Friday, May 31, 2019

The SC Insurance Data Security Act: Ask Some Questions to Evaluate Your Security Program

The South Carolina Insurance Data Security Act (“Act”), fashioned after the NAIC Insurance Data Security Model Law (Model Law), went into effect on January 1, 2019. South Carolina was the first state in the nation to pass this legislation, and others (Ohio, Mississippi), have followed suit.

The Act requires that each South Carolina person licensed or authorized by the South Carolina Department of Insurance (DOI) a “Licensee” must implement, no later than July 1, 2019, a “comprehensive written information security program” (“Program”) designed to protect nonpublic information (NPI) and the security of the Licensee’s information system.

In addition, the Act requires a Licensee to report to the Director of the DOI within 72 hours following an actual or potential “cybersecurity event.” S.C. Code Section 38-99-40(A) (Section 6(A) of the Model Act).

While South Carolina Licensees (hopefully) are well down the path to meeting the Act’s requirements, the following may be useful for insurance businesses in other jurisdictions who may face compliance with a version of the Model Law in the future. More broadly, the questions that the Act forces insurance businesses to answer are useful for any business seeking to implement, evaluate, or improve its information security program. 

1.     Who is Responsible for Your Information Security Program?

The Act requires that each Licensee “designate one or more employees, an affiliate, or an outside vendor designated to act on behalf of the Licensee who is responsible for the information security program.” S.C. Code Section 38-99-20(C)(1) [Section 4(C)(1) of the Model Act].

More particularly, S.C. Code Section 38-99-40(B)(13) [Section 6(B)(13) of the Model Act] requires a Licensee, following a cybersecurity event, to provide the director of the DOI with “the name of a contact person who is both familiar with the cybersecurity event and authorized to act on behalf of the licensee.” 
Where Does the Security Buck Stop?

The Act, like many other statutory and regulatory provisions designed to protect sensitive information and information systems (for example the Gramm-Leach-Bliley Act Safeguards Rule and the New York State DFS Cybersecurity Requirements for Financial Services Companies) recognizes that no effective information security program happens without appropriate oversight and responsibility.

2.     Are You Conducting Ongoing Risk Assessments?

In order to develop the Program required by the Act, a Licensee must first determine those information risks (threats) it faces, and then choose those measures it will implement in order to address those risks.

In fact, the Act explicitly anticipates that a Licensee’s Program will be “based on the licensee’s risk assessment.” S.C. Code Ann. Section 38-99-20(A) [Section 4(A) of the Model Act]. The Act goes further, setting out some of the things that an appropriate risk assessment will address, including:
  • Identifying internal and external threats (including those faced by third-party service providers) that could compromise NPI;
  • Determining how likely and how potentially damaging those threats may be, in view of how sensitive the NPI is;
  • Evaluating how well your policies, procedures, information systems, and other protections work in managing these threats;
  • Detecting, preventing, and responding to attacks, intrusions, and other system failures; and
  • Implementing safeguards identified in an ongoing risk assessment, and revisiting those safeguards at least annually.

The Act does not require that an independent party conduct a risk assessment, but consider whether an “in-house” evaluation could be robust enough to provide meaningful feedback, or withstand scrutiny by a regulator.  

3.     What Nonpublic Information Do You Collect, Store, and Share?

The Act requires each Licensee create a Program for the “protection of” NPI. S.C. Code Section 38-99-20(A), [Model Act Section 4(B)]. Broad brush, the Act defines NPI as information that is not publicly available and that meets certain other characteristics. Of course, other applicable laws, and your own business interests may determine what your organization considers NPI or information worthy of protection.

If you do not know what NPI you store, where and how you store it, and who and what is responsible for protecting that NPI, then you cannot quickly or effectively respond when NPI goes missing or is compromised. More generally, you cannot make a plan to protect NPI unless and until you have answered these questions.

Have you created a written document that maps NPI and other sensitive information (visually and otherwise) by the places (servers, physical locations, etc.) where it is stored, inventories that information, identifies who is responsible for managing that information, and classifies the information based on how sensitive or important it is?

4.     How Do You Protect NPI When You Store It and Share It?

When you store NPI or send NPI outside your business, do you employ encryption technologies to secure that NPI?

The Act mentions a number of potential security measures that Licensees should consider and implement as appropriate. In particular, the Act recommends, “protecting by encryption or other appropriate means, all nonpublic information while being transmitted over an external network and all nonpublic information stored on a laptop computer or other portable computing or storage device or media.” S.C. Code Section 38-99-20(D)(2)(d), [Model Act Section 4(D)(2)(d)].

Notably, the Act excludes encrypted NPI from the definition of a “cybersecurity event” as long as the “encryption key” is not compromised. S.C. Code Section 38-99-10(3), [Model Act Section 3(D)].
Other regulatory frameworks provide similar “safe harbors” for properly encrypted NPI.

5.     How Do You Limit Access to NPI?

The Act recognizes that one potential threat to the security of NPI arises not from outside hackers, but from inside an organization.

Accordingly, the Act suggests “placing access controls on information systems, including controls to authenticate and permit access only to authorized individuals to protect against the unauthorized acquisition of nonpublic information.” S.C. Code Section 38-99-20(D)(2)(a), [Model Act Section 4(D)(2)(a)].

Access controls ensure the principle of least privilege — meaning an employee only has access to that information necessary for her to perform her job. Giving all employees access to NPI outside of their normal job function can create a potential cybersecurity event.

6.     With Whom Are You Sharing NPI?

The Act requires a Licensee to “exercise due diligence” selecting any third-party service provider that will have access to NPI, and further to require any such third-party service provider to implement appropriate measures to secure information systems and NPI. S.C. Code Section 38-99-20(F), [Model Act Section 4(F)].

A written agreement between a business and any third-party service provider handling NPI is necessary to set out appropriate obligations and remedies. For more on appropriate vendor management, click here.

