[Federal Register Volume 87, Number 222 (Friday, November 18, 2022)]
[Notices]
[Pages 69331-69338]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-25108]


-----------------------------------------------------------------------

INTERNATIONAL TRADE COMMISSION


Summary of Commission Practice Relating to Administrative 
Protective Orders

AGENCY: International Trade Commission.

ACTION: Summary of commission practice relating to administrative 
protective orders.

-----------------------------------------------------------------------

SUMMARY: Since February 1991, the U.S. International Trade Commission 
(``Commission'') has published in the Federal Register reports on the 
status of its practice with respect to breaches of

[[Page 69332]]

its administrative protective orders (``APOs'') under the Tariff Act of 
1930 in response to a direction contained in the Conference Report to 
the Customs and Trade Act of 1990. Over time, the Commission has added 
to its report discussions of APO breaches in Commission proceedings 
other than under title VII and violations of the Commission's rules, 
including the rule on bracketing business proprietary information (the 
``24-hour rule''). This notice provides a summary of APO breach 
investigations completed during fiscal year 2022. This summary 
addresses APO breach investigations related to proceedings under both 
title VII and section 337 of the Tariff Act of 1930. The Commission 
intends for this summary to inform representatives of parties to 
Commission proceedings of the specific types of APO breaches before the 
Commission and the corresponding types of actions that the Commission 
has taken.

FOR FURTHER INFORMATION CONTACT: Caitlin Stephens, Office of the 
General Counsel, U.S. International Trade Commission, telephone (202) 
205-2076. Hearing-impaired individuals may obtain information on this 
matter by contacting the Commission's TDD terminal at (202) 205-1810. 
General information concerning the Commission is available on its 
website at https://www.usitc.gov.

SUPPLEMENTARY INFORMATION: Statutory authorities for Commission 
investigations provide for the release of business proprietary 
information (``BPI'') or confidential business information (``CBI'') to 
certain authorized representatives in accordance with requirements set 
forth in the Commission's Rules of Practice and Procedure. Such 
statutory and regulatory authorities include: 19 U.S.C. 1677f; 19 CFR 
207.7; 19 U.S.C. 1337(n); 19 CFR 210.5, 210.34; 19 U.S.C. 2252(i); 19 
CFR 206.17; 19 U.S.C. 4572(f); 19 CFR 208.22; 19 U.S.C. 1516a(g)(7)(A); 
and 19 CFR 207.100--207.120. The discussion below describes APO breach 
investigations that the Commission completed during fiscal year 2022, 
including descriptions of actions taken in response to any breaches.
    Since 1991, the Commission has published annually a summary of its 
actions in response to violations of Commission APOs and rule 
violations. See 86 FR 71916 (Dec. 20, 2021); 85 FR 7589 (Feb. 10, 
2020); 83 FR 42140 (Aug. 20, 2018); 83 FR 17843 (Apr. 24, 2018); 82 FR 
29322 (June 28, 2017); 81 FR 17200 (Mar. 28, 2016); 80 FR 1664 (Jan. 
13, 2015); 78 FR 79481 (Dec. 30, 2013); 77 FR 76518 (Dec. 28, 2012); 76 
FR 78945 (Dec. 20, 2011); 75 FR 66127 (Oct. 27, 2010); 74 FR 54071 
(Oct. 21, 2009); 73 FR 51843 (Sept. 5, 2008); 72 FR 50119 (Aug. 30, 
2007); 71 FR 39355 (July 12, 2006); 70 FR 42382 (July 22, 2005); 69 FR 
29972 (May 26, 2004); 68 FR 28256 (May 23, 2003); 67 FR 39425 (June 7, 
2002); 66 FR 27685 (May 18, 2001); 65 FR 30434 (May 11, 2000); 64 FR 
23355 (Apr. 30, 1999); 63 FR 25064 (May 6, 1998); 62 FR 13164 (Mar. 19, 
1997); 61 FR 21203 (May 9, 1996); 60 FR 24880 (May 10, 1995); 59 FR 
16834 (Apr. 8, 1994); 58 FR 21991 (Apr. 26, 1993); 57 FR 12335 (Apr. 9, 
1992); and 56 FR 4846 (Feb. 6, 1991). This report does not provide an 
exhaustive list of conduct that will be deemed to be a breach of the 
Commission's APOs. The Commission considers APO breach investigations 
on a case-by-case basis.
    As part of the Commission's efforts to educate practitioners about 
the Commission's current APO practice, the Secretary to the Commission 
(``Secretary'') issued in January 2022 a sixth edition of An 
Introduction to Administrative Protective Order Practice in Import 
Injury Investigations (Pub. No. 5280). This document is available on 
the Commission's website at http://www.usitc.gov.

