Thursday, April 17, 2014

Law Technology News on Steps to Protect Client Data

Law Technology News urges clients to take the lead in directing law firm information security practices: "8 Tips for Corporate and Outside Counsel to Protect Client Data"--
  • "Corporate counsel must take the initiative to protect the company's confidential information. In the wake of recent high-profile data breaches, such as November's Target Corp., many corporate legal departments and IT leaders are tightening up network security. And they expect their outside counsel to do the same."
  • "Attorneys have an obligation to protect confidential client information. This duty is not limited to privileged information, but includes all information relating to a client or furnished by the client acquired during the course of representation. To the extent that a client is damaged by a data breach occasioned by a lawyer’s revelation of confidences, the firm may be subject to disciplinary action or malpractice actions. The threat of reputational harm may be the best deterrent. Outside counsel in today’s digital world must make protecting client data an integral part of the overall engagement."
See the full article for a complete list, which includes:
  • "Control access: Make sure that access to your company’s documents is limited to only law firm personnel who are working on the engagement."
  • "Restrict document sharing: Block the use of Dropbox, Skydrive and other document-sharing sites from law firm networks to minimize the risk of sharing client-related documents outside of the firm."
  • "Create and implement a security breach plan, including immediate notification to your company in the event of an actual or suspected breach. All attorneys and support staff should be trained about those procedures."

Wednesday, April 16, 2014

ABA Webinar on HIPAA for Law Firms

Hat tip to Bill Freivogel for noting an upcoming webinar presented by the ABA, set for April 21 (1pm Eastern): "You Mean HIPAA Applies to Lawyers? Keeping Data Safe, Clients Happy and Your License Secure" --
  • Lawyers have long been aware of their ethical legal duties to keep client information confidential and safe— these ethical duties are deeply rooted in state bar driven ethics rules and the common law. HIPAA takes those obligations a step further.
  • Beginning in February 2010, as mandated by 2009’s HITECH Act, many lawyers, with little fanfare or publicity, became directly federally regulated when it comes to using, disclosing, and safeguarding their client’s data. In fact, lawyers are now required to engage in specific types of risk analyses, documentation, and employee training in relation to client health information.
  • As a result of HITECH, lawyers who practice in many areas of law may now fall under the HIPAA definition of a business associate, oftentimes inadvertently.  In turn, many law firms will be directly federally regulated by provisions of the HIPAA Security Rule, Privacy Rule, and Enforcement Rule as a matter of law.
This program provides a foundational background of HIPAA and HITECH and provides an overview of the following:
  •     How law firms become business associates (intentionally or inadvertently)
  •     What HIPAA requires of law firm business associates
  •     How to properly safeguard client data
  •     Unauthorized uses and disclosures
  •     What constitutes a “breach”
  •     Business associate requirements in case of a breach
  •     Penalties, criminal, and civil liability associated with HIPAA
  •     Potential other ethical conflicts caused by HIPAA as you are forced to execute contractual agreements with clients
See the ABA web site for registration details and information on CLE credit. And see also a previous webinar recording presented by Intapp, featuring Vorys: "Complying with the 'Minimum Necessary' Standard of the HIPAA Privacy Rule."

Monday, April 14, 2014

A New Era of Risk Management – Intapp Acquires the Frayman Group

Today, Intapp announced the acquisition of the Frayman Group (TFG), a company offering risk management software for law firms. With this move, Intapp further extends its position as the leading provider of risk management software for the legal industry, offering broadly adopted products that streamline new business intake, conflicts management, information security and professional compliance.

Said Intapp CEO John Hall:
  • "We are very excited about this acquisition, which is a major milestone for law firm risk management software. Intapp customers will benefit from an even stronger risk management offering as we integrate TFG technology and staff and continue to make significant investments to advance our products."
  • "At Intapp, our mission is to cultivate a position of trusted partner and advisor to our more than 500 customers, offering innovative software and services that enable them to thrive in an increasingly competitive business environment."

Said TFG Founder, President and CEO Yuri Frayman:
  • "With these two organizations coming together, there’s now no other vendor in the market today with a more skilled team, greater insight into legal risk management, a more ambitious product roadmap, or ability to execute."
  • "As I turn to pursue opportunities outside of the legal industry, I see a bright future ahead, both for my customers and the industry as a whole, under Intapp’s leadership."
TFG – An Intapp Company
TFG will continue to operate as a subsidiary of Intapp. In that capacity, it will deliver support to organizations that have licensed TFG products for managing new business intake and workflow (Compliguard Flow), client conflicts (Compliguard Analyze), and ethical walls (Compliguard Protect).

An OpenText Development and Services Partner, TFG will also continue to support organizations with valid support contracts for LegalKEY, an OpenText software product launched in 1994, used for conflicts and records management.

As part of the transaction, Intapp takes ownership of all TFG intellectual property, including patents and software assets, and will incorporate elements of this technology into Intapp business intake, workflow, conflicts management and other products.

The Intapp Risk Management Vision
Today, mounting market forces are putting new demands on law firms to transform the way they operate in order to prosper in an extremely competitive environment. These include clients with escalating service expectations, increasing economic pressure, and a risk landscape marked by evolving regulatory rules, compliance requirements and professional standards.

Controlling risk is just one of several ways Intapp enables firms to thrive in response. Offering unique software products, Intapp lets firms align business operations with firm strategy, while bridging the gap between compliance and efficiency:
  • Intapp Open provides a fresh and innovative approach business intake, client due diligence and conflicts management.
  • Intapp Wall Builder centralizes enforcement of information security and internal access rights across electronic information repositories in response to professional rules, client mandates and regulatory requirements.  
  • Intapp Activity Tracker delivers sophisticated, intelligent monitoring and reporting to flag abnormal access or use of sensitive firm or client information, to satisfy a variety of compliance requirements.
  • Intapp Time integrates the industry’s most adopted time entry, automated activity capture and mobile time recording software, delivering a single, unified experience that delivers real-time e-billing validation and compliance at the point of entry. 

