognize the risks, mitigate those risks, and be prepared to defend the actions and decisions they made in response to the COVID-19 pandemic. In the course of the next several months (and perhaps over the next several years), we anticipate employers will be faced with several types of employment lawsuits stemming from the COVID-19 pandemic.

Where are employers facing the most risk?

1. Families First Coronavirus Response Act (“FFCRA”)

In mid-March, Congress passed the FFCRA, which requires certain employers to provide paid sick leave or expanded family and medical leave to employees for several COVID-19-related issues. Specifically, under the paid sick leave provision of the FFCRA, an employee qualifies for paid sick leave if the employee is unable to work (or unable to telework) and the employee fits within any of the following qualifying reasons:

1. Is subject to a federal, state, or local quarantine or isolation order related to COVID-19;
2. Has been advised by a health care provider to self-quarantine related to COVID-19;
3. Is experiencing COVID-19 symptoms and is seeking a medical diagnosis;
4. Is caring for an individual subject to an order described in (a) or self-quarantine as described in (b);
5. Is caring for a child whose school or place of care is closed (or childcare provider is unavailable) for reasons related to COVID-19; or
6. Is experiencing any other substantially similar condition specified by the Secretary of Health and Human Services, in consultation with the Secretaries of Labor and Treasury.

Under the expanded family and medical leave provision of the FFCRA, an employee qualifies for additional leave if the employee is caring for a child whose school or place of care is closed (or childcare provider is unavailable) for reasons related to COVID-19.

As with any new employment law, it is likely that employers will face lawsuits alleging they failed to meet their obligations under the FFCRA, particularly in regard to the issues of determining eligibility of their workers for paid leave and paying leave in the required manner and at the required rate.

Additionally, even if an employer administers paid leave under the FFCRA in an accurate manner, it is likely employers will face lawsuits alleging they retaliated against employees who requested and/or took paid leave.

2. OSHA and Other Safety Claims

As states begin to allow businesses to reopen, several state and local governmental bodies have developed guidelines and protocols that all employers are required to follow, with many additional requirements for some industry-specific businesses. These guidelines and protocols often are very detailed and onerous on employers. In addition to state and local guidelines and protocols, the CDC, OSHA, and other entities likewise have distributed materials regarding safety measures that employers should be taking in light of the ongoing COVID-19 pandemic. Many of the guidelines and protocols have changed over time as the medical community has learned more about the COVID-19 virus and the ways in which the virus can be spread.

It is very likely employers will see an increase in state and local government enforcement actions and OSHA enforcement actions in situations where the employer is not following the numerous required safety guidelines and protocols that are applicable to its business and/or in situations where an employee makes a complaint alleging the employer is not doing enough to protect employee safety. Likewise, in situations where an employee contracts COVID-19 and believes they were exposed to the virus at work, employers likely will be faced with workers’ compensation claims, and perhaps even deliberate intent type claims in some situations.

3. Wage and Hour Claims

Under the Fair Labor Standards Act and state law equivalents, employers are required to pay non-exempt, hourly employees a set minimum wage for every hour worked, as well as overtime pay for any hours worked in excess of 40 per week.

During the course of the COVID-19 pandemic, many states have required that employers allow employees to work from home to the maximum extent possible. As employers took steps to allow employees to work from home, they were left with little means to track employees’ work hours and little ability to monitor whether employees were sticking to their regular work schedules. Such inability to track hours might lead to costly wage payment claims and perhaps even class actions alleging that employees were shorted for hours worked from home.

Additionally, the move to telework may have forced some employees to buy equipment or personal devices for work. The FLSA requires businesses to reimburse employees when expenses push them below minimum wage. Accordingly, some employers may be responsible for some of these costs.

Finally, as employees are allowed to return to physical work, many employers are following federal, state, and local guidelines requesting or requiring employers to implement new safety measures (such as temperature checks, cleaning of personal protective equipment, and responding to questionnaires about medical conditions). Employers need to be aware that they are responsible for paying employees for time spent under their control and these new safety procedures might be alleged to fit within such responsibility. As a best practice, employers should plan on paying employees for the additional time spent by the employees in complying with any new safety measures implemented by the employer.

