Law Firm Engagement Letters in the News...

“A Clearly Drafted Engagement Letter Can Limit the Scope of Attorney's Duties” – according to the U.S. District Court for the Eastern District of Louisiana, as reported by Hinshaw & Culbertson: "the firm’s clearly drafted engagement letter successfully provided a defense to the client’s allegations that the firm did not provide adequate legal representation."

A bit more colorful analysis is provided by legal news rag Above the Law, which offers specific advice:

• “Retainer Agreement, engagement letter, whatever you want to call them. Have one. Just don’t make it a bunch of much-too-long, written “understandings” of too many things that the client isn’t absorbing at the initial consultation. These documents are not tools to attempt to impress the client with your ability to expand on: “You are going to pay me this, and I am going to do this, and I’m not paying for this, and if anything else comes up, we’ll talk about a separate retainer/fee/cost, and I’m not guaranteeing anything or giving you money back, and we have no other agreements, so sign here.”

Law Firm Conflicts and Controversy

Megaupload, Megacontroversy, Megaconflict?
Hogan Lovells partner withdraws from representation of Megaupload in its recent legal troubles. The organization is currently defending itself against accusations that it built an elaborate system designed to encourage online copyright infringement: “Robert Bennett was required to withdraw from the case because of a conflict involving at least one other client of his law firm, Hogan Lovells, this person told Reuters. The other client or clients were not identified.” Interestingly, Bennett represented Megaupload in other matters, so this may be a base both of “business” as well as ethical conflicts. [See American Lawyer story for additional detail.]

When Risk Law Firms and Politicians Mix
An interesting article exploring the relationship between one firm and Wisconsin’s Republican leadership: “In December news broke that Wisconsin Supreme Court Justice Michael Gableman, a well-known conservative, had received about $100,000 worth of free legal services from a Michael Best & Friedrich attorney. The revelation created a controversy because the Supreme Court presides over cases argued by Michael Best & Friedrich. Accepting free services from the firm could be considered a conflict of interest.” [The judge in question denies a conflict of interest and will not recuse himself.]

Data Privacy News and Updates

Firms that store and manage sensitive client information should take heed of recent privacy developments and news:

• New California Data Privacy Law Now In Effect -- "SB 24 strengthens and standardizes the notification requirements when someone’s personal information has been hacked into, stolen, or lost. The bill also requires state agencies, businesses and others to notify the Attorney General if more than 500 Californians are affected by a data breach."
• Privacy Enforcement Actions Set to Increase in 2012? -- "There's going to be a lot more privacy enforcement actions. By a lot of different government authorities, not just DPAs. And the sanctions/damages are going to go through the roof. Indeed, it's not easy to keep track of which government officials are in charge of data protection enforcement actions. There are a lot of them."
• A pertinent example: UCLA Hospitals Sued Over Patient Data Breach -- "The suit, filed as a proposed class action on Dec. 14, alleges that by not protecting its patients' confidential information, the hospital system violated California's Confidentiality of Medical Information Act. The law allows each patient to recover $1,000 in statutory damages per occurrence." In this case, a former physician had sensitive information on his home computer, which was stolen by burglars. (Could this happen to a lawyer?)

Lateral Movement, Client Poaching and Staff Screening

 

• Laterals Be Careful? -- Lawyer May Be Liable to Former Firm in Tort For Improper Efforts to Recruit Firm's Clients -- "The U.S. District Court for the Eastern District of Pennsylvania Dec. 22 granted a law firm's motion for a preliminary injunction against a lawyer who tried to recruit many of the law firm's clients after she was fired (Feldman & Pinto PC v. Seithel, E.D. Pa., No. 11-5400, 12/22/11)."
• Avoiding disqualification on matters due to non-lawyer firm changes -- Bill Freivogel published an excellent article on "what screens law firms should put in place to avoid problems with non-lawyers." The essay compares and contrasts US and Canadian standards, explores when unilateral lateral screening is permitted vs. when waivers are required, and provides a case study example. He also presents a list of the five minimum characteristics of an effective staff screen, including policy construction, notification, information access control and compliance documentation. [Update: h/t to Legal Ethics Forum for suggesting LA County Ethics Opinion 524 as a relevant related read.]

