The Supreme Court of the United States has granted certiorari in Georgia et al. v. Public.Resource.Org, Inc., case number 18-1150, to address whether state statutory codes, including annotations, are protectable by copyright.

In October 2018, the 11th Circuit held that the annotations, while not having the force of law, were sufficiently law-like to be regarded as sovereign works constructively authored by the People, and thus were not copyrightable. Code Revision Comm’n for Gen. Assembly of Georgia v. Public.Resource.Org, Inc., 906 F.3d 1229 (11th Cir. 2018), cert. granted sub nom. Georgia v. Public.Resource.Org, Inc. (U.S. June 24, 2019).

As the court indicated, copyright interests vest in the author of the work. Id at 1232. In most states, the official code is comprised of statutory text alone, which cannot be copyrighted because, though the legislature drafted the statutory text, it did so only as an expression of the public—the true author of work. Id. Conversely, annotations created by a private party generally can be copyrighted because the annotations are an original work authored by a private publisher. Id. The annotations in the Official Code of Georgia Annotated (OCGA) are not exactly like either of these two types of works; they are published by the LexisNexis Group, but under the supervision and ultimate editorial control of the Code Revision Commission (CRC) comprised of Georgia government officials. The identity of those who drafted the OCGA, the authoritativeness of the work and the process by which the work was created ultimately led the 11th Circuit to its decision that the OCGA was constructively authored by the public, and therefore uncopyrightable.

The petitioner for certiorari, the CRC on behalf of the General Assembly of Georgia and the state of Georgia, asked the Supreme Court to review whether the OCGA may be copyrighted by the state of Georgia. The respondent, Public.Resource.Org (PRO), is a non-profit organization with a mission of improving public access to government records and primary legal materials. Although PRO was successful at the circuit level, it also filed a brief in support of the CRC’s petition for Writ of Certiorari.

With its brief in support of the petition, PRO has doubled down. While PRO’s victory at the 11th Circuit mitigated the risk of copyright infringement in Georgia and other states in the 11th Circuit, PRO is now gambling in an effort to protect potential copyright infringers in other states as well. By encouraging the Supreme Court to make the 11th Circuit’s decision the law of the land, PRO could extend its victory to exempt all states’ statutory codes and annotations from copyright protection.

Regardless of the Supreme Court’s decision, this case will have a significant impact on free, public access to the law and the states’ ability to profit from their commentary on the law. By affirming the 11th Circuit’s decision, the Supreme Court has the opportunity to provide real, meaningful access to the law and to legislators’ counsel on how to interpret the law. While many large firms have the luxury of commercial databases and online libraries to access the annotated state statutes, it is small firms, solo practitioners and the legal education community that stand to meaningfully benefit from a decision by the Court to curtail copyright ownership in published state law.

Law360 published an article recently with the title, “DoD Official Says Cyber is an Allowable Contractor Cost.” The article states that the U.S. Department of Defense (DoD) will allow defense contractors to treat the costs of bringing their cybersecurity programs in line with DoD requirements as an allowable cost and, therefore, reimbursable. Specifically, at the June 14, 2019 Professional Services Council’s Federal Acquisition Conference, DoD special assistant for cybersecurity Katie Arrington said, “security is an allowable cost.”

Further, Law360 reported that in May, DoD said it was developing a “Cybersecurity Maturity Model Certification” (CMMC) program to build on the Defense Federal Acquisition Regulation Supplement regulation (DFARS § 252.204-7012(b)(2)) that requires defense contractors to implement the security controls in the National Institute of Standards and Technology’s Special Publication (NIST SP) 800-171. The security controls are intended to protect covered defense information on nonfederal systems. DoD said the CMMC will require defense contractors to get third-party audits of their compliance with the NIST SP 800-171 controls, down through their supply chains.

