WE NEED 12 VOLUNTEERS. PLEASE HELP.

We invite you to join other members of the Technology Law Section as a volunteer at a Computers For Youth Family Workshop. The event will be Saturday, November 14, 2009 for the Morning Session: 8:30 am until 12:30 pm at the Young Middle School (Atlanta Public School System) 2250 Perry Blvd, Atlanta, GA 30318.

Volunteer Role. The Technology Law Section has committed to bringing 12 volunteers to assist in the classroom during one CFY Saturday workshop this fall. Volunteers need to be over 18 years old, should be familiar with computers, computer concepts, and software functions, but do not need to have an in-depth knowledge of computers. On that morning, before the training begins, volunteers will receive a Volunteer T-shirt (important to identify you in the crowd) and be treated to a coffee and donut breakfast. Much of the volunteer’s role is to be proactive, enthusiastic and to serve as the ‘eye’ and ‘ears’ of the lead teacher who will be training 6th graders and their families on how to use a computer and educational software. Volunteers assist families that fall behind or have questions, as well as help the families load up the computers and monitors into cars at the end of the workshop. It is a busy, fun, and very exciting day!

From Steve Combs:

I attended a prior Computers For Youth Event on behalf of the Technology Law Section. It is a very rewarding experience. Please sign up now.

About Computers for Youth and the Workshop. Computers for Youth (www.cfy.org) helps low-income children do better in school by improving their learning environment at home. They refurbish desktop computers and laptops that are donated by companies, with educational software carefully chosen for middle school children. At Saturday workshops coordinated with middle schools, they and volunteers provide every sixth grader in that school with training and a computer to take home.  The middle schools qualify by having 75% or more students eligible for federally subsidized lunch, among other factors. Computers For Youth is a national nonprofit with a regional office in Atlanta, Georgia.

REGISTRATION: To sign up, please contact Technology Law Section Volunteer Coordinator Steve Combs at scombs@howstuffworks.com or (404) 455-3822.

Map (Click the Marker for Directions): Young Middle School, 2250 Perry Blvd, Atlanta, GA 30318

Please join your fellow section members at Gordon Biersch in Midtown for a section meet and greet. We are also trying to get all of the past Executive Committee members to join us. We have reserved the Mezzanine Bar beginning at 5:00pm. Food and beverages will be provided. The address is 848 Peachtree Street.  Mark your calendars.

IMPORTANT: Please register online HERE so we will know how many to expect. There is no charge for this event.

Make your plans now to attend the 24th Annual Technology Law Institute.  This ICLE and Technology Law Section sponsored event will be Oct. 15, 2009 at the Bar Center in Atlanta.  The seminar Chair, W. Charles Ross, has put together a terrific set of topics and speakers for this annual program. You can download the brochure HERE. Topics include:

• The Coming Explosion in Domain Name Disputes:  The UDRP after 10 Years and How to Prepare for the Imminent Expansion of the Domain Name System
• Outsourcing in Tough Economic Times
• Legal Update:  Significant Federal and Georgia Cases Impacting Technology Law within the Past Year
•Keynote Speech: David Dempsey On “Presentations that Pop!”
• Hot Topics in Privacy in 2010
• Emerging Issues:  Information Security Regulation and Compliance

The program qualifies for 6 CLE Hours including 1 Professionalism Hour and 1 Trial Practice Hour.  For additional information and to REGISTER ONLINE for this program, visit the ICLE website at www.iclega.org/programs/7183.html

Planned Attendees: Chuck Ross, Ben Young, Steve Combs, Erinn Robinson, Warren Thomas, Sarah Shalf, Shelley Cox, David Keating, and Brett Lockwood.

Dialing in: Jason Daffner Maybe Jim Schutz Bob Neufeld.

Not Attending: Mari Myer, Larry Kunin, Jim Harvey, Melissa Yost.

1. Call to Order

2. Welcome – Chuck Ross

3. Agenda Items

–New Member Introduction–-Shelley Cox.

–Section Finance Update-–Chuck Ross

–Website Development Update–Steve Combs

–Journal Update–Brett Lockwood

–Logo Update–Steve Combs

–Law School Liaison Update–Warren Thomas

–EC Membership Update–Ben Young

–TLI Update–Chuck Ross

–Fall/Winter Meeting Planning Update–TBD

–Computers For Youth Volunteer Project–Steve Combs

4. Other Business

5. Adjourn

6. Next Meeting Date/Location

The August Technology Law Section executive committee meeting will be held Friday August 14th at 7:30 am in person at the offices of Troutman Sanders in Midtown.  As usual, the meeting will again be held in the “Troutman Room” on the 52nd floor.  Once you arrive on 52, head through the open doors and the conference room will be straight ahead.

Please let Benhamin Young know by the noon on Thursday whether you will be able to participate.  We  need a rough headcount since we will be ordering food.

Attendees: Chuck Ross, Ben Young, Steve Combs, Bob Neufeld, David Keating, Brett Lockwood, Mari Myer, Jim Harvey, Warren Thomas , Sarah Shalf, and Melissa Yost (by phone).

1.   Meeting called to order at 7:32 am

2.   Welcome – Chuck Ross

3.   Regular Agenda Items

–The EC welcomed Warren Thomas, the Section’s new law school liaison

–Mari announced her new practice and there was discussion of adding an announcement to the website.