Alternative Business Structure Applications Live in the UK (ABA Says: "Not So Much")

• First ABS wannabes begin SRA application process -- "More than 10 prospective alternative business structures (ABSs) completed the first stage of the Solicitors Regulation Authority’s (SRA) application process on the first day, the authority has revealed." As explored in greater detail in the article, Law Society President John Wotton argues that ABS licensing provides England and Wales with a competitive global advantage for legal services.
• ABA Panel Says No to Outside Law Firm Ownership -- "An American Bar Association commission is considering recommending that nonlawyers be allowed to take an equity stake in law firms for which they work while urging that an existing ban be maintained on the kind of outside investment in U.S. firms that is now possible in the United Kingdom and Australia."

Law Firm Rules & Regulations (News & Fighting)

• ABA and European Law Societies Fight New Efforts to Regulate Legal Industry -- Stemming from the debt crisis, new attempts at external law firm regulation threaten "...one of the core principles of the legal profession: regulation independent from the executive branch of the state," the industry argues, noting that a "guarantee of independence" is "fundamental to the profession."
• Washington DC ethics opinion 361 allows referrals to non-lawyer service providers -- “…such as a financial services firm may accept compensation from the provider for the referral so long as the criteria of Rule 1.7(c) and, if applicable, Rules 1.8(a) and 5.7 are satisfied. Those criteria are exacting, however, and the arrangement may be beyond the lawyer’s malpractice coverage even if permitted by the Rules.”
• Utah Bar Says Using Student's Lexis/Westlaw Access for Firm Work is Unethical -- "The Utah Legal Ethics Advisory Committee considered whether an attorney who encouraged a student to breach her agreement by doing firm-related research had committed an ethical violation. The Committee answered in the affirmative finding that an attorney's misuse of a student's educational Wexis access is theft of services, a potential felony."

2012: New Year, New (and Old) Risks

A few interesting updates as we kick off the new year:

• The ABA Commission on Ethics 20/20, the body charged with reviewing and recommending changes to the Model Rules, recently issued a Summary of Actions, writing: "For two years, we listened to all elements of the profession as well  as clients, consumer groups and businesses that support, sell to, and report on the profession.  Our proposals respond to what we have heard and are intended to address the following developments…"
• From the frequently linked and hat-tipped Legal Ethics Forum -- John Steele published his "Top Ten Legal Ethics Stories of 2011." It’s excellent reading.

Law Firm Insider Trading Risk Management: Webinar Recording Now Available

Content from our November webinar on managing insider trading risk at law firms is now online, for those who missed the live session:

1. Managing Insider Trading Risk -- Thanks again to our panelists. We welcomed another large group (100+ attendees) who heard speakers from SNR Denton (Adam Hanson), Baker & McKenzie (Dan Surowiec), and Hogan Lovells (Jeff Lolley).

Those who registered but were not able to attend these events should have received a link to the video recordings via email. Others interested in these sessions can view them online: [Law Firm Risk Management Webinars].

Report from Kansas City Risk Roundtable Session Hosted at Lathrop & Gage

We hosted a Risk Roundtable last week in Kansas City. Thanks again to Lathrop & Gage for hosting. Brian Lynch sent his customary summary of the day:

• Dan – I'm pleased to report back from our ISO 27001 Risk Roundtable discussion in Kansas City. Lathrop & Gage hosted our session, where we had a chance to check in with KC-based firms and their respective approaches to implementing ISO-friendly security programs. It was a lively discussion, where we had a chance to evaluate the benefits and costs of pursuing ISO certification.
• As one of our attendees put it, creating a standard information security management system - e.g. ISO - is an inevitability. It's a difficult process for clients and law firms to work through the audit process. Managing audits seems to be something clients increasingly want, and firms are getting more comfortable addressing. But many are looking for a shorthand method to show that they meet a certain level of differentiated confidentiality management. This promises a quicker path to providing clients with peace of mind and enabling firms to address their obligations as they work across jurisdictions.
• Several attendees commented on the role IntApp Wall Builder plays at their firm in managing confidentiality enforcement as part of their security programs. They're mapping the technology to the requirements and processes ISO 27001 defines to ensure consistent compliance.
• Many thanks again to Sean Power @ Lathrop & Gage for providing the forum for an intellectually stimulating discussion.