Wednesday, April 9, 2014

2014 Law Firm Risk Surveys Underway (US, UK, Canada & Australia)

We're pleased to kick off the 2014 Law Firm Risk Survey program.

We're running four separate exercises, inviting risk and IT stakeholders at participating mid-sized and large firms in each of four geographies – US, UK, Canada and Australia.

The surveys explore several topics including risk priorities, risk policies and education, intake and conflicts management practices, lateral hiring and departures, confidentiality/information security management, and compliance tracking.

As with past surveys, all who participate will receive a copy of the final published report.

Invitations are going out this week. Please watch your inbox.

Thursday, April 3, 2014

The New Standard for Law Firm Information Governance : Policy-Based Security

Intapp's Kathryn Hume writes in with another update, relating to her collaboration with Iron Mountain's Information Governance working group: "Policy-Based Security: the new standard for law firm information governance and access management" --

I wouldn’t be the first to make the bold statement that "the perimeter is dead," as articles praising the value of an information security model founded upon the idea of a "secure breach" have been circulating throughout the information security community for the past couple of years. This information governance strategy, which Forrester Research refers to as a "Zero Trust Model," takes a fundamentally different conceptual approach to risk management than the traditional “perimeter” security model it is meant to replace.

The traditional, "perimeter" approach uses tools like firewalls, password policies and anti-virus software to keep bad guys out. These defensive bulwarks were developed in an age where businesses housed all of their information on local, private servers. In those days, the IT or security manager followed absolute dogmas: do what it takes to keep intruders out at all costs and make sure that business users within our environment benefit from maximum sharing, flexibility and productivity.

The oxymoronic character of the "secure breach" model to security indexes a vastly different approach to security. Here, IT and Security managers use outcomes-focused logic and work backgrounds to design their information governance strategy. They start by assuming that, in a world where employees lose mobile devices, share information outside their organizations and click on links in spear-phishing emails, a breach is bound to occur. They then assign access control rights and implement technologies inside the perimeter to mitigate the impact of a breach when it WILL eventually occur. Acceptance of risk is embedded into the very fabric of this new strategy.

As law firms, pushed by client requirements and regulations like HIPAA, pay increasing attention to information security, they are also increasingly adopting this secure breach approach. At last month’s LMRM conference, Tom Browne (General Counsel, Hinshaw) and Donald Campbell (Attorney, Collins Einhorn Farrell) highlighted the importance of developing a classification program to assign access control rights to data of varying sensitive. And Iron Mountain now advises information governance professionals on methods to adopt what they call "policy-based" security, where "firms identify which items must be classified as private, confidential or otherwise protected with ethical walls and security polic[ies] travel with the data asset no matter where a file goes."

Over the past year, we’ve seen our law firm customers drastically change the way they configure Wall Builder to support a policy-based security strategy. Multiple firms have developed data classification programs, assigning access control rights to data as it enters the firm at intake whose strictness varies with the data’s sensitivity. This approach generates layers of information security that requires a new approach to managing access controls.

That’s why firms now leverage our unique security capabilities to lock down practice groups with high densities of sensitive data (like Trust & Estates, Business Law and Litigation or M&A), while respecting more granular need-to-know access controls and ethical walls within these larger groups. The standard of care has shifted away from an open-by-default information access model to a policy-based security strategy that will clip the carte blanche to client data in the event of a breach.

We also see firms complementing policy-based security with policy-based monitoring. Many firms aren’t quite ready to lock down every practice groups, and instead seek a compensating control to have visibility into unauthorized behavior that may signal a problem. To address, firms set information access policies without enabling security, monitoring activity on information flagged by the policy and receiving alerts of unsanctioned behavior (e.g. an associate from the real estate practice looking at materials in the medical malpractice defense practice). Firms also monitor activity on very sensitive information like PHI or PII to identify traffic to personal email addresses or spikes in activity that may signify a problem.

As a member of Iron Mountain’s Law Firm Information Governance Symposium HIPAA Task Force, I look forward to the upcoming symposium discussions on policy-based security in Washington, D.C.

And our upcoming information security presentation hosted by the Australasian Legal Practice Management Association in Melbourne will explores how firms can execute a policy-based security model successfully.

To discuss policy-based security in your law firm, please feel free to contact me at

Wednesday, April 2, 2014

Risk Bulletin: Beyond Adversity — On Business, Positional and Subject Matter Conflicts

Recently returned from the Legal Malpractice and Risk Management conference in Chicago, Intapp's Kathryn Hume has published a risk bulletin summarizing and commenting on some of the lively conflicts discussions at the event: "Intapp Risk Bulletin: Beyond Adversity — On Business, Positional and Subject Matter Conflicts" --
  • Managing conflicts is integral to the new business intake and lateral onboarding processes at every law firm. Over the years, firms have honed procedures and adopted software to search and identify potential adversity to avoid malpractice risks by resolving conflicts or turning down matters or lateral hires. Increasingly, however, clearing conflicts requires much more than simply identifying legal conflicts.
  • To manage these business, positional, subject matter and playbook conflicts successfully requires firms to keep abreast of industry trends, update procedures, collect and manage new information and leverage new technology to streamline compliance.
  • Increasingly, firms face "business conflicts" involving simultaneous representation — in unrelated matters — of clients whose interests are only economically adverse.
  • Another conflict type discussed  at the LMRM event is known as "issue" or "positional" conflicts... this type of conflict "occurs when a law firm adopts a legal position for one client seeking a particular legal result that is directly contrary to the position taken on behalf of another present or former client seeking an opposite legal result, in a completely unrelated matter."
  • Firms with active intellectual property practices are likely familiar with the challenges of identifying and resolving "subject matter" conflicts, which occur when firms represent multiple clients trying to protect closely related inventions.
  • Perhaps the trickiest conflicts today’s firms must consider are "playbook" conflicts, which occur when a lawyer’s former representation provides inside knowledge into a client’s litigation strategies or internal decision-making practices that may be used to its disadvantage in subsequent representation.
See the complete bulletin for additional detail, analysis and links to further resources. (And visit Intapp's white paper library for additional risk resources, and information about software designed to enable prudent response to these sorts of trends...)