Arrington told the conference attendees that the CMMC will be developed by DoD working in conjunction with the Johns Hopkins University Applied Physics Lab and Carnegie Mellon University Software Engineering Institute. The goal is to develop one unified standard for cybersecurity. This standard will include five different levels of required cybersecurity protections, from a level one of “basic hygiene,” which will be cheap and straightforward enough that a small business could meet it, to level five for “state-of-the-art” protections. Arrington said that DoD has planned 12 related industry days across the United States in July and August to work in a collaborative manner with defense contractors to improve cybersecurity practices in the CMMC plan. Acknowledgments to Daniel Wilson and Law360 for reporting these developments.

As always, the devil is in the details. Will DoD’s recognition of cybersecurity costs as allowable mean that contractors will be able to treat their recent security costs as allowable? Defense contractors have had to prepare to comply with DoD’s cybersecurity requirements for the past four years as the regulation was noticed in 2015 and implementation was required no later than Dec. 31, 2017. Or, will DoD limit allowability to only the cost incurred to meet the requirements of the new CMMC program?

The original answers to frequently asked questions said that contractors would be required to self-certify their compliance with the DFARS regulation. The Under Secretary of Defense for Acquisition, Tech and Logistics previously stated in response to the question, “Is a 3rd Party assessment of compliance required?”

… The rule does not require “certification” of any kind, either for DoD or Federal contractors. Nor will DoD give any credence to 3rd party assessments or certifications – by signing the contract, the contractor agrees to comply with the terms of the contract. It is up to the contractor to determine that their systems meet the requirements….

Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018) Frequently Asked Questions (FAQs) Regarding the Implementation of DFARS Subpart 204.73 and PGI Subpart 204.73, DFARS Subpart 230.76 ad PGI Subpart 239.76, Q25.

Given the uncertainty that many contractors had with meeting their obligations under NIST SP 800-171, it is good to see that third-party certifications will be required and that the cost for third-party audits will at least be allowable. Finally, one cautionary note – the establishment of various levels may give rise to pre-award protests as defense contractors challenge whether a particular contract merits a particular level of CMMC protection or post-award protests if the level is unspecified and competitors challenge whether the awardee’s level of CMMC protection is sufficient.

Corporate financial wizards are expert at creating realistic expense budgets that project exactly how much will be spent on everything from paper clips to building a new facility and expanding into new markets. But even the best MBA analysts from the best grad schools have trouble accurately budgeting the cost and time for an SAP S/4 HANA installation whether it is for upgrading a legacy ERP software system or bringing a totally new one onstream.

Tales of massive cost overruns are legendary, often escalating into the tens and hundreds of millions of dollars above what was planned when budgets were developed. Likewise, there are horror stories aplenty of integrations that did not go well inside a business. While the problems are not limited to SAP S/4 HANA systems, it does seem to happen more often than with ERP software systems from other vendors.

Why?

As an attorney who negotiates and drafts contracts for ERP software system users, we have seen a trio of culprits: Customers reply too heavily on costs in a sales proposal to establish a budget; customers don’t understand the complexity of the size of the project which create many variables; and customers do not factor in the reality of the size of the organizational change that will be necessary to make an ERP implementation successful.

One or more of these usually come into play.

Strong Proposals, Soft Numbers

As is the case with Oracle, Microsoft or any other vendor, the SAP S/4 HANA sales team has one goal: Make the sale.

What happens is that the client team – a CIO, CFO, even the CEO – frequently rely heavily on the sales proposal to come up with a budget for the project and how long it will take to implement. But while an account manager has a financial incentive for closing a deal, that person has no incentive to provide a realistic price or timeline estimate. When looking at a proposal, remember two things that affect the actual, total cost:

  • Type of business – A manufacturing company requires a more complex system than, say, an accounting firm or hedge fund. The more complicated your supply chain or your warehouse management systems, the more complicated (and expense) your implementation will be.
  • Third party software – Often, software from other vendors is needed to fully utilize the ERP software system. If required, this can add up to 35% of the total cost of the software that needs to be budgeted.

As a rough rule of thumb, an organization should realistically budget between 5% and 7% of its annual revenue on the total cost of acquiring and integrating an ERP system regardless of what is in the vendor’s proposal.

Digital Transformation Isn’t Easy, Fast or Cheap

The assumptions used to create an implementation schedule are often based on either incorrect or faulty information.