This session concludes the 2011 Fall/Winter Risk Roundtable series (we promise this time). Plans are underway for future events in 2012. Watch this space for more details. (And if you'd like to host a Risk Roundtable in your neck of the woods, please get in touch: dan@riskroundtable.com.)

With Swift Ethical Screen, Quinn Emanuel Survives Disqualification from $10 Billion Lawsuit

We first highlighted this case in October, when a Bank of America moved to disqualify Quinn Emanuel, counsel for AIG in a $10 billion lawsuit because of alleged conflicts stemming from the move of  lateral partner. [h/t to Bill Frievogel for noting the recent update.]

The lawyer worked 5.8 hours on the matter at Quinn, starting in July, 2011, before Quinn became aware of the potential conflict after opposing counsel wrote them in September. Quinn argued that the matters were unrelated, that no sharing of confidential information had taken place and that the firm erected an ethical screen immediately upon discovering the situation.

Given the stakes, in order to avoid the impression or potential of future disclosure, the lawyer voluntarily left the firm in October, 2011.

When the motion was first filed, a legal ethics expert agreed the situation would likely not warrant disqualification, but opined that “…it could prove 'problematic' if presiding judge Barbara Jones decided Becker was not screened fast enough, but that an effective screen could address this issue.”

Last week, the judge agreed that disqualification was unwarranted [see: American Int'l Group, Inc. v. Bank of Am. Corp., 11 Civ. 6212 (BSJ) (S.D.N.Y. Dec. 6, 2011)]

• The decision noted that: “…screens erected immediately upon discovery of the conflict weigh against disqualification.”
• However: “Quinn’s screening procedure was imperfect, without question.”
• But she ruled that the firm successfully rebutted the presumption that confidences were shared. For one, the lawyer brought no client files to the new firm. Furthermore, three years had passed since the lawyer worked on the original matter. Quinn also conducted extensive interviews of all significantly involved members of the matter team, securing affidavits that no confidences were sought or received.
• Physical separation (the lawyer was based in London), the size of the firm (500+ lawyers) and the firm’s long client relationship also influenced the judge’s ruling.

This is yet another recent example where IT plays a critical role in disqualification defense. In this case, IT conducted an electronic audit of firm’s document system to support the firm’s arguments. (In this case, the audit showed the lawyer accessed two documents related to the matter. But that was insufficient to warrant disqualification, given the facts and factors in play in this case.)

Counsel for Bank of America in Multi-Billion Dollar Lawsuit Disqualified; Judge Cites “Porous and Ineffective” Ethical Wall

Today comes a significant update in Line Trust Corp. Ltd, et al. v. David Lichtenstein, et al, heard before the Supreme Court of the State of New York.

It appears that a lawyer who represented Bank of America while a partner at Kaye Scholer LLP made a lateral move to Willkie Farr & Gallagher LLP. The client moved with her.

But Willkie was representing allegedly adverse parties in the same matter. And shortly thereafter, the existing client moved to disqualify the firm from representing BofA, asking for discovery to see if matters had been tainted. In the process, the firm shared important information:

• In May of 2011, the firm’s IT department audited its electronic document management system and discovered that an associate had opened and printed a document they should not have in October, 2010. That associate was then removed from the matter at hand. (The court says: “perhaps negligently so.”)
• Expanded to include time recording data, the IT audit also showed that a legal assistant cite-checked a memo and viewed five documents related to the matter in 2009.

