Notice2022-25108
Summary of Commission Practice Relating to Administrative Protective Orders
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
November 18, 2022
Issuing agencies
International Trade Commission
Abstract
Since February 1991, the U.S. International Trade Commission ("Commission") has published in the Federal Register reports on the status of its practice with respect to breaches of its administrative protective orders ("APOs") under the Tariff Act of 1930 in response to a direction contained in the Conference Report to the Customs and Trade Act of 1990. Over time, the Commission has added to its report discussions of APO breaches in Commission proceedings other than under title VII and violations of the Commission's rules, including the rule on bracketing business proprietary information (the "24-hour rule"). This notice provides a summary of APO breach investigations completed during fiscal year 2022. This summary addresses APO breach investigations related to proceedings under both title VII and section 337 of the Tariff Act of 1930. The Commission intends for this summary to inform representatives of parties to Commission proceedings of the specific types of APO breaches before the Commission and the corresponding types of actions that the Commission has taken.
Full Text
<html>
<head>
<title>Federal Register, Volume 87 Issue 222 (Friday, November 18, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 222 (Friday, November 18, 2022)]
[Notices]
[Pages 69331-69338]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-25108]
-----------------------------------------------------------------------
INTERNATIONAL TRADE COMMISSION
Summary of Commission Practice Relating to Administrative
Protective Orders
AGENCY: International Trade Commission.
ACTION: Summary of commission practice relating to administrative
protective orders.
-----------------------------------------------------------------------
SUMMARY: Since February 1991, the U.S. International Trade Commission
(``Commission'') has published in the Federal Register reports on the
status of its practice with respect to breaches of
[[Page 69332]]
its administrative protective orders (``APOs'') under the Tariff Act of
1930 in response to a direction contained in the Conference Report to
the Customs and Trade Act of 1990. Over time, the Commission has added
to its report discussions of APO breaches in Commission proceedings
other than under title VII and violations of the Commission's rules,
including the rule on bracketing business proprietary information (the
``24-hour rule''). This notice provides a summary of APO breach
investigations completed during fiscal year 2022. This summary
addresses APO breach investigations related to proceedings under both
title VII and section 337 of the Tariff Act of 1930. The Commission
intends for this summary to inform representatives of parties to
Commission proceedings of the specific types of APO breaches before the
Commission and the corresponding types of actions that the Commission
has taken.
FOR FURTHER INFORMATION CONTACT: Caitlin Stephens, Office of the
General Counsel, U.S. International Trade Commission, telephone (202)
205-2076. Hearing-impaired individuals may obtain information on this
matter by contacting the Commission's TDD terminal at (202) 205-1810.
General information concerning the Commission is available on its
website at <a href="https://www.usitc.gov">https://www.usitc.gov</a>.
SUPPLEMENTARY INFORMATION: Statutory authorities for Commission
investigations provide for the release of business proprietary
information (``BPI'') or confidential business information (``CBI'') to
certain authorized representatives in accordance with requirements set
forth in the Commission's Rules of Practice and Procedure. Such
statutory and regulatory authorities include: 19 U.S.C. 1677f; 19 CFR
207.7; 19 U.S.C. 1337(n); 19 CFR 210.5, 210.34; 19 U.S.C. 2252(i); 19
CFR 206.17; 19 U.S.C. 4572(f); 19 CFR 208.22; 19 U.S.C. 1516a(g)(7)(A);
and 19 CFR 207.100--207.120. The discussion below describes APO breach
investigations that the Commission completed during fiscal year 2022,
including descriptions of actions taken in response to any breaches.
Since 1991, the Commission has published annually a summary of its
actions in response to violations of Commission APOs and rule
violations. See 86 FR 71916 (Dec. 20, 2021); 85 FR 7589 (Feb. 10,
2020); 83 FR 42140 (Aug. 20, 2018); 83 FR 17843 (Apr. 24, 2018); 82 FR
29322 (June 28, 2017); 81 FR 17200 (Mar. 28, 2016); 80 FR 1664 (Jan.
13, 2015); 78 FR 79481 (Dec. 30, 2013); 77 FR 76518 (Dec. 28, 2012); 76
FR 78945 (Dec. 20, 2011); 75 FR 66127 (Oct. 27, 2010); 74 FR 54071
(Oct. 21, 2009); 73 FR 51843 (Sept. 5, 2008); 72 FR 50119 (Aug. 30,
2007); 71 FR 39355 (July 12, 2006); 70 FR 42382 (July 22, 2005); 69 FR
29972 (May 26, 2004); 68 FR 28256 (May 23, 2003); 67 FR 39425 (June 7,
2002); 66 FR 27685 (May 18, 2001); 65 FR 30434 (May 11, 2000); 64 FR
23355 (Apr. 30, 1999); 63 FR 25064 (May 6, 1998); 62 FR 13164 (Mar. 19,
1997); 61 FR 21203 (May 9, 1996); 60 FR 24880 (May 10, 1995); 59 FR
16834 (Apr. 8, 1994); 58 FR 21991 (Apr. 26, 1993); 57 FR 12335 (Apr. 9,
1992); and 56 FR 4846 (Feb. 6, 1991). This report does not provide an
exhaustive list of conduct that will be deemed to be a breach of the
Commission's APOs. The Commission considers APO breach investigations
on a case-by-case basis.
