Podcasts

Doreen Edelman: So did you plan to be in technology and information technology, or was that just a new opportunity in the government?

Kathleen McGee: It's interesting. The thing that's always captured my interest, whether it was as an AmeriCorps VISTA or in Mayor Michael Bloomberg's office and moving forward, was policy. So policy had always captured me. You talked about giving advice, I've always thought that motivations, common sense, and best interest rationales for why a public focused decision is made, whether it's prosecution or legislation or enforcement, are really critical to understanding how things happen and why things should happen.

Kathleen McGee: And that can then provide really great advice. When I looked for my next opportunity after leaving Mayor Bloomberg's office in New York City, it so happened that there was this bureau called the Internet Bureau out of the New York Attorney General's office. And it had the potential and capacity to be a real policy vehicle. Not just for what happened online, but for what happened offline. So that's a really long way of answering the question. No, I did not have designs on being a tech lawyer. I had interest in driving and creating policy. And I still believe that today the pioneer and frontier area for policy is tech related. Which is why I'm really glad I still get to do that work here at Lowenstein.

Doreen Edelman: Oh, I know. I was in someone's home the other day and maybe I'm just not as savvy as I thought I was, but she had a European cooker. I mean, it's like, we're going to the Jetsons. You can program it with AI and it cooks everything for you. So the Internet of Things- our whole house is going to be connected, from our pool robots to our cooking machines. And I'm glad you're part of it so I can turn to you to solve my problems.

Kathleen McGee: Well, it's interesting, Doreen; those items coincide with your practice in foreign trade very nicely. My husband was just taking a bike jaunt where he had to pack his bike for his road ride. And the bike case itself has technology, IoT technology, that allows him to track where his bike is, in case the airline loses it for him. But that technology, who knows where it was made. And when you think about the manufacturing, the source, the tracking, the collection, all of that becomes a global enterprise. I mean you're raising your friend's European cooker, and I'm jealous that she has one or he has one. But you know, it's also one small gadget now that implicates a worldwide web of regulation.

Doreen Edelman: Exactly. So when you sit here in Lowenstein, in both the Tech group and the White Collar practice, how do you see them overlap? How does that work for what you do on an everyday basis?

Kathleen McGee: I think more and more we're seeing this intersection talked about at the policy level. The public and legislatures are having a really, not just in social media, but a really loud public dialogue at a cultural level, a policy level and a legal level about technology companies responsibilities writ large. I'm sure the listeners have a couple companies that leap to mind. These are cultural exchanges and very loud cultural discussions that people are having about, for example, what data ownership means, what privacy means in practice. Do governments have an obligation to provide more cybersecurity protection to industries and companies when ransomware is happening all over the place? Those sorts of issues and questions actually impact our clients whether they're small little baby seed companies or the investors who love them or a well-established company. They have to answer those questions and they have to think about how those things implicate their startup.

Kathleen McGee: That's just the reality. So our clients need to see the whole picture so that they can make a well informed decision about strategy, acquisitions, or risk mitigation. And of course, when they're facing a government investigation, that's a critical time. So I tend to be involved a lot on those efforts as well. I'd also say that we're also seeing how other entities’ risks, not just our clients’, impact our clients’ business to business relationships. So knowing what's real in terms of a threat, as opposed to what's just posturing from your potential client or a customer that you have an adversarial relationship with, is really important to our clients. And that's sort of where this intersection between white collar and tech regulatory space comes together.

Doreen Edelman: That's fascinating. I hadn't thought of that. So you're saying you can hopefully prevent litigation by taking a look at the risks and what other solutions there may be.

Kathleen McGee: That's right.

Doreen Edelman: And whether the threats are real.

Kathleen McGee: That's right. And it's not just preventing litigation. It really does end up meaning saving money. It's preserving the capital that you have so that you can use it for the things that really should matter, which is furthering the purpose of your business. Not getting caught up in a litigation that is unnecessary. And there are ways to read those signs and help clients, counsel them through those processes. But you do have to know a bit about which way the wind is blowing.

Doreen Edelman: If we have time, or we need to do another podcast where you talk about those actions that can be taken. So we both work with tech companies. How does the company know what they should care about when they're just trying to keep their business going, and there are regulations flying around everywhere. Traditionally, you think of startups and the tech companies as, well, they'll just wait until something knocks them over before they'll pay attention to it.

Kathleen McGee: It's still the case. And it's totally understandable. And you know that that's a really misleadingly simple question, because you also have these clients. I do think it can be difficult for a founder to know when they have to move from really simply having a feeling that a regulation may someday impact their company to we have to deal with this right now. And often that decision, I think, is made too late. And I think it costs the company valuable time and money, like I've mentioned, that could go somewhere else. So I tend to advise founders and funders who invest in tech companies that a really short consult with a regulatory counsel early on can help set an expectation roadmap for when a company should really start taking an active interest in regulatory issues. And again, a good counsel will give a general overview. I've done that for many an investment company who's looking at a portfolio and wants to just have a roadmap idea. And I'm sure you've done that as well.

Doreen Edelman: So you're saying it needs to be on the checklist along with set up the corporation, get the tax lawyer.

