Product Liability: An Update from the PLC
Who Tells Your Story: Highlighting the Fallacies in a Plaintiff’s Product Identification
By Vincent J. Palmiotto, Esq.
Introduction and Background
As asbestos litigation enters its sixth decade (the first asbestos lawsuit was filed in 1966), there is an ever-increasing number of lawsuits across jurisdictions brought by individuals claiming that exposure to asbestos from various defendants’ products in the last few decades alone—so-called “late-exposure cases”—caused them or their family members to develop an asbestos-related disease. Regardless of the jurisdiction, a defendant in a late-exposure case must make every effort to quickly and accurately educate the jury at trial about the landscape of federal, state, and local asbestos-specific laws and regulations in place before and during the claimed exposure period; indeed, the jury’s understanding of these laws and regulations is often vital to a defendant’s ability to defeat (or at least to cast doubt on) a plaintiff’s product identification in a late-exposure case.
For example, at the federal-level, OSHA in the early 1970s required employers to take certain measures to protect their employees from asbestos-related dangers. Also, at the state and local level, similar laws and regulations were put in place. Despite these laws and regulations being in place, plaintiffs continue to suggest to the jury in late-exposure cases that defendants always should have and could have done more. Plaintiffs further would have the jury believe that their Plaintiffs had no information pertaining the hazards of asbestos in the 1990’s or even the 2000’s. The reality is, however, that the history tells a much different story: Indeed, the United States still has not banned asbestos use. See Mesothelioma/Asbestos Update—The Ban Asbestos in America Act of 2003, The Ban Asbestos in America Act of 2003, S. 115, May 22, 2003, http://www.mesothel.com/pages/murray_bill.pag.html. (Page no longer available.) Defendants can highlight these asbestos-related mandates, not only to counter these narratives, but also to provide the jurors with a more polished understanding of the relevant facts, science, and law – all critical to a defendant’s success at trial.
Examples of Federal, State and Local Level Asbestos Laws and Regulations
Federal-Level Laws and Regulations
Before 1970, government and industry standards permitted the use of asbestos at emission levels that were orders of magnitude greater than what would be permitted today. The threshold limit value ("TLV") is a definition used by the American Conference of Industrial Hygienists ("ACIH"), an organization comprised of governmental and educational Industrial Hygienists that has been around since the 1930's. In or around 1946, ACIH established its first TLV for asbestos exposure, which was five million particles per cubic foot (approximately 30 f/cc).
Five million particles per cubic foot remained the accepted standard by state and federal agencies, trade journals, and the ACIH until OSHA was passed in 1970. Standard for Exposure to Asbestos Dust, Fed. Reg. 36,234 (Dec. 7, 1971) (to be codified at 29 C.F.R. pt. 1518). When the William Steiger Occupational Health and Safety Act passed in 1970, OSHA adopted a Permissible Exposure Limit ("PEL") for exposure to asbestos. See id. The PEL adopted by OSHA was 12 f/cc or 2 million particles per cubic foot. See id. This was the PEL until 1971. In 1971, the PEL became 5 fibers/cc or .83 million particles per cubic foot and that lasted until about 1976. Standard for Exposure to Asbestos Dust, Fed. Ref. 37,110 (June 7, 1972) (to be codified at 29 C.F.R. pt. 1910).
In 1972, OSHA's standard for exposure to asbestos dust was published in the Federal Register. In the explanation for this standard, OSHA stated the following:
No one has disputed that exposure to asbestos of high enough intensity and long enough duration is casually related to asbestosis and cancer. The dispute is as to the determination of a specific level below which exposure is safe. Various studies attempting to establish quantitative relations between specific levels of exposure to asbestos fibers and the appearance of adverse biological manifestations, such as asbestosis, lung cancers, and mesothelioma, have given rise to controversy as to the validity of the measuring techniques used and the reliability of the relations attempted to be established. Because of the long lapse in time between onset of exposure and biological manifestations, we have now evidence of the consequences of exposure, but we do not have, in general accurate measure of the levels of exposure occurring 20 or 30 years ago, which have given rise to these consequences…It is fair to say that the controversy has centered in the area between a two-fiber TWA [time-weighted average] concentration and a five-fiber TWA concentration, with variations on the time needed for compliance.
