Skip to content Skip to navigation menu
Your browser is not supported by this site.
Please update to the latest version, or use a different browser for the best experience.
×

Corporate Counsel Connect collection

April 2015 edition

The Internet of Things; Exchange offers and restructurings; Cybersecurity issues for boards

The Internet of Things

Companies are increasingly looking to network devices, products and facilities through the internet (Internet of Things or IoT), both for consumer products and internal business operations. While the automation of business processes and controls through IoT technology can result in significant efficiencies, counsel must assess the associated legal risks.

Key issues for counsel to consider in enterprise IoT implementation include:

  • Assent. If a company uses automated contracts (for example, automated supply procurement based on usage data exchanged between networked devices), the terms governing these transactions must be clear as to when and how there is mutual assent.
  • Control. Increased automation of business processes necessarily shifts control over those processes to the IoT vendor or the device itself and makes them dependent on internet availability. IoT vendors can be expected to limit their liability for device malfunctions or internet outages.
  • Interoperability. With five major IoT standards bodies already formed, there is unlikely to be a universal standard for IoT technologies. IoT-dependent enterprises must therefore carefully choose components of their infrastructure to avoid being trapped in non-interoperable legacy systems.
  • Security. The FTC recently issued a report, Internet of Things: Privacy & Security in a Connected World, highlighting the privacy and security risks of the IoT. While the report focused on consumer IoT devices and risks to consumers, enterprise IoT technology raises many of the same risks, including:
    • unauthorized access and use of data;
    • systems vulnerability;
    • physical security; and
    • personal safety.

Counsel need to address these risks in negotiating IoT arrangements and reevaluate their clients' insurance coverage and business continuity plans, particularly for mission-critical processes.

For more information on the FTC's report on the risks of the IoT, see Legal Update, FTC Releases Internet of Things Report.

Exchange offers and restructurings

Recent case law developments could complicate, or even prevent, some non-consensual out-of-court restructurings for companies planning to conduct exchange offers or restructurings involving registered debt.

Two recent cases in the US District Court for the Southern District of New York have adopted a broad interpretation of Section 316(b) of the Trust Indenture Act of 1939 (TIA). The two cases, Marblegate Asset Management v. Education Management Corp. and MeehanCombs Global Credit Opportunities Funds, LP v. Caesars Entertainment Corp., both involved elimination of parent guarantees without 100% debtholder consent.

In Education Management, the court denied the plaintiffs' motion for a preliminary injunction seeking to block a restructuring. However, it stated in dicta that it believed the plaintiffs would likely succeed on a claim that the restructuring would violate the TIA. The court rejected a common, narrow reading of Section 316(b) that it simply protects a legal entitlement to demand payment. Instead, the court reasoned that it is a broad protection against non-consensual debt restructurings, creating a substantive right for each debtholder to actually obtain payment.

In Caesars, the court quoted and relied on Education Management in its central holding. The Caesars court denied a motion to dismiss on the grounds that the defendant was not in payment default and the TIA only protected a legal right to receive payment. The court agreed that removal of the parent guarantee would leave the plaintiffs with an empty right to assert a payment default against an insolvent issuer. This is the case even though the guarantee removal was allegedly permitted under the indenture's amendment provision. The Education Management court also stated that Section 316(b) “was intended to force bond restructurings into bankruptcy where unanimous consent could not be obtained.”

These cases may have the effect of empowering minority and dissenting debtholders. The broad reading of Section 316(b) complicates and may limit the ability of issuers and majority debtholders to conduct non-consensual out-of-court restructurings. The decisions raise the question of at what point does an indenture modification without consent in a restructuring impair the ability to obtain payment. Dissenting debtholders may now be quick to argue that a particular modification violates Section 316(b) and find it easier to hold out.

For more information on debt restructuring generally, see Practice Note, Methods of Restructuring Outstanding Debt Securities.

Cybersecurity issues for boards

With cybersecurity breaches becoming more common, counsel should carefully consider how responsibility, leadership and coordination regarding cybersecurity issues are structured within the management team and how that translates into increased focus from the board.

Given the recent breaches, the corporate governance community is increasingly concerned with adequately assessing and disclosing cybersecurity risks. These risks include financial and reputational harm, regulatory action and litigation. While management is generally responsible for identifying, assessing and monitoring cybersecurity risks, the extreme harm that can come from a breach has forced boards to increase their oversight of these issues.

While the board's focus will almost certainly be on the company's principal information security or IT officer, it is important for counsel to be sufficiently knowledgeable and prepared to provide advice to the board and answer any questions that the board may have.

While the technical nature of cybersecurity issues can make it difficult to obtain a deep understanding of the company's cybersecurity framework, many of the serious risks posed by breaches are in areas where boards may be better suited to have discussions with counsel.

If the principal information security or IT officer reports to another c-level executive, counsel should at a minimum:

  • Coordinate closely with that officer.
  • Understand as much as possible the technical nature of the company's cybersecurity framework to be prepared to bridge any gaps for the board.
  • Consider suggesting adding a dotted line reporting structure from that officer to counsel if no formal reporting relationship currently exists.

For more information on the board's role in addressing cybersecurity risks to the company, see Article, Board Oversight of Cybersecurity Risks.


About Practical Law

This look at the major issues on the horizon for corporate counsel comes from Practical Law – an online legal know-how service. View all the looming issues now – compliments of Practical Law The Journal, which covers the latest transactional and compliance topics that impact your practice. To gain access to more related know- how resources, please visit us.practicallaw.com.


Need Practice Know-How? GO