It's been a big week for us. On Monday, Corporate Counsel published the first one-on-one interview with Uber's Tony West since he stepped up to take the CLO role at the troubled company. This week's Inside Track has some highlights from that discussion and a behind the scenes look at how my colleague, Stephanie Forshee, landed this huge interview.

Also, we've asked how a GC can prepare a company for the death of a pivotal executive, and discovered what in-house counsel need to know about IP protection with the implementation of the GDPR only a few months away.

If you have questions or tips, you can email me at [email protected] or find me on Twitter at @jenkayw.

➤➤ Want to receive this weekly briefing as an email? Sign up here.


|

What's happening –

UBER'S TONY WEST LIFTS THE CURTAIN. When Salle Yoo was leading the legal department over at Uber, it was pretty much assumed that the GC-turned-CLO would never comment for an article, much less hop on the phone for an interview. But a legal department shrouded in silence may be a thing of the past, now that Tony West has taken the helm, as my colleague Stephanie Forshee recently scored an interview with him. Below is some of what Stephanie learned, and I highly recommend you check out the full Q&A here.

But first, a look at what it took. Months before West was named CLO, Stephanie and others at Corporate Counsel asked in-house lawyers whether they'd take the GC job at Uber. And guess who made the list? None other than Tony West. Stephanie said she later learned he was actually a candidate for the role at the time, but he didn't respond for the article.

Cut to October, when West was officially named CLO, Stephanie reached out to him for an interview. He did promise one, but Uber's communications team wanted to wait until West was more “settled in” before making him available. Fortunately, a couple of months later, West followed through.

Now, the interview.

Tough start. West's first day on the job was spent calling state AGs' offices about the data breach that the company had covered up for more than a year. “Those conversations went as well as one could expect,” West told Stephanie. “I feel fortunate I think that I was given the benefit of the doubt because a lot of these folks know me. They know I'm a straight shooter with them about what we knew, what we didn't know, what we were disclosing.”

Legal department changes? So far, West said he's been focused on figuring out what's working well and what's not. In the next few weeks, though, West told Stephanie he plans to roll out a fairly significant organizational restructuring. “It will help centralize decisions as opposed to no one owning certain decisions,” he said.

West added: “I think we're going to have a much more robust legal function.”

Compliance focus. West said he's also concentrating on creating a global program that not only addresses the issues we have with regulators, but will actually become the envy of other companies.”


DEATH IN THE (CORPORATE) FAMILY. IKEA founder Ingvar Kamprad, who started the Swedish company at 17, died over the weekend at 91 years old. While he no longer had an operational role within IKEA, Kamprad remained a senior advisor. This made me wonder: How does the death of a key player at a company impact the life of a GC? And is there any way to prepare?

➤ Speaking from experience. In May 2016, Cynthia Cole, who was then general counsel at Spectra7 Microsystems, arrived to the office to learn the company's CEO, Tony Stelliga, had died suddenly of a heart attack. As Cole wrote in July 2017, those who worked closely with Stelliga grieved the loss, and also had to guide the business forward. For Cole, this meant stepping in as co-interim CEO.

➤ Planning. In an email this week, Cole, who is now special counsel at Baker Botts, told me that the death of an executive is not only a tough personal loss, but is also “chaotic for the business.”

To prepare, a GC and the board can initiate a comprehensive leadership succession plan, Cole wrote. “A good plan includes addressing critical business continuity issues like decision-making authority and key stakeholder communications, including customers, vendors, investors, regulators lenders, public and press,” she said. She cited other considerations, such as getting key person insurance and securing phone numbers and other information important to maintaining integral business relationships.


“I'd have to say cyber threats are the No. 1 threat to our nation…It's not just a threat. It's a daily ongoing, minute by minute, hour by hour, series of attacks.”

- Former Homeland Security head Jeh Johnson, speaking Tuesday at Legalweek.


DO YOU REALLY KNOW WHO YOU'RE WORKING WITH? This week, PepsiCo acknowledged a connection to a palm oil supplier in Indonesia accused of exploiting workers. It's just the latest example of businesses getting criticized for the company they keep: In 2013, Dell suppliers were accused of human rights violations in China. And Apple has long faced scrutiny for conditions in suppliers' overseas factories.

As long as companies are partnering up with other businesses, especially overseas, there's risk. So how can it be minimized?