7.     Do You Have an Incident Response Plan?

The Act requires a Licensee to “establish a written incident response plan” as part of its Program, (S.C. Code Section 38-99-20(H)(1)) [Model Act Section 4(H)] , and lists a number of elements that must be included in that plan, including:

  •         the process for responding to a cybersecurity event,
  •         the goals of an incident response plan,
  •         defining roles, responsibility, and decision-making authority during an event,
  •         identifying requirements for addressing weaknesses, and
  •         documenting and reporting cybersecurity events and incident response activities.
The Act recognizes that the mere act of creating an incident response plan in advance allows an organization to respond more effectively following a cybersecurity event.

As Nassim Nicholas Taleb notes,
“It is preferable to take risks one understands than understand risks one is taking.”

South Carolina insurance Licensees are complying with the Act because they have to. However, the requirements of the Act embody fundamental security concepts and controls that apply to any organization that stores and shares NPI.

Thursday, May 23, 2019

Legalized, But Regulated: Commercial Hemp in South Carolina

On December 20, 2018 the Agricultural Improvement Act of 2018 (the "2018 Farm Bill") became law.  Following closely on the heels of the 2018 Farm Bill, on March 28, 2019 the South Carolina Hemp Farming Act ("S.C. Hemp Farming Act") was signed into law. 

The following is a brief overview of the status of hemp (also called "commercial hemp" or "industrial hemp") farming and regulation in South Carolina in the wake of the 2018 Farm Bill and the S.C. Hemp Farming Act.


The terms "hemp" (which has non-drug connotations and uses) and "marijuana" (no further explanation necessary) describe the same plant genus: cannabis. The difference between the two is generally based on the relative amount of tetrahydrocannabinol (THC) contained in the plant. Hemp plants are cultivated to produce fiber and seeds and very little if any THC. Marijuana plants, on the other hand, are cultivated to produce more THC. THC, of course, is the main psychoactive part of the plant.

Historically, U.S. federal and state law has recognized no distinction between hemp and marijuana.  Beginning with the Marihuana Tax Act in 1937, and then under the terms of the 1970 Controlled Substances Act, all "cannabis" has been considered to be illegal. More particularly, cannabis is designated by the Drug Enforcement Administration (DEA) as a "Schedule 1" drug.  

Of course, cannabis' status as an illegal drug prevented farmers from growing it as a crop. Accordingly, interested parties also missed out on the significant benefits that the creators of agricultural commodities enjoy, such as farm subsidies, nutritional assistance, and crop insurance.

The 2014 Farm Bill and Hemp Pilot Programs

The 2014 Farm Bill created a little daylight between hemp and marijuana, recognizing that some cannabis is not in fact a psychoactive drug, and allowing a limited number of hemp "cultivators" to operate under various state hemp pilot programs. In particular, the 2014 Farm Bill limited these pilot programs to cannabis containing no more than 0.3% of THC, and put numerous limitations and conditions on the number of pilot program licensees, the allowable acreage for hemp cultivation, and the uses for which cultivated hemp could be employed.

Consistent with the 2014 Farm Bill, the South Carolina Department of Agriculture ("SCDA") instituted its  Hemp Pilot Program.   Following the most recent application process, the SCDA selected 40 growers from 161 applications:

The Effects of the 2018 Farm Bill and the Hemp Farming Act

The 2018 Farm Bill legalized hemp production nationwide, continuing the distinction between hemp and marijuana based on THC content established in the 2014 Farm Bill. The 2018 Farm Bill facilitates the interstate commerce of hemp by making clear that no state (or tribal government) can prohibit the transportation of hemp through its territory.

Significantly, the 2018 Farm Bill treats hemp like other agricultural crops, adding hemp to various crop and agricultural materials programs administered by the United States Department of Agriculture ("USDA").

However, while hemp production is now legal, that production (cultivation, handling, and processing) is subject to a very strict licensing and regulatory regime. Notably (and understandably), licensed persons must ensure that hemp does not become marijuana (very much still a Schedule 1 drug) by virtue of its THC content. The 2018 Farm Bill gives states like South Carolina the ability to submit a state hemp plan to the USDA for approval.

Accordingly, the Hemp Farming Act directs the SCDA to submit a state hemp plan to the USDA.

Similarly, hemp farming is is no longer limited to a pilot program, but the Hemp Farming Act makes any hemp production illegal unless an appropriate license is obtained from the SCDA.  Key to the regulatory scheme is determining what part of the production chain a particular person or organization occupies:


Any person involved with "planting, watering, growing, and harvesting a plant or a crop" (S.C. Code Section 46-55-10(4)) of hemp will be required to obtain a S.C. hemp license.  


"Handling' means possessing or storing hemp for any period of time. 'Handling' also includes possessing or storing hemp in a vehicle for any period of time other than during its actual transport from the premises of a licensed person to cultivate or process industrial hemp to the premises of another licensed person. 'Handling' does not mean possessing or storing finished hemp products." (S.C. Code Section 46-55-10(7)). 


This term means "converting an agricultural commodity into a marketable form." 
S.C. Code Section 46-55-10(12).


While hemp production is now legal in South Carolina, any person involved at any stage of its production must ensure that all provisions of the Hemp Farming Act are met. 

In particular, any person who touches hemp at any point during its production should ensure, through appropriate contractual and other due diligence actions, that all licenses have been obtained and that all applicable requirements are followed.

Sunday, May 12, 2019

It's All "Backup" Nowadays? Wrestling With the Stored Communications Act

Shoulda' Seen My Servers ....

Disputes of all kinds (between individuals, between businesses, between individuals and businesses, etc.) often highlight who said what to whom. In the information age, what better place to look for what has been said than in email communications? And as is often the case in litigation between jilted lovers and former business partners (acting like jilted lovers?), one party either has or can guess the email password of the other.

However, attorneys and their clients must be very careful in gaining access to email communications to which they are not a party. The Stored Communications Act (SCA), a 1986 federal statute  prohibiting unauthorized access to emails in certain circumstances, has been given very different readings by the South Carolina Supreme Court and the Fourth Circuit Court of Appeals.


The SCA provides a civil cause of action against anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided . . . and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system[.]” 18 U.S.C. § 2701(a)(1).

The SCA defines "electronic storage" as:

(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication[.]
18 U.S.C. § 2510(17).