As part of the Commission's efforts to educate practitioners about
the Commission's current APO practice, the Secretary to the Commission
(``Secretary'') issued in January 2022 a sixth edition of An
Introduction to Administrative Protective Order Practice in Import
Injury Investigations (Pub. No. 5280). This document is available on
the Commission's website at <a href="http://www.usitc.gov">http://www.usitc.gov</a>.
I. In General
A. Antidumping and Countervailing Duty Investigations
The current APO application form for antidumping and countervailing
duty investigations, which the Commission revised in May 2020, requires
an APO applicant to agree to:
(1) Not divulge any of the BPI disclosed under this APO or
otherwise obtained in this investigation and not otherwise available to
him or her, to any person other than--
(i) Personnel of the Commission concerned with the investigation,
(ii) The person or agency from whom the BPI was obtained,
(iii) A person whose application for disclosure of BPI under this
APO has been granted by the Secretary, and
(iv) Other persons, such as paralegals and clerical staff, who (a)
are employed or supervised by and under the direction and control of
the authorized applicant or another authorized applicant in the same
firm whose application has been granted; (b) have a need thereof in
connection with the investigation; (c) are not involved in competitive
decision making for an interested party which is a party to the
investigation; and (d) have signed the acknowledgment for clerical
personnel in the form attached hereto (the authorized applicant shall
also sign such acknowledgment and will be deemed responsible for such
persons' compliance with this APO);
(2) Use such BPI solely for the purposes of the above-captioned
Commission investigation or for U.S. judicial or review pursuant to the
North American Free Trade Agreement the determination resulting from
such investigation of such Commission investigation;
(3) Not consult with any person not described in paragraph (1)
concerning BPI disclosed under this APO or otherwise obtained in this
investigation without first having received the written consent of the
Secretary and the party or the representative of the party from whom
such BPI was obtained;
(4) Whenever materials (e.g., documents, computer disks or similar
media) containing such BPI are not being used, store such material in a
locked file cabinet, vault, safe, or other suitable container (N.B.:
[S]torage of BPI on so-called hard disk computer media or similar media
is to be avoided, because mere erasure of data from such media may not
irrecoverably destroy the BPI and may result in violation of paragraph
C of this APO);
(5) Serve all materials containing BPI disclosed under this APO as
directed by the Secretary and pursuant to section 207.7(f) of the
Commission's rules;
(6) Transmit each document containing BPI disclosed under this APO:
(i) With a cover sheet identifying the document as containing BPI,
(ii) With all BPI enclosed in brackets and each page warning that
the document contains BPI,
(iii) If the document is to be filed by a deadline, with each page
marked ``Bracketing of BPI not final for one business day after date of
filing,'' and
(iv) Within two envelopes, the inner one sealed and marked
``Business Proprietary Information--To be opened only by [name of
recipient]'', and the outer one sealed and not marked as containing
BPI;
(7) Comply with the provision of this APO and section 207.7 of the
Commission's rules
(i) Make true and accurate representations in the authorized
applicant's application and promptly notify the Secretary of any
changes that occur after the submission of the application and that
affect the representations made in the application (e.g.[,] change in
personnel assigned to the investigation),
(ii) Report promptly and confirm in writing to the Secretary any
possible breach of this APO, and
[[Page 69333]]
(iii) Acknowledge that breach of this APO may subject the
authorized applicant and other persons to such sanctions or other
actions as the Commission deems appropriate, including the
administrative sanctions and actions set out in this APO.
The APO form for antidumping and countervailing duty investigations
also provides for the return or destruction of the BPI obtained under
the APO on the order of the Secretary, at the conclusion of the
investigation, or at the completion of Judicial Review. The BPI
disclosed to an authorized applicant under an APO during the
preliminary phase of the investigation generally may remain in the
applicant's possession during the final phase of the investigation.
The APO further provides that breach of an APO may subject an
applicant to:
(1) Disbarment from practice in any capacity before the Commission
along with such person's partners, associates, employer, and employees,
for up to seven years following publication of a determination that the
order has been breached;
(2) Referral to the United States Attorney;
(3) In the case of an attorney, accountant, or other professional,
referral to the ethics panel of the appropriate professional
association;
(4) Such other administrative sanctions as the Commission
determines to be appropriate, including public release of, or striking
from the record any information or briefs submitted by, or on behalf
of, such person or the party he represents; denial of further access to
business proprietary information in the current or any future
investigations before the Commission, and issuance of a public or
private letter of reprimand; and
(5) Such other actions, including but not limited to, a warning
letter, as the Commission determines to be appropriate.
APOs issued in cross-border long-haul trucking (``LHT'')
investigations, conducted under the United States-Mexico-Canada
Agreement (``USMCA'') Implementation Act, 19 U.S.C. 4571-4574 (19
U.S.C. 4501 note), and safeguard investigations, conducted under the
statutory authorities listed in 19 CFR 206.1 and 206.31, contain
similar (though not identical) provisions.
B. Section 337 Investigations
APOs in section 337 investigations differ from those in title VII
investigations: There is no set form like the title VII APO
application, and provisions of individual APOs may differ depending on
the investigation and the presiding administrative law judge. However,
in practice, the provisions are often similar in scope and applied
quite similarly. Any person seeking access to CBI during a section 337
investigation (including outside counsel for parties to the
investigation, secretarial and support personnel assisting such
counsel, and technical experts and their staff who are employed for the
purposes of the investigation) is required to read the APO, file a
letter with the Secretary indicating agreement to be bound by the terms
of the APO, agree not to reveal CBI to anyone other than another person
permitted access by the APO, and agree to utilize the CBI solely for
the purposes of that investigation.
