Summary of Commission Practice Relating to Administrative Protective Orders

AGENCY:

U.S. International Trade Commission.

ACTION:

Summary of Commission practice relating to administrative protective orders.

SUMMARY:

Since February 1991, the U.S. International Trade Commission (“Commission”) has issued an annual report on the status of its practice with respect to violations of its administrative protective orders (“APOs”) under title VII of the Tariff Act of 1930, in response to a direction contained in the Conference Report to the Customs and Trade Act of 1990. Over time, the Commission has added to its report discussions of APO breaches in Commission proceedings other than under title VII and violations of the Commission's rules including the rule on bracketing business proprietary information (“BPI”) (the “24-hour rule”), 19 CFR 207.3(c). This notice provides a summary of breach investigations completed during calendar year 2013. This summary addresses four proceedings under section 337 of the Tariff Act of 1930. There were no breach investigations in title VII proceedings or rules violation investigations completed in 2013. The Commission intends that this report inform representatives of parties to Commission proceedings as to some specific types of APO breaches encountered by the Commission and the corresponding types of actions the Commission has taken.

FOR FURTHER INFORMATION CONTACT:

Carol McCue Verratti, Esq., Office of the General Counsel, U.S. International Trade Commission, telephone (202) 205-3088. Hearing impaired individuals are advised that information on this matter can be obtained by contacting the Commission's TDD terminal at (202) 205-1810. General information concerning the Commission can also be obtained by accessing its Web site ( http://www.usitc.gov ).

SUPPLEMENTARY INFORMATION:

Representatives of parties to investigations or other proceedings conducted under title VII of the Tariff Act of 1930, section 337 of the Tariff Act of 1930, the North American Free Trade Agreement (NAFTA) Article 1904.13, and safeguard-related provisions such as sections 202 of the Trade Act of 1974, may enter into APOs that permit them, under strict conditions, to obtain access to BPI (title VII) and confidential business information (“CBI”) (safeguard-related provisions and section 337) of other parties or non-parties. See, e.g., 19 U.S.C. 1677f; 19 CFR 207.7; 19 U.S.C. 1337(n); 19 CFR 210.5, 210.34; 19 U.S.C. 2252(i); 19 CFR 206.17; and 19 U.S.C. 1516a(g)(7)(A); 19 CFR 207.100, et. seq. The discussion below describes APO breach investigations that the Commission has completed during calendar year 2013, including a description of actions taken in response to these breaches.

Since 1991, the Commission has published annually a summary of its actions in response to violations of Commission APOs and the 24-hour rule. See 56 FR 4846 (February 6, 1991); 57 FR 12335 (April 9, 1992); 58 FR 21991 (April 26, 1993); 59 FR 16834 (April 8, 1994); 60 FR 24880 (May 10, 1995); 61 FR 21203 (May 9, 1996); 62 FR 13164 (March 19, 1997); 63 FR 25064 (May 6, 1998); 64 FR 23355 (April 30, 1999); 65 FR 30434 (May 11, 2000); 66 FR 27685 (May 18, 2001); 67 FR 39425 (June 7, 2002); 68 FR 28256 (May 23, 2003); 69 FR 29972 (May 26, 2004); 70 FR 42382 (July 25, 2005); 71 FR 39355 (July 12, 2006); 72 FR 50119 (August 30, 2007); 73 FR 51843 (September 5, 2008); 74 FR 54071 (October 21, 2009); 75 FR 54071 (October 27, 2010), 76 FR 78945 (December 20, 2011), 77 FR 76518 (December 28, 2012), and 78 FR 79481 (December 30, 2013). This report does not provide an exhaustive list of conduct that will be deemed to be a breach of the Commission's APOs. APO breach inquiries are considered on a case-by-case basis.

As part of the effort to educate practitioners about the Commission's current APO practice, the Commission Secretary issued in March 2005 a fourth edition of An Introduction to Administrative Protective Order Practice in Import Injury Investigations (Pub. No. 3755). This document is available upon request from the Office of the Secretary, U.S. International Trade Commission, 500 E Street SW., Washington, DC 20436, tel. (202) 205-2000 and on the Commission's Web site at http://www.usitc.gov.