Due diligence. “Companies need very clear, and well developed protocols when they outsource manufacturing, or purchase materials and ingredients from foreign suppliers,” said Ronald Levine, partner and co-chair of the litigation department at Herrick Feinstein. “Due diligence is extremely important, including checking of references.”

The short list. A few rules to live by, according to Levine:

● Any agreements must be carefully prepared.

● No company should assume that the laws and standards in a foreign country meet the standards in the U.S. Legal terminology such as “best practices” and “material breach” must be clearly defined.

● Any agreement must provide for dispute resolution according to acceptable procedures, under U.S. or international law.

● And, the relationship must be managed with on-site visits. When dealing with foreign sources, the company must be fully familiar with local laws, political climate, sources of materials and ingredients, and standards.


|

Question of the week –

As always, if you have a question you'd like answered, send it my way.

This week's question:

What do in-house counsel need to know about intellectual property protection once the General Data Protection Regulation goes into effect?

In-house counsel who work for businesses that operate in the EU and seek to protect their IP rights cannot ignore GDPR because IP rights and the right to the protection of personal data, which are both fundamental rights set out in the Charter of Fundamental Rights, may come into conflict.

In particular, GDPR provides to individuals a right of access and to data portability. This means that individuals can obtain a copy of all the personal data that has been collected about them and also in a structured, commonly used and machine readable format, which they can then forward to someone else (even a competitor). Those rights should not be an open door to IP infringements or disclosure of trade secrets. In-house counsel should prepare to be able to respond to these requests in compliance with the GDPR but without disclosing any of their protected information.

GDPR also provides that for processing activities to be legal, the consent of the individuals must be obtained or one must fall within the categories of authorized processing, such as, for example, processing operations which are necessary in order to provide a service. It means, for example, that the insertion of a unique identifier in content protected by copyright via a Digital Rights Management scheme should not be linked to an individual except to the extent that this link is necessary for the performance of the service or if the individual has been informed and has consented to it.

At this stage of enforcement of IP Rights, in-house counsel should know that personal data should not be stored longer than is necessary to fulfill the purpose for which such data is processed. Therefore, if you collect personal data about your customers, you must delete that data as soon as it is no longer necessary for billing purposes or any other purposes (after-sale services) consented to by the customers. You cannot keep the data “just in case” one of them might misuse your IP.

- Catherine Muyl, partner in Foley Hoag AARPI's intellectual property department. (Edited for clarity and length.)


|

Don't miss –

Thursday, February 8. An upcoming webinar will look at how legal departments are innovating to become more efficient. The discussion will be based on a report from Thomson Reuters and Acritas, and in collaboration with the Corporate Legal Operations Consortium. Register here.

February 23 – February 24. The International Bar Association is hosting an event in Spain that will look at top issues when it comes to M&A transactions in the tech sector. The two-day event will consider everything from challenges associated with cross-border asset transactions to assessing the risks related to data breaches.


|

On the move –

A firm landing. Former JPMorgan Chase GC Stephen Cutler will join Simpson Thacher & Bartlett in April, according to an announcement from the firm. Cutler said in the announcement that he's “delighted to return to private practice,” where he will advise companies and execs on government and internal investigations. Cutler joined JPMorgan in 2007 and served as GC until he became vice chairman in early 2016.

Scoop at Legalweek. A few minutes into a Legalweek panel about legal ops, I learned that Lucy Bassli, assistant general counsel, legal operations and contracting at Microsoft, has moved to a new role. Bassli, who was a panelist at the event, briefly said she'd left Microsoft very recently, on Jan. 26. According to her LinkedIn profile, Bassli is now founder and principal at law firm and consultancy InnoLegal Services. Stay tuned for more.

Time to move on. GlaxoSmithKline GC Daniel Troy will soon step down from his role, after nearly 10 years as the pharmaceutical company's top lawyer. As my colleague Sue Reisinger reports, Troy will stay on in his role until his successor is appointed. Troy's LinkedIn profile states he is “Leaving GSK GC spot later this year and open to new opportunities.”

So long, chocolate bars. Hershey GC Leslie Turner is retiring at the end of March, according to a company filing with the SEC, after more than five years in the role. A spokesperson for the company told us that she looks forward to spending time with her family and friends.