4. Lawsuits Related to Layoff, Furlough, and Separation

Under the federal Work Adjustment Retraining Notification Act (“WARN Act”), employers with 100 or more employees are required to give at least 60 days’ notice before closing or laying off a certain number of employees. If an employer misses this window, it may have to provide employees with back pay, plus penalties.

In situations where employers were forced into making mass reductions in force due to a sudden loss of business related to the COVID-19 pandemic, we anticipate employees may allege a violation of the WARN Act. Fortunately for employers, not all sudden layoffs violate the WARN Act. For example, under the WARN Act, a business that shuts down due to “unforeseeable” business circumstances is not liable, and the COVID-19 pandemic may fit within this exception. Additionally, generally, a WARN Notice is not required for a temporary layoff that is expected to be less than six months, thereby providing many employers an additional WARN claim defense.

Additionally, we anticipate employers will be faced with disparate treatment discrimination and retaliation lawsuits in regard to any layoff, furlough, or separation decisions made due to the COVID-19 pandemic should an individual feel that they were selected for layoff or separation based upon a protected characteristic and/or based upon a protected complaint made in the workplace. Likewise, employers should anticipate being faced with disparate impact discrimination lawsuits if the adverse employment decision disproportionately impacted a protected class, even if the employer did not intentionally discriminate.

5. Disability Discrimination Claims

As employees are being asked to transition back to in-person work, some employees may be reluctant to return due to a fear of contracting COVID-19, particularly if the employee has a medical condition that makes them more susceptible to COVID-19. If an employer requires the employees to return to work, the employer may be faced with a failure to accommodate the disability discrimination claim.

Under the Americans with Disabilities Act, and state law equivalents, an employee with a serious health condition has the right to request a “reasonable accommodation” allowing them to perform the essential functions of the job. We anticipate many employees who were allowed to work from home during the height of the COVID-19 pandemic might request to continue to be allowed to do so as a reasonable accommodation for the employee’s disability. Depending on the circumstances, which will need to be accessed on a case-by-case basis, it is possible an employer will need to allow an employee that fits within a disability protected class to continue to work from home, even after the majority of the workforce returns to in-person work.

Employers also should be on the lookout for newly enacted state or local laws that provide extra protections to employees who fit within a class that makes them more susceptible to COVID-19 or risk running afoul of such new legal requirements.

What are employers to do?

This is a complex and ever-changing environment. It is important for employers to understand employment litigation trends in order to best plan to mitigate problems. It is critical to make sure the right policies and procedures are in place (updated accommodation procedures, compliant wage and hour protocols, a fully vetted layoff process, a robust return to work playbook, and so on). Although there is no way to completely eliminate the risk of litigation, complying with best practices now will certainly pay off in the long run.

The COVID-19 pandemic and the drastic measures taken in an effort to mitigate its adverse impact have sent shock waves throughout the US and global financial systems. COVID-19 and related measures including travel bans, shelter-in-place orders and widespread business closures have caused precipitous changes in customer spending and demand, supply chain disruptions, sharp declines in revenue, and other operational issues across a wide range of economic sectors. Businesses worldwide now confront unprecedented and mounting challenges and distress.

As in prior periods of economic distress, vanishing earnings and cash flows, as well as crunched credit and equity markets, are leading to payment and covenant defaults under debt obligations. In an attempt to stem the rising tide of defaults, the US government has committed trillions of dollars in business stimulus programs intended to provide liquidity and maintain the flow of credit to companies and individuals affected by the COVID-19 pandemic. However, for a significant number of businesses, such aid is proving insufficient to weather the current economic storm. Consequently, lenders and landlords are coping with a deluge of requests from borrowers and tenants for forbearance arrangements, waivers, and amendments to existing facilities.

This increasing economic turmoil will undoubtedly result in a dramatic rise in bankruptcy filings over the coming months and a concurrent increase in distressed M&A activity, including asset sales under Section 363 (“Section 363”) of the United States Bankruptcy Code (the “Bankruptcy Code”). For many strategic purchasers and private equity firms with relatively strong cash positions, the new wave of Section 363 auctions will present significant opportunities to purchase assets at discounted prices. Section 363 sales also offer purchasers protections that are generally not available outside of a bankruptcy context.

This update provides an overview of the Section 363 sales process and outlines key advantages and risks for prospective purchasers in distressed asset sales under Section 363, including COVID-19-specific implications.

Section 363 Sale Process

A typical Section 363 sale process begins with the debtor’s professional advisors (i.e. investment bankers, brokers, and/or consultants) marketing the target assets to potential purchasers to identify a “stalking horse bidder”—the bidder submitting the highest and best initial bid. The stalking horse bid sets the floor price for the assets to be sold at a subsequent bankruptcy auction.

The timing of execution of the stalking horse asset purchase agreement (“APA”) and auction bid procedures varies. Large publically traded companies usually attempt to finalize the stalking horse APA and bid procedures prior to filing for bankruptcy protection, whereas middle market companies often undertake some of these steps after the bankruptcy filing. It is not uncommon for small companies to file for bankruptcy protection and seek approval of bid procedures prior to identification of a stalking horse bidder. Regardless, the debtor must provide creditors with 21 days’ advance notice of the bankruptcy court hearing seeking approval of the stalking horse APA, the bid procedures, and the sale process. If creditors or other parties-in-interest object during the notice period, the bankruptcy court will decide whether the contemplated sale is in the debtor’s best interest.

Following bankruptcy court approval of the bid procedures, the debtor’s professional advisors will solicit higher and better offers. To the extent the debtor receives competing bids that satisfy all requirements, the debtor’s professional advisors or the bankruptcy court will conduct a formal auction. After completion of the auction, the debtor will seek bankruptcy court approval of the sale to the winning bidder. As part of the approval process, all the transaction documents are submitted to the bankruptcy court for review and approval. The sale transaction typically closes shortly following entry of the bankruptcy court’s sale order and the expiration of any applicable stay period. Moreover, to the extent that the bankruptcy court makes a finding that the successful bidder at the auction is a good faith purchaser, any appeal seeking to challenge the sale is statutorily moot.

There are both pros and cons to acting as the stalking horse bidder. Key among the potential disadvantages is that, after being selected in the initial auction process as the winning bidder, and investing significant time, effort, and money in diligence and purchase agreement negotiations, the stalking horse bidder may be outbid by higher and better offers at the public auction stage of the process prior to the bankruptcy court’s approval of the sale. Some potential purchasers accordingly will prefer to refrain from participating in the process until the bankruptcy auction stage and make a topping bid, piggybacking on the efforts of the stalking horse (though a purchaser that decides to “wait and see” will bear risks associated with a less thorough diligence investigation).

In terms of benefits, as noted above, the stalking horse’s bid will set the floor price, and the debtor and the stalking horse bidder will negotiate the terms of the APA, which will then serve as the standard form of APA that other bidders may be required to conform their offers to when submitting bids. The stalking horse bidder will also have a role in negotiating the bankruptcy bid procedures which will set the timelines for the auction schedule, including marketing, due diligence, and bid deadlines (often 60 to 90 days after bankruptcy court approval of the bid procedures). Stalking horse bidders are often able to negotiate break-up fees (commonly between 2% and 3% of the transaction value) to cover anticipated due diligence and professional fee expenses in the event that the stalking horse bidder is not the successful bidder at auction and overbid amounts. Stalking horse bidders also have more time to complete due diligence than potential purchasers who wait to engage a debtor until formal bid procedures are established.

Advantages of Section 363 Sales

While Section 363 sales require compliance with the formalities of the bankruptcy process and can be more time intensive and costly than non-bankruptcy sale transactions, asset sales under Section 363 provide significant advantages and protections that are not otherwise available to purchasers outside of the bankruptcy context.