–Section finances remain steady with a slight loss due to the Braves game expense. Some of the losses were regained through good attendance at the Section’s annual meeting. The Section also made a 10% contribution to the Bar’s Legal Foundation in response to the Bar’s request for assistance from all Sections.

–The EC discussed having a membership drive with various events, such as the Braves game and law school events. The Section also needs to review renewals from this year’s bar dues renewal notices.

–Steve gave a summary of the Annual Meeting, including the good attendance and positive feedback.

–Ben gave a summary of the Braves Game event with 40 people attending and plenty of excitement in the later innings.

–Ben discussed reviewing the current EC members for participation going forward.

– Steve will work on updating EC bios for the website. There was a discussion of including client alerts from various forms on the website. Steve will check with the Bar with respect to displaying advertising on the site.

–Steve and Brett set a date in mid August to discuss the next overall of the website design and journal formats. We may go to 2 major releases per year. The EC agreed we should start using year and volume numbers for the numbering scheme.

–The Legends of IP dinner organizers were granted permission by Chuck to use the Section’s email list.

–Chuck Ross provided an update on the Technology Law Institute.  Chuck will finalize topics late August; finalize materials late September. The event will run from 830am to 530pm.  1/2 hour lunch then David Dempsey as keynote. it will be a box lunch, not a sit-down lunch. Chuck will try to obtain one professional hour for David Dempsey lunch. ICLE will sponsor; email out announcements and do the electronic registration. A reception will be onsite. Steve will contact Merril (eDiscovery vendor) to see if they want to set up a table in exchange for a $500 sponsorship fee.

–The EC was contacted to offer ideas on possible legislation needed in Georgia. The EC discussed possible areas such as data breach legislation, adoption of UETA, etc. The EC decided that coming up with a formal position of the Section would be difficult given competing interests.

–The Section will do the Fall/Winter Meeting Planning after TLI.

4.         Meeting adjourned at 8:36 am

5.         Next Meeting Date/Location – August 14 at Troutman Sanders.

By

Stephen Combs and  Brett Lockwood.

Welcome to the Spring 2009 issue of the Technology Law Section’s quarterly publication The Georgia Journal of Technology Law. (The full printable version of this issue is available here!) This issue is brought to you by co-editors Stephen Combs of HowStuffWorks.com and Brett Lockwood of Smith, Gambrell & Russell, LLP. Please welcome Brett to his new role of editor for this and future editions of the Journal.

Table of Contents:

• Georgia Journal of Technology Law (Spring 2009 Edition)
• India’s New Information Technology Law Impacts Outsourcing Transactions
• Georgia’s New Non-Compete Statute and its Potential Effect on Technology Companies
• Technology Law Section Annual Report to the Bar (2008-2009)
• Q & A: Only Fools Rush In!

We hope you will also use the additional features on the Section’s website such as RSS feeds, a “Subscribe by Email” service, the Media Gallery, and a list of “Upcoming Events.”

This issue of The Georgia Journal of Technology Law is a web-only edition. Please let us know how you like the new format and features of the web-based Journal by commenting to this post or by using the Contact form. Please also leave feedback or questions for our contributing authors by commenting on their articles.

If you want a picture of yourself to show with your comments, go get a globally-recognized avatar at www.gravatar.com. It only takes a minute, and any image will do. The site allows you to crop the image as needed.

Due to our Annual Section Meeting scheduled for June 10, there will be no Executive Committee meeting for June. Instead, we will have a conference call at our normal date and time (Friday, June 12th at 7:30 am) to discuss planning for the Technology Law Institute. You only need to participate in the call if you have been tasked with any portion of TLI planning. You should know who you are, but if there are any questions, let Chuck know. For those participating in the call, the dial-in info will be as follows:

1-800-240-1720
Passcode: 80802994#

The Chair for 2009-10 is W. Charles Ross of the Gwinnett County Office of the District Attorney

The Vice Chair for 2009-10 is Ben Young of Troutman Sanders LLP

The Secretary for 2009-10 is Stephen Combs of HowStuffWorks.com

Special thanks to Gaines Carter of ARRIS Group, Inc. for serving as Chair for this past year. In particular, we would like to thank Gaines for organizing the 2008 Technology Law Institute. You can see video of the entire conference HERE, featuring Gaines and our other speakers.

Please join us at our next Executive Committee meeting if you want to become more involved in the Section. Use the Contact page to get in touch.

On February 5, 2009, the President of India signed into law the Information Technology (Amendment) Act, 2008 (the “ITAA”)³, a robust amendment to the country’s Information Technology Act, 2000 (the “IT Act”).⁴ The IT Act was enacted primarily to promote e-commerce and give effect to e-commerce transactions, with provisions for the legal recognition of electronic documents and digital signatures. It also included provisions for the identification of, and establishment of penalties for, certain cybercrimes. The ITAA is the culmination of a multiyear effort to update the IT Act to take into account new technologies, increases in cybercrimes, the growth of the business process outsourcing industry in India and rising global concerns about data privacy and security.

