Less than two decades ago, “the concept of supply chain transparency was virtually unknown” and it was commonplace for managers to be unaware of a supplier only two steps upstream in the production process.^[1] This narrow approach to global production, where companies were only conscious of their direct suppliers, has gradually been replaced as consumers and regulators demand companies widen their purview into their operations. Two new proposed laws may force companies in the US and EU to provide unprecedented transparency into their production partnerships and account for impacts incurred throughout their supply chain. Never has it been more important to “Know-Your-Supply-Chain.”

In January, two members of the New York State government, backed by a coalition of fashion and sustainability non-profits, unveiled the Fashion Sustainability and Social Accountability Act (or “Fashion Act”). If passed, this law would make New York the first state to “effectively hold the biggest brands in fashion to account for their role in climate change.”^[2] The Fashion Act does not only pertain to climate impacts but also seeks to address ethical sourcing and due diligence in supply chains. Similar legislation with broader implications has been proposed in Europe—a year prior to the announcement of the Fashion Act, the European Union unveiled its directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence (the “EU Directive”).

Recent legislation governing the fashion industry in the US tells a story of ad hoc protections: California’s Garment Worker Protection Act and Federal Uyghur Forced Labor Prevention Act were designed to address specific labor-related concerns. In the absence of comprehensive regulations, companies have been tasked with addressing Environmental, Social, and Governance (ESG) matters independently.^[3] While a number of EU Member States, notably France and Germany, have implemented targeted laws relating to modern slavery and human rights, these, similarly, do not address the larger social and environmental impacts of the apparel sector.^{[4], [5]}

Both the Fashion Act and the EU Directive aim to be more comprehensive, acknowledging gaps in existing regulation while focusing on the risks that stem from suppliers and third-party vendors. Lawmakers on both sides of the Atlantic are finally acknowledging complexities of global supply chains, and for the first time holding companies accountable for the environmental and societal impacts at each stage of the production process, even in segments that are not under their direct control.

The Fashion Act would apply to apparel and footwear companies operating in New York State with global revenues of at least $100 million. These companies would be required to map a minimum of 50% of their supply chain and, importantly, to identify where in this chain the largest social and environmental impact is made. Companies which fail to adhere to these disclosure requirements could face fines of up to 2% of annual revenue over $450 million, which will be paid to a community fund administered by the New York Department of Environmental Conservation. The Fashion Act also provides for the creation of a public list of noncompliant companies to be published by the New York Attorney General’s office.

Similarly, the goal of the EU Directive is to address the fragmentation of regulations in the region. Until now, as in the US, there has been a lack of harmonization between legal frameworks, and countries have been tasked with developing their own guidelines. For example, the Corporate Duty of Vigilance Law was adopted by France’s Parliament in 2017 and applies to companies with more than 5,000 employees operating in the country.^[6] But other EU Member States have not developed national rules related to corporate sustainability, including Finland, Austria, and Belgium.^[7]

In comparison to the Fashion Act, the EU Directive applies more broadly, though the requirements are currently opaque. Specifically, the EU Directive applies to all EU companies with more than 500 employees and turnover of €150 million (approximately $163 million), unless the company is involved in an industry where the risk of exploitation is higher, like fashion or agriculture, in which case it applies to companies with more than 250 employees and turnover of €40 million (approximately $43.5 million). The EU Directive asks companies to integrate due diligence procedures to identify adverse human rights and environmental impacts and develop programs to monitor the effectiveness of those procedures. Companies will also be mandated to establish a procedure for processing complaints, and “publicly communicate due diligence.”

Compliance with the EU Directive will be overseen by national administrative bodies appointed by EU Member States. Penalties for noncompliance appear more severe than those laid out in the Fashion Act, and include fines, exclusion from public tendering and procurement opportunities, import bans, and other administrative sanctions or civil liabilities.

The differences between the two pieces of legislation highlight some of the challenges in defining and developing rules when it comes to ESG. The scope of the EU Directive, for example, is larger and more encompassing, applying to companies both inside and outside the fashion industry. In contrast with the Fashion Act, the EU Directive does not specify the standards it seeks to protect, instead referencing international treaties like the Paris Agreement, the Universal Declaration of Human Rights, and International Labour Organization’s core conventions.^[8] This means that “companies must take appropriate measures to prevent, end or mitigate impacts on the rights and prohibitions included in international human rights agreements, for example, regarding workers’ access to adequate food, clothing, and water and sanitation in the workplace” and are required to take measures to “prevent, end or mitigate negative environmental impacts that run contrary to a number of multilateral environmental conventions.”^[9] The EU Directive does not explicitly entail a mapping component, but it can be argued that adherence with the terms of the Directive will require at least some mapping by covered companies.

Both the Fashion Act and the EU Directive are likely at least a year away from implementation. Currently, the Fashion Act is with the New York Senate’s Consumer Protection Committee, but it must pass both houses of the state’s legislature and be signed by the Governor before becoming law. Similarly, the EU Directive is currently circulating as a draft and still needs to be approved by the European Parliament and the European Council. This gives companies time to implement new controls in expectation of these laws’ passage so that they are not scrambling to remain in compliance with complex due diligence and disclosure requirements. Businesses affected by either or both of these proposed laws should begin developing third-party due diligence programs that incorporate three important components: supply chain transparency, identification and management of country and sector risks, and monitoring through data analytics.

Beginning to enact these programs now will be critical as once the Fashion Act is signed into law, companies will have only one year to satisfy the mapping mandates and 18 months to meet the disclosure requirements. It is unclear what the implementation timeframe looks like for the EU Directive, but it is expected that the Directive will be adopted in late 2022 or early 2023. Typically, countries have up to two years to transpose EU directives into national law, which means companies could see binding legislation enter into force as early as 2023.^[10]

In a deeply interconnected world, unknown risks within a firm’s global supply chain or network partnerships can hinder even the best-intentioned internal ESG strategies and lead to legal and regulatory ramifications due to evolving rules regarding labor conditions, corruption, and environmental protections. In this way, both the Fashion Act and the EU Directive are emblematic of growing public and regulatory interest, and it would be wise for companies, regardless of their size and industry, to begin to take steps to understand the impacts associated with their supply chain, as we can be sure that these pieces of legislation represent the beginning of a movement towards transparency and informed choices.

By Elaine Wood, VP Risk, Investigations & Analytics Practice at Charles River Associates; Brad Dragoon, Principal Risk, Investigations & Analytics Practice at Charles River Associates; Emily Butler, Consulting Associate at Charles River Associates; Dave Curran, Co-Head of ESG at Paul Weiss; and Madhuri Pavamani, Director of Sustainability & ESG at Paul Weiss.

1. https://hbr.org/2019/08/what-supply-chain-transparency-really-means ↑

2. https://www.nysenate.gov/newsroom/in-the-news/alessandra-biaggi/new-york-could-make-history-fashion-sustainability-act ↑

3. https://www.washingtonpost.com/politics/biden-uyghur-labor-law/2021/12/23/99e8d048-6412-11ec-a7e8-3a8455b71fad_story.html ↑

4. https://www.humanrightsfirst.org/blog/how-french-are-tackling-modern-slavery ↑

5. https://www.dw.com/en/germany-to-implement-supply-chain-law-against-exploitation/a-54181340 ↑

6. https://respect.international/french-corporate-duty-of-vigilance-law-english-translation/ ↑

7. https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_1146W ↑

8. https://ec.europa.eu/info/sites/default/files/1_2_183888_annex_dir_susta_en.pdf ↑

9. https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_1146 ↑

10. https://www.natlawreview.com/article/european-union-moves-towards-mandatory-supply-chain-due-diligence-start-gearing-new ↑

For emerging technologies, labor-intensive industries were an ideal early market. In customer service, for instance, contact centers applied tools with AI-enabled features, like call coaching, right out the gate.

The legal profession, in contrast, is no stranger to the accusation of being stuck in its ways. Unfairly, say we! Jennifer Mnookin, chancellor of the University of Wisconsin-Madison and former dean of UCLA’s law school, believes that law firms are now “thinking more like businesses than they did a generation ago.” She goes on to say that a lot of the work that was normally performed by first- and second-year law associates is now outsourced, at least in part, due to technological developments.

To some, the most advanced legal technology is overhyped. According to others, current trends will radically disrupt the profession. What’s abundantly clear is that many legal tech solutions are already making a real difference in lawyers’ lives.

Law firms are hungry to invest in technology to overcome the challenges of increased workflows and productivity demands on smaller budgets. The Future Ready Lawyer 2021 report shows that as of the past year, 84% of legal departments plan to increase their technology spending.

Legal tech is not a silver bullet. And yet, organizations that have already integrated legal technology into their operations report increased profitability.

Meanwhile, another report indicated that only 19% of partners at major law firms felt assured working in the digital economy.

In an industry known for traditional ways of working, change is afoot. It’s never been more important to know your audiovisual conferencing from your automation.

In this post, we explore five top legal technology trends shaping the industry.

1. Automation

Lawyers have historically pored over troves of documents. Fortunately, mundane and routine tasks are now ripe for automation that streamlines their work.

Automation is already being used in:

• Legal research
• E-discovery (searching for digital evidence to be used in court)
• Document review

And the possibilities to move beyond what can be achieved already are immense.

Legacy software modernization, such as those for document automation, is becoming standard practice. Simplifying the drafting of high-frequency, low-complexity contracts and allowing clients to sign them digitally can save lawyers time.

Good technology can transform the routine but vital admin tasks and workflows that law practices must grapple with daily. For example, this can include:

• Organizing and tracking progress and regulatory changes
• Data collection
• Reporting
• Communication

Manual processes can never be as efficient as automation at simple, repetitive tasks. This includes many elements in corporate transaction work.

And legal departments are finding the most efficiency gains in these areas where they can standardize processes.

2. Artificial intelligence

Artificial Intelligence (AI) and automation often get used interchangeably, but they’re slightly different.

Whereas automation broadly refers to tech replacing human labor to perform predictable, rote work, AI substitutes for more complex interpersonal duties, such as problem-solving, perception, and human planning. AI complements human intelligence much like your project management triangle.