This case highlights the critical importance of effective confidentiality, screening notification and information security controls. In his order the judge called out that:

• “… Wilkie Farr has submitted insufficient proof that they erected adequate screening measures to prevent attorneys advising Bank of America from having access to (i) other Wilki Farr attorneys who worked for the Lichtenstein Defendants… If an ethical wall exists here at all, and it may not, it is porous and ineffective.”

The firm argued that these breaches were accidental, minor and taken out of context. But the damage was done. The judge took evidence of smoke to suggest a fire:

• “Willkie Farr submits time records to show that breaches of the wall were minimal. The time records are inadequate, as they cannot be expected to reflect the totality of breaches of the ethical wall.”

Recent Law Firm Conflicts, Disqualifications and Penalties

In Washington, D.C., Butzel Long Tighe Patton PLLC recently found itself facing harsh words from a judge, who stripped the firm of $72,000 in fees for failing to disclose a conflict. "...the judge slammed a partner, saying it was "inexcusable" he didn't show up for a fee application hearing." [via BLT. See the written decision.]

In Washington State, a firm was disqualified for giving legal advice to both sides in the same dispute. "Grant PUD law firm disqualified in Crescent Bar case" --

• "At the time, Aylward told Trautmann that there could be a conflict of interest, since his partner, David Sonn, occasionally did legal work for the PUD, but he added that he thought he could get a waiver."
• "But with the waiver issue still unresolved, Aylward proceeded to correspond with Trautmann over the following month, including giving what she believed was 'specific advice regarding strategy' that the condo owners could use in their argument against the PUD."

Partner Event: Ark Group Risk Management for Law Firms (December 6-7, London)

The Ark Group is hosting its annual "Risk Management for Law Firms" conference in London next week. Organizers have assembled a rich agenda and impressive roster of speakers who will address topics including:

• A first-hand account of how firms including Taylor Wessing, Freshfields, and Allen & Overy have tackled the challenges in operating under the new outcomes-focused regulation
• Clarity from the SRA, Law Society and Legal Ombudsman as they share their expectations for OFR, ABS and the claim trends for the coming year
• Tools to benchmark your firm against leading law firms' risk management strategies and ensure you stay out of trouble
• An understanding of the key changes and trends in claims over the past year and how these will affect your professional indemnity insurance renewal
• Learning opportunities to avoid the pointed end of regulation, with an overview of high-profile disciplinary matters and rogue partners
• A forum to consider all risks relating to outsourcing

Kaye Sycamore, IntApp Managing Director, will also be presenting a briefing on risk news and trends relating to confidentiality management, information barriers and information security issues affecting law firms, including a summary of recent Risk Roundtable events. She has invited UK-based firms interested in exploring these issues in greater detail to contact her directly.

Ethics Opinions: Little Fluffy Clouds, Lost Little Thumb Drives...

Today, several stories about technology-driven law firm risk issues. (And a reminder to take our five minute, reader survey.)

Cloud Computing:

• The Pennsylvania Bar joins several jurisdictions in publishing new ethics opinions on cloud computing: "Formal Opinion 2011-200, Ethical Obligations For Attorneys Using Cloud Computing/Software As A Service While Fulfilling The Duties Of Confidentiality And Preservation Of Client Property." In keeping with conventional wisdom, they support cloud storage of client information so long as information is kept confidential and reasonable safeguards are employed.
• Iowa has issued a similar opinion on lawyer use of cloud services: "Iowa lawyers may store client information and other data on a third-party vendor's servers rather than their own computers, so long as the lawyer has unfettered access to the data and can reasonably verify that sound methods are being used to protect the information..."
• The Daily Record has posted an interesting opinion piece on current industry thinking on the topic: "Legal Currents: Is a cloud backlash on the horizon?" The article is written by a lawyer currently writing a book on the topic for the ABA: "My hope is that I’m wrong, and that if the ABA Committee on Ethics and Responsibility does address the issue of consent when using any form of electronic communication, it concludes that the standard applicable to unencrypted email communications should likewise apply to the use of cloud computing platforms, which are inherently more secure than email."

