Business Litigation Reporter February 06, 2015
Goodwin’s Business Litigation Reporter provides timely summaries of key cases and other developments within dedicated Business Litigation sessions and related courts throughout the country – courts within which Goodwin Procter’s Business Litigation attorneys are continually litigating. In addition, each issue of the Business Litigation Reporter provides a more thorough discussion of one topic of particular importance to the business community. In this issue, we explain the impact Caremark could have on the personal liability directors and officers might face in the event of a data security breach, and how to mitigate this risk. We also provide an overview of our Privacy & Cyber Security Practice and key lawyers in this area.
In This Issue
With the surge of regulatory actions and private litigation around data breaches, corporate directors and officers will increasingly be targets of shareholder derivative lawsuits. While no individual directors and officers have to date been held liable for the costs of a data breach, such lawsuits have been filed and the signals from plaintiffs’ attorneys indicate that, if they have their way, the wave will break soon. Corporate leaders need not be caught off guard.  As a recent court decision confirms, the risk of individual liability can be mitigated by taking proactive measures.

Breaches in the Boardroom

Corporate directors and officers may increasingly be targets of shareholder derivative lawsuits in the wake of the surge of regulatory actions and private litigation around data breaches,.  While no individual directors and officers have to date been held liable for the costs of a data breach, such lawsuits have been filed and the signals from plaintiffs’ attorneys indicate that, if they have their way, the wave will break soon.  Corporate leaders need not be caught off guard.  As a recent court decision confirms, the risk of individual liability can be mitigated by taking proactive measures.

Data Breaches on the Rise

2014 was hailed as yet another year of the data breach.  A recent study by the Ponemon Institute estimates that 43% of companies experienced a data breach last year, led by high-profile incidents at Target, eBay, Adobe, Snapchat, Michaels, Home Depot, Neiman Marcus and AOL.  And, of course, 2014 was capped off by the breach of Sony Pictures Entertainment, which splashed celebrity gossip and entertainment industry chatter across the headlines, as well as business-critical, confidential information regarding company financials and projections and employees’ personal information.

Personal Liability for Directors and Officers—Caremark is Alive and Well

A shareholder derivative action is a lawsuit brought by a corporation’s shareholders, ostensibly on behalf of the corporation, and often against the corporation’s directors and officers.  In its 1996 Caremark decision, the Delaware Chancery Court declared that, in such actions, directors can be held personally liable for failing to “appropriately monitor and supervise the enterprise.”  The court emphasized that a company’s board of directors must make a good faith effort to implement an adequate corporate information and reporting system.  Failing to do so can constitute an “unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss.” 

The Caremark case has become a beacon across the corporate world for director conduct and now covers officers, including general counsel.  Directors and officers must not demonstrate a “conscious disregard” for their duties or ignore “red flags” – failure to do so can result in a director or officer being held personally liable for a corporation’s losses.  This is because, as the Delaware Supreme Court later clarified in Stone v. Ritter, conduct that evidences a lack of good faith may violate the fiduciary duty of loyalty. And, although Delaware law allows a corporation to waive or limit a director’s liability for violations of the duty of care, such waivers or limits are not allowed for the duty of loyalty.

While the Caremark case did not address information assets and corporate duties to protect them, its reasoning is being readily applied by plaintiffs seeking to capitalize on the cybersecurity issues confronting companies today.  At least one expert, UCLA Professor Stephen Bainbridge, has suggested that no good reason exists to distinguish past Caremark decisions on lax legal compliance and accounting controls from potential widespread failures to implement and maintain appropriate risk management policies. 

Regulators Step up Pressure

Government enforcement of data security standards has proliferated, and regulatory actions often are cited in subsequent shareholder derivative actions.  Such actions are pointed to both as “red flags” that should have led officers and directors to anticipate problems and as measures that reduced corporate value.  Leading the regulatory charge, the Federal Trade Commission recently announced its 53rd data security settlement, while noting that the number is “likely to go up.” 

