The Management of Supply Chain Risk - A Compliance White Paper

Thomas Fox

Thomas Fox - Compliance Evangelist

Part 1 - Who is Assent Compliance?

In this White Paper, I explore supply chain data management with several members of the Assent Compliance team to introduce the topic, consider the development and synergies between several different types of compliance disciplines, the impact on organizations of compliance failures in this area and what are some of the drivers for continued legislation and regulation in this area. I began with Matt Whitteker, one of the co-founders and Vice President, Growth, at Assent. 

We began with the market need that Whitteker observed. Literally in a cab ride one day with a friend, who worked for a nationally registered tests laboratory in Canada, this friend was describing how difficult it was to do supply chain consulting. The friend related how difficult it was to obtain solid, verifiable data on company suppliers. From this discussion, Whitteker had the idea to start a company around supply chain data management.

The next step was to recruit a software developer. They created a small software development  company and built an application specifically around material compliance. The next step was to move to collecting data. From there, they moved to data management and supply chain data management programs. Out of this emerged a fully commercialized product compliance management suite. Assent started acquiring customers at a fairly rapid rate and fast forward about a year and a half from there won a major RFP with one of the world’s biggest industrial manufacturers of glass. Whitteker called this “the ESPN turning point in the company’s history or at least the first one”. Moreover, when the Dodd-Frank conflict minerals provision came into effect, Assent was one of a very few number of companies in the marketplace that had a solution to collect and manage data on ethical sourcing. 

One of the areas which has long intrigued me is the role of non-lawyers in conjunction with the type of services that Assent provides. Typically, a lawyer is not involved with the collection and storage of data. That role has typically been more in the bailiwick of a company such as Assent. However, merging the two skills sets can bring a much-enhanced overall process to supply chain management. 

Whitteker said that a large part of the benefit derived from working with Assent is the value from the type of data collected. This enables legal or supply chain professionals, risk officers or procurement officers to more fully manage the data. It means as soon as it comes into the organization, they can run risk profiles on the data. If there is conflicting data, it can be identified and rectified. Whitteker says that with “any type of data we are collecting and managing, the overlaying value comes from the actions that you can take from it. And in many cases, you identify this exactly correctly. It is the legal and risk profile that you derive from the data which has been collected.” At the end of the day, it is the technology that underpins data management. But, more importantly, it empowers people to take legal actions, run the risk profiles or “decide whether they frankly want to do business with that supplier or not.”

I asked Whitteker about where Assent might be headed and he noted that the “vision for the future is one that we own the category of supply chain data management.” He believes that there should be a specific category carved out for this niche. The field is simply too massive  a category and every single company from the smallest to the largest has a supply chain. The bottom line is that anything your organization purchases is through your supply chain. Assent strives to be the category leader for supply chain data management, both upstream and downstream. This means collecting data from your suppliers, responding to requests for data and managing all the data is the trajectory that Assent is on and it is one that the entity is really excited about it.

Part 2 - Introduction to Supply Chain Data Management

What is supply chain data management? To answer that question, I turned to James Calder, Assent’s Vice President, Compliance & Regulatory Programs, at Assent Compliance.  We begin our introduction of the topic of supply chain data management by focusing on the complexities of supply chain data exchanges. In my experience, and with the quantum of data generated by the supply chain, it is sometimes difficult to cut through the chaff and determine what is real and what is white noise. Further, while the complexity certainly is present, Calder noted it “is important to get data with respect to your supply chain as most companies are nowadays who are manufacturing products, with complex products in a complex supply chain that is typically touching on certain geographies all around the world”.

This dependency on suppliers is now a huge part of business risk, revenue and success. Calder said, “To mitigate any kind of business risk to achieve that business success, there needs to be clear access to the supply chain data and also ensure that that data is up to speed and the quality is up to speed. The complexity comes because you need to actually attribute certain qualities with every single supply chain data.” 

Calder provided several different types of data that is critical in the management of supply chain. He listed such types of data that could relate to the quality of a business entity; individuals who are important within the business entity; the material composition of products that are supported by a business entity. He also noted the data could be  “related to the activities which occur around the production of those materials and parts supported by that business entity.” Literally, each one of those topics can determine if your product can be sold within a market. 