Managing Ever-Shrinking Physical Data Storage:

• "Discarded laptops, flash drives create ethical obligations for lawyers" – "A recent Florida Bar opinion advising that lawyers have an ethical duty to sanitize their storage devices has put a spotlight on how attorneys handle their discarded equipment...While some had expressed concern that the opinion would set unrealistic requirements, Tarbert [Florida Bar Ethics Counsel] said the committee didn't receive any feedback at all from the state's lawyers when the opinion was made available for public comment."

One More Thing: Bonus Risk Roundtable Meeting on ISO 27001 (Kansas City @ Lathrop & Gage)

We have a late entry into our Winter Risk Roundtable series. Based on member demand, we'll be hosting another session focused on ISO 27001 certification for law firms. Hosted in Kansas City by Lathrop & Cage, the presentation is scheduled for Wednesday December 14th.

Over the past 18 months, corporations have increasingly mandated more stringent information security requirements for outside counsel. This often means more time spent responding to client requests and RFPs. Today several firms are leveraging the ISO 27001 standard as a strategic response.

Session Agenda:

• Business Drivers - Why are law firms investing in ISO27001?
• Value - What is the true value and is it worth the effort?
• Accreditation Process - What strategies are firms pursuing, is accreditation needed?
• Lessons and Best Practices - What technical, business and other considerations can peer firms benefit from in their own thinking?
• Information Risk Management Options - What tools are being deployed to respond to the new challenges?

Event attendance is by invitation only and is limited to qualified law firms and personnel. Please contact dan@riskroundtable.com for more details.

Report from Canadian Risk Roundtable Session Hosted at Fasken Martineau

We hosted a Risk Roundtable last week in Toronto, Ontario. Many thanks to Fasken Martineau
for hosting. Brian Lynch delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sent his customary summary of the day:

• Dan – I'm happy to report that we finished up our Winter Risk Roundtable series with an excellent session in Toronto. Fasken Martineau was gracious to host a large group of attendees, including General Counsels from leading Canadian firms.
• First we walked through some of the risk trends that IntApp is observing in the US and the UK, especially trend-setting markets like New York and London. We covered familiar ground with the rise of Outside Counsel Guidelines, recent initiatives within the ABA, and Alternative Business Structures in the UK. Client audits continue to capture group attention -- one of the attendees shared his experiences with on-site auditors.
• Next, Mary Trudell, Director, Conflicts and Records Management at Fasken, shared success stories about her firm’s work to harmonize information governance processes. They’re using IntApp Wall Builder as a foundational technology, supplemented by efforts of her team working across Canadian provinces and in Paris, London and Johannesburg to provide timely and consistent service to the firm's lawyers.
• Finally, Simon Chester of Heenan Blaikie walked us through the recent decisions of Wallace and Nova. There are certainly interesting implications for both cases, and the assembled group had plenty of questions and commentary. Many thanks to Simon for summarizing the facts and history, and helping us understand the broader context.

This session concludes the 2011 Fall/Winter Risk Roundtable series. Plans are underway for future events in 2012. Watch this space for more details. (And if you'd like to host a Risk Roundtable in your neck of the woods, please get in touch: dan@riskroundtable.com.)

Webinar: Managing Insider Risk at Law Firms (CLE Eligible)

We've had tremendous interest in our risk webinar series and are pleased to announce our latest session: Managing Insider Risk at Law Firms

Date: Tuesday, November 29
Time: 9 am Pacific / 12 pm Eastern / 5 pm BST

Description: In the past 18 months, surprising stories of lawyer and staff misuse of sensitive client information have dramatically raised the profile of this issue among law firms, clients, regulators and the media. [See previous blog updates: here, here, here and here.] In response, many firms are re-evaluating the policies and protections they have in place to mitigate insider risk.