I. In General

A. Antidumping and Countervailing Duty Investigations

    The current APO application form for antidumping and countervailing 
duty investigations, which the Commission revised in May 2020, requires 
an APO applicant to agree to:
    (1) Not divulge any of the BPI disclosed under this APO or 
otherwise obtained in this investigation and not otherwise available to 
him or her, to any person other than--
    (i) Personnel of the Commission concerned with the investigation,
    (ii) The person or agency from whom the BPI was obtained,
    (iii) A person whose application for disclosure of BPI under this 
APO has been granted by the Secretary, and
    (iv) Other persons, such as paralegals and clerical staff, who (a) 
are employed or supervised by and under the direction and control of 
the authorized applicant or another authorized applicant in the same 
firm whose application has been granted; (b) have a need thereof in 
connection with the investigation; (c) are not involved in competitive 
decision making for an interested party which is a party to the 
investigation; and (d) have signed the acknowledgment for clerical 
personnel in the form attached hereto (the authorized applicant shall 
also sign such acknowledgment and will be deemed responsible for such 
persons' compliance with this APO);
    (2) Use such BPI solely for the purposes of the above-captioned 
Commission investigation or for U.S. judicial or review pursuant to the 
North American Free Trade Agreement the determination resulting from 
such investigation of such Commission investigation;
    (3) Not consult with any person not described in paragraph (1) 
concerning BPI disclosed under this APO or otherwise obtained in this 
investigation without first having received the written consent of the 
Secretary and the party or the representative of the party from whom 
such BPI was obtained;
    (4) Whenever materials (e.g., documents, computer disks or similar 
media) containing such BPI are not being used, store such material in a 
locked file cabinet, vault, safe, or other suitable container (N.B.: 
[S]torage of BPI on so-called hard disk computer media or similar media 
is to be avoided, because mere erasure of data from such media may not 
irrecoverably destroy the BPI and may result in violation of paragraph 
C of this APO);
    (5) Serve all materials containing BPI disclosed under this APO as 
directed by the Secretary and pursuant to section 207.7(f) of the 
Commission's rules;
    (6) Transmit each document containing BPI disclosed under this APO:
    (i) With a cover sheet identifying the document as containing BPI,
    (ii) With all BPI enclosed in brackets and each page warning that 
the document contains BPI,
    (iii) If the document is to be filed by a deadline, with each page 
marked ``Bracketing of BPI not final for one business day after date of 
filing,'' and
    (iv) Within two envelopes, the inner one sealed and marked 
``Business Proprietary Information--To be opened only by [name of 
recipient]'', and the outer one sealed and not marked as containing 
BPI;
    (7) Comply with the provision of this APO and section 207.7 of the 
Commission's rules
    (i) Make true and accurate representations in the authorized 
applicant's application and promptly notify the Secretary of any 
changes that occur after the submission of the application and that 
affect the representations made in the application (e.g.[,] change in 
personnel assigned to the investigation),
    (ii) Report promptly and confirm in writing to the Secretary any 
possible breach of this APO, and

[[Page 69333]]

    (iii) Acknowledge that breach of this APO may subject the 
authorized applicant and other persons to such sanctions or other 
actions as the Commission deems appropriate, including the 
administrative sanctions and actions set out in this APO.
    The APO form for antidumping and countervailing duty investigations 
also provides for the return or destruction of the BPI obtained under 
the APO on the order of the Secretary, at the conclusion of the 
investigation, or at the completion of Judicial Review. The BPI 
disclosed to an authorized applicant under an APO during the 
preliminary phase of the investigation generally may remain in the 
applicant's possession during the final phase of the investigation.
    The APO further provides that breach of an APO may subject an 
applicant to:
    (1) Disbarment from practice in any capacity before the Commission 
along with such person's partners, associates, employer, and employees, 
for up to seven years following publication of a determination that the 
order has been breached;
    (2) Referral to the United States Attorney;
    (3) In the case of an attorney, accountant, or other professional, 
referral to the ethics panel of the appropriate professional 
association;
    (4) Such other administrative sanctions as the Commission 
determines to be appropriate, including public release of, or striking 
from the record any information or briefs submitted by, or on behalf 
of, such person or the party he represents; denial of further access to 
business proprietary information in the current or any future 
investigations before the Commission, and issuance of a public or 
private letter of reprimand; and
    (5) Such other actions, including but not limited to, a warning 
letter, as the Commission determines to be appropriate.
    APOs issued in cross-border long-haul trucking (``LHT'') 
investigations, conducted under the United States-Mexico-Canada 
Agreement (``USMCA'') Implementation Act, 19 U.S.C. 4571-4574 (19 
U.S.C. 4501 note), and safeguard investigations, conducted under the 
statutory authorities listed in 19 CFR 206.1 and 206.31, contain 
similar (though not identical) provisions.