In general, an APO in a section 337 investigation will define what
kind of information is CBI and direct how CBI is to be designated and
protected. The APO will state which persons may have access to CBI and
which of those persons must sign onto the APO. The APO will provide
instructions on how CBI is to be maintained and protected by labeling
documents and filing transcripts under seal. It will provide
protections for the suppliers of CBI by notifying them of a Freedom of
Information Act request for the CBI and providing a procedure for the
supplier to seek to prevent the release of the information. There are
provisions for disputing the designation of CBI and a procedure for
resolving such disputes. Under the APO, suppliers of CBI are given the
opportunity to object to the release of the CBI to a proposed expert.
The APO requires a person who discloses CBI, other than in a manner
authorized by the APO, to provide all pertinent facts to the supplier
of the CBI and to the administrative law judge and to make every effort
to prevent further disclosure. Under Commission practice, if the
underlying investigation is before the Commission at the time of the
alleged breach or if the underlying investigation has been terminated,
a person who discloses CBI, other than in a manner authorized by the
APO, should report the disclosure to the Secretary. See 19 CFR 210.25,
210.34(c). Upon final termination of an investigation, the APO requires
all signatories to the APO to either return to the suppliers or, with
the written consent of the CBI supplier, destroy the originals and all
copies of the CBI obtained during the investigation.
The Commission's regulations provide for the imposition of certain
sanctions if a person subject to the APO violates its restrictions. The
Commission keeps the names of the persons being investigated for
violating an APO confidential unless the sanction imposed is a public
letter of reprimand. 19 CFR 210.34(c)(1). The possible sanctions are:
(1) An official reprimand by the Commission.
(2) Disqualification from or limitation of further participation in
a pending investigation.
(3) Temporary or permanent disqualification from practicing in any
capacity before the Commission pursuant to 19 CFR 201.15(a).
(4) Referral of the facts underlying the violation to the
appropriate licensing authority in the jurisdiction in which the
individual is licensed to practice.
(5) Making adverse inferences and rulings against a party involved
in the violation of the APO or such other action that may be
appropriate. 19 CFR 210.34(c)(3).
Commission employees are not signatories to the Commission's APOs
and do not obtain access to BPI or CBI through APO procedures.
Consequently, they are not subject to the requirements of the APO with
respect to the handling of BPI and CBI. However, Commission employees
are subject to strict statutory and regulatory constraints concerning
BPI and CBI, and they face potentially severe penalties for
noncompliance. See 18 U.S.C. 1905; title 5, U.S. Code; and Commission
personnel policies implementing the statutes. Although the Privacy Act
(5 U.S.C. 552a) limits the Commission's authority to disclose any
personnel action against agency employees, this should not lead the
public to conclude that no such actions have been taken.
II. Investigations of Alleged APO Breaches
The Commission conducts APO breach investigations for potential
breaches that occur in title VII, safeguard, and LHT investigations, as
well as potential breaches in section 337 investigations that are
before the Commission or have been terminated.\1\ Administrative law
judges handle potential APO breaches in section 337 investigations when
the breach occurred and is discovered while the underlying
investigation is before the administrative law judge. The Commission
may review any decision that the administrative law judge makes
[[Page 69334]]
on sanctions in accordance with Commission regulations. See 19 CFR
210.25, 210.34(c).
---------------------------------------------------------------------------
\1\ Procedures for investigations to determine whether a
prohibited act, such as a breach, has occurred and for imposing
sanctions for violation of the provisions of a protective order
issued during a North American Free Trade Agreement or USMCA panel
or committee proceedings are set out in 19 CFR 207.100-207.120. The
Commission's Office of Unfair Import Investigations conducts those
investigations initially.
---------------------------------------------------------------------------
For Commission APO breach investigations, upon finding evidence of
an APO breach or receiving information that there is reason to believe
that one has occurred, the Secretary notifies relevant Commission
offices that the Secretary has opened an APO breach file and the
Commission has commenced an APO breach investigation. The Commission
then notifies the alleged breaching parties of the alleged breach and
provides them with the voluntary option to proceed under a one- or two-
step investigatory process. Under the two-step process, which was the
Commission's historic practice, the Commission determines first whether
a breach has occurred and, if so, who is responsible for it. This is
done after the alleged breaching parties have been provided an
opportunity to present their views on the matter. The breach
investigation may conclude after this first step if: (1) the Commission
determines that no breach occurred and issues a letter so stating; or
(2) the Commission finds that a breach occurred, but concludes that no
further action is warranted and issues a warning letter. If the
Commission determines that a breach occurred that warrants further
action, the Commission will then determine what sanction, if any, to
impose. Before making this determination, the Commission provides the
breaching parties with an opportunity to present their views on the
appropriate sanction and any mitigating circumstances. The Commission
can decide as part of either the first or second step to issue a
warning letter. A warning letter is not a sanction, but the Commission
will consider a warning letter as part of a subsequent APO breach
investigation.