While the ITAA is a significant step forward in establishing a data protection framework in India, and in providing assurances for those doing business with Indian entities, much of the detail was left to a rule-making process that has yet to be completed. The Indian government ministries charged with establishing these rules have sought input from the Data Security Council of India (DSCI), a self-regulatory body established by the National Association of Software and Services Companies (NASSCOM),⁵ on several key data security-related terms and provisions left undefined by the ITAA. The DSCI submitted its recommendations to the Department of Information Technology on May 11, 2009.⁶ Until the specifics are finalized and put into practice, companies outsourcing to Indian providers still face many uncertainties about how the law will change the IT landscape and what impact it may have on their relationships with their sourcing providers. Although its efficacy remains to be seen, the ITAA sets the stage for outsourcing providers and their customers to engage in a more robust dialogue about customers’ electronic data and the appropriate measures for securing such data.

The Catalyst for Change
Increases in cybercrimes generally, coupled with the terrorist attack in Mumbai (largely effected through coordinated technology efforts), were likely a contributing factor in the recent passage of the ITAA, which had previously been stalled in India’s parliament since 2006. The ITAA expands the scope of cybercrimes (and includes cyber-terrorism), increases some of the penalties for cybercrimes and includes enhanced data retention, access and cooperation requirements for “intermediaries” (i.e., any person who receives, stores or transmits electronic records on behalf of another person, including ISPs and network and telecom providers) and others with responsibility for computer resources. The rapid growth of India’s outsourcing and information technology industries, in which the processing of data is often a critical component, is also a likely contributing factor in the ITAA’s passage. Without the confidence of the rest of the world, particularly the U.S. and Europe, India’s outsourcing industry could risk its competitive advantage. The ITAA represents an investment in India’s data security infrastructure and a signal to the outside world that India is still a stable place to do business.

The ITAA and Protection of Sensitive Personal Data
For companies doing business in India or with Indian entities, Section 43A of the ITAA is of particular importance. Section 43A is a new provision designed to hold companies accountable for the protection of personal data. It provides:

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

This provision has a number of important implications for the Indian outsourcing industry and its customers in other parts of the globe.

Establishes Corporate Reasonable Standard
Prior to its amendment, the IT Act focused more on individual hackers than on systematic data protection. The pre-amendment IT Act imposed liability on any “person” who (among other things) accesses or extracts data from a computer or network without the owner’s permission, damages the data or programs stored on a computer, or denies authorized access to a computer. The amendment, on the other hand, takes a broader view of the IT landscape in India by recognizing that corporations and other intermediaries also bear some responsibility in ensuring data in their possession is secure. Failure to do so creates a private right of action in the individuals whose sensitive personal information is compromised.

Defines Personal Data
Perhaps one of the more important consequences of the ITAA is that it introduces the concept of personal data into Indian law. The original IT Act punished unauthorized extraction of or damage to data, but it did not explicitly target personal data. The ITAA, however, requires companies to maintain the security of “sensitive personal data,” thus recognizing that certain data deserves a higher level of protection.

The ITAA, however, limits the protections afforded to “sensitive” personal data, which is defined in the act as “such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.”⁷ The Central Government of India has not yet prescribed what constitutes “sensitive personal data,” but the DSCI, at the government’s behest, has recommended that personal information be defined consistently with the EU Data Directive,⁸ as information that can identify an individual through one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Sensitive personal information, however, would be defined more narrowly to include health and financial data (but not embracing the broader EU concept of data regarding racial, ethnic, political and religious beliefs, which the DSCI has noted is often publicly known in India).

Notably, the DSCI’s draft recommendations limited sensitive personal information to data pertaining to a person’s health or sex life.⁹ As the protection of Section 43A is afforded only to “sensitive” personal data, this would have left financial data unprotected. Although the DSCI has now expanded its proposed definition of sensitive information to include financial data, it is not clear why the act extends the protection only to sensitive personal data or whether the Central Government will ultimately adopt a more expansive definition of sensitive personal data. The EU Data Directive, for instance, affords basic protections to all personal data, and distinguishes sensitive personal data for certain additional protections.

Establishes Security Standards
The ITAA also requires the use of “reasonable security practices and procedures,” which it defines as practices and procedures designed to protect sensitive personal information from unauthorized access, damage, use, modification, disclosure or impairment. What constitutes “reasonable security practices and procedures” may be specified in an agreement between the parties or in an applicable law. In the absence of an agreement or law, reasonable security practices may be prescribed by the Indian Central Government. Although this provides little clarity in describing the practices and procedures required, it stresses the need for companies to take a comprehensive and systematic approach to data protection (at least with respect to sensitive personal data).

As of the date of this article, the Indian Central Government had not yet prescribed “reasonable security practices and procedures.” However, the DSCI, noting that appropriate security measures may vary from one organization to the next depending on the type of information processed (and rejecting a “one-size-fits-all” approach), has recommended that companies: (1) adopt one or a combination of industry-recognized security standards, namely ISO 27001¹⁰ and/or the OECD Privacy Principles for design and operation of Information Security Management Systems,¹¹ and implement such standards within their organization in a manner that is appropriate given the nature of the company’s information assets and its corresponding risk assessment; and (2) publicly declare that it is following ISO 27001 principles (presumably via a website, privacy policy or similar publication, although the method of declaration is not specified). In addition, companies would be obligated to document the standard in writing, along with the specific controls they have implemented to meet the standard and how such controls are deployed. There is no requirement that companies undergo an audit (external or otherwise) to verify that the controls are in place or the effectiveness of the controls. However, in the event of a security breach, a company would be obligated to demonstrate to investigators that it had a written security policy, that it was following such policy, and that the controls required by its policy were commensurate with the assets being protected.