B. Section 337 Investigations

    APOs in section 337 investigations differ from those in title VII 
investigations: There is no set form like the title VII APO 
application, and provisions of individual APOs may differ depending on 
the investigation and the presiding administrative law judge. However, 
in practice, the provisions are often similar in scope and applied 
quite similarly. Any person seeking access to CBI during a section 337 
investigation (including outside counsel for parties to the 
investigation, secretarial and support personnel assisting such 
counsel, and technical experts and their staff who are employed for the 
purposes of the investigation) is required to read the APO, file a 
letter with the Secretary indicating agreement to be bound by the terms 
of the APO, agree not to reveal CBI to anyone other than another person 
permitted access by the APO, and agree to utilize the CBI solely for 
the purposes of that investigation.
    In general, an APO in a section 337 investigation will define what 
kind of information is CBI and direct how CBI is to be designated and 
protected. The APO will state which persons may have access to CBI and 
which of those persons must sign onto the APO. The APO will provide 
instructions on how CBI is to be maintained and protected by labeling 
documents and filing transcripts under seal. It will provide 
protections for the suppliers of CBI by notifying them of a Freedom of 
Information Act request for the CBI and providing a procedure for the 
supplier to seek to prevent the release of the information. There are 
provisions for disputing the designation of CBI and a procedure for 
resolving such disputes. Under the APO, suppliers of CBI are given the 
opportunity to object to the release of the CBI to a proposed expert. 
The APO requires a person who discloses CBI, other than in a manner 
authorized by the APO, to provide all pertinent facts to the supplier 
of the CBI and to the administrative law judge and to make every effort 
to prevent further disclosure. Under Commission practice, if the 
underlying investigation is before the Commission at the time of the 
alleged breach or if the underlying investigation has been terminated, 
a person who discloses CBI, other than in a manner authorized by the 
APO, should report the disclosure to the Secretary. See 19 CFR 210.25, 
210.34(c). Upon final termination of an investigation, the APO requires 
all signatories to the APO to either return to the suppliers or, with 
the written consent of the CBI supplier, destroy the originals and all 
copies of the CBI obtained during the investigation.
    The Commission's regulations provide for the imposition of certain 
sanctions if a person subject to the APO violates its restrictions. The 
Commission keeps the names of the persons being investigated for 
violating an APO confidential unless the sanction imposed is a public 
letter of reprimand. 19 CFR 210.34(c)(1). The possible sanctions are:
    (1) An official reprimand by the Commission.
    (2) Disqualification from or limitation of further participation in 
a pending investigation.
    (3) Temporary or permanent disqualification from practicing in any 
capacity before the Commission pursuant to 19 CFR 201.15(a).
    (4) Referral of the facts underlying the violation to the 
appropriate licensing authority in the jurisdiction in which the 
individual is licensed to practice.
    (5) Making adverse inferences and rulings against a party involved 
in the violation of the APO or such other action that may be 
appropriate. 19 CFR 210.34(c)(3).
    Commission employees are not signatories to the Commission's APOs 
and do not obtain access to BPI or CBI through APO procedures. 
Consequently, they are not subject to the requirements of the APO with 
respect to the handling of BPI and CBI. However, Commission employees 
are subject to strict statutory and regulatory constraints concerning 
BPI and CBI, and they face potentially severe penalties for 
noncompliance. See 18 U.S.C. 1905; title 5, U.S. Code; and Commission 
personnel policies implementing the statutes. Although the Privacy Act 
(5 U.S.C. 552a) limits the Commission's authority to disclose any 
personnel action against agency employees, this should not lead the 
public to conclude that no such actions have been taken.

II. Investigations of Alleged APO Breaches

    The Commission conducts APO breach investigations for potential 
breaches that occur in title VII, safeguard, and LHT investigations, as 
well as potential breaches in section 337 investigations that are 
before the Commission or have been terminated.\1\ Administrative law 
judges handle potential APO breaches in section 337 investigations when 
the breach occurred and is discovered while the underlying 
investigation is before the administrative law judge. The Commission 
may review any decision that the administrative law judge makes

[[Page 69334]]

on sanctions in accordance with Commission regulations. See 19 CFR 
210.25, 210.34(c).
---------------------------------------------------------------------------

    \1\ Procedures for investigations to determine whether a 
prohibited act, such as a breach, has occurred and for imposing 
sanctions for violation of the provisions of a protective order 
issued during a North American Free Trade Agreement or USMCA panel 
or committee proceedings are set out in 19 CFR 207.100-207.120. The 
Commission's Office of Unfair Import Investigations conducts those 
investigations initially.
---------------------------------------------------------------------------

    For Commission APO breach investigations, upon finding evidence of 
an APO breach or receiving information that there is reason to believe 
that one has occurred, the Secretary notifies relevant Commission 
offices that the Secretary has opened an APO breach file and the 
Commission has commenced an APO breach investigation. The Commission 
then notifies the alleged breaching parties of the alleged breach and 
provides them with the voluntary option to proceed under a one- or two-
step investigatory process. Under the two-step process, which was the 
Commission's historic practice, the Commission determines first whether 
a breach has occurred and, if so, who is responsible for it. This is 
done after the alleged breaching parties have been provided an 
opportunity to present their views on the matter. The breach 
investigation may conclude after this first step if: (1) the Commission 
determines that no breach occurred and issues a letter so stating; or 
(2) the Commission finds that a breach occurred, but concludes that no 
further action is warranted and issues a warning letter. If the 
Commission determines that a breach occurred that warrants further 
action, the Commission will then determine what sanction, if any, to 
impose. Before making this determination, the Commission provides the 
breaching parties with an opportunity to present their views on the 
appropriate sanction and any mitigating circumstances. The Commission 
can decide as part of either the first or second step to issue a 
warning letter. A warning letter is not a sanction, but the Commission 
will consider a warning letter as part of a subsequent APO breach 
investigation.
    The Commission recognizes that the two-step process can result in 
duplicative work for the alleged breaching party and Commission staff 
in some APO breach investigations. For example, parties who self-report 
their own breach often address mitigating circumstances and sanctions 
in their initial response to the Commission's letter of inquiry on the 
breach. But, under the Commission's two-step process, they must await a 
Commission decision on breach and then submit again their views on 
mitigating circumstances and sanctions. To streamline this process and 
accelerate processing times, the Commission offers alleged breaching 
parties the option to voluntarily elect a one-step APO breach 
investigation process. Under this process, the Commission will 
determine simultaneously whether a breach occurred and, if so, the 
appropriate sanction to impose, if any. Under either process, the 
alleged breaching party has the opportunity to submit affidavits 
reciting the facts concerning the alleged breach and mitigating factors 
pertaining to the appropriate response if a breach is found.
    Sanctions for APO violations serve three basic interests: (a) 
preserving the confidence of submitters of BPI/CBI that the Commission 
is a reliable protector of BPI/CBI; (b) disciplining breachers; and (c) 
deterring future violations. As the Conference Report to the Omnibus 
Trade and Competitiveness Act of 1988 observed: ``[T]he effective 
enforcement of limited disclosure under [APO] depends in part on the 
extent to which private parties have confidence that there are 
effective sanctions against violation.'' H.R. Conf. Rep. 100-576, at 
623 (1988).
    The Commission has worked to develop consistent jurisprudence, not 
only in determining whether a breach has occurred, but also in 
selecting an appropriate response. In determining the appropriate 
response, the Commission generally considers mitigating factors such as 
the unintentional nature of the breach, the lack of prior breaches 
committed by the breaching party, the corrective measures taken by the 
breaching party, and the promptness with which the breaching party 
reported the violation to the Commission. The Commission also considers 
aggravating circumstances, especially whether persons not authorized 
under the APO had access to and viewed the BPI/CBI. The Commission 
considers whether there have been prior breaches by the same person or 
persons in other investigations and whether there have been multiple 
breaches by the same person or persons in the same investigation.
    The Commission's rules permit an economist or consultant to obtain 
access to BPI/CBI under the APO in a title VII, safeguard, or LHT 
investigation if the economist or consultant is under the direction and 
control of an attorney under the APO, or if the economist or consultant 
appears regularly before the Commission and represents an interested 
party who is a party to the investigation. See 19 CFR 207.7(a)(3)(i)(B) 
and (C); 19 CFR 206.17(a)(3)(i)(B) and (C); and 19 CFR 
208.22(a)(3)(i)(B) and (C). Economists and consultants who obtain 
access to BPI/CBI under the APO under the direction and control of an 
attorney nonetheless remain individually responsible for complying with 
the APO. In appropriate circumstances, for example, an economist under 
the direction and control of an attorney may be held responsible for a 
breach of the APO by failing to redact APO information from a document 
that is subsequently filed with the Commission and served as a public 
document, or for retaining BPI/CBI without consent of the submitter 
after the termination of an investigation. This is so even though the 
Commission may also hold the attorney exercising direction or control 
over the economist or consultant responsible for the APO breach. In 
section 337 investigations, technical experts and their staff who are 
employed for the purposes of the investigation are required to sign 
onto the APO and agree to comply with its provisions.
    The records of Commission investigations of alleged APO breaches in 
antidumping and countervailing duty cases, section 337 investigations, 
safeguard investigations, and LHT investigations are not publicly 
available and are exempt from disclosure under the Freedom of 
Information Act, 5 U.S.C. 552. See, e.g., 19 U.S.C. 1677f(g); 19 U.S.C. 
1333(h); 19 CFR 210.34(c).
    The two types of breaches most frequently investigated by the 
Commission involve: (1) the APO's prohibition on the dissemination or 
exposure of BPI or CBI to unauthorized persons; and (2) the APO's 
requirement that the materials received under the APO be returned or 
destroyed and that a certificate be filed with the Commission 
indicating what actions were taken after the termination of the 
investigation or any subsequent appeals of the Commission's 
determination. The dissemination of BPI/CBI usually occurs as the 
result of failure to delete BPI/CBI from public versions of documents 
filed with the Commission or transmission of proprietary versions of 
documents to unauthorized recipients. Other breaches have included the 
failure to bracket properly BPI/CBI in proprietary documents filed with 
the Commission, the failure to report immediately known or suspected 
violations of an APO, and the failure to adequately supervise non-
lawyers in the handling of BPI/CBI.
    Occasionally, the Commission conducts APO breach investigations 
that involve members of a law firm or consultants working with a firm 
who were granted access to APO materials by the firm although they were 
not APO signatories. In many of these cases, the firm and the person 
using the BPI/CBI mistakenly believed an APO application had been filed 
for that person. The Commission has determined in all of these cases 
that the person who was a non-signatory, and therefore did not

[[Page 69335]]

agree to be bound by the APO, could not be found to have breached the 
APO. However, under Commission rule 201.15 (19 CFR 201.15), the 
Commission may take action against these persons for good cause shown. 
In all cases in which the Commission has taken such action, it decided 
that the non-signatory appeared regularly before the Commission, was 
aware of the requirements and limitations related to APO access, and 
should have verified their APO status before obtaining access to and 
using the BPI/CBI. The Commission notes that section 201.15 may also be 
available to issue sanctions to attorneys or agents in different 
factual circumstances in which they did not technically breach the APO, 
but their action or inaction did not demonstrate diligent care of the 
APO materials, even though they appeared regularly before the 
Commission and were aware of the importance that the Commission places 
on the proper care of APO materials.
    The Commission has held routinely that the disclosure of BPI/CBI 
through recoverable metadata or hidden text constitutes a breach of the 
APO even when the BPI/CBI is not immediately visible without further 
manipulation of the document. In such cases, breaching parties have 
transmitted documents that appear to be public documents in which the 
parties have removed or redacted all BPI/CBI. However, further 
inspection of the document reveals that confidential information is 
actually retrievable by manipulating codes in software or through the 
recovery of hidden text or metadata. In such instances, the Commission 
has found that the electronic transmission of a public document with 
BPI/CBI in a recoverable form was a breach of the APO.
    The Commission has cautioned counsel to ensure that each authorized 
applicant files with the Commission within 60 days of the completion of 
an import injury investigation or at the conclusion of judicial or 
binational review of the Commission's determination, a certificate 
stating that, to the signatory's knowledge and belief, all copies of 
BPI/CBI have been returned or destroyed, and no copies of such 
materials have been made available to any person to whom disclosure was 
not specifically authorized. This requirement applies to each attorney, 
consultant, or expert in a firm who has access to BPI/CBI. One firm-
wide certificate is insufficient.
    Attorneys who are signatories to the APO in a section 337 
investigation should inform the administrative law judge and the 
Secretary if there are any changes to the information that was provided 
in the application for access to the CBI. This is similar to the 
requirement to update an applicant's information in title VII 
investigations.
    In addition, attorneys who are signatories to the APO in a section 
337 investigation should send a notice to the Commission if they stop 
participating in the investigation or the subsequent appeal of the 
Commission's determination. The notice should inform the Commission 
about the disposition of CBI obtained under the APO that was in their 
possession, or the Commission could hold them responsible for any 
failure of their former firm to return or destroy the CBI in an 
appropriate manner.