One key attractive feature of Section 363 sales for purchasers is that, with limited exceptions, the purchaser can acquire the assets of the business “free and clear” of liens, claims, and encumbrances, and, in some instances, creditors can be enjoined from asserting successor liability claims against the purchaser. Further, to the extent that a creditor attempts to assert claims against a Section 363 sale purchaser, the purchaser may be able seek protection from the bankruptcy court. The ability to purchase assets “free and clear” may prove extremely attractive to potential purchasers in the COVID-19 market who are faced with an entirely new set of diligence risks and a myriad of actual and potential impacts that the pandemic has had and may have on the assets or business subject to the sale. Moreover, COVID-19 quarantine orders, travel restrictions, and social distancing protocols will further impair the ability of potential purchasers to conduct due diligence. Potential purchasers should begin exploring new methods and processes for conducting efficient and comprehensive legal and financial diligence investigations of likely targets.

In addition, sales by a corporation of all or substantially all of its assets, when accomplished outside of bankruptcy, necessitate majority stockholder approval, whereas stockholder consents to a sale are not required in the Section 363 context, although stockholder approvals of the bankruptcy filing may be required under the corporation’s charter or other contractual arrangements.

Further, asset sales outside of the bankruptcy context generally require a number of contractual counterparty consents, which may be even more difficult to obtain while third parties are displaced due to office closures and addressing their own business needs in the face of COVID-19.¹ In contrast, purchasers of assets pursuant to Section 363 sales are able to take assignment of most executory contracts and unexpired leases pursuant to Section 365 of the Bankruptcy Code notwithstanding most contractual restrictions on assignment. This is a significant differentiator because purchasers in private M&A and other non-bankruptcy transactions cannot compel contractual counterparties (including customers, suppliers, and lease parties) to consent to the assignment of contracts and leases, thus forcing purchasers into a series of one-off negotiations that can be costly and time-consuming. Likewise, debtors and purchasers in Section 363 sales are able to negotiate the rejection of burdensome contracts.² The ability to “cherry pick” contracts with favorable terms and reject contracts for which better terms can be obtained will be particularly valuable to many purchasers in light of current market upheaval.

Purchasers of assets in the Section 363 sale context are also protected from fraudulent conveyance claims by creditors (i.e., claims that the sale was made with an intent to hinder, delay, or defraud creditors, or for less than “reasonably equivalent value”).³ Whereas, purchasers of assets in private M&A transactions, particularly those involving distressed assets, face greater risks from fraudulent transfer claims, which, whether or not successful, can be costly for purchasers as a result of litigation- and settlement-related expenses. Parties in the private M&A context can obtain solvency opinions (if applicable) and fairness opinions to help mitigate the risk of fraudulent conveyance claims, but these alternatives are not as protective as a bankruptcy court order approving a Section 363 sale.

Purchasers of assets in private M&A and other non-bankruptcy transactions also face heightened risk in that the underlying purchase agreement, or related contracts, such as transition services agreements, could be rejected in a pre- or post-closing bankruptcy, leaving the purchaser with an unsecured claim for damages in respect of unfulfilled obligations—a fate that can be prevented with a Section 363 sale. Similarly, post-closing purchase price adjustment and similar payments contracted for in a non-bankruptcy sale context may be subject to clawback in a subsequent bankruptcy filing. Particularly for purchasers concerned about the solvency of the seller and the impact that the rejection of transaction agreements containing seller obligations would have on the value of the acquired assets, these are significant risks that make the Section 363 sale process an attractive alternative to private acquisitions of distressed assets outside of the bankruptcy context.

Finally, the bankruptcy automatic stay helps protect the going concern value of the target by preventing a counterparty from terminating contracts essential to the operation of the business.

Disadvantages of Section 363 Sales

Although Section 363 sales offer many protections to distressed asset acquirers, potential purchasers and sellers should be aware of attendant drawbacks as well, including new COVID-19 related considerations.

For example, a number of contractual protections that a purchaser typically obtains in a private non-bankruptcy driven M&A transaction are unavailable or significantly limited in Section 363 sales (and other distressed transactions involving a seller in the zone of insolvency). For instance, in a Section 363 sale, assets are often sold “as is, where is,” and asset purchase agreements contain a significantly scaled back set of representations and warranties, which usually terminate at closing. Though representations and warranties (“R&W”) insurance can help bridge this gap, such coverage may not cover COVID-19 issues, as most R&W insurers have begun stipulating at least some degree of exclusion relating to COVID-19 exposures.⁴

Section 363 sale purchasers also typically have limited indemnification rights with little or no escrow holdbacks (and only to the extent approved by the bankruptcy court). While R&W insurance can blunt to some extent the limited indemnification, it will not provide coverage for “known” or otherwise disclosed potential liabilities. Due to the relative lack of post-close remedies for a purchaser in a Section 363 sale, even greater stress is placed on the purchaser’s due diligence investigation to uncover issues which can be priced into their offer prior to signing an APA. Further, APAs in Section 363 sale transactions typically contain few closing conditions beyond certain regulatory⁵ or licensing approvals, so purchasers have much less wiggle room to attempt to walk away from a deal post-signing. Moreover, purchasers in Section 363 sales typically must pay all cash at closing, thus preventing the use of deferred/contingent consideration or earnouts. In addition, the existence and terms of a Section 363 APA and transaction are made public, which can result in an unwanted spotlight on a purchaser and the distressed nature of the target business (though perhaps less of a reputational hazard in the current economic environment given that so many businesses are similarly situated).

Another key reason that potential purchasers may prefer a private sale outside of bankruptcy to a Section 363 sale process is the heightened execution risk inherent in the Section 363 sale context, including risk as a result of stakeholder and other third party challenges and interference in the process which can significantly delay and negatively impact the value of the transaction.

Although bankruptcy courts generally have remained open during the COVID-19 crisis (as discussed here), transaction parties must adapt to the new normal of telephonic and/or video conference hearings, as many bankruptcy courts have suspended in-person hearings for health and safety reasons. Moreover, bankruptcy courts have greatly reduced evidentiary hearings. These changes have impacted the efficiency of bankruptcy courts and may result in backlogs when bankruptcy courts resume normal operations. Further, the expected increase in bankruptcy filings across all industries and sectors of the economy will likely result in additional backlog. As such, M&A participants in Section 363 sales should expect to encounter at least somewhat costlier and lengthier sale processes as compared to pre-COVID-19 scenarios. For some purchasers and sellers, the potential delays may necessitate additional consideration of out-of-bankruptcy alternatives given the need for expediency to preserve going concern value of a “melting ice cube.” It remains to be seen what other changes to the Section 363 sale process may lie in store in light of the COVID-19 pandemic.

Conclusion

In the new economic reality brought on by the COVID-19 pandemic, businesses are facing unprecedented challenges, and many will seek bankruptcy protection. For capital-rich purchasers, Section 363 sales inevitably will present interesting opportunities to acquire attractive assets at significantly reduced valuations. While potential purchasers will want to consider the range of available acquisition strategies (including out-of-court asset sales, Article 9 sales, sales following an assignment for the benefit of creditors, and sales pursuant to a Chapter 11 plan of reorganization) with their professional advisors, the Section 363 option can certainly offer value to purchasers.

¹ Given the widespread economic distress caused by COVID-19, however, counterparties may be more inclined to provide consents if doing so could enhance the value to be obtained by them through the sale or preserve a beneficial contractual relationship that might otherwise be rejected if the seller files for bankruptcy.
² Exceptions include contracts pursuant to which the non-debtor counterparty would, under applicable non-bankruptcy law, be excused from accepting performance from a person or entity other than the debtor, including personal service contracts and government contracts. Note also that, based on recent US Supreme Court case law, a third party’s continued right to use licensed intellectual property may survive a debtor’s rejection of a trademark license.
³ The statutes of limitations on fraudulent conveyance claims can be as long as six years and can be extended even longer by subsequent bankruptcy filings.
⁴ Bill Monat, The impact of COVID-19 on representations & warranties insurance coverage: Transactional insurance solutions update, (April 16, 2020) https://www.willistowerswatson.com/en-US/Insights/2020/04/the-impact-of-covid-19-on-representations-and-warranties-insurance-coverage (last visited April 28, 2020).
⁵ Of note, the waiting period for Hart Scott Rodino Act filings is shortened to 15 days (from the usual 30 days) in the Section 363 sale context.