Other Important Provisions
While businesses focus on the new data protection rules, a host of other provisions of the ITAA has also received attention. Section 66 expands the definition of cybercrime to include identity theft and makes it punishable by up to three years in jail. Sections 66A – 66F define and impose penalties for other cybercrimes, including cyber-terrorism. The ITAA protects intermediaries, such as network service providers, when unlawful content is transmitted on their sites or via their networks, as long as they were not involved in the transmission and exercised “due diligence” in discharging their duties under the ITAA. The DSCI has recommended that intermediaries, in order to obtain the protections of the ITAA, declare their privacy, security and operational policies and procedures for the handling of third-party content and require their subscribers to agree to such policies.

Sections 69 through 69B grant the Central Government the authority to intercept, monitor and block access to electronic information in the interest of national security, and to monitor and collect “traffic data” (data identifying a person, computer system, or location to or from which the communication was transmitted, including origin, destination and other details) for purposes of enhancing cyber security, all in accordance with procedures and safeguards “as may be prescribed.” The Ministry of Communications & Information Technology has posted draft rules prescribing such procedures and safeguards at its website for public comment.¹² Among other things, the draft rules require authorities to consider whether there are other ways to acquire the necessary information and to issue orders to monitor or intercept such information only if it is not possible to obtain the information by other reasonable means. The draft rules also place time limits on how long an interception or monitoring order may remain in force, how quickly intermediaries must respond to an order for monitoring or interception of information and how long security agencies and intermediaries may retain the information obtained.

Section 70B creates a government agency, dubbed the “Indian Computer Emergency Response Team,” with responsibility over the analysis and dissemination of information and alerts regarding cyber incidents, the coordination of responses to cyber incidents and the issuance of guidelines regarding information security practices and the prevention, response and reporting of cyber incidents.

Consequences for Outsourcing to India
While the ITAA is an important first step for India in promoting and requiring appropriate data security protections, until it is formally adopted (via publication in the Official Gazette) and fully implemented, with “sensitive personal data” defined, “reasonable security practices and procedures” specified, and the corresponding rules promulgated, companies contemplating outsourcing operations or processes to an Indian provider should take care both in making the decision to move operations involving critical data offshore and in selecting and contracting with a provider.

Practice Pointers
While the ITAA may not necessarily require immediate and specific changes in your existing outsourcing contracts, it will certainly bring data security issues to the forefront for the Indian outsourcing community. Thus, the ITAA’s recent enactment may represent an opportunity to revisit contracts that may not have adequately addressed the issue in the first instance, or longer-term contracts where the existing data security provisions are outdated or otherwise inadequate. The following are some data security considerations to take into account when evaluating your existing outsourcing relationships with Indian providers or in entering into new ones:

• Diligence Your Provider’s Data Security Practices
  Thoroughly evaluate your Indian provider’s information security practices and procedures (including via a site visit, where feasible) before committing to a long-term relationship. Make sure the provider has a plan in place to address any identified gaps or deficiencies and follow up to make sure the plan is implemented.
• Document Compliance Obligations
  Your outsourcing agreement should expressly require your service provider to comply with those data security laws and regulations applicable to the provider (including the ITAA) and those applicable to the operations or functions it will perform for your company. Where applicable, include an obligation to comply with industry standards (e.g., the Payment Card Industry Data Security Standard ). In the event the Central Government has not prescribed reasonable security procedures, your outsourcing agreement should specifically define the provider’s data security obligations (which should supersede any less stringent requirements imposed by law).
• Address Security Breaches
  Determine and clearly document your provider’s obligations in the event of a security breach. Your outsourcing agreement should specifically address what constitutes a “security breach,” the circumstances under which the service provider is responsible for the breach, and what happens in the event of such a security breach.
• Obtain Robust Audit Rights
  Include robust audit rights in your agreement, allowing you to verify that your provider is doing what it agreed to do. These rights will be particularly important in the event there is a security breach.
• Negotiate Appropriate Remedies
  Negotiate, and document in your agreement, remedies in the event your provider fails to comply with its data security obligations. These might include indemnities, termination rights and/or other measures.
• Consider Liability Implications
  Consider and document the provider’s liability for direct and indirect damages for security breaches.

We Can Help / About Hunton & Williams
Hunton & Williams’ Global Technology, Outsourcing and Privacy practice has substantial experience advising clients in executing, managing and redefining large-scale outsourcing transactions. With our integrated privacy and sourcing practice, we are able to proactively assist our clients in addressing the complex data privacy and security issues typically encountered in outsourcing transactions. If you would like to discuss the Indian legislation, or need assistance in determining its impact on your organization’s proposed or existing outsourcing relationships, please contact us.

First principles, Clarice. Simplicity.

