iApproximately 40 years ago, at nearly the same time that Much Shelist was founded, university professor and entrepreneur Carver Mead coined the term "Moore's Law." Named after Intel co-founder Gordon E. Moore, the law refers to Moore's now-famous (and uncannily accurate) 1965 prediction that the processing capabilities of integrated circuits and computer hardware would double every two years.
Even today, many technology companies continue to use Moore's Law as part of their long-term planning. While the pace of change in other disciplines may not be as predictable, the last four decades have made it clear that developments in business, society, the economy and the law have been no less rapid, and the next decade will be no different.
Recognizing that it is impossible to predict the future, we asked attorneys from three of the firm's practice groups to discuss some of the legal and business challenges and opportunities they foresee over the next 10 years.
James M. Kunick, Intellectual Property & Technology
One of the major developments we are seeing is a shift from the traditional software licensing model toward a Software as a Service (SaaS) model. Previously known as a "hosted solution," SaaS is an Internet-based methodology in which shared resources, software and information are provided to computers and other devices on demand. Most recently, SaaS has evolved into what is commonly known as "cloud computing." Apple's MobileMe service for individual consumers and IBM's Smart Business solutions for corporate clients are just two of the best-known cloud offerings.
The traditional IT model required customers to purchase software and the associated licenses that enabled users to run that software on their own hardware and devices. Data was typically stored onsite in high-capacity and relatively expensive mainframes (in the 1970s and 1980s) or servers (beginning in the mid-1990s). While software companies provided periodic product updates and limited support, business and individual end users were responsible for maintaining their own systems, software, hardware, data and security. This led to the rapid growth of in-house IT departments.
Using a SaaS solution, companies can now access software and computing horsepower without buying or licensing the hardware and software, or installing and maintaining the software on their own servers. Instead, the applications are hosted, maintained and supported offsite by a third party, thus eliminating implementation and ongoing support costs for the user. While traditional SaaS applications might distribute processing over two or three connected computers, today's cloud computing is like SaaS on steroids, potentially encompassing thousands of applications and computers linked together over the Internet or some other proprietary network. In the cloud model, users can access data and software applications from virtually anywhere in the world, through any device that is connected to the Internet. Data is now stored offsite, most hardware and software upgrades are the responsibility of the service providers, and customers pay a regular subscription fee for the convenience of around-the-clock access to the applications and information they need to run their businesses.
The advantages of this new model are clear. For example, economies of scale mean that providers can earn a profit while still passing along savings to their clients. Businesses and individual consumers no longer need to purchase new hardware and software every two years simply to keep up with the pace of technological change. Businesses are also able to reduce labor costs by decreasing the size of their IT departments.
However, along with these benefits come significant risks. Potential service outages are one concern. If a provider's systems go down and the customer is unable to access data or use applications that are delivered over the Internet, the costs to the end user may be extensive.
Among the most worrisome risks is a company's potential loss of control over its proprietary and confidential information. By placing this information in the hands of third-party providers, many of which may be located on the other side of the world, the direct connection between a business and its own data is beginning to erode. Businesses must also rely on these data and application hosting companies to implement and maintain appropriate security systems and methodologies.
Although many third-party providers are also leaders in the field of data security and have developed extensive backup systems and protocols, customers should not rely on faith alone, nor should they look to state and federal agencies for protection or redress. Since legislation and regulatory oversight in this area generally run much slower than the pace of technological change, businesses should take it upon themselves to include specific protections in their service contracts, along with agreed-upon remedies in the case of data loss or a breach of security.
Businesses should also consider obtaining insurance coverage to protect against lost or misused data. Underwriters are increasingly including data loss, data theft, and related errors and omissions coverage in their insurance policies.
Finally, businesses can look to industry leaders for guidance. For example, the country's largest credit card companies have joined forces to create the PCI Data Security Standard (PCI DSS), which lays out specific requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations protect customer account data. Among their other protective measures, companies should seek out vendors that have voluntarily signed on to this private regulatory scheme.