Many things will never be the same after the COVID-19 affliction. More and more employees will spend less and less time at an office. As more employees work remotely, they will use more technologies to connect and collaborate, and they will store more company information in the Cloud and on various home devices with a range of setups and vulnerabilities. Bad actors, cyberthieves, and hackers will undoubtedly have greater luck exploiting the resulting chinks in the information security armor. Indeed, hackers and cyberwarriors began attacking the soft underbelly of corporate security—the devices employees use (sometimes their own and sometimes provided by the company) and the networks on which they connect—right after COVID-19 hit. Businesses must have a concrete plan to deal with these new realities and become more “information lean.”
This new environment is also accelerating digitalization, which is building better business processes through strategic use of technologies. That is important because it provides companies the opportunity to reevaluate what they are doing and why. Shifting through old processes allows not only new efficiencies to emerge, but also the chance to build compliance needs processes from the beginning, which can make them transparent and seamless. In other words, addressing issues such as privacy and security in planning and design phases of a project means it will not need to be retrofitted downstream.
The article will reveal some essential truths about the new reality for businesses after COVID-19 and the concrete planning required to become information lean.

The Truth About Home Workers

Employees prefer their own devices, so even if policy prohibits it, company information finds its way onto personal devices, which implicates privacy and security issues. The security protections in a personal environment tend to be less robust than in the corporate setting or in the Cloud. Thus, although home workers may limit a company’s computer and office expenses, they present different security challenges.

The Truth About Information Piles

Information volumes have been growing every year for many decades and will not stop growing unless something or someone intervenes. That is not happening very often in most big businesses. Piles tend to be ill-managed or not managed at all, and tend to mix important with unimportant information. That makes environments like the shared drive the perfect target of hackers because employees store all kinds of information there, including information that may have substantial value to the company like intellectual property. When it comes to information piles, the more information and the more locations, the greater the privacy and security risk. Competing interests (like Big Data proponents) inside any given company that will want more information for longer periods of time must be addressed.

The Truth About Security and Privacy

Information security has become a core business activity that requires resources, expertise, and vigilance. No matter how much money and effort you throw at securing information, hackers will be successful from time to time. So, information security is really about seeking to minimize the pain and harm exacted on the company.

The Truth About How Companies Got “Information Chunky”

Most businesses are keeping too much information, and some are keeping everything. The law of diminishing returns applies to information to the extent that there is so much that litigation response becomes a huge headache and significant expense. Lawyers are to blame in part for that reality. With the advent of electronic discovery, lawyers over-preserved because they thought it was the conservative position and did not want to be responsible for destruction of evidence. Once information was on legal hold, it often remained on legal hold. Unwinding the “preserve everything” approach to litigation response is challenging, especially if a company has lots of litigation. However, bad habits and over-retention must stop, and lawyers will be central in taking on this issue.

Remember Goldilocks to Become Information Lean

Most privacy laws and regulations make clear that less is more when it comes to privacy. That means keeping as little as possible for as short as necessary. In the case of the GDPR (the EU privacy directive), information must be retained no longer than its original intended purpose, but as short as possible to run the business and comply with the law.
In addition, although Big Data and analytics folks might want more data for longer, there are several important compliance and business drivers that militate in favor of keeping less. For the most part, information value goes down rather quickly after it is created and used, so keeping everything forever is bad business. The following chart helps explain the declining value of information over time while risk increases.

Moreover, as the piles grow, so does the challenge of protecting the growing volume of information because growth usually means more applications, more storage locations, and thus more ways for the bad guys to exploit information assets. Costs of storing more information make the overall costs go up, even if the storage unit costs go down over time. The volume increase and overall increase in cost is not to be ignored because someone fallaciously asserted that “storage is cheap.” Big companies may be spending hundreds of millions of dollars to store their information.

The take-away from the children’s tale Goldilocks and the Three Bears is simple: find the right bowl of porridge to eat and the right bed to sleep in. In other words, this pile of information is too big, and that pile of information is too small, but this pile is just right. Businesses must strive to be information lean by not keeping too much or too little. The Cloud helps and hinders in this regard. On the one hand, the Cloud has infinite scalability, which lets companies keep just what they need and not overbuild underutilized infrastructure. On the other hand, the Cloud has infinite scalability, and human nature (packratitis) and business pressures (Cloud providers want maximum revenue and stickiness by having as much of your company information stored there as possible) promote over-retention of information.