Sunday, March 30, 2014

New Risk Roundtables & Events : Boston, Houston, Dallas, Chicago, Sydney & Melbourne

We're pleased to announce several upcoming Risk Roundtables and a co-sponsored event:
The Boston Risk Roundtable is set for Tuesday, May 6th, at the office of Mintz Levin Cohn Ferris Glovsky and Popeo PC.
  • The event will feature a presentation by Andrew Perlman, an expert on the impact of technology on legal practice and compliance. He will discuss the shifting nature of lawyer’s duty of confidentiality in the digital age. Mr. Perlman will review changes resulting from the ABA Commission of Ethics 20/20, including confidentiality issues arises from conflicts checks and requirements to protect client confidences when storing and transmitting information, particularly in light of the recent debates about the NSA and attorney-client privilege.
  • Intapp staff will then demonstrate how firms are leveraging Intapp Open and Wall Builder to improve conflicts management, enhance information security and protect client confidentiality. They will highlight features that help firms streamline conflict clearance at lateral onboarding, easily modify intake forms to address new regulations, maintain appropriate access controls throughout the matter lifecycle and alert management of suspicious activity that may signal internal accidents, malfeasance or even a security breach.
The Houston Risk Roundtable is set for Wednesday, May 7th, at the office of Norton Rose Fulbright. 
  • The event will feature a presentation on how firms can maximize profitability and revenue by adopting new strategies for new business intake and conflicts management. Legal conflicts and compliance expert, Bill Freivogel, will explore how recent court decisions involving corporate family conflicts (subsidiaries, affiliates and other related parties) impact law firms. As part of his talk, he’ll recommend strategies for crafting advanced waivers and engagement letters to decrease the risk of malpractice affiliated with corporate family trees. 
  • Intapp staff will also demonstrate Intapp Open
The Dallas Risk Roundtable is set for Thursday, May 8th, at the office of Winstead. 
  • The event will feature the same guest speaker and agenda as the Houston event.  
The Chicago Risk Roundtable is set for Friday, May 9th, at the office of DLA Piper. 
  • The event will also feature the same guest speaker and agenda as the Houston event.
The Sydney Risk Roundtable is set for Thursday, April 17th, at the office of K&L Gates. 
  • The event will feature a presentation by Murray Landis, a Partner in the Corporate/M&A Practice Group at K&L Gates, on best practices for managing client-driven compliance demands including stipulations on business conflicts, billing protocol and other outside counsel guidelines requirements.
  • Intapp staff will also demonstrate Intapp Open
In Melbourne, on Tuesday, April 15th, Intapp's Kathryn Hume will be presenting a session hosted by the Australasian Legal Practice Management Association at the offices of Minter Ellison: "The challenge of information and data security in the electronic age"
  • "The nature of work is changing and becoming more flexible and mobile. This creates vulnerabilities to both client and firm information. Hear from leading experts in the field of electronic data and information security about some of the common threats and issues likely facing your firm and how to manage them."
Roundtable attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Thursday, March 27, 2014

NY Times on Client Focus on Law Firm Information Security

A reader sent word of this story in today's New York Times: "Law Firms Are Pressed on Security for Data" --
  • "A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount."
  • "Wall Street banks are pressing outside law firms to demonstrate that their computer systems are employing top-tier technologies... Some financial institutions are asking law firms to fill out lengthy 60-page questionnaires detailing their cybersecurity measures, while others are doing on-site inspections."
  • "In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies."
  • "he vulnerability of American law firms to online attacks is a particular concern to law enforcement agencies because the firms are a rich repository of corporate secrets, business strategies and intellectual property. One concern is the potential for hackers to access information about potential corporate deals before they get announced. Law enforcement has long worried that law firms are not doing enough to guard against intrusions by hackers.
  • "Despite those meetings, F.B.I. officials and security experts say, law firms remain a weak link when it comes to online security. But the push from corporate clients may have more impact on changing law firm attitudes than anything else."

Tuesday, March 25, 2014

More on Recent Law Firm Insider Trading Allegation

The Wall Street Journal comments on the recent allegation of insider trading linked to a prestigious M&A law firm: "Latest Insider-Trading Case Highlights Law Firms' Risks" [again, google news link for alternative access]--
  • "Clients rely on big law firms to safeguard all manner of secrets, from intellectual property to confidential information about big-ticket mergers. But a handful of high-profile insider trading schemes—including one revealed this week that allegedly turned on tips from an employee at New York law firm Simpson Thacher & Bartlett LLP—highlight the internal risks firms face at a time when sensitive information can be accessed with just a few keystrokes."
  • "'Your employees are your highest risk," said Linn Freedman, a partner at Nixon Peabody LLP and head of the firm's privacy and data protection group, who isn't involved in the latest case."
  • "Thirty years ago, confidential files would have been kept in locked cabinets or conference rooms. Now they are stored electronically, often on firmwide networks where lawyers can access documents from offices around the globe."
  • "Simpson Thacher declined to comment for this article. 'We have strong internal controls in place and will review our systems and procedures to determine if there are ways in which they could be further strengthened,' the firm said in a statement on Wednesday."
  • "'Some of the firms are very sophisticated and have considered the insider threat and have dealt with access control accordingly,' said Eric Friedberg, an executive chairman at Stroz Friedberg, a computer forensics and investigations firm that has consulted on these issues with a number of firms. 'Some haven't.'
  • "Locking down information can run counter to the culture at many law firms, where attorneys are accustomed to collaborating on work. Extra layers of security can slow things down, especially when new lawyers are added to a team and need to get up to speed quickly."