This session is presented as part of the Risk Roundtable initiative and includes panelists from the Risk Roundtable Compliance Consortium, a working group focused on developing firm risk response guidelines:

Most firms have programs to educate lawyers and staff about their obligations not to act on inside or price-sensitive information. Yet in an environment where individuals generally have broad access to electronic repositories where sensitive information is stored, such as document management libraries, temptation may lurk. This is particularly true as new search tools make it even easier to locate sensitive materials (either accidentally or intentionally).

While most firms take steps to control risk by using matter "code words" and emphasizing the need to control document distribution, organizations are increasingly pursuing greater confidentiality protections and the ability to better demonstrate compliance if required to do so by clients or regulators.

In this session, panelists will review several methods for dealing with insider risk, including ways to:

• Encourage professional responsibility
• Prevent inadvertent access
• Prevent unauthorized use
• Track suspicious behavior

CLE Credit: Certificates will be provided to attendees upon request. (Attendees outside of California are responsible for confirming CLE reciprocity in their particular jurisdiction.)
 
Attendance: Attendance is by invitation only. Risk Roundtable members and qualified parties are invited to request more information by emailing: dan@riskroundtable.com.

Risk News & Updates: Lateral Hire Intake Checklist, Canadian and UK Lawyer Regulation

Authors at McKenna Long & Aldridge recently published "Ensure lateral moves are win-win," which reviews "questionnaires, conflicts checks and proper documentation [that] will help boost profitability, lower risk":

• "Like all risk management issues, the most effective strategies involve systems. This means adopting practices, protocols and procedures that the law firm and its attorneys follow every time. Murphy's law applies in full force in lateral hiring. Inevitably, it is the one time that the law firm fails to follow the established rules that comes back to create the most difficult problems... Of course, it all sounds intimidating. But, it does not have to be so. The solution is an effective system with questionnaires, supplemental questionnaires, conflicts checks and a documented mutual understanding, which combine to do most of the work. Safer and more profitable—it is a winning combination."

University of Calgary law professor Alice Woolley opines on larger issues stemming from a recent disciplinary decision by the Law Society of British Columbia in "Lawyers Regulatory Lawyers?" --

• "The decision warrants comment, however, because the threat it creates to the legitimacy of lawyer self-regulation applies to all Canadian law societies. Specifically, the misdirection in regulatory energy reflected by the decision of the Law Society of British Columbia in this case is something to which all Canadian law societies have shown themselves to be susceptible. This comment is a plea to the law societies to think more carefully about the cases they pursue; to take more seriously conduct by lawyers that undermines the rule of law; and, to allow lawyers to hold each other to account in circumstances where there is a reasonable basis to allege misconduct, even if lawyers sometimes do so with 'incivility.'"

Interesting developments in the UK:

• Law Society and SRA unveil deal to resolve longstanding governance wrangling -- "The Law Society and Solicitors Regulation Authority (SRA) have hammered out 'a permanent resolution' of their long-running internal governance issues, the pair announced yesterday."
• SRA eyes expanded international reach by offering to regulate foreign firms -- " In addition, it may seek to regulate firms that are English and Welsh law firm partnerships but part of a larger Verein structure – where it would be expected to designate the SRA as the lead/home regulator of the English and Welsh part of the Verein... For foreign firms with subsidiary operations in England and Wales which contains solicitor partners and have the majority of their turnover and activity outside of England and Wales, they would either be subject to the SRA Handbook regime only in England and Wales, or be able to have the SRA as its lead/home regulator worldwide."

Finally, a thank you to readers who have taken our reader survey, and a friendly reminder for those with feedback to share to take a few minutes to participate: 2011 Risk Blog Reader Survey.