The Commission recognizes that the two-step process can result in
duplicative work for the alleged breaching party and Commission staff
in some APO breach investigations. For example, parties who self-report
their own breach often address mitigating circumstances and sanctions
in their initial response to the Commission's letter of inquiry on the
breach. But, under the Commission's two-step process, they must await a
Commission decision on breach and then submit again their views on
mitigating circumstances and sanctions. To streamline this process and
accelerate processing times, the Commission offers alleged breaching
parties the option to voluntarily elect a one-step APO breach
investigation process. Under this process, the Commission will
determine simultaneously whether a breach occurred and, if so, the
appropriate sanction to impose, if any. Under either process, the
alleged breaching party has the opportunity to submit affidavits
reciting the facts concerning the alleged breach and mitigating factors
pertaining to the appropriate response if a breach is found.
Sanctions for APO violations serve three basic interests: (a)
preserving the confidence of submitters of BPI/CBI that the Commission
is a reliable protector of BPI/CBI; (b) disciplining breachers; and (c)
deterring future violations. As the Conference Report to the Omnibus
Trade and Competitiveness Act of 1988 observed: ``[T]he effective
enforcement of limited disclosure under [APO] depends in part on the
extent to which private parties have confidence that there are
effective sanctions against violation.'' H.R. Conf. Rep. 100-576, at
623 (1988).
The Commission has worked to develop consistent jurisprudence, not
only in determining whether a breach has occurred, but also in
selecting an appropriate response. In determining the appropriate
response, the Commission generally considers mitigating factors such as
the unintentional nature of the breach, the lack of prior breaches
committed by the breaching party, the corrective measures taken by the
breaching party, and the promptness with which the breaching party
reported the violation to the Commission. The Commission also considers
aggravating circumstances, especially whether persons not authorized
under the APO had access to and viewed the BPI/CBI. The Commission
considers whether there have been prior breaches by the same person or
persons in other investigations and whether there have been multiple
breaches by the same person or persons in the same investigation.
The Commission's rules permit an economist or consultant to obtain
access to BPI/CBI under the APO in a title VII, safeguard, or LHT
investigation if the economist or consultant is under the direction and
control of an attorney under the APO, or if the economist or consultant
appears regularly before the Commission and represents an interested
party who is a party to the investigation. See 19 CFR 207.7(a)(3)(i)(B)
and (C); 19 CFR 206.17(a)(3)(i)(B) and (C); and 19 CFR
208.22(a)(3)(i)(B) and (C). Economists and consultants who obtain
access to BPI/CBI under the APO under the direction and control of an
attorney nonetheless remain individually responsible for complying with
the APO. In appropriate circumstances, for example, an economist under
the direction and control of an attorney may be held responsible for a
breach of the APO by failing to redact APO information from a document
that is subsequently filed with the Commission and served as a public
document, or for retaining BPI/CBI without consent of the submitter
after the termination of an investigation. This is so even though the
Commission may also hold the attorney exercising direction or control
over the economist or consultant responsible for the APO breach. In
section 337 investigations, technical experts and their staff who are
employed for the purposes of the investigation are required to sign
onto the APO and agree to comply with its provisions.
The records of Commission investigations of alleged APO breaches in
antidumping and countervailing duty cases, section 337 investigations,
safeguard investigations, and LHT investigations are not publicly
available and are exempt from disclosure under the Freedom of
Information Act, 5 U.S.C. 552. See, e.g., 19 U.S.C. 1677f(g); 19 U.S.C.
1333(h); 19 CFR 210.34(c).
The two types of breaches most frequently investigated by the
Commission involve: (1) the APO's prohibition on the dissemination or
exposure of BPI or CBI to unauthorized persons; and (2) the APO's
requirement that the materials received under the APO be returned or
destroyed and that a certificate be filed with the Commission
indicating what actions were taken after the termination of the
investigation or any subsequent appeals of the Commission's
determination. The dissemination of BPI/CBI usually occurs as the
result of failure to delete BPI/CBI from public versions of documents
filed with the Commission or transmission of proprietary versions of
documents to unauthorized recipients. Other breaches have included the
failure to bracket properly BPI/CBI in proprietary documents filed with
the Commission, the failure to report immediately known or suspected
violations of an APO, and the failure to adequately supervise non-
lawyers in the handling of BPI/CBI.
Occasionally, the Commission conducts APO breach investigations
that involve members of a law firm or consultants working with a firm
who were granted access to APO materials by the firm although they were
not APO signatories. In many of these cases, the firm and the person
using the BPI/CBI mistakenly believed an APO application had been filed
for that person. The Commission has determined in all of these cases
that the person who was a non-signatory, and therefore did not
[[Page 69335]]
agree to be bound by the APO, could not be found to have breached the
APO. However, under Commission rule 201.15 (19 CFR 201.15), the
Commission may take action against these persons for good cause shown.
In all cases in which the Commission has taken such action, it decided
that the non-signatory appeared regularly before the Commission, was
aware of the requirements and limitations related to APO access, and
should have verified their APO status before obtaining access to and
using the BPI/CBI. The Commission notes that section 201.15 may also be
available to issue sanctions to attorneys or agents in different
factual circumstances in which they did not technically breach the APO,
but their action or inaction did not demonstrate diligent care of the
APO materials, even though they appeared regularly before the
Commission and were aware of the importance that the Commission places
on the proper care of APO materials.