Monday, March 24, 2014

Webinar: Intapp Open – A Fresh Approach to Business Intake and Conflicts

In the past 10 months, over 30 firms have made the decision to adopt Intapp Open, a fresh approach to new business intake and conflicts management. Whether as part of a strategic push to improve client analysis and firm profitability, a program to reduce risk, or an initiative to speed matter opening times and improve lawyer productivity (and satisfaction), Intapp Open has something to offer every firm. Attend this webinar to see a demonstration and learn more:
  • Date: Thursday, April 3rd
  • Time: 9:30 am PST / 12:30 pm EST / 5:30 pm BST
  • Registration: Limited to select firms. Please email Jason Yu for more information.

Open Momentum
In the past ten months, over 30 firms have made the choice to adopt Intapp Open. The product provides a modern approach to intake and conflicts, including an interface designed from the ground up to address the specific needs of firm management, lawyers, risk staff and IT.

Open Opportunity
Intapp Open emphasizes ease of use (including mobile interaction) and ease of management (enabling firms to change their own forms, questions and process definitions without vendor dependence).

Open Invitation
Attend this session webinar presentation and demonstration of Intapp Open to learn more. (And to see how Intapp’s vision for engagement management leverages unique tools to integrate e-billing compliance, lawyer time management, information security and other benefits.)

Please email Jason Yu for more information about registering and attending this event.

Sunday, March 23, 2014

Another Case of (Alleged) Insider Trading Linked to a Law Firm

We've devoted many points of virtual ink to insider trading linked to law firms (including malfeasance, alleged and otherwise, involving lawyers, secretaries, staff and IT personnel). See our dishonor roll of accusations, news stories and past examples.

Now comes the latest, via the Wall Street Journal: "U.S. Alleges Inside Traders Used Spycraft, Ate Evidence : Three Ran Ring Using Information From Top M&A Law Firm, Prosecutors Say" [for those fettered by the paywall or registration requirements, try accessing this google news link and selecting the same headline] --
  • "Three men ran an insider-trading ring with information from one of New York's premier mergers-and-acquisitions law firms, prosecutors say, taking care to chat in code and flash stock tips on napkins or sticky notes before gobbling them down under the clock inside the teeming great hall of Grand Central Terminal."
  • "Steven Metro, 40 years old, a managing clerk at Simpson Thacher & Bartlett LLP, allegedly accessed the law firm's computer system to mine information on deals and other sensitive corporate developments involving clients, according to prosecutors."
  • "...the tips—which included inside information on Tyco International Ltd. TYC +0.80% 's plans to buy Brink's Home Security Holdings Inc. and the 2013 merger of OfficeMax Inc. and Office Depot Inc."
  • "A lawyer for Mr. Eydelman declined to comment. A lawyer for Mr. Metro, James Froccaro, Jr., said his client intended to plead not guilty, while another attorney for Mr. Metro, Michael Rosen, said at a court appearance: 'These are only allegations.'"
  • "Both defendants, who were arrested on Wednesday morning, were released after a brief court appearance in Newark, N.J., on $1 million bond apiece, secured by their respective properties. They face a number of criminal charges, including securities fraud, that could result in up to 20 years each in prison."
  • "Simpson Thacher called the charges 'deeply disturbing and unprecedented in our long history.' The firm, which was founded in 1884 and is known for its work in private equity and mergers and acquisitions, said it had no knowledge of Mr. Metro's actions or the charges until Wednesday, when Mr. Metro was terminated."
  • "'Law firms are sanctuaries for the confidential treatment of client information, and this scheme victimized not only a law firm but also its corporate clients and ultimately the investors in those companies,' Daniel M. Hawke, chief of the SEC Enforcement Division's Market Abuse Unit, said."
Given that the alleged actor in the case stands accused of accessing internal computer systems to "mine information," this is just the latest example that highlights the importance of enacting rigorous internal information security and access controls (and associated monitoring and alerting of potentially suspicious behavior).

Visit for information on steps firms are taking to mitigate insider trading risks and put themselves in a position to demonstrate that they're taking the strongest measures available to limit the insider trading risk.

Thursday, March 20, 2014

More on Playbook Conflicts Stemming from Lateral Hires

We've posted news, discussion and debate about playbook conflicts before (see past stories). The fundamental question is whether insight into the thought patterns and strategies of former clients is a basis for disqualification. Bloomberg BNA reports on a panel discussion at the recent Hinshaw legal risk conference: "Panelists Scope Out ‘Playbook’ Conflicts That Laterals May Bring to Their New Firms"--
  • "Where a lawyer represents a client against a former corporate client in the same type of case that she previously handled for the entity--or even in a different type of case--the former client may claim that the lawyer has confidential 'inside' information that can be used to its disadvantage in the current representation, such as knowledge of the former client's litigation strategies and internal decision-making."
  • "At the session on ''Playbook' Disqualifications,' general counsel from two law firms gave the audience an inside look at their own playbooks for analyzing and dealing with these troublesome conflicts."
  • "Topics included the murky and ever-evolving definition of a disqualifying playbook conflict, unearthing potential playbook conflicts in the lateral hiring process and options for addressing a developed playbook conflict."
  • "Panelist Michael J. Silverman [GC of Duane Morris] said 'there's less of a methodology for figuring out the playbook conflict' than for other conflicts between former and current matters. The hardest part of analyzing these conflicts, he said, is that 'the case law is all over the board.'"
  • "Flynn said one question in analyzing an alleged playbook conflict is whether it's the lawyer's playbook or the client's. If it is the lawyer's strategy, he said, it's not playbook knowledge. Similarly, he said, if the client's strategy changes when it retains a different lawyer, or if cases are being handled differently now, the lawyer's knowledge shouldn't be disqualifying."
  • "Another question, Flynn said, is what type of case the current matter involves... It also matters, Silverman said, whether the former client's current decision-makers are the same individuals as when the supposedly conflicted lawyer was representing the former client."
See the complete article for deeper analysis and discussion, including relevant case law.

