AGENCY:

International Trade Commission.

ACTION:

Summary of commission practice relating to administrative protective orders.

SUMMARY:

Since February 1991, the U.S. International Trade Commission (“Commission”) has published in the Federal Register reports on the status of its practice with respect to breaches of Start Printed Page 69332 its administrative protective orders (“APOs”) under the Tariff Act of 1930 in response to a direction contained in the Conference Report to the Customs and Trade Act of 1990. Over time, the Commission has added to its report discussions of APO breaches in Commission proceedings other than under title VII and violations of the Commission's rules, including the rule on bracketing business proprietary information (the “24-hour rule”). This notice provides a summary of APO breach investigations completed during fiscal year 2022. This summary addresses APO breach investigations related to proceedings under both title VII and section 337 of the Tariff Act of 1930. The Commission intends for this summary to inform representatives of parties to Commission proceedings of the specific types of APO breaches before the Commission and the corresponding types of actions that the Commission has taken.

FOR FURTHER INFORMATION CONTACT:

Caitlin Stephens, Office of the General Counsel, U.S. International Trade Commission, telephone (202) 205-2076. Hearing-impaired individuals may obtain information on this matter by contacting the Commission's TDD terminal at (202) 205-1810. General information concerning the Commission is available on its website at https://www.usitc.gov.

SUPPLEMENTARY INFORMATION:

Statutory authorities for Commission investigations provide for the release of business proprietary information (“BPI”) or confidential business information (“CBI”) to certain authorized representatives in accordance with requirements set forth in the Commission's Rules of Practice and Procedure. Such statutory and regulatory authorities include: 19 U.S.C. 1677f; 19 CFR 207.7; 19 U.S.C. 1337(n); 19 CFR 210.5, 210.34; 19 U.S.C. 2252(i); 19 CFR 206.17; 19 U.S.C. 4572(f); 19 CFR 208.22; 19 U.S.C. 1516a(g)(7)(A); and 19 CFR 207.100—207.120. The discussion below describes APO breach investigations that the Commission completed during fiscal year 2022, including descriptions of actions taken in response to any breaches.

Since 1991, the Commission has published annually a summary of its actions in response to violations of Commission APOs and rule violations. See86 FR 71916 (Dec. 20, 2021); 85 FR 7589 (Feb. 10, 2020); 83 FR 42140 (Aug. 20, 2018); 83 FR 17843 (Apr. 24, 2018); 82 FR 29322 (June 28, 2017); 81 FR 17200 (Mar. 28, 2016); 80 FR 1664 (Jan. 13, 2015); 78 FR 79481 (Dec. 30, 2013); 77 FR 76518 (Dec. 28, 2012); 76 FR 78945 (Dec. 20, 2011); 75 FR 66127 (Oct. 27, 2010); 74 FR 54071 (Oct. 21, 2009); 73 FR 51843 (Sept. 5, 2008); 72 FR 50119 (Aug. 30, 2007); 71 FR 39355 (July 12, 2006); 70 FR 42382 (July 22, 2005); 69 FR 29972 (May 26, 2004); 68 FR 28256 (May 23, 2003); 67 FR 39425 (June 7, 2002); 66 FR 27685 (May 18, 2001); 65 FR 30434 (May 11, 2000); 64 FR 23355 (Apr. 30, 1999); 63 FR 25064 (May 6, 1998); 62 FR 13164 (Mar. 19, 1997); 61 FR 21203 (May 9, 1996); 60 FR 24880 (May 10, 1995); 59 FR 16834 (Apr. 8, 1994); 58 FR 21991 (Apr. 26, 1993); 57 FR 12335 (Apr. 9, 1992); and 56 FR 4846 (Feb. 6, 1991). This report does not provide an exhaustive list of conduct that will be deemed to be a breach of the Commission's APOs. The Commission considers APO breach investigations on a case-by-case basis.

As part of the Commission's efforts to educate practitioners about the Commission's current APO practice, the Secretary to the Commission (“Secretary”) issued in January 2022 a sixth edition of An Introduction to Administrative Protective Order Practice in Import Injury Investigations (Pub. No. 5280). This document is available on the Commission's website at http://www.usitc.gov.

I. In General

A. Antidumping and Countervailing Duty Investigations

The current APO application form for antidumping and countervailing duty investigations, which the Commission revised in May 2020, requires an APO applicant to agree to:

(1) Not divulge any of the BPI disclosed under this APO or otherwise obtained in this investigation and not otherwise available to him or her, to any person other than—

(i) Personnel of the Commission concerned with the investigation,

(ii) The person or agency from whom the BPI was obtained,

(iii) A person whose application for disclosure of BPI under this APO has been granted by the Secretary, and

(iv) Other persons, such as paralegals and clerical staff, who (a) are employed or supervised by and under the direction and control of the authorized applicant or another authorized applicant in the same firm whose application has been granted; (b) have a need thereof in connection with the investigation; (c) are not involved in competitive decision making for an interested party which is a party to the investigation; and (d) have signed the acknowledgment for clerical personnel in the form attached hereto (the authorized applicant shall also sign such acknowledgment and will be deemed responsible for such persons' compliance with this APO);

(2) Use such BPI solely for the purposes of the above-captioned Commission investigation or for U.S. judicial or review pursuant to the North American Free Trade Agreement the determination resulting from such investigation of such Commission investigation;

(3) Not consult with any person not described in paragraph (1) concerning BPI disclosed under this APO or otherwise obtained in this investigation without first having received the written consent of the Secretary and the party or the representative of the party from whom such BPI was obtained;

(4) Whenever materials ( e.g., documents, computer disks or similar media) containing such BPI are not being used, store such material in a locked file cabinet, vault, safe, or other suitable container (N.B.: [S]torage of BPI on so-called hard disk computer media or similar media is to be avoided, because mere erasure of data from such media may not irrecoverably destroy the BPI and may result in violation of paragraph C of this APO);

(5) Serve all materials containing BPI disclosed under this APO as directed by the Secretary and pursuant to section 207.7(f) of the Commission's rules;

(6) Transmit each document containing BPI disclosed under this APO:

(i) With a cover sheet identifying the document as containing BPI,

(ii) With all BPI enclosed in brackets and each page warning that the document contains BPI,

(iii) If the document is to be filed by a deadline, with each page marked “Bracketing of BPI not final for one business day after date of filing,” and

(iv) Within two envelopes, the inner one sealed and marked “Business Proprietary Information—To be opened only by [name of recipient]”, and the outer one sealed and not marked as containing BPI;

(7) Comply with the provision of this APO and section 207.7 of the Commission's rules

(i) Make true and accurate representations in the authorized applicant's application and promptly notify the Secretary of any changes that occur after the submission of the application and that affect the representations made in the application ( e.g. [,] change in personnel assigned to the investigation),

(ii) Report promptly and confirm in writing to the Secretary any possible breach of this APO, and Start Printed Page 69333

(iii) Acknowledge that breach of this APO may subject the authorized applicant and other persons to such sanctions or other actions as the Commission deems appropriate, including the administrative sanctions and actions set out in this APO.

The APO form for antidumping and countervailing duty investigations also provides for the return or destruction of the BPI obtained under the APO on the order of the Secretary, at the conclusion of the investigation, or at the completion of Judicial Review. The BPI disclosed to an authorized applicant under an APO during the preliminary phase of the investigation generally may remain in the applicant's possession during the final phase of the investigation.

The APO further provides that breach of an APO may subject an applicant to:

(1) Disbarment from practice in any capacity before the Commission along with such person's partners, associates, employer, and employees, for up to seven years following publication of a determination that the order has been breached;

(2) Referral to the United States Attorney;

(3) In the case of an attorney, accountant, or other professional, referral to the ethics panel of the appropriate professional association;

(4) Such other administrative sanctions as the Commission determines to be appropriate, including public release of, or striking from the record any information or briefs submitted by, or on behalf of, such person or the party he represents; denial of further access to business proprietary information in the current or any future investigations before the Commission, and issuance of a public or private letter of reprimand; and

(5) Such other actions, including but not limited to, a warning letter, as the Commission determines to be appropriate.

APOs issued in cross-border long-haul trucking (“LHT”) investigations, conducted under the United States-Mexico-Canada Agreement (“USMCA”) Implementation Act, 19 U.S.C. 4571-4574 (19 U.S.C. 4501 note), and safeguard investigations, conducted under the statutory authorities listed in 19 CFR 206.1 and 206.31, contain similar (though not identical) provisions.

B. Section 337 Investigations

APOs in section 337 investigations differ from those in title VII investigations: There is no set form like the title VII APO application, and provisions of individual APOs may differ depending on the investigation and the presiding administrative law judge. However, in practice, the provisions are often similar in scope and applied quite similarly. Any person seeking access to CBI during a section 337 investigation (including outside counsel for parties to the investigation, secretarial and support personnel assisting such counsel, and technical experts and their staff who are employed for the purposes of the investigation) is required to read the APO, file a letter with the Secretary indicating agreement to be bound by the terms of the APO, agree not to reveal CBI to anyone other than another person permitted access by the APO, and agree to utilize the CBI solely for the purposes of that investigation.