Email is unquestionably "an electronic communication," and the "temporary" storage described in 18 U.S.C. § 2510(17)(A) does not come into play (at least in the current prevailing view of the SCA), leaving courts to consider whether whether emails are in "electronic storage" for "purposes of backup protection."

South Carolina Supreme Court: Web-Based Emails Are Not "Backup"

In 2012, the South Carolina Supreme Court, in Jennings v. Jennings,  reviewed a decision of the S.C. Court of Appeals concluding that emails in Mr. Jennings' Yahoo! account were in "electronic storage," and that therefore the SCA had been violated when those emails were accessed. For more on the Court of Appeals' opinion, click here.

Justice Hearn rejected the rationale of the Court of Appeals that Mr. Jennings' single copies of previously opened Yahoo! emails were stored "for purposes of backup protection" pursuant to 18 U.S.C. § 2510(17)(B):  

"We decline to hold that retaining an opened e-mail constitutes storing it for backup protection under the Act."  

Employing the ordinary meaning of "backup" as "one that serves as a substitute or support," Justice Hearn reasoned that since Mr. Jennings left the only versions of these emails on the Yahoo! server, (and did not download them to a device or save them elsewhere), there were no "backup" copies of these messages (at least as far as Mr. Jennings was concerned). Therefore, the messages were not in "electronic storage," and there was no violation of the SCA. 

Notably, in concurrence with the result, Justices Toal and Pleicones offered different constructions of the SCA than Justice Hearn, underscoring the difficulty courts have making sense of a law originally enacted in 1986. For more on the S.C. Supreme Court's opinion, click here.

The 4th Circuit- Web-Based Emails Are "Backup"

On March 6, 2019, the 4th Circuit took a much broader view of "backup," concluding in Hately v. Watts that delivered and opened emails retained on a Gmail server were "stored for purposes of backup protection" and therefore subject to the SCA. Broad brush, there are numerous "backup" copies created of each web-based email message (and used for the "backup" purposes of both the user and the email provider), as web-based email platforms store messages until their users want to destroy them.  

More fundamentally, email messages don't really "substitute"or "support" any "original," so that framework (there has to be an original in order to have a "backup") loses its relevance (or resonance) when moving from analog to digital. (This is some of the same debate that takes place in the context of using electronic documents pursuant to the eSign Act or the South Carolina Uniform Electronic Transactions Act, or even more broadly the double-spend problem presented by digital currencies, but we can dive a little deeper into that another time). 

Well, They Were "Backup" For a Time - To a True Original

Conclusion: Know Your Court-- and Proceed With Caution

Decisions of the 4th Circuit Court of Appeals are only binding on South Carolina federal courts. and are not considered precedent in S.C. state courts. However, given the different constructions of the SCA provided by the South Carolina Court of Appeals, three justices of the South Carolina Supreme Court, and the 4th Circuit Court of Appeals, relying on one particular view of the SCA to support access to someone else's email is risky at best. 

Tuesday, May 7, 2019

Lamps Plus and Class Arbitration: A Journey Through Some South Carolina Past

But Bazzle Keeps Coming Back Up ....

Introduction: Class Arbitration Castles Burning ....


Years ago this platform discussed at some length how more than one United States Supreme Court (SCOTUS) decision has considered the South Carolina Supreme Court's decision in Bazzle: in the context of who decides issues of arbitrability, as well as whether arbitration agreements allow classwide arbitration.

(For that background, click here. For a broader survey of arbitration and class actions in the context of SCOTUS and South Carolina-- at least at that point in time-- click here).

SCOTUS recently took up the issue of class arbitration again, ruling in Lamps Plus that an ambiguous contract to arbitrate could not authorize class arbitration. Lamps Plus extended the rationale of Stolt-Nielsen, a 2010 SCOTUS decision concluding that an agreement that is "silent" on the question of class arbitration could not compel the parties to classwide arbitration.

As described in the posts linked above, Justice Alito's opinion in Stolt-Nielsen discussed the SCOTUS Bazzle opinion in some detail. And Chief Justice Roberts cited Bazzle in Lamps Plus as well.

Reading the Hidden Note: Silence and Ambiguity in Arbitration Contracts

A close reader may wonder what the difference between "silent" and "ambiguous" might be. After all, "silence" (the absence of a term) can often result in a contract being "ambiguous." As the South Carolina Court of Appeals has noted, where a contract is silent as to a particular matter, and ambiguity thereby arises, parol evidence may be admitted to supply the deficiency and establish the true intent.”Columbia East v. Bi-Lo

Stolt-Nielsen presented a unique instance of "silence," as the parties actually stipulated that their arbitration agreement did not speak to the question of class arbitration. In other words, that arbitration agreement was not susceptible to more than one interpretation on the issue of class arbitration because the parties agreed that the agreement was not susceptible of any interpretation on that point.

Lamps Plus: Everybody Knows Class Arbitration is Nowhere


Of note in Lamps Plus, the Opinion of the Court rejected the claim that the doctrine of contra preferentum, according to which a contractual ambiguity is construed against its drafter, could apply to compel class (rather than bilateral) arbitration. Previous SCOTUS opinions discussing the differences between bilateral and classwide arbitration (Concepcion, Epic Systems)  call into question whether there could ever be mutual consent to conduct classwide arbitration. Accordingly, because Lamps Plus could not have intended to consent to class arbitration, the fact that it may have drafted the arbitration agreement could not weigh in the balance. Chief Justice Roberts also characterized the canon as furthering public policy interests as opposed to discerning the parties' intent.  

This approach may strike South Carolina practitioners as passing strange, as we generally come to understand that 1) as described above, when an ambiguity arises in a contract, courts have the opportunity to determine the intent of the parties based in part upon the drafter of the contract; 2) if you are drafting a contract you get to put what you want in it; and 3) if you don't put a term (e.g. "no class arbitration") in a contract you're drafting, then whatever resulting ambiguity is on you.