I. In General

A. Antidumping and Countervailing Duty Investigations

The current APO form for antidumping and countervailing duty investigations, which was revised in March 2005, requires the applicant to swear that he or she will:

(1) Not divulge any of the BPI disclosed under this APO or otherwise obtained in this investigation and not otherwise available to him or her, to any person other than—

(i) Personnel of the Commission concerned with the investigation,

(ii) The person or agency from whom the BPI was obtained,

(iii) A person whose application for disclosure of BPI under this APO has been granted by the Secretary, and

(iv) Other persons, such as paralegals and clerical staff, who (a) are employed or supervised by and under the direction and control of the authorized applicant or another authorized applicant in the same firm whose application has been granted; (b) have a need thereof in connection with the investigation; (c) are not involved in competitive decision making for an interested party which is a party to the investigation; and (d) have signed the acknowledgment for clerical personnel in the form attached hereto (the authorized applicant shall also sign such acknowledgment and will be deemed responsible for such persons' compliance with this APO);

(2) Use such BPI solely for the purposes of the above-captioned Commission investigation or for judicial or binational panel review of such Commission investigation;

(3) Not consult with any person not described in paragraph (1) concerning BPI disclosed under this APO or otherwise obtained in this investigation without first having received the written consent of the Secretary and the party or the representative of the party from whom such BPI was obtained;

(4) Whenever materials e.g., documents, computer disks, etc. containing such BPI are not being used, store such material in a locked file cabinet, vault, safe, or other suitable container (N.B.: Storage of BPI on so-called hard disk computer media is to be avoided, because mere erasure of data from such media may not irrecoverably destroy the BPI and may result in violation of paragraph C of this APO);

(5) Serve all materials containing BPI disclosed under this APO as directed by the Secretary and pursuant to section 207.7(f) of the Commission's rules;

(6) Transmit each document containing BPI disclosed under this APO:

(i) With a cover sheet identifying the document as containing BPI,

(ii) with all BPI enclosed in brackets and each page warning that the document contains BPI,

(iii) if the document is to be filed by a deadline, with each page marked “Bracketing of BPI not final for one business day after date of filing,” and

(iv) if by mail, within two envelopes, the inner one sealed and marked “Business Proprietary Information—To be opened only by [name of recipient]”, and the outer one sealed and not marked as containing BPI;

(7) Comply with the provision of this APO and section 207.7 of the Commission's rules;

(8) Make true and accurate representations in the authorized applicant's application and promptly notify the Secretary of any changes that occur after the submission of the application and that affect the representations made in the application (e.g., change in personnel assigned to the investigation);

(9) Report promptly and confirm in writing to the Secretary any possible breach of this APO; and

(10) Acknowledge that breach of this APO may subject the authorized applicant and other persons to such sanctions or other actions as the Commission deems appropriate, including the administrative sanctions and actions set out in this APO.

The APO further provides that breach of an APO may subject an applicant to:

(1) Disbarment from practice in any capacity before the Commission along with such person's partners, associates, employer, and employees, for up to seven years following publication of a determination that the order has been breached;

(2) Referral to the United States Attorney;

(3) In the case of an attorney, accountant, or other professional, referral to the ethics panel of the appropriate professional association;

(4) Such other administrative sanctions as the Commission determines to be appropriate, including public release of, or striking from the record any information or briefs submitted by, or on behalf of, such person or the party he represents; denial of further access to business proprietary information in the current or any future investigations before the Commission, and issuance of a public or private letter of reprimand; and

(5) Such other actions, including but not limited to, a warning letter, as the Commission determines to be appropriate.

APOs in safeguard investigations contain similar though not identical provisions.

B. Section 337 Investigations

The APOs in section 337 investigations differ from those in title VII investigations as there is no set form and provisions may differ depending on the investigation and the presiding administrative law judge. However, in practice, the provisions are often quite similar. Any person seeking access to CBI during a section 337 investigation including outside counsel for parties to the investigation, secretarial and support personnel assisting such counsel, and technical experts and their staff who are employed for the purposes of the investigation is required to read the APO, agree to its terms by letter filed with the Secretary of the Commission indicating that he agrees to be bound by the terms of the Order, agree not to reveal CBI to anyone other than another person permitted access by the Order, and agree to utilize the CBI solely for the purposes of that investigation.