In general, an APO in a section 337 investigation will define what kind of information is CBI and direct how CBI is to be designated and protected. The APO will state which persons may have access to CBI and which of those persons must sign onto the APO. The APO will provide instructions on how CBI is to be maintained and protected by labeling documents and filing transcripts under seal. It will provide protections for the suppliers of CBI by notifying them of a Freedom of Information Act request for the CBI and providing a procedure for the supplier to seek to prevent the release of the information. There are provisions for disputing the designation of CBI and a procedure for resolving such disputes. Under the APO, suppliers of CBI are given the opportunity to object to the release of the CBI to a proposed expert. The APO requires a person who discloses CBI, other than in a manner authorized by the APO, to provide all pertinent facts to the supplier of the CBI and to the administrative law judge and to make every effort to prevent further disclosure. Under Commission practice, if the underlying investigation is before the Commission at the time of the alleged breach or if the underlying investigation has been terminated, a person who discloses CBI, other than in a manner authorized by the APO, should report the disclosure to the Secretary. See19 CFR 210.25, 210.34(c). Upon final termination of an investigation, the APO requires all signatories to the APO to either return to the suppliers or, with the written consent of the CBI supplier, destroy the originals and all copies of the CBI obtained during the investigation.

The Commission's regulations provide for the imposition of certain sanctions if a person subject to the APO violates its restrictions. The Commission keeps the names of the persons being investigated for violating an APO confidential unless the sanction imposed is a public letter of reprimand. 19 CFR 210.34(c)(1). The possible sanctions are:

(1) An official reprimand by the Commission.

(2) Disqualification from or limitation of further participation in a pending investigation.

(3) Temporary or permanent disqualification from practicing in any capacity before the Commission pursuant to 19 CFR 201.15(a).

(4) Referral of the facts underlying the violation to the appropriate licensing authority in the jurisdiction in which the individual is licensed to practice.

(5) Making adverse inferences and rulings against a party involved in the violation of the APO or such other action that may be appropriate. 19 CFR 210.34(c)(3).

Commission employees are not signatories to the Commission's APOs and do not obtain access to BPI or CBI through APO procedures. Consequently, they are not subject to the requirements of the APO with respect to the handling of BPI and CBI. However, Commission employees are subject to strict statutory and regulatory constraints concerning BPI and CBI, and they face potentially severe penalties for noncompliance. See18 U.S.C. 1905; title 5, U.S. Code; and Commission personnel policies implementing the statutes. Although the Privacy Act (5 U.S.C. 552a) limits the Commission's authority to disclose any personnel action against agency employees, this should not lead the public to conclude that no such actions have been taken.

II. Investigations of Alleged APO Breaches

The Commission conducts APO breach investigations for potential breaches that occur in title VII, safeguard, and LHT investigations, as well as potential breaches in section 337 investigations that are before the Commission or have been terminated.^[1] Administrative law judges handle potential APO breaches in section 337 investigations when the breach occurred and is discovered while the underlying investigation is before the administrative law judge. The Commission may review any decision that the administrative law judge makes Start Printed Page 69334 on sanctions in accordance with Commission regulations. See19 CFR 210.25, 210.34(c).

For Commission APO breach investigations, upon finding evidence of an APO breach or receiving information that there is reason to believe that one has occurred, the Secretary notifies relevant Commission offices that the Secretary has opened an APO breach file and the Commission has commenced an APO breach investigation. The Commission then notifies the alleged breaching parties of the alleged breach and provides them with the voluntary option to proceed under a one- or two-step investigatory process. Under the two-step process, which was the Commission's historic practice, the Commission determines first whether a breach has occurred and, if so, who is responsible for it. This is done after the alleged breaching parties have been provided an opportunity to present their views on the matter. The breach investigation may conclude after this first step if: (1) the Commission determines that no breach occurred and issues a letter so stating; or (2) the Commission finds that a breach occurred, but concludes that no further action is warranted and issues a warning letter. If the Commission determines that a breach occurred that warrants further action, the Commission will then determine what sanction, if any, to impose. Before making this determination, the Commission provides the breaching parties with an opportunity to present their views on the appropriate sanction and any mitigating circumstances. The Commission can decide as part of either the first or second step to issue a warning letter. A warning letter is not a sanction, but the Commission will consider a warning letter as part of a subsequent APO breach investigation.

The Commission recognizes that the two-step process can result in duplicative work for the alleged breaching party and Commission staff in some APO breach investigations. For example, parties who self-report their own breach often address mitigating circumstances and sanctions in their initial response to the Commission's letter of inquiry on the breach. But, under the Commission's two-step process, they must await a Commission decision on breach and then submit again their views on mitigating circumstances and sanctions. To streamline this process and accelerate processing times, the Commission offers alleged breaching parties the option to voluntarily elect a one-step APO breach investigation process. Under this process, the Commission will determine simultaneously whether a breach occurred and, if so, the appropriate sanction to impose, if any. Under either process, the alleged breaching party has the opportunity to submit affidavits reciting the facts concerning the alleged breach and mitigating factors pertaining to the appropriate response if a breach is found.