III. Specific APO Breach Investigations

    Case 1. The Commission determined that a partner at a law firm 
breached the APO issued in a title VII investigation when the partner 
supervised the drafting, revision, and review of a publicly filed 
document that contained BPI.
    Three attorneys, including the partner, were responsible for 
drafting the document at issue. Despite the firm's instructions to 
place brackets around any BPI that an attorney added to the draft, one 
of the non-partner attorneys inadvertently failed to include brackets 
around a quote in a footnote. The partner completed two full reviews of 
the document before its filing, but the partner failed to identify the 
unbracketed BPI in the footnote. The law firm filed the document on the 
Commission's Electronic Document Information System (EDIS), and it also 
served the document on all parties on the public service list. The 
Commission first became aware of this breach through Commission staff, 
who discovered the exposed BPI and notified the Secretary. The Office 
of the Secretary notified the partner of the breach, and the law firm 
filed a corrected version of the public document later that day.
    In determining whether to issue a sanction for the breach, the 
Commission considered mitigating factors, including that: (1) the 
breach was inadvertent and unintentional; (2) the law firm took prompt 
corrective actions to mitigate the effect of the breach by correcting 
its filing, notifying the recipients of the document's error and of its 
substitute filing, and obtaining the recipient's confirmation of the 
document's destruction; and (3) the partner had not previously breached 
an APO in the two-year period preceding the date of the breach. The 
Commission also considered the following aggravating factors: (1) the 
Commission was the first to discover and flag the breach; and (2) 
unauthorized individuals accessed and presumably viewed the CBI.
    The Commission issued a private letter of reprimand to the partner 
after finding that the partner was ultimately responsible for the 
failure to redact BPI from the public document.
    Case 2. The Commission determined that an expert breached the APO 
issued in a section 337 investigation by submitting expert reports 
containing CBI in several unrelated actions pending before a federal 
district court.
    The expert drafted and filed before a federal district court six 
expert reports that contained a sentence from the confidential version 
of an administrative law judge's initial determination. Two months 
later, counsel for one of the parties involved in the underlying 
section 337 investigation, and in the federal district court action, 
notified the expert that the quoted sentence did not appear in the 
public version of the initial determination. The expert took immediate 
steps to replace the page that contained the CBI, but the expert did 
not notify the Commission until about a month after the breach's 
discovery. The expert acknowledged the failure to follow firm 
procedures, which would have required comparison of the draft expert 
report with the public version of the initial determination.
    In determining whether to issue a sanction for the breach, the 
Commission considered the following mitigating factors: (1) the breach 
was inadvertent and unintentional; (2) the expert self-reported the 
breach to the Commission; and (3) the expert had not previously 
breached an APO in the two-year period preceding the breach. The 
Commission also considered the following aggravating factors: (1) the 
expert did not discover the breach; (2) the breach resulted in exposure 
of CBI to unauthorized individuals; (3) there was a delay of two months 
between the discovery of the breach and the mitigation of the breach; 
(4) the expert waited more than one month to report the breach to the 
Commission; and (5) the expert failed to handle CBI with due diligence 
and care, and the expert did not follow firm procedures for protecting 
CBI.
    The Commission issued a private letter of reprimand to the expert.
    Case 3. The Commission determined that a supervisory attorney at a 
law firm breached an APO in a title VII investigation when a legal 
support staff member under the attorney's supervision inadvertently 
attached a confidential brief from one investigation to a public brief 
in another investigation and publicly filed both briefs as one