But is also includes such data as if your product is ethically sourced, are your products going to receive or be assessed certain duties, and even could terrorists import your product into a market? If you are sourcing products from a company which is on a sanctions lists it can create business risk. All this means the complexity of getting that data is significant because you have to map all those different data points from your supplier. 

But supply chain data management is not simply the external data from your suppliers or even with whom you are doing business, you must map that data to your internal data qualities because typically it is not just a pass through of data. Calder noted this is because you are “taking all that data and then you have to roll it up with respect to all those parts and suppliers into the story you present to your prospective customers. This requires a lot of business intelligence. It also requires an understanding of your market need because just getting data and passing it to your downstream supply chain does not always represent the full story.” All of this means complexity in supply chain data management is significant because your organization may literally have thousands of suppliers that represent millions of parts and materials.

We next turned to managing the supply chain data. I asked Calder how does a company think through managing that internally versus using an external third party and really what types of economies of scale a third party brings to the overall topic of cost of managing supply chain data? He began by noting there are two costs, “the immediate direct costs which are incurred by your business to utilize your internal resources, your internal technologies and your internal understandings to collect this data, aggregate this data, and then communicate that data.” 

However, beyond this direct cost, there can well be a secondary cost. This is the cost which occurs when your organization fails to adequately manage its supply chain data and can lead to a market loss or reputation damage. Such failures could also lead to some type of enforcement activity which could translate in to fines, product removal or loss of investor confidence if things are not done well. So those are the direct internal costs and indirect external costs. Now these costs are usually born because of individuals “who are educated have a very strong vocational background or being dragged into sort of administrative activities which are not utilizing their core capabilities.” 

The external supply chain data management entity brings a level of professionalism and expertise that is not typically available inside most organizations. This expertise allows the legal department, compliance department, supply chain or risk management professional to engage in activities which are not only better suited to their skill sets but also brings more value to their organizations. 

Part 3 - Development of Supply Chain Risk Management

How did supply chain risk management develop? I found a surprising answer when I visited with Travis Miller, Compliance & Regulatory General Counsel at Assent Compliance. Miller had a very interesting and, indeed, unique perspective on the origins of modern-day compliance programs. He draws the origins of compliance through the US environmental movements. The first of which began in the 19th century as the conservation movement. This movement began around the eradication of such animals as the buffalo and carrier pigeons. It also included the creation of our national park system, that started in an attempt to respond to those issues and similar.

Miller identified the second big environmental movement beginning with the publication of “Silent Spring” by Rachel Carson in the early 1960s. There was increased awareness of air and water pollution. This led to the formalization of an environmental movement and such events as Earth Day, which is still celebrated. It also led to US regulatory responses, beginning with the creation of the Environmental Protection Agency (EPA) under the Nixon Administration. Additionally, Congress passed several key pieces of legislation including the Clean Air Act, Clean Water Act, and Endangered Species Act.

All of these US and global environmental initiatives led the need for greater transparency in supply chains. Companies began to be required to disclose the chemicals and ingredients in their products. This type of transparency evolved into different directions to such areas as conflict minerals. Of course, consumers played a role as well through their purchasing power and decisions. Many purchasers of consumer products did not want to purchase products which contained dangerous chemicals or damaged the environment. Miller believes all of this is “really the background that led us to where we are today and what is driving a lot of action and what’s really kind of garnered the ethos of the population.”

All of the above led to supply chain risk emerging as a business continuity risk. From investments in physical plants and facilities outside the US, to other issues of sourcing, labor controls and business practices, have all become key risks in your supply chain. Yet when there is overseas manufacturing there may not be any way to regulate these dangers to consumers or end users. What Miller observed is that “in reaction to all of this regulators and policymakers started to think and they came to the conclusion that what we can regulate is the product and the supply chain which produces that product and the components that were used to produce that product.” It is from this perspective that a compliance response to “supply chain risk really started to develop and there has been a surge over the last 10 years.”