Sanctions for APO violations serve three basic interests: (a) preserving the confidence of submitters of BPI/CBI that the Commission is a reliable protector of BPI/CBI; (b) disciplining breachers; and (c) deterring future violations. As the Conference Report to the Omnibus Trade and Competitiveness Act of 1988 observed: “[T]he effective enforcement of limited disclosure under [APO] depends in part on the extent to which private parties have confidence that there are effective sanctions against violation.” H.R. Conf. Rep. 100-576, at 623 (1988).

The Commission has worked to develop consistent jurisprudence, not only in determining whether a breach has occurred, but also in selecting an appropriate response. In determining the appropriate response, the Commission generally considers mitigating factors such as the unintentional nature of the breach, the lack of prior breaches committed by the breaching party, the corrective measures taken by the breaching party, and the promptness with which the breaching party reported the violation to the Commission. The Commission also considers aggravating circumstances, especially whether persons not authorized under the APO had access to and viewed the BPI/CBI. The Commission considers whether there have been prior breaches by the same person or persons in other investigations and whether there have been multiple breaches by the same person or persons in the same investigation.

The Commission's rules permit an economist or consultant to obtain access to BPI/CBI under the APO in a title VII, safeguard, or LHT investigation if the economist or consultant is under the direction and control of an attorney under the APO, or if the economist or consultant appears regularly before the Commission and represents an interested party who is a party to the investigation. See19 CFR 207.7(a)(3)(i)(B) and (C); 19 CFR 206.17(a)(3)(i)(B) and (C); and 19 CFR 208.22(a)(3)(i)(B) and (C). Economists and consultants who obtain access to BPI/CBI under the APO under the direction and control of an attorney nonetheless remain individually responsible for complying with the APO. In appropriate circumstances, for example, an economist under the direction and control of an attorney may be held responsible for a breach of the APO by failing to redact APO information from a document that is subsequently filed with the Commission and served as a public document, or for retaining BPI/CBI without consent of the submitter after the termination of an investigation. This is so even though the Commission may also hold the attorney exercising direction or control over the economist or consultant responsible for the APO breach. In section 337 investigations, technical experts and their staff who are employed for the purposes of the investigation are required to sign onto the APO and agree to comply with its provisions.

The records of Commission investigations of alleged APO breaches in antidumping and countervailing duty cases, section 337 investigations, safeguard investigations, and LHT investigations are not publicly available and are exempt from disclosure under the Freedom of Information Act, 5 U.S.C. 552. See, e.g.,19 U.S.C. 1677f(g); 19 U.S.C. 1333(h); 19 CFR 210.34(c).

The two types of breaches most frequently investigated by the Commission involve: (1) the APO's prohibition on the dissemination or exposure of BPI or CBI to unauthorized persons; and (2) the APO's requirement that the materials received under the APO be returned or destroyed and that a certificate be filed with the Commission indicating what actions were taken after the termination of the investigation or any subsequent appeals of the Commission's determination. The dissemination of BPI/CBI usually occurs as the result of failure to delete BPI/CBI from public versions of documents filed with the Commission or transmission of proprietary versions of documents to unauthorized recipients. Other breaches have included the failure to bracket properly BPI/CBI in proprietary documents filed with the Commission, the failure to report immediately known or suspected violations of an APO, and the failure to adequately supervise non-lawyers in the handling of BPI/CBI.

Occasionally, the Commission conducts APO breach investigations that involve members of a law firm or consultants working with a firm who were granted access to APO materials by the firm although they were not APO signatories. In many of these cases, the firm and the person using the BPI/CBI mistakenly believed an APO application had been filed for that person. The Commission has determined in all of these cases that the person who was a non-signatory, and therefore did not Start Printed Page 69335 agree to be bound by the APO, could not be found to have breached the APO. However, under Commission rule 201.15 (19 CFR 201.15), the Commission may take action against these persons for good cause shown. In all cases in which the Commission has taken such action, it decided that the non-signatory appeared regularly before the Commission, was aware of the requirements and limitations related to APO access, and should have verified their APO status before obtaining access to and using the BPI/CBI. The Commission notes that section 201.15 may also be available to issue sanctions to attorneys or agents in different factual circumstances in which they did not technically breach the APO, but their action or inaction did not demonstrate diligent care of the APO materials, even though they appeared regularly before the Commission and were aware of the importance that the Commission places on the proper care of APO materials.

The Commission has held routinely that the disclosure of BPI/CBI through recoverable metadata or hidden text constitutes a breach of the APO even when the BPI/CBI is not immediately visible without further manipulation of the document. In such cases, breaching parties have transmitted documents that appear to be public documents in which the parties have removed or redacted all BPI/CBI. However, further inspection of the document reveals that confidential information is actually retrievable by manipulating codes in software or through the recovery of hidden text or metadata. In such instances, the Commission has found that the electronic transmission of a public document with BPI/CBI in a recoverable form was a breach of the APO.