Wednesday, March 19, 2014

ALM on Law Firm Data Security : The Very Real Internal Threats

ALM's Legal Intelligencer series on information security continues. Part 2: "Law Firms' Prime Data Security Threat: Their Own Employees" --
  • "Law firms' efforts to protect client data from breaches may be less dramatic than a typical Hollywood blockbuster, but they entail complex productions when it comes to ensuring the physical and cyber security of their clients' information."
  • "And while those in IT say the threats from hackers in places such as China or Russia are real, the biggest threat to a law firm's information security comes from its own employees. As many who spoke to The Legal noted, firms are in the midst of a balancing act between protecting data on one hand and running an efficient business that doesn't resemble what one person referred to as a 'police state.'"
  • "Scott Vernick, a Fox Rothschild partner whose practice focuses on data security issues, said law firms need to think of themselves as any other business when it comes to security threats. 'To a certain extent, we've always been highly mindful of the confidential nature of client data, but I don't know that that's translated completely to the thinking that we are just like any other business and so we have to think about data security like any other business,/ Vernick said."
  • "Blank Rome has been thinking about this issue, and hired in August a director of information security to develop and run a security management program for the firm. Robert Weaver, Blank Rome's new director of information security, said most programs that follow a standardized method will hit all of a typical client's needs. 'Having said that, law firms have the very unique challenge of having a variety of clients with a variety of needs,' Weaver said. 'So you can't create a one-size-fits-all program and apply it to an entire firm. That's the challenge of doing what's right for everybody and enabling the firm to operate in an effective and efficient manner.'"

Tuesday, March 18, 2014

LSN Magazine Interviews Intapp's Pat Archbold on Turning Risk Into Revenue

Intapp Risk Practice leader Pat Archbold was interviewed by LSN Briefing Magazine on strategies for turning risk management into a revenue enabler. The article explains how firms are creating a shift to a more commercial focus for risk management in legal, and making compliance an integral part of doing better business: "Briefing Industry Interview : From Risk to Revenue" --
  • "Perception around risk is reaching a tipping point. Now far from its days as the ‘deal prevention department’, its increasingly commercial remit may prove the maker (or breaker) of tomorrow’s firm."
  • "Out of an optimised risk function built into the management team, advising both clients and lawyers, will emerge more visible revenue-growing opportunities, says Patrick Archbold, head of the risk practice at Intapp. But while business services people are arming their firms for a reliably uncertain future – one that promises competition on the fiercest terms– knowing how and with what tool is a question manyrisk leaders are pondering."
  • "What firms are now realising, says Archbold, is that risk needs not merely to be reactionary box-ticking but an outward-thinking, integral component of a firm’s strategy. 'To be successful today, risk teams must be recognised as resources that help lawyers figure out how they can or if they should take matters on.' This requires a redefinition of what risk means to law firms and their clients. 'Firms that have built professional staffs to get lawyers through this process prefer the term ‘business acceptance’ as opposed to compliance which, to a lawyer, has negative connotations.'"
  • "The shift to a more commercial outlook lies in how those people helping lawyers take on business look at their data, says Archbold. “A 360-degree view of the client or prospect will allow business acceptance teams to align the firm’s commercial strategy with their legal
See the complete article for more detail and discussion.

Monday, March 17, 2014

ALM on Law Firm Data Security : Client Pressures Growing

ALM's Legal Intelligencer is running an excellent series on information security. Part 1: "Law Firms Face Pressure From Clients on Data Security" --
  • "Forget client service or rate flexibility. If a law firm wants to get, or even keep, business, data security plans are often now the price of admission. Corporate America is increasingly looking to ensure its outside counsel are handling client data just as securely as the clients themselves do."
  • "'As an industry, we are being challenged in ways that we have historically not been by some of our clients and, most notably, our financial services clients,' said Kelley Drye & Warren Chief Information Officer Judi Flournoy...  While data security is important to all clients, Flournoy said those in the financial services industry, for example, are regulated to ensure their vendors are following proper data-security protocols."
  • "Reed Smith Chief Information Officer Gary Becker said many clients in the financial services and health care industry are mandated under federal law to continually review their data security initiatives. 'We're now regulated by our clients," Becker said.'"
  • "Many of those clients have done annual audits of a firm's security policies for years now, but they are starting to increase that review to include quarterly discussions on security policies, Becker said. And it isn't just current clients doing the asking. Many requests for proposals for new matters include 'extensive' sections on security and data protection, Becker said."
  • "Ballard Spahr General Counsel William Slaughter said his firm has had systems in place to ensure client data is secure, but in the past few years has seen more client requests for procedures specific to the clients. That has required the firm to occasionally have to add certain capabilities, such as encryption of email."
  • "John Mullen, head of Lewis Brisbois Bisgaard & Smith's data privacy and network security practice, said he has represented a number of law firms when it comes to data security issues. And he said firms do get breached. Firms aren't doing enough to protect data, Mullen said. 'The short version is, law firms generally speaking don't have the budget and don't have the focus and don't make the allocations to truly protect the data they have,' Mullen said."

Thursday, March 13, 2014

The Laterals are Coming! (On Lawyer Onboarding Best Practices)

We've often highlighted risk and compliance issues tied to lateral hiring. This month's Peer to Peer Magazine from ILTA features an excellent article by Leigh Isaacs, Director of Records & Information Management, and Patricia Sievers, Records manager, at Orrick, Herrington & Sutcliff on practicalities and best practices for successfully navigating a bevy of associated issues: "The Laterals Are Coming! Making Onboarding Easier" --
  • "Our firm has just spent a lot of money and many hours wooing this new partner; the last thing we information governance professionals want to do is tarnish this blossoming relationship by appearing disorganized and unprepared. We also recognize that while we are focused on quick access and efficiency, we must consider the significant risk that surrounds the intake of new client information."
  • "Common questions must be answered: Have the new clients/matters cleared conflicts? What type of information are we receiving, and where should it be imported? How can we ensure we are compliant with the firm’s policies? At Orrick, we have successfully implemented some processes to increase efficiency, minimize costs and mitigate risk during onboarding."
  • "The successful and smooth transition of a new partner’s client(s) into an organization takes pre-planning, interdepartmental collaboration and communication, and a set of tried-and-true protocols, policies, FAQs and checklists that have been made available to all interested stakeholders."
See the complete article for more detail and advice on pre-planning, coordinating cross-functional execution, and leveraging questionnaires and checklists to streamline operations, reduce risk and support prudent information governance.

Tuesday, March 11, 2014

Stoel Rives Taps Intapp Open to Unlock a Fresh Approach to New Business Intake

Stoel Rives, a business law firm with nearly 400 lawyers operating out of 12 offices, has selected Intapp Open to streamline its new business intake processes.

Said Firm CIO, Ryan Schlunz:
  • “New matter intake is an essential business process critical to firm performance, lawyer productivity and client service. After reviewing several options, we selected Intapp Open to enhance our intake process because of the product’s unique combination of features, including its sleek user interface, simple yet flexible process designer, and extensive data integration and quality management capabilities."
  • "We see Intapp as a strategic technology partner, offering innovative software, an ambitious vision, and deep subject matter expertise that will benefit our firm for many years to come."
Added Records Manager, Brian Peachey:
  • "We wanted intake software that would cleanly integrate with our existing software systems, data repositories and business processes, while also allowing non-technical risk administrators to change forms and modify processes quickly, without forced dependency on external consultants. Intapp Open was the clear choice because it was designed with this exact philosophy in mind, by a vendor truly committed to empowering its customers. The software enables us to evaluate new business consistently, apply internal policies and speed matter opening times, without disrupting lawyer productivity or client service."

Today, multiple trends are pressuring firms to improve how they evaluate and engage new business. These trends include clients with increasing expectations, and a risk landscape with evolving regulatory rules, compliance requirements and professional standards. In response, firms are looking to increase the sophistication, efficiency and agility of their business inception and conflicts management processes to enhance internal efficiency, reduce risk and improve lawyer productivity.

Intapp Open delivers a fresh approach to new business acceptance (intake process management and conflicts clearance). It offers unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures as well as conflicts clearance practices that may be centralised, distributed among lawyers and practice heads, or both, depending on firm preferences. It doesn't require firms to wrestle with development tools or write a single line of custom code, while providing an architecture that simplifies change management, data integration and system automation.

And, at the same time, For organizations looking to address custom processes, Intapp Open supports the creation and management of additional business workflows, all leveraging a centralized, modern platform.

Visit for more information on how Intapp Open enhances law firm new business intake and workflow management  and to request more information or a demonstration.

Monday, March 10, 2014

Risk News Review (Disqualification Scuffle + ABA on NSA)

"Superior Court reverses Phila. judge’s denial of labor leader’s request disqualifying firm in defamation case" --
  • "A state appellate court panel has found that a Philadelphia judge improperly denied a request by a prominent labor leader seeking to disqualify a city law firm from representing journalists in a lawsuit brought by the plaintiff over claims that he was defamed in news coverage while he was running for elected office."
  • "Dougherty argued that Pepper Hamilton had a conflict of interest because the firm previously represented Dougherty in similar legal matters. Specifically, the firm’s attorneys acted as Dougherty’s legal counsel in a federal investigation involving the U.S. Attorney’s Office in Philadelphia, the appellate opinion states."
  • "Dougherty argued that the firm was privy to confidential communications, advised Dougherty concerning a grand jury subpoena, and was present during a search of his home. He maintained that a conflict of interest exists because the firm intends to pursue numerous discovery requests, including files from the federal investigation, while simultaneously representing the defendants in the defamation case."
  • "In its decision, the Superior Court panel determined that the subject matter of Pepper Hamilton’s prior representation of Dougherty is 'substantially related' to the defamation case, and that a lawyer or lawyers with the firm had previously acquired confidential information from Dougherty, thus creating a conflict."

"Bar Association protests NSA spying" --
  • "The American Bar Association (ABA) last week sent a letter to leaders at the National Security Agency (NSA) expressing concern about reports that the agency’s Australian counterpart had spied on a U.S. law firm working for Indonesia. The agency allegedly offered to share details with the NSA, including 'information covered by attorney-client privilege.'"
  • "The attorney-client privilege is a bedrock legal principle of our free society and is important in both the civil and criminal contexts,” the group’s president, James Silkenat, wrote in the letter. 'The ABA has consistently fought to preserve the attorney-client privilege and opposes government policies, practices and procedures that erode the privilege... The interception and sharing of attorney-client privileged communications by government agencies — or any third party — raises concerns, including chilling the full and frank discussion between lawyer and client that is essential for effective legal representation.'"

Thursday, March 6, 2014

Law Firm Conflicts News & Updates

The ever quotable Bill Frievogel points out several recent conflicts-related decisions of note:
  • "Sunbeam Prods. Inc. v. Oliso, Inc., No. C 13-03577 SI (N.D. Cal. March 4, 2014). Patent infringement action involving 'vacuum packaging technology.' Lawyer represented Company A for some years in vacuum packaging technology cases. In 2006 the plaintiff in this case purchased Company A and merged it into the plaintiff. Because Lawyer now represents the defendant, the plaintiff moved to disqualify Lawyer. In this opinion the court granted the motion. First, the court held that by virtue of the merger the plaintiff is deemed a former client of Lawyer. Second, the court held the representations were substantially related."
  •  "Willoughby v. Willoughby, 2014 Ohio App. LEXIS 728 (Ohio App. March 3, 2014). Trial court denied a motion to disqualify without an evidentiary hearing. The movant appealed on the basis that there should have been a hearing. In this opinion the appellate court ruled that there need not be a hearing in every disqualification proceeding. The court noted Ohio Supreme Court holdings that there must be a hearing in cases where the lawyer in question had moved from a firm on one side of a case to a firm on the other side. This was not such a case. The appellant in this case did not appeal the merits of the denial, just the failure to conduct a hearing."
  • "Spearman v. Morris, 2014 Tex. App. LEXIS 2363 (Tex. App. Feb. 27, 2014). Raising conflict for the first time in appeal brief is too late."
  • "Allen v. Gaus, 2014 Mich. App. LEXIS 376 (Mich. App. Feb. 27, 2014). Legal malpractice case. Family had a claim against Hospital. Hospital was prepared to settle and suggested Family hire Lawyer at Hospital’s expense. Because Lawyer represented Hospital from time-to-time, Lawyer had Family member sign a conflict waiver. After a settlement was approved, Family sued Lawyer. Both the trial court and appellate court, dismissing the case, found that Family could prove no damages. Nevertheless, the appellate court was highly critical of Hospital for injecting its own lawyer to represent Family."
And for those following the situation at the New Jersey Transit Board, comes news of additional developments: "Port Authority chairman hit with ethics complaint by NJ Working Families Alliance" --
  • "A coalition of New Jersey labor and other groups filed a complaint with the State Ethics Commission today charging Port Authority Chairman David Samson with using his position at the bi-state agency to benefit developers and other clients of his law firm."
  • "'This complaint alleges that Samson violated the CIL by using his position as Chairman of the Port Authority to influence decisions of the Port Authority Board of Commissioners that would benefit clients of his law firm, Wolff & Samson PC,' states the complaint, filed by the New Jersey Working Families Alliance, a Democratic-leaning coalition of consumer, environmental and labor groups."
  • "Samson's lawyer, Angelo Genova, issued a statement saying, 'We look forward to a rebutting each and every of the concerns raised in this Complaint in the appropriate forum for resolving these issues.' Genova declined to comment on specifics of the complaint."

Tuesday, March 4, 2014

Risk Roundtables: Philadelphia Scheduled (Singapore a Possibility)

We're pleased to announce our next Risk Roundtable, set for Wednesday, April 9th, at the Philadelphia offices of Blank Rome LLP.
This event will feature a presentation by a renowned legal expert Professor Laurel Terry on choice of law and addressing the challenges firms face with providing services across jurisdictions.

Discussion will explore how firms can grow and enable new business by effectively managing compliance issues associated with taking on matters across jurisdictions (both state and international borders).

As part of the program, we will demonstrate how firms are using business intake, conflicts management and compliance software from Intapp to:
  • Align internal firm practices with overall business strategy
  • Quickly evaluate clients and matters – not only for ethical conflicts but also to ensure business alignment and profitability
  • Comply with client guidelines and terms of business, including e-billing requirements
  • All while speeding matter opening times to drive lawyer productivity (and satisfaction)
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

We're also exploring the possibility of an event in Singapore. If your firm is based in that geography, or if you have local colleagues you think would be interested in attending, please drop us a line.

Monday, March 3, 2014

Webinar: Addressing New Information Risk Challenges with Intapp Wall Builder

Intapp's Kathryn Hume writes in with word of an upcoming webinar which will focus on industry confidentiality and information security trends and connect the dots as to how new capabilities and new modules now available for Intapp Wall Builder can enable firms to respond effectively:
  • "Over the past 18 months, we’ve seen growing interest from firms looking to leverage Wall Builder to address a variety of information security and access control challenges (spanning issues from HIPAA compliance, to cloud security, to hacker risk, to client audits)."
  • "We’ll explore these trends and then dive into the significant product enhancements we’ve made to help our Wall Builder customers tackle these risk and compliance challenges."
  • "Today, firms are using new Wall Builder modules and features to improve security by: locking down by practice group or office, monitoring for violations of policy or securing at the document level to protect data privacy without impacting KM."
Discussion topics will include:
  • Trends – New laws, regulations and client requirements on data security and privacy
  • Monitoring – Detecting anomalous or unauthorized activity that violates firm policies
  • Granular Security – Implementing document-level security to protect PII and PHI
  • New Security Models – Locking down entire practice groups, jurisdictions or offices
  • Layering Security – Managing a hierarchy of policies that address overlapping needs
  • Content Security – Content-based security to mitigate the impact of mobile, cloud and hacker risk
Because this event is product-focused, attendance is limited to current Intapp Wall Builder customers. For more information about registering and attending, please contact Kathryn Hume.

Thursday, February 27, 2014

Canadian Conflicts News

In honor of a recent Olympic hockey win, we feature a Canadian conflicts story. Last year, we noted developments in Canadian National Railway Co. v. McKercher LLP, which noted expert Simon Chester called "the fourth significant decision on conflicts of interest, the scope of duties of loyalty, and the appropriate division of responsibility between courts and law societies as regulators of professional conduct. It rejected arguments for liberalizing the so-called bright-line rule, but clarified its operation."

Now from comes more on Canadian conflicts: "The More Things Change…. A Post-McKercher Conflicts Case", which comments on MTM Commercial Trust v Statesman Riverside Quays Ltd. 2014 ABQB 16.
  • "In his decision in MTM Commercial Trust v Statesman Riverside Quays Ltd. Justice Macleod determined whether Bennett Jones LLP could act for Matco Group, a client of many years, in a dispute with the Statesman Group, for whom Bennett Jones acted on a very limited retainer, and who had been advised that Bennett Jones would act for Matco in the event of a future dispute between the two clients."
  • "Somewhat surprisingly, Justice Macleod held that Bennett Jones could not represent Matco.  In this comment I will suggest that this judgment supports the position I set out in an ABlawg post in 2011, that 'in actual cases judges are less concerned with carefully articulating the applicable rules, and more concerned with reaching the right outcome on the facts, all things considered'"
  • "One of the striking things about Justice Macleod’s judgment is that it spends a significant amount of time summarizing the law governing conflicts of interest, but only two paragraphs discussing the application of that law to the facts of Bennett Jones’ two retainers.  That division means that it is not entirely clear how the legal doctrine cited informs the result."
  • "Ultimately it appears that two things caused problems for Bennett Jones: that it did not tell Statesman that it had taken a retainer from Matco significantly adverse to Statesman’s interests, and the severity of the impact on Statesman of Matco’s allegations in the litigation."
  • "Perhaps the key point is this: Bennett Jones could have advised Statesman, or have withdrawn in an orderly fashion from that retainer.  Likely that would not have been the preferred course of action for Matco, but Bennett Jones could also have asked for and obtained consent from Matco for taking those steps.  There was nothing in law to prevent it from taking steps to advise Statesman of what it was doing."
  • "If the law firm has acted in an up front and candid way, then it is likely to avoid problems, even if its conduct might be considered a conflict of interest on a strict application of the law.  Conversely, if there is any sense that the firm has not been up front and candid, it will run into problems, even if it has a reasonable argument that it is not in a conflict."

