CYBER SECURITY BREACH COULD CREATE ISSUES FOR MASS TORT FIRMS

Foreword: This content should not be considered legal advice. As a general rule, the Plaintiffs Bar represents individuals who have been subjected to unauthorized exposure of their personal information; however, recent reporting related to a marketing vendor, XSOCIAL MEDIA, engaged by Plaintiffs Firms brought our attention to the very real possibility that Plaintiffs Firms could easily find themselves as defendants in matters arising form cyber security breaches, even in situations in which the firm was not in direct control over the server or other computer system that was breached. We would encourage firms to engage in independent research related to the regulatory and statutory topics covered and welcome any information, including differing opinions, on the substantive matters covered herein.

The most important takeaway from our research on this topic can easily be summed up by the following statement:

If a cyber security breach occurs within systems controlled by your firm, or a vendor engaged by your firm, which could have POTENTIALLY exposed client or potential client personal data, do not stick your head in the sand and hope the issue goes away. The most significant negative consequences that may occur after such a breach arise from failing to act transparently, not necessarily from the fact that the breach occurred. If your systems are breached, or your vendors’ systems are breached, you and/or your vendor are the victim of a crime. Additionally, any client or potential client who was subjected to having the personal data exposed, is a victim of that same crime and has a legal right to know they have been victimized or potentially been victimized by a third party, just as you were. Notifying your clients places them in a position to be on alert and mitigate any damage that may occur because of the exposure. Failing to notify your clients effectively makes you a party to the same bad acts that were perpetrated against you.

ALARMING REPORTS OF MARKETING VENDOR SECURITY BREACH

Alarming reporting regarding an alleged data security breach at XSOCIAL MEDIA, a major provider of marketing services to Mass Tort Law firms, draws our attention to potential liability and other exposure Plaintiff Law Firms could face in the ever-changing digital age.

The reporting related to XSOCIAL MEDIA (see examples below) caused our researchers to pose and research the following question:

Could a Law Firm face liability or disciplinary exposure from the third-party vendor and marketing agency data breach?

Our research resulted in some surprising implications and conclusions. The most important conclusion reached was that every Plaintiff Firm should not only review the cybersecurity practices within their own firm, every firm should also be diligent in remaining aware of cyber security issues related to any marketing vendor the firm engages. Secondly, in the event that a breach does occur resulting in the POSSIBLE exposure of client’s private information, review and comply with State and Federal Statutes which require notifying the effected persons and, in some states, notifying the State Attorney General.

WHO IS XSOCIAL MEDIA?

According to the company’s website, XSOCIAL MEDIA engages in the business of:

“Finding clients via Facebook advertising is what we do on a big scale.”

WHICH LAW FIRMS ENGAGE OR ENGAGED XSOCIAL MEDIA?

Among the testimonials found on the homepage of the XSOCIAL MEDIA homepage we found the following:

“Jacob and his team have been helping us on various projects for several years now and his performance has always been great”. Robert Blanch, Levin Papantonio

“Jacob has done, and continues to do, an amazing job for our law firm. He is incredible to work with.”
Martin Levin, Levin Papantonio

Given the high profile of the Levin Papantonio firm, as well as the firm’s companion organization, Mass Torts Made Perfect, we would have no reason to believe that this firm would labor under any belief that its actions could ever “fly under the radar.” Consequently, we have no reason to believe that this firm would ever knowingly engage actions that might result in unwanted attention from State Attorney Generals and other enforcement agencies. The same is true of other firms and attorneys known to us for whom testimonials appear on XSOCIAL MEDIA’s homepage.

Unfortunately, if the reporting relevant to the XSOCIAL MEDIA security breach (see below) is accurate, law firms that have employed the services of the agency may face requirements and duties to notify “effected clients” despite the fact that the “breach” did not occur into a server owned nor directly controlled by these firms.

REPORING ON XSOCIAL MEDIA ALLEGED SECURITY BREACH

Report: Medical Data Leaked for Hundreds of Thousands of Users (including US Veterans)

xSocialMedia’s unsecured database exposed 150,000 sensitive medical records.

Ad agency data leak leaves veteran combat-injury information vulnerable.

xSocial Media Exposed 150,000 Records Containing Personal And Medical Information.

xSocialMedia’s unsecured database exposed 150,000 sensitive medical records.