The Commission has held routinely that the disclosure of BPI/CBI
through recoverable metadata or hidden text constitutes a breach of the
APO even when the BPI/CBI is not immediately visible without further
manipulation of the document. In such cases, breaching parties have
transmitted documents that appear to be public documents in which the
parties have removed or redacted all BPI/CBI. However, further
inspection of the document reveals that confidential information is
actually retrievable by manipulating codes in software or through the
recovery of hidden text or metadata. In such instances, the Commission
has found that the electronic transmission of a public document with
BPI/CBI in a recoverable form was a breach of the APO.
The Commission has cautioned counsel to ensure that each authorized
applicant files with the Commission within 60 days of the completion of
an import injury investigation or at the conclusion of judicial or
binational review of the Commission's determination, a certificate
stating that, to the signatory's knowledge and belief, all copies of
BPI/CBI have been returned or destroyed, and no copies of such
materials have been made available to any person to whom disclosure was
not specifically authorized. This requirement applies to each attorney,
consultant, or expert in a firm who has access to BPI/CBI. One firm-
wide certificate is insufficient.
Attorneys who are signatories to the APO in a section 337
investigation should inform the administrative law judge and the
Secretary if there are any changes to the information that was provided
in the application for access to the CBI. This is similar to the
requirement to update an applicant's information in title VII
investigations.
In addition, attorneys who are signatories to the APO in a section
337 investigation should send a notice to the Commission if they stop
participating in the investigation or the subsequent appeal of the
Commission's determination. The notice should inform the Commission
about the disposition of CBI obtained under the APO that was in their
possession, or the Commission could hold them responsible for any
failure of their former firm to return or destroy the CBI in an
appropriate manner.
III. Specific APO Breach Investigations
Case 1. The Commission determined that a partner at a law firm
breached the APO issued in a title VII investigation when the partner
supervised the drafting, revision, and review of a publicly filed
document that contained BPI.
Three attorneys, including the partner, were responsible for
drafting the document at issue. Despite the firm's instructions to
place brackets around any BPI that an attorney added to the draft, one
of the non-partner attorneys inadvertently failed to include brackets
around a quote in a footnote. The partner completed two full reviews of
the document before its filing, but the partner failed to identify the
unbracketed BPI in the footnote. The law firm filed the document on the
Commission's Electronic Document Information System (EDIS), and it also
served the document on all parties on the public service list. The
Commission first became aware of this breach through Commission staff,
who discovered the exposed BPI and notified the Secretary. The Office
of the Secretary notified the partner of the breach, and the law firm
filed a corrected version of the public document later that day.
In determining whether to issue a sanction for the breach, the
Commission considered mitigating factors, including that: (1) the
breach was inadvertent and unintentional; (2) the law firm took prompt
corrective actions to mitigate the effect of the breach by correcting
its filing, notifying the recipients of the document's error and of its
substitute filing, and obtaining the recipient's confirmation of the
document's destruction; and (3) the partner had not previously breached
an APO in the two-year period preceding the date of the breach. The
Commission also considered the following aggravating factors: (1) the
Commission was the first to discover and flag the breach; and (2)
unauthorized individuals accessed and presumably viewed the CBI.
The Commission issued a private letter of reprimand to the partner
after finding that the partner was ultimately responsible for the
failure to redact BPI from the public document.
Case 2. The Commission determined that an expert breached the APO
issued in a section 337 investigation by submitting expert reports
containing CBI in several unrelated actions pending before a federal
district court.
The expert drafted and filed before a federal district court six
expert reports that contained a sentence from the confidential version
of an administrative law judge's initial determination. Two months
later, counsel for one of the parties involved in the underlying
section 337 investigation, and in the federal district court action,
notified the expert that the quoted sentence did not appear in the
public version of the initial determination. The expert took immediate
steps to replace the page that contained the CBI, but the expert did
not notify the Commission until about a month after the breach's
discovery. The expert acknowledged the failure to follow firm
procedures, which would have required comparison of the draft expert
report with the public version of the initial determination.
In determining whether to issue a sanction for the breach, the
Commission considered the following mitigating factors: (1) the breach
was inadvertent and unintentional; (2) the expert self-reported the
breach to the Commission; and (3) the expert had not previously
breached an APO in the two-year period preceding the breach. The
Commission also considered the following aggravating factors: (1) the
expert did not discover the breach; (2) the breach resulted in exposure
of CBI to unauthorized individuals; (3) there was a delay of two months
between the discovery of the breach and the mitigation of the breach;
(4) the expert waited more than one month to report the breach to the
Commission; and (5) the expert failed to handle CBI with due diligence
and care, and the expert did not follow firm procedures for protecting
CBI.
The Commission issued a private letter of reprimand to the expert.
Case 3. The Commission determined that a supervisory attorney at a
law firm breached an APO in a title VII investigation when a legal
support staff member under the attorney's supervision inadvertently
attached a confidential brief from one investigation to a public brief
in another investigation and publicly filed both briefs as one
[[Page 69336]]
document with the Department of Commerce (Commerce). The Commission
also determined that the supervisory attorney breached the APO a second
time by providing BPI to that legal support staff member before the
staff member had signed an APO acknowledgment for clerical personnel.
