Thursday, August 27, 2020

The Sound of Silence: SCOTUS FAA Arbitration Rulings Upend the Way SC Courts Construe Contracts


Hello FAA, My Old Friend

South Carolina courts have frequently been called upon to consider the ways in which the Federal Arbitration Act (FAA) applies to those contracts containing clauses purporting to require arbitration.

The recent S.C Court of Appeals decision Grant v. Kuhn Chevrolet is the latest example.

The opinion and its result rests not on the application of South Carolina statutory or case law, but instead a line of United States Supreme Court (SCOTUS) cases applying the FAA to disputes over agreements to arbitrate. For some background and discussion on some of these cases, click here, here, or here.

While it may not be entirely remarkable to apply SCOTUS opinions in state court cases, the manner of contract interpretation mandated by SCOTUS for arbitration agreements is completely different than the way South Carolina courts interpret “everyday” contracts.

More specifically, these SCOTUS opinions explicitly prohibit the use of several contract interpretation tools routinely employed by South Carolina courts to assist in interpreting the intent of parties to a contract. As such, the FAA interpretation framework departs radically from many of the “contracting realities” familiar to South Carolina attorneys who draft and litigate contracts.

To highlight the effect of this departure, below is an analysis of how the Court of Appeals might have analyzed the disagreement between the parties using traditional contract construction tools in the absence of the FAA and its SCOTUS jurisprudence, contrasted with the result mandated by SCOTUS.

Background

Mr. Grant bought a Camaro from Kuhn Chevrolet, and the parties signed a purchase agreement. The purchase agreement contained an Arbitration Clause. Mr. Grant filed a lawsuit in circuit court, on behalf of himself and in a representative capacity, under the South Carolina Regulation of Manufacturers, Distributors, and Dealers Act (Dealers Act). The Dealers Act provides a particular right to have a claim heard on a class basis (language emphasized below):

SECTION 56-15-110. Suits for damages.

(1) In addition to temporary or permanent injunctive relief as provided in Section 56-15-40(3)(c), any person who shall be injured in his business or property by reason of anything forbidden in this chapter may sue therefor in the court of common pleas and shall recover double the actual damages by him sustained, and the cost of suit, including a reasonable attorney's fee.

(2) When such action is one of common or general interest to many persons or when the parties are numerous and it is impracticable to bring them all before the court, one or more may sue for the benefit of the whole, including actions for injunctive relief.

(3) In an action for money damages, if the jury finds that the defendant acted maliciously, the jury may award punitive damages not to exceed three times the actual damages.

(4) A final judgment, order or decree rendered against a person in any civil, criminal or administrative proceeding under the United States antitrust laws, under the Federal Trade Commission Act, or under this chapter shall constitute prima facie evidence against such person subject to the conditions of the United States Antitrust Law (15 U.S.C. 16).

Kuhn Chevrolet moved to compel bilateral arbitration pursuant to the Arbitration Clause in the purchase agreement:

ARBITRATION REQUIRED BY THIS AGREEMENT. The parties agree that instead of litigation in a court, any dispute, controversy or claim arising out of or relating to the sale of the motor vehicle or to this Purchase Order, including the validity or lack thereof of this contract, to any other document or agreement between the parties relating to sale of the motor vehicle, or to any other document or agreement between the parties relating to the motor vehicle, including the parties' retail installment contract, if any, shall be settled by binding arbitration administered by the [AAA] under its Commercial Arbitration Rules. Such arbitration shall be conducted in Columbia, SC. Each party will pay its own costs, and any filing fee charged by the [AAA] shall be split evenly between the parties. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.

Grant responded that the circuit court should deny the motion to compel arbitration, or compel class arbitration. The circuit court compelled class arbitration, inferring the parties consent to class arbitration because the parties’ purchase agreement is subject to the Dealers Act, and because the Dealers Act allows for class actions as highlighted above.

The Court of Appeals, citing several SCOTUS rulings determined that Mr. Grant was required to conduct “bilateral” arbitration, as opposed to “class arbitration” as ordered by the circuit court.

The "Everyday" Contract Interpretation Analysis of the Arbitration Clause

Sometimes I am Right, and I Can be Wrong ...

South Carolina courts are called upon to interpret contracts, with an eye towards determining the parties’ intent. That intent is best shown in the plain language of the contract (what it says), but if the language is ambiguous, or non-existent, judges have various tools to use in order to determine that intent (what it means).

This interpretation process is explained in some detail in Columbia East Assocs. v. Bi-Lo, Inc. I have blessedly removed other citations nested in the case.

“Once a contract is before the court for interpretation, the main concern of the court is to give effect to the intention of the parties. The courts, in attempting to ascertain this intention, will endeavor to determine the situation of the parties, as well as their purposes, at the time the contract was entered.”

The S.C. General Assembly has been quite clear in establishing the rights of consumers vis a vis dealers in car sales contracts (by enacting the Dealers Act and including the provision cited abov), and as a result our appellate courts recognize the need to view them with “considerable skepticism”. Simpson v. MSA of Myrtle Beach.

“The intention of the parties must be inferred from the whole agreement. If a writing, on its face, appears to express the whole agreement between the parties, parol evidence cannot be admitted to add another term thereto.”

In other words, if the parties have “said” all the material terms by putting them in the contract, then there is no reason to look outside the contract for extrinsic evidence to add to or take away from those terms.

“However, where a contract is silent as to a particular matter, and ambiguity thereby arises, parol evidence may be admitted to supply the deficiency and establish the true intent. For, generally, parol evidence is admissible to show the true meaning of an ambiguous written contract. Such a contract is one capable of being understood in more ways than just one, or an agreement unclear in meaning because it expresses its purpose in an indefinite manner. When an agreement is ambiguous, the court may consider the circumstances surrounding its execution in determining the intent.”

South Carolina courts recognize that silence in a contract is an ambiguity, and that the court may look for extrinsic evidence to glean intent and fill in the gaps. The Arbitration Clause most certainly appears to be silent with respect to whether the parties intended for the arbitration to be conducted on a class basis. The terms “class arbitration” and “bilateral arbitration” do not appear in the Arbitration Clause (or in the FAA, by the way), and the Arbitration Clause contains no language purporting to be a waiver of “class arbitration,” by reference to the Dealers Act or otherwise. Sure, you can argue (and I am sure the Kuhn Chevrolet attorneys did) that “the parties” referred to Mr. Grant and the dealership, and not a class. But that reading does not square with the application of the Dealers Act.

To that point, it is also unclear whether the parties intended for the arbitration panel to hear Mr. Grant’s Dealers Act claim. The plain language of the Arbitration Clause states that “any dispute, controversy or claim …” relating to this matter would be “settled by binding arbitration” “instead of litigation in a court”.

A reasonable reading of that language suggests that Mr. Grant could bring whatever claims he would have raised in a court (including the Dealers Act claim) before an arbitration panel. Crucially, Mr. Grant did not explicitly waive his Dealers Act claim in the Arbitration Clause.

Accordingly, a court could read the language in the Arbitration Clause (“any dispute, controversy or claim …”) together with the language in the Dealers Act to compel arbitration that included that particular claim, and allow the claim to go forward on a class basis. Among other reasons, allowing Grant to pursue his Dealers Act claim is consistent with the general rule that South Carolina courts will not enforce a contract which violates public policy or statutory law.  Carolina Care Plan v. United HealthCare Services In essence, that is what the circuit court did in Grant.

Where the contract is susceptible of more than one interpretation, the ambiguity will be resolved against the party who prepared the contract.

Clearly Kuhn Chevrolet prepared the Arbitration Clause. Consistent with that doctrine of contra proferentem, 1) if you are drafting a contract you get to put what you want in it; and 2) if you don't put a term (e.g. "no class arbitration") in a contract you're drafting, then whatever resulting ambiguity is going to be construed against you. In other words, don’t make the court conduct an interpretation exercise when you could have rendered that exercise moot by providing plain, clear language.

Based upon all of the above, a South Carolina court could compel class arbitration (and the circuit court did).

But Everybody Wants You, to be Just Like Them: the SCOTUS Interpretation of the Arbitration Clause Pursuant to the FAA

I am aware I don't have a consistent music theme for this post.

Of course, the actual Grant decision produces a different result, based principally on the rationale announced in three cases addressing the FAA: Stolt-Nielsen, Concepcion, and Lamps Plus

Because the Arbitration Clause is silent with respect to class arbitration, the circuit court could not infer the parties’ consent to class arbitration from the Dealers Act. Instead, in order to justify class arbitration, an arbitration agreement must show an “affirmative contractual basis” showing a party’s consent to class arbitration. The Arbitration Clause contained no such “affirmative contractual basis,” and therefore the parties must conduct bilateral arbitration:

Therefore, "courts may not infer consent to participate in class arbitration absent an affirmative 'contractual basis for concluding that the party agreed to do so.'" Lamps Plus, 139 S. Ct. at 1416 (quoting Stolt-Nielsen, 559 U.S. at 684)). "Neither silence nor ambiguity provides a sufficient basis for concluding that parties to an arbitration agreement agreed to undermine the central benefits of arbitration itself." Id. at 1417.

Note that neither the Grant opinion nor the language of the SCOTUS cases cited therein makes reference to any actual text of the FAA. The authority stems directly from those opinions interpreting the FAA. 

For better or worse, the Lamps Plus and Stolt-Nielsen rulings remove the contract interpretation tools described above from the toolbox of South Carolina judges hearing cases involving the FAA. In their place, SCOTUS hands South Carolina courts one extrinsic evidence tool- the FAA’s policy favoring bilateral arbitration.