AI hasn’t yet had the promised transformative effect in the legal industry. Yet there’s no inherent reason why the sexier applications won’t become mainstream.

Today’s artificial intelligence systems can keep learning. Machine learning is a subset of AI that can:

• Digest vast volumes of text and voice conversations
• Identify patterns
• Carry out impressive feats of predictive modeling

As well as finding privileged documents, AI can analyze contracts to check for missing terms, for example.

AI enables lawyers to extract powerful insights from data that can uncover critical evidence for case building and litigation strategies.

Source: Unsplash.

Technology is maturing; people are still figuring out how best to apply machine learning to the sector.

AI is transforming B2B marketing, allowing companies to optimize their customer experiences. And the legal industry can also leverage AI to create better client experiences.

Another use case is supporting law firms with investigations and detecting red flags and anomalies to mitigate risks.

3. Cloud-native solutions

Along with big data, cloud-based solutions help lawyers and clients share files and data across disparate platforms rather than relying solely on emails.

Firms migrating their data to the cloud (carefully) can enjoy significant benefits.

In fact, from hyper-automation, through the use of collaborative tools like virtual whiteboards, to using machine learning to get the most out of databases of historical information, most legal technology trends rely on the cloud.

Firms can modernize their office phone systems, for example, by investing in voice over internet protocol, or VoIP telephone systems with sophisticated features.

Softphones enable distributed workforces to manage their legal proceedings and communicate with each other and clients from anywhere.

Flexible, cloud-native systems also support crucial integrations between different tools.

Their widespread adoption will allow organizations to hook up their practice management systems with their unified communications platforms and meet the demands of clients for scalability.

4. Virtual legal assistants

As they get more sophisticated, Virtual Legal Assistants (VLAs) are being implemented by more and larger law firms and organizations.

VLAs are AI-powered chatbots that build on basic neural network computing models to harness the power of deep learning.

VLAs not only improve average response times, but they also free up real assistants from handling a good deal of the frequent internal questions legal departments face to work on the high-value tasks that require a human touch.

When intelligent law bots can’t address a particular claim, they pass it to a suitable department.

Gartner predicts VLAs can answer one-quarter of internal requests made to legal departments. This extends the operational capacity of in-house corporate teams.

5. Data privacy and cybersecurity

Privacy rules and regulations are also trending, with Gartner forecasting a federal privacy law covering personal information may be coming down the pike.

With the right tools, firms can securely share encrypted data both within their organization and externally with clients, witnesses, and courts, all while maintaining compliance.

Data is becoming ever more integral to legal practice operations that require tools spanning different platforms and rely on both private and public clouds.

Because of this, the ability to anticipate future risks, protect sensitive client information, and recover mission-critical operations after a cyberattack is becoming ever more of a necessity.

Legal professionals should be cognizant of the alarming rise in cyberattacks and the potential for reputational damage.

The American Bar Association reported in its annual Profile of the Legal Profession that 29% of lawyers dealt with security breaches at their firms in 2021.

Organizations must be prepared to withstand malicious attacks, such as ransomware and malware.

Mitigating their risk of exposure also means updating data loss prevention and governance policies to keep up with an ever-evolving landscape of threats.

Firms already take precautions in the office, for example, by forbidding devices like Google’s Assistant and Alexa to ward off surreptitious eavesdropping by bad actors.

Secure data sharing and policies around acceptable use, privacy, and security are even more critical considering the shift to remote work.

Your honorable mentions

Source: Unsplash.

The above are the most important legal technology trends you need to know, but here are a few honorable mentions.

First, firms will continue to hire hybrid profiles. This is about increasing cognitive diversity, closing the gap between professionals with knowledge of legal matters and those with enough legal tech expertise to manage the digitization and automation of workflows.

Today, we probably won’t be surprised by a developer’s need to moonlight in public relations—managing app store ratings and reviews.

On the other hand, some lawyers who understand coding are even developing applications themselves. For example, they may develop an application to run insider trading checks.

Second, employee satisfaction, a driver of the Great Resignation, is worth mentioning.

For law firms looking to attract and keep the best talent, technology can enable opportunities for professional development and make organizations more inclusive. Flexible working could also help.

Third, consumers are already opting for convenience across the economy (Uber, Shopify). Similarly, clients expect attorneys to answer their questions and ease anxieties round the clock.

Law firms can use technology to deliver seamless experiences, hiring partners who can be there for clients when they can’t.

It’s the surest way to increase the quality of their cases in the coming years.

Source: Unsplash.

All set to raise the bar?

About AI research, Stephen Pinker once said that the hard problems are easy and the easy problems are hard. It so happens that the similarly paradoxical-sounding challenge law firms face is doing more with less.

Technology can build meaningful reports to measure how profitable different practice areas are for more analytical decision-making.

Those in the camp making a case for legal AI point to the fact that the abilities of computers are theoretically compatible with the nature of much legal work.

Algorithms can yield more accurate results with a lot less effort at rule-based tasks.

AI can already manage the complex variables that might go into personal injury claims assessments. And autonomous cars are successfully driving on the road in defiance of many early AI skeptics.

Other legal work, though, remains ill-suited to computerization. And, for the tech-wary, the jury is still out.

The key to success is not getting caught up in the hype, but rethinking how technology can serve you and your clients.

When you realize that your people and processes are just as important as your tools, you can start by taking the boring stuff off their plate. Why wait?

ESG Reporting & Data Are Trending Risks

While corporations are enthusiastically touting their positive environmental, social, and governance (ESG) contributions, corporate general counsels are nervous. In a recent survey,^[1] in-house counsel identified ESG issues as one of the principal risks they are monitoring. One survey respondent said:

I am increasingly worried about ESG. Data privacy is the top risk, but ESG is the top trending risk and rising rapidly because of exposure in the future for corporations.

And this risk is complicated further by the fact that, for U.S. companies, there are no national ESG disclosure principles and no consensus around the key data points that ought to be reported. A recent analysis by Bloomberg Law^[2] indicates, for example, that reporting companies are increasingly categorizing their compliance with data privacy regulations and norms as ESG matters. And ESG risks do not merely pose legal challenges for in-house counsel: they may also lead to significant reputational problems.

Supply Chain ESG Risks Are Not Just Legal

While ESG principles may play a role in all areas of business activity, they are perhaps somewhat more developed in supply chains. One article found that “[b]y 2019, most Fortune 250 firms in the United States established various ESG goals ranging from greenhouse gas emissions to worker safety, transparency, and responsible procurement.”^[3] And supply chain revelations, perhaps more than other areas, have given rise to significant reputational risks, particularly when the public learns of human rights violations by the multinationals that source their products abroad.^[4]

Funds Have a Longer History, and More Commitment, to ESG Goals

Financial institutions and investment funds have been taking up the challenge to offer their clients opportunities to select investments based on ESG criteria for a while. At least since Kofi Annan’s 2004 initiative challenging financial institutions to contribute to sustainable development, they and the investment services industry more broadly have taken the lead in identifying ESG opportunities, encouraging ESG investments, and developing data that would support these goals.^[5] And the financial services industry continues to be more broadly committed to ESG strategy than any other industry.^[6]

Challenges Include Definitional Issues, Marketing and Reporting Standards, and Data

The pressure to market ESG metrics combined with the lack of consistent standards and the range of liability from misreporting exacerbate ESG reporting risks. It’s possible that the development of regulatory and auditing standards in this area could in theory quantify this risk—but the ad hoc nature of available data, whether developed internally or obtained from expert sources, may prove a challenge, even if rules are made explicit.

According to a 2021 Thompson Hine study, U.S. public companies are still divided in the ESG standards they utilize: 38% selected the Sustainability Accounting Standards Board (SASB); 27% selected the Global Reporting Initiative (GRI); and 25% selected the Task Force on Climate-Related Financial Disclosures (TCFD).^[7] Even so, many (but not all) companies in that survey said they were going to use quantitative data: 73% of public companies that planned to make public disclosures said that they planned to use quantitative metrics in their disclosures, while 53% of private companies in that position said they would do so. Looking further, the main metrics disclosed were board diversity data and workforce diversity data—which of course can be calculated from internal information.

In the meanwhile, the U.S. Securities and Exchange Commission continues to struggle to define its standards. Specifically, the SEC’s priority has been to focus on disclosures concerning climate change, human capital, and board and employee diversity.^[8] Thus far, the concerns about ESG disclosures have further delayed SEC action: work to issue a rule defining climate change-related disclosures has produced conflict within the SEC, particularly around what kinds of disclosures can be required and whether to require auditor sign-offs.^[9] However, the SEC’s Spring 2022 Unified Agenda of Regulatory and Deregulatory Actions indicates that it expects to provide final action on climate change and human capital management during October of this year.

1. FTI Consulting and Relativity, “Leading with Endurance: The Widening Risk Landscape.” ↑

2. Peter Karalis, Bloomberg Law, “ANALYSIS: Is Privacy an ESG Win? SEC Filing Trend Says Yes,” Dec. 8, 2021. ↑

3. Tinglong Dai & Christopher S. Tang, “Integrating ESG Measures and Supply Chain Management: Research Opportunities in the Post-Pandemic Era,” pre-print, Oct. 10, 2021. ↑

4. Kishanthi Parella, Washington & Lee University School of Law, “Improving Human Rights Compliance in Supply Chains,” Vol. 95, No. 2, Dec. 2019. ↑

5. The Global Compact, IFC, “Who Cares Wins: Connecting Financial Markets to a Changing World,” 2004. ↑

6. Thompson Hine, “AN ESG SNAPSHOT: Survey Confirms Companies Are Responding to Increasing Expectations,” 2021. ↑

7. Ibid. ↑

8. Preston Brewer, Bloomberg Law, “ANALYSIS: ESG, SPACs, and Proxies—A 2022 Forecast for SEC Action,” Nov. 1, 2021. ↑

9. Robert Schmidt and Benjamin Bain, Bloomberg News, “SEC Bogs Down on Climate Rule, Handing White House Fresh Setback,” Feb. 8, 2022. ↑

This article is based on a CLE program that took place during the ABA Business Law Section’s 2022 Hybrid Spring Meeting. To learn more about this topic, view the program as on-demand CLE, free for members.