That rationale certainly underscored the S.C. Supreme Court's decision in Bazzle:
Generally, if the terms of a contract are clear and unambiguous, this Court must enforce the contract according to its terms regardless of its wisdom or folly. Ambiguous language in a contract, however, should be construed liberally and interpreted strongly in favor of the non-drafting party. After all, the drafting party has the greater opportunity to prevent mistakes in meaning.  It is responsible for any ambiguity and should be the one to suffer from its shortcomings." (citations omitted).

Conclusion: When You're On the Losing End ...

Of course, SCOTUS vacated the S.C. Supreme Court's Bazzle decision, determining that the arbitrator (and not a court) should have determined whether class arbitration was warranted under the arbitration agreement. And the Lamps Plus rationale might foreclose class arbitration were Bazzle before a court today. 

Similarly, I am still trying to wrap my head around how the current SCOTUS would address Herron in the event that case arrived there under the right circumstances. Maybe I will try to work through that in a subsequent post.   

Tuesday, May 13, 2014

It’s Like Déjà Vu All Over Again: Yogi Berra On Information Security

 It is Spring again, and the national pastime is in full swing. This year Spring also brought knowledge of the Heartbleed Bug – another threat to the security of information stored and transmitted online.  And just as baseball is a fixture of the American landscape, so too unfortunately are data breaches and other information security threats.

As of April 29, 2014, the Identify Theft Resource Center (ITRC) has identified 260 breaches (affecting over 8 million records) that have taken place in 2014 alone. Likewise, the ITRC recorded 614 breaches in 2013, a 30% increase over the 470 breaches it reported in 2012.  Each new major data breach (think Target) is reminiscent of those that have come before it (Citibank, Sony, Heartland, Countrywide, etc.). 

MLB Hall of Fame catcher Yogi Berra, during his more than 50 years as a Major League player, manager and coach, offered (unwittingly or otherwise) baseball and its reading and listening public a great deal of wit and wisdom. In the spirit of the season, several of Berra’s “Yogi-isms” also offer guidance for businesses facing the challenges of protecting information.

“You can observe a lot by watching.” (Know Your Information and How and Where You Store It and Send It)

Information is an asset. You cannot protect information or use it effectively until you can locate and identify it, categorize it (determine its value), and track it:

  • Where is information stored in your organization, and where does it go within the company and beyond?
  • What information do you collect and store that is considered sensitive (at risk) and worthy of protection?
  • Who has access to sensitive information?
  • How is information currently being protected?
Mapping and assessing current information practices is a necessary step in creating an effective information security program.

“If you don’t know where you are going, you might end up somewhere else.” (Take Responsibility and Plan for Information Risks)

Every business needs to be prepared to respond to an event that could compromise its information or information systems (computers and computer networks):

  • Recognize that information security touches every part of the organization;
  • Designate one or more individuals with authority, responsibility, and accountability for managing and securing information;
  • Create, implement, and update policies and procedures to manage information risk, including but not limited to:

  • An incident response plan;
  • Business continuity arrangements;
  • Information retention and destruction policies consistent with corporate needs, legal responsibilities, and business risk.
  • Consider insurance policies particular to information risk; and
  • Deploy appropriate computer technology to prevent, detect, and manage threats.

“Never answer an anonymous letter.” (Train Your Employees to Detect Phishing Emails and Other Security Threats)

The threat to computer networks caused by “phishing” -- attempts to acquire sensitive information by pretending to be a reputable entity in an email -- is significant.  According to the latest Verizon Business Data Breach Report, over 95% of targeted attacks start with a phishing email.  The same Verizon Report makes a more startling observation: a phishing campaign that sends 20 emails has almost a 100% probability of getting at least one click.

All organizations must train their employees to be skeptical of suspicious emails, and to report suspected phishing messages. Employee training and awareness is a necessary component of an information security program, as are “layered security” or “defense-in-depth” mechanisms that may prevent or limit a system compromise brought about by clicking on a phishing email.

“If people don’t want to come to the ballpark, nobody’s going to stop them.” (Protecting Information is Good Business)

The damage that results when sensitive information is disclosed without authorization can take several forms. In addition to the financial and regulatory losses and burdens a company faces in the wake of a breach, the damage to its reputation may be the most significant and lasting. Losing a customer’s information compromises trust, a very valuable asset in a competitive market. Protecting information assets protects the value of the company.

Conclusion: “The future ain’t what it used to be.”

Effective information security is a moving target and an ongoing process that requires a combination of people, processes, and technology.  As the last several years have demonstrated over and over again, hackers and other threat actors continue to become more sophisticated and pervasive. As a result, standing still is not an option, and instead an organization must evaluate and update its security policies, training, and technology on a regular basis.

Friday, May 9, 2014

South Carolina Looks to Follow Vermont's Lead in Fighting Patent Trolls- Using State Law

A bill pending in the South Carolina General Assembly that would make "bad faith assertions of patent infringement" an "unfair trade practice" under South Carolina law got a "jurisdictional boost" from a recent Opinion and Order issued by a Vermont Federal Court judge.


The actions of patent-assertion entities (PAEs) that purportedly own patents and use litigation and the threat of litigation to enforce them are well-documented.  (For a brief description of the topic and some additional resources, click here). PAEs are referred to by their detractors as "patent trolls."

As a general proposition, patent law is exclusively federal in nature.  Congress has given the U.S. district courts original and exclusive jurisdiction, pursuant to 28 U.S. Section 1338, over any civil action related to patents. As a result, litigation involving the validity, infringement, and enforcement of patents must take place in federal district court.

Vermont's Efforts to Combat PAEs 

Despite the federal nature of patent law, the State of Vermont decided to try to use state law (on two fronts) to fight back against certain practices that take place prior to the initiation of patent infringement litigation.

Act No. 44

On May 22, 2013, Vermont enacted Act. No. 44 creating a private right of action and giving the attorney general civil enforcement action authority in the event of "bad faith assertions of patent infringement." Vermont was the first state to enact such a law, and several states have followed suit.