Additionally, and although it does not appear to have been addressed in Grant, SCOTUS removed another traditional construction tool- the proposition that an ambiguity in a contract is construed against its drafter. In  Lamps Plus, SCOTUS rejected the claim that the doctrine of contra proferentum could apply to compel class arbitration. Chief Justice Roberts also characterized the canon as furthering public policy interests as opposed to discerning the parties' intent. I have read that part of the Lamps Plus opinion numerous times, and I have no idea what it means- other than the result it mandates.

The Court of Appeals could not consider 1) the absence of the terms “bilateral arbitration” or “class arbitration” in the Arbitration Clause; 2) the language of the Arbitration Clause referencing that “any dispute, controversy or claim …” relating to this matter would be “settled by binding arbitration” “instead of litigation in a court”; 3) the public policy of South Carolina set out in the specific rights established by the General Assembly in the Dealers Act and expressed by our appellate courts; or 5) the proposition that any ambiguities in the Arbitration Clause were the responsibility of its drafter. 

Instead, the Arbitration Clause’s “silence” on one point ended the inquiry.

And I guess that is because the intent of the FAA to require bilateral arbitration and not class arbitration is presumably so clear, and crowds out any other potential analysis. But the FAA is just as extrinsic to the parties’ Arbitration Clause as the Dealer’s Act is. (The FAA is not mentioned in the Arbitration Clause). And federal law certainly trumps state law in various circumstances, but this doesn't operate like preemption.

Read for yourself what the FAA says about bilateral arbitration and class arbitration.

Conclusion: Blindsided in Plain Sight


You Knew I Would Plug My Own Version, Too

If all South Carolina courts must analyze arbitration agreements using a different set of tools than all other contracts, then how does the FAA put arbitration contracts “on equal footing with all other contracts”? Buckeye Check Cashing, Inc. v. Cardegna.

The answer to that question is clearly above my pay grade. The bottom line, however, is that South Carolina lawyers who draft and litigate contracts without knowledge of the way SCOTUS has interpreted the FAA will most certainly be blindsided by a most deafening silence.



Friday, November 15, 2019

USDA Issues Interim Final Rule Establishing Domestic Hemp Production Program: Next Steps in South Carolina



On October 28, 2019, the Agricultural Marketing Service of the United States Department of  Agriculture (USDA) issued an Interim Final Rule for the Establishment of a Domestic Hemp Production Program as required by the Agricultural Improvement Act of 2018 (2018 Farm Bill).

The Interim Rule went into effect October 31, 2019 and is effective through November 1, 2021. The USDA is accepting comments on the Interim Final Rule until December 30, 2019. The South Carolina Department of Agriculture indicates that it plans to submit comments to the USDA no later than December 16, 2019. Following the comment period, the SCDA may submit a plan to the USDA for approval. The Interim Final Rule requires the USDA to approve or disapprove a plan submitted by the SCDA no later than 60 days after its submission.

For more on the 2018 Farm Bill’s provisions related to commercial hemp and the South Carolina Hemp Farming Act enacted following the 2018 Farm Bill, click here.

The Interim Final Rule and South Carolina

State plans submitted to the USDA for approval must contain certain provisions set out in the Interim Final Rule, including licensing requirements, maintaining information on land used for production, testing procedures to determine THC concentration levels, procedures for disposing of non-compliant plants, and compliance and violation procedures. For those States and Indian Tribes without approved plans, the USDA will establish a hemp regulation plan.

Licensing. The South Carolina Hemp Farming Act contains various licensing requirements, which will undoubtedly be incorporated into the plan submitted by the SCDA to the USDA.

Information on Land Used to Produce Hemp. The SCDA will have to collect and maintain (for at least three years) information on hemp production sites, including a legal description of land and its geospatial location (given that many rural areas lack specific addresses). Licensed hemp producers must report hemp crop acreage to the USDA Farm Service Agency (FSA).

Sampling and Testing of THC. Cannabis with a concentration of no more than 0.3% THC is considered hemp, and not marijuana (a Schedule 1 drug and controlled substance). The Interim Rule requires hemp samples to be collected within 15 days before the anticipated harvest for THC concentration testing. Testing must be conducted by a “DEA-registered laboratory using a reliable methodology for testing the THC level.”

Because there is some uncertainty inherent in all testing, the “acceptable hemp THC level” extends to cover the distribution or range of uncertainty. (If a test has a range of uncertainty of +/- 0.05, then a measured THC level of 0.34% for a sample would be considered hemp).

Disposal of Non-Compliant Plants. Material exceeding the “acceptable hemp THC level” is considered marijuana, and must be disposed of consistent with the Controlled Substances Act and DEA regulations.