[[Page 69336]]

document with the Department of Commerce (Commerce). The Commission 
also determined that the supervisory attorney breached the APO a second 
time by providing BPI to that legal support staff member before the 
staff member had signed an APO acknowledgment for clerical personnel.
    After filing the document in Commerce's IA ACCESS website, the 
legal support staff member served the document on the parties listed on 
the public brief's service list. None of the served parties were on the 
APO service list for the confidential brief. Three days later, the law 
firm received notification from one of the parties on the public 
brief's service list that the document contained BPI from an unrelated 
investigation. Upon review of the document, the law firm discovered 
that the legal support staff member who had filed and served the 
document had included a copy of a confidential brief from another title 
VII investigation. The law firm immediately contacted Commerce to 
request removal of the document from the IA ACCESS website. Commerce 
indicated to the law firm that multiple individuals had accessed the 
document while it was posted publicly to that website. The law firm 
also contacted the parties on the public service list to ask that they 
destroy any copies.
    The law firm immediately notified the Commission of the breach 
after learning of it. In its correspondence to the Commission, the firm 
indicated that the breach occurred because of the legal support staff 
member's failure to follow firm procedures in handling and storing the 
confidential brief. The firm also indicated that the supervisory 
attorney had supervised the preparation of the confidential brief and 
had been aware of staff's inconsistent adherence to the firm's BPI 
procedures. In addition, over the course of the APO breach 
investigation, the Commission discovered that the supervisory attorney 
had provided BPI to the legal support staff member without first having 
the staff member sign an APO acknowledgment for clerical personnel.
    In determining whether to issue a sanction for the breach, the 
Commission considered mitigating factors, including that: (1) the 
breach was inadvertent and unintentional; (2) the law firm took prompt 
action to remedy the breach and prevent further dissemination of BPI; 
(3) the law firm promptly self-reported the breach to the Commission; 
(4) the law firm implemented new procedures to prevent similar breaches 
in the future; and (5) the supervisory attorney had not previously 
breached an APO in the two-year period preceding the date of the 
breach. The Commission also considered the following aggravating 
factors: (1) unauthorized individuals had access to and viewed the BPI; 
(2) the law firm violated the APO in two different ways; (3) the law 
firm did not discover either breach; and (4) the supervisory attorney 
and legal support staff failed to follow the law firm's procedures for 
protecting BPI.
    The Commission also considered whether to find in breach of the APO 
a second attorney who supervised the preparation of the public brief, 
and it determined not to do so. The second attorney was an APO 
signatory in both relevant investigations, but the second attorney had 
not supervised the preparation of the confidential brief. Further, the 
second attorney had reviewed the public brief before the legal support 
staff member had attached the confidential version to it. The 
Commission determined that the second attorney would have had no reason 
to suspect that the legal support staff member would attach BPI 
materials to the public brief after the final review and approval of 
the brief.
    The Commission issued a private letter of reprimand to the 
supervisory attorney. The Commission did not take any further action 
against the legal support staff member whose actions contributed to the 
breach because the staff member had since passed away.
    Case 4. The Commission determined that two attorneys at a law firm 
breached an APO in a title VII investigation when they reviewed, filed 
in EDIS, and served a public version of a brief that contained 
unredacted BPI belonging to a third party.
    The attorneys served the brief on the parties to the public service 
list in the investigation, which included individuals who were not 
authorized under the APO to view BPI, and the brief was publicly posted 
to EDIS, where at least one unauthorized individual accessed it. In 
addition, one of the attorneys forwarded copies of the brief to the 
firm's clients. Two days after filing and serving the brief, the two 
attorneys received notification from another party to the investigation 
(after Commission business hours) that the brief contained BPI. The two 
attorneys immediately reviewed the brief, and they discovered that they 
had bracketed, but failed to remove, the BPI at issue. That same day, 
the two attorneys contacted their clients and the parties on the public 
service list to request that they destroy the brief and contact anyone 
else to whom they may have forwarded the brief. The next day, the two 
attorneys notified the Commission of the breach and requested that the 
Secretary remove the document from public view on EDIS. Over the course 
of the investigation, the two attorneys confirmed to the Commission 
that they had received responses (and confirmations of destruction) 
from all but two individual recipients of the brief. Those two 
individuals never acknowledged the attorneys' emails nor confirmed 
destruction of the brief.
    In determining whether to issue a sanction for the breach, the 
Commission considered mitigating factors, including that: (1) the 
breach was inadvertent and unintentional; (2) the law firm promptly 
self-reported the breach to the Commission; (3) the law firm took 
prompt action to remedy the breach and prevent further dissemination of 
BPI; (4) the law firm implemented new procedures to prevent similar 
breaches in the future; and (5) neither attorney had previously breach 
an APO in the two-year period preceding the date of the breach. The 
Commission also considered the following aggravating factors: (1) 
unauthorized individuals had access to and presumably viewed the BPI; 
and (2) the law firm did not discover its own breach.
    The Commission determined to issue private letters of reprimand to 
both attorneys.
    Case 5. The Commission determined that an attorney and a paralegal 
at a law firm breached the APO in a title VII investigation when an 
economist at the firm accessed BPI materials that the law firm had 
received under the APO before the Secretary had approved the 
economist's APO application.
    The attorney, who was lead counsel for the investigation, did not 
confirm that the Secretary had approved the economist's APO application 
before instructing the economist to access the BPI materials. The 
economist also failed to confirm that the Secretary had approved the 
APO application before accessing the BPI materials. The paralegal, who 
had set up the folder containing the BPI materials in the law firm's 
system, had failed to restrict access to the folder (in accordance with 
the firm's procedures) to only authorized individuals whose APO 
applications had been approved. Upon discovery that the Secretary had 
not yet approved the economist's APO application, the attorney 
immediately notified the Commission of the breach and restricted access 
to the folder containing the BPI materials to approved APO applicants. 
However, the economist had access to and viewed on several occasions 
the BPI at issue for approximately two weeks before authorized to do 
so. The law firm confirmed that the economist was the