Act No. 44 does not define "bad faith assertions," but instead provides a court with a number of factors to be considered as evidence: a demand letter lacking the number of the held patent or factual allegations regarding the specific areas in which the demand letter recipient (the "target") infringes the patent; failure to conduct a due diligence comparison of the patent with the target's products, services, or technology; the demands in the letter are unreasonable; or the assertions made in the letter are meritless or deceptive.  The Act also lists a number of factors to be considered in order to determine that a holder has not made a bad faith assertion of patent infringement.

Vermont v. MPHJ Technology Investments, LLC

On the same day, the Vermont Attorney general served a company called MPHJ Technology Investments, LLC (MPHJ) with a Complaint filed in Vermont state court and alleging violations of the Vermont Consumer Protection Act. Of note, the lawsuit did not allege a violation of the statutory provisions created by Act. No. 44. 

As described more fully in the Complaint, MPHJ  and its subsidiaries sent a series of letters to various Vermont businesses regarding ownership of certain email scanning patents and demanding that the recipients purchase licenses or face infringement lawsuits.

The Complaint alleged that these letters were "false, deceptive and misleading" because (among other things): 1) MPHJ did no due diligence to determine whether "the recipients were likely infringers"; 2) small businesses in commercial fields unrelated to patent law were targeted; 3) contrary to its letters, MPHJ did not actually receive "a positive response regarding its licensing programs";  4) very few recipients had purchased licenses (not "many" or "most" as claimed in the letters); and 5) MPHJ had not filed a single lawsuit to enforce its patents.

MPHJ removed the case to Federal Court, based on federal question and diversity jurisdiction. Judge Sessions found no basis for federal court jurisdiction, and remanded the case to state court. First, Vermont's VCPA claim did not arise under federal patent law or create a substantial federal question. Broad brush, the claim that MPHJ acted in bad faith doesn't depend on any determination of federal law, but "is about consumer protection, not about patents."

With respect to diversity (which requires an action between "citizens of different states"), the State of Vermont is not considered a "citizen" for purposes of 28 U.S.C. Section 1332, and the Court rejected MPHJ's argument that the citizens of Vermont (not the State) were the "real parties in interest" in the case.  (For more on recent U.S. Supreme Court jurisprudence addressing "real party in interest" allegations, click here).

The case will now proceed toward a decision on the merits in state court. For a more complete description of the Vermont district court decision, please see this Corporate Counsel article.

South Carolina's Proposed Law

In December of last year, Representative Kirkman Finlay prefiled  H4371.  This legislation, which has been passed by the House, is currently being considered by the South Carolina Senate.  (The legislation underwent substantial revision in subcommittee, and in its current form is quite different from the version posted online).

H4371, entitled the "Bad Faith Assertion of Patent Infringement Act," makes sending a demand letter "alleging patent infringement in bad faith" an "unfair trade practice" under Section 39-5-20 of the South Carolina Unfair Trade Practices Act, and provides the remedies that exist currently in the SCUTPA. Like the Vermont law, the legislation gives the Attorney General the ability to bring actions to enforce the Act and provides both a number of factors for a court to consider as evidence that a "bad faith assertion of patent infringement" has taken place, as well as those factors tending to demonstrate that a person has not made such a bad faith assertion.


Should H4371 become law, plaintiffs in those state court actions filed to enforce its provisions will undoubtedly rely in part on the reasoning employed by Judge Sessions in challenging removal. One question that has not been addressed yet is whether the "bad faith" standard established by or applied according to a state law like Act No. 44 or H 4371 would be preempted by federal patent law.  See Globetrotter Software, Inc. v. Elan Computer Group, Inc.

Sunday, March 16, 2014

2013 S.C. Appellate Court Decisions Addressing Arbitration

  1. Introduction

(This is an adapted version of a presentation made at the S.C Bar Convention).

Each passing year brings more appellate court decisions, at the state and federal levels, addressing arbitration.  2013 was no exception. The South Carolina Supreme Court considered several issues of first impression, in the areas of arbitration award confirmation, “manifest disregard of the law,” and “evident partiality.”  And our appellate courts took up questions about whether arbitration claims are subject to the Federal Arbitration Act (“FAA”), the “unconscionability” of an agreement to arbitrate, waiver of the right to arbitrate, and the scope of an agreement to arbitrate.
  1. New Law

      1. Confirmation of Arbitration Award


    Henderson v. Summerville Ford-Mercury, Supreme Court, September 11, 2013

    Payment of an arbitration award does not prevent confirmation of the award.
    Purchaser and car Dealer arbitrated their SCUTPA and Dealers Act claims, and arbitrator found for Purchaser.  Dealer did not move to vacate, modify or correct the award.  Purchaser moved to confirm the arbitration award, and the circuit court granted the motion.
    The issue of first impression before the South Carolina Supreme Court was whether a party to an arbitration proceeding can prevent that award from being confirmed by paying the award prior to the confirmation proceeding.  Justice Beatty, writing for the Court, ruled (succinctly): “The answer is no.”
    Dealer argued that paying the award removed any “justiciable controversy” (based on the idea that the purpose of confirmation is to enter an enforceable judgment) and mooted the motion for confirmation. Purchaser responded that confirmation was mandated by S.C. Code Ann. Section 15-48-120 (found in the South Carolina Uniform Arbitration Act “UAA”), and necessary in order to conclude the action.
    Justice Beatty agreed with the Circuit Court that Section 15-48-120 made confirmation mandatory (absent a claim that the award be vacated, modified or corrected):
    Upon application of a party, the court shall confirm an award, unless within the time limits hereinafter imposed grounds are urged for vacating or modifying or correcting the award, in which case the court shall proceed as provided in §§ 15–48–130 [vacating award] and 15–48–140 [modification or correction of award].
    Confirmation is a “ministerial recording of the result” (the award) in an arbitration proceeding. And because both the UAA and the FAA use the term “shall”, confirmation is mandatory.
    Addressing Dealer’s mootness argument, Justice Beatty reasoned that “[c]onfirmation of an award is a distinguishable issue from a defendant’s payment or satisfaction of an award.” Accordingly, payment of an award is characterized as a “defense to any attempt to execute on a judgment,” and does not extinguish the right or obligation to confirm an award.
    Note also the Court’s holding that because confirmation is a procedural matter, the UAA’s confirmation statute (Section 15-48-120) applies instead of the FAA’s confirmation provision (9 U.S.C. Section 9).
      1. Manifest Disregard of the Law