Compliance Procedures: “Reasonable Efforts,” “Negligent Violations,” and “Intentionally, Knowingly, or with Recklessness”. The Interim Rule requires the South Carolina plan to address procedures to identify and correct negligent acts, which include failing to provide a legal description of hemp production land, failure to obtain a required license or authorization, and producing plants exceeding the acceptable THC level. More particularly:
  • if a producer uses reasonable efforts to grow hemp, but produces plants exceeding the 0.3% THC threshold but having no more than 0.5% THC, then that producer does not commit a negligent violation;
  • a negligent violation requires a corrective action plan;
  • negligent violations are not subject to criminal enforcement action by local, Tribal, State, or Federal governmental authorities; and
  • intentional, knowing, or reckless acts must be reported immediately to the Attorney General and the chief law enforcement officer of the State or Tribe.
Because the production of cannabis exceeding the “acceptable hemp THC level” is considered a “negligent violation” under 7 CFR Section 990.6(b), and because 7 CFR Section 990.6(c)(3) specifies that a producer committing a “negligent violation” is not subject to any criminal enforcement action, the South Carolina Attorney General may be revisiting a June 10, 2019 Opinion on SC Hemp Farming Act.


Conclusion 

The SC plan to implement the 2018 Farm Bill and the Interim Final Rule presumably will provide a more clear framework for licensed hemp operations in South Carolina.

Friday, May 31, 2019

The SC Insurance Data Security Act: Ask Some Questions to Evaluate Your Security Program



The South Carolina Insurance Data Security Act (“Act”), fashioned after the NAIC Insurance Data Security Model Law (Model Law), went into effect on January 1, 2019. South Carolina was the first state in the nation to pass this legislation, and others (Ohio, Mississippi), have followed suit.

The Act requires that each South Carolina person licensed or authorized by the South Carolina Department of Insurance (DOI) a “Licensee” must implement, no later than July 1, 2019, a “comprehensive written information security program” (“Program”) designed to protect nonpublic information (NPI) and the security of the Licensee’s information system.

In addition, the Act requires a Licensee to report to the Director of the DOI within 72 hours following an actual or potential “cybersecurity event.” S.C. Code Section 38-99-40(A) (Section 6(A) of the Model Act).

While South Carolina Licensees (hopefully) are well down the path to meeting the Act’s requirements, the following may be useful for insurance businesses in other jurisdictions who may face compliance with a version of the Model Law in the future. More broadly, the questions that the Act forces insurance businesses to answer are useful for any business seeking to implement, evaluate, or improve its information security program. 

1.     Who is Responsible for Your Information Security Program?

The Act requires that each Licensee “designate one or more employees, an affiliate, or an outside vendor designated to act on behalf of the Licensee who is responsible for the information security program.” S.C. Code Section 38-99-20(C)(1) [Section 4(C)(1) of the Model Act].

More particularly, S.C. Code Section 38-99-40(B)(13) [Section 6(B)(13) of the Model Act] requires a Licensee, following a cybersecurity event, to provide the director of the DOI with “the name of a contact person who is both familiar with the cybersecurity event and authorized to act on behalf of the licensee.” 
Where Does the Security Buck Stop?

The Act, like many other statutory and regulatory provisions designed to protect sensitive information and information systems (for example the Gramm-Leach-Bliley Act Safeguards Rule and the New York State DFS Cybersecurity Requirements for Financial Services Companies) recognizes that no effective information security program happens without appropriate oversight and responsibility.

2.     Are You Conducting Ongoing Risk Assessments?

In order to develop the Program required by the Act, a Licensee must first determine those information risks (threats) it faces, and then choose those measures it will implement in order to address those risks.

In fact, the Act explicitly anticipates that a Licensee’s Program will be “based on the licensee’s risk assessment.” S.C. Code Ann. Section 38-99-20(A) [Section 4(A) of the Model Act]. The Act goes further, setting out some of the things that an appropriate risk assessment will address, including:
  • Identifying internal and external threats (including those faced by third-party service providers) that could compromise NPI;
  • Determining how likely and how potentially damaging those threats may be, in view of how sensitive the NPI is;
  • Evaluating how well your policies, procedures, information systems, and other protections work in managing these threats;
  • Detecting, preventing, and responding to attacks, intrusions, and other system failures; and
  • Implementing safeguards identified in an ongoing risk assessment, and revisiting those safeguards at least annually.

The Act does not require that an independent party conduct a risk assessment, but consider whether an “in-house” evaluation could be robust enough to provide meaningful feedback, or withstand scrutiny by a regulator.  

3.     What Nonpublic Information Do You Collect, Store, and Share?

The Act requires each Licensee create a Program for the “protection of” NPI. S.C. Code Section 38-99-20(A), [Model Act Section 4(B)]. Broad brush, the Act defines NPI as information that is not publicly available and that meets certain other characteristics. Of course, other applicable laws, and your own business interests may determine what your organization considers NPI or information worthy of protection.