The Commission has cautioned counsel to ensure that each authorized applicant files with the Commission within 60 days of the completion of an import injury investigation or at the conclusion of judicial or binational review of the Commission's determination, a certificate stating that, to the signatory's knowledge and belief, all copies of BPI/CBI have been returned or destroyed, and no copies of such materials have been made available to any person to whom disclosure was not specifically authorized. This requirement applies to each attorney, consultant, or expert in a firm who has access to BPI/CBI. One firm-wide certificate is insufficient.

Attorneys who are signatories to the APO in a section 337 investigation should inform the administrative law judge and the Secretary if there are any changes to the information that was provided in the application for access to the CBI. This is similar to the requirement to update an applicant's information in title VII investigations.

In addition, attorneys who are signatories to the APO in a section 337 investigation should send a notice to the Commission if they stop participating in the investigation or the subsequent appeal of the Commission's determination. The notice should inform the Commission about the disposition of CBI obtained under the APO that was in their possession, or the Commission could hold them responsible for any failure of their former firm to return or destroy the CBI in an appropriate manner.

III. Specific APO Breach Investigations

Case 1. The Commission determined that a partner at a law firm breached the APO issued in a title VII investigation when the partner supervised the drafting, revision, and review of a publicly filed document that contained BPI.

Three attorneys, including the partner, were responsible for drafting the document at issue. Despite the firm's instructions to place brackets around any BPI that an attorney added to the draft, one of the non-partner attorneys inadvertently failed to include brackets around a quote in a footnote. The partner completed two full reviews of the document before its filing, but the partner failed to identify the unbracketed BPI in the footnote. The law firm filed the document on the Commission's Electronic Document Information System (EDIS), and it also served the document on all parties on the public service list. The Commission first became aware of this breach through Commission staff, who discovered the exposed BPI and notified the Secretary. The Office of the Secretary notified the partner of the breach, and the law firm filed a corrected version of the public document later that day.

In determining whether to issue a sanction for the breach, the Commission considered mitigating factors, including that: (1) the breach was inadvertent and unintentional; (2) the law firm took prompt corrective actions to mitigate the effect of the breach by correcting its filing, notifying the recipients of the document's error and of its substitute filing, and obtaining the recipient's confirmation of the document's destruction; and (3) the partner had not previously breached an APO in the two-year period preceding the date of the breach. The Commission also considered the following aggravating factors: (1) the Commission was the first to discover and flag the breach; and (2) unauthorized individuals accessed and presumably viewed the CBI.

The Commission issued a private letter of reprimand to the partner after finding that the partner was ultimately responsible for the failure to redact BPI from the public document.

Case 2. The Commission determined that an expert breached the APO issued in a section 337 investigation by submitting expert reports containing CBI in several unrelated actions pending before a federal district court.

The expert drafted and filed before a federal district court six expert reports that contained a sentence from the confidential version of an administrative law judge's initial determination. Two months later, counsel for one of the parties involved in the underlying section 337 investigation, and in the federal district court action, notified the expert that the quoted sentence did not appear in the public version of the initial determination. The expert took immediate steps to replace the page that contained the CBI, but the expert did not notify the Commission until about a month after the breach's discovery. The expert acknowledged the failure to follow firm procedures, which would have required comparison of the draft expert report with the public version of the initial determination.

In determining whether to issue a sanction for the breach, the Commission considered the following mitigating factors: (1) the breach was inadvertent and unintentional; (2) the expert self-reported the breach to the Commission; and (3) the expert had not previously breached an APO in the two-year period preceding the breach. The Commission also considered the following aggravating factors: (1) the expert did not discover the breach; (2) the breach resulted in exposure of CBI to unauthorized individuals; (3) there was a delay of two months between the discovery of the breach and the mitigation of the breach; (4) the expert waited more than one month to report the breach to the Commission; and (5) the expert failed to handle CBI with due diligence and care, and the expert did not follow firm procedures for protecting CBI.

The Commission issued a private letter of reprimand to the expert.

Case 3. The Commission determined that a supervisory attorney at a law firm breached an APO in a title VII investigation when a legal support staff member under the attorney's supervision inadvertently attached a confidential brief from one investigation to a public brief in another investigation and publicly filed both briefs as one Start Printed Page 69336 document with the Department of Commerce (Commerce). The Commission also determined that the supervisory attorney breached the APO a second time by providing BPI to that legal support staff member before the staff member had signed an APO acknowledgment for clerical personnel.

After filing the document in Commerce's IA ACCESS website, the legal support staff member served the document on the parties listed on the public brief's service list. None of the served parties were on the APO service list for the confidential brief. Three days later, the law firm received notification from one of the parties on the public brief's service list that the document contained BPI from an unrelated investigation. Upon review of the document, the law firm discovered that the legal support staff member who had filed and served the document had included a copy of a confidential brief from another title VII investigation. The law firm immediately contacted Commerce to request removal of the document from the IA ACCESS website. Commerce indicated to the law firm that multiple individuals had accessed the document while it was posted publicly to that website. The law firm also contacted the parties on the public service list to ask that they destroy any copies.