    C-Sculptures, LLC v. Brown, Supreme Court, May 8, 2013

    This case marks the first instance in which a South Carolina appellate court has vacated an arbitration award pursuant to S.C. Code Ann. Section 15-48-130, based upon an arbitrator’s “manifest disregard of the law.”
    Contractor agreed to build a house for Buyers, at a contract price exceeding $800,000. Contractor possessed a license that limited its construction projects to those that did not exceed $100,000. Contractor filed an action in circuit court seeking to enforce a mechanic’s lien, and Buyers compelled the matter to arbitration.  
    Although Buyers moved to dismiss the arbitration based on the fact that Contractor did not have a “valid license” and therefore could not bring an action to enforce the contract pursuant to S.C. Code Ann. Section 40-11-370(C), the arbitrator disagreed and found for Contractor on the merits of the case.  Buyers challenged the award, alleging “manifest disregard of the law” on the part of the arbitrator.  The trial court and the Court of Appeals ruled against the Buyers.
    In reversing the decisions of the trial court and Court of Appeals, Justice Kittredge described the standard as follows:
    [F]or a court to vacate an arbitration award based upon an arbitrator’s “manifest disregard for the law”, the “governing law ignored by the arbitrator must be well defined, explicit, and clearly applicable.  Indeed, an arbitrator’s manifest disregard for the law, as a basis for vacating an arbitration award occurs when the arbitrator knew of a governing legal principle yet refused to apply it.
    Quoting Gissel v. Hart.
    Contractor admitted that it did not have the license required to perform the project, and the Court concluded that the arbitrator ignored “governing law” (Section 40-11-370(C)) that was “well defined, explicit, and clearly applicable” in refusing to grant Buyers’ motion to dismiss. In other words, because Section 40-11-370(C) plainly prevented Contractor from bringing a claim, the manifest disregard standard was met.
        Justice Pleicones dissented, pointing out that the clarity of Section 40-11-370(C) was not the question before the Court.  Instead, the “manifest disregard of law” analysis asks “whether the arbitrator knowingly refused to give the term its well-defined and explicit meaning.” (Emphasis added). While “valid license” in Section 40-11-370(C) may be unambiguous, that term had never been addressed before by the Court, and the cases referenced by the Majority did not address that provision.  As a result, the meaning was not so “explicit” that the Court could conclude that the arbitrator “knowingly refused” to apply it.
    Because manifest disregard of the law “presupposes something beyond a mere error in construing or applying the law,” Trident Technical College v. Lucas and Stubbs, 286 S.C. 98, 333 S.E.2d 781 (1985), under the Court’s “very limited scope of review” Justice Pleicones would have upheld the arbitrator’s award. In his view, showing that a party would have been successful on appeal is not enough to prevail in vacating an arbitration award under the “manifest disregard of law” standard.
        Keep in mind that the manifest disregard standard is applied on a case-by-case basis.
      1. Evident Partiality


    Crouch Construction v. Causey, Supreme Court, August 14, 2013

    This case involved the first consideration of the standard for “evident partiality” sufficient to vacate an arbitration award pursuant to S.C. Code Ann. Section 15-48-130(a)(2).
    A commercial dispute arose between a Contractor and the Owners of property related to the construction of a commercial building. The circuit court compelled arbitration based on an arbitration clause in the construction contract. The arbitrator determined that the Contractor was owed money under the construction contract.
    Before an order confirming the arbitration award was entered, Owners learned that an engineer employed by the company that had done an engineering report in connection with the construction project had a brother who was a law partner of the arbitrator. Owners subsequently filed a motion to vacate the arbitration award, based in part on the allegation that the arbitrator’s “failure to disclose his law partner’s familial relationship” with the employee of the engineering firm constituted “evident partiality.”
    The circuit court vacated the arbitration award, applying the standard in the South Carolina Code of Ethics for Arbitrators requiring disclosure of any relationship that “might reasonably create an appearance of partiality or bias,” and concluding that the “arbitrator’s conduct demonstrated evident partiality in favor of” the Contractor.
    The South Carolina Supreme Court certified the case per Rule 204(b), SCACR, and proceeded to consider the legal standard for “evident partiality” as a question of law to be reviewed de novo.  
    With respect to the circuit court’s reliance on the S.C. Code of Ethics for Arbitrators, Justice Kittredge concluded that the issue of whether a failure to disclose a conflict of interest “is unethical is separate and distinct from the issue of whether an arbitration award must be vacated due to evident partiality.” As such, the Code of Ethics does not provide “the proper legal standard for evaluating a claim of “evident partiality.”
    Because there is no South Carolina precedent addressing the “evident partiality” ground to vacate an award found in S.C. Code Ann. Section 15-48-130(a)(2), the Court decided to look to federal applications of “evident partiality” (as the language in FAA –Section 9 U.S.C. 10(a)(2)- is similar).
    Following the lead of federal case law, the Court required “the party seeking vacatur to demonstrate that a reasonable person would have to conclude that an arbitrator was partial to the other party to the arbitration.”  ANR Coal Co. v. Cogentrix of North Carolina.
    ANR Coal establishes a four-part test for evident partiality:
    1. the extent and character of the personal interest, pecuniary or otherwise, of the arbitrator in the proceeding;
    2. the directness of the relationship between the arbitrator and the party he is alleged to favor;
    3. the connection of that relationship to the arbitration; and
    4. the proximity in time between the relationship and the arbitration proceeding.
    Owners did not demonstrate evident partiality according to this standard.  First and foremost, the arbitrator was “unaware of the undisclosed relationship until several months after the arbitration award was made.”  Nor was the engineering firm a party to the arbitration, and the arbitrator had no direct relationship with the employee of the engineering firm.  Moreover, the employee of the engineering firm was not employed by the engineering firm during the time work was performed on the project.
        The decision of the Court is best summed up by the following: “Evident partiality, as a statutory ground to vacate an arbitration award, requires a strong and objective showing of probable arbitrator bias.” The circuit court’s use of the “appearance of bias” improperly shifted the burden of proof away from the party seeking to have the arbitration award set aside, and effectively required the Contractor to “disprove evident partiality.”
    1. Application of Existing Law