If you do not know what NPI you store, where and how you store it, and who and what is responsible for protecting that NPI, then you cannot quickly or effectively respond when NPI goes missing or is compromised. More generally, you cannot make a plan to protect NPI unless and until you have answered these questions.


Have you created a written document that maps NPI and other sensitive information (visually and otherwise) by the places (servers, physical locations, etc.) where it is stored, inventories that information, identifies who is responsible for managing that information, and classifies the information based on how sensitive or important it is?

4.     How Do You Protect NPI When You Store It and Share It?

When you store NPI or send NPI outside your business, do you employ encryption technologies to secure that NPI?

The Act mentions a number of potential security measures that Licensees should consider and implement as appropriate. In particular, the Act recommends, “protecting by encryption or other appropriate means, all nonpublic information while being transmitted over an external network and all nonpublic information stored on a laptop computer or other portable computing or storage device or media.” S.C. Code Section 38-99-20(D)(2)(d), [Model Act Section 4(D)(2)(d)].

Notably, the Act excludes encrypted NPI from the definition of a “cybersecurity event” as long as the “encryption key” is not compromised. S.C. Code Section 38-99-10(3), [Model Act Section 3(D)].
Other regulatory frameworks provide similar “safe harbors” for properly encrypted NPI.

5.     How Do You Limit Access to NPI?

The Act recognizes that one potential threat to the security of NPI arises not from outside hackers, but from inside an organization.

Accordingly, the Act suggests “placing access controls on information systems, including controls to authenticate and permit access only to authorized individuals to protect against the unauthorized acquisition of nonpublic information.” S.C. Code Section 38-99-20(D)(2)(a), [Model Act Section 4(D)(2)(a)].

Access controls ensure the principle of least privilege — meaning an employee only has access to that information necessary for her to perform her job. Giving all employees access to NPI outside of their normal job function can create a potential cybersecurity event.


6.     With Whom Are You Sharing NPI?

The Act requires a Licensee to “exercise due diligence” selecting any third-party service provider that will have access to NPI, and further to require any such third-party service provider to implement appropriate measures to secure information systems and NPI. S.C. Code Section 38-99-20(F), [Model Act Section 4(F)].

A written agreement between a business and any third-party service provider handling NPI is necessary to set out appropriate obligations and remedies. For more on appropriate vendor management, click here.

7.     Do You Have an Incident Response Plan?

The Act requires a Licensee to “establish a written incident response plan” as part of its Program, (S.C. Code Section 38-99-20(H)(1)) [Model Act Section 4(H)] , and lists a number of elements that must be included in that plan, including:

  •         the process for responding to a cybersecurity event,
  •         the goals of an incident response plan,
  •         defining roles, responsibility, and decision-making authority during an event,
  •         identifying requirements for addressing weaknesses, and
  •         documenting and reporting cybersecurity events and incident response activities.
The Act recognizes that the mere act of creating an incident response plan in advance allows an organization to respond more effectively following a cybersecurity event.


As Nassim Nicholas Taleb notes,
“It is preferable to take risks one understands than understand risks one is taking.”
Conclusion

South Carolina insurance Licensees are complying with the Act because they have to. However, the requirements of the Act embody fundamental security concepts and controls that apply to any organization that stores and shares NPI.

Thursday, May 23, 2019

Legalized, But Regulated: Commercial Hemp in South Carolina


On December 20, 2018 the Agricultural Improvement Act of 2018 (the "2018 Farm Bill") became law.  Following closely on the heels of the 2018 Farm Bill, on March 28, 2019 the South Carolina Hemp Farming Act ("S.C. Hemp Farming Act") was signed into law. 

The following is a brief overview of the status of hemp (also called "commercial hemp" or "industrial hemp") farming and regulation in South Carolina in the wake of the 2018 Farm Bill and the S.C. Hemp Farming Act.

Background

The terms "hemp" (which has non-drug connotations and uses) and "marijuana" (no further explanation necessary) describe the same plant genus: cannabis. The difference between the two is generally based on the relative amount of tetrahydrocannabinol (THC) contained in the plant. Hemp plants are cultivated to produce fiber and seeds and very little if any THC. Marijuana plants, on the other hand, are cultivated to produce more THC. THC, of course, is the main psychoactive part of the plant.

Historically, U.S. federal and state law has recognized no distinction between hemp and marijuana.  Beginning with the Marihuana Tax Act in 1937, and then under the terms of the 1970 Controlled Substances Act, all "cannabis" has been considered to be illegal. More particularly, cannabis is designated by the Drug Enforcement Administration (DEA) as a "Schedule 1" drug.  

Of course, cannabis' status as an illegal drug prevented farmers from growing it as a crop. Accordingly, interested parties also missed out on the significant benefits that the creators of agricultural commodities enjoy, such as farm subsidies, nutritional assistance, and crop insurance.