Miller said understanding industry standardization has led to a series of best practices for managing supply chain compliance, you can see not only where supply chain compliance derived but also see where it may well be headed. He stated, “Everything you can think of from the chemical itself, to chemicals which are mixed together, to every single thing is produced from chemicals. It also includes the nut that goes inside the washing machine as well as the washing machine itself and all have disclosure initiatives”. Miller used the following to illustrate this point, “you have a bit of a diamond shape in the supply chain. There are a few people that do extractive. Next are those who turn the extractives into chemicals, which is a larger group. From there it goes into component manufacturing. And then those component manufacturers (also known as the Original Equipment Manufacturers [OEM]) then have to provide information. Basically, anybody that makes anything out of that washer or that nut, and they have to give you all the substance information you need globally.”

This means that every one of those OEMs is going to ask for information in their own format. A company could spend an inordinate amount of time responding to these information requests in non-standardized formats. A key component of supply chain risk management is taking these disparate forms of information and standardizing them across an entire supply chain or even industry. In this manner, there is one document that everybody can ingest or agrees is acceptable. Now you can communicate that to everybody and it gives you a fighting chance to be able to meet the requirements of all these various companies and all of these various industry sectors in silos.

This approach resonates with the business community because it ties two disparate strands  together. First, it allows companies to not only understand their legal obligations but respond to them as well. It also allows companies to move forward in a more business efficient manner. Miller concluded by noting the real advantage of effective supply chain risk management is “you are going to save a bunch of time, a bunch of money, a bunch of internal resources and that’s really what drives the business community to take these types of industry standardized approaches and these types of decisions.” 

Part 4 - Failures in Supply Chain Compliance 

We next consider what is the impact on organizations which sustain a supply chain compliance failure.  I explored this topic with Jared Connors, Senior Subject Matter Expert, Corporate Social Responsibility at Assent Compliance.

We reviewed two significant compliance failures in the area of Corporate Social Responsibility (CSR) and in the product regulation arena. Connors related that a very well-known case study in the CSR world that involves Nestlé S.A. and their shrimp boat fleets near Thailand. In this is a situation Nestlé found labor rights violations on commercial shrimp boat fleets. The company came forward and determined it had to address these issues into its supply chain, even though it was not the company’s Tier One suppliers that had this issue. Nestlé moved to create a program to address these issues, gain transparency within their supply chain and make their supply chain aware of their expectations to comply with labor laws locally. 

Obviously, this was in the context of modern-day slavery regulations but the company recognized it had a problem. To Connors, it is “a great example of a company who did the probably the best possible job they could with addressing the risk issue because they, they opened their own kimono. They were willing to talk about what was going on. They were talking about what they needed to be able to do about it.”

The second example Connors cited was in the area of product recall. In 2017, Performance Designed Products, LLC, maker of Energizer-branded chargers for gaming console controllers, recalled 121,000 of its Xbox One 2X Smart Chargers after receiving reports about overheating devices. This story is not as widely known, “but for those of us in the materials compliance space, many of us probably recall this story a few years back where an organization had to go through a massive recall because of a substance violation.” He said the problem was in the product material which went into the console. He said what the fallout “really taught us was while an organization may have been gathering information from their suppliers, they may not have been gathering enough information or the right information. It was a wakeup call for companies in their materials compliance programs to say, what’s the right information I should be chasing and how should I be evaluating this?”

Connors said both examples spoke directly to questions such as “What are you trying to get out of your program? What do you view as successful? Is it simply just checking a box and having that response from a supplier that may not necessarily be validated? Are you actually trying to walk the talk here of what your Code of Conduct says?”

Interestingly, Connors pointed to the area of conflict minerals for another example of the direction ethical sourcing is taking. He noted there is a legal reporting obligation for conflict minerals to do with the sourcing of tin, tantalum, tungsten and gold. However, he has seen organizations go beyond what the regulation requires. This means they are going beyond these four minerals and saying to their suppliers they want fuller and more robust disclosures to help protect themselves and more fully fulfill their ethical obligations. A key reason is what Connors termed “the name-shame game” and companies want to get ahead of the curve now by putting in procedures to help control this issue and manage this risk.

We next turned to what a compliant process should look like. It begins with a risk assessment to see what your organization has in place or what it might need. Does it have a conflict minerals program, a human trafficking and slavery program, or a product regulatory program? From there it moves to a gathering of information on your suppliers in terms of their policies and procedures  and gathering substance data from your suppliers.  