This excerpt shows that although there was a recognition in 1972 that asbestos could potentially pose a health hazard at certain levels, there was not a consensus as to a specific level below which exposure was safe, and a debate occurred on whether the standard should be 2 f/cc or 5 f/cc for a time-weighted average. See id. Thereafter, from July 1976 to 1986, the PEL under OSHA standard was set at 2 f/cc. 29 C.F.R. §§ 1990 - 1919 (1976). The PEL was then reduced to .2 f/cc in 1986 through 1994. 29 C.F.R. §1910.1101 (1986). Finally, in 1994, it was revised to .1 f/cc. 29 C.F.R. §§ 1910.1001, 1915.1001, 1926.58 (1994).
OSHA wasn’t the only federal entity implementing regulations relating to asbestos. In 1986, Congress added asbestos to its list of regulated substances. See Understanding the Toxic Substances Control Act, http://www.lehigh.edu/~kaf3.envt.html (Page no longer available) (giving history of asbestos within TSCA). And, in 1989, the Environmental Protection Agency (EPA) finalized regulations to ban the manufacturing, importing, processing, and selling of almost all products containing asbestos. See Schneider & Smith. In fact, the EPA intended for these regulations to entirely phase out asbestos in consumer products by 1997. See Ban Asbestos in American Act, S. 2641, 108th Cong. § 2(4) (2003).
State- and Local-Level Laws and Regulations
At the state and local levels, laws and regulations have been implemented across jurisdictions throughout the years that place restrictions on asbestos use. A brief highlight of some of the laws and regulations pertaining to the use of asbestos in California and New York is included below:
In California there are statutes in place regarding: the use of asbestos in construction (8 Cal. Code Regs. §1529); the use of asbestos in general industry (8 Cal. Code Regs. §5208); the use of asbestos in shipyards (8 Cal. Code Regs. §8358); and the certification of asbestos consultants and site surveillance technicians (8 Cal. Code Regs. §1529). These statutes have been in place for several decades and regulate asbestos exposure for workers throughout the state of California.
As to state-level regulations in California, CAL/OSHA also has regulations in place requiring registration for contractors and employers removing asbestos-containing materials; certification for consultants and technicians conducting asbestos sampling or planning; and approval for asbestos training programs. State of California Department of Industrial Relations, Asbestos and Carcinogen Unit (updated July 2020), https://www.dir.ca.gov/dosh/asbestos.html.
In New York, there are state-level regulations, that were been enacted by the New York State Department of Environmental Conservation pertaining to: training workers in the asbestos abatement industry (10 NYCRR Part 73); handling asbestos material that may result in release of asbestos fiber (12 NYCRR Part 56); disposing of asbestos (6 NYCRR Part 360); and transporting of asbestos (6 NYCRR Part 364).
There are also regulations enacted by the New York City Department of Environmental Protection that apply to asbestos abatement activities occurring within the City of New York. These regulations apply to both owners of buildings where asbestos abatement activities are occurring, and contractors engaged in the asbestos abatement activities and were originally enacted in the late 1980s. Environmental Protection Agency, Asbestos Control Program Scope and Application, Vol. CXIV No. 33970 The City Record 1055, 1056 (1987).
Using These Laws and Regulations to Defendants' Benefit at Trial
Beginning in the early 1970s, we see a very clear shift in the legal landscape when it comes to the permissible use of asbestos. This, however, seems entirely absent from plaintiffs’ presentation of evidence before the jury at trial in asbestos litigation cases. Instead, plaintiffs devote a great deal of time and effort to suggesting to the jury that defendants’ conduct—typically from decades prior to the alleged exposure—renders it legally responsible for plaintiffs’ claimed injuries. That, however, is difficult to square with the myriad laws put in place beginning in the early 1970s relating to asbestos. These laws not only highlighted the dangers of asbestos exposure but also actively took measures to limit and mitigate potential exposures. And these laws, in turn, give rise to more questions than they do answers: Why, for example, may an employer permit an employee to remove asbestos-containing material without providing the employee personal protective equipment? Or why may an employer permit an employee to simply throw out asbestos-containing material without providing the employee proper storage?