Other agencies have also staked a claim in the data security regulation gold rush.  Among banking industry regulatory agencies, the Federal Financial Institutions Examination Council recently announced a new regulatory self-assessment for banks’ cybersecurity risks and the Federal Deposit Insurance Corporation has declared cybersecurity a main supervisory focus. Building on its 2011 guidance on corporate disclosure obligations relating to “cybersecurity risks and cyber incidents,” the Securities and Exchange Commission recently released a risk alert on the cybersecurity preparedness of registered broker-dealers and investment advisers.  Subsequently, the frequency with which public companies have reported data breaches has increased dramatically.  Likewise, in October 2014, the Federal Communications Commission fined two companies $10 million each for maintaining “unjust and unreasonable” data security practices in violation of the Communications Act of 1934.  A senior FCC official noted that it was the agency’s first data security enforcement action, “but it will not be the last.”  And state attorneys general have enforced both state and federal statutes against companies doing business within their jurisdictions.  As a result, the risks to enterprises, and therefore the relevance to directors and officers, is increasing dramatically.

The Plaintiffs’ Bar Follows Suit

Those directly affected by data breaches – consumers and businesses alike – have followed the increase in enforcement actions and brought their own suits, often as class actions.  The slew of lawsuits filed against Target Corporation after the 2013 hack of its payment system exposed the financial information of 110 million customers is typical.  A class of consumers is seeking damages for Target’s alleged negligence in exposing their personal financial information, and a group of banks is seeking reimbursement from Target for the cost of reimbursing fraudulent charges and for replacing credit and debit cards.  Last month, a federal judge in Minnesota denied Target’s motion to dismiss both cases. 

Shareholders Seize the Opportunity

In the wake of a data breach, companies can face government enforcement, significant fines, litigation settlements or judgments, and declining share prices, all of which are fodder for shareholder derivate lawsuits brought under Caremark.  A number of such lawsuits have in fact recently been filed.  Although their filing confirms the risks of personal liability that directors and officers face in the event of a data breach, a federal district court’s recent decision in a data breach involving Wyndham provides a roadmap for some appropriate proactive measures to help mitigate risks.    

After hospitality company Wyndham Worldwide Corporation suffered three data breaches between 2008 and 2010, a shareholder brought a derivative action on behalf of the corporation against Wyndham’s board.  Coming after the FTC had initiated an enforcement action (which remains pending on appeal today), the plaintiffs in Palkon v. Holmes alleged that Wyndham had failed to implement adequate data security mechanisms and that this failure allowed hackers to steal the data of over 600,000 customers. They seek to assert claims on behalf of the company against its directors and officers for their alleged role in those failings.

In October 2014, a New Jersey court dismissed the case with prejudice, deferring to the board’s business judgment that the company should not bring such a case against its officers and directors.  In its opinion citing the Delaware case law spawned by the Caremark case, the court highlighted the board’s engaged and thorough response to two demand letters and a prior FTC investigation.  Specifically, the court found that the board had discussed the breaches at 14 meetings between 2008 and 2012, the Wyndham Audit Committee had discussed the breaches in at least 16 meetings during that same period, and the board had engaged an outside technology firm to assess Wyndham’s information security policies.  This record of extensive consultation led the court to conclude that the board “had enough information when it assessed plaintiff’s claim,” and hence that the board’s decision not to bring suit was within its broad discretion under the business judgment rule.

Despite not needing to discuss the merits of the claims that the plaintiffs (because of its ruling that the plaintiffs had no right to pursue those claims on the company’s behalf), the court specifically stated that the plaintiff’s suit fell short of alleging, as Caremark requires, that the board had “utterly failed to implement any reporting or information system [or] consciously failed to monitor or oversee its operations.”  The court noted that “security measures existed when the first breach occurred,” and the board had addressed data security concerns “numerous times.”

The Wyndham case thus shows that the risks of shareholder derivative actions against directors and officers arising from a data breach are very real, but also that strong defenses on both the threshold demand requirement and the underlying merits can be presented if companies take appropriate measures both before and again, if necessary, after any data breach. 

Moving Data Security from the Server Room to the Board Room

Data security and information governance are increasingly part of the board-level communications as the centrality of information to enterprises continues to grow.  But these discussions cannot happen quickly enough—the same Ponemon Institute study that found almost half of U.S. companies experienced a data breach in 2014 also noted that 27% did not have a data breach response plan in place. 

Cybersecurity is becoming ubiquitous in the United States and with that saturation comes the potential for greater liability.  Because of the klieg lights currently trained on data security, corporate defendants will find it difficult to argue that there were no “red flags,” likely opening the door to Caremark just wide enough for waiting plaintiffs to walk right in. 

The good news is that, as the Wyndham case confirms, it is possible for directors and officers to take action that will satisfy their Caremark duties.  Some measures frequently identified that boards may consider include:

  • Hire a Chief Information Security Officer and engage outside technical experts to conduct regular assessments and to educate officers and board members on data security.
  • Evaluate and/or appoint a board committee to focus on data protection.
  • Have the board regularly address and deliberate when deciding issues of data security, and carefully document the deliberations to demonstrate appropriate care.
  • Adopt a security plan that is tailored to the company’s specific risk profile (and review and assess those risks systematically on a regular schedule and as needed in response to specific threats).
  • Hold information and training sessions to increase awareness at all corporate levels.
  • Perform gap analyses and comparative benchmarking with peer organizations that hold similar types of information.
  • Learn from experience.  Perfect security doesn’t exist but every organization can learn.
  • Ensure open lines of communication.  Often competing pressures may limit IT’s ability to deliver security, but by enabling open and direct communication to and with the board and senior management, security risks have a greater chance of being addressed appropriately.   
  • Review D&O insurance and related insurance policies holistically for coverage regarding security incidents and protection of the company’s brand, information assets and other assets.

Just as no perfect security exists, there are no perfect solutions for officers and directors.  Fortunately, the courts have not required perfection.  Rather, by being able to demonstrate attention and care, including some or all of the steps set forth above, officers and directors can both help protect the organizations they serve and mitigate the risk of personal liability in this rapidly emerging and increasingly important area.

Goodwin Procter’s Privacy & Cyber Security Practice

Goodwin Procter has been advising public and private companies of all sizes—and their officers and directors—regarding privacy and data security matters for nearly two decades.  Having counseled on more than 100 data breaches including several landmark cases, our team provides practical, actionable advice on all aspects of information-related management and risk; before, during and after breaches.  Officers and directors routinely rely on our team to assist with these issues in the board room and beyond. 

We offer a cross-disciplinary approach—drawing on our corporate, technology and litigation experience—to help clients navigate the legal landscape, efficiently manage data, and effectively respond to threats. Our practice is designed to cover the life cycle of privacy needs from counseling, to incident response and internal/regulatory investigations, to litigation.

Meet Our Team

Our attorneys are experienced professionals who are well-recognized in the field. They are involved in key leadership positions in national and international groups such as:

  • Chair of the American Bar Association’s Business Law Section;
  • Co-chair of the ABA’s Criminal Justice Section’s Cybercrime Committee;
  • Vice-chair of the ABA’s International Section’s Information Services, Technology & Data Protection Committee;
  • Former General Counsel of the Department of Homeland Security; and
  • Former Chair, ABA’s Consumer Financial Services Committee.

Members of our Privacy & Cyber Security practice are thought leaders in the field, who are frequent speakers at national and international conferences and events. They are highly sought for media commentary by The Wall Street Journal, CNN and many other news outlets across the country. They have taught “Law of Cyberspace” at a number of law schools and have authored numerous publications on data privacy, including the books Data Privacy in the Information Age, The Legal Guide to e-Business, and Data Security and Privacy Law – Combating Cyber Threats, and The Right to Know: Your Guide to Using and Defending Freedom of Information Laws in the United States.

State Summaries

Goodwin Procter’s Business Litigation Reporter provides timely summaries of key cases and other developments within dedicated Business Litigation sessions and related courts throughout the country – courts within which Goodwin Procter’s Business Litigation attorneys are continually litigating. In addition, each issue of the Business Litigation Reporter provides a more thorough discussion of one topic of particular importance to the business community. In this issue, we explain the impact Caremark could have on the personal liability directors and officers might face in the event of a data security breach, and how to mitigate this risk. We also provide an overview of our Privacy & Cyber Security Practice and key lawyers in this area.