12-Month Plan to Be Leaner

What follows is a basic, pragmatic plan to become information lean in a post-COVID-19 world where more employees are working from home and company information is more exposed than ever before.

In this new reality, businesses must be more information-security minded and vigilant, more privacy-centric, and much more protective of their intellectual property. All that begins with being information lean.

In December 2018, the Delaware Court of Chancery issued an opinion holding that federal-forum charter provisions—those that require plaintiffs to bring actions under the federal securities laws in federal court and not in state court—are “ineffective and invalid.”* Sciabacucchi v. Salzberg, 2018 Del. Ch. LEXIS 578 (Del. Ch. Dec. 19, 2018). At that time I wrote: “Assuming that Sciabacucchi is not reversed on appeal, Delaware law allows Delaware corporations to adopt forum selection bylaws or charter provisions governing actions related to the internal affairs of the corporation, but does not allow Delaware corporations to adopt federal-forum provisions governing federal securities law claims.” https://blog.hfk.law/sciabacucchi/ Sciabacucchi has now been reversed by the Delaware Supreme Court. Salzberg v. Sciabacucchi, 2020 Del. LEXIS 100 (Del. Mar. 18, 2020).

A typical federal-forum provision in a certificate of incorporation states that “the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act of 1933.” The Securities Act of 1933, or the ’33 Act, requires companies offering securities to the public “to make full and fair disclosure of relevant information” by filing registration statements with the United States Securities and Exchange Commission (SEC). The ’33 Act created private causes of action for investors and provided that those claims could be brought in state or federal court. 

The Delaware Supreme Court found that federal-forum charter provisions “can survive a facial challenge under our law.” The high court rejected the Court of Chancery’s conclusion that “constitutive documents of a Delaware corporation cannot bind a plaintiff to a particular forum when the claim does not involve rights or relationships that were established by or under Delaware’s corporate law.”

The Delaware Supreme Court began its analysis with section 102 of the Delaware General Corporation Law (DGCL), which governs matters that may be included in a certificate of incorporation. Section 102(b)(1) of the DGCL allows two types of provisions:

any provision for the management of the business and for the conduct of the affairs of the corporation,

and

any provision creating, defining, limiting and regulating the powers of the corporation, the directors, and the stockholders, or any class of the stockholders, . . . if such provisions are not contrary to the laws of this State.

The court found that a federal-forum provision “could easily fall within either of these broad categories, and thus, is facially valid”:

The drafting, reviewing, and filing of registration statements by a corporation and its directors is an important aspect of a corporation’s management of its business and affairs and of its relationship with its stockholders.

Thus, federal-forum provisions are permissible under both parts of section 102(b)(1) as to the management of the business and affairs of the corporation and as to its relationship with its stockholders.

The court found that federal-forum provisions “can provide a corporation with certain efficiencies in managing the procedural aspects of securities litigation.” When multiple actions are filed in federal and state court, there is no procedural mechanism for consolidating the cases in a single court, resulting in possible inconsistent rulings and other “costs and inefficiencies.” Federal-forum provisions reduce those effects by requiring all actions to be brought in federal court, where they can be transferred to one jurisdiction and consolidated, or can be handled as a single, multidistrict litigation.

The court based its holding that federal-forum provisions are permissible on Cyan, Inc. v. Beaver County Employees Retirement Fund, 138 S. Ct. 1061 (2018), in which the U.S Supreme Court held that class actions based on federal securities laws can be brought in either federal or state court (and cannot be removed to federal court when brought in state court). After Cyan, state-court filings of class actions under federal securities laws “escalated,” with 55 percent more cases filed in state court than in federal court in 2019.

