TheCorporateCounsel.net

I blogged last year about Spotify’s decision to forego a traditional IPO in favor of a direct listing. Now, according to this recent WSJ report, it appears that fellow unicorn Slack Technologies will follow the same path.  Bloomberg’s Matt Levine thinks that may be a big deal:

We talked a bunch about the Spotify direct listing when it happened, but it is hard to overstate the importance of the second big high-profile direct listing. There’s a reason that people still talk about Google’s Dutch auction IPO, 15 years later: because it didn’t inspire imitators. It didn’t become a standard tool of corporate finance, an option that is on the table for every company. It’s just a weird thing that Google did once.

But if Slack follows Spotify’s lead in going public by direct listing, then it is much more likely to become a thing. Other tech companies considering going public won’t think “should we do that weird thing that Spotify did” but rather “what are the pros and cons of direct listings compared to initial public offerings?” Investment banks will—reluctantly!—put together pitchbook pages explaining direct listings and touting their own credentials at leading them. (“Haven’t only three banks ever led a big direct listing in the U.S.,” you might ask, but that just means that you don’t understand how pitchbook credentials work. Every bank is the market leader in everything, in the safety of their own pitchbooks.)

Matt says that the viability of the direct listing alternative may lead to a much more customized process of going public than the traditional IPO:

It used to be that, if you wanted to go public, there was one way to do it. Now there are two. But the choice creates the possibility of more choice, of unlimited customization, of tweaking each feature to get exactly the tradeoffs you want.

Wow. And to think that I haven’t even tried avocado toast yet!  Also check out this Cydney Posner blog on Matt’s article.

Crisis Management: Benchmarking Your Response Plan

This recent Morrison & Forester/Ethisphere survey is intended to assist companies in benchmarking their crisis management planning efforts by providing insight into current trends in crisis management & highlighting best practices.  Here’s an excerpt discussing the frequency with which specific topics are addressed in crisis management plans:

One of the areas our survey explored in depth involved the types of events companies included in their crisis management plans. The most common response was “cyber breach,” with 67% of respondents answering that they had plans that addressed such an event.

The next most commonly included crisis events were “workplace violence or harassment” (reflecting additional steps being taken by companies to address these issues in the #MeToo era) (56.5%), followed by events relating to a government investigation (44.2%) and environmental damage (44.8%).

Beyond those, tied at 5th and 6th, were preparations for an anti-corruption violation (40.9%) and an IP (Intellectual Property) theft event (40.9%), followed by terrorism (36.4%), high stakes litigation (31.8%), and product recall (26%).

Other topics addressed include methods to boost organizational confidence in a crisis management plan & the role of outside counsel.

Privacy: France Smacks Google for Alleged GDPR Violations

Last week, Google earned the unwanted distinction of being the first U.S.-based company to be sanctioned for alleged violations of the EU’s GDPR. Here’s the intro from this Dinsmore & Shohl memo:

On January 21, 2019, Google was fined nearly $57 million (approximately 50 million euros) by France’s Data Protection Authority, CNIL, for an alleged violation of the General Data Protection Regulation (GDPR). CNIL found Google violated the GDPR based on a lack of transparency, inadequate information, and lack of valid consent regarding ad personalization. This fine is the largest imposed under the GDPR since it went into effect in May 2018 and the first to be imposed on a U.S.-based company.

The memo lays out the specific areas with which French regulators found fault, and notes that the proceeding was likely intended to send a message to all U.S.-based organizations that collect data on EU citizens.

– John Jenkins