The 2014 Farm Bill and Hemp Pilot Programs

The 2014 Farm Bill created a little daylight between hemp and marijuana, recognizing that some cannabis is not in fact a psychoactive drug, and allowing a limited number of hemp "cultivators" to operate under various state hemp pilot programs. In particular, the 2014 Farm Bill limited these pilot programs to cannabis containing no more than 0.3% of THC, and put numerous limitations and conditions on the number of pilot program licensees, the allowable acreage for hemp cultivation, and the uses for which cultivated hemp could be employed.

Consistent with the 2014 Farm Bill, the South Carolina Department of Agriculture ("SCDA") instituted its  Hemp Pilot Program.   Following the most recent application process, the SCDA selected 40 growers from 161 applications:




The Effects of the 2018 Farm Bill and the Hemp Farming Act

The 2018 Farm Bill legalized hemp production nationwide, continuing the distinction between hemp and marijuana based on THC content established in the 2014 Farm Bill. The 2018 Farm Bill facilitates the interstate commerce of hemp by making clear that no state (or tribal government) can prohibit the transportation of hemp through its territory.

Significantly, the 2018 Farm Bill treats hemp like other agricultural crops, adding hemp to various crop and agricultural materials programs administered by the United States Department of Agriculture ("USDA").

However, while hemp production is now legal, that production (cultivation, handling, and processing) is subject to a very strict licensing and regulatory regime. Notably (and understandably), licensed persons must ensure that hemp does not become marijuana (very much still a Schedule 1 drug) by virtue of its THC content. The 2018 Farm Bill gives states like South Carolina the ability to submit a state hemp plan to the USDA for approval.

Accordingly, the Hemp Farming Act directs the SCDA to submit a state hemp plan to the USDA.

Similarly, hemp farming is is no longer limited to a pilot program, but the Hemp Farming Act makes any hemp production illegal unless an appropriate license is obtained from the SCDA.  Key to the regulatory scheme is determining what part of the production chain a particular person or organization occupies:

Cultivation

Any person involved with "planting, watering, growing, and harvesting a plant or a crop" (S.C. Code Section 46-55-10(4)) of hemp will be required to obtain a S.C. hemp license.  

Handling

"Handling' means possessing or storing hemp for any period of time. 'Handling' also includes possessing or storing hemp in a vehicle for any period of time other than during its actual transport from the premises of a licensed person to cultivate or process industrial hemp to the premises of another licensed person. 'Handling' does not mean possessing or storing finished hemp products." (S.C. Code Section 46-55-10(7)). 

Processing

This term means "converting an agricultural commodity into a marketable form." 
S.C. Code Section 46-55-10(12).

Conclusion

While hemp production is now legal in South Carolina, any person involved at any stage of its production must ensure that all provisions of the Hemp Farming Act are met. 


In particular, any person who touches hemp at any point during its production should ensure, through appropriate contractual and other due diligence actions, that all licenses have been obtained and that all applicable requirements are followed.


Sunday, May 12, 2019

It's All "Backup" Nowadays? Wrestling With the Stored Communications Act

Shoulda' Seen My Servers ....


Disputes of all kinds (between individuals, between businesses, between individuals and businesses, etc.) often highlight who said what to whom. In the information age, what better place to look for what has been said than in email communications? And as is often the case in litigation between jilted lovers and former business partners (acting like jilted lovers?), one party either has or can guess the email password of the other.

However, attorneys and their clients must be very careful in gaining access to email communications to which they are not a party. The Stored Communications Act (SCA), a 1986 federal statute  prohibiting unauthorized access to emails in certain circumstances, has been given very different readings by the South Carolina Supreme Court and the Fourth Circuit Court of Appeals.

The SCA


The SCA provides a civil cause of action against anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided . . . and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system[.]” 18 U.S.C. § 2701(a)(1).

The SCA defines "electronic storage" as:

(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication[.]
18 U.S.C. § 2510(17).

Email is unquestionably "an electronic communication," and the "temporary" storage described in 18 U.S.C. § 2510(17)(A) does not come into play (at least in the current prevailing view of the SCA), leaving courts to consider whether whether emails are in "electronic storage" for "purposes of backup protection."

South Carolina Supreme Court: Web-Based Emails Are Not "Backup"


In 2012, the South Carolina Supreme Court, in Jennings v. Jennings,  reviewed a decision of the S.C. Court of Appeals concluding that emails in Mr. Jennings' Yahoo! account were in "electronic storage," and that therefore the SCA had been violated when those emails were accessed. For more on the Court of Appeals' opinion, click here.

Justice Hearn rejected the rationale of the Court of Appeals that Mr. Jennings' single copies of previously opened Yahoo! emails were stored "for purposes of backup protection" pursuant to 18 U.S.C. § 2510(17)(B):  


"We decline to hold that retaining an opened e-mail constitutes storing it for backup protection under the Act."  

