Sunday, August 17, 2014

Information Security Policies & Practices -- Protecting Client Information


via Law Technology News "Law Firm Data Breaches: Protecting Clients --  Maintaining diligent protocols and educating personnel are crucial tools to protect client data" --
  • "Data threats against law firms can be generated from internal or external sources... Imagine a disgruntled employee who wants to get even with the employer and has unrestricted rights to  client data kept on the firm’s network folder."
  • "Some ways a firm can safeguard against internal data theft include:
  • Be careful about which users are given access to data systems.
  • Monitor user access control to each data source on a regular basis.
  • As users within the firm change positions and/or departments, ensure that system access is verified so that users only have access to the systems they need.
  • Promptly disable all system access (both internal and external) for terminated employees."

For those attending the ILTA conference this week, see also: "Security Policies and Procedures: Why You Need Them and How To Decide Which Ones Matter Most" --

8/21/2014 2:00 p.m. (Event Code:SOSPG6,  Presidential Ballroom B)
  • In response to client guidelines and regulatory requirements such as HIPAA, law firms are increasingly developing and documenting central policies and procedures for managing information security. But policies are only effective if they are living documents accepted by firm stakeholders and honed to match the business issues of greatest risk to the firm. This interactive session will include an overview of the drivers behind security policies as we teach participants how to use a risk-based methodology to develop security policies aligned with firm business goals and encourage buy-in from lawyers, management and staff.

Speakers:
Karen Campbell - Orrick, Herrington & Sutcliffe LLP
Michael Johnson - Security Grc2
Kathryn Hume - Intapp

Tuesday, August 12, 2014

Conflicts Story Update: $270k in Sanctions

 
 
Law360 (subscription required for full article) reports that: "Boies Schiller Fined For Conflict In $350M Antitrust Suit" --
  • "Boies Schiller & Flexner LLP was ordered by a New York federal judge Friday to pay Host Hotels & Resorts Inc. about $270,000 in sanctions for failing to bow out of a $350 million antitrust suit over a scheme to keep Marriott International Inc.'s flagship New York hotels union-free."
  • "U.S. District Judge Colleen McMahon, who initially ordered the law firm sanctioned in October for ignoring a conflict of interest that "could not have been clearer," awarded Host a sanction of $271,063 in legal fees for work..."
For non-paywalled history and detail on this matter, see also this article from 2013 for additional background, as the facts and accusations in this matter are complex and worth attention:
  • "On March 8 [2013], Boies Schiller filed a motion to withdraw from the case after Host Hotels threatened to file a motion to disqualify the firm from the litigation. Host Hotels hired the firm in 2000 to examine the company's business relationship with Marriott, which manages some of its hotel properties."
  • "Boies Schiller's outside ethics counsel informed Host Hotels that it would not reimburse it for any portion of its costs associated with drafting the motion because it made attempts to withdraw after the company presented the firm with documents solidifying the conflict, Host Hotels said."
  • "Host Hotels seeks reimbursement for its attorneys' fees and expenses associated with investigating Boies Schiller's conflict-of-interest. The company denies that it participated in any unlawful conduct in its dealings with Marriott."
At the time this matter first made news, we pointed out additional detail, commentary and analysis worth reviewing as well. (Including interesting details on the specific timing, scope and suitability of the searching performed by the firm.)

Monday, August 11, 2014

BB&K Improves Business Intake, Conflicts Management and Matter Evaluation

 
Best Best & Krieger LLP, a full-service law firm with nearly 200 lawyers in nine offices across California and in Washington, D.C., has selected Intapp Open to automate processes related to new business intake. BB&K, which represents many recognized public agencies and businesses, is using Intapp Open to enhance conflicts checks and accelerate new client matter inception.

 
Said the Firm's IT Director,  Tim Haynes:
  • "BB&K’s public agency, business and individual clients rely on us to quickly and efficiently help them solve their legal issues. Intapp Open allows us to identify, manage and clear any conflicts of interest that arise, and also provides our attorneys with a holistic view of the client, enabling us to be more strategic and responsive in our representation."
BB&K selected Intapp Open following a thorough evaluation by a panel that included firm management and lawyers, as well as representatives of the firm’s finance, conflicts and IT teams. Of all the products evaluated, Intapp Open was the most comprehensive and the most user-friendly – offering role-specific views and to-do lists for key stakeholders involved in new business intake, and eliminating duplication of effort. Intapp Open also allows designated users to create and modify processes to support firm- and practice-specific matter evaluation procedures.

Said the Intapp Managing Director,  Kerry Stivaletti:
  • "Having worked with Best Best & Krieger as an Intapp customer for more than nine years, we know that making the most of the data available throughout the firm has been a long-standing priority for executive management, finance and IT. Intapp Open supports this by providing firms with visibility into the strategic implications of new business acceptance."
  • "By introducing Intapp Open for new matter inception, as well as conflicts management, BB&K is bringing a new level of agility, efficiency and governance to its business intake processes."
 
Visit Intapp.com for more information on Intapp Open new business intake and conflicts management software, or to request a demonstration.

Thursday, August 7, 2014

Risk News & Updates (Screening, Conflicts & Security)

 

First, from Bill Frievogel comes another Canadian pro-ethical screening/information barrier decision: Province of Ontario v. Chartis Ins. Co. of Canada, 2014 ONSC 4221 (Ont. Super. Ct. July 16, 2014) --
  • "We are simplifying the history somewhat, but the essentials for this audience are this: Lawyer worked at Firm A to some considerable extent on cases for the Province against InsCo. Lawyer wound up at Firm B, which is representing InsCo against the Province in those same cases. Firm B erected in advance a screen essentially in compliance with ethics rules of the Law Society of Upper Canada. Nevertheless, the Province moved to disqualify Firm B. In this opinion the court denied the motion, finding that the screen was satisfactory. Excellent discussion of the judicial history of screening in Canada."

Next, from James Tallon, litigation partner at Shearman & Sterling, comes an interesting article: "Ethics Corner: When Conflicts Rules Conflict" --
  • "Consider the following hypothetical: Lawyer A is admitted to practice in New York and resident in his firm's New York office. Currently, A represents Del Corp., a Delaware corporation headquartered in New York City, as borrower negotiating a significant credit facility from a bank syndicate. Lawyer B is A's partner; B is admitted as a solicitor of the Senior Courts of England and Wales and is resident in the London office of the firm in which A and B are partners. Euro Corp., a long-time client of B, has asked her to represent it in connection with the purchase of Del Corp.'s wholly-owned English subsidiary. B would like C, who also is admitted in New York, but resident in the firm's London office, to work on the transaction. Can B take on the engagement for Euro Corp.? If so, can C work on the deal?"

Finally, from Bill Caraher, CIO at von Briesen & Roper, comes: "Different Data, Different Security" --
  • "'Privacy' and 'security' are two terms taken very seriously in law firms. When it comes to e-discovery and client-matter data, privacy and security are paramount. But, in practice, these two types of data are often treated differently."
  • "Let’s ask this again: Why is the cloud acceptable for one type of law firm data but not the other? It comes down to control and the agreement between parties. When a firm’s DMS data are outside the control and watch of senior management and IT, people get nervous. You also have cloud providers that run shared infrastructure and shared storage between multiple clients."

Wednesday, August 6, 2014

Information Governance Report Focuses on Law Firm HIPAA Compliance


The folks at Iron Mountain have published the results of their 2014 Law Firm Information Governance Symposium. These events brought together industry thinkers and leaders to discuss and develop best practices.

Industry experts Brian McCauley and Ann Killilea (McDermott), Rudy Moliere (Morgan Lewis), Charlene Wacenske (MoFo), Scott Christensen (Edwards Wildeman), Grant James (Troutman Sanders), Sharon Keck (Polsinelli) and Intapp's Kathryn Hume collaborated on: "HIPAA Omnibus Task Force Report" --
  • "The following report summarizes and analyzes key components of the HIPAA Omnibus Rules that affect law firms as HIPAA business associates, i.e., in their role as custodians of HIPAA protected health information on behalf of their clients."
  • "After presenting the elements of the HIPAA Omnibus Rule for which law firm business associates are liable, the report outlines the framework for a law firm enterprise data protection program comprehensive enough to satisfy the multiple data privacy and security requirements imposed by HIPAA. The report concludes by recommending a set of industry best practices for achieving HIPAA compliance in a law firm environment."
  • "Especially when considered alongside emerging state data privacy and security laws and transitive requirements imposed on firms from clients in regulated industries like financial services, the Omnibus Rule is significantly impacting the way law firms develop and implement a culture focused on regulatory compliance, client data privacy, and client confidentiality. To achieve compliance with the new HIPAA rules, many firms have little choice but to enhance their confidentiality controls and to adopt more stringent security measures to prevent unauthorized disclosure of any information protected under HIPAA’s rules."

Tuesday, August 5, 2014

UK Risk Roundtables Set: London & Jersey


We're pleased to announce two more Risk Roundtables.  Our London event is set for September 9th:
  • Guest speaker Heather McCallum, former Head of Risk & Compliance at Allen & Overy, will overview the challenges firms face in managing terms of business in client RFPs, outside counsel guidelines & questionnaires, and suggested best practices to negotiate terms and achieve firm-wide compliance.
  • A panel of experts from leading firms will debate staffing models for new business inception and conflicts management, weighing up the benefits and setbacks of managing conflicts centrally, and complying with requirements across jurisdictions.
  • Intapp experts will then showcase Intapp Open & Intapp Wall Builder, fresh approaches to simplifying and streamlining new business acceptance, and securing client information.

Set for September 10th, the Jersey session will cover moderate a general forum on topics of interest, enabling risk, IT and related professionals to connect in a collaborative environment and gain insights on:
  • Strategies for negotiating terms of business in client Request For Proposals 
  • Increasing expectations around achieving, managing, and positively demonstrating appropriate controls around client confidentiality and information security
  • Achieving firm-wide compliance
  • Demonstration of Intapp business acceptance and information barriers software

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Sunday, July 27, 2014

More on Security: ISO 27001 and GRC for Law Firms


Previously, we noted that ILTA has posted the recordings of several sessions at their recent Law Firm Information Security Symposium (LegalSEC). Here are more relevant and interesting sessions:

ISO 27001 for Law Firms
ISO 27001 can be a powerful tool for law firms interested in demonstrating information security maturity to both their firm management and clients. Whether you plan to get certified or just leverage ISO 27001 standards, this session will provide information on how the standard can benefit your organization and help you respond to client outside counsel guidelines and security audits.

A 360-Degree Look at eGRC
A paradigm shift is happening in regard to enterprise governance, risk and compliance (eGRC) — we want to be proactive instead of reactive. Legacy and siloed approaches no longer will be successful. Organizations need to plan and implement GRC efforts that are truly "enterprise" and involve all key players and departments in a coordinated organization-wide effort. What does it take to have a successful implementation of a systematic, well-planned, coordinated enterprise approach? What are the overall benefits?