[[Page 69337]]

only unauthorized individual to access the BPI materials.
    In determining whether to issue a sanction for the breach, the 
Commission considered mitigating factors, including that: (1) the 
breach was inadvertent and unintentional; (2) the law firm took prompt 
action to remedy the breach and prevent further dissemination of BPI; 
(3) the firm immediately self-reported the breach to the Commission; 
(4) the law firm implemented new procedures to prevent similar breaches 
in the future; (5) the economist, who was later added to the APO, acted 
at all times as if bound by the APO, and thus no other unauthorized 
individuals viewed the BPI materials; and (6) the attorney and the 
paralegal had not previously breached an APO in the two-year period 
preceding the date of the breach. The Commission also considered the 
following aggravating factors: (1) the economist was not an authorized 
APO signatory at the time of the initial access and viewing of the BPI; 
and (2) the attorney, the paralegal, and the economist failed to follow 
the law firm's procedures for protecting BPI.
    The Commission determined to issue warning letters to the attorney 
and the paralegal. The Commission also found that good cause existed to 
issue a warning letter to the economist under 19 CFR 201.15(a). Though 
the economist was not a signatory to the APO at the time of the 
inappropriate access to the BPI, the economist was, or should have 
been, aware of the requirements and limitations related to APO access. 
The economist's failure to verify that the Commission had accepted the 
APO application before using the BPI materials demonstrated a disregard 
for the Commission's rules protecting the confidentiality of the 
information that is provided under the APO.
    Case 6. The Commission determined that 18 attorneys from one law 
firm breached the APO issued in a section 337 investigation when the 
law firm filed in EDIS a public version of a document that contained 
unredacted CBI in a footnote.
    Two supervisory attorneys oversaw the redaction and filing of the 
public version of the document and 16 attorneys contributed to its 
review and redaction. Each attorney had the opportunity to discover the 
presence of the unredacted CBI in the footnote of the document during 
their respective review, but none did. The firm filed the document in 
EDIS and served it on the parties. One day later, one of the firm's 
attorneys, who had an opportunity to review the document before its 
filing, discovered that the footnote in question contained unredacted 
CBI. The firm notified the Commission that same day, after the document 
had been publicly posted to EDIS, and the firm filed a replacement 
document about a week later.
    In determining whether to issue a sanction for the breach, the 
Commission considered the following mitigating factors: (1) the breach 
was inadvertent and unintentional; (2) the law firm took prompt action 
to remedy the breach and prevent further dissemination of CBI; (3) the 
law firm immediately self-reported the breach to the Commission; and 
(4) the law firm implemented new procedures to prevent similar breaches 
in the future. The Commission also considered the aggravating factor 
that unauthorized persons had access to and presumably viewed CBI.
    The Commission issued warning letters to 16 attorneys whose actions 
contributed to the breach. The Commission also issued private letters 
of reprimand to the two supervisory attorneys who bore ultimate 
responsibility for overseeing the redaction and filing of the document 
at issue.
    Case 7. The Commission determined that a supervisory attorney and 
an associate attorney breached the APO issued in a section 337 
investigation when they exposed CBI from the investigation to their 
client.
    The associate attorney, in reporting the work that the attorney had 
performed for the underlying investigation, noted details of that work 
in an internal electronic time entry system. The details included 
references to company names that one of the parties to the 
investigation considered to be CBI. The firm incorporated the associate 
attorney's entries from the time entry system into a billing invoice 
that it sent to its client. The supervisory attorney personally 
reviewed the billing invoice at issue and approved it for transmittal 
to the firm's client. Upon receipt of the billing invoice, the client 
contacted the firm to inquire about the entries that contained CBI, 
which caused the firm to discover its own breach. The firm requested 
that its client return the original invoice, and the client immediately 
did so. The firm notified the party whose CBI was exposed, and after 
conducting an internal investigation, the firm notified the Commission 
about two months later.
    In determining whether to issue a sanction for the breach, the 
Commission considered the following mitigating factors: (1) the breach 
was inadvertent and unintentional; (2) the law firm self-reported the 
breach to the Commission; (3) the law firm took prompt action to remedy 
the breach and prevent further dissemination of CBI; (4) the attorneys 
had not previously breached an APO in the two-year period preceding the 
date of the breach; and (5) the law firm implemented new measures to 
prevent future similar breaches in the future. The Commission also 
considered the following aggravating factors: (1) unauthorized persons 
had access to and viewed CBI; and (2) the law firm waited nearly two 
months to notify the Commission of the breach.
    The Commission issued a warning letter to the associate attorney 
whose actions contributed to, but did not directly cause, the breach. 
It issued a private letter of reprimand to the supervisory attorney.
    Case 8. The Commission determined that 16 attorneys from one law 
firm breached the APO issued in a section 337 investigation when the 
law firm filed in EDIS 79 public demonstrative exhibits that contained 
unredacted CBI.
    Fifteen attorneys were part of a team that was responsible for 
preparing and filing demonstrative exhibits following a hearing in the 
investigation. One senior attorney was responsible for supervising the 
team's effort. The breach occurred because when, in preparing the 
demonstrative exhibits for filing, the team failed to follow an 
instruction to place a ``-C'' designation after the exhibit number 
where the exhibits contained CBI. Because the team did not include the 
``-C'' designation on the exhibits in question, the legal support staff 
who filed the exhibits in EDIS assumed that they were public and filed 
them on the public record. Over a year later, the law firm learned that 
opposing counsel in unrelated federal court litigation accessed the 
exhibits through EDIS. The law firm promptly notified the Commission 
and the affected parties whose CBI had been exposed, and the firm spent 
over 1,000 hours in its efforts to remediate the breach. Following the 
breach's discovery, the law firm changed its protocols for protecting 
CBI in section 337 investigations.
    In determining whether to issue a sanction for the breach, the 
Commission considered the following mitigating factors: (1) the breach 
was inadvertent and unintentional; (2) the law firm discovered its own 
breach and promptly self-reported it to the Commission; (3) the law 
firm took prompt action to investigate and remedy the breach; (4) the 
attorneys had not previously breached an APO in the preceding two 
years; and (5) the law firm implemented new measures to prevent future 
similar breaches. The Commission also considered the following 
aggravating factors: (1) unauthorized persons had access to and viewed 
CBI; and (2) the