      1. Interstate Commerce


    Cape Romain Contractors, Inc. v. Wando E., LLC, Supreme Court, August 14, 2013


    The test for whether a contract concerns a “transaction involving interstate commerce” for purposes of arbitration under the FAA is not limited to a determination of whether the agreement “on its face” demonstrates that the parties contemplated an interstate transaction.
    A marina construction Contract between Contractor and Subcontractor provided for arbitration under the FAA.  When the Subcontractor sought to foreclose on its mechanic’s lien, Owner and the Contractor moved to compel arbitration.  Subcontractor opposed arbitration because 1) Owner was not a party to the Contract and could not compel arbitration; and 2) the arbitration clause was not enforceable under the FAA because the transaction did not impact interstate commerce.
    The circuit court refused to compel arbitration because performance of the Contract didn’t involve an impact on interstate commerce sufficient to trigger application of the FAA.  Moreover, the circuit court concluded that the Owner could not demonstrate a “special relationship” with one of the contracting parties sufficient to compel arbitration.
        Justice Kittredge disagreed.  First, this particular marina construction transaction is subject to arbitration under the FAA because it falls within the reach of the three categories of the Commerce Clause: 1) use of the channels of interstate commerce; 2) regulation of persons, things, or instrumentalities in interstate commerce; and 3) regulation of things having a substantial relation to interstate commerce.  United States v. Lopez.  The materials used to construct the dock were manufactured in Ohio, and the Contractor consulted with an out-of-state engineering and survey company in connection with the dock section installation.  The construction site is on the Wando River (within a channel of interstate commerce), and the Contractor used barges and other instrumentalities of interstate commerce to transport materials and equipment used in connection with the project.
        Accordingly, to the extent that Timms v. Greene required an arbitration agreement to demonstrate on its face that the parties contemplated an interstate transaction, this case overruled it.
        The Court then quickly determined that the disputes between the parties should be compelled to arbitration, and that the Contract’s plain language allowed the Owner to be joined as a party in the arbitration.
      1. Unconscionability

        1. York v. Dodgeland of Columbia, Court of Appeals, September 4, 2013

    An arbitration clause banning statutory remedies and allowing the stronger party judicial remedies that supersede consumer arbitration remedies is unconscionable, following the rule in Simpson v. MSA of Myrtle Beach, Inc. (Simpson”).
    Also, under the United States Supreme Court’s decision in AT&T Mobility LLC v. Concepcion (“Concepcion”), the FAA preempts any state law provision invalidating class action waivers on public policy grounds.
    The factual and procedural history of this case is so tortured that describing it would take more pages than the entire presentation.
    Unconscionability and Arbitration Agreements
    The test for unconscionability has two parts: "In South Carolina, unconscionability is defined as the absence of meaningful choice on the part of one party due to one-sided contract provisions, together with terms that are so oppressive that no reasonable person would make them and no fair and honest person would accept them." Simpson.  "In analyzing claims of unconscionability in the context of arbitration agreements, the Fourth Circuit [Court of Appeals] has instructed courts to focus generally on whether the arbitration clause is geared towards achieving an unbiased decision by a neutral decision-maker." Id.
    Suffice it is to say that an arbitration clause with one-sided and oppressive terms (like that considered by the S.C. Supreme Court in Simpson) is subject to being struck down as unconscionable. The language in one of the arbitration clauses in this case (“In no event shall the arbitrator be authorized to award punitive, exemplary, double, or treble damages (or any other damages which are punitive in nature or effect) against either party.”) was identical to that considered in Simpson.  In addition, another provision (also existing in the Simpson agreement) allowed the dealer to “retain repossession, foreclosure, and set-off rights, without regard to pending arbitration claims, while the claimant’s sole remedy was arbitration.”
    With respect to class action waivers in arbitration clauses, recall that in 2010 the South Carolina Supreme Court invalidated a provision in an arbitration agreement requiring purchasers to waive their right to participate in a “class action or multi-plaintiff or claimant action in court or through arbitration.” According to the first Herron v. Century BMW opinion, such a provision was inconsistent with the public policy of South Carolina as expressed in the Dealers Act and its specific provision allowing “group actions.”
    Subsequently the United States Supreme Court vacated Herron I and remanded same to the S.C. Supreme Court to reconsider its invalidation of the provision banning class arbitration in light of Concepcion.  Concepcion held that the FAA preempts state law when it “allows any party to a consumer contract to demand [classwide arbitration], notwithstanding the presence of a class arbitration waiver in an otherwise valid arbitration agreement.” 131 S.Ct. at 1750. On remand (Herron II), the South Carolina Supreme Court determined that the issue of preemption was not preserved for review, and reinstated its original opinion.
    So this York case represents the first time that the issue addressed by Concepcion has been presented to a South Carolina appellate court.  Accordingly, the Court of Appeals determined that two arbitration agreement provisions prohibiting class arbitration and representative actions were valid and enforceable.
        1. Smith v. D.R. Horton, Court of Appeals, April 17, 2013