Arbitration Waived By Classwide Discovery And Settlement Negotiations. In Bower v. Inter-Con Security Systems Inc., 2014 WL 7447677 (Cal. Ct. App. Dec. 31, 2014), the First District Court of Appeal affirmed the superior court’s denial of Inter-Con’s motion to compel arbitration on the ground of waiver. The plaintiff filed a putative class action in the California Superior Court, and Inter-Con asserted an affirmative defense that the claims were subject to arbitration. Inter-Con then propounded class-wide discovery, and participated in settlement discussions with the plaintiff. The Court of Appeal held that Inter-Con waived its right to arbitrate because both the discovery that it had propounded, and the settlement discussions in which it had engaged, had been class-wide rather than limited to the individual plaintiff’s claim, and hence were broader than the scope of arbitration would have been.

No Arbitration Agreement With Service Provider Following Free Trial Period Provided By Car Dealer. In Knutson v. Sirius XM Radio Inc., 771 F.3d 559 (9th Cir. 2014), a putative class action alleging violations of the Telephone Consumer Protection Act, the Ninth Circuit reversed the district court’s order granting Sirius XM’s motion to compel arbitration pursuant to the Federal Arbitration Act. The plaintiff purchased a Toyota vehicle that came with a trial subscription to Sirius XM satellite radio. When the trial period ended, Sirius XM sent the plaintiff a Welcome Kit that contained a customer agreement with an arbitration provision. The plaintiff argued he did not assent to that agreement because he did not read the documents in the Welcome Kit, believing that his relationship was with Toyota. The Ninth Circuit held that a reasonable person in the plaintiff’s position would not have understood he was entering into a contractual relationship with Sirius XM, and rejected Toyota’s argument that the plaintiff’s continued use of the radio service indicated his acceptance of the agreement.

Claim Challenging “All Natural” Product Label Dismissed Absent Proof Of Consumer Expectations. In Brazil v. Dole Packaged Foods, LLC, 2014 WL 6901867 (N.D. Cal. Dec. 8, 2014), Judge Koh granted Dole’s motion for summary judgment in an action by California consumers of packaged fruit and fruit juice containing allegedly misleading “all-natural” statements. The court held that plaintiffs had failed to adduce expert or otherwise evidence – as opposed to mere assertions – that consumers would not have expected the products to contain citric acid or ascorbic acid. Based on this conclusion, Judge Koh also rejected the claim that the statements were unlawful under California’s Unfair Competition Law. The plaintiff has appealed to the Ninth Circuit.


Chancery Court Has Jurisdiction Over Asset Sale Involving Allegedly Unique Property. In Willis v. PCA Pain Center of Virginia, Inc., 2014 WL 5396164 (Del. Ch. Oct. 20, 2014), the Delaware Court of Chancery held that it had jurisdiction over a breach-of-contract action seeking specific performance of the completion of an asset sale where the property in question allegedly was “unique” – that is, constituted “a truly unique opportunity that cannot be adequately monetized.” The court warned, however, that a mere request for specific performance in a case involving personal property typically is not enough to confer jurisdiction on the Court of Chancery. The court also stayed the action pending resolution of an earlier-filed action in Virginia involving many of the same parties and arising from common facts. Although the Court concluded that the specific facts warranted a stay, it noted that the first-filed rule is not strict and that “[w]hen actions are filed within a very narrow time frame, the Court will sometimes consider the actions to have been filed contemporaneously.”

Records Inspection Can Be Conditioned On Limitation Of Forum For Resulting Litigation. In United Technologies Corp. v. Treppel, No. 127, 2014 (Del. Dec. 23, 2014), a corporation requested the court to require, as a precondition to its production of documents in response to a shareholder’s Section 220 books and records demand, that any suit arising from the production be brought in a Delaware court. The Chancery Court held that it lacked authority to impose such a forum restriction as a condition to a Section 220 demand. The Delaware Supreme Court reversed, holding that Section 220 gives the Chancery Court broad power to condition a books and records inspection, including the condition requested here. The Supreme Court remanded the case to the Chancery Court to consider whether, in the exercise of its discretion, to impose a forum restriction in this particular case.