Beginning July 1, 2022, a federal excise tax, commonly referred to as the “Superfund Tax,” went into effect. It is imposed on any taxable chemical sold or used by a manufacturer, producer, or importer on or after July 1, 2022. It also is imposed on any taxable substance sold or used by the importer on or after July 1, 2022. The Superfund Tax funds the Hazardous Substance Superfund Trust Fund for use in the clean-up of hazardous waste sites. It was initially created by the Hazardous Substance Response Revenue Act of 1980, effective for sales or uses after March 31, 1981, but expired at the end of 1995 before being reinstated in an updated form by the Infrastructure Investment and Jobs Act, enacted in late 2021.

The Internal Revenue Code (Code) lists forty-two chemicals (I.R.C. § 4661(b)) subject to the Superfund Tax upon their sale or use. The tax rate ranges from $0.44 to $9.74 per ton. The list of chemicals is significantly longer in the case of taxable substances imported for sale or use. (The imported substances Superfund Tax equals the amount of tax that would have been imposed on the taxable chemicals used in the manufacture or production of the substance if the taxable chemicals had been sold in the United States for use in the manufacture or production of that taxable substance.) The Code lists fifty substances (I.R.C. § 4672(a)(3)), and IRS Notice 2021-66 lists 101 substances subject to tax. The Code authorizes the addition of substances to the list of taxable substances, and Rev. Proc. 2022-26, which the IRS released on June 28, 2022, sets forth the procedures for requesting that a substance be added to or removed from the list of taxable substances.

On June 24, 2022, in IR-2022-132, the IRS published the tax rate for 121 taxable substances. The instructions to IRS Form 6627 list all 151 taxable substances with the tax rates for 121 included. The IRS will add the tax rates for the remaining thirty taxable substances as they are developed.

Reporting

The Superfund Tax is reported on IRS Form 6627, Environmental Taxes, which is required to be attached to the tax return made on Form 720, Quarterly Federal Excise Tax Return. Although the tax is reported on a quarterly return, companies subject to the tax generally must make semimonthly deposits for each period in which the tax liability is incurred. The tax deposit for each semimonthly period must not be less than ninety-five percent of the amount of net tax liability incurred during the semimonthly period, unless the deposit safe harbor in the regulations applies.

Deposit Safe Harbor

Under the deposit safe harbor, any company that filed a Form 720 return for the second preceding calendar quarter (look-back quarter) is considered to have met the semimonthly deposit requirement for the current quarter if:

1. the deposit for each semimonthly period in the current calendar quarter is not less than one-sixth of the net tax liability reported for the look-back quarter;
2. each deposit is made on time;
3. the amount of any underpayment is paid by the due date of the Form 720 return; and
4. the company’s liability does not include any tax that was not imposed during the look-back quarter.

Good Faith Efforts

Because of the difficulties companies will face determining the amount of tax that must be paid semimonthly, even under the deposit safe harbor rules, the IRS issued Notice 2022-15 to provide relief for the third and fourth calendar quarters of 2022, and the first calendar quarter of 2023, from penalties that otherwise would apply for failing to deposit the required amount of tax on a semimonthly basis. For these semimonthly periods, a company owing the Superfund Tax will be deemed to have satisfied the deposit requirement if:

1. the company makes timely deposits of applicable Superfund Tax, even if the deposit amounts are computed incorrectly, and
2. the amount of any underpayment of the applicable Superfund Tax for each calendar quarter is paid in full by the due date for filing the Form 720 return for that quarter.

The key takeaway from Notice 2022-15 for companies subject to the Superfund Tax is to make a deposit of some amount by July 29, 2022.

Companies should use reasonable judgment in determining the amount of tax due by July 29, but the critical point is to make a payment.

De Minimis Exception

Notice 2022-15 does not mention the de minimis exception in the deposit regulations that apply to the Superfund Tax. Under the de minimis exception, no deposit is required if the liability does not exceed $2,500 for a particular quarter. The tax can be paid when the Form 720 is filed. Having said that, caution should be exercised when applying the de minimis exception, except for companies that will rarely exceed the $2,500 threshold.

First, there is always the potential of miscalculating the amount of tax due. It is better to be in the position of having made an estimated payment that is too small (and argue that reasonable cause exists for making too small a deposit) than not having made an estimated payment at all. Second, the IRS system may be set up to expect estimated payments (for a company that regularly makes them) and may send out a notice if it does not see an estimated payment in the system. Finally, once a company sets up its system to make estimated payments based on the liability for the second preceding quarter, designing the system not to make an estimated payment if the quarterly liability is $2,500 or less adds another computation for possible error. Remember, the estimated payments are made on the basis of the tax liability for the second preceding quarter, but the de minimis exception applies to the existing quarter.

Challenges Ahead

The Superfund Tax existed before 1996, so it is not a new tax for companies that manufactured, produced, or imported taxable chemicals and substances before 1996. For many companies, however, the reinstatement of the Superfund Tax is a new tax for them, and complying with it is going to present new challenges. Even for older companies, the reinstatement of a tax after more than twenty-five years will present challenges. The Superfund Tax also will present challenges for the IRS.

The IRS is open to receiving comments from affected companies, and it is important for companies to be actively engaged with the IRS in its development of the rules and regulations that apply to taxable chemicals and substances.

Canada continued its record run of M&A activity in 2021. Throughout the year, we saw a significant amount of M&A activity in the Canadian technology sector. To increase value and expand capabilities, organizations in all industries are investing in and acquiring technology companies rapidly. Technology companies can offer significant upside because of their ability to scale operations rapidly while using lower levels of capital investment. Yet, companies that utilize technology present unique risks. Buyers, including private equity funds and strategic acquirers, must understand these risks and engage advisors experienced in technology M&A to help structure the transaction to mitigate risk and maximize value. These risks increase where the target company uses cutting-edge technology, such as artificial intelligence, or whose products are utilized in highly regulated industries, such as providers of FinTech, RegTech, biomedical solutions, digital health devices, or autonomous vehicles. 

This article will identify five key technology-specific issues to consider when acquiring a technology company and provide strategies to mitigate these risks. As with all acquisitions, buyers must review all aspects of the business’s operations, including employment, tax, commercial agreements, and any specific issues triggered by the acquisition (e.g. regulatory review of the transaction). 

1. Does the Target Company Have Adequate Rights to Its IP?

For technology companies, clear ownership of, or adequate rights to utilize, all relevant intellectual property (IP) is paramount. IP is the cornerstone of most technology businesses. If a company does not have a clear title to its IP, it risks third-party infringement claims that can be detrimental to the business’s survival. 

Buyers should first identify what IP is critical to the target company’s operations and then ensure that the target either exclusively owns or has the rights to the IP utilized in its operations or incorporated in its products and services. This includes ensuring that any third parties (e.g. employees, contractors, service providers, research institutions) involved in developing the target company’s IP have adequately assigned all rights to the target company. Buyers should review all applicable databases of appropriate administrative bodies (e.g. the Canadian Intellectual Property Office) to ensure that the target company owns any applicable registered IP and that no third-party interests are registered against the IP. Additionally, buyers should identify and form a strategy for any IP infringement claims against the target company. If the target company does not own the underlying IP, buyers should understand how the target company is permitted to utilize the IP. This will include understanding the scope of any licenses for any material IP of the target company. 

For target companies that employ either employees or independent contractors to develop their technology, it is crucial to confirm that the target company has sought waivers of moral rights from these third parties. Moral rights grant the author of an original work covered under copyright laws certain rights to that work, without any need for registration. In Canada, moral rights cannot be assigned or licensed but must be waived. 

Utilization of open-source software by the target company also offers its risks. This can include creating obligations on the company utilizing the open-source software to make available, at no charge, the source code of any program or software that incorporates the open-source software. Due to the significant risk involved, buyers should consider engaging a third-party provider to conduct an audit of the target company’s source code. This will help the buyer understand if there are any open-source issues or issues relating to the potential infringement of third-party IP. 

2. Data Rights and Use of Personal Information

For technology companies, data is often a key driver of value. As such, buyers should work to understand how the target company utilizes data and its data practices, focusing on any contractual obligations relating to the collection, use, and transfer of data. Such review should include examining the target company’s policies surrounding personal information, verifying compliance with applicable laws (including data protection laws), and obtaining consent to transfer data where necessary. The review should cover all applicable privacy policies and internal data use policies and the target company’s privacy practices. Reviewing whether the target company has all the necessary consents to use the data will also mitigate this risk.

Suppose the target company’s data practices involve the processing of personal information. In that case, buyers should understand what legislation applies and whether the target has implemented processes and procedures that comply with all applicable data protection laws, privacy laws, and third-party agreements. 

If the proposed transaction results in a transfer of ownership of the data, buyers should ensure that the target company has the necessary rights and consents to transfer the data. Without this consent, the target company could be in breach of its obligations. 

As issues relating to inappropriate data use may be expensive, if not impossible, to remedy, buyers must have a clear understanding of the target company’s data practices. It must also confirm that the target complies with all regulatory obligations and third-party agreements concerning data use. If the target company is non-compliant, then this issue may be difficult or impossible to remedy without seeking the consent of all applicable third parties.

3. Ownership and Voting Structure Information

In the launch and growth stages of a company, numerous types of investors may acquire equity in the company. But maintaining accurate corporate records may not be a priority for early-stage companies, which can complicate things in the acquisition process. Buyers must have a clear understanding of who the target company’s shareholders are and any rights these holders have that could impact the acquisition. This may include voting or dissolution rights associated with any particular share class or investor. 

It is common for high-growth companies to use options or warrants to incentivize internal (e.g. employees, board members, and contractors) and external stakeholders (e.g. lenders, strategic partners, and key customers) to support its growth. Therefore, the buyer must also review the terms and vesting schedules of any options, warrants, or convertible securities (to the extent that any have been issued) issued by the target company, as these may impact the level of control and ownership long-term. 

It is also critical that the buyer ensure that the appropriate shareholders approve of the transaction or are required to sell their shares (pursuant to the articles or shareholder’s agreement). For a share sale, buyers must understand who each shareholder is and ensure that it is purchasing all of the target company’s shares. A review of the chain of title of shares is essential to help ensure that buyers are purchasing all of the target company’s shares. Buyers must also ensure that each shareholder has the right to transfer its shares to buyers. A review of the target company’s minute books and any relevant agreements, such as shareholder agreements, will be critical to ensure a full understanding of the company’s ownership and voting structure information. 