Further, Plaintiff’s counsel argues that the materials the Plaintiff allegedly was exposed to in the 1980’s, 1990’s and even into the 2000’s were asbestos containing. These laws in place at both the federal and local level may very well support the argument that the materials the Plaintiff assumed to be asbestos-containing – likely were not.
In conclusion, if defendants can demonstrate to the jury that there were federal, state and local regulations in place pertaining to the use, handling, and removal of asbestos many years before and during a plaintiff’s claimed exposure period, then defendants will put themselves in a far stronger position before the jury. This will allow Defendants to set forth the following themes: 1) Plaintiff cannot prove she/he was exposed to an asbestos-containing product; 2) If the materials were asbestos-containing, based on the laws in place such exposures would have been de minimis; and 3) If the Plaintiff was exposed, then the Plaintiff/Plaintiff’s employer did not follow those rule and regulations enacted to protect individuals from over-exposure.
Vincent J. Palmiotto, Esq., of Clyde & Co US LLP has been a litigator and trial attorney for over twenty years. He focuses his practice on the defense of complex product liability matters, toxic-tort, and personal-injury litigation. He has extensive litigation experience, including significant first-chair trial experience in numerous jurisdictions. He has handled cases at both the local level and national level for various product manufacturers, which includes experience as national coordinating counsel for numerous entities.
Interested in joining the Product Liability Committee? Click here for more information.
Print this section
Print the newsletter
Diversity and Inclusion: Diversity Insider
The Shifting Landscape of Non-Compete and Non-Solicitation Agreements
By Kennard Davis and Dillon Williams
The landscape is changing in the realm of restrictive covenants such as non-compete and non-solicitation agreements. Several new laws limit the use and scope of restrictive covenants, one of which was recently enacted in Washington, D.C. Employers will now have to navigate these additional obstacles in its practices.
Courts scrutinize restrictive covenants
For many years, some courts have scrutinized non-compete agreements by calling into question the viability of such agreements, finding them unenforceable as overbroad, vague, or otherwise invalid. This disfavored treatment of non-competes is growing among the courts and is also creating a negative effect on the protection of trade secrets. This is especially significant considering the legal standard for protecting work secrets is also evolving as more employees are increasingly working remotely.
Limiting restrictive covenants
In addition to this judicial trend, it is also a recent legislative priority to limit or ban the use of restrictive covenants. In 2021, President Biden signed an executive order encouraging the Federal Trade Commission (FTC) to employ its statutory rulemaking authority "to curtail the unfair use of non-compete clauses and other clauses or agreements that may unfairly limit worker mobility." As a result, the FTC, and the Department of Justice (DOJ) Anti-trust Division recently partnered with the National Labor Relations Board to address key issues such as the regulation of non-competes. The DOJ and other federal anti-trust agencies are increasingly paying attention to employer-employee non-compete agreements to determine whether the agreements are enforceable.
In the year since President Biden signed the executive order, numerous states have enacted or amended statutes limiting or banning non-compete agreements. For example, Washington, D.C. recently changed its non-compete laws for all employers with D.C. employees. D.C. Law 23-209. Ban on Non-Compete Agreements Amendment Act of 2020. Effective on October 1, 2022, the newly amended law bans non-compete agreements for employees below a certain financial threshold, permitting only non-compete agreements for “highly compensated employees.” Id. It allows employers to bar their employees from disclosing, using, selling, or accessing the employer's confidential and proprietary information during or after employment.
A couple of months before the new D.C. law went into effect, U.S. Representative Mike Garcia introduced a bill titled the Restoring Workers' Rights Act (RWRA), which, if codified, will amend the Fair Labor Standards Act (FLSA) to ban non-compete agreements nationwide for employees considered non-exempt under the FLSA. The act seeks to prohibit employers from restricting employees from:
1. Doing any work for another employer for a specified period of time;
2. Performing any work in a specified geographical area; or
3. Doing any work for another employer that is similar to the work performed by the employee for that employer.
This legislation, if passed, will effectively create a federal ban on non-compete agreements for a substantial portion of the workforce.
Tips for employers
Consider the following best practices when drafting non-compete and non-solicitation agreements, particularly as employers review those that apply to remote workers:
1. Keep the restrictions reasonable and narrow;
a. Limit the scope of the restrictions;
b. Limit the geographical scope of the restrictions; and
c. Limit the duration of the restrictions.