Hundreds of thousands of medical records exposed in two data breaches media advertising agency exposes patients’ medical info.

Online media advertising agency exposes patient’s medical info.

POTENTIAL LAW FIRM LIABLITY AND OTHER EXPOSURE ARISING FROM A THIRD PARTY VENDOR CYBER SECURITY BREACH

Without opining on or drawing factual conclusions as to the accuracy of the above reporting, our staff engaged in research relevant to four major areas of concern based on an “if such a breach did occur” basis.

The first area of concern our researchers addressed was, of course, HIPAA. Surprisingly, our research led to the conclusion that “HIPAA” violations might pose the least potential exposure (if any) for law firms under the scenario considered. We have listed our four primary “areas of concern” below in reverse order of “degree of concern.” The listing will be followed up by our tentative findings and conclusions in the reverse (area of most concern first).

HIPAA VIOLATIONS: (unlikely to expose the law firm to liability) CAVEAT: The plain language of the HIGHTECH act would not appear to have expanded the “covered entity” limitations of HIPAA in a manner that would be apt to our present subject; however, certain ambiguities in the HITECH Act could be construed to have created such an expansion.

LIALIBTY ARISING FROM VENDOR CYBER SECURITY BREACH: (dependent on the existence of an agency relationship)

RULES OF PROFESSIONAL CONDUCT: Law Firm exposure (Bar action) arising from the vendor breach is improbable; however, failing to notify plaintiffs of the breach, could be significantly problematic.

FEDERAL and STATE CYBER SECUIRTY BREACH NOTIFICATION REQUIREMENTS: (Significant potential exposure, especially arising from the various State laws, less under Federal Law).

POTENTIAL LIABLITY AND OTHER EXPOSURE ARISING FROM NOTIFICATION REQUIREMENTS

Section Foreword: One of the most important and potentially easily overlooked language in the various States Cyber Security Breach Notification laws, arises from the fact that the notification is triggered on the POTENTIAL exposure of individuals’ private information. It is also worth noting that numerous states, in addition to requiring notification be sent to effected persons, certain Government authorities must also be notified in detail. Below are two examples:

In Florida, the following authorities must be formally notified:

Department of Legal Affairs, (State Attorney General) as well as file a police report.

In New York, the following authorities must be formally notified:

NYS Attorney General, NYS Division of State Police; and the Department of State’s Division of Consumer Protection.

Although there are a number of Federal Statutes that address Cyber Security Breaches and notification requirements relevant to individuals from whom personal data was POTENTIALLY exposed, our research found that the laws of the various States apt to the subject could potentially be far more problematic than Federal Law. The foregoing arguably imposes a “best practice” on Mass Tort firms, that accept clients from numerous states, to become familiar with the cyber security breach and notification laws of every state, before or certainly upon the occurrence of any event which might cause issues for a firm in “real time.”

The National Conference of State Legislatures Publishes a 50 State Security Breach Notification Laws “compendium” which can be viewed at this link.

The Law Firm of PERKINSCOIE also publishes a similar 50 State Compendium which may be more up to date, which can be viewed at this link.

It should be noted that the various states are routinely amending the laws referenced in the “compendium”; therefore, if you believe your firm has potential exposure under any of these laws, firms may wish to check each state’s most recent statutes, for which you represent clients.

Notes:

  1. When reviewing the various States Cyber Security Breach Notification laws, keep in mind that the attorney client relationship as a rule places the attorney in the role of a fiduciary. Certain states may impose greater duties relevant to circumstances in which a fiduciary relationship exists.
  2. Without regard to whether a given state law imposes a requirement, that same States Bar rules and most recent opinions relevant to Cyber Security may pose such a requirement apt to attorneys.

 

It was not my law firm’s server that was breached, how could I be responsible for notifying anyone of the breach?

The foregoing is a logical question and one might think that the duty to notify individuals who were subject to having their personal information “exposed” would fall solely on the entity that controlled the server that was breached. Think again!

Our take, after reviewing every State’s Cyber Security Breach notification law concluded in general is as follows:

Any entity or individual who received and electronically or otherwise stored the “breached data” has an individual and unique duty to provide notice to everyone for whom personal data was or was potentially exposed.

There does appear to be exceptions (generally) to the above:

  1. If the entity that controlled the server, notified the “exposed individuals” provides proper notice per the various Federal and State Laws, other third party lawful and legitimate recipients of the data are not required to “double notify” the exposed individuals. Caveat: The foregoing should not be taken to mean a given States Bar rules might none the less require the law firm to provide notice without regard to any other notice provided by a third party.
  2. In general, the State Laws provide some “safe harbor” for recipient entities (such as law firms who received client personal data from vendors) who did not know nor should have reasonable been aware of the breach. Caveat: If the reporting related to XSOCIAL MEDIA is accurate, these safe harbor protections might not be available. Given the breadth of reporting on the matter, it would be difficult for a firm to claim that could not have been reasonable expected to be aware of the alleged breach.

Caveat: Check each state’s laws (by client’s residence) to determine what, if any, “safe harbors” exist in that state.

 

STATE RULES OF PROFESSIONAL CONDUCT

Note: When accessing your firms notification obligations under the “notification laws” of the various states, it appears that you must apply the law of the residence state of each client who may have been subject to exposure of their personal information. You may also need to file a report with authorities in any state in which you occupy a premises, or are directly subject to that state’s Rules of Professional Conduct, even if the breach did not expose a single (resident) individual’s personal data in that state.

When accessing the various States Bar Rules, it is less clear as to whether an attorney need only concern themselves with the states in which they are barred vs states in which clients may reside, but in which the given attorney is not barred.

Given the increasing frequency of cyber security breach occurrences, almost every State Bar has opined on a lawyer’s obligations after a cyber security breach, without regard to whether the attorney or law firm controlled the breached server, or the server was controlled by a third party service vendor (i.e. marketing vendor). In general, the ABA has opined on attorneys’ obligations related to exposure of client data arising from a cyber security breach (without regard to fault for or cause of the breach.)

Quotes from the ABA:

ABA Model Rule 1.6(c) requires that “[a] lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

Rule 1.4 does require that notice of a breach to a current client include, at a minimum: That there has been unauthorized access to or disclosure of the client’s information. That unauthorized access or disclosure is reasonably suspected of having occurred.

Even a given state’s (by client residence) “notification” laws might not require the law firm to notify plaintiffs (only requiring the entity that controlled the server to provide notice) the ABA has opined in general as follows:

The committee’s opinion reviews lawyers’ duties: of competence under Rule 1.1, as informed by Rules 5.1 and 5.3; of confidentiality under Rule 1.6; to inform clients under Rule 1.4; and to safeguard client property under Rule 1.15. The committee also notes that an attorney’s ethical obligations under the Model Rules are distinct from statutory obligations imposed by state or federal laws.

The committee points to the ABA Cybersecurity Handbook the ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals, Second Edition.

Takeaway: If your firm’s client’s personal information has potentially been exposed, without regard to “State and Federal Cyber Security Law”, it is probable that your State Bar Rules would require you to notify any potentially effected client. This requirement would appear to apply without regard to whether the exposure occurred because of a breach of a server controlled by a law firm or a third-party vendor (e.g. a marketing vendor). More simply stated, if the person is your client and you know or should know their personal information has been exposed via a cyber security breach, you are most likely obligated to let the client know.

HIPAA VIOLATIONS AND NOTFICATION REQUIREMENTS

45 CFR §§ 164.400-414 The HIPAA Breach Notification Rule, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act.

HIPAA  provides The Department of Health and Human Services to enforce the provisions of the act against “covered entities.”  The definition of “covered entities” under HIPAA is extremely limited, only including health care providers, their agents and other narrowly defined entities which would neither include law firm marketing vendors nor law firms.

It is not however, clear whether the HITECH Act, expanded the definition of “covered entities” beyond the original definition found in HIPAA.

https://www.govinfo.gov/content/pkg/CFR-2011-title45-vol1/pdf/CFR-2011-title45-vol1-part164-subpartD.pdf

https://www.govinfo.gov/content/pkg/CFR-2011-title45-vol1/pdf/CFR-2011-title45-vol1-part164-subpartD.pdf

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/coveredentities/hitechact.pdf

 

OTHER POSSIBLE LIABILITY ARISING FROM A CYBER SECUIRITY BREACH

Could a law firm be held liable (under general negligence theories or statute) for allowing or failing to prevent a cyber security breach of a third-party marketing vendors (or other vendor) computer systems?