In general, an APO in a section 337 investigation will define what kind of information is CBI and direct how CBI is to be designated and protected. The APO will state what persons will have access to the CBI and which of those persons must sign onto the APO. The APO will provide instructions on how CBI is to be maintained and protected by labeling documents and filing transcripts under seal. It will provide protections for the suppliers of CBI by notifying them of a Freedom of Information Act request for the CBI and providing a procedure for the supplier to take action to prevent the release of the information. There are provisions for disputing the designation of CBI and a procedure for resolving such disputes. Under the APO, suppliers of CBI are given the opportunity to object to the release of the CBI to a proposed expert. The APO requires a person who discloses CBI, other than in a manner authorized by the APO, to provide all pertinent facts to the supplier of the CBI and to the administrative law judge and to make every effort to prevent further disclosure. The APO requires all parties to the APO to either return to the suppliers or destroy the originals and all copies of the CBI obtained during the investigation.

The Commission's regulations provide for certain sanctions to be imposed if the APO is violated by a person subject to its restrictions. The names of the persons being investigated for violating an APO are kept confidential unless the sanction imposed is a public letter of reprimand. 19 CFR 210.34(c)(1). The possible sanctions are:

1. An official reprimand by the Commission.

2. Disqualification from or limitation of further participation in a pending investigation.

3. Temporary or permanent disqualification from practicing in any capacity before the Commission pursuant to 19 CFR 201.15(a).

4. Referral of the facts underlying the violation to the appropriate licensing authority in the jurisdiction in which the individual is licensed to practice.

5. Making adverse inferences and rulings against a party involved in the violation of the APO or such other action that may be appropriate. 19 CFR 210.34(c)(3).

Commission employees are not signatories to the Commission's APOs and do not obtain access to BPI through APO procedures. Consequently, they are not subject to the requirements of the APO with respect to the handling of CBI and BPI. However, Commission employees are subject to strict statutory and regulatory constraints concerning BPI and CBI, and face potentially severe penalties for noncompliance. See 18 U.S.C. 1905; title 5, U.S. Code; and Commission personnel policies implementing the statutes. Although the Privacy Act (5 U.S.C. 552a) limits the Commission's authority to disclose any personnel action against agency employees, this should not lead the public to conclude that no such actions have been taken.

II. Investigations of Alleged APO Breaches

Upon finding evidence of an APO breach or receiving information that there is a reason to believe one has occurred, the Commission Secretary notifies relevant offices in the agency that an APO breach investigation has commenced and that an APO breach investigation file has been opened. Upon receiving notification from the Secretary, the Office of the General Counsel (“OGC”) prepares a letter of inquiry to be sent to the possible breacher over the Secretary's signature to ascertain the facts and obtain the possible breacher's views on whether a breach has occurred. If, after reviewing the response and other relevant information, the Commission determines that a breach has occurred, the Commission often issues a second letter asking the breacher to address the questions of mitigating circumstances and possible sanctions or other actions. The Commission then determines what action to take in response to the breach. In some cases, the Commission determines that, although a breach has occurred, sanctions are not warranted, and therefore finds it unnecessary to issue a second letter concerning what sanctions might be appropriate. Instead, it issues a warning letter to the individual. A warning letter is not considered to be a sanction. However, a warning letter is considered in a subsequent APO breach investigation.

Sanctions for APO violations serve three basic interests: (a) Preserving the confidence of submitters of BPI/CBI that the Commission is a reliable protector of BPI/CBI; (b) disciplining breachers; and (c) deterring future violations. As the Conference Report to the Omnibus Trade and Competitiveness Act of 1988 observed, “[T]he effective enforcement of limited disclosure under administrative protective order depends in part on the extent to which private parties have confidence that there are effective sanctions against violation.” H.R. Conf. Rep. No. 576, 100th Cong., 1st Sess. 623 (1988).

The Commission has worked to develop consistent jurisprudence, not only in determining whether a breach has occurred, but also in selecting an appropriate response. In determining the appropriate response, the Commission generally considers mitigating factors such as the unintentional nature of the breach, the lack of prior breaches committed by the breaching party, the corrective measures taken by the breaching party, and the promptness with which the breaching party reported the violation to the Commission. The Commission also considers aggravating circumstances, especially whether persons not under the APO actually read the BPI/CBI. The Commission considers whether there have been prior breaches by the same person or persons in other investigations and multiple breaches by the same person or persons in the same investigation.