After filing the document in Commerce's IA ACCESS website, the
legal support staff member served the document on the parties listed on
the public brief's service list. None of the served parties were on the
APO service list for the confidential brief. Three days later, the law
firm received notification from one of the parties on the public
brief's service list that the document contained BPI from an unrelated
investigation. Upon review of the document, the law firm discovered
that the legal support staff member who had filed and served the
document had included a copy of a confidential brief from another title
VII investigation. The law firm immediately contacted Commerce to
request removal of the document from the IA ACCESS website. Commerce
indicated to the law firm that multiple individuals had accessed the
document while it was posted publicly to that website. The law firm
also contacted the parties on the public service list to ask that they
destroy any copies.
The law firm immediately notified the Commission of the breach
after learning of it. In its correspondence to the Commission, the firm
indicated that the breach occurred because of the legal support staff
member's failure to follow firm procedures in handling and storing the
confidential brief. The firm also indicated that the supervisory
attorney had supervised the preparation of the confidential brief and
had been aware of staff's inconsistent adherence to the firm's BPI
procedures. In addition, over the course of the APO breach
investigation, the Commission discovered that the supervisory attorney
had provided BPI to the legal support staff member without first having
the staff member sign an APO acknowledgment for clerical personnel.
In determining whether to issue a sanction for the breach, the
Commission considered mitigating factors, including that: (1) the
breach was inadvertent and unintentional; (2) the law firm took prompt
action to remedy the breach and prevent further dissemination of BPI;
(3) the law firm promptly self-reported the breach to the Commission;
(4) the law firm implemented new procedures to prevent similar breaches
in the future; and (5) the supervisory attorney had not previously
breached an APO in the two-year period preceding the date of the
breach. The Commission also considered the following aggravating
factors: (1) unauthorized individuals had access to and viewed the BPI;
(2) the law firm violated the APO in two different ways; (3) the law
firm did not discover either breach; and (4) the supervisory attorney
and legal support staff failed to follow the law firm's procedures for
protecting BPI.
The Commission also considered whether to find in breach of the APO
a second attorney who supervised the preparation of the public brief,
and it determined not to do so. The second attorney was an APO
signatory in both relevant investigations, but the second attorney had
not supervised the preparation of the confidential brief. Further, the
second attorney had reviewed the public brief before the legal support
staff member had attached the confidential version to it. The
Commission determined that the second attorney would have had no reason
to suspect that the legal support staff member would attach BPI
materials to the public brief after the final review and approval of
the brief.
The Commission issued a private letter of reprimand to the
supervisory attorney. The Commission did not take any further action
against the legal support staff member whose actions contributed to the
breach because the staff member had since passed away.
Case 4. The Commission determined that two attorneys at a law firm
breached an APO in a title VII investigation when they reviewed, filed
in EDIS, and served a public version of a brief that contained
unredacted BPI belonging to a third party.
The attorneys served the brief on the parties to the public service
list in the investigation, which included individuals who were not
authorized under the APO to view BPI, and the brief was publicly posted
to EDIS, where at least one unauthorized individual accessed it. In
addition, one of the attorneys forwarded copies of the brief to the
firm's clients. Two days after filing and serving the brief, the two
attorneys received notification from another party to the investigation
(after Commission business hours) that the brief contained BPI. The two
attorneys immediately reviewed the brief, and they discovered that they
had bracketed, but failed to remove, the BPI at issue. That same day,
the two attorneys contacted their clients and the parties on the public
service list to request that they destroy the brief and contact anyone
else to whom they may have forwarded the brief. The next day, the two
attorneys notified the Commission of the breach and requested that the
Secretary remove the document from public view on EDIS. Over the course
of the investigation, the two attorneys confirmed to the Commission
that they had received responses (and confirmations of destruction)
from all but two individual recipients of the brief. Those two
individuals never acknowledged the attorneys' emails nor confirmed
destruction of the brief.
In determining whether to issue a sanction for the breach, the
Commission considered mitigating factors, including that: (1) the
breach was inadvertent and unintentional; (2) the law firm promptly
self-reported the breach to the Commission; (3) the law firm took
prompt action to remedy the breach and prevent further dissemination of
BPI; (4) the law firm implemented new procedures to prevent similar
breaches in the future; and (5) neither attorney had previously breach
an APO in the two-year period preceding the date of the breach. The
Commission also considered the following aggravating factors: (1)
unauthorized individuals had access to and presumably viewed the BPI;
and (2) the law firm did not discover its own breach.
The Commission determined to issue private letters of reprimand to
both attorneys.
Case 5. The Commission determined that an attorney and a paralegal
at a law firm breached the APO in a title VII investigation when an
economist at the firm accessed BPI materials that the law firm had
received under the APO before the Secretary had approved the
economist's APO application.
The attorney, who was lead counsel for the investigation, did not
confirm that the Secretary had approved the economist's APO application
before instructing the economist to access the BPI materials. The
economist also failed to confirm that the Secretary had approved the
APO application before accessing the BPI materials. The paralegal, who
had set up the folder containing the BPI materials in the law firm's
system, had failed to restrict access to the folder (in accordance with
the firm's procedures) to only authorized individuals whose APO
applications had been approved. Upon discovery that the Secretary had
not yet approved the economist's APO application, the attorney
immediately notified the Commission of the breach and restricted access
to the folder containing the BPI materials to approved APO applicants.