Employing the ordinary meaning of "backup" as "one that serves as a substitute or support," Justice Hearn reasoned that since Mr. Jennings left the only versions of these emails on the Yahoo! server, (and did not download them to a device or save them elsewhere), there were no "backup" copies of these messages (at least as far as Mr. Jennings was concerned). Therefore, the messages were not in "electronic storage," and there was no violation of the SCA. 

Notably, in concurrence with the result, Justices Toal and Pleicones offered different constructions of the SCA than Justice Hearn, underscoring the difficulty courts have making sense of a law originally enacted in 1986. For more on the S.C. Supreme Court's opinion, click here.

The 4th Circuit- Web-Based Emails Are "Backup"


On March 6, 2019, the 4th Circuit took a much broader view of "backup," concluding in Hately v. Watts that delivered and opened emails retained on a Gmail server were "stored for purposes of backup protection" and therefore subject to the SCA. Broad brush, there are numerous "backup" copies created of each web-based email message (and used for the "backup" purposes of both the user and the email provider), as web-based email platforms store messages until their users want to destroy them.  

More fundamentally, email messages don't really "substitute"or "support" any "original," so that framework (there has to be an original in order to have a "backup") loses its relevance (or resonance) when moving from analog to digital. (This is some of the same debate that takes place in the context of using electronic documents pursuant to the eSign Act or the South Carolina Uniform Electronic Transactions Act, or even more broadly the double-spend problem presented by digital currencies, but we can dive a little deeper into that another time). 


Well, They Were "Backup" For a Time - To a True Original

Conclusion: Know Your Court-- and Proceed With Caution


Decisions of the 4th Circuit Court of Appeals are only binding on South Carolina federal courts. and are not considered precedent in S.C. state courts. However, given the different constructions of the SCA provided by the South Carolina Court of Appeals, three justices of the South Carolina Supreme Court, and the 4th Circuit Court of Appeals, relying on one particular view of the SCA to support access to someone else's email is risky at best. 


Tuesday, May 7, 2019

Lamps Plus and Class Arbitration: A Journey Through Some South Carolina Past

But Bazzle Keeps Coming Back Up ....

Introduction: Class Arbitration Castles Burning ....

   

Years ago this platform discussed at some length how more than one United States Supreme Court (SCOTUS) decision has considered the South Carolina Supreme Court's decision in Bazzle: in the context of who decides issues of arbitrability, as well as whether arbitration agreements allow classwide arbitration.

(For that background, click here. For a broader survey of arbitration and class actions in the context of SCOTUS and South Carolina-- at least at that point in time-- click here).

SCOTUS recently took up the issue of class arbitration again, ruling in Lamps Plus that an ambiguous contract to arbitrate could not authorize class arbitration. Lamps Plus extended the rationale of Stolt-Nielsen, a 2010 SCOTUS decision concluding that an agreement that is "silent" on the question of class arbitration could not compel the parties to classwide arbitration.

As described in the posts linked above, Justice Alito's opinion in Stolt-Nielsen discussed the SCOTUS Bazzle opinion in some detail. And Chief Justice Roberts cited Bazzle in Lamps Plus as well.

Reading the Hidden Note: Silence and Ambiguity in Arbitration Contracts


A close reader may wonder what the difference between "silent" and "ambiguous" might be. After all, "silence" (the absence of a term) can often result in a contract being "ambiguous." As the South Carolina Court of Appeals has noted, where a contract is silent as to a particular matter, and ambiguity thereby arises, parol evidence may be admitted to supply the deficiency and establish the true intent.”Columbia East v. Bi-Lo

Stolt-Nielsen presented a unique instance of "silence," as the parties actually stipulated that their arbitration agreement did not speak to the question of class arbitration. In other words, that arbitration agreement was not susceptible to more than one interpretation on the issue of class arbitration because the parties agreed that the agreement was not susceptible of any interpretation on that point.

Lamps Plus: Everybody Knows Class Arbitration is Nowhere


Of note in Lamps Plus, the Opinion of the Court rejected the claim that the doctrine of contra preferentum, according to which a contractual ambiguity is construed against its drafter, could apply to compel class (rather than bilateral) arbitration. Previous SCOTUS opinions discussing the differences between bilateral and classwide arbitration (Concepcion, Epic Systems)  call into question whether there could ever be mutual consent to conduct classwide arbitration. Accordingly, because Lamps Plus could not have intended to consent to class arbitration, the fact that it may have drafted the arbitration agreement could not weigh in the balance. Chief Justice Roberts also characterized the canon as furthering public policy interests as opposed to discerning the parties' intent.  

This approach may strike South Carolina practitioners as passing strange, as we generally come to understand that 1) as described above, when an ambiguity arises in a contract, courts have the opportunity to determine the intent of the parties based in part upon the drafter of the contract; 2) if you are drafting a contract you get to put what you want in it; and 3) if you don't put a term (e.g. "no class arbitration") in a contract you're drafting, then whatever resulting ambiguity is on you.