The law firm immediately notified the Commission of the breach after learning of it. In its correspondence to the Commission, the firm indicated that the breach occurred because of the legal support staff member's failure to follow firm procedures in handling and storing the confidential brief. The firm also indicated that the supervisory attorney had supervised the preparation of the confidential brief and had been aware of staff's inconsistent adherence to the firm's BPI procedures. In addition, over the course of the APO breach investigation, the Commission discovered that the supervisory attorney had provided BPI to the legal support staff member without first having the staff member sign an APO acknowledgment for clerical personnel.

In determining whether to issue a sanction for the breach, the Commission considered mitigating factors, including that: (1) the breach was inadvertent and unintentional; (2) the law firm took prompt action to remedy the breach and prevent further dissemination of BPI; (3) the law firm promptly self-reported the breach to the Commission; (4) the law firm implemented new procedures to prevent similar breaches in the future; and (5) the supervisory attorney had not previously breached an APO in the two-year period preceding the date of the breach. The Commission also considered the following aggravating factors: (1) unauthorized individuals had access to and viewed the BPI; (2) the law firm violated the APO in two different ways; (3) the law firm did not discover either breach; and (4) the supervisory attorney and legal support staff failed to follow the law firm's procedures for protecting BPI.

The Commission also considered whether to find in breach of the APO a second attorney who supervised the preparation of the public brief, and it determined not to do so. The second attorney was an APO signatory in both relevant investigations, but the second attorney had not supervised the preparation of the confidential brief. Further, the second attorney had reviewed the public brief before the legal support staff member had attached the confidential version to it. The Commission determined that the second attorney would have had no reason to suspect that the legal support staff member would attach BPI materials to the public brief after the final review and approval of the brief.

The Commission issued a private letter of reprimand to the supervisory attorney. The Commission did not take any further action against the legal support staff member whose actions contributed to the breach because the staff member had since passed away.

Case 4. The Commission determined that two attorneys at a law firm breached an APO in a title VII investigation when they reviewed, filed in EDIS, and served a public version of a brief that contained unredacted BPI belonging to a third party.

The attorneys served the brief on the parties to the public service list in the investigation, which included individuals who were not authorized under the APO to view BPI, and the brief was publicly posted to EDIS, where at least one unauthorized individual accessed it. In addition, one of the attorneys forwarded copies of the brief to the firm's clients. Two days after filing and serving the brief, the two attorneys received notification from another party to the investigation (after Commission business hours) that the brief contained BPI. The two attorneys immediately reviewed the brief, and they discovered that they had bracketed, but failed to remove, the BPI at issue. That same day, the two attorneys contacted their clients and the parties on the public service list to request that they destroy the brief and contact anyone else to whom they may have forwarded the brief. The next day, the two attorneys notified the Commission of the breach and requested that the Secretary remove the document from public view on EDIS. Over the course of the investigation, the two attorneys confirmed to the Commission that they had received responses (and confirmations of destruction) from all but two individual recipients of the brief. Those two individuals never acknowledged the attorneys' emails nor confirmed destruction of the brief.

In determining whether to issue a sanction for the breach, the Commission considered mitigating factors, including that: (1) the breach was inadvertent and unintentional; (2) the law firm promptly self-reported the breach to the Commission; (3) the law firm took prompt action to remedy the breach and prevent further dissemination of BPI; (4) the law firm implemented new procedures to prevent similar breaches in the future; and (5) neither attorney had previously breach an APO in the two-year period preceding the date of the breach. The Commission also considered the following aggravating factors: (1) unauthorized individuals had access to and presumably viewed the BPI; and (2) the law firm did not discover its own breach.

The Commission determined to issue private letters of reprimand to both attorneys.

Case 5. The Commission determined that an attorney and a paralegal at a law firm breached the APO in a title VII investigation when an economist at the firm accessed BPI materials that the law firm had received under the APO before the Secretary had approved the economist's APO application.

The attorney, who was lead counsel for the investigation, did not confirm that the Secretary had approved the economist's APO application before instructing the economist to access the BPI materials. The economist also failed to confirm that the Secretary had approved the APO application before accessing the BPI materials. The paralegal, who had set up the folder containing the BPI materials in the law firm's system, had failed to restrict access to the folder (in accordance with the firm's procedures) to only authorized individuals whose APO applications had been approved. Upon discovery that the Secretary had not yet approved the economist's APO application, the attorney immediately notified the Commission of the breach and restricted access to the folder containing the BPI materials to approved APO applicants. However, the economist had access to and viewed on several occasions the BPI at issue for approximately two weeks before authorized to do so. The law firm confirmed that the economist was the Start Printed Page 69337 only unauthorized individual to access the BPI materials.

