Welcome back to Inside Track. I’m Law.com in-house reporter Stephanie Forshee.

Uber made a splash Tuesday morning when it announced it would put an end to mandatory arbitration clauses for survivors of sexual harassment and assault. But some are saying this and other moves the company is making on this front aren’t enough.

Plus, the Michael Cohen debacle in D.C. is starting to affect legal departments–AT&T and Novartis have lost lawyers since word got out that the companies paid Cohen as a consultant.

If you have tips, story ideas or other feedback, email me at sforshee@alm.com or find me on Twitter: @InOtherNewsNow.

➤➤ Want to receive Inside Track straight to your inbox? Sign up here.

What’s Happening –



Driving Change. Uber CLO Tony West chatted with me this week about Uber’s policy announcement.

“What’s important to us is making sure we’re helping to facilitate victims to choose the venue of redress where they will seek some sort of justice whether through mediation, arbitration or open court,” he told me.

In an announcement Tuesday morning, West laid out the three changes that Uber is making.

➤ First, it will ditch its mandatory arbitration clauses for survivors of sexual assault or harassment. This includes riders, drivers and employees.

➤ Uber will also stand out of the way of any survivors who want to tell their stories publicly. The company won’t require any of them to sign NDAs.

➤ The other item on Uber’s list is something that no other company has done before, at least according to Tony. Uber has committed to publishing a transparency report using data it collects from complaints of sexual harassment or assault on the company’s platform.

But will it be enough? One of the biggest criticisms of Uber’s announcement has been that it does not revoke restrictions on survivors who want to bring class-action suits, such as the one filed last year in California.

Jeanne Christensen, a partner at Wigdor, which brought the class action, sent us a statement giving kudos to Uber for “choosing not to silence survivors.”

But, she added “preventing victims from proceeding together, on a class basis, shows that Uber is not fully committed to meaningful change.”

Others seem to agree. Seth Lesser, partner at Klafter Olsen & Lesser, sent an emailed statement to me calling the announcement “a wolf in sheep’s clothing.

He went on to say that, “The company is ending its long-standing policy of mandatory arbitration only for individual claims, but not for class action lawsuits, knowing full-well that class actions are the only way most employees can afford to wage such a legal battle.”

Uber’s Take?

West told me the company will continue to discuss its handling of class actions as well as race and gender discrimination claims. In an email on Wednesday he said, “… while I understand that for some, our policy changes and unprecedented commitment to data transparency may not be enough, I am proud that Uber’s announcement yesterday represents meaningful steps in support of sexual violence survivors’ choice and go further than any other company had previously dared to go.”


Bad Connections. Legal leaders at AT&T and Novartis are feeling the impact of their companies’ decisions to engage in consulting with President Trump’s personal attorney, Michael Cohen. And by consulting, it turns out, Cohen was allegedly collecting hefty paychecks for himself from businesses that wanted access to a Trump confidante.

After revelations that Swiss drugmaker Novartis had paid $1.2 million to Cohen over the course of a year, the company’s group general counsel Felix Ehrat announced his intention on Wednesday to retire.

Novartis’ chief ethics, risk and compliance officer Shannon Klinger will step into the role as of June 1.

The news comes days after AT&T announced hiring Cohen, at a price of $600,000, was a “big mistake.” The telecom company’s head of lobbying and external affairs Bob Quinn has since left the company and GC David McAtee is now overseeing legislative affairs.

My colleague Dan Clark is rolling out a new series called Operationally Speaking. He’ll be speaking with “individuals changing in-house practice as we know it through innovations in process and technology.”

➤ His latest interview was with ops leader Gary Tully of Gilead, who also built the ops function at Qualcomm.

➤ Dan asked Tully what his role in legal ops at Gilead is like. Here’s what he had to say…

Challenges? “The change management aspects of starting a legal operations department are tremendously challenging…I’d say that currently concepts of legal operations are not things that are taught and lawyers are not necessarily picking it up at their law firms.”

So what’s the fix? What Tully has found is starting a legal ops function, “there is a lot of education that needs to be done about what legal operations is and what services it provides.”

Then what? Tully said the department took on e-billing first. It replaced its old system with a new one within the first year.

Then Gilead hired people as it went along. “I think if I had hired a team—and then executed—we would have been able to execute faster,” he told Dan.

➤ He said it took a while, though, to find the right people. “But the fact that we rolled out two enterprise-wide legal systems in such a short period of time is incredible. We established legal operations very quickly. We got it to a point of maturity fairly quickly.”

➤ More on how Tully helped Gilead roll out its legal operations here. Keep your eyes peeled for more stories from Dan as he chats with more legal ops pros for this new series.

Question of the Week –


Do you have a pressing question you’d like answered? If so, send it my way and we’ll have a legal source respond.

Here’s this week’s question: GDPR goes into effect on May 25 and so far my company hasn’t done anything to prepare. If I want to try and get up to speed and into compliance quickly, where do I start? What are the “easy wins” here that I can achieve in a relatively short period of time?