4. Cybersecurity

Data security is critical to protecting a business’s assets and operations. A data breach can be highly damaging to a company’s value. Unauthorized access to confidential business information or sensitive customer information can cause both financial and reputational harm, negatively impacting a company’s image and revenues. Cybersecurity due diligence (“cyber diligence”) is one way to help lower the risk of future data breaches, regulatory fines, and privacy breach proceedings.

Buyers should engage in cyber diligence to review a target company’s cybersecurity practices, identify vulnerabilities that could be exploited, and address cybersecurity risks before they turn into issues. Furthermore, cyber diligence should contemplate the sensitivity or value of the stored data and monitor any gaps in data security. The more sensitive or valuable the data is, the more secure the data must be. Cybersecurity experts may need to be engaged to assess the level of security and any vulnerabilities in the system. Buyers should also consider reviewing the target company’s cyber response plan to ensure that it has adequately contemplated cyber risk and has a robust plan to manage, mitigate or remedy any cyber threat. 

5. Regulatory Risk and Life Cycle Issues

In the early stages of software development, it is not uncommon for technology companies to focus on product development that meets certain functional specifications. In doing so, these organizations may develop a functionally sound solution that does not contemplate the regulatory requirements imposed on the company or its customers. This issue can arise when a solution that was originally designed for one industry or jurisdiction is then made available to customers in another industry/jurisdiction whose regulatory obligations differ. In addition, regulations are constantly evolving, thus products and services must continually be updated to reflect these changes. 

Buyers should ensure that the target company’s technology complies with both its and its customer’s respective legal obligations and should also contemplate anticipated changes in laws to best ensure that the technology will not be made obsolete by these changes. 

If the target company’s solutions do not meet all applicable regulatory requirements, it could face significant liability from its customers, third parties, and governmental agencies. 

Apart from regulatory requirements, the fast-evolving nature of disruptive technology means that the life cycle of the target company’s technology should be taken into account. In addition to legal and financial due diligence, the cyber diligence process should also consider the scalability, functionalities, and development potential of the technology being acquired. 

6. Addressing the Risk 

If issues are identified, buyers should consider if and how these risks can be addressed. Depending on the issue identified, the target may be able to address the concerns pre-closing. Buyers should also consider whether targeted representations and warranties addressing identified technology matters should be included in the purchase agreement. 

If the issue cannot be addressed pre-closing, such as concerns relating to the use of open-source software in the target company’s products or services, buyers may wish to negotiate a reduction in the purchase price to reflect the risk assumed and the cost to remedy such risk post-closing. In addition, buyers may wish to consider a specific indemnity to address the risk for known issues and consider a holdback of a portion of the purchase price that buyers can set off against any losses due to the identified issues. The parties may also look to restructure the transaction to mitigate the risk. 

Specific issues, such as material infringement of third-party IP or non-compliance with privacy laws, may not be able to be addressed pre-closing. Thus, buyers should consider the potential reputational risk of closing the transaction. 

Conclusion

The points discussed in this article are by no means an exhaustive list of all issues relating to technology M&A but do illustrate some of the unique challenges that often arise in this space. The issues identified should be evaluated during the diligence stages of a transaction. Depending on the findings, issues may be able to be addressed in the purchase agreement. This will assist in protecting buyers and also in establishing a meaningful valuation for the target company as the parties can address the risk through a reduction in the purchase price. Both buyers and sellers should engage counsel who understands the underlying technology and has experience in technology transactions to protect their interests. 

The authors would like to acknowledge the contributions of Jane Huang, Articling Student, in the writing of this piece.

As the recent Congressional tax hike for chapter 11 debtors demonstrates, the existence of two programs to administer bankruptcy cases can result in vehemently different outcomes for similarly situated debtors. In 2017, Congress temporarily increased the quarterly fees large chapter 11 debtors pay during their bankruptcy cases.^[1] The change in fees was intended to provide continued funding of the U.S. Trustee program (“UST”).^[2] Although a change in fees sounds relatively routine, this Congressional amendment to the bankruptcy code caused an uproar. The controversy was due to the significant variation in fees chapter 11 debtors paid for a few years solely because of geographic differences, rather than a material difference in the bankruptcy filing or debtor’s situation. Debtors in regions administered by the UST program paid significantly higher fees than debtors in regions administered by the Bankruptcy Administrator program (“BAP”). Fees were higher in UST districts because the increase was effective earlier (January 2018).^[3] In addition, the fee increase applied prospectively to pending cases. In contrast, debtors in BAP regions paid lower fees because the increase was effective three quarters later (October 2018) and did not apply prospectively to pending cases.^[4]

The variation in quarterly fee amounts for similarly situated debtors largely due to geography revived questions regarding the constitutional uniformity of a bifurcated case administration system. The ensuing legal challenges to the fee increase led to contrasting results, in part, because uniformity “has defied principled interpretation since its adoption and continues to be a source of analytical confusion.”^[5] Accordingly, the Fourth and Fifth Circuits upheld the fee increase while the Second and Tenth Circuits held that the fee increase was not constitutionally uniform.^[6] Signaling the importance of this issue and to resolve the split among circuits, the U.S. Supreme Court (the “Supreme Court”) granted certiorari to the Fourth Circuit case, Siegel v. Fitzgerald (In re Circuit City Stores, Inc.).^[7] In considering Siegel, the Court had a rare^[8] opportunity to further delineate the meaning of constitutional uniformity in bankruptcy and to address whether the bifurcated case administration system meets that definition.

Despite this rare opportunity, the Supreme Court declined to address whether a bifurcated case administration system is constitutional. Instead, it held that the fee hike was not constitutional and remanded the issue of the appropriate remedy to the Fourth Circuit.^[9] Below is a brief history of the events leading to Siegel, a summary of the oral arguments in Siegel, as well as an analysis of the Supreme Court’s decision.

Background

In 1978, to alleviate bankruptcy judges’ administrative burdens and remove the appearance of bias arising from their dual roles as case administrators and jurists—Congress established a pilot UST program.^[10] The intent was to “eliminate the appearance of favoritism arising from the close relationship[s] [. . .] between judges and trustees, and to address the problem of ‘cronyism [. . . due to the] appointment of trustees by bankruptcy judges.’”^[11] This program became permanent in 1986 in all judicial districts except for Alabama and North Carolina.^[12] Many have proffered that this temporary exception to joining the UST program was due to politics.^[13] The temporary waiver for Alabama and North Carolina became a permanent exemption from the UST program in 2000.^[14]

When Congress created the UST program, it intended for “users of the bankruptcy system” to fund the program “at no cost to the taxpayer.”^[15] In contrast, the BAP receives its funding from the general judiciary, which also oversees and operates it.^[16] To ensure the UST program would not be funded by taxpayers, Congress promised to “monitor the self-funding mechanism” to ensure debtors would remit sufficient fees to cover costs.^[17] Accordingly, 28 U.S.C. § 1930(a)(6) requires chapter 11 debtors to pay quarterly fees based on the size of disbursements debtors make to creditors.^[18] Initially, debtors in BAP districts did not have to pay these quarterly fees.^[19]

This disparity continued until 1994 when the Ninth Circuit ruled that imposing a “different, more costly system” on debtors everywhere except Alabama and North Carolina violated the Bankruptcy Clause’s uniformity requirement.^[20] By way of background, uniformity as a tenet of bankruptcy law originates from Article 1, Section 8 of the U.S. Constitution, otherwise referred to as the Bankruptcy Clause. Under this provision, Congress has the authority to create “uniform Laws on the subject of Bankruptcies.”^[21] Although the exact meaning of constitutional uniformity, as noted above, “continues to be a source of analytical confusion,”^[22] uniformity should mean that bankruptcy laws treat indistinguishable debtors in a similar if not identical manner.

Rather than eradicate the dual case administrations system in response to the Ninth Circuit’s ruling, Congress enacted 28 U.S.C. § 1930(a)(7), which allowed the Judicial Conference to require BAP debtors “to pay fees equal to those imposed” in UST districts.^[23] A year later, the Judicial Conference set fees in BAP districts “in the amounts specified [for UST districts], as those amounts may be amended from time to time.”^[24]

The Current Fee Controversy

On October 26, 2017, the issue of constitutional uniformity emerged once again when Congress amended 28 U.S.C. § 1930(a)(6) (the “2017 Amendment” or “Amendment”)^[25] in response to declining bankruptcy filings and fee collections.^[26] Specifically, Congress temporarily increased fees due to projections that the UST program would have a $92 million shortfall in fiscal year 2017 and a zero balance by fiscal year 2018.^[27] To ensure continued funding, the 2017 Amendment increased quarterly fees for debtors with disbursements of $1 million or more in a quarter.^[28] The increase is temporary: it only applies from 2018 through 2022.^[29] It is also conditional because it goes into effect only if the Trustee System Fund’s balance is less than $200 million as of September of the most recent full fiscal year.^[30]

Initially, the temporary fee increase only applied to UST districts.^[31] Courts in UST districts applied the new fees to any quarterly disbursements that postdated the effective date of the 2017 Amendment.^[32] This meant that a bankruptcy case filed before the 2017 Amendment but still pending after the Amendment would pay the increased fees.^[33] The Judicial Conference did not adopt the increased fee schedule for BAP districts until September 2018,^[34] and only applied the increase to cases filed on or after October 1, 2018.^[35]

The Circuit Split

The Fifth Circuit Holds That UST Fee Increase Is Constitutional.

