Key Considerations for the 2020 Annual Reporting Season

White & Case LLPThis memorandum outlines key considerations from White & Case’s Public Company Advisory Practice for foreign private issuers (“FPIs”) in preparation for the 2020 annual reporting season. It describes our key considerations for Annual Reports on Form 20-F in two parts:

  1. Housekeeping Items for Form 20-Fs in 2020; and
  2. Top Seven Disclosure Considerations for the Form 20-F in 2020.

Recent SEC rulemaking and other developments in 2019, including rules adopted in 2019 pursuant to the FAST Act,1 have resulted in a number of changes to SEC filings, including your upcoming Form 20-F, as described below.

Housekeeping Items for Form 20-Fs in 2020

As a result of the FAST Act rule changes, the following housekeeping items should be addressed for upcoming Form 20-Fs:

Update 20-F Cover Page: Make sure your Form 20-F cover page is updated to reflect the most recent changes to the form adopted pursuant to the recent FAST Act rule changes, by adding the trading symbol (your company’s ticker) to the cover page.

Two additional changes were made to the Form 20-F cover page in 2018 pursuant to additional rule amendments.2 Given all of these recent changes, it is important to confirm that your Form 20-F cover page reflects all recent updates (see also XBRL changes to the cover page, described in “XBRL Changes” below).3

Top Seven Disclosure Considerations for the Form 20-F in 2020

Below is our list of the top seven items to consider when preparing your upcoming Form 20-F in 2020.

  1. Operating and Financial Review and Prospects (i.e., MD&A): Revised Item 5 of Form 20-F requires only a two year discussion of financial results. Specifically, companies are permitted to eliminate discussion of the earliest of the three-year period presented in their financial statements if: (i) such discussion is already included in any of its prior SEC filings and (ii) the company identifies the location in the prior filing where the omitted discussion may be found. While we expect most companies to take advantage of this rule change, it is important to first confirm whether any of the discussion of the third earliest year remains material and should therefore still be included in the MD&A.4
  2. Exhibits: The following items should be considered when preparing your upcoming Form 20-F exhibit list:
    • New Exhibit to Form 20-F – Description of Registered Securities: Form 20-F’s “Instructions as to Exhibits” section was revised to require that companies file a new exhibit with their Form 20-F providing a description of each class of securities registered under Section 12 of the Securities Exchange Act of 1934 (the “Exchange Act”). Previously, this information was only required to be provided in registration statements filed under the Securities Act of 1933 (the “Securities Act”). Descriptions of company securities from prior SEC filings can provide a useful starting point for this new exhibit; however, registrants will need to assess whether updates are needed, for example, to reflect changes to their certificate of incorporation or bylaws.
    • Material Contracts No Longer Required If Fully Performed: For companies that are not “newly reporting registrants,”5 Form 20-F’s “Instructions as to Exhibits” section requires material contracts to be filed only if they are to be performed in whole or in part at or after the filing date of the annual report. The previous rule had also required material contracts that were fully performed before the filing date but that were entered into within two years of the filing to be filed. Accordingly, companies should review their exhibit index to check if any material contracts can be removed from the exhibit index pursuant to this rule change.
    • Redaction of Confidential Information: Companies are now permitted to omit confidential information from material contracts without having to submit a formal confidential treatment request (“CTR”), so long as the redacted information: (i) is not material and (ii) would likely cause competitive harm to the company if publicly disclosed. Companies should follow the procedures for redactions described in recent SEC staff guidance, which also notes that the SEC staff is selectively reviewing filings for compliance.6 As an alternative, companies can still use the traditional CTR process (see SEC staff guidance issued in December 2019).7 Furthermore, companies that previously obtained a confidential treatment order that is about to expire must still file an application to continue to protect the confidential information from public release; accordingly, it is important to assess whether existing CTRs are set to expire in the upcoming year.8 In all cases, a company should confirm that the omitted information is not material and that it only omits information that it treats as private or confidential. Information that has previously been made public (either by the company or a third party) would not be eligible for confidential treatment.
    • Omission of Schedules; Personally Identifiable Information: Form 20-F’s “Instructions as to Exhibits” now allows registrants to omit schedules and similar attachments to exhibits, provided: (i) they do not contain material information, and (ii) that information is not otherwise disclosed in the exhibit or the disclosure document.9 Accordingly, for new exhibits, companies should assess whether they can omit any exhibit schedules or attachments under this rule change. Schedules included with previously filed exhibits cannot be removed. In addition, registrants are now explicitly allowed to omit personally identifiable information from exhibits, such as bank account numbers, social security numbers, home addresses and similar information.
  3. Risk Factors: For upcoming Form 20-Fs, a number of recent trends and events may impact risk factor disclosures, as well as disclosures in other sections of the annual report. Although each company will need to assess its own material risks and tailor risk factors to its unique circumstances, below is a list highlighting certain areas of SEC focus and key trends that a company should also consider when assessing its risk factors.
    • Cybersecurity: As cybersecurity incidents and data misuse continue to persist, the SEC staff has been focusing on, and providing comments regarding, cybersecurity and privacy disclosures. As part of this focus, the SEC staff monitors press reports and may raise questions directly with affected companies about the sufficiency of cybersecurity or privacy disclosures in SEC reports on that basis. SEC guidance,10 as well as recent high profile enforcement actions for inadequate or misleading disclosures,11 emphasize that cybersecurity and complying with personal data rights pose economic, operational, and reputational risks that can impact any company. With respect to disclosure issues, recent cases caution against framing risk factor disclosures in hypothetical terms without specifically addressing actual incidents experienced by a company.12 Material cybersecurity and data privacy risks must be disclosed and, to the extent the company already experienced actual cybersecurity or data misuse incidents, such occurrences and their impact on the company should be described if they are material or otherwise are required to be disclosed as a matter of context. Companies are cautioned against the use of “may” happen with respect to something that has already happened in the past or is currently happening. In addition, other specific disclosure with respect to cyber and data risks associated with suppliers and acquisition targets, among others, may be warranted. Meanwhile, the impact on corporate operations of an ever-expanding and complex array of personal data privacy laws throughout the world often requires additional risk disclosures. Most notable in this regard is compliance with the European Union’s General Data Protection Regulation (the “GDPR”), which became effective in 2018 and remains a material issue for many companies regardless of whether they have a physical presence in Europe. Compliance with the GDPR could require changes to a company’s business practices on whether and how to collect and use certain types of personal data, affect a company’s ability to transfer personal data internationally, impact decisions to expand into certain regions or lines of business, and subject companies to sizable financial penalties, all of which could materially adversely affect profitability and outlook. Similarly, the California Consumer Privacy Act (the “CCPA”), effective January 1, 2020, has companies evaluating whether the new law poses material risks to their business model, especially with respect to restrictions on the broadly defined “sale” of personal data. Companies should consider what non-boilerplate disclosures, if any, are necessary with respect to their readiness for compliance, as well as the business impact of compliance, with these and other emerging data privacy laws and regulations.