Anne E. Larson, Labor & Employment
The Obama administration's domestic focus to date has been on health care reform, financial services regulation and containing the worst oil spill in U.S. history. Employers have not seen the flurry of labor and employment legislation they initially anticipated. However, the very first piece of legislation President Obama signed into law on January 29, 2009 was the Lilly Ledbetter Fair Pay Act of 2009. The law undid the Supreme Court's decision in Ledbetter v. Goodyear Tire & Rubber Co., which held that the statute of limitations for Title VII compensation discrimination claims runs from the date of the alleged discrimination. The Fair Pay Act restarts the running of the statute of limitations with each paycheck, even if the employer's decision to award that pay was outside the statute of limitations period. The Fair Pay Act allows employees to claim compensation discrimination long after the alleged discriminatory decision was made, under the theory that the employee's current pay reflects that discrimination.
In a recent 2010 decision, City of Ontario, California v. Quon, the Supreme Court held that an employee had no right of privacy in the personal, sexually explicit text messages he sent on his police pager. The Supreme Court rejected Quon's claims that the city's monitoring and searches of his pager were illegal and violated his Fourth Amendment rights. Indeed, the Supreme Court determined that Quon had no reasonable expectation of privacy because the city told every employee who was issued a pager that it was for work, that there were limits on usage and that his or her messages would be monitored. This decision has far-reaching application for private employers, provided they disseminate policies that give employees proper notice regarding anticipated monitoring and privacy expectations.
In two other recent decisions that could have a significant impact on business and organized labor, the Supreme Court rejected efforts to limit arbitration as a tool for resolving employment disputes. In Rent-A-Center West, Inc. v. Jackson, the Supreme Court held that the arbitrator—not the court—must decide whether an arbitration agreement is unconscionable where the language of the arbitration agreement expressly gives the arbitrator the power to decide whether the agreement is enforceable or void. Likewise, in 14 Penn Plaza LLC v. Pyett, the Supreme Court enforced an arbitration clause in a collective bargaining agreement. It held that collective bargaining agreements can require arbitration of Age Discrimination in Employment Act (ADEA) claims because arbitration is a mandatory subject of bargaining under the National Labor Relations Act, and neither the ADEA nor the Supreme Court's own precedent mandates judicial resolution of age discrimination disputes. While the holding was limited to ADEA claims, the rationale could apply to arbitration of other federal and state discrimination claims. Employers should keep in mind that while employment disputes may sometimes be resolved more cheaply and more quickly through arbitration, the Federal Arbitration Act provides little ability for employers or employees to set aside an arbitration award, absent an egregious error by the arbitrator. Thus, employers who want to arbitrate employment disputes must understand that they will have little recourse in overturning an arbitrator's award, unlike the appeal process that is available in the court system.
Employers should also keep an eye on the Employee Free Choice Act, which is widely regarded as the Obama administration's anticipated reward to organized labor. The proposed legislation would allow labor to unionize a company by simply collecting enough employee signatures on union authorization cards to bypass secret ballot elections. For industries with low profit margins and high employee turnover, it is problematic to allow employees who may walk off the job in a matter of weeks or months to unionize a company without an election. Elections give employers an opportunity to educate their employees on the cost of unions—not only to individual employees but also to the company and its culture. The Employee Free Choice Act would further require employers to negotiate with the union and reach a collective bargaining agreement within 90 days. If not, the two sides would be referred to compulsory mediation and, if mediation fails, to binding arbitration where the arbitrator's decisions could significantly affect the company's labor costs and profitability for years to come.
An area in which employers find themselves under increased scrutiny is overtime pay under the Fair Labor Standards Act (FLSA). The U.S. Department of Labor (DOL) has announced that it is turning up the heat on overtime violations. In addition to catching the bad apples who openly flout overtime laws, the DOL will nab thousands of well-intentioned companies that unwittingly violate overtime laws. Companies should perform internal FLSA surveys and audits of their exempt and non-exempt employee classifications to prevent such costly violations.
As our society becomes increasingly mobile, more and more employers are taking advantage of a flexible workforce. This has been particularly true during the ongoing economic recovery. For instance, the use of temporary workers and independent contractors can help businesses meet gradually rising demand for their products and services without overcommitting still-scarce resources. However, a simple reclassification of one or more employees to the status of independent contractor, without regard to state and federal definitions of those terms, may expose an employer to potential liability and penalties.
For example, the shaky economy and temporary extension of unemployment benefits by the Obama administration has increased the filing of unemployment claims by out-of-work independent contractors. In such situations, companies risk a Department of Employment Security determination that a claimant does not meet the independent contractor test but is instead an employee entitled to unemployment benefits. When that happens, the company exposes itself to an audit of its workforce, especially given the state's need for tax revenues.
Patterns of employee hiring and layoffs are, like the economy, fairly cyclical. Compounding the risks faced by employers in this down economy is the growth in class-action practices that target the employment arena. An increasing number of plaintiff's attorneys are trolling for individual FLSA or state wage-and-hour claims with an eye to threatening and filing class-action lawsuits involving significant portions of an employer's workforce. The number of such cases has grown dramatically in the federal courts given the opportunity that these statutes provide for significant damages and fee awards. This is likely to only increase in the future.
Employment practices liability insurance rarely covers alleged FLSA and state wage-and-hour violations; thus, the costs associated with DOL investigations, as well as individual and class-action FLSA lawsuits, usually come directly out of the employer's pocket. With increased risks on these fronts, businesses must exercise greater caution when making employment decisions, especially those that affect multiple employees.
Finally, as my colleagues also note, privacy issues are likely to arise regarding social security numbers and other employee "personal information" as defined by law. Employers should take steps to develop and implement comprehensive written information security programs (WISPs) to safeguard employee personal information and to evaluate their electronic and physical methods of collecting, storing, using and transmitting such information.
Neil B. Posner, Policyholders' Insurance Coverage
A number of issues in the technology, environmental, employment and other areas are likely to create significant risks over the next decade that require businesses to carefully evaluate their insurance coverage. For example, so-called "cyber risks" are demanding the immediate attention of companies that now face a dual set of potential losses: first-party losses that involve the theft or misuse of data taken from their own systems, and third-party losses that involve the loss, misuse or corruption of data hosted by separate providers offering cloud computing services.
Although federal regulators and legislators are beginning to address the issues associated with cyber risks, most of their recent actions have focused on consumer—not business—protections. For example, as a result of the Fair and Accurate Credit Transactions Act (FACTA), the Federal Trade Commission and the National Credit Union Administration have issued the Red Flags Rule, which will require financial institutions to develop and implement identity theft prevention programs and notification rules. In order to protect themselves, businesses must work with their insurers to clearly determine and document what is a covered versus a non-covered data loss.
Climate change is another issue that will inevitably affect businesses. Obviously, companies in certain industries must take steps to minimize their output of carbon into the environment; however, most businesses must also take a hard look at potential liabilities associated with the effects of their operations on the environment, whether that involves their own actions or those of their suppliers. Likewise, new Securities and Exchange Commission rules require publicly traded companies to report the potential effects of climate change on their financial performance. Failure to do so has already resulted in federal enforcement action and lawsuits initiated by State Attorneys General and environmental groups in several states.
As Anne Larson describes earlier in this article, a number of issues involving collective bargaining, union agreements and other organized labor matters may require increased attention from employers. As more and more work is being outsourced to external providers and contractors, the risk of involvement in third-party harassment and discrimination claims and lawsuits is also rising. For example, if a manager at one of your vendor companies harasses one of his or her employees, to what degree are you (the customer) required to take action, and if you fail to do so, what potential liabilities might you face as a result?
Economic globalization is also opening businesses up to additional liabilities for which insurance coverage may be critical. Just as outsourcing work traditionally accomplished in-house may expose a business to new, more complex employment-related claims, owning facilities and operations outside a company's home country will create a new set of risks. Environmental, health and safety regulations vary widely from country to country, as do tax, financial reporting and other laws. If a company acts illegally, or if an accident occurs in a foreign operation, to what degree can the home office be held responsible?
Finally, as a result of numerous corporate scandals—ranging from the collapse of Enron to the recent product recalls by Toyota and Johnson & Johnson—scrutiny of boards of directors and individual corporate officers has grown considerably. In fact, the "responsible corporate officer doctrine" may enable regulators and law enforcement officials to hold directors and officers personally responsible for failures and other problems that arise within the companies they lead. Therefore, insurance coverage for these types of risks will continue to be important in the years to come.
Managing Uncertainty
Looking ahead, uncertainty is perhaps the greatest risk of all. In order to manage that risk, businesses must ask difficult questions of their attorneys and other advisors, while challenging themselves to think more deeply about issues such as rapid advances in technology, employment-related legislation and ever-evolving insurance coverage needs.
Business leaders should also work together to address the changes and challenges they are facing. Even the largest corporations may be unable to have a significant influence on legislation or regulation, especially in areas that are receiving broad public attention. By working through industry groups and trade associations, however, companies of every size can influence decision-makers on the federal and state levels, and help create policies that mitigate the risks of doing business today and in the years to come.