[[Page 69338]]

delay in the discovery of the breach left CBI publicly exposed for a 
period of about 15 months.
    The Commission issued a private letter of reprimand to the 
supervisor of the team responsible for the preparation and filing of 
the exhibits at issue after finding that the attorney's supervision was 
inadequate and failed to secure the confidential treatment of the CBI 
in those exhibits. The Commission issued warning letters to 14 
attorneys on the team who contributed to the preparation and filing of 
the exhibits. The Commission also issued a warning letter to one 
attorney who did not directly participate in the preparation and filing 
of the exhibits but permitted legal support staff to use, without 
supervision, the attorney's credentials to file the exhibits.
    Case 9. The Commission found that an associate attorney breached 
the APO issued in a section 337 investigation when the attorney's 
actions exposed CBI obtained under the APO to the attorney's client.
    The breach occurred when the attorney arranged for the client to 
access firm files stored on an electronic server by a discovery vendor. 
The attorney instructed the vendor to provide the client with limited 
access to certain file locations that stored only public files. 
However, the attorney did not verify that the vendor had followed the 
attorney's instructions before granting the client access to the firm's 
files. The vendor mistakenly granted the client unlimited access, and, 
as a result, the client inadvertently accessed 14 files containing CBI 
obtained under the APO. In accordance with the predetermined 
arrangement, the vendor terminated that client's unlimited access one 
day later. However, the attorney did not discover the breach until 
about 14 months later. The attorney reported the breach to the 
Commission a few days after making the discovery.
    In determining whether to issue a sanction for the breach, the 
Commission considered the following mitigating factors: (1) the breach 
was inadvertent and unintentional; (2) the law firm discovered its own 
breach; (3) the law firm took prompt action to investigate and remedy 
the breach; (4) the attorney had not previously breached an APO in the 
two-year period preceding the date of the breach; and (5) the law firm 
self-reported its own breach to the Commission. The Commission also 
considered the following aggravating factors: (1) unauthorized persons 
had access to and viewed CBI; and (2) the law firm did not discover its 
own breach until about 14 months after it occurred. However, the 
Commission noted that because the client's access to the CBI-containing 
files was limited to one day, the CBI was not exposed to unauthorized 
individuals during those 14 months.
    The Commission issued a private letter of reprimand to the 
associate attorney and found that, in the context of this matter, the 
attorney was obligated to take additional steps to ensure that the 
client was unable to access the files containing CBI.
    Case 10. The Commission determined that an attorney and a paralegal 
at a law firm breached the APO in a title VII investigation when they 
publicly filed in EDIS a brief with BPI in recoverable hidden text.
    While multiple attorneys reviewed the public version of the brief, 
the attorney and the paralegal were the only individuals who prepared 
and reviewed the final .pdf version of the document. Under firm 
procedures, the paralegal prepared the public version of the document 
by changing bracketed BPI to white font, converting the document from 
Microsoft Word to a .pdf file format, and then removing hidden 
information from the final .pdf file. Following the paralegal's 
preparation of the final document, the attorney reviewed the .pdf 
version of the document to ensure that all BPI had been removed from 
the file. The paralegal then publicly filed the document to EDIS. That 
same day, while preparing the document for service, another paralegal 
at the same firm noticed that the document contained BPI in recoverable 
hidden text. The attorney immediately notified the Commission of the 
breach and requested that the document be removed from public viewing. 
However, unauthorized individuals accessed and presumably viewed the 
brief while it was posted publicly to EDIS.
    In determining whether to issue a sanction for the breach, the 
Commission considered mitigating factors, including that: (1) the 
breach was inadvertent and unintentional; (2) the law firm discovered 
its own breach; (3) the law firm took prompt action to remedy the 
breach and prevent further dissemination of BPI; (4) the law firm 
immediately self-reported the breach to the Commission; (5) the law 
firm implemented new procedures to prevent similar breaches in the 
future; and (6) neither the attorney nor the paralegal had previously 
breached an APO in the two-year period preceding the date of the 
breach. The Commission also considered the aggravating factor that 
unauthorized persons had access to and presumably viewed BPI.
    The Commission determined to issue private letters of reprimand to 
both the attorney and the paralegal. The Commission also considered 
whether to find in breach other attorneys and legal support staff who 
reviewed the public version of the brief and approved the bracketing. 
However, the Commission declined to do so, determining that this breach 
occurred not because of bracketing issues, but because of a failure to 
remove properly bracketed BPI from the final .pdf file.

    By order of the Commission.

    Issued: November 14, 2022.
Jessica Mullan,
Attorney Advisor.
[FR Doc. 2022-25108 Filed 11-17-22; 8:45 am]
BILLING CODE 7020-02-P