The tentative answer to the foregoing seems to turn on the nature of the relationship between the law firm and the third-party marketing or other vendor:

  1. If an agency relationship exists between the law firm in which the law firm is the principal, it is possible that the law firm could be held liable for the breach, despite the fact that the law firm had no direct control over the servers or other computer systems that were breached.Example: If a law firm hires an ad agency or other marketing firm, to run advertising or engage in lead generation specifically for that firm, then an agency relationship might exist in which the law firm is the principal and is therefore liable for the agents’ (the vendors’) negligence.
  2. Conversely, if a law firm simply buys leads from a third party marketing vendor, without “hiring” that vendor to perform any specific task intended to result in the manifestation of those leads, it is less likely that an agency relationship would be created.

Note: The relevant jurisprudence related to the existence of “vicarious liability” imposed upon principles arising from acts of their agents is complex. Deception of the principal by the agent, relevant to the matter at Bar, can provide a defense for the principal. Generally, this defense requires that deception be express (the agent actively mislead the principal). Unfortunately, the fiduciary nature of the attorney client relationship further complicates this analysis.

It would seem manifestly unjust for a law firm to be held liable for a data breach, under circumstances in which the law firm had no means by which to ensure the third party vendor exercised adequate “cyber security measures”, none the less, the jurisprudence relevant to agency relationships not only fails to exclude the possibility of such an injustice but instead creates a backdrop in which such a scenario could occur.

Read More

Roundup Settlement – Dear Bayer, the number is $22 Billion

Preface: Bayer is a German Company. Bayer stock is traded on the Frankfurt Stock Exchange on the XETRA Trading Platform. Bayer is one of the 30 Stocks currently included in the DAX Index, which is the German equivalent of the Dow Index.

A Level 1 American Depository Receipt (ADR) is traded on the OTC Market in the U.S. under the ticker BAYRY. Level 1 ADRs are essentially unregulated derivatives of foreign stocks held by a U.S. bank and traded in U.S. markets.

We include the above due to the significant number of references made in this article to Bayer stock. When we reference Bayer stock, we are referencing the actual stock traded in Germany, not the ADR traded in the U.S. Also, as a research hint, if you want to track Bayer stock, Google “Bayer Stock XETRA.” If you just Google Bayer Stock from the U.S., you will get the ADR charts and graphs, not the actual Bayer Stock current information.

The Roundup Settlement is Dead – Long Live the Roundup Settlement

This article covers what appears to be the demise of the Roundup settlement first announced in June of 2020, as well as what steps Bayer needs to take immediately to put a new settlement on the table that will calm the market, satisfy plaintiffs and allow the company to get back to the running of an otherwise profitable and enterprise. We also cover why Bayer should take the steps we discuss from a business perspective.

Bayer’s hope of capping future liability arising from Roundup cancer cases, without taking any measures to prevent future injuries (adding warnings and instructions to the label) were dashed by 27 words in Judge Vince Chhabra’s order handed down on July 6, 2020, in response to a proposed Class Action that could have served to cap Bayer’s future liability. These words appear on page 3 paragraph 1.

“before receiving opposition briefs, the Court is skeptical of the propriety and fairness of the proposed settlement and is tentatively inclined to deny the motion.”

If the possibility of the viability of the proposed Class Action was not foreclosed on by the above Statements, it would appear that the conference held by Judge Chhabra on 07/24/2020 put the final nail in the coffin.

“If I leave the stay in place, am I complicit in whatever shenanigans are taking place on the Bayer side,” the judge was quoted as saying by Bloomberg news. “We’ve got a bunch of cases we could send out to other jurisdictions.” (end quote). In other words, remand for trail.

Sara Randazzo of the Wall Street Journal filed a report on Aug. 27, 2020 which included the following quote:

Deals with some of the lead plaintiffs’ lawyers, Aimee Wagstaff and Jennifer Moore, still haven’t been signed by Bayer, the lawyers told a judge at a Thursday hearing. Another agreement to resolve a large batch of cases was terminated altogether earlier this month, plaintiffs’ lawyer Brent Wisner said.

It is not surprising that Bayer appears to be backing away from deals it has already made with various law firms. The following explains why Bayer may not be in a position to go through with “deals” made on a piece meal firm by firm basis at this time.

Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), the German equivalent of the U.S. SEC imposes Market Abuse Regulation (MAR) and transparency requirements (including disclosure time frame requirements,) which make it difficult for Bayer to consummate any settlement reached with any firm (piecemeal), post the failure of the Class Action, which would have served to cap future liability. The announcement made by Bayer on Wednesday – June 24, 2020 contained these words.