That rationale certainly underscored the S.C. Supreme Court's decision in Bazzle:
Generally, if the terms of a contract are clear and unambiguous, this Court must enforce the contract according to its terms regardless of its wisdom or folly. Ambiguous language in a contract, however, should be construed liberally and interpreted strongly in favor of the non-drafting party. After all, the drafting party has the greater opportunity to prevent mistakes in meaning.  It is responsible for any ambiguity and should be the one to suffer from its shortcomings." (citations omitted).

Conclusion: When You're On the Losing End ...


Of course, SCOTUS vacated the S.C. Supreme Court's Bazzle decision, determining that the arbitrator (and not a court) should have determined whether class arbitration was warranted under the arbitration agreement. And the Lamps Plus rationale might foreclose class arbitration were Bazzle before a court today. 

Similarly, I am still trying to wrap my head around how the current SCOTUS would address Herron in the event that case arrived there under the right circumstances. Maybe I will try to work through that in a subsequent post.   

Tuesday, May 13, 2014

It’s Like Déjà Vu All Over Again: Yogi Berra On Information Security



 It is Spring again, and the national pastime is in full swing. This year Spring also brought knowledge of the Heartbleed Bug – another threat to the security of information stored and transmitted online.  And just as baseball is a fixture of the American landscape, so too unfortunately are data breaches and other information security threats.

As of April 29, 2014, the Identify Theft Resource Center (ITRC) has identified 260 breaches (affecting over 8 million records) that have taken place in 2014 alone. Likewise, the ITRC recorded 614 breaches in 2013, a 30% increase over the 470 breaches it reported in 2012.  Each new major data breach (think Target) is reminiscent of those that have come before it (Citibank, Sony, Heartland, Countrywide, etc.). 

MLB Hall of Fame catcher Yogi Berra, during his more than 50 years as a Major League player, manager and coach, offered (unwittingly or otherwise) baseball and its reading and listening public a great deal of wit and wisdom. In the spirit of the season, several of Berra’s “Yogi-isms” also offer guidance for businesses facing the challenges of protecting information.



“You can observe a lot by watching.” (Know Your Information and How and Where You Store It and Send It)


Information is an asset. You cannot protect information or use it effectively until you can locate and identify it, categorize it (determine its value), and track it:

  • Where is information stored in your organization, and where does it go within the company and beyond?
  • What information do you collect and store that is considered sensitive (at risk) and worthy of protection?
  • Who has access to sensitive information?
  • How is information currently being protected?
Mapping and assessing current information practices is a necessary step in creating an effective information security program.


“If you don’t know where you are going, you might end up somewhere else.” (Take Responsibility and Plan for Information Risks)


Every business needs to be prepared to respond to an event that could compromise its information or information systems (computers and computer networks):

  • Recognize that information security touches every part of the organization;
  • Designate one or more individuals with authority, responsibility, and accountability for managing and securing information;
  • Create, implement, and update policies and procedures to manage information risk, including but not limited to:

  • An incident response plan;
  • Business continuity arrangements;
  • Information retention and destruction policies consistent with corporate needs, legal responsibilities, and business risk.
  • Consider insurance policies particular to information risk; and
  • Deploy appropriate computer technology to prevent, detect, and manage threats.


“Never answer an anonymous letter.” (Train Your Employees to Detect Phishing Emails and Other Security Threats)


The threat to computer networks caused by “phishing” -- attempts to acquire sensitive information by pretending to be a reputable entity in an email -- is significant.  According to the latest Verizon Business Data Breach Report, over 95% of targeted attacks start with a phishing email.  The same Verizon Report makes a more startling observation: a phishing campaign that sends 20 emails has almost a 100% probability of getting at least one click.

All organizations must train their employees to be skeptical of suspicious emails, and to report suspected phishing messages. Employee training and awareness is a necessary component of an information security program, as are “layered security” or “defense-in-depth” mechanisms that may prevent or limit a system compromise brought about by clicking on a phishing email.



“If people don’t want to come to the ballpark, nobody’s going to stop them.” (Protecting Information is Good Business)


The damage that results when sensitive information is disclosed without authorization can take several forms. In addition to the financial and regulatory losses and burdens a company faces in the wake of a breach, the damage to its reputation may be the most significant and lasting. Losing a customer’s information compromises trust, a very valuable asset in a competitive market. Protecting information assets protects the value of the company.



Conclusion: “The future ain’t what it used to be.”

 
Effective information security is a moving target and an ongoing process that requires a combination of people, processes, and technology.  As the last several years have demonstrated over and over again, hackers and other threat actors continue to become more sophisticated and pervasive. As a result, standing still is not an option, and instead an organization must evaluate and update its security policies, training, and technology on a regular basis.