In our experience, this is one of the reasons why so many ERP software systems require vastly more money and take months and even years longer to implement. Understanding the organizational change needed is more important than comparing proposals between SAP S/4 HANA, Oracle and Infor.

The eventual total cost isn’t so much the price of the software itself as it is internal factors such as the competencies of the staff who’ll be working with it, and where – and for what purposes – it will be used in the organization.

The bigger the transformation, the more complex the integration into the business. The factors involved include the experience of the people responsible for keeping the system functioning, the impact it will have on people, how extensive the change will be to business processes, the expanse of geography to be covered by the system, and the overall impact on employees.

  • Functions – The more extensive the scope of the ERP software system, the more time it will take to integrate it and bring it online.
  • Geography – The more spread out the end-users will be, the more complex the integration and implementation. Those that serve multiple countries with diverse business cultures increase the complexity many times and in many ways.
  • Experience – Internally, if the team hasn’t implemented an ERP system previously, deploying it will take longer and require much more training. ERP consultants can help assess the situation and quantify the time needed.
  • Change – The component that far too many companies overlook when implementing an ERP system is the need for a far-reaching change management program to be conducted as the system is being integrated. This enables everyone who will come in contact with the SAP S/4 HANA system to not only know what it does and how to use it, they will understand how they need to do their job differently.

Moving Smoothly

Acquiring an SAP S/4 HANA ERP software system, or a competing ERP product from any other vendor, is a costly and complex process. But there are ways for senior management to more realistically plan for the overall expense as well as for the changes confronting the organization as a result of the new or enhanced system being integrated into its operation.

If your firm is beginning to consider upgrading a legacy system or acquiring a new one for the first time, feel free to call us with any questions about the contract with a vendor an integrator or for referrals to ERP consultants who can help in the process.

The failure of ERP software systems often prompts a lawsuit to be filed by the user against the vendor and integrator. But a new twist in trying to recover damages from an ERP failure surfaced in May 2019, when Revlon Inc. shareholders filed three class action suits against the cosmetics giant to recover money they claim to have lost as a result of its troubled 2018 implementation of an SAP system.

The three actions are likely to be consolidated into one.

The problems became known due to Revlon’s filings with the Securities and Exchange Commission, In the filing’s aftermath, the company’s stock price took a hit.

Revlon said when it installed the SAP ERP software system in a North Carolina factory, there was a weakness in its internal controls resulting from a “lack of design” in the system. There were disruptions in its supply chain that resulted in late deliveries to major retailers which reduced sales by some $20-million in Q2 2019 in addition to millions of added incremental expenses that Revlon had to absorb.

Same Old, Same Old

While the circumstances surrounding the newest ERP lawsuit are unique as are the plaintiffs, the events that led to the failure of Revlon’s SAP system are all too familiar.

For openers, it does not seem as if Revlon understood either the size of the projects nor any of the risks inherent in rolling out a new ERP software system. It doesn’t appear as if the cosmetics giant developed any strategies to offset the possible risks.

Complicating matters, the company was encountering major problems integrating the Elizabeth Arden brand into its business. Rather than focusing on getting the new ERP system up and running, it should have first addressed the operational problems. Any ERP implementation is likely to fail under these circumstances.

Furthermore, the company admitted in the SEC filing that it had “material weaknesses” with its own internal controls caused by the ERP implementation. Having an effective business plan before starting an ERP project can avoid this.

But without question, the largest problem for Revlon was that as a result of the ERP train wreck the project resulted in a negative ROI stemming from production and operational issues when Revlon brought the SAP system online.

How to Avoid ERP Problems

As an attorney who negotiates and drafts ERP software system contracts, when working with a client we always try to remind them they are acquiring a business process, not merely a technology solution.

Costly failures such as the one Revlon encountered can be avoided. Doing so requires top management to own the project and develop a plan to smoothly meld the technology into the business process, not the other way around.

If you’re considering an upgraded or new ERP software system and want to avoid the problems that Revlon and other companies have faced, feel free to call us before you finalize a contract. Our experience and that of ERP consultants to which we can refer you, will help you to mitigate the likelihood that your operation will join the list of ERP disasters.