The first circuit court to address the constitutional uniformity of the fee increase was the Fifth Circuit. The Fifth Circuit has jurisdiction over Louisiana, Mississippi, and Texas district courts—all states in the UST program. In Buffets, the Fifth Circuit ruled against restaurant operators challenging the fee increase on the basis of (1) retroactivity and (2) the constitutional uniformity requirement.^[36] The debtors in Buffets operated buffet-style restaurants throughout the U.S. and filed their bankruptcy case before the 2017 Amendment.^[37] Despite this, their quarterly fee amount increased from $30,000 to $250,000 because their case was still pending after the Amendment.^[38] Although they challenged the increase, arguing that it did not apply because they filed the case before the Amendment, the Fifth Circuit disagreed and held that the fee increase applied to future disbursements.^[39]

The Fifth Circuit also held that the 2017 Amendment was constitutionally uniform. Its rationale was that “although the Supreme Court has treated the uniformity requirement as a limit on congressional power, it has also recognized that it ‘is not a straightjacket that forbids Congress to distinguish among classes of debtors [. . .] Nor does it bar every law that allows for a different outcome depending on where a bankruptcy is filed.’”^[40] Accordingly, the Fifth Circuit held that the justification for the 2017 Amendment, which was to ensure the UST program remains self-funded, passed constitutional muster.^[41] To that end, the court noted that: “the uniformity provision does not deny Congress power to take into account differences that exist between different parts of the country, and to fashion legislation to resolve geographically isolated problems.”^[42]

The Fourth Circuit Holds That the Fee Increase Is Constitutional.

The following year, the Fourth Circuit, in Siegel addressed the same issue in a case that would ultimately reach the Supreme Court. The Fourth Circuit encompasses district courts in Maryland, North Carolina, Virginia, and West Virginia—three states in the UST program and one (North Carolina) in the BAP. The debtor in Siegel, Circuit City Stores, Inc., and its affiliates operated a chain of consumer electronic retail stores and challenged the fee increase based on (1) retroactivity and (2) the constitutional uniformity requirement.^[43] Similar to the Fifth Circuit, the Fourth Circuit held that Congress intended for the amendment to apply to all disbursements after the Amendment’s effective date.^[44] It also held that the increase was constitutionally uniform because unlike the “irrational and arbitrary” distinction which Congress failed to justify^[45] in St. Angelo, Congress provided a solid fiscal justification for the 2017 Amendment:^[46] ensuring debtors rather than taxpayers fund the UST program.^[47] The Fourth Circuit held that Congress could amend the law to apply to UST districts because only debtors in UST districts use the UST program. Congress reasonably solved the shortfall problem with fee increases in the underfunded districts.^[48]

Fourth Circuit Judge Arthur Quattlebaum, Jr. issued an opinion concurring in part and dissenting in part. In his opinion, Judge Quattlebaum proffered that the bifurcated administration system is not constitutionally uniform because debtors in UST districts pay materially more in quarterly fees.^[49] These fee differences “trickle down” and reduce amounts unsecured creditors receive.^[50] As a result, unsecured creditors in UST program districts receive less of the amounts owed to them than similar situated unsecured creditors in Alabama and North Carolina.^[51]

The Second and Tenth Circuits Hold Fee Increase Is Not Constitutional.

Months after the Fifth Circuit held that the fee increase was constitutionally uniform, the Second Circuit, in In re Clinton Nurseries, held that the increase violated the Bankruptcy Clause’s uniformity provision.^[52] The Second Circuit has jurisdiction over district courts in Connecticut, New York, and Vermont—all part of the UST program. The Second Circuit noted that the Fourth and Fifth Circuits had overlooked a critical factor: uniform application of bankruptcy laws. According to the Second Circuit, the 2017 Amendment applied “to the class of debtors whose disbursements exceed $1 million,” yet there was no suggestion that members of that broad class were absent in the BAP districts.^[53] The Second Circuit concluded that although the Supreme Court has held that Congress can take geographical differences into account and fashion legislation to resolve geographically isolated problems, to survive scrutiny under the Bankruptcy Clause, a law must apply uniformly to a defined class of debtors.^[54]

Soon thereafter, the Tenth Circuit—which includes UST program districts in Colorado, Kansas, New Mexico, Oklahoma, Utah, and Wyoming—followed suit and adopted an identical conclusion.^[55] It held that the Bankruptcy Clause required any law to “apply uniformly to a defined class of debtors.”^[56] Since large debtors likely existed in districts overseen by both the UST Program and BAP, the Tenth Circuit concluded the parallel systems did not meet this standard.^[57]

The Supreme Court Strikes Down Fee Hike in Siegel.

On June 6, 2022, the Supreme Court issued a unanimous decision in Siegel v. Fitzgerald and resolved the circuit split delineated above. While holding that the fee hike was not constitutional, the Supreme Court explicitly declined to address whether the bifurcated bankruptcy case administration system was constitutional.^[58] The Court also declined to address the appropriate remedy, stating that it was a court of review not of “first view.”^[59] Accordingly, the Supreme Court remanded the issue of the appropriate remedy to the Fourth Circuit.

The decision not to address the bifurcated bankruptcy case administration system nor remedies was surprising, given that oral arguments in the case in part focused on these two issues. Specifically, the oral arguments that occurred months before, on April 18, 2022, focused on three issues: (1) whether the dual bankruptcy case administration system was constitutionally uniform, (2) if Congress could set varying fees due to this system, and (3) possible remedies if the fee increase was not constitutionally uniform.^[60] Of note from the hearing is that the Petitioner (the liquidating trustee for the Circuit City stores) failed to preserve the issue of the constitutionality of the original bifurcation for appeal.^[61] 

In its opinion, the Court rejected the UST’s arguments that the fee hike was an administrative law rather than a “law ‘on the subject of Bankruptcies’ to which the uniformity requirement applies.”^[62] The Court stated, “[n]othing in the language of the Bankruptcy Clause itself . . .suggests a distinction between substantive and administrative laws . . . [n]or has th[e] Court ever distinguished between substantive and administrative bankruptcy laws or suggested that the uniformity requirement would not apply to both.”^[63]

According to the Supreme Court, Congress has authority to account for differences that exist between different parts of the county and to fashion legislation to resolve geographically isolated problems.^[64] However, Congress does not have free rein to subject similarly situated debtors in different states to different fees because it chooses to pay the costs for some but not others.^[65] The Court noted that the problems prompting Congress’ disparate treatment in Siegel stem not from an external and geographically isolated need, but from Congress’ own decision to create a dual bankruptcy system funded through different mechanisms in which only districts in two states could opt into the more favorable fee system for debtors.^[66]

Potential Remedies

The issue of the appropriate remedy will be a difficult one for the Fourth Circuit to adjudicate. It may adopt the remedies that the Respondent (the United States Trustee for Region 4) prefers. These would be either a fee increase for debtors in the BAP district who paid less fees or for the Supreme Court’s decision to apply prospectively. Alternatively, it may adopt Petitioner’s remedy—a full refund. As the Supreme Court noted each of these remedies pose a host of legal and administrative concerns, which includes the practicality, feasibility, and equities of each remedy.^[67] It will be of great interest to see which remedy the Fourth Circuit chooses (if it does not choose a remedy that neither Respondent nor Petitioner have offered) and whether the chosen remedy will result in another appeal to the Supreme Court.

1.  The Bankruptcy Judgeship Act of 2017 (2017 Act), Pub. L. No. 115-72, Div. B, 131 Stat. 1229, amended the quarterly-fee statute by adding the following subparagraph to Section 1930(a)(6): “(B) During each of fiscal years 2018 through 2022, if the balance in the United States Trustee System Fund as of September 30 of the most recent full fiscal year is less than $200,000,000, the quarterly fee payable for a quarter in which disbursements equal or exceed $1,000,000 shall be the lesser of 1 percent of such disbursements or $250,000.” § 1004(a), 131 Stat. 1232 (28 U.S.C. 1930(a)(6)(B) (2018)). The increased fees took effect in the first quarter of 2018. See § 1004(c), 131 Stat. 1232. ↑

2. See Hobbs v. Buffets LLC (In re Buffets LLC), 979 F.3d 366, 371 (5th Cir. 2020). (“[A] decline in Bankruptcy filings meant the Trustee Program was no longer self-sustaining [. . .] Congress attempted to remedy the shortfall in the Bankruptcy Judgeship Act of 2017.”). ↑

3. See § 1004(c), 131 Stat. 1232. ↑

4. In re John Q. Hammons Fall 2006, LLC, 15 F.4^th 1011, 1018 (10th Cir. Oct. 5, 2021) (stating, “The Judicial Conference didn’t increase quarterly fees for those debtors until October 2018, and then the increase didn’t apply prospectively to pending cases. Thus, in Bankruptcy Administrator districts, unlike in Trustee districts, large debtors with cases pending before October 2018 incurred no increased fees however long their cases remained pending.”). ↑

5. Buffets, 979 F.3d at 377 (citing Judith Schenck Koffler, The Bankruptcy Clause and Exemption Laws: A Reexamination of the Doctrine of Geographic Uniformity, 58 N.Y.U. L. REV. 22, 22 (1983)); see also Randolph J. Haines, The Uniformity Power: Why Bankruptcy Is Different, 77 AM. BANKR. L.J. 129, 165-72 (2003) (arguing against the view that uniformity is a limitation); Note, Reviving the Uniformity Requirement, 96 HARV. L. REV. 71, 73-75 (1982) (discussing different possible meanings of uniformity). ↑

6. See Siegel v. Fitzgerald (In re Circuit City Stores, Inc.), 996 F.3d 156 (4th Cir. 2021); In re Buffets, L.L.C., 979 F.3d 366; Clinton Nurseries of Md., Inc. v. Harrington (In re Clinton Nurseries, Inc.), 998 F.3d 56 (2d Cir. 2021); Hammons Fall, 15 F.4^th 1011. ↑

7. See Siegel v. Fitzgerald, 213 L.Ed. 39, 142 S. Ct. 1770 (2022). A full text of the Supreme Court’s Opinion is located at https://www.supremecourt.gov/opinions/21pdf/21-441_3204.pdf. ↑

8. As one circuit court noted, “The Bankruptcy Clause ‘might win’ a ‘contest for least-studied part’ of Article I’s congressional powers. Buffets, 979 F.3d at 376 (citing Stephen J. Lubben, A New Understanding of the Bankruptcy Clause, 64 CASE W. RES. L. REV. 319, 319 (2013).  ↑