2. Be aware of the current applicable law of the state where your employee will reside while working for the company;
a. There is a likelihood if the non-compete agreement includes a forum selection clause or choice of law provision that provides another state’s law governs any disputes related to the agreement, the presiding state’s public policy may render the agreement void and unenforceable.
3. Include specific provision(s) solely aimed at protecting the company’s confidential information and trade secrets.
a. Consider including the following federal laws in specific provisions of the agreement to assist in protecting the company’s confidential information and trade secrets: 1) the Defend Trade Secrets Act (18 U.S.C. § 1836); 2) the Computer Fraud and Abuse Act (18 U.S.C. § 1030); and 3) the Stored Communications Act (18 U.S.C. § 2701).
Considering the change in the landscape of restrictive covenants, employers should be proactive and speak to an attorney before disseminating the company’s current non-compete and non- solicitation agreement. Using such agreements will be more challenging than ever, as companies must consider changing, or additional, federal and state-specific regulations, along with the fact that their employees are increasingly working remotely. These changes in the legal landscape of non-compete and non-solicitation agreements could render a company’s current agreement unenforceable. Therefore, employers must now apply new, additional best practices to effectively manage their growing remote workforce and protect their business.
Kennard Davis is an associate in Baker Donelson’s New Orleans office. He assists clients in a wide variety of litigation and regulatory matters, including commercial litigation, environmental and energy law, and arbitration. Kennard is currently the Chair of DRI’s Diversity and Inclusion Membership Committee.
Dillon Williams is an associate attorney in the Kansas City office of Rasmussen Dickey Moore (“RDM”). He practices primarily in the areas of products liability, toxic torts, and premises liability. Prior to joining RDM, Dillon worked as a clerk at a consumer protection firm in Kansas City, Missouri. During law school, he was an intern with the Johnson County District Attorney’s Office, prosecuting criminal defendants on behalf of the State of Kansas. Dillon also successfully competed on the Mock Trial team and was recognized as the Top Advocate for the Final Round of the KU Mock Trial Tournament. Dillon is a member of DRI (Defense Research Institute) and a member of the Diversity and Inclusion Committee, Membership Subcommittee.
Interested in joining the Diversity and Inclusion Committee? Click here for more information.
Cybersecurity and Data Privacy: Data and Security Dispatch
Will the Crypto Crash Trash the Ransomware Racket?
By Brent Arnold
Cryptocurrency is the coin of the realm for cybercrime. What happens when crypto becomes too risky for even criminals? And what does this all mean for defense counsel?
To answer this, it may be useful to begin with a primer on ransomware and ransomware attacks.
Ransomware by the numbers
For some time now, ransomware attacks have been the most pernicious and potentially disruptive form of cyber threat to Western business and government. Global attacks spiked during the COVID-19 pandemic from 188 million attacks worldwide to 305 million in 2020 and 623 million in 2021; by the middle of 2022, the world had seen 236 million attacks (statista.com). Put differently, attacks are up 232% since 2019 (panaseer, 2022). Even more alarmingly:
• 78% of organizations admitted to experiencing ransomware attacks in 2021 (Proofpoint, 2022);
• 68% of organizations admitted to being actually infected by such attacks in 2021 (Proofpoint, 2022);
• Of those 68%, two thirds of the organizations experienced three separate infections each, and 15% experienced more than ten separate infections (Proofpoint, 2022);
• Not unlike COVID-19, ransomware has spawned numerous variants, producing 130 different strains since 2020 (VirusTotal, 2021).
The cost of ransomware attacks has spiraled as well, with the average ransom payment increasing from $312,000 to $570,000 by 2021 (Mimecast, 2021), and the total cost of breaches (including ransom payment, mitigation costs, lost revenue, increased insurance premiums and reputational damage) averaging $4.6 million. Several “mega-breaches” cost up to 100 times that amount (Mimecast, 2021).
How does it work, and where does crypto come in?
Traditional ransomware attacks were simple:
1. A virus was introduced into an organization’s computing environment;
2. The virus encrypted the organization’s data, making it impossible to access without help from the attacker.
3. A digital ransom note would pop up, demanding the organization pay a ransom in exchange for the digital decryption “keys” to allow the organization to decrypt and thus regain access to its data. The organization would pay, or not; if it didn’t, it simply lost access to the data.