However, the economist had access to and viewed on several occasions
the BPI at issue for approximately two weeks before authorized to do
so. The law firm confirmed that the economist was the
[[Page 69337]]
only unauthorized individual to access the BPI materials.
In determining whether to issue a sanction for the breach, the
Commission considered mitigating factors, including that: (1) the
breach was inadvertent and unintentional; (2) the law firm took prompt
action to remedy the breach and prevent further dissemination of BPI;
(3) the firm immediately self-reported the breach to the Commission;
(4) the law firm implemented new procedures to prevent similar breaches
in the future; (5) the economist, who was later added to the APO, acted
at all times as if bound by the APO, and thus no other unauthorized
individuals viewed the BPI materials; and (6) the attorney and the
paralegal had not previously breached an APO in the two-year period
preceding the date of the breach. The Commission also considered the
following aggravating factors: (1) the economist was not an authorized
APO signatory at the time of the initial access and viewing of the BPI;
and (2) the attorney, the paralegal, and the economist failed to follow
the law firm's procedures for protecting BPI.
The Commission determined to issue warning letters to the attorney
and the paralegal. The Commission also found that good cause existed to
issue a warning letter to the economist under 19 CFR 201.15(a). Though
the economist was not a signatory to the APO at the time of the
inappropriate access to the BPI, the economist was, or should have
been, aware of the requirements and limitations related to APO access.
The economist's failure to verify that the Commission had accepted the
APO application before using the BPI materials demonstrated a disregard
for the Commission's rules protecting the confidentiality of the
information that is provided under the APO.
Case 6. The Commission determined that 18 attorneys from one law
firm breached the APO issued in a section 337 investigation when the
law firm filed in EDIS a public version of a document that contained
unredacted CBI in a footnote.
Two supervisory attorneys oversaw the redaction and filing of the
public version of the document and 16 attorneys contributed to its
review and redaction. Each attorney had the opportunity to discover the
presence of the unredacted CBI in the footnote of the document during
their respective review, but none did. The firm filed the document in
EDIS and served it on the parties. One day later, one of the firm's
attorneys, who had an opportunity to review the document before its
filing, discovered that the footnote in question contained unredacted
CBI. The firm notified the Commission that same day, after the document
had been publicly posted to EDIS, and the firm filed a replacement
document about a week later.
In determining whether to issue a sanction for the breach, the
Commission considered the following mitigating factors: (1) the breach
was inadvertent and unintentional; (2) the law firm took prompt action
to remedy the breach and prevent further dissemination of CBI; (3) the
law firm immediately self-reported the breach to the Commission; and
(4) the law firm implemented new procedures to prevent similar breaches
in the future. The Commission also considered the aggravating factor
that unauthorized persons had access to and presumably viewed CBI.
The Commission issued warning letters to 16 attorneys whose actions
contributed to the breach. The Commission also issued private letters
of reprimand to the two supervisory attorneys who bore ultimate
responsibility for overseeing the redaction and filing of the document
at issue.
Case 7. The Commission determined that a supervisory attorney and
an associate attorney breached the APO issued in a section 337
investigation when they exposed CBI from the investigation to their
client.
The associate attorney, in reporting the work that the attorney had
performed for the underlying investigation, noted details of that work
in an internal electronic time entry system. The details included
references to company names that one of the parties to the
investigation considered to be CBI. The firm incorporated the associate
attorney's entries from the time entry system into a billing invoice
that it sent to its client. The supervisory attorney personally
reviewed the billing invoice at issue and approved it for transmittal
to the firm's client. Upon receipt of the billing invoice, the client
contacted the firm to inquire about the entries that contained CBI,
which caused the firm to discover its own breach. The firm requested
that its client return the original invoice, and the client immediately
did so. The firm notified the party whose CBI was exposed, and after
conducting an internal investigation, the firm notified the Commission
about two months later.
In determining whether to issue a sanction for the breach, the
Commission considered the following mitigating factors: (1) the breach
was inadvertent and unintentional; (2) the law firm self-reported the
breach to the Commission; (3) the law firm took prompt action to remedy
the breach and prevent further dissemination of CBI; (4) the attorneys
had not previously breached an APO in the two-year period preceding the
date of the breach; and (5) the law firm implemented new measures to
prevent future similar breaches in the future. The Commission also
considered the following aggravating factors: (1) unauthorized persons
had access to and viewed CBI; and (2) the law firm waited nearly two
months to notify the Commission of the breach.
The Commission issued a warning letter to the associate attorney
whose actions contributed to, but did not directly cause, the breach.
It issued a private letter of reprimand to the supervisory attorney.
Case 8. The Commission determined that 16 attorneys from one law
firm breached the APO issued in a section 337 investigation when the
law firm filed in EDIS 79 public demonstrative exhibits that contained
unredacted CBI.
Fifteen attorneys were part of a team that was responsible for
preparing and filing demonstrative exhibits following a hearing in the
investigation. One senior attorney was responsible for supervising the
team's effort. The breach occurred because when, in preparing the
demonstrative exhibits for filing, the team failed to follow an
instruction to place a ``-C'' designation after the exhibit number
where the exhibits contained CBI. Because the team did not include the
``-C'' designation on the exhibits in question, the legal support staff
who filed the exhibits in EDIS assumed that they were public and filed
them on the public record. Over a year later, the law firm learned that
opposing counsel in unrelated federal court litigation accessed the
exhibits through EDIS. The law firm promptly notified the Commission
and the affected parties whose CBI had been exposed, and the firm spent
over 1,000 hours in its efforts to remediate the breach. Following the
breach's discovery, the law firm changed its protocols for protecting
CBI in section 337 investigations.