    • IP and Technology Risks: In December 2019, the SEC’s Division of Corporation Finance (“Corp Fin”) released guidance specifically calling on companies to assess risks related to the potential theft or compromise of their technology, data or intellectual property in connection with their international operations and disclose them where material.13 Beyond direct intrusions, the guidance notes that companies may also face theft or compromise of these assets via indirect routes. For example, a company’s products may be reverse engineered by joint venture parties, including those affiliated with state actors. The guidance encourages companies to consider a range of questions when assessing these risks, including whether they are operating in foreign jurisdictions where the ability to enforce rights over intellectual property is limited as a statutory or practical matter, and whether they have controls and procedures in place to adequately protect technology and intellectual property. The SEC staff also emphasized that disclosure of material risks should be specifically tailored, and that where a company’s technology, data or intellectual property is being (or previously was) materially compromised, hypothetical disclosure of potential risks is not sufficient to satisfy a company’s reporting obligations. Furthermore, companies should continue to consider this evolving area of risk and evaluate its materiality on an ongoing basis.
    • Brexit: Brexit disclosure remains one of the SEC’s key areas of focus for the upcoming season. The uncertainty surrounding Brexit-related developments means that companies are preparing for different outcomes, mitigating the risk of whatever outcome they may face, and investors should be informed about the nature and extent of those risks and about the steps companies are taking to prepare for them. Through comment letters, guidance and speeches, the SEC continues to caution companies against boilerplate disclosure in this area. If Brexit-related risks represent material risks to the company, disclosure should be tailored and should describe with sufficient specificity how Brexit is expected to impact the company and its operations. SEC Chairman Jay Clayton and Corp Fin Director Bill Hinman have both emphasized the importance of Brexit disclosure, and SEC staff may closely review SEC filings to assess whether companies adequately address the impact of Brexit, including indirectly through other businesses and individuals on whom the company relies.14
    • LIBOR: In light of the expected discontinuation of LIBOR after 2021,15 the SEC staff issued guidance in July 201916 stating that: (i) companies should consider disclosing their efforts to date to identify and mitigate associated risks and assess their impacts, as well as disclosing any significant matters yet to be addressed; (ii) if a material exposure to LIBOR has been identified but the company cannot yet reasonably estimate the expected impact, companies should consider disclosing that fact; and (iii) disclosures that allow investors to see this issue through the eyes of management are likely to be the most useful for investors (such as information used by management and the board in assessing and monitoring how transitioning from LIBOR may impact the company). The SEC staff expressly indicated that it is actively monitoring the extent to which risks related to the discontinuation of LIBOR are being addressed, and noted that companies should assess whether disclosure may be appropriate in their risk factor section as well as in the MD&A, the business section and/or the financial statements.
    • Regulatory: Changes and potential changes in law, regulation, policy and/or political leadership may necessitate modifications to risk factor disclosure for certain companies. Some examples include: tariffs (imposed or threatened); potential or actual withdrawal or modification of international trade agreements; modifications to sanctions imposed by the US or other countries; changes to immigration policies that may present material risks to companies that rely on foreign employees or contractors; changes in tax or environmental policies; and political developments in the registrant’s home country.
    • Environmental: Environmental issues such as climate change have been receiving increased attention, and companies should consider whether they present material risks for their businesses. Risk factor disclosure related to environmental issues should be tailored to the specific circumstances of a company and can address a number of topics, including applicable environmental regulations and the impact of climate change on a company’s business, such as risks of increased costs or reduced demand for products, carbon asset risk, risks due to severe weather events, and management of greenhouse gas emissions, among other environmental issues. In 2019, Corp Fin director Bill Hinman specifically encouraged companies “to consider their disclosure on all emerging issues, including risks that may affect their long-term sustainability” and “whether their disclosure is sufficiently detailed to provide insight as to how management plans to mitigate material risks.”17
    • Human Capital Management: Companies should assess whether they have material risks associated with human capital management. In a recent rule proposal the SEC queried whether Form 10-K should be amended to require a company to include, to the extent material, a description of the company’s human capital resources, including any human capital measures or objectives that management focuses on in managing the business.18 Although these are only proposed rules at this stage, and the proposed rules would only apply to US registrants and FPIs that have elected to file on domestic forms, there is heightened focus on this issue from the SEC and investors, and accordingly, companies should be assessing what—if any—material issues they are facing with respect to human capital management and considering any appropriate updates to risk factor disclosure.
    • Industry Specific Risks: Each company needs to identify its specific material risks, and many risk factor trends are industry specific. For example, certain companies in the health or pharmaceutical industry have included disclosure regarding risks related to the health crisis involving opioid abuse, while several companies, mainly in the retail industry, have added risk factors related to the potential impact of gun violence on their businesses.
  4. Critical Audit Matters (“CAMs”):19 Under the Public Company Accounting Oversight Board’s (“PCAOB”) new auditing standard, AS 3101, subject to transition periods, an auditor’s report in a Form 20-F must disclose any CAMs arising from the current period’s audit, or state that the auditor determined there were no CAMs for that period.20 Large accelerated filers are now subject to the CAM requirements (large accelerated filers with June 30, 2019 fiscal year ends were the first companies required to disclose CAMs). Accelerated filers and non-accelerated filers will be subject to the CAM requirements for audits of fiscal years ending on or after December 15, 2020.

    For any CAM, the auditor must disclose the principal considerations that led the auditor to determine that the matter is a CAM and how the CAM was addressed in the audit, among other items. A CAM is any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that: (i) relates to accounts or disclosures that are material to the financial statements and (ii) involved especially challenging, subjective or complex auditor judgment. The PCAOB’s standard also provides a non-exclusive list of factors to be considered by an auditor to determine whether a matter is a CAM, including risks of material misstatement, the extent of audit effort and subjectivity required, and the degree of judgment involving estimates with significant measurement uncertainty.

    It is important for a company to engage with its auditor early and on a regular basis regarding potential CAM disclosure. The PCAOB recently noted that some audit teams began the process to determine CAMs as early as the second or third quarter of the fiscal year and that starting early provided ample time to identify CAMs and draft disclosure.21 The most frequently communicated CAMs have so far related to goodwill and other intangible assets; revenue recognition; taxes; and business combinations.22

  5. Non-GAAP Financial Measures: The SEC continues to focus on non-GAAP measures, so it is important to pay careful attention to the use and disclosure of such measures, including:
    • Ensuring that when a non-GAAP measure is used in a Form 20-F, the comparable IFRS or GAAP measure is disclosed with equal or greater prominence, and a reconciliation of the two measures is provided. Unlike US issuers, FPIs do not file quarterly Form 10-Qs. Instead, FPIs typically disclose quarterly results via earnings releases furnished on Form 6-K. Although as a technical matter those disclosures are not subject to the requirements of Item 10(e) of Regulation S-K (because they are not “filed”), including the requirement to present GAAP financial information with equal or greater prominence when non-GAAP financial measures are presented, FPIs generally follow the equal or greater prominence presentation format in such earnings releases as a matter of best practice, in addition to including the relevant non-GAAP reconciliations as required under Regulation G;23
    • Maintaining consistent treatment of items year over year; and
    • Following the guidance for adjustments for significant financing components under IFRS 15. The SEC has requested that companies remove adjustments that substitute individually tailored recognition and measurement methods for those of GAAP from the relevant non-GAAP measure, or explain why they are necessary. This includes the reversal in non-GAAP measures of the significant financing component calculated and reported outside revenue under IFRS 15.

    Moreover, the SEC staff’s Compliance & Disclosure Interpretation (“C&DI”) 100.01 reminds companies that some adjustments may be prohibited because they result in a non-GAAP presentation that is misleading. The example provided in the C&DI—that a performance measure excluding normal, recurring, cash operating expenses necessary to operate a registrants business could be misleading—is the basis for a number of recent SEC staff comments. Accordingly, a company should not only assess its compliance with non-GAAP disclosure requirements, but should also assess whether a non-GAAP measure itself may be misleading.

  6. XBRL Changes and Hyperlinking
    • Tagging of Cover Page in Inline XBRL: As a result of the FAST Act rule changes, subject to the transition periods described below, all of the information on the cover page of the Form 20-F must be tagged in Inline XBRL, which embeds XBRL data directly into an HTML document.24 FPIs are required to comply with these requirements based on their filer status and basis of accounting. FPIs that are Large Accelerated Filers that prepare their financial statements in accordance with US GAAP were the first filers required to begin tagging cover pages in Inline XBRL (with their first fiscal periods ending on or after June 15, 2019). Accelerated Filers that prepare their financial statements in accordance with US GAAP will be required to tag cover pages in Inline XBRL for fiscal periods ending on or after June 15, 2020. All other filers, including FPIs that prepare their financial statements in accordance with IFRS, will be required to comply in reports for fiscal periods ending on or after June 15, 2021. These dates are identical to the mandatory compliance dates for the tagging of financial statement information in Inline XBRL elsewhere in SEC reports.25
    • New Exhibit for Cover Page Inline XBRL Data: “Instructions as to Exhibits” section for Form 20-F now requires companies tagging cover page data in Inline XBRL (as described above) to file a “Cover Page Interactive Data File” with the Form 20-F and to list new Exhibit 104 in the exhibit index of their Form 20-F.26 New Exhibit 104 should include the word “Inline” within the title description and should cross-reference the Interactive Data Files submitted under Exhibit 101.27 In addition, companies subject to Inline XBRL requirements should also update Exhibit 101, including by adding the word “Inline” to their title descriptions.28
    • Hyperlinking: As a result of the FAST Act rule changes, the SEC now requires an active hyperlink to information incorporated by reference from another SEC filing. Accordingly, to the extent a company’s Form 20-F incorporates by reference information from a prior SEC filing, it will need to include an active hyperlink to the prior filing. With respect to a company’s financial statements, however, the SEC now explicitly prohibits incorporating by reference to (or cross-referencing to) information outside of the financial statements, unless otherwise specifically permitted or required by SEC rules, US GAAP or IFRS, as applicable.
  7. Disclosure of Dealings in Countries Designated as “State Sponsors of Terrorism” or Countries Subject to US Sanctions

    In 2019, the SEC increased the number of comment letters it sent to public companies seeking more detail about their disclosures related to dealings in countries that are considered state sponsors of terrorism29 or the subject of US sanctions enforced by the Treasury Department’s Office of Foreign Assets Control (“OFAC”).30 These comment letters often request information regarding the nature and extent of any past, current and anticipated contacts with these countries, such as any services, products, information or technology provided to, and direct or indirect agreements, commercial arrangements or other contacts with, the governments of those countries or any entities that might be controlled by those governments. FPIs should ensure they are compliant with current US law, as the countries and entities included on either list may change periodically, and, to the extent they are doing business in sanctioned countries (even if in compliance with applicable US law), should consider whether disclosure of such activities is appropriate.31