In determining whether to issue a sanction for the breach, the Commission considered mitigating factors, including that: (1) the breach was inadvertent and unintentional; (2) the law firm took prompt action to remedy the breach and prevent further dissemination of BPI; (3) the firm immediately self-reported the breach to the Commission; (4) the law firm implemented new procedures to prevent similar breaches in the future; (5) the economist, who was later added to the APO, acted at all times as if bound by the APO, and thus no other unauthorized individuals viewed the BPI materials; and (6) the attorney and the paralegal had not previously breached an APO in the two-year period preceding the date of the breach. The Commission also considered the following aggravating factors: (1) the economist was not an authorized APO signatory at the time of the initial access and viewing of the BPI; and (2) the attorney, the paralegal, and the economist failed to follow the law firm's procedures for protecting BPI.

The Commission determined to issue warning letters to the attorney and the paralegal. The Commission also found that good cause existed to issue a warning letter to the economist under 19 CFR 201.15(a). Though the economist was not a signatory to the APO at the time of the inappropriate access to the BPI, the economist was, or should have been, aware of the requirements and limitations related to APO access. The economist's failure to verify that the Commission had accepted the APO application before using the BPI materials demonstrated a disregard for the Commission's rules protecting the confidentiality of the information that is provided under the APO.

Case 6. The Commission determined that 18 attorneys from one law firm breached the APO issued in a section 337 investigation when the law firm filed in EDIS a public version of a document that contained unredacted CBI in a footnote.

Two supervisory attorneys oversaw the redaction and filing of the public version of the document and 16 attorneys contributed to its review and redaction. Each attorney had the opportunity to discover the presence of the unredacted CBI in the footnote of the document during their respective review, but none did. The firm filed the document in EDIS and served it on the parties. One day later, one of the firm's attorneys, who had an opportunity to review the document before its filing, discovered that the footnote in question contained unredacted CBI. The firm notified the Commission that same day, after the document had been publicly posted to EDIS, and the firm filed a replacement document about a week later.

In determining whether to issue a sanction for the breach, the Commission considered the following mitigating factors: (1) the breach was inadvertent and unintentional; (2) the law firm took prompt action to remedy the breach and prevent further dissemination of CBI; (3) the law firm immediately self-reported the breach to the Commission; and (4) the law firm implemented new procedures to prevent similar breaches in the future. The Commission also considered the aggravating factor that unauthorized persons had access to and presumably viewed CBI.

The Commission issued warning letters to 16 attorneys whose actions contributed to the breach. The Commission also issued private letters of reprimand to the two supervisory attorneys who bore ultimate responsibility for overseeing the redaction and filing of the document at issue.

Case 7. The Commission determined that a supervisory attorney and an associate attorney breached the APO issued in a section 337 investigation when they exposed CBI from the investigation to their client.

The associate attorney, in reporting the work that the attorney had performed for the underlying investigation, noted details of that work in an internal electronic time entry system. The details included references to company names that one of the parties to the investigation considered to be CBI. The firm incorporated the associate attorney's entries from the time entry system into a billing invoice that it sent to its client. The supervisory attorney personally reviewed the billing invoice at issue and approved it for transmittal to the firm's client. Upon receipt of the billing invoice, the client contacted the firm to inquire about the entries that contained CBI, which caused the firm to discover its own breach. The firm requested that its client return the original invoice, and the client immediately did so. The firm notified the party whose CBI was exposed, and after conducting an internal investigation, the firm notified the Commission about two months later.

In determining whether to issue a sanction for the breach, the Commission considered the following mitigating factors: (1) the breach was inadvertent and unintentional; (2) the law firm self-reported the breach to the Commission; (3) the law firm took prompt action to remedy the breach and prevent further dissemination of CBI; (4) the attorneys had not previously breached an APO in the two-year period preceding the date of the breach; and (5) the law firm implemented new measures to prevent future similar breaches in the future. The Commission also considered the following aggravating factors: (1) unauthorized persons had access to and viewed CBI; and (2) the law firm waited nearly two months to notify the Commission of the breach.

The Commission issued a warning letter to the associate attorney whose actions contributed to, but did not directly cause, the breach. It issued a private letter of reprimand to the supervisory attorney.

Case 8. The Commission determined that 16 attorneys from one law firm breached the APO issued in a section 337 investigation when the law firm filed in EDIS 79 public demonstrative exhibits that contained unredacted CBI.

Fifteen attorneys were part of a team that was responsible for preparing and filing demonstrative exhibits following a hearing in the investigation. One senior attorney was responsible for supervising the team's effort. The breach occurred because when, in preparing the demonstrative exhibits for filing, the team failed to follow an instruction to place a “-C” designation after the exhibit number where the exhibits contained CBI. Because the team did not include the “-C” designation on the exhibits in question, the legal support staff who filed the exhibits in EDIS assumed that they were public and filed them on the public record. Over a year later, the law firm learned that opposing counsel in unrelated federal court litigation accessed the exhibits through EDIS. The law firm promptly notified the Commission and the affected parties whose CBI had been exposed, and the firm spent over 1,000 hours in its efforts to remediate the breach. Following the breach's discovery, the law firm changed its protocols for protecting CBI in section 337 investigations.