Roseanne Rosanna Dana, a popular character in the early years of Saturday Night Live, had a catch phrase, “If it’s not one thing, it’s another!” This seems to describe what happened with National Grid USA’s ERP software system integration and why Wipro recently settled a lawsuit National Grid (NGUSA) filed against it for $75-million.

It appears that everything that could go wrong with NGUSA’s system did go wrong.

NGUSA is a subsidiary of a UK company and is the largest investor-owned distributor of electricity and gas in New York, Rhode Island and Massachusetts. In 2010, it acquired an ERP system from SAP and hired Wipro to handle its integration and implementation for a $140-million fee.

There were repeated delays in bringing the SAP system live. When it did finally go-live, along with Hurricane Sandy roaring down on the region and cutting off customers who needed electricity restored, there were numerous problems with the SAP software.  These problems resulted in NGUSA encountering errors in payroll, financial reporting and vendor payments – to the tune of roughly $30-million a month.

To counter the problems, NGUSA hired some 850 contractors in all, 450 alone to deal with payroll. The rest were needed to cope with paying vendors promptly and accurately as well as to meet the legal and regulatory requirements placed on every public utility.

The lawsuit was filed in November, 2017.

A Study in ERP Failure

Far too many ERP and other digital transformations go awry. We write about them frequently, most-recently in a blog posted this month. But the NGUSA-Wipro dispute is a case study in doing almost everything incorrectly.

Although we were not involved in any aspect of negotiating or drafting NGUSA’s contract with Wipro, nor in settling the lawsuit, from news reports and documents filed in the case, a number of things are apparent to me as an experienced ERP litigation attorney.

For its part, it doesn’t seem that NGUSA’s senior management “owned” the project, a necessity to help ensure the success of any ERP integration. Broadly speaking, NGUSA failed on five key points:

  • Management underestimated how big a transformation was required to implement the SAP software.
  • Broader NGUSA business goals meant key decision makers weren’t always available.
  • Data imported from legacy systems hadn’t been properly vetted and cleaned.
  • Training was ineffective and insufficient.
  • The focus of top management was more on going live rather than on the quality of the system or data.

But as the ERP integrator, Wipro created many of the problems.

Overselling – Wipro had little or no experience in the U.S. utility industry yet bid on the contract because of its size. A lack of industry-specific experience creates problems for many integrators.

Inadequate Oversight – NGUSA retained Ernst & Young as consultants to oversee the integration. Yet it did not raise any red flags as the problems mounted and because NGUSA management wasn’t sufficiently involved in the project it didn’t ask enough tough questions.

Upselling – In the lawsuit, NGUSA alleged that rather than using the SAP software as it was designed, it created its own, highly complicated system that required new capabilities be developed. Upselling services to an ERP user is a major goal for many integrators.

Parallel Universes?

Now that the dispute has settled, it seems like the ERP user and the ERP integrator were operating in parallel universes. NGUSA was disengaged and Wipro was doing what it wanted to do.

As an ERP software lawsuit attorney who has litigated many similar disputes, we have seen this happen time and again. Preventing a project from getting derailed requires negotiating a very specific contract between the user, and the seller and integrator, and there are five key parts to one.

It also requires selecting an integrator who has worked on ERP software systems in your industry, and having a consultant in charge who can ride herd on everyone.

If you are considering upgrading a legacy ERP system or installing a new one and have questions about how to keep the project on track and on budget, feel free to call us.

The U.S. Supreme Court provided much-needed clarity on the effect bankruptcy has on the licensor’s right to revoke a trademark license. On May 20, 2019, SCOTUS decided, in an 8-1 decision, that “A debtor’s rejection of an executory contract under Section 365 of the Bankruptcy Code has the same effect as a breach of that contract outside bankruptcy. Such an act cannot rescind rights that the contract previously granted.” Mission Product Holdings, Inc. v. Tempnology, LLC NKA Old Cold LLC No. 17-1657 (U.S. May 20, 2019).