In determining whether to issue a sanction for the breach, the
Commission considered the following mitigating factors: (1) the breach
was inadvertent and unintentional; (2) the law firm discovered its own
breach and promptly self-reported it to the Commission; (3) the law
firm took prompt action to investigate and remedy the breach; (4) the
attorneys had not previously breached an APO in the preceding two
years; and (5) the law firm implemented new measures to prevent future
similar breaches. The Commission also considered the following
aggravating factors: (1) unauthorized persons had access to and viewed
CBI; and (2) the
[[Page 69338]]
delay in the discovery of the breach left CBI publicly exposed for a
period of about 15 months.
The Commission issued a private letter of reprimand to the
supervisor of the team responsible for the preparation and filing of
the exhibits at issue after finding that the attorney's supervision was
inadequate and failed to secure the confidential treatment of the CBI
in those exhibits. The Commission issued warning letters to 14
attorneys on the team who contributed to the preparation and filing of
the exhibits. The Commission also issued a warning letter to one
attorney who did not directly participate in the preparation and filing
of the exhibits but permitted legal support staff to use, without
supervision, the attorney's credentials to file the exhibits.
Case 9. The Commission found that an associate attorney breached
the APO issued in a section 337 investigation when the attorney's
actions exposed CBI obtained under the APO to the attorney's client.
The breach occurred when the attorney arranged for the client to
access firm files stored on an electronic server by a discovery vendor.
The attorney instructed the vendor to provide the client with limited
access to certain file locations that stored only public files.
However, the attorney did not verify that the vendor had followed the
attorney's instructions before granting the client access to the firm's
files. The vendor mistakenly granted the client unlimited access, and,
as a result, the client inadvertently accessed 14 files containing CBI
obtained under the APO. In accordance with the predetermined
arrangement, the vendor terminated that client's unlimited access one
day later. However, the attorney did not discover the breach until
about 14 months later. The attorney reported the breach to the
Commission a few days after making the discovery.
In determining whether to issue a sanction for the breach, the
Commission considered the following mitigating factors: (1) the breach
was inadvertent and unintentional; (2) the law firm discovered its own
breach; (3) the law firm took prompt action to investigate and remedy
the breach; (4) the attorney had not previously breached an APO in the
two-year period preceding the date of the breach; and (5) the law firm
self-reported its own breach to the Commission. The Commission also
considered the following aggravating factors: (1) unauthorized persons
had access to and viewed CBI; and (2) the law firm did not discover its
own breach until about 14 months after it occurred. However, the
Commission noted that because the client's access to the CBI-containing
files was limited to one day, the CBI was not exposed to unauthorized
individuals during those 14 months.
The Commission issued a private letter of reprimand to the
associate attorney and found that, in the context of this matter, the
attorney was obligated to take additional steps to ensure that the
client was unable to access the files containing CBI.
Case 10. The Commission determined that an attorney and a paralegal
at a law firm breached the APO in a title VII investigation when they
publicly filed in EDIS a brief with BPI in recoverable hidden text.
While multiple attorneys reviewed the public version of the brief,
the attorney and the paralegal were the only individuals who prepared
and reviewed the final .pdf version of the document. Under firm
procedures, the paralegal prepared the public version of the document
by changing bracketed BPI to white font, converting the document from
Microsoft Word to a .pdf file format, and then removing hidden
information from the final .pdf file. Following the paralegal's
preparation of the final document, the attorney reviewed the .pdf
version of the document to ensure that all BPI had been removed from
the file. The paralegal then publicly filed the document to EDIS. That
same day, while preparing the document for service, another paralegal
at the same firm noticed that the document contained BPI in recoverable
hidden text. The attorney immediately notified the Commission of the
breach and requested that the document be removed from public viewing.
However, unauthorized individuals accessed and presumably viewed the
brief while it was posted publicly to EDIS.
In determining whether to issue a sanction for the breach, the
Commission considered mitigating factors, including that: (1) the
breach was inadvertent and unintentional; (2) the law firm discovered
its own breach; (3) the law firm took prompt action to remedy the
breach and prevent further dissemination of BPI; (4) the law firm
immediately self-reported the breach to the Commission; (5) the law
firm implemented new procedures to prevent similar breaches in the
future; and (6) neither the attorney nor the paralegal had previously
breached an APO in the two-year period preceding the date of the
breach. The Commission also considered the aggravating factor that
unauthorized persons had access to and presumably viewed BPI.
The Commission determined to issue private letters of reprimand to
both the attorney and the paralegal. The Commission also considered
whether to find in breach other attorneys and legal support staff who
reviewed the public version of the brief and approved the bracketing.
However, the Commission declined to do so, determining that this breach
occurred not because of bracketing issues, but because of a failure to
remove properly bracketed BPI from the final .pdf file.
By order of the Commission.
Issued: November 14, 2022.
Jessica Mullan,
Attorney Advisor.
[FR Doc. 2022-25108 Filed 11-17-22; 8:45 am]
BILLING CODE 7020-02-P
</pre></body>
</html>Indexed from Federal Register on November 18, 2022.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.