On a Roll: Hot Topics for In-House Counsel

We explore several critical areas affecting businesses in our coverage of Ward and Smith’s 2024 In-House Counsel seminar.

Initially, we examine anticipated tax policy changes and securities law considerations and focus on crucial aspects of data security and insurance policies, highlighting the evolving landscape of data privacy regulations and essential business insurance considerations.

The Government Bankroll

The event began with insights from John Perry on the various tax proposals being offered by President-Elect Donald Trump. “It’s an exciting time in the tax world right now, or, at least, it’s about as exciting as taxes can get,” joked Perry.

Taxes are expected to be a top priority of the new administration. Perry is, therefore, betting that Trump will seek to extend the changes for individuals that resulted from the 2017 Tax Cuts and Jobs Act (TCJA). A few of these include lower tax rates/ tax brackets for individuals, a higher standard deduction, a higher threshold for alternative minimum tax, and a pass-through deduction for small businesses.

Many of the business exemptions have been ramping down, but the odds are that Trump will seek an extension. The bonus depreciation, which allows for an immediate deduction of certain qualified property, equipment, and machinery in the first year, will be phased out by 2027 if not extended.

Other items set to expire include expanded research and development credits and a reduction of the allowable expenses for these costs. Another change related to interest costs could be modified after Trump takes office to potentially increase interest-based deductions for businesses.

In a plot twist that will surprise those who follow DC politics, there appears to be bipartisan support for extending some business tax provisions. A potential change for 2025 could be a reduction of the corporate tax rate for domestic manufacturing from 21 percent to 15 percent.

Trump will likely seek to restore the entire state and local tax (SALT) deduction, removing the current cap of $10,000. “So, for all you millennials, that’s no cap (lie),” laughed Perry.

Exemptions for tip income, overtime pay, and Social Security benefits have also been proposed. Making car loan interest deductible and providing a family tax credit for caregivers are other proposals, though many wonder how the budget could accommodate these exemptions.

“The estimate just for extending the expiring provisions is $4.6 trillion. With the additional cuts, the estimates spiral to around $10 trillion over 10 years,” noted Perry. “On the other hand, if the cuts are allowed to expire, it could be a potential hit to individuals, small businesses, and households of around $4.6 trillion over 10 years.”

A few strategies being touted as possible solutions include reducing green energy credits and IRS funding, combined with increasing tariffs and economic growth.

The Action on Securities Laws

B.T. Atkinson, a corporate securities attorney who practices regulatory matters on financial services, discussed the finer points of offering company stock. “Death and taxes may be the only guarantee in life,” said Atkinson. “But in the business world, the need to raise capital is also a sure thing, regardless of economic conditions.”

Investors must be provided with a suite of disclosures, which are published in a company prospectus. These can be expensive to create and often total over 300 pages.

“I am happy to help with that, but most companies want to avoid it. The good news is there is often an exemption for whatever security you’re offering,” noted Atkinson.

The disclosures in the prospectus will be familiar to anyone who has purchased a mutual fund.“It’s really just an insurance policy, so the people buying your securities understand the risks, and it’s properly documented,” commented Atkinson.

Financial statements, representations and warranties, and statements of risks are a few documents that must be included. “You want to mention the company is highly dependent on key executives and that, if they get hit by a train, bad things could also happen to the business,” said Atkinson.

Atkinson frequently relies on the private placement exemption to avoid developing a prospectus. “This essentially means that you haven’t tried to sell these securities publicly, only to people you know or have a pre-existing business relationship with,” Atkinson added.

Adequate documentation is the safest pathway to raising capital. “Beware the individual that wants a commission for selling your securities. Unless they are a registered broker-dealer, you cannot pay them without exposing the company to risk,” Atkinson explained.

Leaders wishing to provide employees with a chance to invest in the company should know there needs to be an adequate paper trail outlining their investment risks. “There are some favorable exemptions in the employee stock purchase plans we help businesses create,” Atkinson noted.

The SEC is ongoingly focused on environmental, Social, and Governance (ESG), diversity in the boardroom, executive perks, and related party disclosures. Accuracy is essential in messaging, and to shed light on what can go wrong, Atkinson mentioned a coffee company that specializes in single servings.

The company publicized how its cups are completely recyclable. Then, a few recycling companies said the cups were not recyclable in the format they required. This inaccuracy subjected the company to an SEC enforcement action, reputational damage, and a decline in stock price.

Fringe benefits for executives and related-party employees must be disclosed. Atkinson noted that this information is usually gathered through questionnaires. These questionnaires should be reviewed for omissions and mistakes because inaccuracies can result in SEC enforcement actions.

Data Security, Provisions, and Contracts

Mayukh Sircar, CIPP/US, a cybersecurity, data privacy, and technology attorney, mentioned there are 19 states with different laws related to data privacy. “Many of these laws overlap, so it can be complicated to bring everything together in an agreement,” he said.

“A good way to start is to form the base of an agreement with the overlapping requirements and then pop in some of the irregularities,” noted Sircar. The fact that states have varying definitions of sensitive personal information adds to the challenge. 

“To make it more accessible, I take an intuitive approach. For example, you might not care about getting exposed to some data because it’s already out there. But if it was information about your kids, medical history, or passport number, you might be very angry about it,” said Sircar.

This is the essence of sensitive personal information. Most people want it protected, so safeguards must exist. Companies working with vendors processing sensitive personal information should review existing safeguards, require notification for changes, and retain auditing rights for new safeguards.

Agreements should also cover notifications related to changes with subprocessors, and companies should maintain termination rights. All states, except California, require the user to opt into the processing of sensitive personal information.

A data law that may set a precedent is the Washington My Health My Data Act, which limits how companies can use sensitive personal information to infer health conditions. For example, the purchase of low-sodium foods could be used to infer that a shopper has high blood pressure.

Geofencing is another evolving issue. “This states you cannot identify or message consumers within 2,000 feet of a physical location providing healthcare,” Sircar explained.

The processing of cookies does not refer to the amount of butter used in the preparation. Instead, a cookie is a small bit of code websites use to monitor user preferences and data.

There are two flavors of cookies: first-person cookies and third-person cookies. An example of a first-person cookie is when Amazon remembers what a user placed in their shopping cart. A third-person cookie is an ad that appears on a different website for a recently viewed item.

Similarly, IP addresses are now considered personal information. Since the IP address travels with the user and can be used to gather information about shopping interests and preferences, data privacy laws apply.

“Cookie banners are important because they disclose what personal information is being used for and whether the user wants to accept or prohibit its use,” added Sircar.

The proper use of cookie banners has significant implications. “It’s important to understand when your cookies fire. If they fire as soon as a person lands on the website, the cookie banner is garbage because the data has already been gathered,” noted Sircar.

Plaintiff attorneys are exercising their creativity by using wiretap laws from 1968 to litigate undisclosed cookies, especially third-party cookies. The argument is that third-party cookies allow for eavesdropping on communications between the user and the website.

Sircar and his team help businesses review representations and warranties within agreements to ensure appropriate safeguards. Other service areas include reviewing privacy notice disclosures and maintaining compliance with data privacy laws.

Enforcement actions and penalties can quickly spiral. “Under the California Consumer Privacy Act, it would be $2,500 per violation if unintentional and $7,500 per violation if intentional, per user,” Sircar commented. “In a fairly common scenario, it could easily result in six violations per user. For 10,000 users, that’s 60,000 violations, so even if it’s unintentional, the fines could total up to $150 million.”  

Considering that it would exceed the liability cap for most cyber-insurance policies, collecting user information can be a cookie monster with vast implications for many organizations, concluded Sircar.

Insurance Counseling and Recovery

Allen Trask, who co-leads the firm’s Insurance Counseling and Recovery practice with Amy H. Wooten, which reviews, audits, interprets, and litigates disputes over insurance policies for business clients, gave a broad overview of the relationship between an insurance carrier and its insureds, and he spoke to how insureds can leverage that understanding to optimize the relationship.

He focused on how the nature of the insurance business drives customer apathy, which can lead to otherwise avoidable issues and missed opportunities.  He noted that neither insurance carriers nor insurance agents, who sell the policies directly for the carriers, have a fiduciary relationship with their customers.

Insurance policies are often presented as an "off the shelf" product, which makes the policies easier to sell. Customers often miss the opportunity to negotiate custom coverage which might do a better job of furthering their business goals than simply buying a standard policy. Further, while many agents proactively review their clients’ policies to ensure alignment with the business’s needs, the structure of the industry incentivizes insurance agents to make the initial sale of a pre-packaged policy and then set it to auto-renew each year.

Life moves pretty fast, and those who don’t stop to review their policies can end up paying more. “It is routine for many of us to buy a policy and let it auto-renew…to barely give it a glance each year…but that’s a real problem,” said Trask. “Business operations are dynamic, strategic focus areas can rapidly shift, and the value of assets can fluctuate significantly.”

In-house counsel often find themselves acting as de facto coverage attorneys and insurance managers. The implications can be profound for in-house attorneys dealing with five to ten policies. Since it can be challenging to keep pace with the nuances of each policy, Trask advises including clear requests for specific coverage to the agent, asking for written explanations, and regular updates.

Dealing with claims, especially those involving litigation, present a whole new host of issues for the in-house attorney to manage. Of course, there are better times to understand the specific duties owed by the carrier to the insured as contained in a policy than waiting until a lawsuit is filed. The most important duties are the duty to defend and the duty to indemnify.

Duty to defend – pay for attorneys to manage defense

Duty of indemnity – pay a judgment against the company

Most people think about the duty to indemnify, whether a carrier will pay for a judgment or a fixed amount of liability when things are settled. “For the few cases that get there, the carriers are going to fight you with every tool they have,” Trask explained. But in reality, the duty to defend is often the more pressing and important obligation.

The duty to defend is a separate obligation, and the expenses paid to defend the insured can erode the overall coverage amount depending on the policy type. Further, policies may only cover a certain number of people, and employees at differing levels of an organization may need separate counsel.

In many cases, the carrier has discretion over settling claims and can even leverage parts of the policy to make the insured settle a claim. “It is more of a softly adversarial relationship than people think,” said Trask.

This article is part of a series highlighting insights from our 2024 In-House Counsel Seminar. More insights are below.

• The House Advantage: Wisdom from In-House Counsel
• Upping the Ante: New Rules and Regulations in Play for In-House Counsel
• The DEI Stalemate: Paying the Price for the Wrong Move Part 1 and Part 2

--
© 2025 Ward and Smith, P.A.

This article is not intended to give, and should not be relied upon for, legal advice in any particular circumstance or fact situation. No action should be taken in reliance upon the information contained in this article without obtaining the advice of an attorney.

We are your established legal network with offices in Asheville, Greenville, New Bern, Raleigh, and Wilmington, NC.