Tempnology, LLC exclusively licensed its “Coolcore” trademarks to be used in connection with athletic apparel to Mission Product Holdings, Inc. Later, Tempnology filed for Chapter 11 bankruptcy and asked the bankruptcy court to reject the trademark license, which would require Mission Product Holdings to cease using the “Coolcore” trademarks. The bankruptcy court and First Circuit approved the rejection, finding that holding a licensor to the obligations under a trademark license agreement, including the licensor’s duty to monitor the use of its trademarks by third parties, would cause an undue burden on the licensor in a bankruptcy proceeding. Such a burden would run contrary to the intent of the Bankruptcy Code, which is meant to relieve debtor’s contractual burdens.

SCOTUS reversed the decision and found that, while Tempnology breached its contract with Mission Product Holdings when it sought rejection in the bankruptcy proceeding, the license to use the trademark was a conveyance that could not be rescinded under Bankruptcy Code Section 365. This is a big win for trademark licensees who, under the bankruptcy court’s previous ruling would stand to lose all rights to the use of a licensed trademark. Such use rights could affect a licensee’s business and crater the licensee in the blink of an eye. Under the SCOTUS ruling, licensees are secure in knowing the license will remain as originally contemplated by the parties in the event of a bankruptcy.

On the other hand, trademark owners that license their trademarks are now on alert that license obligations under a license agreement may not be rescinded when bankruptcy is filed. Instead, the trademark owner will remain responsible for all ongoing obligations related to the license, including the duty to monitor all use of its trademark. It is important that:

  • all parties to a license agreement carefully contemplate the trademark license terms and obligations that will survive bankruptcy before entering such an agreement,
  • parties interested in purchasing a trademark portfolio from a debtor remain diligent of any previous license agreements and
  • licensors choose their licensees with the utmost care since they will be with you in good times and in bad.

Recently, The Hertz Corp. filed a $32-million lawsuit against consulting behemoth Accenture LLP for what Hertz claims was the botched development and delivery of a new website for all of the Hertz’s brands. The project was launched in August 2018, missed its original December 2017 delivery date that slipped to January, 2018 and then again to April 2018. That’s when Hertz pulled the plug.

Although the dispute involves a website, the factors leading to the project’s collapse and a lawsuit offer valuable lessons for businesses upgrading a legacy ERP software system or installing a new one. The Hertz story is about a digital transformation where everything – and possibly everyone – likely was at fault.

From the filing in federal court in the Southern District of New York, it appears everything that could go wrong did go wrong. Although the case has yet to be tested in court, there seems to be enough blame to go around, from Hertz firing many of its in-house digital staff at the start of the assignment and top management not paying enough attention to the project, to Accenture up-selling its services after the initial contract was signed.

If this sounds familiar it is because many ERP software systems get derailed for some of the same reasons, as I have written frequently and most recently here and here.

Case Study in Errors

Reading the complaint (see above) had me shaking my head in disbelief. It starts with Hertz alleging that Accenture did not create a responsive design so web pages would resize themselves on the size screen used by someone accessing the site, which had been specified in the contract. Hertz claims Accenture wants hundreds of thousands of dollars in fees to fix the problem.

Moreover, Hertz insists that Accenture wrote code that could be used only in North America for Hertz, not globally, and not for its Dollar and Thrifty brands.

If that were not enough, Hertz alleges Accenture’s work created serious “security and performance problems” for the car rental giant.

When Hertz discovered that in producing the website’s content management system, Accenture sold licenses to Hertz for RAPID even though the developers at Accenture didn’t have a clue how to use the technology so what was sold as a quick fix took longer to implement than it would have taken to fix the original problem from scratch.

Accenture has denied all of the allegations.

Not Entirely Innocent

The open questions for me as a lawyer who focuses on digital transformations such as ERP software systems is how did a sophisticated business such as Hertz let things get so out of control? Why did nobody in the C-suite step in to ask “What’s going on here?” before the invoices totaled $32-million in less than two years?

In my experience litigating disputes between ERP vendors and users, the first mistake is when no one in top management takes ownership of the project. It seems like that was the case at Hertz. In fact, the complaint admits that nobody at the company noticed there were problems until an executive asked about progress on tablet views that Hertz realized that Accenture hadn’t been doing what was called for in the contract.

To complicate matters, news reports say that Hertz fired much of its internal digital and development staff before handing the new website project over to Accenture. In effect, it outsourced responsibility for the project to an entity that had a vested interest mostly in selling additional service to its client.

While outsourcing development and implementation of digital transformation projects often makes sense, the client has to remain engaged so it can spot small misunderstandings before they become $32-million disputes. Moreover, engagement from the top enables the development team to have access to the institutional knowledge that only the client possesses.

The bigger the project, the more engagement that is needed to ensure a smooth implementation.

Major Lesson

The key lessons to be drawn from the dispute is that senior Hertz executives did not understand that the project would be so big and complex, and that they needed to both take ownership and be directly involved in its development as the project unfolded. In the ERP world, this often happens when the very top management sees development, implementation and integration as an IT concern or something an operating division can deal with.

And never let the developer or integrator be in charge of monitoring and managing itself.

The larger the company, the more likely these mistakes will occur.

If you’re concerned about the status of your ERP or other digital transformation project, feel free to us  to discuss the issues that worry you.

In mid-May 2019, I spoke at a two-day conference on avoiding problems with SAP S/4HANA ERP software , integration and implementation projects.

Many users run into the same kind of problems with their SAP S/4Hana software implementation. As an ERP attorney whose career includes working on the vendor side of ERP as well as negotiating and drafting SAP S/4Hana contracts for users and litigating disputes when the SAP S/4Hana implementation encounters problems, we have seen many of the same issues arise repeatedly.

Negotiating your SAP S/4Hana contract may be the most important step to achieve a successful SAP S/4Hana implementation.

It may be useful for CEOs, COOs, CFOs and General Counsel considering an SAP S/4 HANA implementation or digital transformation to have a list of what not to do when talking with the sales team. Because I drafted ERP contracts for SAP early in my career, I know where the hidden traps and pitfalls are waiting for the unwary.

1 – Understand why you want a new system. Leaders need to ask “How will this digital transformation change our business?” Don’t think of SAP S/4 HANA as a technology issue because it is fundamentally about implementing software that addresses fundamental business needs and requirements. Remember thatthe goal of a software company is to sell their system.  This isn’t always aligned with the user’s business goals.

2 – Know exactly what you’re purchasing. The SAP S/4 HANA system is being developed so quickly that what a user thinks they are acquiring may not be what is going to be delivered.

2 – Don’t focus on the price. Many users think they should license SAP S/4 HANA based on the price and up-front discounts for add-ons. By focusing on price, users often overlook  onerous terms that restrict how the SAP S/4 HANA software may be used. Also, the discounts often leave users paying for software licenses they may not use for a long time but paying for maintenance in the meantime.

3 – Don’t sign the contract SAP hands you. The contract you will be asked to sign is written entirely in favor of SAP. There are numerous provisions that need to be negotiated. SAP’s standard form contract will have unreasonable user restrictions, limitations of liability and warranties. All of these things can be negotiated. Other standard provisions are entirely missing from SAP’s form contract. Without proper negotiating, it will be difficult to hold SAP accountable for common issues that are likely to arise.

4 – Don’t rely on representations made by a sales team. The job of the account manager and sales people is to meet their quota and sign up a new customer. It’s not unheard of for them to say they have experience in your sector or industry, or have out-of-the-box functionality to meet all of your business needs. If they say something, write something – and try to include any marketing material as an addendum to the contract.

5 – Don’t assume what you did 10 years ago works today. Users upgrading a legacy system ERP software system to an SAP S/4 HANA styem sometimes overlook the reality that not only is the software different than it was when you signed your first deal, the contracts are different, as well. Use contracts with the vendor and integrator as a tool to manage the relationship for the life of the product.

6 – View the contract as a collaboration. Just as you shouldn’t sign a one-way contract, SAP and the integrator are not going to sign one either. Think of the negotiation process as you would any business deal: It has to work for everyone.