You are not alone! Many companies are in a similar position or are still grappling with GDPR compliance and will not be ready in time. There is though still time and the old adage of better late than never is absolutely appropriate here.

The starting point for any company’s GDPR compliance efforts is assessing the changes it will be required to make to its present approach to privacy. This should involve an initial high-level assessment of:

  • Whether and which of its operations are going to be subject to the GDPR (some operations may be out of scope, e.g. the processing of US-based employee data);
  • The data that is collected and used in context of any in-scope operations; and
  • The level of compliance with the key requirements of the GDPR.

To undertake your initial assessment, you should form an internal working party. GDPR compliance is a team sport.

As data generally touches all areas of the business, your working party should be cross functional and involve individuals from legal, IT, marketing and other customer facing functions, HR and compliance.

Forming a GDPR working party and carrying out an initial assessment and audit can be undertaken in relatively short order.

Once you have done this, you should develop a project plan for compliance activities. At this stage prioritizing the important activities and quick wins will be key.

Here are the quick wins I would suggest:

  • Appoint a senior person as your privacy lead or data protection officer (where legally required);
  • Review and update customer and employee privacy policies;
  • Review and, where necessary, update consent mechanisms, particularly in relation to marketing and advertising activities;
  • Assess current procedures relating to responding to data subject rights requests and where appropriate put in place manual work arounds until you can implement more robust or automated processes;
  • Identify high risk vendors and implement GDPR compliant data processing agreements; and
  • Train your employees on the GDPR requirements generally and as relevant to their roles to reduce any operational risk relating to non-compliance with the GDPR.

Kolvin Stone, partner in Orrick, Herrington & Sutcliffe’s London office

Don’t Miss –


Thursday, May 24. Global Leaders in Law will hold a session titled, “What Do You Do If Your CEO Resigns?” in Seattle. On Friday, May 25, GLL Members will be hosted at the Legal Week Innovation Awards in London. GLL is an invitation-only membership group, offering GCs a global platform for in-person collaboration to exchange ideas and receive advice and guidance from peers. For more information, contact Meena Heath at mheath@alm.com.

Thursday, May 17. Check out the Asian American Bar Association of New York’s General Counsel Panel and Reception. Legal chiefs at AIG, Bank of America, Bristol-Myers Squibb, Newell Brands, Carter’s and Visa will be participating.

Monday-Tuesday, May 21-22. The Marketplace Risk Management Conference will be held in San Francisco. More than 300 tech companies will be represented, with the GCs of Airbnb, Lyft, Instacart and Sittercity slated to attend. The conference focuses on risk management for web and mobile marketplaces.

Tuesday-Wednesday, May 22-23. Corporate Counsel will host SuperConference 2018 in Chicago. The conference delivers the key insights and practical solutions today’s general counsel need to manage and better leverage C-suite relationships, prevent and mitigate the risks of a cyber attack, successfully overcome a litigation crisis, and more. Speakers include in-house lawyers from Aon, GE, Groupon, Kayak, Discover, Microsoft and Wayfair.

Thursday, June 14. The American Lawyer and LegalWeek will present the Transatlantic General Counsel Summit 2018 in London. The summit provides a platform for some of the most elite general counsel in the U.K., Europe and U.S. to identify and determine the meaningful difference the legal function can make when contributing to a company’s strategy.

“To put this in perspective, the current climate presents a significant threat and it is one of the bigger threats to the supply chain I’ve seen in my career.”

— Mark Jaeger, Jockey International GC, in a recent interview, reflecting on apparel tariffs proposed by the Trump administration

On the Move –



All Things Nice. Scarlett May is now GC of the Cheesecake Factory. (Yum.) She’s stepping in for Debby Zurzolo who announced earlier this year she plans to retire and ‘pursue other interests’ after spending nearly two decades with the cheesecake and casual dining empire. May comes from Brinker, which owns Chili’s and Maggiano’s, so she’ll know her way around.

Goal Complete. Christopher Mitchell has joined crowdfunding platform Kickstarter as its general counsel. He replaces Michal Rosenn who left for Expa late last year. Mitchell has worked in-house for littleBits, Tumblr, Yahoo and Sony Music.

A Short Wait. When City National Bank’s general counsel Mike Cahill retired from the company after 17 years, the bank called on his deputy, Jared Wolff. He was promoted after only four months in his current role with the bank. Wolff previously worked as a co-managing partner at Quarter Group, a Los Angeles real estate firm. He has held business and legal roles with PacWest Bancorp.

Games at Toys R Us? The New York Post published a piece this past week about how several execs at the bankrupt Toys R Us would be gone as of this Monday. The problem is they talked about how James Young, the general counsel who stepped in this past November after Cornell Boggs departed, was said to be among those leaving. When I called to confirm, Young denied he was leaving the company. A media rep said, “The Post piece is wrong.”