You should move to have a management procedure in place, which lays out what you are going to be doing throughout the year. It also sets the next steps of the workflow, which could be either data collection or data analysis depending on how you gathered the data, whether it is directly or indirectly from your suppliers. Next, how is your organization going to set expectations for corrective actions, both inside and outside the company? What will the expectation look like and what will your company to report on? Connors said, “These are really important aspects to understand, so you start with your management procedure. Go through your data collection analysis and your corrective, remediation phase. From there move into your reporting.”

We concluded by looking at what some supply chain compliance program reporting might look like. Connors began with some basic questions such as: “What does my reporting look like? What kind of KPIs am I going to try and set?” He then provided an example of a company which set an expectation that it was going to report on the results of its CSR survey. In this company’s opinion the results came back very poorly, however because it was the first year of the survey, many suppliers were only just learning of the expectations. Here the answer might be rather than setting the expectation right off that your organization is going to publish KPIs on everything you gather from your suppliers; the focus should be on “planting the seed with your suppliers. Then ramping them up and helping them walk the path, holding their hand and taking them down the road to make these expectations are to make these changes. And that’s what’s really important for those in the most effective programs.”

The failures of supply chain risk management are becoming more costly in the realm of public reputational damage. The response is more efficient and effective risk management.  

Part 5 - Market Drivers for Continued Supply Chain Risk Management Development

Perhaps one of the largest challenges in the businesses world today is the impact of external stakeholders on business behavior. There has been a magnification through social media. This has led to a recognition that there are numerous external stakeholders that a company, if not has to answer to directly, must at least pay attention to in today’s connected world.

Miller believes that in many ways “it gets back to the corporation or a business purpose.” When  corporations and businesses were first initially formed, it was supposed to be a social good. Yet thought time, that ethos changed into more of a “continuous existence of the corporation, not simply to achieve a corporate good.” He feels that what is happening is a reaction to that, even “a very visceral reaction. In many ways that people are saying that corporations are not upholding their end of the bargain. Simply put they are not doing what they were originally intended to do and now people are expecting more of them.”

He believes that there is a large movement to go back to some of those requirements and original purposes corporations were created for. This has become the driver behind a lot of new initiatives. It has led to items that were once voluntary are now becoming mandatory through the implementation of a lot of rules, regulations, laws, market access requirements. All of this is particularly true in the supply chain and the CSR space. 

Yet the other interesting factor that in many ways this social drive is not simply through regulatory enforcement, like fines and penalties for paying bribes for violations of the Foreign Corrupt Practices Act (FCPA), but rather in much more social areas as a byproduct of our social media culture generally referred to as “name and shame”. Miller related that even for corporations “so much of what we decided to do as people is really dictated by those around us and their perception. When the perception is that you are doing something negative as a brand or as a company, this can oftentimes be more catastrophic, at least as catastrophic as a very significant financial penalty.”

Miller believes that much like FCPA enforcement, which was quite light for 25 years, “you are probably seeing a very similar trend right now with labor practice violations.” He believes that it is “only a matter of time before either the law is changed to allow for financial penalties or that some clever policy or some clever enforcement authority finds a way to hold companies accountable for not doing anticipated they should be doing. As laws become more mature, I think you are probably going to see a lot of that coming about in the next several years.”

We concluded by considering whether there would be a move towards more of a public-private partnership in the overall fight against supply chain abuse and exploitation in all its forms. Miller believes regulators and policy folks are willing to say that business should be done ethically. The problem now is there is no single benchmark to hold companies against or even up to. Miller feels that it is up to business to take this step and initiative the conversation. It is not simply the regulators who are going to come up with ways to set expectations. Yet this can be done in a public-private partnership between business and government. Miller believes this is what formulates a better way that all businesses can operate. Such a collaboration allows a wide variety of companies to demonstrate, explain and share how they themselves are successful in the supply chain risk management arena. Miller concluded that it is “almost a race to the top scenario that gets created when policymakers and regulators collaborate” because they can demonstrate why the actions they are taking are so valuable. 

To receive more of the latest news and content on a variety of regulatory and supply chain data management topics click here and sign up for the Assent Compliance newsletter. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.