Learn more about the overarching goals of an eGRC program and how it can improve strategic and timely decision-making, enhance the focus and effectiveness of internal audits, and assist in identifying key performance metrics and risk indicators. No angles here...we're giving you a 360-degree look!

What To Do When (Not If) Data Breaches Occur
When security threats emerge, quick response is imperative to contain risk and protect data assets. Often, the expertise and pace with which an event is managed can make as much media buzz as the data breach itself. Come walk through a mock data breach incident and see how well-defended law firms and corporate legal departments are those that prepare for the unexpected.

Thursday, July 24, 2014

There is Only One Lord of the (Risk) Ring?

 
  
 
As first covered in June (poetically), we noted a disqualification motion tied to a matter involving a fight over merchandising rights to the "Lord of the Rings." Now, fresh off the pages of Variety, comes an update: "Judge Refuses to Disqualify Tolkien Attorneys in ‘Lord of the Rings’ Dispute" --

  • "A federal judge is refusing to disqualify Greenberg Glusker as the law firm representing the estate of “The Lord of the Rings” creator J.R.R. Tolkien, which is engaged in a legal tangle with Warner Bros. and the Saul Zaentz Co. over merchandising rights to the lucrative franchise."
  • "Last month, Warner Bros., represented by Dan Petrocelli of O’Melveny & Myers, filed a motion claiming that Greenberg Glusker had “invaded” attorney-client privilege by hiring former MGM studio lawyers as expert witnesses."
  • "Warner Bros.’ claim is that Greenberg Glusker attorneys, led by Bonnie Eskenazi, contacted Alan Benjamin and William Bernstein, who represented UA as in-house lawyers at the time, to serve as expert witnesses, offered to represent them for free as 'percipient witnesses' and 'had direct communications with them.'"
  • "Collins wrote that in making her decision, she considered the Tolkien estate’s right to chosen counsel, Greenberg Glusker’s years of work on the litigation, the length of time that had passed since Bernstein and Benjamin were involved, and the “extremely attenuated relationship” between Warner Bros., the Zaentz Co. and United Artists. UA and MGM had filed a “joinder” to the Warner Bros. motion to disqualify Greenberg Glusker, even though they are not parties in the case."
  • "Collins also denied Warner Bros. and Zaentz’s request for an order of disclosure of Greenberg Glusker’s communications with Benjamin and Bernstein and for a deposition of Eskenazi. She wrote that the discovery is 'likely to be costly and fruitless, and will not advance the litigation.'""

Wednesday, July 23, 2014

Law Firm CIO Responds to Suggestions Industry Security is Lacking

Industry expert, Judith Flournoy, CIO at Kelley, Drye & Warren and chairwoman of ILTA’s legal security working group, takes to the pages of Law Technology News to address frequent stories suggesting that law firms are a juicy and attractive target for hackers: "Law Firms Respond to Security Risks in Client Data: After being dubbed the "soft underbelly of American cybersecurity," law firms embrace robust security programs." --
  • "So, we may have been characterized as the 'soft underbelly' but we are no softer than any other industry, government or institution.  On behalf of my colleagues around the world in firms large and small, we understand the call to arms and we are engaged."
  • "Law firm clients in the financial services industry heavily scrutinize their outside counsel with vendor security audits. Governed by the Office of the Comptroller of Currency and the Federal Financial Institutions Examination Council in compliance with the Gramm-Leach-Bliley Act, all law firms who have financial institution clients are required to respond to a comprehensive security audit."
  • "The audit process is detailed, and in many cases includes questionnaires with several hundred questions, on-site interviews and or on-site physical security assessments covering everything from hard-copy file security to data center security."
  • "Why does this matter?  For the first time in the history of our industry, we find ourselves in a position where we not only have to provide highly detailed information about our security programs but we are also required to remediate any risks identified in the audit process.  The end result for many firms is to redirect efforts and funds for security based projects and policies, including security education programs, resulting in a battle for resources."
  • "Law firms continue to adjust to the 'new normal' business model based on client demands. Prior to 2008, firms provided services to clients based on the billable hour and what the lawyer believed was the value of the work performed. Since 2008, clients have been demanding alternative fee arrangements, fixed fee projects and have been generally unwilling to pay for the work of junior attorneys.  Combine the new normal with clients requiring outside counsel firms to adhere to a much more stringent security practice.  These are the newer set of demands we find ourselves adjusting to."
  • "The good news is that many firms have already begun the complex process of implementing a more robust security posture.  As previously mentioned, many firms have acquired, or are in the process of obtaining, ISO 27001 certifications."