In the last several years, ransomware attacks have become far more complex and damaging. Nowadays, a typical attack looks more like this:
1. A virus enters the organization’s computing environment;
2. This access gives the attackers the ability to move around in that environment, learning about the organization, its business and profitability, its unpatented intellectual property and trade secrets, the scope and quantum of its cyber insurance coverage (if any), and what personal information it collects and stores about its customers / clients and employees;
3. The attacker takes days, weeks, sometimes months to study its prey undetected. When it’s ready, the attacker copies and downloads (“exfiltrates”) large swathes of the data described above, and encrypts as much data as it can access.
4. A digital ransom note pops up, demanding the organization pay a ransom in exchange for the digital decryption “keys” to allow the organization to decrypt and thus regain access to its data.
5. The attacker also threatens, if not paid, to:
a. Sell the stolen data on the dark web to the highest bidder;
b. Dump the data, either on the dark web, or on publicly shaming sites on the regular internet;
c. Contact reporters, and / or inform the organization’s customers / clients, employees, or anyone else who’s sensitive personal data the attacker has in its hands that the organization hasn’t paid.
All this to say that ransomware has become more sophisticated in both the technical and tactical sense, with increasingly creative psychological approaches coming to bear to incent payment.
Payment, when it is made by an organization, takes the form of cryptocurrency—typically, but not exclusively, Bitcoin or Moneris. Cryptocurrency has the advantage of being extremely difficult, though not impossible, to trace back to an individual. Payments flow through the blockchain in a manner that, as with all blockchain transactions, can be traced by anyone, using publicly available websites. However, transactions while trackable are also anonymous; you may be able to trace the ransomware payment to the threat actor’s wallet, but that won’t tell you who owns the wallet, or where they are in the physical world. And while ransomware gangs are generally upfront in taking credit for attacks—they devote considerable energy to branding, so that victims take them seriously, and trust them to keep promises and carry out threats—they aren’t corporations with head offices; unlike the gangsters of old, their members aren’t public, targetable figures.
Why does this matter to defense counsel?
Defense counsel may find themselves in the picture in several ways.
They may act as data breach coaches, who:
• Advise clients on how to manage a ransomware attack in process;
• Retain and instruct the experts (including data forensics and recovery experts, crisis communications experts, and ransomware negotiators and ransom payment brokers) as the crisis unfolds;
• Advise and assist in compliance with statutory notice and reporting obligations under various privacy laws, and
• Put the client in the best position possible to defend ensuing civil litigation or regulatory scrutiny.
Counsel may instead find themselves defending civil actions against their clients by companies or persons affected by the breach. These actions may range from claims by customers or vendors affected by the interruption in the attack victim’s business (which can have ripple effects throughout the supply chain) to class actions by large groups of individuals whose personal data was exposed, leaving them victim to identify fraud and other risks, as well as the embarrassment of having their privacy breached.
Counsel may have to represent clients in regulatory proceedings that may follow from a ransomware attack, as their clients face scrutiny for breaches of statutory notice and reporting obligations, or statutory obligations to protect the personal information about individuals that the client has collected and stored.
In the worst-case scenario (depending on how a given client defines “worst”), counsel may have to defend clients for inadvertently (or intentionally) violating laws against money laundering or the financing of terrorist activities. In the United States, Canada and many other jurisdictions, it is illegal to make payments to individuals or organizations located in sanctioned countries (such as Iran). This, in part, is why reliable and current intelligence about threat actors is crucial in advising clients on the “pay / no-pay” decision: if it becomes apparent that the threat actor is operating out of a sanctioned state, paying the ransom would be a crime.
Is the cratering of crypto in 2022 affecting the ransomware ecosystem?