Wednesday, February 26, 2014

In the News: Conflicts Allegations & Confidentiality

From New Jersey Public Television: Conflict of Interest Concerns Surface with Port Authority
  • "At today’s special meeting of the NJ Transit board, there was no mention of the controversial deal with the Port Authority that gave NJ Transit a $1 a year lease on a Port Authority-owned Park & Ride in North Bergen. The 2012 vote would have gone unnoticed except that Port Authority Board Chairman David Samson voted for the deal, while NJ Transit was a client of his law firm Wolff & Samson. It’s the latest example of what some are calling an unchecked abuse of power."
  • "You can take your pick of potential Samson conflicts: There’s the $1.5 million his firm collected from NJ Transit for helping broker the parking lot deal. Or the $250 million makeover of the Harrison PATH station that potentially benefits a real estate developer represented by Samson’s firm. Or several other instances. Samson, though, is about to get a long hard look from the legislatures Select Committee on Investigation."
  • "A review by the Star-Ledger found that Wolff & Samson made more than $8 million from contracts with the state and other authorities, not to mention another million a year in lobbying business. It’s a lot of money that the former attorney general will now have to weigh against the cost all this scrutiny is having to his reputation."

  • "Sometimes, mistakes happen. That was the gist of an opinion handed down this week by a federal magistrate judge who showed leniency toward Quinn Emanuel Urquhart & Sullivan LLP for an evidence leak that allowed its client, Samsung Electronics Co., to get hold of a copy of a confidential license agreement between two rivals, Apple Inc. and Nokia Corp."
  • "Though sparing the law firm of harsher sanctions, U.S. Magistrate Judge Paul Grewal gave them a scolding. He ordered Quinn Emanuel to reimburse Apple and Nokia  for legal costs associated with the leak. And he instructed Samsung to put in place safeguards to make sure it doesn’t happen again."
  • "The quick back story: In March of 2012, several months before the start of a high-profile patent jury trial between Apple and Samsung, Quinn Emanuel distributed a report to Samsung that included a confidential license agreement between Apple and Nokia. Quinn Emanuel acquired the document, written by a Samsung licensing expert, through the normal discovery process."
  • "Judge Grewal didn’t let Samsung off the hook completely. He chastised Samsung and its outside counsel for setting up what he saw as a sloppy system to manage the flow of highly confidential information in a such complex case. The lack of oversight, he said, warranted at least some redress."

Tuesday, February 25, 2014

Risk Talk: Lawyer Professional Responsibility & PHI

Intapp's Kathryn Hume writes in with news of an upcoming risk session she'll be presenting at, hosted by the Arizona Association of Defense Counsel: "HIPAA Concerns for Arizona Practitioners".

The session will explore the relationship between federal and state requirements around PHI and how that impacts lawyer’s professional responsibility requirements. It will include practice guidance for addressing compliance requirements.

Lewis & Roca partner Gregory Harris will be co-presenting.

Wednesday, February 19, 2014

NSA Controversy Touches Law Firm

As reported by the New York Times: "Spying by N.S.A. Ally Entangled U.S. Law Firm" --
  • "A top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the United States. The disclosure offers a rare glimpse of a specific instance in which Americans were ensnared by the eavesdroppers, and is of particular interest because lawyers in the United States with clients overseas have expressed growing concern that their confidential communications could be compromised by such surveillance."
  • "The government of Indonesia had retained the law firm for help in trade talks, according to the February 2013 document. It reports that the N.S.A.’s Australian counterpart, the Australian Signals Directorate, notified the agency that it was conducting surveillance of the talks, including communications between Indonesian officials and the American law firm, and offered to share the information."
  • "The Australians told officials at an N.S.A. liaison office in Canberra, Australia, that 'information covered by attorney-client privilege may be included' in the intelligence gathering, according to the document, a monthly bulletin from the Canberra office. The law firm was not identified, but Mayer Brown, a Chicago-based firm with a global practice, was then advising the Indonesian government on trade issues."
  • "Duane Layton, a Mayer Brown lawyer involved in the trade talks, said he did not have any evidence that he or his firm had been under scrutiny by Australian or American intelligence agencies. 'I always wonder if someone is listening, because you would have to be an idiot not to wonder in this day and age,' he said in an interview. 'But I’ve never really thought I was being spied on.'"
  • "Most attorney-client conversations do not get special protections under American law from N.S.A. eavesdropping. Amid growing concerns about surveillance and hacking, the American Bar Association in 2012 revised its ethics rules to explicitly require lawyers to 'make reasonable efforts' to protect confidential information from unauthorized disclosure to outsiders."
On Monday, the Chicago Tribune published an update that included additional commentary from Mayer Brown: "Chicago-based law firm responds to report of NSA spying" --
  • "Mayer Brown, the Chicago-based law firm cited in a weekend report about National Security Administration spying, has issued a statement that stops short of an outright denial that its communications were under surveillance but says there is 'no indication' that any spying occurred 'at the firm.'"
  • "Responding to the report, Mayer Brown said in a statement late Sunday night: 'There is no indication, either in the media reports or from our internal systems and controls, that the alleged surveillance occurred at the firm.'"
  • "Asked by the Tribune whether the firm was saying that there was no evidence of spying at the firm, or that there was no evidence of spying of the firm, a Mayer Brown spokesman responded: 'At the firm.'"
  • "The Mayer Brown statement also said, 'Nor has there been any suggestion that Mayer Brown was in any way the subject of the alleged scrutiny. Mayer Brown takes data protection and privacy very seriously, and we invest significant resources to keep client information secure.'"