“The company will make a payment of $8.8 billion to $9.6 billion to resolve the current Roundup™ litigation, including an allowance expected to cover unresolved claims, and $1.25 billion to support a separate class agreement to address potential future litigation.”

With the collapse of the “$1.25 billion to portion for the the separate class agreement to address potential future litigation.”  In the statement made by Bayer in June, Bafin regulations make it difficult if not impossible for Bayer to go through with the individual firm settlements previously (tentatively) put on the table. Bayer presented the settlement to the market as a package deal (covering current and future claims) and is not free under BaFin regs to simply move forward with a portion of the “package deal” now that the “future” liability portion is no longer a reality. Bayer is arguably required to revise the June statement prior to consummating any individual firm deals or risk facing regulatory action and potential lawsuits from stockholders. Thus far, Bayer has only revealed to stockholders, to the best of our knowledge, that that the settlement has encountered “bumps” in the road.

Reuters files a report on August 27, 2020 that contained the following statement:

“It (Bayer) has indicated that settling existing cases is contingent on some form of agreement on future cases, and has proposed a scientific panel to rule on any future claimants that agree to submit to the out-of court procedure.”

The market wants to hear a definitive statement that removes the Roundup Litigation as a potentially fatal threat. The market will accept that Bayer may continue to face some liability from the Roundup Litigation going forward, major corporations always face the potential of litigation. The market simply needs to hear that the company can weather any storm they may face, not that no storm will ever occur. The market wants a “known” to the extent of what is knowable, as the market always prefers a “known” (even if it may not be completely thrilled with, over an unknown.

Plaintiffs want a fair settlement, even if the settlement amounts do not truly make plaintiffs whole, Plaintiffs do not want to be insulted with low ball offers. Telling someone that their family members life or their own suffering from cancer is only worth a pittance, is insulting.

The following would be an announcement that MTN believes the market would accept, Bayer (stock) would benefit from immediately and Plaintiffs would likely accept:

Bayer has reached a Global Settlement agreement to pay $22 Billion U.S. to resolve existing Roundup claims as well as provide a fund for future claims. $20 Billion of this amount will be used to pay existing claims while $2 Billion will be set aside for future claims.

Simultaneously, the Company will be adding cancer warnings as well as protective device and clothing instructions to the Roundup Product label. While these new warnings and instructions will not provide a definitively quantifiable cap on future claims, the changes will enable Bayer to make a colorable defense under The Restatement (Second) of Torts § 496A (Assumption of Risk) in any case in which the first use of Roundup occurred after the warnings and instructions are issued as well as any case in which a Plaintiff, who had not been diagnosed with NHL prior to the issuance of the new warnings and instructions and continued to use the product after the warnings and instructions were issued. Additionally, in the U.S., the addition of the new warnings and instructions will generally begin the accrual of the Statute of Limitations for any plaintiff who has already been diagnosed with NHL but has yet to file a claim.

Although management believes the $2 Billion set aside for future claims should be sufficient to cover any future liability, in the event the initial set aside is not sufficient, we do not believe any additional set asides that might be required will materially impact the financial viability of our company.

Management has made these decisions because we believe it is time to move forward and get back to the business of growing our otherwise profitable and financially sound company, focused on providing for the health care and agricultural needs of the world. It is time to focus on our future and the many great things we hope to achieve for the betterment of all. 

Can Bayer Actually Pay Out $22 Billion?

Not only can Bayer pay out $22 Billion (or more), it makes business sense for the company to do so, sooner rather than later.

In July 2020, Bayer extended a bond offer of 6 billion euros ($7.15 billion U.S.) to assist in paying for the settlement announced in June. Bayer offered bonds in four tranches.

The four tranches of 1.5 billion euros each were offered with maturities of 4 years, 6.5 years, 9.5 years and 12 years. The coupons on the notes are 0.375 percent p. a., 0.75 percent p. a., 1.125 percent p. a. and 1.375 percent p. a. respectively. Demand for the bonds offered exceeded 17.5 billion euros (20.86 billion U.S.) according to reports from Reuters and other financial news media.  If Bayer so desires, the company could extend the time for paying off any Roundup settlement costs, by simply making additional future bond offers. Bayer has an excellent bond rating and the market has a significant appetite for Bayer’s bond offerings. There is no business logic that could justify Bayer risking their bond rating and financial health in general, by refusing to take the steps necessary to refocus the markets attention from the Roundup litigation, to other activities of the (otherwise) financially sound business.

In addition, Bayer reported $6.172 billion Euros in cash on hand for the quarter ending December 31, 2019. (A slight increase over 2018).   In the same year end report, Bayer reported $141.409 billion euros in total assets, against a mere $41.34 billion euros in long term debt. Adding an additional 22 Billion (U.S.) or approximately 18.45 billion euros to Bayer’s existing long-term debt would bring that number $59.79 billion, leaving the company with a debt to asset ratio that should not be concerning to investors.

It is also worth noting that the PE Ratio of Bayer Stock is currently 8.95 with a Market Cap of $54.23 billion euros. Prior to the Roundup Litigation, the PE Ratio for Bayer Stock generally hovered around 20, which is the average for the “Big Pharma/Big Agra” sector. If Bayer will simply take the steps needed to refocus the market away from the Roundup litigation, the companies market cap could easily double in a short period of time, returning stockholders to a debt equity ratio historically shown to be acceptable.

If Bayer were to announce tomorrow that it was entering a private mass settlement agreement that provided $20 billion dollars for existing claims, (financed by bonds) that needed no approval for the Court and employed a third party company like Brown Greer to set up an online program for the settlement that firms could use to settle their dockets, investors would rush to buy Bayer stock before the price doubles or triples.

Because the scenario above would not require approval from the Court, the only risk Bayer would face in the settlement not consummating would be mass rejections by Plaintiffs. Using Bayer’s reported figure of 125,000 current Plaintiffs worldwide, (filed and unfiled), $20 billion U.S. (16.78 euro) would render an average individual case value of $160,000 (U.S).  Although Plaintiffs may not be happy with the number, it is doubtful that many would find the offer insulting and equally unlikely that many would reject the offer.

Take the Bankruptcy Bluff off the Table

Insolvenzordnung, (Germanys Bankruptcy Code) section 15a(1) contains a “no delay provision.” Section 15a(1) requires that a German Corporation file their insolvency petition no later than three weeks after the event leading to the insolvency. The clock arguably started ticking on this three-week period at the time any Bayer executive or their legal counsel first mentioned the possibility that the company might file bankruptcy as a settlement negotiation ploy. Even without the “threats” that have been intimated,  if the Roundup litigation had rendered Bayer insolvent per Sections 17, 18 or 19 of the German Code, the “triggering event” for the application of 15a(1) occurred far longer than three weeks prior to any future date the company might actually file an insolvency petition in Germany.

Prior to any litigation stay being issued by the German Bankruptcy Court, a Corporation must show that it is unable to meet its mature obligations to pay (illiquidity according to sec. 17 Insolvency Act) or the Corporation will most likely not be able to pay its due liabilities of the current and the next fiscal year (impending illiquidity according to sec. 18 Insolvency Act), or if the debtor is over-indebted according to sec. 19 Insolvency Act. Contingent Liabilities (such as pending lawsuits that have yet to be converted to actual debt via the Plaintiff prevailing and receiving a judgment) are not included in the “solvency” determination.

If Bayer were able to get past section 15a(1), 17, 18 and 19, and obtain a stay order from a German Bankruptcy Court (which is highly doubtful given the fact that Bayer is far from insolvent) the German stay would not automatically be recognized by U.S. Courts. After obtaining a stay in Germany, the German foreign representative, appointed by the German Court, would have to move before a U.S. Bankruptcy Court under Chapter 15 of the U.S. Bankruptcy Code, (11 U.S.C. §§ 1501) seeking recognition of the German Courts proceedings and orders.

Among the many downsides and obstacles Bayer would face if the company attempted to make good on threats of bankruptcy, despite the fact that a filing in Germany would have no immediate impact the U.S. litigation, the filing could have an immediate impact on the company’s ability to continue to exhaust resources (pay legal fees) to defend in the U.S. litigation, including but not limited to the continuation of or filing of appeals related to judgments already granted by U.S. juries.

The Bottom Line: Even if Bayer were to jump through all of the hoops required of the German Courts and U.S. Courts required to “stay” the U.S. Roundup litigation, the process could easily drag out for several years, during which time additional Roundup trials could move forward in the U.S., potentially resulting in the addition of billions of dollars in new jury awards.

WHAT HAPPENS IF BAYER DOES NOT DO THE SMART THING?

  1. Plaintiffs firms continue to market for additional Roundup clients.
  2. More jury trials potentially resulting in massive verdicts, by Plaintiff lawyers that have already acquired billions in jury verdicts for clients.
  3. President Trump does not get reelected and a Biden EPA retracts the January 30, 2020. Final Statement on Roundup (not that the statement would have much impact on current cases). Although the EPA statement is not a significant threat to current Plaintiffs, the retraction of the Statement would likely not be well received by the market. Bayer stock would most likely take another hit.Why does the January 30, 2020 EPA Final Statement pose little threat to existing plaintiffs’ cases? Because it is well settled that only those agency statements that are final have the force of law required to support an impossibility preemption defense. In addition, the SCOTUS decision in Merck Sharp & Dohme Corp. v. Albrecht, 139 S. Ct. 1668, the U.S. Supreme Court 2019, arguably forecloses on Bayer arguing that the January 30, 2020 statement could have any retroactive pre-emption effect under an implied impossibility theory.More simply stated, the only value the EPA statement could possibly provide Bayer would be in Plaintiff cases, in which exposure to Roundup occurred after the EPA final statement was issued. In addition to the above, because Roundup is not a drug nor a vaccine, Comment K of the Second Restatement 402A does not apply to the case. Whether Bayer would or would not have been preempted from adding a cancer warning would not save them from the strict liability provisions of 402A.
  4. Bayer potentially gets delisted from DAX. Lufthansa, Germany’s flagship airline was delisted from the Dax Index in June of 2020 (after enjoying a 30-year run on the DAX). Temporary lagging revenues due to the coronavirus was the reason behind Lufthansa being delisted. The delisting sent Lufthansa stock into a nosedive that it may not recover from for decades (if ever). If Bayer executives allow the company to be delisted from the DAX over a problem they could resolve with a relatively painless bond offer, they will go down in German business history as dummkopfs.
  5. If Bayer is delisted from DAX or if the Roundup Litigation continues unabated, Bayer’s bond rating could be negatively impacted. At the moment, Bayer is in a position to finance a settlement through low interest bond offers; however, if the major rating services downgrade Bayer’s bond rating over concerns related to the litigation, the opportunity to finance a settlement at low interest rates paid out over a decade or more, could vanish.
  6. Although ousting executives is more difficult under German regulations as compared to U.S. regulations, it can be done and the current executives have already seen action taken in this direction. Bayer stockholders have already entered “no confidence” votes relevant to the current slate of executives. A “no confidence” vote is one of the steps required to oust a panel of executives under German regulations.

Although a Corporate takeover is far more difficult under German regulations, MTN has been following “major stock acquisition” filings for Bayer stock for the past two years. A triad of investors, including the French Ministry of Finance, has made significant headway in acquiring the 30% stake required to “take over” the German company.

Read More

The New Arizona Rule for Alternative Business Structure Law Firms vs. Multidisciplinary Law Firms; What This Means for You!

“Multidisciplinary Law Firms” vs “Alternative Business Structure Law Firms”

If your firm is involved in Mass Tort Litigation, you are most likely aware that DC Bar Rule 5.4(b) allows for non-lawyer ownership in DC Law Firms. These types of law firms formed in accordance with DC Bar Rule 5.4(b) are generally referred to as “Multidisciplinary Law Firms”.

As of August 27th, 2020, the State of Arizona has, via an order handed down by the Arizona Supreme Court amended the States Bar Rules to allow for non-lawyer ownership in law firms. The new Arizona rules are arguably more liberal than the DC Rules and should be viewed by Plaintiffs co-counsel as an event worth celebrating. Several other States are likely to follow Arizona’s lead over the next year.

Although there are a number of differences in what is and is not permissible under DC Bar Rule 5.4(b) which allows for non-lawyer partners in Multidisciplinary Law Firms and Arizona’s newly revised rules allowing for Alternative Business Structure Law Firms, the difference most Plaintiffs’ attorneys are likely to be interested in centers around the allowance of passive investment by non-lawyers.

DC Bar Rule 5.4(b) DOES NOT allow for passive” stockholder” investment. Although a plain reading of DC Bar Rule 5.4(b) might lead one to believe that the DC rule does permit passive investment, the DC Bar has explicitly opined on numerous occasions to the contrary.

In contrast, Arizona’s newly adopted rules allowing for “Alternative Business Structures” explicitly permits Arizona firms to raise capital from passive investors under a typical “stockholder” type arrangement. Arizona’s new rules specifically state that a Law Firm may exist as a Corporate Entity (a Corporation), which is not allowed under DC’s rules. DC rules restrict law firms from forming as Corporations as well as LLCs. The DC rule allows for non-lawyer partners, not members (LLC) nor stockholders (Corporation), therefore firms established under DC rules that wish to function as an entity are limited to one of the various types of Partnership Structures allowed by the DCRA (The DC equivalent of the Secretary of State).

All State Bar Associations have enjoyed ample time to evaluate DC Bar Rule 5.4(b) and opine on the propriety of attorneys governed by their State rules fee sharing with a DC Firm, which includes non-lawyer partners. MTN research of the various “other” states’ opinions on this matter reveals no state which has opined in a manner that would place a blanket restriction on attorneys governed by their State Bar Rules from co-counseling with, as well as sharing fees with a DC Firm that includes non-lawyer partners.

Although each State Bar that has opined on this matter has worded their opinions in various and differing ways, it is fair to summarize these opinions as concluding:

“When an attorney governed by the Bar Rules of the given State enters a fee sharing agreement with a DC firm that’s members or partners consist of attorneys as well as non-attorneys, the firm governed by that specific States rules is not fee sharing with the non-lawyers in the DC firm but instead is fee sharing solely with the DC Attorney(s) named in any co-counsel/fee sharing agreement. Once the DC attorneys receive their fee share, those attorneys, as permitted by DC Bar rules may share those fees with their non-lawyer partners however, the firm governed by the Rules (other than DC rules) would not have fee shared with the non-lawyers and therefore would not be in violation of their governing bar rules.”

More simply stated, every State Bar appears to have green lighted (via official opinions) attorneys governed under their specific State’s rules fee sharing with DC Multidisciplinary firms, with various caveats and minor restrictions that stop far short of a general prohibition.

None of the various State Bars (and Courts) have yet had time to consider Arizona’s new rules allowing for “Alternative Business Structure Law Firms” and therefore have yet to opine on the propriety of attorneys governed under their State’s rules fee sharing with Arizona firms which may include non-lawyer partners as well as passive “stockholders”.

The various States Bar Opinions related to fee sharing with firms formed in DC under DC Bar Rule 5.4(b) may reasonably appear to cover fee sharing with an Arizona “Alternative Business Structure Firms” however, acting on such an assumption might present unacceptable risks. Each State Bar that has opined on the matter arising from the DC Rule has specifically referenced the DC Rule in their opinions. Until such time as the Specific State Bar any non-Arizona attorney is governed by, issues an opinion specially referencing the new Arizona Rules, it may be unwise for any firm to assume that that specific Bar will opine on the new Arizona Rule in the same manner that Bar has previously opined on the DC rule. There are simply too many differences in the respective rules (DC vs AZ) to make any assumptions based on Bar opinions specific to the DC Rule.
The most reasonable course of action for Mass Tort firms, given the fact that fee sharing among firms governed by multiple States’ Bar rules is common in the practice area, would be to form a coalition for the purpose of informing and guiding the various State Bars outside of Arizona in the formation and issuance of opinions regarding non Arizona firms fee sharing with Arizona firms that include non-lawyer stakeholders, including passive investors. Please fee free to reach out to our staff if you wish to be part of such a coalition.

MTN will remain active and informed in this new and exciting development which promises to help level the “financial” playing field between Mass Tort Plaintiff firms and Mass Tort Defense firms and defendants. As a general rule, Mass Tort defendants already finance their legal fees via funds provided by passive investors in that most Mass Tort defendants are themselves corporations owned and funded primarily by passive investor stockholders. Historically, Mass Tort defendants and the firms that they pay (with stockholder funds) to represent them, have enjoyed a significant advantage that allowed the “defense side” to engage in wars of attrition against the Plaintiffs their products and actions injure, the change in Arizona’s rules may well be the first step in reducing this advantage previously enjoyed by the “wrong doers” in these matters.

Disclaimer: This article was written by John Ray. John Ray is not an attorney nor a legal ethicist. Nothing in this article should be construed as legal advice nor legal ethics advice.

Read More