Silence of the Lambs is one of only three films to win the five major Academy Awards: Best Actor, Best Actress, Best Director, Best Picture and Best Screenplay (Adapted). Much of the cause for the movie’s success can be found in the dialogue between Hannibal Lecter and Clarice Starling. Starling is an FBI trainee who is (at first unwittingly) trying to find a serial killer named Buffalo Bill. Lecter is a brilliant former psychologist turned mental facility inmate. As the movie progresses, it becomes clear that Lecter knows about Buffalo Bill. Although he grows to like Starling, he does not share his knowledge directly with her. Instead, he gives her faint clues: an oblique reference to a storage facility containing Buffalo Bill’s first victim; an anagram that leads Starling to realize that Lecter did not provide Bill’s true identity to the authorities; a vague hint buried in Starling’s voluminous case file. At the end of the movie, Starling finds and kills Buffalo Bill because of her ability to decipher Lecter’s subtle tips.

Attempting to solve a difficult riddle can make for great entertainment, but it can be an unnecessary challenge for a business or an individual when trying to figure out the rules applying to certain situations. This is the case with the law governing non-compete, non-solicitation of customers, and non-disclosure of confidential information covenants in Georgia.² Georgia law is hostile to these covenants, but not in an explicit way like, say, California or North Dakota, which have an outright prohibition on non-competes (with limited exceptions). Instead, Georgia has a dense thicket of cases that create a series of traps for companies seeking to enforce restrictive covenants. Georgia common law has evolved over decades to create a bevy of bushes, branches, and fallen logs over and around which employers must navigate to enforce non-competes and other restrictive covenants. To keep with the Silence of the Lambs metaphor, Georgia courts have not come out and said, “Buffalo Bill lives in a house in Ohio; here’s the address.” Instead, the courts leave hints and clues, requiring a lawyer, much like Agent Starling, to piece them together to decipher what is permissible in a restrictive covenant. The cases on the subject are not anagrams, but they can feel like that, especially to a lawyer who does not practice in the area regularly.

To provide predictability and encourage enforceability of reasonable restrictive covenants, the Georgia General Assembly passed and Governor Perdue signed HB 173, which is codified at O.C.G.A. § 13-8-50, et seq. The statute sets forth rules for the temporal and geographic scope of restrictive covenants, as well as the types of activities that can be proscribed and the categories of employees who can be bound by such prohibitions. The goal of the statute is to create an easily understood legal regime to govern the enforcement of restrictive covenants, as opposed to the heavily populated universe of case law that supplies the current framework.

The statute’s guiding principles will not become effective unless an enabling constitutional amendment passes the Legislature and is then ratified by the voters in the November 2010 election. An amendment is required because the Legislature’s previous effort to pass a statute governing restrictive covenants – O.C.G.A. § 13-8-2.1 – was ruled unconstitutional by the Georgia Supreme Court.³ Also, the new statute will apply only to agreements executed after the statute’s provisions become effective, so the current legal rules still remain relevant, although decreasingly so over the passage of time.

Technology companies should be especially interested in HB 173. This is so because restrictive covenants are particularly important in the technology field. “Tech” companies have to be especially vigilant to protect their confidential, company-specific information because so much of their value is bound up in this information, unlike brick-and-mortar assets that dominate the balance sheets of companies in other industries. Instead, tech companies derive much of their worth from information that is, by its nature, portable. Also, because of the novelty of what tech companies often do, they are more likely to have key employees whose move to a competitor could have serious repercussions. The savvy tech company should have tailored agreements for its key employees, and HB 173 will give those companies more latitude in protecting their information and tailoring their agreements.
The statute raises three particular issues for technology companies to consider.

1. Replacement of an Outdated System

Imagine a fictional software company – Figment Programming – that employs high-level developers to create and improve upon the company’s offerings, which are designed for amusement parks. These developers can do their work anywhere in the country as long as they have a computer and an Internet connection. Figment is in a competitive field with a few primary rivals. The current Georgia rules for non-compete provisions do not provide Figment with many options. A nationwide non-compete provision is out of the question, no matter how narrowly the software company draws up the definition of proscribed activity. There is no concept of a sliding scale in Georgia law. A non-compete provision that prevents the employee from working for specific competitors is also an unlikely proposition.⁶The new statute would help Figment protect its interests. A nationwide non-compete would no longer be forbidden if the particular situation justified such a restraint. If Figment drafted a provision that covered the entire country, but was limited to the narrow field of programming software specific to amusement parks, it would have a reasonable chance of enforcing the provision. As long as Figment can show that it made a “good faith estimate of the activities, products, and services, or geographic areas” covered by the provision, then it can show that the restriction was reasonable.⁷ Figment could also replace the geographic provision with a specific ban on its programmers going to work for its primary competitors.⁸ The risk with this latter approach is that it would be ineffective against programmers starting their own companies, which is a factor in an industry with lower barriers to entry such as software programming. Finally, and most importantly, the new statute would permit courts to modify restrictions (sometimes known as “blue penciling”) to fit Figment’s legitimate interests.⁹ Thus, if Figment lists five competitors as being off-limits and a Court finds that an employee would pose a threat if he or she moved to only one or two competitors, the Court can limit the restriction accordingly.

Figment also will need to account for one other provision in HB 173 when considering non-compete provisions for its employees. The new statute states that only four categories of employees can sign non-compete provisions: (1) sales employees; (2) key employees; (3) professionals; or (4) managers.¹⁰ There is some question as to whether a high-level programmer is a “professional.” If the answer to that question is no, then a programmer will have to fall into the category of “key employee” to be eligible for an enforceable non-compete agreement.¹¹

2. New Rules for Non-disclosure Covenants

Technology companies rely heavily on non-disclosure of confidential information provisions because, comparatively speaking, their value often is bound up in proprietary information, including customer data and information. Under current Georgia law, there are two traps for employers who rely on non-disclosure covenants as the sole means to protect this information. The first is that Georgia is one of two states to require a time limitation on non-disclosure covenants.¹² The second is that non-disclosure covenants cannot cover any information that is otherwise publicly available, even if the provision also covers truly confidential information.¹³ Because of Georgia’s strict prohibition against modification or blue-penciling of restrictive covenants,¹⁴ a mistake in drafting as to either element is fatal.
Coming back to Figment Programming, it is not quite in the situation it found itself with non-compete law where it cannot craft a sufficient restriction because of the lack of a narrow geographic zone of operations. With non-disclosure provisions, drafting a proper and enforceable provision is usually (but not always) possible. The trick is that Figment has to write its provision with Georgia law in mind or else it will lose the protections altogether. This would be a particularly dangerous issue if Figment were a national employer with standard non-disclosure agreements used throughout the country.

The new statute removes this risk as to both elements. The statute permits employers to protect their confidential information so long as the information or material remains confidential.¹⁵ As mentioned, the statute also permits courts to modify restrictive covenants to cover an employer’s legitimate interests, but nothing more. Thus, Georgia law would be closer to the law in the majority of states, helping national companies with operations in Georgia.

The new law will also lead to better results. Right now, if Figment omitted a time-limit from a non-disclosure provision, then the entire provision would be rendered unenforceable, leaving the company with no protection, other than what is afforded under the Georgia Trade Secrets Act.¹⁶ Under the new statute, a trial court will be charged with making sure that the non-disclosure provision protects Figment’s legitimate interests. Thus, instead of an all-or-nothing proposition, Figment’s oversight can be addressed and Figment can still obtain the protections intended by the agreement.

3. The New Law Aims to Balance the Interests of Employers and Employees

Under current Georgia law, it is very difficult for employers to stop their employees from moving to competitors through restrictive covenants. However, there is a second side to the coin. Georgia employers can hire employees from unsuspecting competitors who may not have properly accounted for the quirks of Georgia law when crafting agreements. In an industry like software development that often entails cross-pollination between companies, this is a relevant consideration. Thus, Figment has a greater chance under the current law of poaching employees from competitors than it would under the statute.
The new statute creates a clearer legal regime governing restrictive covenants. Employers and employees alike will have an easier time understanding the rules. They will have greater latitude to write and agree to restrictions that cover what is most important, thus providing an employer like Figment with confidence that when it exposes its programmers to cutting-edge, proprietary software concepts, that information is protected. Employers and employees will know that courts will be empowered to make enforceability determinations based on the facts of a given situation as opposed to one-size-fits-all rules, making sure that only reasonable restrictions are in place. Competitors will know that they will have a harder time poaching employees, customers and other key relationships, and confidential information from one another without serious legal consequences. This is the world that technology companies will be in if the Legislature and voters enable HB 173 in 2010, no longer wondering to themselves “what did that guy behind the glass mean when he said . . . .”

I. Continuing Legal Education.

II. The Georgia Journal of Technology Law.
The Section also provides a valuable resource to its members in the form of The Georgia Journal of Technology Law. Stephen Combs and Sandra Gardiner served as co-editors for the 2008-2009 year. The Journal is filled with informative, scholarly articles that keep Section members up-to-date on the latest developments in technology law, as well as Section activities. It is distributed in an attractive, colorful, and completely web-based format. Past editions are archived on the Section’s website.

III. New Participation by Section Members.
This year the Section renewed its goals to increase participation in the Section across Georgia and with different members of the Bar. The Section has had prior members return to participate on the Executive Committee. Current plans also include sponsoring events with law schools to mentor and provide information to prospective attorneys.

IV. New Initiatives.
In fiscal year 2008-2009, the Executive Committee of the Technology Law Section continued to look for new ways to increase benefits to Section members. The Section completed the following initiatives in 2008-2009:

• Secured nationally recognized experts from outside of Atlanta for the Technology Law Institute, making it one of the premier CLE programs of its kind in the United States
• Implemented new website features including online event registration, RSS feeds, subscribe by email, video/audio podcasts, commenting on articles, and search capabilities.
• Enhancements to the website enabled the Section to host approximately 8 hours of video from the Technology Law Institute. This presentation and future presentations of the Section will be archived and available to people across the Internet.

IV. Community Involvement.
In fiscal year 2008-2009, the Technology Law Section continued to actively support important community development efforts, through its annual financial contribution to a worthy non-profit. In October 2008, the Section donated approximately $1,000 in proceeds from the Technology Law Institute to Computers for Youth. Computers for Youth (formerly, Tech Corps Georgia) has been a long-time beneficiary of the Technology Law Section’s financial support. Computers for Youth is dedicated to increasing the availability of information technology to lower income households. In addition, the Section continued to encourage its members to volunteer pro bono legal services to non-profits with particular needs in the area of technology. The Section includes volunteer opportunities on its website. This year’s Technology Law Institute included a presentation on the “Environmental Friendly Law Firm.”

Gaines Carter
Section Chair, 2008-2009
Technology Law Section
of the State Bar of Georgia

By David J. Dempsey, JD¹

“Before I refuse to take your questions, I have an opening statement.” —President Ronald Reagan

Here is a bitter truism that those speakers who are rigidly tethered to a speech script do not want to hear: Most speakers do more to inspire, persuade, sell, and inform their listeners by confidently responding to audience questions than by anything they say during the prepared speech. I can hear the “say-it-ain’t-so” wails of anguish from the disciples who never deviate from the prepared speech. Sorry, it is time to leave the safe cocoon.

These unpredictable sessions give you an excellent opportunity to clarify and reinforce points, elaborate on issues, solidify your expertise, address misunderstandings, and perhaps persuade those who seem unpersuadable. Yes, you up the ante when you venture away from the safety of your carefully planned presentation and invite audience input, but the rewards outstrip the risks by a tremendous margin.

A question-and-answer session typically crackles with energy, often generating more interest than the prepared presentation. What accounts for its appeal? During a question-and-answer session, the speaker traipses into uncharted territory. When the questions start flying, everyone, even the drowsiest listener, snaps to attention and perches on the edge of his or her seat, especially if the exchange promises to be heated (such as when the speaker is advocating plunking a halfway house in the audience’s bucolic neighborhood).

A question-and-answer session is a tremendous opportunity—now listen, because this is important—if, and only if, you are prepared. If you are unprepared, the session can quickly become a treacherous minefield, the kind that has doomed even exceptional speakers. If you are unprepared, cower and pray when the questioning onslaught begins.

There are numerous rewards for deftly handling audience questions. Yet sometimes a speaker devotes not a single forethought to them; he just wings it: “I was just strolling through the Q & A neighborhood, and thought, “What the heck! Why not take a few questions . . . ?” That is a sure recipe for disaster. With no planning, this foolhardy speaker is often perplexed by even the most predictable questions. Staggered, he lamely mumbles an unresponsive reply, or he reaches into his handy grab bag of canned answers. If you do that, you can put one gigantic check mark in the squandered-opportunity column. And while you’re at it, let a little air out of your “expert” balloon to boot.

Ten Q & A Rules

All right, you are willing to add a little zest to your talk with questions. Now what? Unless you enjoy living on the edge—bungee jumping or skydiving—don’t enter the Q & A arena without a plan. Study these rules before you invite the first question.

1. KNOW THE TERRAIN

Do not simply cross your fingers and fervently hope that your audience will not ask the questions you are dreading. They will. In the same way that a predatory animal can smell fear, an audience has the uncanny ability to zero in with amazing accuracy on the tough questions. So you better be prepared, lest you find yourself under the heat of the spotlight, babbling and scrambling for some coherent thought.

What can you do? Start by knowing as much as possible about your audience before you speak. Anticipate their questions and plan your responses. Ask yourself the following:

• Are the questions likely to be pointed and probing or friendly and fluffy?
• Do my listeners understand the issues?
• What is the opposing position?
• What are the strengths of the opposing position?
• Am I advocating something that threatens my listeners?
• Am I dealing with emotional or inflammatory topics?
• What are the weaknesses in my position?
• Should I concede anything in my response?
• Do any listeners have a hidden agenda?
• How will I respond to provocative or irrelevant questions?
• What will I do if an audience member becomes confrontational?

Know the terrain and your vulnerabilities before you step into the Q & A arena.

2. DEVISE A PLAN

Before you speak, decide whether you will field questions during or after your speech. In your introduction or in your opening comments, clarify for your audience which approach you will take. Each has inherent advantages and disadvantages.

Accepting questions during the speech typically heightens the interest for everyone, it enables you to immediately gauge your audience’s interest and level of understanding, and it gives you an opportunity to correct misunderstandings quickly (what seems clear to you may be murky to your audience). This approach can be risky, however, if one of the questions baffles you or if it is only marginally related to your topic. In addition, the questions might divert your audience’s attention from your message. Finally, if you accept questions during the speech, your allotted time can quickly evaporate, so plan accordingly.

On the other hand, if you hold questions until you have completed your speech, you will be able to cover all of your points without interruption. Unfortunately, however, without immediate input from your audience, you limit your ability to evaluate their reaction to your message. Moreover, listeners may forget their questions or be reluctant to raise a question regarding a subject that you covered much earlier.

Either approach will work, but pick your path before you begin to speak.

3. UNDERSTAND THE QUESTION

Here is a simple rule: If you don’t understand a question, don’t guess. No one will think you are a dunce if you ask the questioner to explain or clarify the question. That is definitely preferable to taking a wild stab or answering unresponsively. If you are clueless but plunge into a response anyway, you may create confusion; irritate the questioner, who will conclude that you are being evasive or flippant; and irk the other audience members, who may think you are patronizing one of their kindred spirits in the audience. Clarify before responding.

4. THANK THE QUESTIONER

If you want to encourage questions, create a friendly, nonthreatening atmosphere. Solicit participation with an open-ended invitation for questions: “I know I covered that topic quickly. What questions do you have?” Also acknowledge and thank audience members for their participation: “Thank you for that question.”