2022 has seen the greatest volatility in the cryptocurrency market since its inception. In May, the Terra algorithmic stablecoin (a cryptocurrency ostensibly pegged to the value of the U.S. dollar, but backed by no actual USD reserves, and dependent on automated arbitrage involving another cryptocurrency called Luna to maintain parity) became unmoored from its 1:1 value ratio to the U.S. dollar. This led to a devaluation triggering panic in the marketplace, resulting in massive liquidation of crypto holdings by investors, the ultimate result of which was the drop in value of Bitcoin (the dominant cryptocurrency from $68,000 USD in May to just $20,000 USD in June. As the markets were wobbling toward recovery, the crypto lending firm Celsius entered Chapter 11 bankruptcy proceedings in the U.S., further destabilizing the crypto ecosystem.
The effect of all of this on ransomware gangs and their tactics has been a matter of some debate. Theoretically, it should make their business model at least less convenient than it has been to date.
The overall effect of volatility in the cryptocurrency market is the same for cybercriminals paid in crypto as it is for regular crypto investors: if they leave their holdings in crypto wallets or exchanges instead of cashing them out immediately as fiat currency, their holdings may drop in value to nothing overnight when a massive market upheaval takes place. Also, when crypto markets crash, cryptocurrency exchange platforms often lock down, preventing runs on the digital bank. Cybercriminals thus need to cash out regularly quickly to minimize risk of exposure to a downturn in value. But, cashing out for criminals can be more difficult than for regular investors, as reputable exchanges tend to cooperate with law enforcement in blocking transactions involving suspected ill-gotten funds. By the time of the Terra / Luna implosion, dozens of dark web exchanges, where criminals could cash out crypto, had already shuttered.
The theory that the collapse of crypto markets has impacted the actions of ransomware gangs finds some support in the 23% drop in ransomware attacks from January to June 2022, with some experts seeing a seeming correlation between this drop and the decline in cryptocurrency markets (Kim, Axios, 2022). However, that decline correlates with other possible factors, including the shift in focus of the more patriotic among Russian cybercriminals to conducting cyberattacks on Ukraine (Kim, Axios, 2022), and intensified international law enforcement efforts that may be deterring attacks somewhat (Pimentel, Protocol, 2022).
Some security professionals take the view that the devaluation of cryptocurrency has simply accelerated an already-in-progress shift by many cybercriminals away from ransomware and toward phishing scams, business email compromises, and other forms of attack that result in the simple theft of fiat currency without relying on crypto as a volatile intermediary (Fowler, CNET, 2022).
The FTX Epilogue
The last two months has seen the implosion of cryptocurrency markets following the collapse of FTX, one of the largest cryptocurrency exchanges. Unlike the Terra / Luna-led collapse, this one took place over a matter of days and saw the price of Bitcoin drop to $15,485 USD in November (its lowest in two years: Jagtiani, Bloomberg, 2022), following revelations of irregularities on the books of its sister crypto trading firm) and a $5 billion run on the digital bank that saw $40 billion in value on the exchange evaporate almost overnight.
In the confusion and extraordinary events that have followed, virtually nothing has been said about the effect of this collapse on the cybercrime ecosystem (except, ironically, in connection with the apparent mid-collapse cyberattack on FTX that further drained its coffers). One assumes that the resulting market volatility, to the extent such volatility pushes cybercriminals away from ransomware and into more conventional forms of attack, will continue to do so. It would certainly be satisfying to hear that the further collapse of crypto markets has hurt threat actors as much as it has regular investors.
As for defense counsel, a cyber threatscape in which ransomware recedes into the background in favor of more direct cybercrimes will greatly reduce counsel’s role as crisis manager during attacks in progress and lessen the extent to which counsel and clients need agonize over whether to pay ransoms and what the fallout of payment might be. Counsel will find themselves more often in their accustomed role of defending clients in the civil and regulatory proceedings that follow attacks.
Brent J. Arnold is a partner practicing in the Toronto office of Gowling WLG’s Advocacy department, specializing in commercial litigation, Web3 technology disputes, data breach coaching and response, and data breach class action defense. He leads the Firm’s Technology Litigation Sub-Group. Brent is the Chair of the Cybersecurity and Data Privacy section of the U.S.-based Defense Research Institute (DRI), as well Chair of the Ontario Bar Association’s Privacy and Access to Information Law Committee. He is a Director of the Canadian chapter of the Internet Society, a global organization devoted to improving the affordability, accessibility, fairness and security of the internet.
Interested in joining Cybersecurity and Data Privacy Committee? Click here for more information.