9. Siegel, 213 L.Ed. 2d at 53. ↑

10. Pidcock v. United States (In re ASPC Corp.), 631 B.R. 18, 38 n.1 (Bankr. S.D. Ohio 2021); Dan J. Schulman, The Constitution, Interest Groups, and the Requirements of Uniformity: The United States Trustee and the Bankruptcy Administrator Programs, 74 Neb. L. Rev. 91 (citing Act Nov. 6, 1978, Pub. L. No. 95-598, 1501-151326, 92 Stat. 2651-57 (1978) (codified at 11 U.S.C. 1501-151326 (Supp. III 1979) (repealed 1986))). ↑

11. St. Angelo v. Vict. Farms, 38 F.3d 1525, 1529 (9th Cir. 1994) (citing H. Rep. No. 595, 95th Cong., 2d Sess. 108 (1978), reprinted in 1978 U.S.C.C.A.N. 5963, 6069). ↑

12. Buffets, 979 F.3d at 366. ↑

13. Alabama and North Carolina initially had until 1992 to join the UST program. This was later extended to 2002. However, in 2000, Congress granted Alabama and North Carolina a permanent exemption from joining the trustee program. ↑

14. Citing Federal Courts Improvement Act of 2000, Pub. L. No. 106-518 501, 114 Stat. 2410, 2421-22(2000). ↑

15. H.R. Rep. No. 764, 99th Cong. 2d Sess. 26 (1986). ↑

16. Hammons Fall, 15 F.4^th at 1017. ↑

17. H.R. Rep. No. 764, 99th Cong. 2d Sess. 26 (1986). ↑

18. 28 U.S.C. § 1930(a)(6) ↑

19. Buffets 979 F.3d at 371. ↑

20. St. Angelo, 38 F.3d at 1531-33. ↑

21. U.S. Const. art I, § 8, CL. 4. (emphasis added). ↑

22. Buffets, 979 F.3d at 377 (citing Judith Schenck Koffler, The Bankruptcy Clause and Exemption Laws: A Reexamination of the Doctrine of Geographic Uniformity, 58 N.Y.U. L. REV. 22, 22 (1983)); see also Randolph J. Haines, The Uniformity Power: Why Bankruptcy Is Different, 77 AM. BANKR. L.J. 129, 165-72 (2003) (arguing against the view that uniformity is a limitation); Note, Reviving the Uniformity Requirement, 96 HARV. L. REV. 71, 73-75 (1982) (discussing different possible meanings of uniformity). ↑

23. Federal Courts Improvement Act of 2000 § 105. ↑

24. Report of the Proceedings of the Judicial Conference of the United States 45-46 (2001), https://www.uscourts.gov/sites/default/files/2001-09_0.pdf ↑

25. See The Bankruptcy Judgeship Act of 2017. Pub. L. No. 115-72, 131 Stat. 1224, 1229-34 (2017) (stating, “In any fiscal year, the quarterly fee payable for a quarter in which disbursements equal or exceed $1,000,000 shall be 1 percent of such disbursements or $250,000, whichever is less, unless the balance in the United States Trustee System Fund as of September 30 immediately preceding such fiscal year exceeds $200,000,000.”). ↑

26. Buffets, 979 F.3d at 371 (“By the mid-2010s, a decline in bankruptcy filings meant the Trustee Program was no longer self-sustaining H.R. Rep. No. 115-130 at 7 (2017) reprinted in 2017 U.S.C.C.A.N. 154, 159.”) ↑

27. In re Exide Techs., 611 B.R. 21, 30-31 (Bankr. D. Del. 2020) ↑

28. Buffets, 979 F.3d at 371 ↑

29. Id. ↑

30. Id. ↑

31. Id. at 372. ↑

32. Hammons Fall, 15 F.4^th at 1018. ↑

33. Id. ↑

34. Id. ↑

35. Id. ↑

36. See generally Buffets 979 F.3d 366 (5th Cir. 2020). ↑

37. Id. at 372. ↑

38. Id. at 371. ↑

39. Id. at 375 (stating, “The mere upsetting of their expectations as to amounts owed based on future distributions does not make for a retroactive application.”). ↑

40. Id. at 377. ↑

41. Id. at 379. ↑

42. Id. at 378 (quoting the Supreme Court in Reg’l R.R. Reorganization Act Cases, 419 U.S. at 159, 95 S.Ct. 335 (1974), “[t]he uniformity provision does not deny Congress power to take into account differences that exist between different parts of the country, and to fashion legislation to resolve geographically isolated problems.”). ↑

43. See generally, In re Cir. City Stores, Inc., 996 F.3d 156 (4th Cir. 2021). ↑

44. Id. at 169. ↑

45. Id. at 166 (citing St. Angelo, 38 F.3d at 1532). ↑

46. Id. at 167. ↑

47. Id. ↑

48. Id. ↑

49. Id. at 169. ↑

50. Id. ↑

51. Id. ↑

52. See generally In re Clinton Nurseries, Inc., 998 F.3d 156 (2d. Cir. 2021). ↑

53. Id. at 169. ↑

54. Id. ↑

55. Hammons Fall, 15 F.4^th at 1026. ↑

56. See id. at *1024 (internal quotation marks and citations omitted). ↑

57. Id. ↑

58. Siegel v. Fitzgerald, 213 L. Ed. 2d 39, 52 (2022). ↑

59. Id. at 53. ↑

60. See generally Transcript of Oral Argument, Siegel v. Fitzgerald (In re Circuit City Stores, Inc.), 142 S. Ct. 752 (2022). (No. 21-441), Available at https://www.supremecourt.gov/oral_arguments/argument_transcripts/2021/21-441_6j36.pdf ↑

61. Siegel, 213 L. Ed. at 48. ↑

62. Id. ↑

63. Id. ↑

64. Id. at 52. ↑

65. Id. ↑

66. Id. ↑

67. Id at 53. ↑

Kentucky and Virginia have recently passed legislation relating to student loan servicers. In Kentucky, a new student loan servicing law creates new licensing and compliance requirements. In Virginia, an amendment limits the scope of the state’s existing student loan servicing law. An explanation of the changes follows.

Kentucky’s Student Education Loan Servicing, Licensing, and Protection Act

On April 7, 2022, the governor of Kentucky signed HB 494, the Student Education Loan Servicing, Licensing, and Protection Act (the Kentucky Act) into law, which includes a licensing requirement applicable to student loan servicers and other substantive requirements related to the regulation of student loan servicers in Kentucky. The Kentucky Act will become effective on July 13, 2022, and, therefore, entities subject to this law must prepare now to ensure compliance before the imminent effective date.

Licensing Requirement

The Kentucky Act requires a license to act as a student education loan servicer, unless an entity is exempt from the licensing requirement. Entities exempt from the licensing requirement include, among other entities:

• a federal or state bank, trust company, or industrial loan company that is authorized to transact business in Kentucky;
• a federally chartered savings and loan association, federal savings bank, or federal credit union authorized to transact business in Kentucky;
• a savings and loan association, savings bank, or credit union formed under state law authorized to transact business in Kentucky; and
• a public postsecondary education institution or private nonprofit postsecondary education institution servicing a student loan extended to a borrower.

However, note that entities exempt from the licensing requirement are still subject to the substantive conduct requirements and prohibitions under the Kentucky Act.

Definition of Servicing

HB 494 defines “servicing” to mean participating in any of the following activities related to a student education loan:

1. performing both of the following:
   1. receiving:
      1. payments from a borrower; or
      2. notification that a borrower made a scheduled periodic payment; and
   2. applying payments to the borrower’s account pursuant to the terms of a student education loan or the contract governing the servicing of the loan;
2. during a period when no payment is required on a student education loan, performing both of the following:
   1. maintaining account records for the student education loan; and
   2. communicating with the borrower regarding the student education loan on behalf of the owner of the student education loan promissory note;
3. communicating with a borrower regarding the borrower’s student education loan with the goal of facilitating the borrower to:
   1. make payments on the student education; or
   2. apply for a qualified forbearance program;
4. facilitating the activities described in paragraph (a) or (b) above.

This definition of servicing is broad because an entity needs to trigger only one of the above activities to be subject to the license requirement. For example, an entity that only engages in facilitating the receipt of payments from borrowers on behalf of the loan owner must be licensed.

Prohibited Conduct

The Kentucky Act prohibits a student education loan servicer from engaging in abusive acts or practices, including but not limited to acts or practices that: (a) materially interfere with the ability of a borrower to clarify a term or condition of a student education loan; or (b) fail to educate and inform the borrower of any of the following:

• the material risks, costs, or conditions of a student education loan;
• selecting or using a student education loan or a feature, term, or condition of a student education loan; or
• accurate and relevant information related to loan payments of the loans serviced by the servicer.

A student education loan servicer is also prohibited from:

• employing any scheme, device, or artifice to defraud or mislead a borrower;
• engaging in any unfair, deceptive, or predatory practice toward any borrower or misrepresenting or omitting any material information in connection with servicing a student education loan, including but not limited to:
  • misrepresenting the amount, nature, or terms of any fee or payment due or claimed to be due on a student education loan;
  • misrepresenting the terms and conditions of the student education loan agreement or any modification to the agreement; or
  • misrepresenting the borrower’s obligations under the student education loan; and
  • with respect to a military borrower, “older” borrower (not defined), borrower working in public service, or a borrower with a disability, misrepresenting or omitting the availability of a program or protection specific to the respective borrower or applicable to the respective category of borrowers;
• misapplying payments made by a borrower to the outstanding loan balance;
• refusing to communicate with an authorized representative of the borrower, except the servicer may adopt reasonable procedures for:
  • requesting verifying documentation that the representative is in fact authorized to act on behalf of the borrower; and
  • protecting the borrower from fraud or abusive practices;
• making any false statement or omitting a material fact in connection with any information or report filed with a governmental agency or in connection with any investigation conducted by the Kentucky Commissioner of Financial Institutions (Commissioner) or any other governmental agency;
• if the student education loan servicer is required to report, or voluntarily reports, to a consumer reporting agency, failing to accurately report each borrower’s payment performance to a least one consumer reporting agency upon acceptance as a data furnisher by that consumer reporting agency; or
• failing to respond timely to correspondence from the borrower, the Commissioner, or any borrower complaints submitted to the servicer by the Commissioner.