    This decision affirmed a circuit court determination that an arbitration clause in a purchase agreement was unenforceable because it was unconscionable. 
    The Smiths filed a construction defect case against builder D.R. Horton ("Horton") in connection with a house they purchased from Horton.  Horton moved to compel arbitration based upon an arbitration clause found in Section 14(g) of the purchase agreement.  The arbitration clause was a subsection of the purchase agreement's Section 14 "Warranties and Dispute Resolution." The circuit court considered Section 14 "Warranties and Dispute Resolution" "as a whole," and denied Horton's motion to compel arbitration because certain provisions contained in Section 14 (not just in Section 14(g)) made the arbitration clause unconscionable.
    The Court of Appeals affirmed the circuit court's decision based upon "the supreme court's analysis in Simpson," and cited Section 14(c)'s disclaimer of certain warranties and Section 14(i)'s limitation of liability provisions as examples of "oppressive and one-sided provisions."
    Prima Paint, a Court's Limited Role in Considering Unconscionability, and Severability
    Horton claimed that the rule of Prima Paint Corp. v. Flood and Conklin Mfg. Co., (“Prima Paint”) prevented court consideration of other provisions in the purchase agreement outside the arbitration clause in making an unconscionability determination.  
    According to Prima Paint, the issue of contract validity (as opposed to the issue of the validity of an arbitration agreement found within that contract) is for the arbitrator, not the courts. Prima Paint’s rationale is that the FAA applies only to those agreements to arbitrate between parties, and therefore a court is empowered only to hear a “discrete challenge” to the parties’ arbitration agreement.  Justice Black, dissenting in Prima Paint, characterized the Court’s holding as “fantastic” and inconsistent with the language of § 2 of the FAA.  The Court of Appeals, perhaps echoing Justice Black, has referred previously to the Prima Paint rule as a “surprising result,” See New Hope Missionary Baptist Church v. Paragon Builders because the FAA empowers a court to hear an unconscionability challenge to an arbitration agreement that is part of a contract, but not the contract itself.
    In considering the purchase agreement, the Court of Appeals acknowledged the application of Prima Paint in South Carolina:   "'[A]n arbitration clause is separable from the contract in which it is embedded and the issue of its validity is distinct from the substantive validity of the contract as a whole.' Munoz v. Green Tree Fin. Corp. (citing Prima Paint).'" However, the Court of Appeals construed Horton's claim as seeking to sever the offending provisions from the purchase agreement and send the remainder of the purchase agreement to arbitration.  Accordingly, because the Simpson court determined that severability was not an appropriate remedy, the Court of Appeals declined to do so also. 
    Of course, Horton undoubtedly sees "separability" and "severability" as two very different things. Likewise, echoing Munoz, a ruling on whether the FAA applied to the purchase agreement might have brought the issue of separability into sharper focus.  However, the Court of Appeals did not address the issue of whether the FAA or the UAA applied to the purchase contract, based on its disposition of the case on unconscionability grounds.
        1. Gladden v. Palmetto Home Inspection Services, Supreme Court, March 27, 2013

    This is not a case about arbitration.  However, Justice Beattie’s dissent offers a pretty good survey on the ways in which a limitation of liability provision in a contract can be unconscionable and violate public policy.
      1. Waiver of the Right to Arbitrate


    Carlson v. S.C. State Plastering, Court of Appeals, June 12, 2013

    A party does not waive its right to arbitrate merely by engaging in litigation for over two years before seeking to compel arbitration.
    Homeowners entered into a purchase agreement with Developer to buy a Sun City house in Hilton Head. The purchase agreement had an arbitration clause. In September of 2008 Homeowners filed a lawsuit (one of 140 involving Sun City homes) alleging construction defects in the house’s stucco siding.  Developer’s answer alleged 1) Homeowners’ failure to comply with the Right to Cure Act; and 2) the claim was subject to arbitration.
    After a number of intervening events, including motions to dismiss, stays, and extensions in this case and in related stucco cases, on February 14, 2011 Developer moved to compel arbitration. On October 20, 2011 the circuit court denied the motion and ruled that the Developer had waived the right to compel arbitration based on the delay in filing the motion.
    Judge Williams reversed the circuit court, citing the three factors used to determine whether a party has waived its right to compel arbitration: 1) whether a substantial amount of time transpired between the commencement of the action and the filing of the motion to compel arbitration; 2) whether the party requesting arbitration engaged in extensive discovery before moving to compel arbitration; and 3) whether the non-moving party was prejudiced (not merely inconvenienced) by the delay in seeking arbitration. Davis v. KB Home of SC, Inc..
    Although over two years elapsed between the commencement of the action and the filing of the motion to compel arbitration, that delay was due in large part to the circuit court’s decision to address the Right to Cure Act issues first (and not due to any fault of the Developer). Addressing the second factor, no discovery of any type had taken place.  Accordingly, the lack of activity in the case meant that the Homeowners could show no prejudice as a result of the delay.
      1. Scope of the Arbitration Clause


    Landers v. FDIC, Supreme Court, February 27, 2013

    Tort claims that bear a “significant relationship” to an employment agreement fall within the scope of an agreement to arbitrate.
    Landers, a bank officer and director entered into a written employment agreement (containing an arbitration clause) with Bank. The arbitration clause provided that “Except matters contemplated by Section 17 below [Applicable Law and Choice of Forum], any controversy or claim arising out of relating to this contract, or the breach thereof, shall be settled by binding arbitration. . . . .”
    When the Bank’s finances unraveled during the “recent unpleasantness,” the Bank terminated Landers.  As described in some detail in the case, Landers and various bank personnel were not on the best of terms prior to and following his departure.
    Landers brought a lawsuit alleging 1) breach of contract/constructive termination; (2) slander/slander per se; (3) intentional infliction of emotional distress; (4) illegal proxy solicitation and (5) wrongful expulsion as a director. The circuit court granted the motion to compel arbitration of the breach of contract/constructive termination claim, but denied the motion with respect to the other causes of action, concluding that “there was not a significant relationship between the claims” and the employment agreement.
    Justice Kittredge reversed the decision of the circuit court, citing numerous federal court decisions.  In particular, the opinion points out that Landers “has provided a clear nexus between the underlying factual allegations of each of his claims and his inability to perform the employment Agreement and the alleged breach thereof, such that all of his causes of action bear a significant relationship to the Agreement.” For example, Landers’ allegations of slander and intentional infliction of emotional distress “directly related to Landers’ ability to perform his duties with Bank.” In sum, “Landers has essentially pled himself into a corner with respect to each of his claims.”
    To be sure, certain allegations of defamation, such as the statement that an individual is “the company drunk” (as cited in another case), might fall outside the coverage of an arbitration clause.  However, the connection between the alleged defamatory statements and Landers’ performance of his job, in combination with the strong presumptions in favor of arbitration and reading an arbitration clause broadly, created the “significant relationship” necessary to compel arbitration.