Kathleen McGee: I think it does on a very high level, and it can be a very short call. But I do think it needs to happen. The one exception that I will make for just having a high level perspective is I think a free company, every entity, whether it's government, nonprofit, or for-profit, needs to have an explicit plan on cybersecurity. That's the one set of regulations that I think no company has an out of from now on forward.

Doreen Edelman: Okay. So can you give us more detail on why cybersecurity is the exception? I mean, and I will tell our listeners that you're an exceptional person to answer this question since you were the architect of the New York State's SHIELD Act, which revised the rules on data security. So I think it may be a favorite subject of yours.

Kathleen McGee: I would say that it's a favorite subject because I care so much about how it's impacting our clients. When I was with the Bureau of Internet and Technology in the New York Attorney General's office, I saw from the perspective of a regulator that there was a real disconnect between what regulators were trying to achieve, which was a heightened, basic standard of data security for companies and entities writ large. And companies’ unwillingness to invest basic startup dollars into cybersecurity when they didn't see that it was a mandate, when they didn't have to. And, frankly, the yard stick for measuring what reasonable was and what was enough, was never really going to provide the answers that a C-suite wanted to hear about what they had to do to make it all work and get out of government's hair. I'd like to think that the SHIELD Act contributed a little bit in a positive direction to that dialogue.

Kathleen McGee: But what we see now from our client's perspective is frankly, there is no reason to not contribute some initial dollars towards data security and cyber security preparedness. And that's because whether you're looking for a future investment round, an M and A deal, or even trying to obtain cyber insurance policies, your ability to demonstrate that you've implemented some basic cyber security and data security procedures, have a risk management policy ,and have been really thinking about these issues in a way that's commensurate with what you do as an industry and as a company, are going to impact that investment, that M and A deal, and certainly your ability to even obtain basic cyber insurance at this point. So it's the one area of regulation that I can safely say every entity has to pay attention to. And you just devote the money that you can to it, but you can't ignore it anymore.

Doreen Edelman: Do you use examples with companies? I mean, can you give us any examples of a why not? What happens if you don't focus?

Kathleen McGee: Well, I'm working with the client right now who's looking to sell their company. And they're having a real difficult time with price and escrow because of a lack of data security along their portfolio line. So this is a regular occurrence for companies. It takes a lot more money for them to have to negotiate through this due diligence process than it would for them to have invested initially in some small data security measures. So it is that old adage, a stitch in time saves nine.

Kathleen McGee: If you had just invested a little at the beginning, you'd be in a much better role now. And a much better position vis a vis your buyer, your investor, whomever it is. So obviously I can't throw anyone in particular out there, but I do think that it's so incredibly important to the industry. And I would say this, I know I mentioned this at the beginning of our conversation, but government has such a critical role to play here. And I wish government would do more. I'm hoping that we'll see more engagement and more guidance and more funding from government to help companies with those basic startup needs.

Doreen Edelman: Well, it sounds like then we've got to at least do our part and get the word out that this can't be ignored by startups and founders and funders and hedge funds, et cetera. One last question. I just have to ask. So I understand, or I think I understand, that you used to drive a recycling truck and I wondered how that fit into your business plan?

Kathleen McGee: It totally didn't, much to my parents dismay. But yeah, I did. And I did for a couple years. That was part of my AmeriCorps VISTA gig. So when I was in service, I was in service to Chicago's public housing communities. And my job was to design and implement a recycling buyback program for Chicago's public housing residents. And that meant that I drove a recycling truck six days a week in all kinds of Chicago weather through those communities, buying and collecting recyclables. And I have to say it was definitely the start of my public service career, but absolutely one of the most pivotal parts of my life for sure.

Doreen Edelman: See, but that was problem solving. How are you going to get traction with that program?

Kathleen McGee: Right.

Doreen Edelman: And how does that fit in with, how do you apply the lessons from that today in what you do?

Kathleen McGee: Well, I would say first of all, it was a lot of hard work. No one, and I mean no one, wants to get up at five in the morning to drive a recycling truck when it's 45 below out. But you do it. Persistence, seeing the whole picture. And I think just really being aware of what you are seeing and being told and appreciating people's motivations. I would say that those were some of the top takeaways that still resonate for my work today as I look out for clients and think about what they're telling me and what I'm seeing in the world around them to help them navigate things.

Doreen Edelman: Well, thank you. It has been a real pleasure speaking with you Kathleen. We appreciate your hard work and your critical eye you bring to regulation matters and your representation of clients. And I love having you as a friend and a colleague, and I look forward to hearing your next hosted podcast on Regulation Matters.

Kathleen McGee: You too, Doreen. Thanks so much.

Kevin Iredell: Thank you for listening to today's episode. Please subscribe to our podcast series at lowenstein.com/podcasts, or find us on iTunes, Spotify, Pandora, Google podcasts, and SoundCloud. Lowenstein Sandler podcast series is presented by Lowenstein Sandler and cannot be copied or rebroadcast without consent. The information provided is intended for a general audience. It is not legal advice or a substitute for the advice of counsel. Prior results do not guarantee a similar outcome. The content reflects the personal views and opinions of the participants. No attorney client relationship is being created by this podcast and all rights are reserved.