Student education loan servicers also may not impede the Commissioner from interviewing the servicer’s employees or customers and must make available and grant the Commissioner access to records and other relevant property. Among other things, the law also contains requirements related to recordkeeping and filing reports with the Commissioner.

In addition, as noted above, the substantive provisions under the law apply also to entities that are exempt from licensure.

Violations and Penalties

The Commissioner may issue a written order to deny, suspend, or revoke a license issued under the Kentucky Act if the Commissioner finds a violation has occurred. In addition to any other remedies or penalties, the Commissioner may also impose a civil penalty for repeat violations or a pattern or practice that results in a violation. A civil penalty will be at least $1,000 and may be up to $25,000 per violation per day the violation is outstanding. There is no private right of action under the law.

Virginia Amendment to Qualified Education Loan Servicer Law (SB 496/HB 203)

Virginia has also recently amended its law governing student loan servicers. SB 496, signed into law on April 11, 2022, makes definitional changes to the Virginia law governing qualified education loan servicers. The law will become effective on July 1, 2022. The amendments narrow the scope of the law by replacing the term “or” with “and” when used in the definitions of “qualified education loan servicer” and “servicing,” which are used to determine whether an entity is subject to the law. This change means that a person must meet all of the listed requirements to be considered a servicer subject to the law, rather than just one of the listed requirements. The amended statute changes the definition of “servicing” as shown below, and it makes a very similar change to the definition of “qualified education loan servicer.” The only change is from the “or” to the “and” as shown below:

“Servicing” means:

(1) (i) Receiving any scheduled periodic payments from a qualified education loan borrower or notification of such payments or (ii) applying the payments of principal and interest and such other payments, with respect to the amounts received from a qualified education loan borrower, as may be required pursuant to the terms of a qualified education loan;

(2) During a period when no payment is required on a qualified education loan, (i) maintaining account records for the loan and (ii) communicating with the qualified education loan borrower regarding the qualified education loan, on behalf of the qualified education loan’s holder; or and

(3) Interacting with a qualified education loan borrower, including conducting activities to help prevent default on obligations arising from qualified education loans or to facilitate any activity described in clause (i) or (ii) of subdivision 1.

Because of this minor change, an entity must now engage in all activities listed above to be subject to the license requirement. Under the way the definition was structured previously, an entity would be subject to the license requirement for simply interacting with a borrower, even if the entity did not receive payments or maintain account records or other activities on behalf of the loan holder. Because of the narrowed scope of the Virginia law, it is possible that some licensed student loan servicers may now reasonably consider whether they can surrender their Virginia licenses.

After a hiatus of almost two years, the Canadian Government has finally recommenced its long-awaited overhaul of existing federal private sector privacy legislation. On June 16, 2022, Bill C-27, An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts known as the Digital Charter Implementation Act, 2022 (“Bill C-27”) received its first reading in Parliament. The Artificial Intelligence and Data Act is not covered in this article and will be summarized separately.

Similar to its predecessor privacy reform bill, Bill C-11,^[1] Bill C-27 introduces bold new measures into Canada’s privacy law that will significantly impact Canadian businesses: Canadian businesses will be required to invest in the protection of personal information or face heavy administrative monetary penalties for non-compliance. Furthermore, these measures bring Canadian privacy law it into closer alignment with the European Union’s (the “EU”) General Data Protection Regulation (the “GDPR”), and Québec’s privacy reforms introduced by the recently enacted Bill 64. Closer alignment with the GDPR and Bill 64 will assist Canada in maintaining its adequacy status under the GDPR and being considered a substantially similar jurisdiction under Bill 64, respectively. This allows for Canadian businesses to transfer personal information from the EU and Québec to Canada and provinces outside of Québec without additional data protection safeguards. The following are highlights from Bill C-27. Those who are familiar with Bill C-11 will note that Bill C-27 reintroduces many of the same concepts that were first introduced by Bill C-11.

New Enforcement Powers and Financial Punishments for Contraventions to the Act

The Consumer Privacy Protection Act (“CPPA”), which will repeal Part 1 of Canada’s existing federal private sector privacy act, the Personal Information Protection and Electronic Documents Act, now expands the enforcement powers of the federal Privacy Commissioner of Canada (the “Commissioner”). Following investigation and inquiry into a contravention of the CPPA, the Commissioner can issue orders to organizations to ensure that organizations comply with the CPPA.^[2] Contravening a compliance order is an offense subject to financial punishment as set out below.^[3]

The Commissioner can also recommend to the newly established Personal Information and Data Protection Tribunal (the “Tribunal”) that it should impose financial penalties if an organization has contravened the CPPA.^[4] The Tribunal presides over hearings related to financial penalties recommended by the Commissioner and non-penalty-related appeals.^[5] The Tribunal can impose administrative monetary penalties for contraventions of the CPPA up to the greater of $10,000,000 or 3% of the organization’s gross global revenue in its financial year before the one in which the penalty is imposed.^[6]

Moreover, the CPPA introduces new offenses with even higher financial punishments. These offenses include:

• if an organization fails to report to the Commissioner any breach of security safeguards involving personal information under its control where the breach may result in a reasonable risk of significant harm to an individual,^[7]
• if an organization fails to keep and maintain a record of every breach of security safeguards involving personal information,^[8]
• if an organization attempts to re-identify individuals using de-identified information not in accordance with the prescribed exceptions,^[9] and
• if an organization disposes of personal information after an individual has requested access to it and the individual has not exhausted the individual’s recourse under the CPPA.^[10]

Any organization that is found guilty of any of the offenses listed above can face a fine up to the greater of $25,000,000 or 5% of the organization’s gross global revenue in its financial year before the one in which the organization is sentenced for indictable offenses, or $20,000,000 or 4% for summary convictions, respectively.^[11]

Private Right of Action

The CPPA establishes a new private right of action for individuals who are affected by an act or omission by an organization that constitutes a contravention of the CPPA. The private right of action allows these individuals to sue the organization for damages for loss or injury that the individual has suffered as a result of the organization’s contravention of the CPPA. To commence this action, the Office of the Privacy Commissioner and the Tribunal must have made findings that the organization has contravened the CPPA, and the finding must not have been appealed to the Tribunal or the Tribunal must have denied the appeal.^[12]

Codification of the 10 Privacy Principles and New Requirements

The CPPA codifies the Ten Fair Information Principles of the Personal Information Protection and Electronic Documents Act (“PIPEDA”) into law^[13] and introduces new requirements on organizations.

Privacy Programs

Every organization must implement and maintain a privacy management program, which, among other requirements, must be attuned to the volume and sensitivity of the personal information being collected, used, and stored.^[14] These programs are reviewable by the Commissioner on request, who may provide guidance and recommend corrective measures to the organization.^[15]

Anonymous and De-identified Information

Bill C-27 contains a revised definition of de-identified information and has added a definition of “anonymise” to distinguish between the two forms of information. “Anonymise” means to irreversibly and permanently modify personal information, in accordance with generally accepted best practices, to ensure that no individual can be identified indirectly or directly from the information by any means. By contrast, “de-identify” means to modify personal information so that an individual cannot be directly identified from it, though a risk of the individual being identified remains. Anonymous information is not personal information;^[16] indeed, to anonymise personal information amounts to its disposal.^[17] De-identified information is always personal information except with respect to certain provisions.^[18]

Consent

Drawing on the Commissioner’s previously published “Guidelines for obtaining meaningful consent,” the CPPA explicitly prescribes how organizations acquire valid consent. In most cases, an organization must obtain express consent from an individual and disclose the following information:

• the purposes for the collection, use, or disclosure of personal information determined by the organization,
• the way in which the personal information is to be collected, used, or disclosed,
• reasonable foreseeable consequences of the collection, use, or disclosure of personal information when obtaining consent from an individual,
• the specific type of personal information that is to be collected, used, and disclosed, and
• the names or types of third parties to which the organization may disclose personal information when obtaining consent from an individual.^[19]

This information must be written in plain language that an individual to whom the organization’s activities are directed would reasonably be expected to understand.^[20]

Bill C-27 states that the personal information of minors would be considered to be sensitive personal information.^[21] Consequently, according to the previous guidance of the Commissioner, organizations would require express consent to collect, use, and disclose personal information of minors.

Additionally, Bill C-27 allows for organizations to collect and use personal information without knowledge and consent of individuals if the collection and use are made for a business activity in which the organization has a legitimate interest that outweighs the potential adverse effect on the individual resulting from that collection or use.^[22] This new exception is subject to a reasonableness test. Organizations wishing to avail themselves of this new exception must perform assessments of how the business activity would adversely impact the individual,^[23] document those assessments,^[24] and disclose descriptions of these business activities to individuals publicly.^[25]

Automated Decision Systems

The Bill also specifically references an organization’s privacy obligations around automated decision systems—any technology that assists or replaces the judgment of human decision- makers through the use of a rules-based system, regression analysis, predictive analytics, machine learning, deep learning, a neural network, or other techniques. Organizations that use personal information to inform their automated decision systems to make predictions about individuals are required to:

• deliver a general account of the organization’s use of any automated decision system to make predictions, recommendations, or decisions about individuals that could have significant impacts on them,^[26] and
• retain the personal information related to the decisions for sufficient period of time to permit the individual to make a request for access^[27] (as described below).

Security Safeguards and Breaches of Security Safeguards

Bill C-27 has expanded the scope of security safeguards to include reasonable measures to authenticate the identity of the individual to whom the personal information relates. Furthermore, the Bill confirms that organizations must protect personal information through physical, organizational, and technological security safeguards. The level of protection provided by those safeguards must be proportionate to the sensitivity of the information. In addition to the sensitivity of the information, the organization must, in establishing its security safeguards, take into account the quantity, distribution, format, and method of storage of the information. The security safeguards must protect personal information against, among other things, loss, theft and unauthorized access, disclosure, copying, use, and modification, and must include reasonable measures to authenticate the identity of the individual to whom the personal information relates.

Service Providers

Under the CCPA, organizations have control over personal information even when a service provider collects, uses, and discloses the personal information on the organization’s behalf.^[28] The new Bill C-27 requires organizations to ensure, by contract or otherwise, that the service provider provides an “equivalent” level of protection, rather than “substantially similar” protection, the baseline protection used under Bill C-11.^[29] The change from “equivalent” to “substantially similar” seems to suggest that Bill C-27 is endeavoring to impose a stronger or less flexible standard on organizations that use service providers.

“Service provider” is now broadly defined under the Bill as an organization, including a parent corporation, subsidiary, affiliate, contractor, or subcontractor, that provides services for or on behalf of another organization to assist the organization in fulfilling its purposes.

In addition, service providers now have an obligation to maintain adequate security safeguards to protect personal information and inform the organization that controls the personal information of any breach of the service provider’s security safeguards as soon as feasible.^[30] If a service provider violates the latter, the Tribunal may impose an administrative monetary penalty as described above.^[31]

Codes of Practice and Certification Programs

The CPPA allows the Commissioner to approve and certify codes of practice and certification programs designed by non-governmental entities. These codes and certifications must offer the same or substantially the same or greater protection of personal information as under the CPPA. However, the organizations that comply with these codes of practice or certification programs must still meet their obligations under the CPPA.^[32]

New Rights for Individuals

In addition to codifying the information rights for individuals discussed in the PIPEDA’s Fair Information Principles,^[33] CPPA establishes three new rights for individuals regarding their personal information: 

• Data mobility rights: Individuals can request an organization directly transfer their personal information from one organization to another (subject to both organizations being part of a data portability framework).^[34]
• Transparency and explanation rights: Individuals can request an explanation from organizations that use automated decision systems using the individual’s personal information to make a prediction, recommendation, or decision about the individual that could have a significant impact on the individual.^[35]
• Disposal rights: Individuals can request an organization dispose of their personal information in specific circumstances.^[36] Under the proposed Act, “dispose” means the organization will be responsible for permanently and irreversibly deleting the personal information or to anonymize it, as defined under the Act.

However, these rights do not extend to de-identified information derived from an individual’s personal information.^[37]

Next Steps

While this is only the first reading of Bill C-27, we anticipate the second reading will happen shortly, and debates and committee will follow, which may result in additional changes to the draft Bill.

1. An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts also known as the Digital Charter Implementation Act, 2020. ↑

2. CPPA, s. 93(2). ↑

3. CPPA, s.128. ↑

4. CPPA, s.94(1). ↑

5. The Personal Information and Data Protection Tribunal Act (“PIDPTA”). See PIDPTA, s. 5. ↑

6. CPPA, s. 95(4). ↑

7. CPPA, s. 58(1) and 128. ↑

8. CPPA, s. 60(1) and 128. ↑

9. CPPA, s. 75 and 128. ↑

10. CPPA, s. 69 and 128. ↑

11. CPPA, s.128. ↑

12. CPPA, s. 107. ↑

13. The Ten Fair Information Principles are as follows: Accountability; Identifying Purposes; Consent; Limiting Collection; Limiting Use, Disclosure and Retention; Accuracy; Safeguards; Openness; Individual Access; and Challenging Compliance. ↑

14. CPPA, s. 9. ↑

15. CPPA, s.10. ↑

16. CPPA, s.6(5). ↑

17. CPPA, s.2(1). ↑

18. CPPA, s.2(3). ↑

19. CPPA, s.15(3). ↑

20. CPPA, s. 15(4). ↑

21. CPPA, s.2(2). ↑

22. CPPA, s.18(3). ↑

23. CPPA, s. 18(4). ↑

24. CPPA, s.18(5). ↑

25. CPPA, s.62(2)(b). ↑

26. CPPA, s. 62(2)(c). ↑

27. CPPA, s.54. ↑

28. CPPA, s. 7(2). ↑

29. CPPA, s.11(1). ↑

30. CPPA, s. 57(1) and 61. ↑

31. CPPA, s. 94(m). ↑

32. CPPA, s. 76-81. ↑

33. The right to withdraw consent from a provider to collect, use, and disclose their personal information, and to access and correct their personal information. ↑

34. CPPA, s. 72. ↑

35. CPPA, s. 63(3). Bill C-27 limits this right to decisions that could have a significant impact on the individual. Moreover, organizations no longer need to account for how the prediction, recommendation, or decision was arrived at but instead must only explain the reasons or principal factors that led to the prediction, recommendation, or decision. ↑

36. CPPA, s. 55(1). Bill C-27 narrows this right to three specific circumstances: (i) the information that was collected, used, or disclosed in contravention of the CPPA; (ii) the individual has withdrawn consent in whole or in part to the collection, use, or disclosure of their personal information; or (iii) the information is no longer necessary for the continued provision of a product or service requested by the individual. Bill C-27 also expands the exceptions contained in Bill C-11 for organizations to deny disposal requests. ↑

37. CPPA, s. 2(3). ↑

Lisa R. Lifshitz, Roland Hung, Cameron McMaster

The Mendes Hershman Student Writing Contest is a highly regarded legal writing competition that encourages and rewards law students for their outstanding writing on business law topics. Papers are judged on research and analysis, choice of topic, writing style, originality, and contribution to the literature available on the topic. The distinguished former Business Law Section Chair Mendes Hershman (1974–1975) lends his name to this legacy. Read the abstract of this year’s third-place winner, Matthew Shalna of University of Miami School of Law, Class of 2023, below. 

Religious employees in the workplace are under-protected by Title VII. In 1977, the Supreme Court of the United States in Trans World Airlines v. Hardison established the standard for what constitutes the “reasonable accommodation” of an employee’s religious beliefs. Specifically, the Supreme Court established that, if the carrying out of a request for a religious accommodation would impose more than a de minimis burden on employers, that accommodation imposes an undue hardship and is therefore not reasonable. Consequently, this created an incredibly employer-friendly standard for religious discrimination claims.

With a recent influx of religious exemption requests regarding the COVID-19 vaccine, the reasonable accommodation standard is back in the spotlight. Additionally, multiple Supreme Court Justices—particularly, Justice Alito, Justice Thomas, and Justice Gorsuch—have expressed interest in replacing the “de minimis” standard with something that provides greater protection for religious interests. This creates an interesting prospect in employment discrimination: will the Court revisit the de minimis standard it attached to religious reasonable accommodation and expand religious protections for employees? And if so, is COVID-19 vaccine litigation the proper vehicle with which to revisit the standard?

This Note explores whether the de minimis standard is likely to change in the near future, and if so, what a new standard should like. Particularly, this Note uses religious challenges to recent workplace COVID-19 vaccine mandates as a means to evaluate the current strength of the de minimis standard. Ultimately, this Note argues that the de minimis standard needs to be altered, specifically in a manner that (1) requires that reasonableness be analyzed from the employee’s, not the employer’s, perspective, and (2) replaces the de minimis standard with one that requires employers to bear a greater cost to avoid liability. This Note further concludes, however, that although de minimis needs to be replaced, COVID-19 vaccine litigation is not the proper vehicle for such a change.

Arbitration clauses are very common. So are disputes about whether a dispute has to be arbitrated or instead can be heard in court. The Supreme Court has been dealing with the “arbitra­tion versus litigation” issue repeatedly over the last few years. A lot of recent Supreme Court case law is heavily pro-arbitration. Case law stresses that an agreement to arbitrate has to be enforced to at least the same extent as any other agreement—after all, a deal is a deal, so if the parties agreed to arbitrate, they should be required to arbitrate. But it’s clear that even that pro-arbitration tendency has its limits. A court can’t simply make up new rules, even if the new rule favors arbitration.

The Supreme Court decided Morgan v. Sundance, Inc. on May 23, 2022. Robyn Morgan had been an employee at one of the Taco Bell franchises Sundance owns. She commenced a collective action (similar to a class action) against Sundance in federal court, claiming that Sundance violated the Fair Labor Standards Act. She alleged that because Sundance did not want to pay overtime to employees working more than forty hours a week, it recor­ded the hours employees worked in the wrong week.

At first, Sundance did not argue the case should be arbitrated. Instead, it moved to dismiss the collective action. After the court denied the motion to dismiss, Sundance answered the complaint and asserted fourteen defenses—though it did not raise arbitration as a defense. Sundance then participated in a mediation that ultimately did not succeed in resolving the dispute with Morgan.

After the mediation failed—eight months into the case—Sundance decided it wanted to ar­bitrate after all, and asked the court to refer the dispute to arbitration. That request set the stage for the issue before the Supreme Court. At what point does someone who participates in a litigation lose the right to demand arbitration? Most lower courts held that a party who participates in litigation without moving to arbitrate has waived its right only if the failure to seek arbitration earlier somehow prejudices the other side. The general rule is that a party can waive a right simply by relinquishing or abandoning it. It is not necessary that anyone else be affected. But under this majority rule, arbitration is different: a party can waive arbitration by participating in court proceedings only if that participation prejudiced the opponent. The justification for this special rule was the federal policy favoring arbitration. To effectuate that policy, anything that promotes arbitration is a good thing, so these courts imposed a prejudice rule on top of the normal waiver rules.

Morgan insisted that Sundance had waived its right to arbitrate by participating in litigation for eight months. Sundance for its part insisted that it did not matter: Morgan was not prejudiced by whatever Sundance had done in court, so there could not have been a waiver.

The Supreme Court decided unanimously that waiver is the same for arbitration as it is for any other right: it can be waived whether or not someone else is prejudiced. So just as a person can waive any other right simply by relinquishing it knowingly, a litigant can waive the right to arbitrate just by relinquishing it knowingly. Federal policy does favor arbitration, but that does not mean courts can create additional requirements, such as a showing of prejudice. Therefore, Morgan would be able upon remand to argue that Sundance had waived its right to arbitrate, even though Morgan had not suffered any prejudice due to Sundance’s eight months in court.

Did Sundance in fact waive its right to arbitrate by filing an answer and going to media­tion? The Supreme Court did not rule on that issue. It referred the issue back to the lower court, noting that in the lower court, “the waiver inquiry would focus on Sundance’s conduct,” but not on any prejudice to Morgan.

The upshot is that agreements to arbitrate have to be treated just like other agreements—no worse, certainly, but no better, either. If they are valid they must be enforced, but if one side waives its rights, it can no longer seek to enforce the agreement—precisely the same as with any other contract.