Tuesday, July 22, 2014

A Couple of Compliance Chronicles: Screens Standing & Waivers Working


Two updates to share today. First, from Canadian Lawyer Magazine comes: "Court approves law firm’s ethical screen: Lawyer from opposing side allowed to stay on case at new firm," which is noteworthy as it involves successful screening by a 14-lawyer firm --
  • "When a lawyer for an opposing party joined its firm, Lloyd Burns McInnis LLP faced a real possibility of removal from a case due to a conflict of interest. But in an exemplary case of a timely ethical screen, the firm was allowed to stay on the case this week despite its small size and close working relationships between its lawyers."
  • "Lloyd Burns McInnis is representing AIG Insurance Co. in a class action coverage dispute with the Ontario government. The firm’s new lawyer, Michael Foulds, represented Ontario in the same matter while he worked at Theall Group LLP. Foulds now spends 50 to 60 per cent of his time working with his colleague Douglas McInnis, who is representing AIG in the Ontario-AIG matter. In fact, McInnis and Foulds work together on other files involving AIG."
  • "Despite the province’s argument there’s a high risk of an inadvertent leak of confidential information from Foulds to McInnis, Justice Alfred O’Marra found Lloyd Burns McInnis put up a sufficient ethical screen at the right time to significantly reduce this risk."
  • "'In considering the timely and comprehensive compliance by LBM with the institutional measures set out in the guidelines, in addition to appointment of a supervising senior partner, and isolating Mr. Foulds from any Ontario-AIG matters, I find that a reasonably informed person would be satisfied that the use of confidential information had not occurred or would likely occur, and it is in the interests of justice to allow Mr. McInnis to remain as AIG’s counsel of choice.'"
  • "Davis LLP lawyer Gavin MacKenzie, who represented Lloyd Burns McInnis, says even large law firms can take notes from the steps the firm took in this case. 'I think it’s a good example for small firms and large,' he says, adding if large firms follow the same approach, 'it’s highly likely' that the courts will be satisfied."
Next comes our waiver story: "Attorneys from same firm represent Wilmette, park district in negotiations" --
  • "Sometimes being one happy family comes with a few complications, as Wilmette Park Board members learned when they heard the attorney who represents them in negotiations with the Village of Wilmette belongs to the same law firm as the attorney who represents the village."
  • "That won’t be a problem, district Director Steve Wilson assured board members at their July 14 meeting, before recommending they let him sign a so-called conflict of interest waiver so the negotiations could go forward."
  • "Wilson explained the situation originally occurred because the law firm of Tressler LLC acquired the separate practices of attorneys who had been working as outside counsel for the village and park district: Raysa and Zimmerman, in which village attorney Michael Zimmerman was a partner, and the practice of park district outside counsel Charlene Holtz. Tressler merged with Raysa and Zimmerman in 2012; Holtz joined Tressler in 2009."
  • "Negotiations between Wilmette and the park district are friendly, Frenzer said, so it makes sense to waive any suggestion of conflicts of interest. Otherwise, both governments would have to hire new attorneys to handle the issues, which could prove expensive for everyone."

Monday, July 21, 2014

On Managing Client Terms of Business, OCGs and Rules of Engagement

 
Our colleagues at Paragon have written in to note that Gilda Russell (who served as partner and Ethics & Conflicts Counsel to Holland & Knight LLP for fifteen years), has joined their Panel of Preferred Service Providers and authored an excellent white paper: "Dealing with Client Outside Counsel Guidelines and Other Non-Standard Client Engagement Terms" --
  • "Such OCG and client terms are now utilized by a wide range of clients, including business and financial institutions, federal, state and local governments and agencies, health care organizations, defense contractors, and even non-profit groups. OCG and client terms cover a large number of subjects and demonstrate attempts by organizational clients and their in-house law departments to maintain control over and loyalty from outside counsel through various restrictions and obligations."
  • "Yet, OCG and client terms can cause enormous problems for law firms -- however large or small the firms -- given the obligations they create, many of which may be adverse to law firm policies, more restrictive than professional ethics rules, designed for other types of businesses than law firms, in conflict with professional liability policies, and/or unduly burdensome."
  • "Accepting OCG and client terms without a clear understanding and assessment of the many obligations they impose can result in subsequent breach of contract and malpractice claims, disqualification motions based on conflicts of interest, exposure to potential civil and criminal penalties at least in the government representation context, and loss of client business."
  • "Consequently, firms should develop effective processes for dealing with OCG and client terms. These processes should focus on monitoring the avenues by which OCG and client terms come into firms as well as requiring review and approval of OCG and client terms by designated persons well versed in the subject matter of the provisions and related compliance issues."
Note: Longtime readers will recognize Gilda as a participant in several Roundtable programs, including a webinar on this very topic. (And, similarly, readers are also likely aware that OCGs can be more effectively reviewed, evaluated and implemented at the point of client engagement through the use of modern approaches to new business intake and acceptance…)

Wednesday, July 16, 2014

Upcoming Webinar : Conflicts Management — Focus on IP Matters

 
At a recent Risk Roundtable, we asked participants which conflicts were most challenging to manage. The response was unanimous: subject matter conflicts associated with IP prosecution and litigation matters.
 
IP matters often involve subject matter conflicts which are notoriously hard to manage, requiring a different approach than ethical or commercial conflicts. The bring with them unique, complex challenges and questions, such as:
  • Who is the client, an individual inventor or the corporation where he or she works? 
  • When can a firm file similar patents for two different clients and when is the subject matter too close for comfort? 
  • Can a firm litigate against a patent that it previously achieved for a former client?
This webinar features four speakers who will explore current trends and approach for tackling these issues.
 

IP Matters, Intellectual Challenges
In this webinar, an expert panel will explore strategies and approaches firms are taking to address these issues and provide insights relevant to lawyers, general counsels, conflicts analysts, practice managers and IT leaders.
Intapp Open for IP Conflicts Management
This session will also include an overview of how Intapp Open, a modern business acceptance and conflicts management system, provides firms with data management and reporting to identify and resolve conflicts related to IP matters.
Intellectual Discussion
  • Bill Freivogel, Independent Consultant and author of Freivogel on Conflicts, will review recent case law pertaining to IP conflicts, highlighting applicable lessons
  • Chris Kave, Principal, Aurora North Software, will provide advice on how firms can develop workflows and data integrations to manage IP conflicts effectively
  • Gillian Power, CIO, Lathrop & Gage, will describe how her firm is leveraging Intapp Open together with data from IP Manager to identify and analyze IP conflicts
  • Kathryn Hume, Risk Practice, Intapp, will show how Intapp Open integrates information and business rules to deliver a fresh, effective approach to IP conflicts management.

Event Details
  • Date: Thursday, July 24th
  • Time: 10:00 am PDT / 1:00 pm EDT / 5:00 pm GMT
  • Registration: Limited to select firms and partners. Please email Jason Yu for more information.

Tuesday, July 15, 2014

Help Support the Law Firm Risk Blog!


The ABA Journal is working on its annual "Blawg 100" list. If you're a regular reader of this blog and like to show your support by giving us a vote or nomination, we'd certainly be delighted (and grateful).

Over the past five years, we've published over 500 updates. The growth of our readership over the years has been very rewarding to see... but there's something nice about making the list. Nominations are due August 8th and can be submitted at the ABA's Blawg Site. Thank you!

Monday, July 14, 2014

Law Firm Risk News & Updates

Several interesting updates and resources to start the week off with. First, two more talks from the recent ILTA legal security summit:
  • "Practical Approaches to Business-Aligned Security" -- Join us for an interactive discussion on bridging the gap between the business side of your organization and those responsible for security and risk management. We will identify common challenges encountered, ways to deal with them and a practical approach to building strong business cases for security initiatives, such as technical controls, user awareness, risk management and IT governance. Make sure you're doing all you can to have business-aligned security practices in place!
  • "Don't Believe the Hype! What Data Leak Prevention Solutions Can and CAN'T Do" -- Can you identify and restrict unwarranted attempts to copy or transmit sensitive information, deliberately or inadvertently (and generally by personnel who are authorized to access the sensitive information)? Take an in-depth look at best practices for implementing enterprise and point solutions for data leak prevention (DLP) as we cover the Web, email gateways, networks and mobile devices, and the mechanisms used to secure them. There's a lot of talk about what DLP solutions protect against...it's time the hype be laid to rest.
 
And from the Kansas Bar Association comes "Legal Ethics Opinion No. 14-01: Duty to report attorney memory lapses" --
  • "Law firm had a partner with 'possible cognitive degeneration,' evidenced by memory lapses… The subject lawyer has now left the law firm, but continues to practice. The law firm questions whether – now that the lawyer has left the firm -- it has a duty to report the subject lawyer to the Kansas Disciplinary Administrator under Rule 8.3."
  • "A lawyer is not required to report another lawyer to the Disciplinary Administrator unless the lawyer has knowledge of an action, inaction or conduct of the other lawyer which constitutes misconduct under the Kansas Rules of Professional Conduct. Rather, in the event there are memory lapses, cognitive deteriorations, or other potentially disabling conditions, the subject lawyer should be referred to the Kansas Lawyers Assistance Program or other suitable service."

Sunday, July 13, 2014

How McCullough Robertson Protects Client Confidentiality

 
McCullough Robertson, a leading Australian law firm, uses Intapp Wall Builder to secure client data across firm information repositories and support its risk management protocol. The firm is leveraging Intapp software to limit access to confidential information and prevent accidental contravention of defined information governance policies.

 
Said the Firm's Director of Governance and Knowledge, Kim Trajer:
  • "Because risk management is core to our firm's culture, we made a significant investment in technology that would enhance our existing client data privacy and confidentiality management practices, without disrupting lawyer productivity or client service.
  • "With clients increasingly mandating matter-team-only internal access policies, the automated enforcement, auditing and alerting capabilities provided by Intapp’s risk management software provide vital compliance capabilities."
Intapp Wall Builder is a web-based information security and confidentiality management software application that enables organizations to centrally control and report on user access permissions across multiple applications, including document management, accounting, portal, CRM, time entry and records management systems. It also automates notifications to individuals subject to specific policies and tracks acknowledgments for compliance purposes.

Wall Builder is the most-adopted information security management software by law firms with 150 or more lawyers. According to an independent survey by the International Legal Technology Association (ILTA), 72% of large law firms using commercial software to enforce information access controls use Intapp Wall Builder.


Said Intapp's APAC Managing Director, Bruce Heaney:
  • "We’re proud to highlight McCullough Robertson’s adoption of our information security products to improve their risk management programme. By auditing for compliance with central policies, the firm is taking strong steps to guard client information and protect the organisation’s reputation."
Visit Intapp.com for more information on how Intapp enhances law firm information security, or to request more information and a demonstration.

Thursday, July 10, 2014

Risk Updates: Information & Records Ownership + the Value of Firm Cyberinsurance?

First, another audio recording (and slide deck PDF) of a recent ILTA talk now available online: "To Purchase Cyber Insurance or Not: That Is the Question" --
  • "We've heard of car insurance, life insurance and even pet insurance ... why not cyber insurance? It's available, but why should your organization consider purchasing cyber insurance? What is and is not covered by a typical policy? What are some contractual terms and other items to consider when seeking or negotiating a cyber insurance policy for a law firm? Learn the answers to these questions and more from an expert panel offering various perspectives."
For those focused on information security, Law Technology News recommends: "Get Cozy With the FBI and Secret Service to Ameliorate Data Breaches Woes" --
  • "The first step to avoiding a data breach is to create a security framework, Georgetown panelists advise. It's no secret that law firms are magnets for sensitive corporate information. So, said Ayiotis, companies should vet outside counsel the same way they hire other third-party vendors, holding law firms to the same level of due diligence and security checks."
  • "Forming proactive relationships with the government, namely the FBI and the Secret Service agents who handle cybercrimes, can help organizations avoid complications associated with a breach, he said. During a data breach investigation, there is a “high probability” that a company can go from being the victim to the defendant because of a lack of proper data security measures."
On the records management and information ownership front, BNA reports: "Firm Doesn’t Have to Give Ex-Client Originals Unless They’re Needed or Came From Client " --
  • "A client cannot force its former counsel to turn over original papers or documents in the client's files because the client did not show that he gave the firm any original papers or that any originals in its possession are necessary for the client's representation, the Ohio Court of Appeals, Second District, ruled June 20."
  • "A client has the right to any original paper that he gave the lawyer because these are the client's personal property, the court said. There were no such documents in the case files here, it noted.
  • "It could be inferred from a comment to the rule, the court said, that it is the originals of the reasonably necessary items that must be returned. But here, there is no original paper or document that is demonstrated to be necessary to Sacksteder's representation, the court said."
  • "With regard to documents that were created and stored electronically, the court noted that such materials have no single original. Under an Ohio evidence rule, the “original” of an electronic document is any printed copy, it pointed out."


Wednesday, July 9, 2014

On Information Security -- Law Firms - the "Soft Underbelly of Corporate America"?

The folks at ILTA have graciously posted the recordings of several sessions at their recent Law Firm Information Security Symposium (LegalSEC). We’ll be highlighting several worth reviewing in the posts to come. Here's a recording from their keynote presentation: "The Soft Underbelly of Corporate America? Law Firms and the Cybersecurity Threat Matrix"--

  • Each day we hear about another data breach in the news. More personally identifiable information (PII) and account information is being siphoned out of respected companies. What about our intellectual property, our trade secrets and other business capital?
  • Oftentimes, the easiest place to attack is when the data is outside the walls of the owner — in many cases at their law firm.
  • During our keynote, we will walk through the cybersecurity threat matrix and its evolution, discuss how various state and federal laws drive forward controls that may or may not help protect our data, and the role of active defense and intelligence.
  • Attendees will learn what programs and controls will position their firms for success in assurance reviews, certifications and competing for business.
  • Together we will explore this topic — as you hear from someone who has worn the hats of law firm counsel, chief privacy officer, chief security officer and chief compliance officer — so we can operationalize against this threat.
See ILTA's web site for the audio recording and downloadable mp3.

Tuesday, July 8, 2014

Law Firm Conflicts Allegations Making News

It's always fascinating to see coverage of conflicts allegations and related news cross over into general media channels. Here are two stories that caught our eye. First, a situation which highlights challenges of finding representation when the conflicts landscape is more complex: "DVDFab files motion in lawsuit – shows it’s David vs. Goliath case" --
  • "Recently filed documents on the AACS-LA vs. DVDFab case show similarities of the battle between David and Goliath. It shows how little time DVDFab had to prepare itself and how hard it was to find a law firm to represent the company in the United States. Because the AACS-LA is a consortium of many companies (e.g. movie studios, Microsoft, Toshiba, Panasonic, IBM and more), many well known law firms were unable to defend DVDFab due to conflict of interest."
  • "Between February 26th and the 4th of March, DVDFab tried to find a law firm to represent them. Due to conflict of interest several law firms rejected DVDFab and referred DVDFab to other law firms, some of those didn’t want to handle the case or didn’t have time. It wasn’t until the 17th of March before DVDFab signed an agreement with a law firm to represent them."
  • "Between February 26th and the 4th of March, DVDFab tried to find a law firm to represent them. Due to conflict of interest several law firms rejected DVDFab and referred DVDFab to other law firms, some of those didn’t want to handle the case or didn’t have time. It wasn’t until the 17th of March before DVDFab signed an agreement with a law firm to represent them."
For our second, we turn, oddly enough, to twitter, where we often post risk stories (and track those of you retweeting or reposting our updates -- thank you!): "Gibson Dunn defends GFH role after jailed ex-GC claims conflict" --
  • "Gibson Dunn & Crutcher has defended its representation of Dubai-based private equity firm GFH Capital, after the client's former general counsel accused the firm of having a conflict of interest."
  • "David Haigh, the former managing director of Leeds United and one-time GC of GFH, has taken to Twitter to make the accusation against his former employer's lawyers.
    Haigh is currently in jail in Dubai, having been arrested on 18 May after GFH accused him of committing fraud, embezzlement and money laundering while he was employed at the bank."
  • "Gibson Dunn's litigation team is being led by partner Peter Gray, described by Haigh's spokesperson as "for many years a friend, legal adviser and business partner of [Haigh's]". In an email to Legal Week, Gray called the conflict allegations 'untrue and defamatory'."
For those without access beyond the linked paywall, a summary of the general story unfolding is available via the guardian and the accuser/accussed's twitter stream in question is located here.

Monday, July 7, 2014

Risk News & Updates: Legal Ethics, Regulations and Matters of Firm Business

From the always linkable Legal Ethics Forum comes an interesting post from NY professor of Law Stephen Gillers: "When and How Does Change in Lawyer Regulation Happen?" in which he reviews a bit history behind the Model Rules, touching on Ethics 2000 and the ABA 20/20 Commission. And he lays down the gauntlet:
  • "…the current bar leadership will not be bold. In this, it is like the leaders of the 50s through the early 80s. It will be the next generations that approach the issues with  appetite for change."
  • "I suggest that legal scholars have been and will continue to be the antennae of the profession. The momentum for change, which is different, will come from elsewhere -- from economic forces (rules change when it is in the economic interest of lawyers to change them, witness the adoption of lateral screening after 20 years of rejection), and to beat back external threats (witness the 2003 amendments to Rules 1.6 and 1.13, after repeated rejections, in order to dissuade the SEC from invoking its full Sarbanes-Oxley powers; it worked)."
That blog also notes a recent New York decision: "New York joins California federal court in rejecting unfinished business claims" --
  • "We hold that pending hourly fee matters are not partnership "property" or "unfinished business" within the meaning of New York's Partnership Law. A law firm does not own a client or an engagement, and is only entitled to be paid for services actually rendered."
  • "Treating a dissolved firm's pending hourly fee matters as partnership property, as the trustees urge, would have numerous perverse effects, and conflicts with basic principles that govern the attorney-client relationship under New York law and the Rules of Professional Conduct. By allowing former partners of a dissolved firm to profit from work they do not perform, all at the expense of a former partner and his new firm, the trustees' approach creates an "unjust windfall," as remarked upon by the District Court Judge in Geron (476 BR at 740)..."

Wednesday, June 25, 2014

Report from CNA Risk Management Roundtable Event in New York


 
"CNA Hosts Risk Management Roundtable for Law Firms" --
  • CNA hosted a roundtable panel yesterday (co-sponsored by Intapp) in New York to address the emerging risks facing law firms. The roundtable began with a discussion of significant claim trends for law firms, such as the expansion of claims by non-clients of the law firm, claims involving allegations of conflicts of interest, fraud and misrepresentation, and claims arising from the Trusts & Estates practice area.
  • In a discussion led by CNA Claims and Risk Control, a diverse group of law firm personnel, comprised of general counsels loss prevention partners, conflicts attorneys, and information technology directors, shared their professional experience with respect to effectively managing the client intake process and handling conflicts of interest at their respective law firms.
  • Participants also heard directly from the general counsel of three prominent law firms on mitigating risk in several key areas: managing the lateral hiring process, compliance with outside counsel guidelines and maintaining law firm data security.
Said Michael Barrett, CNA Director of Risk Control, Professional Services, Lawyers --
  • "Identifying and managing the risks associated with a successful lateral hire is a difficult exercise. With lateral hiring continuing to outpace entry level-hiring, the risk is now commonplace in law firms.  Having general counsel from several prominent law firms lead the discussion about successful strategies to avoid these potential risks was invaluable."
Said Kathryn Hume, -- Intapp Senior Risk Practice Specialist --
  • "We know that to truly help law firms control risk, the new business intake, conflicts management and information security software we deliver must continuously evolve to address real-world priorities. We're proud to partner with CNA and support this event as part of our ongoing investment to stay abreast of industry risk trends and foster peer dialogue on response strategies."
CNA also noted the publication of two of their white papers: Taking Stock of a Potential Fee Collection Suit and Logistics of a Lateral Move Between Law Firms.

Thursday, June 19, 2014

Webinar Recording: Lateral Moves & Hacking - Addressing Information Risk

 
We saw tremendous interest in the recent webinar produced with ILTA (Anomalies, Hacks and Lateral Moves: Monitor & Address Information Risks). A recording of the session is now online and available for viewing.

This session featured two law firm speakers and presented an overview of how Intapp information security software enables firms to control and monitor use of sensitive information, enabling intervention early enough to prevent unwanted outcomes).
  • Client guidelines and security audits mandate that firms have visibility into who does what with their data, new regulations like HIPAA require activity monitoring on personally identifiable information, lawyers increasingly use unsanctioned cloud tools without notifying IT and, with lateral movement on the rise, firm management needs a means to identify unauthorized activity to avert potential problems.
  • In this session, we will explore how firms can leverage technology to monitor and address information risks. Hear from panelists who will present diverse perspectives, ranging from cyber insurance and regulatory trends to process and technical best practices.

On this same topic, John  Guyer, Director of Information Technology at Hinckley Allen, wrote in noting that recent best practices released by the Department of Homeland Security: "Combating Insider Threat" recommend that those managing price sensitive and insider information leverage this class of software to: "Build a baseline based on volume, velocity, frequency and amount based on hourly, weekly, and monthly normal patterns."

Tuesday, June 17, 2014

Conflicts: You Can Run, But You Can't Always Hide...


Interesting story via the New Jersey Law Journal: "Firm's Exit From Lawsuit Not Enough To Cure Conflict, Appeals Court Says" --
  • "Norris McLaughlin & Marcus, a major New Jersey law firm that withdrew from representing one side in a lawsuit just before oral argument on whether it had a disqualifying conflict of interest, still appears to have one, a state appeals court ruled on Wednesday."
  • "The firm’s representation of the landlord and a tenant in the commercial lease that lay at the heart of the lawsuit “presented prima facie evidence of a concurrent conflict of interest, waivable only by informed written consent, which has never been presented,” the court said in Comando v. Nugiel."
  • "Although the firm mooted any conflict by getting out of the case, its continued relationship with two parties outside the litigation continues to be a problem. Its representation of the tenant 'impinges upon its allegiance to protect' the landlord’s interests, 'raising a significant risk that the representation of one or more clients would be materially limited by the lawyer’s responsibilities to another client,' the court wrote. 'This may not continue.'"
In other conflicts news, expert Bill Freivogel highlights two interesting recent conflicts cases, including a Canadian decision:
  • "Koloff v. Metropolitan Life Ins. Co., 2014 U.S. Dist. LEXIS 80322 (E.D. Cal. June 10, 2014). Suit for employment benefits. Plaintiff had earlier filed another suit for the same benefits in 2011 (Case 1), but it was dismissed without prejudice on procedural grounds. Plaintiff then filed this case (Case 2). Defendant was aware of a possible conflict of Plaintiff’s law firm during Case 1 but made no motion. Moreover, Defendant waited four months before filing a motion to disqualify in this case. In this opinion the magistrate judge denied the motion because of the delay."
  • "Jajj v. 100337 Canada, 2014 ONSC 3411 (CanLII) (Super. Ct. Ont. June 5, 2014). In this opinion the court held that lawyers acting 'in association' are subject to the same rules on conflicts and disqualification as lawyers in the same law firm."

Monday, June 16, 2014

Legal Industry Consultants Ally to Improve Law Firm New Business Intake


 
"Project Leadership Associates and HardingLowe Announce Partnership to Provide Consulting and Implementation Services for Intapp Open" --

Project Leadership Associates (PLA), the largest business and technology consulting firm focused on the legal market, and HardingLowe, a boutique strategy and management consultancy serving top-tier law firms, have teamed up to implement Intapp Open, a true New Business Intake (NBI) application for law firms. 

The partnership combines PLA’s holistic expertise in defining NBI and conflicts strategy, processes and best practice and delivering NBI systems to dozens of law firms over the past 10 years, with HardingLowe’s specialty in law firm process and business integration, along with its deep NBI experience.  Intapp has selected the PLA-HardingLowe team to be a preferred implementation provider for Intapp Open.

Said Michael Lowe, HardingLowe President --
  • "This partnership was born from the realization that law firms need a holistic solution to NBI – one that combines changes to policies, people, processes, and technologies. We saw in each other the opportunity to offer that complete solution, as well as the scale and reach to serve all sizes of firms in all regions of the country. Together, we have the best positioning and experience in the global legal marketplace."
Said Dan Safran, PLA Executive Vice President, Legal Solutions -- 
  • "Having worked with a majority of the NBI technology leaders over the past decade, we believe that Intapp Open offers the superior NBI technology today, and we are very pleased that Intapp has selected the PLA-HardingLowe team  as implementation partners.  We are already delivering Intapp Open to top-tier, mid-sized and small firms, and have built the tools and methodologies necessary to enable these firms to gain the most benefit from their technology investment in an expedited and cost effective manner."

Said Dan Tacone, Intapp President --
  • "Many firms are using Intapp Open as part of a broader strategy to transform their new business intake and conflicts management processes. Intapp Open streamlines new matter inception, as well as client and matter evaluation – all while ensuring alignment with firm-wide business objectives."
  • "Partners such as PLA and HardingLowe offer insight into best practices that can be adapted to the needs of individual firms. We’re excited about the momentum behind Intapp Open, and welcome the collaboration of two of our preferred implementation and consulting partners in supporting the success of our customer community."

Friday, June 13, 2014

Law Firm Information Security: Guidelines, Advice & Best Practices

Managing Partner magazine presents an interesting write up on the topic of firm information security and cyber defense, including detailed advice and guidelines. See "Web of Trust" --

"Law firms are increasingly at risk of cyber security breaches by staff, vendors and hackers. Elizabeth A. Ferrell, Shari L. Klevens and Alanna Clair suggest five steps to protect your business:
  1. How to implement a cyber security programme
  2. How to adopt a robust incident response plan
  3. How to test whether your firm’s systems are secure
  4. How to protect your firm’s breach assessments
  5. How to deal with client guidelines on data security

Thursday, June 12, 2014

Conflicts in its Pocketses, Precious?

 
  
 
"Warner Bros Wants Bert Fields’ Law Firm Tossed From ‘Lord Of The Rings’ Case" --
  • "The $80 million legal battle between Warner Bros and the Saul Zaentz Company and the estate of The Lord Of The Rings author J.R.R. Tolkien over copyright and digital merchandising just took another turn – this time against some of the lawyers. The studio and its partner in this case this week filed a motion to have Fourth Age’s lawyers Greenberg Glusker Fields Claman & Machtinger LLP disqualified from the case."
  • "'Warner and Zaentz bring this motion to disqualify Greenberg as counsel of record for the Tolkien/HC Parties in this litigation and for other relief, because the firm impermissibly gained access to privileged information in violation of Rules of Professional Conduct,' said the motion filed yesterday in federal court."
  • "The other side says this is all a smokescreen. 'There is absolutely no basis for the motion filed by WB and Zaentz yesterday,” said Greenberg attorney Bonnie Eskenazi today. ”Greenberg Glusker acted properly in all respects at all times.  The motion was filed for purely and transparently tactical and strategic reasons. We look forward to the Court vindicating our position.'"
  • "To the point of the disqualification motion, the 33-page filing says that Fourth Age’s law firm hired former United Artists in-house attorneys Alan Benjamin and William Bernstein as experts and potential witness for $10,000. The duo represented UA in negotiations concerning the matter."
  • "'Greenberg thereby placed itself in the position of representing not only the key witnesses on both—and opposite—sides of the contracts at issue, but also its adversaries’ former counsel who worked on the very contracts at issue,' it adds. 'In doing so, Greenberg invaded the attorney-client privilege now held by MGM, which controls UA, positioning UA’s former lawyers to be adverse to the interests of MGM and UA’s successors-in-interest, Warner and Zaentz.'"
Of course, the key question is whether this matter will be settled quickly, or whether it will be drawn out over several cycles comprising multiple, three hour hearings, complete with heavy use of exhibits (in the form of musical renditions and battle reenactments). On that note, an anonymous editor submitted the following commentary, dedicated to fellow enthusiasts:

Three risks for the cloud services under the sky,
Seven for the internationals joined in vereins,
Nine for the clients and their strict guidelines,
One for the dark lord on his dark throne
In the land of legal, where great change does brew
New risks to rule them, new risks to find them,
New risks to bring them all and in the model rules
bind them