This respectful attitude toward those who ask questions—yes, even when all you really want to do is pop the bozo in the nose—helps to build audience rapport, a worthy goal.

5. REPEAT THE QUESTION
If it is a large audience, repeat the question before responding, to ensure that everyone heard it. The listeners will appreciate your audience focus, and you will gain additional time to consider your response. If you are momentarily stumped, even a few seconds can help while your brain whirs away searching for a reasonably coherent thought.

6. ADMIT IT IF YOU DO NOT KNOW

Some speakers feel that saying “I do not know” will cause them to turn to stone. It is not merely okay to admit ignorance, it is preferable at times. Unless the question is clearly one that you should know the answer to (“Is it not true that Giovanni  ‘The Hatchet Man’ Gotti handed you a greasy duffel bag filled with fifty thousand dollars in crisp one-hundred-dollar bills?”), it’s perfectly acceptable to respond by saying, “I am sorry, but I dont know the answer. Let me see if I can find out and get back to you.”

Understand, however, that there is no substitute for thorough preparation, and if you are intentionally unresponsive (“A greasy duffel bag jammed with cash? Let me think . . . I’m not sure.”) or cagey (“That depends on what your definition of ‘is’ is.”), your audience will quickly become exasperated.

7. REMAIN COMPOSED

Stay positive and composed despite questions that are antagonistic (“Your position is just double-stupid!”), personal (“I would not expect a chauvinist pig like you to understand!”), or irrelevant (“Why, oh why, are we having tuna pot pies for lunch again?”). Do not let hostile questioners provoke an angry response from you. An emotional response is often precisely what they want to accomplish. Be firm but polite. Smile, grit your teeth, and agree to disagree. Shouting invectives may be cathartic, but it is neither helpful nor persuasive.

 8. BE BRIEF

Get to the point. Don’t ramble, filibuster, or browbeat when responding. This only annoys your listeners, creates confusion, and generates more questions. Your listeners will better understand and remember concise, focused answers. Being brief also enables you to address more questions in the time allotted. Answer succinctly, and let your listeners get on with their lives.

9. PRACTICE Q & A

Round up all of your inquisitive, annoying, and stubborn friends (don’t tell them that this combination of characteristics is why they were selected) and role-play. Practice responding to their questions. This will hone your ability to think on your feet and to formulate crisp, responsive answers. Have your inquisitors ask every conceivable type of question, because that is exactly what you can expect from your audience: compound, convoluted, and confrontational questions posed by bewildered, inarticulate, and hostile questioners.

Some of the questioners in your audience will have amazingly fertile imaginations; others will have hidden agendas; and still others will just be dunderheads. Inevitably there will be at least one who will thrill to the sound of her own voice and will welcome any opportunity to pontificate. The practice sessions will help you prepare for all of them.

10. STUDY THE VIDEOTAPES

Prepare yourself first; then dive in and analyze the videotapes of both your practice sessions and your live presentations involving Q & A. This process may be painful, but it will be profitable, I promise.

Be analytical, and ask yourself these questions: “Was I responsive, or were my answers gobbledygook?” “Did I remain composed and focused, or did I blather?” “Did I sound confident, or confused?” “Did I focus on the questioner, or did I allow my eyes to dart around?” The videotape reveals exactly what your audience will see, so study it, internalize the lessons, and improve. Deftly fielding questions is a developed skill, which you need to practice.

Venturing from your script can be a tad unnerving, but you can minimize the risks with careful planning. Handle questions adroitly, and you will distinguish yourself and gain credibility with every audience. Just don’t enter that briar patch unprepared; many speakers have done that, and they have not been heard from since.

The Technology Law Section of the State Bar of Georgia invites you to its annual luncheon meeting…“Digging the Del.icio.us Facebook Twitter: a survey of Social Networking Legal Issues.”

When:
Wednesday June 10, 2009 / 11:30am to 1:30pm
(Click here to add the details of this event to your calendar)

Speakers:
James A. Harvey, Hunton & Williams LLP
Stephen B. Combs, HowStuffWorks.com, a Discovery Communications company

Where:
Troutman Sanders LLP
52nd Floor
Atlanta, GA 30308 (Directions)

To Register:
To make a reservation for the luncheon, you can REGISTER AND PAY ONLINE . If you want to register offline, please send your name, email address, and check payable to the State Bar of Georgia to Derrick Stanley, State Bar of Georgia, 104 Marietta St. NW, Suite 100, Atlanta, GA 30303. Please register prior to June 1, 2009.

Online registration is CLOSED. Walk up registration is available but you will not be guaranteed a lunch. Please feel free to bring your own.

Registration Fees:
$25 Lunch included.

CLE:
1 CLE Hour available!

Presentation Materials:

You can download the presentation materials HERE (PDF;2MB).

“From the throes of being no-hit by Chicago Cubs, the Braves came up with the most remarkable thing — a five-run rally in the late innings, a two-out, two-run game-tying home run by Jeff Francoeur and a win. The Braves used the two runs he drove in to prolong what looked like a loss into a 12th-inning win when Chipper Jones singled in Yunel Escobar for a 6-5 Braves victory.”

The Section members had an opportunity to meet new members and catch up with old friends. Stay tuned for future events. Special thanks to Ben Young who organized this very successful event.