1 Referred to herein as the FAST Act rule changes. For more information, see our prior alert, “SEC Adopts Amendments to Modernize and Simplify Disclosure Requirements.”
2 These changes included the removal of language on “posting” the company’s Interactive Data Files on its corporate website and the removal of language next to the non-accelerated filer checkbox that companies “not check” the box if they are a smaller reporting company.
3 The SEC website generally provides a current version of the SEC’s forms, available here.
4 The SEC’s adopting release on the FAST rule changes, available here, states: “We continue to encourage registrants to take the opportunity to reevaluate their disclosure in light of these amendments and determine whether a discussion of the earliest year’s information remains material.”
5 The term is defined in Instruction 1 to paragraph (b)(10) of Item 601 and includes companies that are not subject to Exchange Act reporting obligations and certain shell companies.
6 For more information on the procedures for exhibit redactions, as well as information on SEC staff reviews of redacted exhibits, see SEC staff guidance, available here.
7 See SEC staff guidance, available here. Also see prior SEC staff guidance on extensions available here.
8 The short-form application provides a streamlined process to file an application to extend the time for which confidential treatment has been granted, but may only be used if the confidential material is the subject of an unexpired order granting confidential treatment. See SEC staff guidance, available here.
9 Companies that omit schedules must provide a list in the filed exhibit that briefly identifies the contents of all omitted schedules; however, companies “need not prepare a separate list of omitted information if such information is already included within the exhibit in a manner that conveys the subject matter of the omitted schedules and attachments.”
10 In February 2018, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents, available here.
11 With respect to cybersecurity, the SEC found that Yahoo’s risk factor disclosures in its annual and quarterly reports were materially misleading in that they claimed the company only faced the “risk of potential future data breaches” that might expose the company to loss and liability “without disclosing that a massive data breach had in fact already occurred.” The SEC’s action is available here. For more information, see our prior alert, “SEC Fines Yahoo $35 Million for Failure to Timely Disclose a Cyber Breach.”
12 For example, the Yahoo case focused on disclosure of “possible” data breaches when the company had already experienced such a breach.
13 The guidance is available here.
14 See “SEC Rulemaking Over the Past Year, the Road Ahead and Challenges Posed by Brexit, LIBOR Transition and Cybersecurity Risks” (December 6, 2018), available here; see also “Applying a Principles-Based Approach to Disclosing Complex, Uncertain and Evolving Risks” (March 15, 2019), available here.
15 LIBOR is an indicative measure of the average interest rate at which major global banks could borrow from one another and is quoted for multiple currencies and time frames. It is used extensively in the US and globally as a “benchmark” or “reference rate” for various commercial and financial contracts. See SEC guidance available here.
16 Available here.
17 See “Applying a Principles-Based Approach to Disclosing Complex, Uncertain and Evolving Risks” (March 15, 2019), available here.
18 See “SEC Proposes Amendments to Modernize Disclosures; Considers Requiring Human Capital Resources Disclosure” (August 12, 2019), available here.
19 For more information, see our prior alert, “SEC Approves PCAOB’s New Audit Report Standard to Enhance the Relevance of the Auditor’s Report to Investors and Other Market Participants.” Also see AS 3101, available here.
20 Does not apply to audit reports of emerging growth companies, certain brokers and dealers, investment companies other than business development companies and benefit plans.
21 See Critical Audit Matters Spotlight, available on the PCAOB website here.
22 As of November 30, 2019. See Critical Audit Matters Spotlight, available on the PCAOB website here.
23 Subject to limited exemptions, FPIs are required to comply with Regulation G with respect to any public announcements of material information that contain non-GAAP financial measures and are subject to the requirements of Item 10(e) of Regulation S-K with respect to any filings under the Securities Act, such as registration statements on Form F-1 or F-3, and the Exchange Act, such as annual reports on Form 20-F. Because reports of FPIs on a Form 6-K are generally "furnished" rather than "filed" with the SEC, unless a Form 6-K is expressly designated as being "filed" or is incorporated by reference into any filing under the Securities Act (such as a Form F-3 or a Form S-8 registration statement) or the Exchange Act (such as an annual report on Form 20-F), Form 6-Ks are not subject to the Item 10(e) "equal prominence" requirements or the related SEC guidance thereon.
24 See the FAST Act rule changes adopting release, available here. Also see newly adopted Rule 406 of Regulation S-T.
25 Under SEC rules adopted in 2018, public companies are required, subject to transition periods, to submit financial statement information using the Inline XBRL format. The adopted rules also eliminated the requirements for filers to post Interactive Data Files on their websites. See Inline XBRL Filing of Tagged Data, Release No. 33-10514 (June 28, 2018), available here.
26 See Item 601(b)(104) to Regulation S-K, Rule 406 of Regulation S-T, and Question 101.04 of the Interactive Data C&DIs, available here.
27 See Question 101.01 of the Interactive Data C&DIs, available here. Also see Section 6.3.2 of the Edgar Filer Manual.
28  See Question 101.01 of the Interactive Data C&DIs, available here. Also see Section 5.2.5 of the Edgar Filer Manual.
29 This list currently includes Iran, North Korea, Sudan and Syria.
30 OFAC continues to administer and enforce comprehensive sanctions with respect to Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine, as well as against targeted individuals and entities, including those involved in narcotics trafficking, terrorism/terrorist financing, international crime, proliferation of weapons of mass destruction, malicious cyber activities and election interference, corruption and human rights abuses.
31 Separately, Section 13(r) of the Exchange Act requires companies to disclose in Form 20-F if they or any of their affiliates knowingly engaged in specified activities relating to Iran, terrorism or the proliferation of weapons of mass destruction. All transactions, even those the company considers de minimis, are required to be reported

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Written by:

White & Case LLP

White & Case LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.