Food Defense in Food Litigation: A Vulnerability Assessment
By Anthony Anscombe and Karen Woodward
Outbreaks of foodborne illness illustrate how easily contaminated foods can have a broad health impact before public health authorities can identify and quarantine the source. These outbreaks generate media attention, litigation and regulatory enforcement—all of which probe the inner workings of the manufacturer.
Is it possible that outbreaks of foodborne illness could also inspire persons who intend to do harm? Could the same features of our food supply that can lead to widespread illness—that is, the broad geographical distribution of homogeneous food for simultaneous consumption by thousands of consumers—also make it an attractive vehicle for the distribution of a biological or chemical agent, either for political or economic reasons? And here is an even more insidious thought: Could a byproduct of food litigation—litigation undertaken in the name of food safety—itself be an increased risk of intentional adulteration?
The answer to the first two questions, scarily enough, seems to be “yes.” The main focus of this article is the third question—whether the litigation process could itself facilitate intentional adulteration, and if so, what can be done to reduce the risk?
In recent years, the food industry has found itself squarely in the cross hairs of the plaintiffs’ bar, both as to foodborne illness and in false advertising litigation. Litigation inevitably probes the inner workings of food companies, collecting and sometimes putting into the public domain information that could assist those who might plan to do harm. As the industry finds itself under the magnifying glass of litigation, it should be wary that litigation itself could pose an increased risk to food protection. Our legal system has always protected the free exchange of information, especially in areas of public safety, but it also recognizes that the public’s right to information is not absolute, and that the disclosure of sensitive information can cause harm. Courts and litigants have often evaluated these considerations in the context of proprietary information. This article considers the issue from a new angle: the public’s interest in the protection of the food supply.
The Risk of Intentional Adulteration: Not Just a Bogeyman
Is the Risk Real?
We are now 12 years beyond 9/11, Osama bin Laden is dead and it is easy to think that if it were easy to attack the U.S. food supply, an attack would have happened already. Nevertheless, legislators and law enforcement appreciate that a serious threat exists. For example, the FBI’s February 2012 edition of the Law Enforcement Bulletin stated:
Terrorists consider America’s agriculture and food production tempting targets. They have noted that its food supply is among the most vulnerable and least protected of all potential targets of attack. When American and allied forces overran al Qaeda sanctuaries in the caves of eastern Afghanistan in 2002, among the thousands of documents they discovered were U.S. agricultural documents and al Qaeda training manuals targeting agriculture.
Public Health and Regulatory Recognition of Risk
If the actions of the public health community, legislators and regulators are any guide, one may infer that the risk of malicious adulteration is not just a remote hypothetical. Legislative, regulatory and public health measures over the last 12 years show serious concern for preventive measures.
In 2002, Congress passed the Public Health Security and Bioterrorism Preparedness and Response Act, which enhanced controls and inspection on imported foods, fostered research on improved testing methods and improved the ability of the U.S. Food and Drug Administration (FDA) to trace potential sources of contamination to contain an attack.
In 2002, the World Health Organization (WHO) published Terrorist Threats to Food, which provided guidance for policymakers on risks of intentional adulteration and ways to graft preventive measures onto existing food safety laws.
In 2008, WHO published Terrorist Threats to Food – Guidelines for Establishing and Strengthening Prevention and Response Systems. This document provided a comprehensive analysis of the potential health, economic and psychological impacts of food terrorism, assessed prevention strategies and made proposals for surveillance, preparedness and response. A key aspect of the WHO program involved “vulnerability assessments” in which governments, and industry, evaluate all links in the food supply chain to determine—and mitigate—possible entry points whereby food adulteration could occur.
From the mid-2000s onward, FDA and the U.S. Department of Agriculture have directed a lot of “soft” regulation, providing industry with tools and information to create food defense programs.[2, 3] Today, FDA’s website contains extensive materials to raise awareness of food defense and to mitigate security risks. A number of these materials stress the importance of maintaining the confidentiality of manufacturing information and the security of IT systems.