In 2015, the Delaware General Assembly adopted a new section 115 of the DGCL, providing that a Delaware corporation’s charter or bylaws may require “internal corporate claims” to be brought in Delaware courts. The term “internal corporate claims” was defined to include (but was not necessarily limited to) claims of breach of fiduciary duty and claims based on the DGCL. In Sciabacucchi, the Court of Chancery found that federal securities law claims were “external” claims, that section 115 said nothing about external claims, and that it was “understood” that corporate documents could not be used to regulate external claims. The Delaware Supreme Court disagreed, noting that the synopsis to the bill introducing the new section 115 stated that the statute was “not intended to authorize a provision that purports to foreclose suit in a federal court based on federal jurisdiction.” However, federal-forum provisions “do not foreclose suits in federal court”; to the contrary, they direct federal claims to be filed in federal courts. Therefore, federal forum provisions are not inconsistent with section 115.

The appellees argued that section 115 implicitly limited the scope of section 102(b)(1) so as to exclude federal-forum provisions from certificates of incorporation. The Delaware Supreme Court rejected that argument, finding that section 102(b)(1) is “clear and unambiguous” and “does not incorporate Section 115.” The court also found that there is no “irreconcilable conflict” between section 115 and section 102(b)(1) that would cause section 115 to supersede or alter the earlier section. The court harmonized the two sections, finding that section 115 “simply clarifies that for certain claims, Delaware courts may be the only forum, but they cannot be excluded as a forum.”

The Court of Chancery found that federal securities law claims are “external” and therefore cannot be regulated by a certificate of incorporation because “[t]he cause of action does not arise out of or relate to the ownership of the share, but rather from the purchase of the share.” The Delaware Supreme Court rejected that argument too, finding that not all federal securities law claims arise from the purchase rather than the ownership of shares, that existing stockholders can assert such claims, and that other provisions the DGCL “address[] a number of situations involving the purchase or transfer of shares.” The court found that although securities law claims are not concerned with the “internal affairs” of Delaware corporations, neither are they “external.” Instead, such claims are in an “Outer Band” of “intra-corporate” matters covered by section 102(b)(1) of the DGCL but not within the internal affairs of the corporation.

The Delaware Supreme Court embraced the U.S. Supreme Court’s definition of “internal affairs” as matters “peculiar to the relationships among or between the corporation and its current officers, directors, and shareholders.” Edgar v. MITE Corp., 457 U.S. 624, 645 (1982). However, the Delaware Supreme Court found that section 102(b)(1) allows a certificate of incorporation to regulate matters located in the Outer Band of intra-corporate matters beyond internal affairs. This regulation of Outer Band matters does not violate federal law because the U.S. Supreme Court has held that federal law “has no objection to provisions that preclude state litigation of Securities Act claims” (citing Rodriquez de Quijas v. Shearson/American Express, Inc., 490 U.S. 477 (1989)).

Finally, the Delaware Supreme Court found that federal-forum provisions do not “offend principles of horizontal sovereignty” among states, largely because although states are limited in their ability to enact substantive laws that affect other states, forum-selection provisions govern only procedural and not substantive matters. They “regulate where stockholders may file suit, not whether the stockholder may file suit or the kind of remedy that the stockholder may obtain on behalf of herself or the corporation” (quoting Edgar, 457 U.S. at 951–52). As such, they do not “offend sister states [or] exceed the inherent limits of the State’s power.”

The Delaware Supreme Court also noted that federal-forum provisions are less restrictive than Delaware forum provisions because the latter may require stockholder plaintiffs to bring suit far from their home jurisdictions, whereas federal-forum provisions could allow suits to be brought in federal court in any jurisdiction. Nonetheless, combining a Delaware forum charter provision with a federal-forum provision would limit federal securities law claims to the U.S. District Court for the District of Delaware.

Writing in December 2018, I suggested that Delaware corporations should adopt Delaware forum provisions in their certificates of incorporation, but that they could not adopt federal-forum provisions. Now, after the Delaware Supreme Court’s decision in Salzberg v. Sciabacucchi, Delaware corporations can—and should—do both.

*  James G. (Jay) McMillan is a partner in the Wilmington, Delaware office of Halloran Farkas + Kittila LLP. He concentrates his practice in complex corporate and commercial matters, with a particular focus on litigation in the Delaware Court of Chancery.