The Commission's rules permit an economist or consultant to obtain access to BPI/CBI under the APO in a title VII or safeguard investigation if the economist or consultant is under the direction and control of an attorney under the APO, or if the economist or consultant appears regularly before the Commission and represents an interested party who is a party to the investigation. 19 CFR 207.7(a)(3)(B) and (C); 19 CFR 206.17(a)(3)(B) and (C). Economists and consultants who obtain access to BPI/CBI under the APO under the direction and control of an attorney nonetheless remain individually responsible for complying with the APO. In appropriate circumstances, for example, an economist under the direction and control of an attorney may be held responsible for a breach of the APO by failing to redact APO information from a document that is subsequently filed with the Commission and served as a public document. This is so even though the attorney exercising direction or control over the economist or consultant may also be held responsible for the breach of the APO. In section 337 investigations, technical experts and their staff who are employed for the purposes of the investigation are required to sign onto the APO and agree to comply with its provisions.

The records of Commission investigations of alleged APO breaches in antidumping and countervailing duty cases, section 337 investigations, and safeguard investigations are not publicly available and are exempt from disclosure under the Freedom of Information Act, 5 U.S.C. 552. See 19 U.S.C. 1677f(g), 19 U.S.C. 1333(h), 19 CFR 210.34(c).

The two types of breaches most frequently investigated by the Commission involve the APO's prohibition on the dissemination of BPI or CBI to unauthorized persons and the APO's requirement that the materials received under the APO be returned or destroyed and that a certificate be filed indicating which action was taken after the termination of the investigation or any subsequent appeals of the Commission's determination. The dissemination of BPI/CBI usually occurs as the result of failure to delete BPI/CBI from public versions of documents filed with the Commission or transmission of proprietary versions of documents to unauthorized recipients. Other breaches have included the failure to bracket properly BPI/CBI in proprietary documents filed with the Commission, the failure to report immediately known violations of an APO, and the failure to adequately supervise non-lawyers in the handling of BPI/CBI.

Occasionally, the Commission conducts APOB investigations that involve members of a law firm or consultants working with a firm who were granted access to APO materials by the firm although they were not APO signatories. In many of these cases, the firm and the person using the BPI/CBI mistakenly believed an APO application had been filed for that person. The Commission determined in all of these cases that the person who was a non-signatory, and therefore did not agree to be bound by the APO, could not be found to have breached the APO. Action could be taken against these persons, however, under Commission rule 201.15 (19 CFR 201.15) for good cause shown. In all cases in which action was taken, the Commission decided that the non-signatory was a person who appeared regularly before the Commission and was aware of the requirements and limitations related to APO access and should have verified his or her APO status before obtaining access to and using the BPI/CBI. The Commission notes that section 201.15 may also be available to issue sanctions to attorneys or agents in different factual circumstances in which they did not technically breach the APO, but when their actions or inactions did not demonstrate diligent care of the APO materials even though they appeared regularly before the Commission and were aware of the importance the Commission placed on the care of APO materials.

Counsel participating in Commission investigations have reported to the Commission potential breaches involving the electronic transmission of public versions of documents. In these cases, the document transmitted appears to be a public document with BPI or CBI omitted from brackets. However, the confidential information is actually retrievable by manipulating codes in software. The Commission has found that the electronic transmission of a public document containing BPI or CBI in a recoverable form was a breach of the APO.

Counsel have been cautioned to be certain that each authorized applicant files within 60 days of the completion of an import injury investigation or at the conclusion of judicial or binational review of the Commission's determination a certificate that to his or her knowledge and belief all copies of BPI/CBI have been returned or destroyed and no copies of such material have been made available to any person to whom disclosure was not specifically authorized. This requirement applies to each attorney, consultant, or expert in a firm who has been granted access to BPI/CBI. One firm-wide certificate is insufficient.

In addition, attorneys who are signatories to the APO representing clients in a section 337 investigation should send a notice to the Commission if they stop participating in the investigation or the subsequent appeal of the Commission's determination. The notice should inform the Commission about the disposition of CBI obtained under the APO that was in their possession or they could be held responsible for any failure of their former firm to return or destroy the CBI in an appropriate manner.

III. Specific APO Breach Investigations

Case 1: This case involved a draft complaint that inadvertently contained CBI from a previous Commission investigation. The draft complaint was generated by one law firm, transferred to a second firm, then transferred to a third firm, and then filed with the Commission as an actual complaint.

One attorney at the first firm breached an APO when he transferred to other law firms a draft complaint which he believed contained only public information, but instead included attachments containing CBI from a previous Commission section 337 investigation. Two attorneys at the firm to which the draft complaint had been first transferred also breached the APO. The lead attorney in this second law firm was responsible for the transfer of the draft complaint containing the CBI to a third law firm which was expected to use the document to draft a complaint in a new section 337 investigation. Upon learning that there might be CBI included in the draft complaint and its attachments, the lead attorney and another attorney in that firm assigned a non-signatory attorney to confirm whether documents were not redacted. The lead attorney at the third law firm to which the draft complaint was ultimately transferred and five other attorneys at that law firm were signatories to the complaint that was filed in the new section 337 investigation which included the attachments containing CBI from the original section 337 investigation.

The draft complaint was prepared by paralegals at the first law firm. They were expected to use only public information from the record of a previous Commission section 337 investigation and from public information obtained from the USPTO. The paralegals mistakenly included documents from the previous investigation that contained CBI, although the pages were clearly marked as containing CBI. The attorney responsible for the draft complaint did not check to be sure all the information in the complaint was public. He supervised the preparation of two USB drives, on which the assembled documents were copied, to be given to attorneys in two other law firms for use in a public filing for a future section 337 investigation. The Commission issued a warning letter to the attorney. In doing so, the Commission considered several mitigating circumstances, including the unintentional nature of the breach, that the attorney did not directly disclose the CBI to a non-signatory to the APO, that the attorney took immediate steps to investigate the situation that led to the inclusion of the CBI in the materials forwarded to the second firm, and that the attorney had not previously breached a Commission APO. The attorney received the warning letter for his breach because it was ultimately his responsibility to ensure that the draft complaint contained no CBI subject to the APO in the original section 337 investigation.

The Commission issued private letters of reprimand to two attorneys in the second law firm. The lead attorney was held responsible for the breach involving the transfer of the CBI to the non-signatories at the third law firm. The Commission found that the attorney was ultimately responsible for ensuring that the materials to be transferred to non-signatories for use in a matter unrelated to the original Commission investigation did not contain materials that were subject to the APO. The Commission considered certain mitigating circumstances; namely, the attorney was not responsible for the initial collection of the documents and was merely an intermediary in the chain of responsibility for passing the documents from one law firm to another, the firm took immediate steps to investigate its role in the breach, including locating and securing copies of the CBI at issue, and the attorney had not previously breached a Commission APO.

The lead attorney and a second attorney in the law firm were both found responsible for involving a non-signatory attorney in the investigation of the original APO breach. In reaching its decision to issue private letters of reprimand to both attorneys, the Commission considered the presence of aggravating circumstances. First, due to their actions, a non-signatory had access to and could have read the CBI. In addition, the breach was not inadvertent or unintentional and the Commission was not informed of this breach until the lead attorney responded to the Commission's request for information regarding the original breach. Finally, the Commission found that by involving the non-signatory in the investigation of the APO breach, the attorneys were interpreting the APO without seeking Commission guidance.

The Commission considered whether good cause existed, pursuant to Commission rule 201.15(a), to sanction the non-signatory attorney in the second firm who was assigned to investigate the initial APO breach. The Commission did not sanction the attorney but issued a warning letter. It considered the mitigating circumstances that the attorney exercised some caution by not actually reading the CBI documents and that he had not previously breached a Commission APO. The Commission noted that the attorney was aware that he was a non-signatory to the APO and noted that his actions directly contributed to the disclosure of CBI by agreeing to review the CBI documents as part of the investigation into the APO breach.

The Commission considered whether to sanction six attorneys at the third law firm because they were signatories to the public complaint which was filed in a new section 337 investigation, and which included the attachments containing CBI which were subject to an APO in an earlier investigation. Since none of the attorneys in the third firm were signatories to the APO in the original section 337 investigation the Commission did not find that they breached the APO but, instead, considered whether there was good cause to sanction them under Commission rule 201.15(a). The Commission determined that there was good cause to sanction the lead attorney and, thus, issued a private letter of reprimand to the lead attorney. The Commission noted that the attorney's actions directly led to the disclosure of CBI, which was clearly marked as such, by including the CBI as public exhibits to a complaint in a Commission investigation unrelated to the original section 337 investigation. It was ultimately the lead attorney's responsibility to ensure that the materials that were used in the filing of an unrelated complaint contained only materials that were not subject to the APO in the original investigation. The Commission noted certain mitigating circumstances; namely, the attorney was not responsible for the initial collection of the documents in question but was merely in the chain of receiving parties of the documents being transmitted from one law firm to another; the breach was unintentional; his law firm promptly investigated the circumstances of the breach and took immediate corrective measures to ensure that access to the CBI was restricted; he had not previously breached a Commission APO; and his firm assured the Commission that it will take extra caution to prevent a similar occurrence in the future and will not rely on the representations of co-counsel regarding the confidential nature of documents.

The Commission also issued warning letters to the remaining five attorneys at the third law firm who were not signatories to the original APO and who had signed the complaint in the new unrelated investigation. Two of the five attorneys participated in filing the complaint. The Commission stated that the actions of the two attorneys directly led to the disclosure of CBI, which was clearly marked as such, by including the CBI as public exhibits to a complaint in a Commission investigation unrelated to the original section 337 investigation. In issuing warning letters, the Commission noted the same mitigating factors mentioned above with regard to the lead attorney in the third firm who received a private letter of reprimand.

Case 2: The Commission determined that two attorneys breached the APO by filing a confidential version of an initial determination (“ID”) containing CBI, as part of the public appendix to a brief in district court litigation. The filing was made through the district court's electronic-case-filing (“ECF”) system.

The confidential version of the ID was filed by a paralegal at the law firm under the supervision of the two attorneys, both of whom had subscribed to the APO. The law firm later discovered the disclosure and notified the opposing party. The CBI was publicly available for six weeks. The law firm requested the district court to restrict access to the electronic filing and the district court complied. The district court notified the law firm that the court did not track access to ECF documents and could not determine who, if anyone had accessed the ID electronically. The law firm conducted an inquiry into whether any of the employees of the party it represented in the district court litigation had accessed the ID. The opposing party also conducted an inquiry into whether any of its employees had accessed the ID. From these inquires, the law firm is not aware of any unauthorized access to the CBI.

The Commission took into consideration the following mitigating factors: The breach was inadvertent; neither the attorneys at issue nor the law firm as a whole have breached a Commission APO in the past; the law firm discovered its own breach and took prompt steps to try to cure the breach; and the law firm implemented actions to improve internal procedures to make this type of breach less likely in the future. The Commission noted, however, that the law firm was not able to demonstrate whether anyone improperly accessed the CBI while it was publicly available so the Commission presumes public access to the confidential documents. Thus, in accordance with past Commission practice, the Commission issued private letters of reprimand to the two attorneys.

Case 3: The Commission determined that an attorney breached an APO by filing public versions of certain documents, which contained the CBI of the opposing party.

Counsel for the opposing party contacted the Secretary to the Commission to notify the Secretary that public versions of certain documents, specifically the public versions of a response to a petition for review and summary of the response, filed by the attorney in question contained CBI. The Secretary's office promptly removed the CBI documents from the public record. The attorney subsequently re-filed the public version documents without the CBI. An audit trail for the CBI documents showed that the documents were accessed by a non-party to the investigation.

The Commission issued a private letter of reprimand to the attorney for the APO breach. The Commission noted as mitigating factors that once the attorney was notified that the public version of the documents contained CBI the attorney moved quickly to cure the disclosure, the disclosure of the CBI was inadvertent, the attorney has not been involved in any alleged APO breach in the past two years, and the attorney had the ALJ's instruction not to over-redact in mind while preparing the public versions of the brief. However, the Commission points out that the aggravating factors were that the breach was discovered by opposing counsel and not the alleged breaching attorney, unauthorized persons accessed the CBI at issue, and the attorney acted unilaterally in deciding that certain information did not constitute CBI without seeking guidance from the Commission.

Case 4: The Commission determined that the lead attorney and the lead attorney's law firm did not breach the APO when documents containing CBI were stolen from the locked car trunk of a paralegal employed by the law firm.

The law firm had internal practices and procedures regarding the protection of CBI governed by an APO including policies regarding the maintenance and transport of CBI. In some cases, the law firm did let its personnel perform work at home involving CBI as long as they used and kept the CBI in a locked facility, which could not be accessed by others. The paralegal had such an arrangement in his home.

The provisions of the APO did not specifically prohibit the transport of documents containing CBI to a home office or require personal custody and maintenance of the CBI in a locked facility of the home office after such transport. The lead attorney promptly notified the proper authorities after learning of the theft.

The Commission issued a letter to the lead attorney notifying the attorney that the Commission does not consider the law firm or lead attorney to have breached the APO, but the letter does recommend that the law firm review its procedures regarding the protection of CBI, and the law firm's enforcement of such procedures.