7 – Don’t let the contract dictate how you can make business decisions. Make sure that you have as much flexibility in using the software as possible. As an example, no company wants to be surprised by getting an invoice for unexpected maintenance fees or learn after the fact that you can’t use the ERP software system for certain things. This needs to be in the contract.

Whether you’re considering an SAP S/4HANA ERP system or one from another vendor, keep these seven key points in mind. If you have any questions or want help with your contract feel free to call us.

For several years now, it’s been widely known how Google and Facebook abuse the privacy of users. Apple Inc. always insisted it was different. A recent ad proclaimed “What happens on your iPhone stays on your iPhone” and CEO Tim Cook once boasted in a talk “We’re not Google.”

It turns out that may not be true. Twice during the last week of May, 2019, Apple got bruised for doing about the same thing as its Silicon Valley neighbors: Secretly selling user data to third parties without the knowledge or specific consent of its customers.

Ironically, the two items hit the headlines during the same week as the European Union’s General Data Privacy Regulations (GDPR) marked its first anniversary.

Two Bites of Apple

First, a class action lawsuit was filed in San Francisco by three iTunes buyers on behalf of all such customers, claiming damages resulting from Apple selling very detailed information about their listening, buying and lifestyle habits to third parties including full names and home addresses. The plaintiffs allege that this was done solely to enhance Apple’s revenue and profits, and without their permission.

Then, a few days later, The Washington Post’s technology reporter revealed his iPhone sent 5,400 data trackers out in a single week to marketing companies, research firms and other personal data collectors with information about his phone number, email, exact location, and a digital fingerprint of the phone. When one company received a way to identify his phone, it sent back a list of other trackers to pair up with. The reporter notes that there is a way to turn off the function but it’s not disclosed to iPhone buyers and is difficult to locate on the device.

Apple’s legal and PR predicament highlights two key points: Any highly-regarded company can take it on the chin when what is says publicly is contradicted when evidence of it acting just the opposite becomes known. And, it is one more convincing piece of evidence that Congress needs to enact a GDPR-type law for the U.S.

Patchwork Quilt Being Stitched

There is no question that concerns about privacy are mounting. California’s new privacy law comes into effect on January 1, 2020, and has received a lot of attention because of its likely impact on businesses across the country. But 14 other states plus New York City and the District of Columbia have or are considering their own legislation.

What’s emerging is a patchwork quilt of laws with varying requirements and penalties that are likely to place an onerous burden on any business that is larger than a corner hardware store.

In February, 2019, the non-partisan Government Accountability Office sent a report to Congress saying the country needs a national privacy law. In part, this is because it is becoming a major issue for all citizens and in part because businesses will have real problems trying to comply with varying requirements from state-to-state.

The Interstate Commerce Clause of the Constitution gives Congress the authority to enact such legislation.

As a privacy and data security attorney, already we are receiving calls from nervous clients about what they’ll need to do to meet the California standards. Many are expressing concern about how they might be in compliance with the rules in one state yet be in violation of a contradictory rule in another.

There are two practical things businesses can do.

One is to write to their Representative and Senators explaining the problems a lack of a national law will create for them. The other is to ensure that their own privacy policies are transparent and easily accessible to customers including an “opt-out” opportunity to keep their information private.

If you have any questions about how to structure your company’s privacy policy or the impact the California law may have on your business, feel free to call us.

On May 16 and 17, Taft partner Marcus Harris spoke at a two-day conference on avoid problems with SAP S/4HANA ERP development, integration and implementation.

The Taft law firm co-sponsored the event with Third Stage Consulting.

Because ERP digital transformations can become difficult, the conference looked at how and why system integrators that focus on SAP are not able to provide either the best practices or the vision needed to ensure that the project is a success.

The program Harris participated in took a deep dive into topics including how to define an SAP strategy, plan and budget to ensure success. The speakers also examined …

  • Mitigating risks inherent in a complex project and ways to identify them before they reach the crisis stage.
  • Ways of choosing the best system integrator
  • Lessons to be learned from other S/4HANA implementations – both those that went smoothly and those that became derailed.

Marcus Harris will be presenting at another digital transformation conference held in Chicago in August. If you participated in the May event held in Denver, you will receive a discount for the August event.