In determining whether to issue a sanction for the breach, the Commission considered the following mitigating factors: (1) the breach was inadvertent and unintentional; (2) the law firm discovered its own breach and promptly self-reported it to the Commission; (3) the law firm took prompt action to investigate and remedy the breach; (4) the attorneys had not previously breached an APO in the preceding two years; and (5) the law firm implemented new measures to prevent future similar breaches. The Commission also considered the following aggravating factors: (1) unauthorized persons had access to and viewed CBI; and (2) the Start Printed Page 69338 delay in the discovery of the breach left CBI publicly exposed for a period of about 15 months.

The Commission issued a private letter of reprimand to the supervisor of the team responsible for the preparation and filing of the exhibits at issue after finding that the attorney's supervision was inadequate and failed to secure the confidential treatment of the CBI in those exhibits. The Commission issued warning letters to 14 attorneys on the team who contributed to the preparation and filing of the exhibits. The Commission also issued a warning letter to one attorney who did not directly participate in the preparation and filing of the exhibits but permitted legal support staff to use, without supervision, the attorney's credentials to file the exhibits.

Case 9. The Commission found that an associate attorney breached the APO issued in a section 337 investigation when the attorney's actions exposed CBI obtained under the APO to the attorney's client.

The breach occurred when the attorney arranged for the client to access firm files stored on an electronic server by a discovery vendor. The attorney instructed the vendor to provide the client with limited access to certain file locations that stored only public files. However, the attorney did not verify that the vendor had followed the attorney's instructions before granting the client access to the firm's files. The vendor mistakenly granted the client unlimited access, and, as a result, the client inadvertently accessed 14 files containing CBI obtained under the APO. In accordance with the predetermined arrangement, the vendor terminated that client's unlimited access one day later. However, the attorney did not discover the breach until about 14 months later. The attorney reported the breach to the Commission a few days after making the discovery.

In determining whether to issue a sanction for the breach, the Commission considered the following mitigating factors: (1) the breach was inadvertent and unintentional; (2) the law firm discovered its own breach; (3) the law firm took prompt action to investigate and remedy the breach; (4) the attorney had not previously breached an APO in the two-year period preceding the date of the breach; and (5) the law firm self-reported its own breach to the Commission. The Commission also considered the following aggravating factors: (1) unauthorized persons had access to and viewed CBI; and (2) the law firm did not discover its own breach until about 14 months after it occurred. However, the Commission noted that because the client's access to the CBI-containing files was limited to one day, the CBI was not exposed to unauthorized individuals during those 14 months.

The Commission issued a private letter of reprimand to the associate attorney and found that, in the context of this matter, the attorney was obligated to take additional steps to ensure that the client was unable to access the files containing CBI.

Case 10. The Commission determined that an attorney and a paralegal at a law firm breached the APO in a title VII investigation when they publicly filed in EDIS a brief with BPI in recoverable hidden text.

While multiple attorneys reviewed the public version of the brief, the attorney and the paralegal were the only individuals who prepared and reviewed the final .pdf version of the document. Under firm procedures, the paralegal prepared the public version of the document by changing bracketed BPI to white font, converting the document from Microsoft Word to a .pdf file format, and then removing hidden information from the final .pdf file. Following the paralegal's preparation of the final document, the attorney reviewed the .pdf version of the document to ensure that all BPI had been removed from the file. The paralegal then publicly filed the document to EDIS. That same day, while preparing the document for service, another paralegal at the same firm noticed that the document contained BPI in recoverable hidden text. The attorney immediately notified the Commission of the breach and requested that the document be removed from public viewing. However, unauthorized individuals accessed and presumably viewed the brief while it was posted publicly to EDIS.

In determining whether to issue a sanction for the breach, the Commission considered mitigating factors, including that: (1) the breach was inadvertent and unintentional; (2) the law firm discovered its own breach; (3) the law firm took prompt action to remedy the breach and prevent further dissemination of BPI; (4) the law firm immediately self-reported the breach to the Commission; (5) the law firm implemented new procedures to prevent similar breaches in the future; and (6) neither the attorney nor the paralegal had previously breached an APO in the two-year period preceding the date of the breach. The Commission also considered the aggravating factor that unauthorized persons had access to and presumably viewed BPI.

The Commission determined to issue private letters of reprimand to both the attorney and the paralegal. The Commission also considered whether to find in breach other attorneys and legal support staff who reviewed the public version of the brief and approved the bracketing. However, the Commission declined to do so, determining that this breach occurred not because of bracketing issues, but because of a failure to remove properly bracketed BPI from the final .pdf file.

Footnotes