In 2010, Congress passed the Food Safety Modernization Act (FSMA). Section 106 of FSMA, “Protection Against Intentional Adulteration,” requires the secretary of the Department of Health and Human Services to conduct a vulnerability assessment of the U.S. food system, assess the costs and benefits of protections against intentional adulteration and determine science-based mitigation strategies. In the interest of national security, the secretary must consult with the director of the Department of Homeland Security as to the time, manner and form in which these assessments become public. The act further requires the secretary to develop regulations to guide mitigation strategies for high-risk foods. It defines these as foods “(1) for which the Secretary has identified clear vulnerabilities (including short shelf life or susceptibility to intentional contamination at critical control points); and (2) in bulk or batch form prior to being packaged for the final consumer.”
FDA has recently issued proposed regulations to satisfy its statutory mandate, after being enjoined by a federal court in California to issue those proposed regulations by November 30, 2013.
Food Litigation: Focus on Sensitive Materials
While the current onslaught of food litigation spans a wide range of factual circumstances and legal theories, it often generates discovery into sensitive information about food production.
Foodborne illness litigation, not surprisingly, focuses very closely on food production systems. While evaluating the circumstances under which a food has become inadvertently contaminated, plaintiffs typically seek information about raw materials, production processes, Hazard Analysis and Critical Control Points plans, product testing, regulatory inspections, Good Manufacturing Practices, zoning, packaging, storage and distribution procedures. Defendants complying with these discovery requests will review diverse sources of information within their operations to produce site plans, Standard Operating Procedures, test data and technical information.
The current wave of class-action litigation focuses less on manufacturing techniques than on marketing practices. Nevertheless, in certain kinds of cases, discovery could elicit sensitive information. For example, in litigation over “organic” labeling, plaintiffs will direct substantial attention to agricultural methods, to determine whether they comply with organic standards. Other actions that challenge whether products are properly labeled as “natural” will seek information about how the food or beverage has been processed.
The net result of discovery in these types of cases will often be a condensed collection of highly relevant materials that show the inner workings of major food corporations. The information will focus on how a contaminant might have entered the product stream, escaped detection and caused illness. The information generated in these lawsuits will be reviewed by many people, including lawyers, experts, staff and court personnel. It will be downloaded into multiple IT systems. Some of it may become part of the public record, appended to pleadings or entered as trial exhibits.
How Does Litigation Affect Food Protection?
A skeptical reader might at this point note that litigation does not generate information—all of these sensitive materials already exist in the manufacturer’s custody—and if someone was intent on doing harm, he or she could simply seek it from the manufacturer, perhaps by hacking the manufacturer’s IT systems or by infiltrating its workforce.
There are at least several reasons to believe litigation could provide a more convenient and more accessible source of information for an intentional adulterator than the manufacturer itself.
First, most legal proceedings in the United States are open to public scrutiny. Unless litigants seek court-ordered protection for the types of information described above, it enters the public domain.
Second, the biggest difference between getting documents in litigation and seeking them illicitly from the manufacturer is that, in litigation, the manufacturer, its lawyers and opposing counsel have searched for, collected and analyzed the most relevant information. Instead of rifling through the data of multiple corporate departments to find information, the putative miscreant can simply visit the law firm’s IT site to find the information neatly arranged, Bates-stamped and summarized.
Third, litigation will usually increase the number of IT systems and physical premises where this information resides. This creates multiple additional opportunities for the information to fall into the wrong hands. The information is only as secure as its weakest link.
Finally, litigation attracts public attention. Basic information about food litigation can be obtained by anyone with access to a computer and an electronic case filing (ECF) password. It is worth noting that the Federal Rules of Civil Procedure – Rule 5.2 – Privacy Protection for Filings Made with the Court requires that ECF filings redact personal identifying information for litigants—recognition that information put onto the court’s docket can be accessed for improper purposes.
The first and most obvious thing litigants can do to help reduce the risk that intentional adulterators use litigation to help plan their activities is to keep sensitive information out of the public record. This can sometimes be easier said than done.
The U.S. Supreme Court has recognized a common-law right of access to judicial records. The right is not absolute, however, and can be denied “where court files might have become a vehicle for improper purposes.” Federal Rules of Civil Procedure – Rule 26(c) – Duty to Disclose; General Provisions Governing Discovery permits federal courts to enter orders to “protect a party or person from annoyance, embarrassment, oppression, or undue burden or expense, including … that trade secret or … commercial information not be revealed or be revealed only in a specific way.” State courts have analogous provisions.
As a matter of common practice, litigants will usually stipulate to the entry of protective orders that allow a defendant to keep proprietary commercial information out of the public record. Occasionally, however, an aggressive litigant will resist the entry of a protective order, perhaps hoping to force a defendant to choose between settlement and commercial harm. Additionally, some courts are cautious about broad protective orders and want to ensure that the information protected from disclosure is narrowly circumscribed. They are exacting in their requirement of a showing of “good cause” for the entry of an order, and for documents subject to its protections.
Where a case will delve into information important to food defense, Rule 26(c) is broad enough to condition disclosure on assurances of confidentiality. Federal courts recognize that considerations of public policy justify an outright denial of discovery or limitations necessary to protect public interests. Judges probably have not encountered the food defense issue previously, however, and will need to become familiar with the topic in general, as well as its relevance to the defendant’s operations in particular. While the concept of confidential business information is readily grasped, food defense is less so. Defendants may wish to consider retaining a consultant on food defense to provide the court with a foundational declaration on the importance of keeping sensitive production records out of public view. Defendants will also need to support the application with evidence from their in-house food safety personnel at their firms who can establish the sensitivity of the documents in question.
What type of information should receive protection? The answer will vary, depending on the nature of the product and the nature of the manufacturing operation. As the FSMA provisions suggest, not all foods present an equal risk. Foods processed in large, homogeneous batches are recognized as presenting a heightened risk, because a harmful agent could be distributed widely into thousands or millions of individual servings. Foods with short shelf lives also present a significant risk, because they will be eaten quickly, ensuring that many people could be exposed to the harmful agent before health officials have time to react. Manufacturers will need to consider their own vulnerability assessments, but it seems likely that special care should be given to information about product testing methods, information about plant premises and information about ingredients and suppliers whose products will be mixed into other products.
One interesting possibility is that FDA could, as part of its rulemaking under FSMA, provide guidance on types of information that should be regarded as sensitive to food defense. The Transportation Safety Administration (TSA) has such authority in the context of transportation. In the litigation arising out of the 9/11 attacks, certain sections of the defendant airlines’ and aircraft manufacturer’s document productions were reviewed by the TSA and made subject to a special confidentiality provision.
Protective orders, no matter their scope, do not ensure that sensitive documents remain confidential. Rather, confidentiality of information is only as good as the measures taken to protect it. When a defendant produces documents in litigation, that information will very likely go into the electronic databases of defense counsel, plaintiffs’ counsel and experts for both sides. Does this dissemination of data create risks?
Ensuring the cybersecurity of litigation materials is a very complicated issue and well beyond the scope of this article. The point here is that cybersecurity is an issue that should be considered in litigation involving information important to food defense. The circumstances of particular cases should dictate appropriate precautionary steps. At minimum, however, protective measures should include educating all recipients of the information as to the sensitivity of the information to food defense, assessing the security of systems onto which the information will be downloaded, restricting dissemination of the most sensitive information and alerting all recipients of the information to the importance of informing law enforcement personnel in the event of a security breach. One particularly challenging aspect of IT security is determining that a litigation adversary has adequate data security. Opposing law firms may not readily swap information about their IT structures. Plaintiff law firms may further have little incentive to pay for security precautions that are important to a defendant’s business interests but not to the interests of their own clients.
Over the coming year or two, law firm security may close the gap with corporate America due to regulatory pressures. This translates to increased security provisions previously resisted by counsel as too restricting, such as encryption (of both data in motion and data at rest), two-factor authentication and secure FTP data transfers. Nevertheless, until such measures improve the security of law firm IT systems, such systems should be considered in assessing the security of sensitive food manufacturing information.
For the foreseeable future, litigation will continue to delve into the inner workings of food and beverage companies. Intentional adulteration may be a very low risk, but as with other security threats, this is not a situation where one should wait for something bad to happen before taking the issue seriously. The severity of an attack could be horrendous. Food and beverage companies should consider this sobering potential and take steps to educate the court and opposing counsel as to the importance of keeping this information secure.
Anthony Anscombe is a partner in the Chicago office of Sedgwick LLP and cochairs the firm’s class action and food industry practice groups. He can be reached at firstname.lastname@example.org or 312.641.9050.
Karen Woodward is a partner in the Los Angeles office of Sedgwick LLP. She cochairs Sedgwick’s drug and medical device practice group and the food and nutritional supplement task force.