ISO 27001 for Law Firms: Report from Houston Risk Roundtable Hosted at Baker Botts

Last Friday we held a Risk Roundtable session in Houston, Texas. Many thanks to Baker Botts for hosting. The event focused on ISO 27001 for law firms. Brian Lynch moderated and sends his customary summary:

• Dan – Greetings from the Great State of Texas! We had a very informative Risk Roundtable today at Baker Botts in Houston with our special guest, Andrew Rose, Principal Analyst, Security and Risk, from Forrester Research.
• Andrew walked us through the ISO 27001 standard and how it applies to law firms. In response to growing client demands and increased regulatory obligations, law firms are finding themselves developing all sorts of security measures to accommodate a variety of requests. ISO 27001 certification has provided a reliable framework for a number of firms to respond effectively and provide security that clients have come to expect.
• Bobby Tindel of Andrews & Kurth spoke to us about the robust processes and technologies that his firm has put in place over the past year and a half. One of the "sleeper risks" is a disgruntled employee turning whistle-blower over a minor violation.
• The best approach is to close the loopholes and apply comprehensive and defensible security. Another participant pointed out the high standard established by the HIPAA/HITECH Act, and it's increasingly frequent appearance. Clients are pushing firms to provide security levels comparable to their own, not to other law firms.
• As always, it was a great opportunity for an engaged group of participants to connect and share risk management perspectives.

For more information about ISO 27001 for law firms, see our recent New York Roundtable summary.

Report from Atlanta Risk Roundtable Session Hosted at Ogletree Deakins

Last Thursday we held a Risk Roundtable session in Atlanta, Georgia. Many thanks to Ogletree Deakins for hosting. Brian Lynch delivered an update on current risk trends and issues, and moderated group discussion. Here's his summary:

• Dan – Reporting from our latest Risk Roundtable in Atlanta. The group discussed legal trends, but also spent a good amount time talking about the reality of client audits.
• One firm reported that a banking client recently completed a security audit of their security processes. The client is spending time with multiple law firms to establish a baseline that they can all follow.
• Dan Drake of Ogletree shared with the group some of their current challenges with consumerization of law firm technology. iPads, iPhones, Android-based technologies, and other non-standard alternatives have found their way into many law firms, and they have brought security risks with them.
• Many firms have "solved the hacker problem" with standardized firewall software, they have effectively locked down access internally with products like Wall Builder, and they have taken on preventative measures to reduce the risk of data breaches. These firms start by ensuring their " house is in order" and restricting internal access to sensitive documents.
• One of our attendees spoke about the benefits of tracking indicative behaviors to identify potential bad situations before they happen. He identified the example that we’ve seen cited frequently: dark-of-night downloads. If a lawyer is downloading an unexpectedly high volume of documents to his local drive, it is a possible indicator of imminent departure. Securing and tracking have become essential and complementary functions that firm are looking for in their confidentiality management toolkit.
• It was a productive forum for risk professionals to ask their peers how they approach different issues, like preparing for client audits.

Be Heard -- 2011 Risk Blog Reader Survey

Last week, legal ethics maven Bill Freivogel was kind enough to submit a public endorsement of the blog. (I won’t produce it verbatim as it now resides on the right side of the web view of the blog.)

This bit of encouragement led to additional reflection – Over the past two years, the Law Firm Risk Management Blog has grown significantly. Today our diverse and significant readership reflects the importance law firms and related stakeholders (insurers, technologists, consultants) place on risk issues.

We'd like to know more about you, our readers. So please join your peers and take a few moments to participate in the 2011 Risk Blog Reader Survey.

Plans are already in the works for 2012 blog and Risk Roundtable programs, including surveys. Your input can help shape our direction.

Law Firm Risk Management Software : 2011 Product Adoption Survey Data

 

The International Legal Technology Association (ILTA) published its annual technology survey. The report provides key data about decisions law firms are making when adopting software related to risk management. The complete report, with detailed breakouts across several categories, is available via ILTA.

Here's a slice of that, summarizing large law firm (700 or more lawyers) use of commercially-available software that supports risk management functions:

Electronic Records Management

• Autonomy / iManage -- 25%
• CA Records -- 10%
• DM / DOCS (Open Text) -- 5%
• LegalKEY (Open Text) -- 5%

Ethical Screens / Information Barriers / Confidentiality

• