TheCorporateCounsel.net

I was piqued by some comments in the mainstream media last week that Ralph Whitworth’s decision to accept a seat on the Sovereign Bancorp board in exchange for dropping his assault on the company was a “symbolic” move without much substance. These comments didn’t comport with my conversations with some folks that have been placed on boards by investors. And so I called up one of those guys with “skills“…

In this podcast, Rich Koppes, a former General Counsel of CalPERS and now at Jones Day, provides some analysis – and personal experience – regarding the placement of an independent director by investors on a board, including:

– How did you come to sit on a board as a shareholder representative?
– How were you treated by your fellow board members?
– Do you feel that you have had an impact as a shareholder representative?
– Have you ever been given directions about how to perform your duties from the investors that helped place you on the board?

The PCAOB’s New Implementation Dates for Independence Rules

On Tuesday, the PCAOB adjusted its implementation schedule for the ethics and independence rules that the SEC published for comment a few weeks back. Under this schedule, new Rule 3525 won’t apply to any tax service that is pre-approved by the audit committee pursuant to a policy and procedure so long as the pre-approved service began within one year of the SEC’s final approval. And as before, any tax service pre-approved on an engagement-by-engagement basis won’t be affected if pre-approved within 60 days of the SEC’s final approval.

Continuing Saga of SEC’s Investigation Into Overstock.com’s Allegations

As I blogged a month ago, the SEC reportedly is investigating allegations made by Overstock.com’s CEO that analysts and journalists conspired against him (which inspired his “Sith Lord” analyst conference call). In yesterday’s WSJ, Jesse Eisenger writes that communications made between him (and 8 other journalists) and the company’s CEO have now been the subject of a subpoena – and how that irks him. [Interestingly, another company – Biovail – has sued the same independent analyst, Gradient Analytics, in a similar case.]

I agree with Professor Joe Grundfest’s quote in Jesse’s article: “While subpoenaing journalists directly was a “big mistake,” says Stanford law professor Joseph Grundfest, “it shouldn’t be surprising and it shouldn’t disappoint anybody” that the agency is going after market participants’ communications with journalists. “It would be a very strange world if people could be held liable for every lie they told except for the biggest lies they told to reporters,” he adds.”

The F Bomb

Here’s a beauty from “The Wired GC” (perhaps time to read our “Security Breaches” Practice Area?):

“No, not that one. It’s the sort of bomb that Fidelity dropped on Hewlett-Packard when it disclosed that a company laptop containing personal information on 196,000 HP employees was recently stolen.

The laptop contained “… data including the participants’ names, addresses, birthdates and social security numbers.” It was reportedly being used for an offsite meeting. Fidelity is doing big-time damage control:

Fidelity, which provides financial services for about 21 million people, says it hasn’t detected any misuse of the information and that safeguards in place may prevent misuse. The application with the data had a temporary license that has expired, so the data would be difficult to interpret and “generally unusable,” a spokeswoman says. And the company is requiring additional authentication to access the affected HP accounts.

So if I’m an HP employee, I’m hopping mad. If I’m one of the other 20 million or so customers of Fidelity, I’m thinking the word “Vanguard” sounds rather inviting right about now, Paul McCartney ads notwithstanding (turn your speakers down).

In an age of growing concerns about customer privacy, I find it staggering that personal data is moving around on the laptops of a company as sophisticated as Fidelity. Particularly when it includes the Rosetta Stone: apparently unencrypted SS numbers. Do you think this is the only time this has ever happened at Fidelity? The only time it has happened in the financial services industry? What about the healthcare industry?

The politicians are still arguing about this stuff. Despite all the privacy protections instituted by many companies, if laptops or sync-able PDAs can copy and take offsite deeply personal customer information, legislation or regulation will soon follow. Thus the innocent are punished by the sins of the guilty.

It’s another reason why “privacy” is going to be a key word for GCs and their corporate compliance programs in the future. Like tomorrow. Fidelity employee stuck in traffic?”