Acquirer Controls Target Corporation’s Attorney-Client Privilege Under Delaware Law. In Novack v. Raytheon Co., No. 13-2852-BLS1, Judge Billings of the Business Litigation Session of the Massachusetts Superior Court held that after a merger, under Delaware law, the acquiring corporation – not the shareholders of the acquired company – controls the attorney-client privilege applicable to pre-merger communications between the acquired company and its attorneys regarding the merger. The court acknowledged that because disputes arising out of a merger are likely to pit the interests of the acquired corporation against those of the acquirer, courts in some states have refused to pass the attorney-client privilege regarding the merger to the surviving corporation. Nevertheless, the court held that because Delaware law provides that “all property, rights, [and] privileges” vest in the surviving corporation, that includes the target corporation’s attorney-client privilege. The court also noted that “parties to merger agreements can – and have – negotiated special contractual agreements to protect themselves and prevent certain aspects of the privilege from transferring to the surviving corporation,” but that the parties did not do so here.

Systematic Contacts Insufficient For General Personal Jurisdiction. In Fed. Home Loan Bank of Boston v. Ally Fin., Inc., No. 11-10952-GAO (D. Mass.), Judge O’Toole issued the first written opinion within the First Circuit to apply the new, stricter standard for establishing general personal jurisdiction over out-of-state companies announced in Daimler AG v. Bauman, 134 S. Ct. 746 (2014). The case concerned the existence of personal jurisdiction over ratings agencies that were being sued in Massachusetts over certain mortgage-backed securities. The court, prior to Daimler, had held that the defendants’ contacts with Massachusetts “were sufficiently continuous and systematic to justify the exercise of general personal jurisdiction,” even though the defendants were incorporated and had their principal place of business elsewhere. Based on Daimler, however, the court reconsidered its prior decision and dismissed the case against the rating agencies for lack of personal jurisdiction. As the court noted, Daimler rejected “the exercise of general jurisdiction in every State in which a corporation engages in a substantial, continuous, and systematic course of business.”

Violation Of The FDCPA Per Se Violates Chapter 93A. In McDermott v. Marcus, Errico, Emmer & Brooks, P.C., 2014 WL 7373201 (1st Cir. Dec. 29, 2014), the First Circuit held that a violation of the federal Fair Debt Collection Practices Act (“FDCPA”) constitutes a per se violation of Chapter 93A, the Massachusetts consumer protection statute that makes unlawful “unfair or deceptive acts or practices in the conduct of any trade or commerce.” This is so, the court reasoned, because Chapter 93A fully “incorporates” the Federal Trade Commission Act (“FTCA”), and “the FDCPA establishes that an unfair debt collection act in violation of the FDCPA is a per se violation of the FTC Act.”

New York

Common Interest Privilege Expanded Beyond Anticipated Litigation Context. In Ambac Assurance Corp. v. Countrywide Home Loans, Index No. 651612/10 (N.Y. App. Div. 1st Dep’t Dec. 4, 2014), the Appellate Division, First Department, held that “litigation need not be actual or imminent” in order for parties having a common interest to be able to share attorney-client communications without losing their privileged status. The court recounted that, until now, New York courts had held that the “common interest doctrine” allowed entities to share privileged advice only with respect to “pending or reasonably anticipated litigation.” But the court observed that “[b]usiness entities often have important legal interests to protect even without the looming specter of litigation,” such as in the context of merger discussions. The court therefore held that such communications fall under the common interest doctrine “so long as the primary or predominant purpose for the communication with counsel is for the parties to obtain legal advice or to further a legal interest common to the parties, and not to obtain advice of a predominately business nature.” (Disclosure: Goodwin represented Bank of America in this litigation)

Commercial Division Rule Changes. The Commercial Division has recently amended several of its rules regarding discovery, effective as of April 1, 2015. The revised Rule 11-d limits parties to taking 10 depositions for up to seven hours per deponent. Rule 8 will require parties to confer prior to the preliminary conference about the need to alter the “presumptive limitation” on depositions in Rule 11-d. Amended Rule 14 establishes a procedure for the submission of letters, instead of motions, to the court over discovery disputes. Additionally, a preamble to the Rules has been added advising that judges will sanction parties who engage in “dilatory tactics, fail to appear for hearings or depositions, undue delay in producing relevant documents, or otherwise cause the other parties in a case to incur unnecessary costs.”

Meet The Contributors

Meet the Goodwin lawyers who contributed to this newsletter issue.

View Bio

Brenda R. Sharton

Chair, Business Litigation and Privacy + Cybersecurity
Chair, Business Litigation Practice and Co-chair of Goodwin’s Privacy & Data Security Practice, Sharton is a senior partner with Goodwin with 25 years of experience and serves as a member of the firm's Executive Committee.
Mark Tully is a trial lawyer with over 25 years of experience helping clients resolve business disputes and, when necessary, trying cases before juries, judges and arbitrators. He has extensive experience in general business litigation, antitrust matters, corporate governance matters and intellectual property matters. Mr. Tully has litigated numerous disputes in a wide range of industries, including those involving trade secrets, business interference, and unlawful competition claims. He also represents clients in connection with federal and state antitrust investigations, and regularly counsels clients on antitrust and other trade regulation issues.
John Daukas’ practice concentrates his civil trial practice in the principal areas of complex business litigation, securities litigation, and sophisticated products liability actions. Mr. Daukas has represented a range of companies in complex litigation involving governmental and private entities. During the past several years Mr. Daukas has successfully represented parties in post-closing disputes, Mortgage Backed Securities litigation, corporate freeze-out disputes involving closely-held corporations, a multi-million dollar tax dispute concerning industrial property, disputes in the waste and environmental industries, and a major cigarette manufacturer in product liability matters. He also has represented clients in SEC investigations involving derivatives and complicated accounting issues.
Yvonne Chan is a partner in the firm’s Litigation Department. Ms. Chan has represented a wide variety of clients, including public corporations, private equity firms and educational institutions. She has experience in a range of complex litigation matters, including post-closing disputes, violations of Massachusetts General Laws chapter 93A, SEC and FINRA investigations, personal injury and premises liability matters, and copyright and licensing disputes.
View Bio

Anthony M. Feeherry

Tony Feeherry’s diverse trial and appellate practice includes general corporate, employment-related cases (including trade secret, non-solicitation and non-competition disputes), majority-minority shareholder and partnership disputes and various cases involving the hospitality and financial services industries. He also has extensive experience with alternate dispute resolution procedures including mediation and commercial arbitration.
Carl Metzger leads the firm’s Risk Management & Insurance practice. His clients include both public and private companies, private equity and venture capital firms, and non-profit and educational institutions. Mr. Metzger is recognized as an expert in advising boards of directors and senior officers on liability and risk management issues, as well as D&O insurance, indemnification and fiduciary duty issues. His experience includes securities litigation defense, financial fraud litigation, governmental and self-regulatory organization investigations, and complex business disputes. Mr. Metzger has been elected as a Fellow to The American College of Coverage and Extracontractual Counsel. He continues to be recognized each year as a Massachusetts “Super Lawyer” and a New England “Super Lawyer” as published in Boston Magazine. In 2014, Mr. Metzger was Lexology’s Client Choice Awards exclusive winner of the Insurance & Reinsurance category for Massachusetts.
Joe Rockers is a partner in the firm’s Litigation Department and a member of the Business Litigation Practice. Mr. Rockers devotes much of his practice to representing clients in complex commercial litigation in the trial courts and in arbitration. Recent examples include representing a client in a week-long arbitration concerning the theft of trade secrets; representing a client in state trial court in a partnership dispute; and representing a client in state trial court in challenging New York environmental regulations under that state's Administrative Procedures Act. Mr. Rockers also routinely practices before federal and state appellate courts. Mr. Rockers has recently participated in appeals concerning issues related to product liability, class certification, and fiduciary obligations, and has drafted a petition for certiorari to the United States Supreme Court. Mr. Rockers has argued before the U.S. Court of Appeals for the Eleventh Circuit, as well as before state courts in Georgia and Massachusetts.
Brian Hail concentrates his practice on complex commercial litigation and restructuring matters, including the representation of financial institutions, hedge funds, private investors and investment banks in various civil and insolvency matters. He has extensive experience advising clients on complex litigation involving contract disputes, securities fraud claims and valuation disputes. Mr. Hail also has represented both domestic and international clients in federal and state courts throughout the United States, including bankruptcy court and in connection with civil investigations brought by federal and state governmental authorities.
View Bio

Jeffrey A. Simes

Chair, Litigation Department
Jeffrey Simes litigates complex business litigation, including international and domestic arbitrations, securities and corporate governance disputes, government and internal investigations, and partnership and commercial claims and disputes. He has worked on a wide variety of significant civil cases in federal and state courts at the trial and appellate level throughout the country, as well as in various arbitral forums in the U.S. and abroad.
Jordan Weiss is a partner in the firm’s Litigation Department, and a member of the Business Litigation Group. His practice focuses on complex commercial litigation, partnership disputes, acquisition disputes and antitrust litigation. Mr. Weiss also has extensive experience representing clients in matters involving the intersection of commercial litigation and the pharmaceutical industry.
Forrest Hainline has tried more than 100 cases before courts, juries and arbitration panels throughout the United States, as well as before the Federal Trade Commission and other administrative agencies in Washington, D.C. He is consistently recognized as a leading litigator by a variety of independent publications and is a fellow of the Litigation Counsel of America. Mr. Hainline has appeared in the U.S. Supreme Court and has argued before seven U.S. Courts of Appeals. He represents clients in complex trials and appeals. Many of his cases involve the presentation of complex scientific and/or economic evidence.
Adam Chud’s national litigation practice focuses on complex commercial litigation, class actions and mass litigation and intellectual property for companies in a variety of industries, including insurance products and financial services. He also has more than a decade of experience representing nonprofit entities. He has substantial trial and arbitration experience, as well as significant experience on a variety of class actions in the areas of health care, insurance and consumer finance. Mr. Chud’s practice also includes representing clients in business disputes involving contracts, post-closing issues and other litigated matters.
View Bio

Michael S. Giannotto

Chair, Mining
For more than 30 years, Michael Giannotto has advised and litigated on behalf of numerous corporations and trade associations involved in hardrock mining, manufacturing and defense contracting in connection with all of the major federal environmental laws and their state analogues. He has also represented manufacturers and insurers in toxic tort and complex insurance disputes, including in several mass tort bankruptcies and in class- and mass-actions throughout the country alleging insurer bad faith. Mr. Giannotto is nationally recognized as an expert in environmental issues impacting domestic and international hardrock mining companies and in bankruptcy and bad faith litigation involving insurers. He has tried many cases to judgment.
View Bio

William R. Hanlon

Chair, Washington, DC
Bill Hanlon’s nationwide practice focuses on defending, negotiating and resolving complex disputes, including commercial matters, asbestos and other mass tort claims, and asbestos defendant bankruptcy cases. He is recognized in The Legal 500 as a ‘marvelous attorney’ with ‘exceptional people skills,’ who ‘excels at solving complex legal matters in a prompt and cost-effective manner.’
Rich Matheny heads the firm’s National Security & Foreign Trade Regulation Practice. Recognized by Chambers Global as one of the world’s leading lawyers for International Trade: Export Controls & Economic Sanctions, he advises clients on a broad range of U.S. regulatory issues concerning international trade and investment, including the exportation of controlled goods and services from the United States; the provision of defense articles and services; transactions involving sanctioned countries, persons, and entities; and cross-border investments and transactions that may impact the national security or foreign policy of the United States.
Richard Wyner focuses his practice on complex business litigation, including class actions, and has frequently represented clients involved in areas including insurance law, statutory and common law fraud claims, and claims arising from business mergers and acquisitions. He is also a member of the firm’s Securities Litigation and Appellate Practices. Mr. Wyner represents clients in federal and state courts across the country and in commercial arbitration proceedings. He regularly provides advice with respect to corporate transactions involving entities with potential mass tort liabilities.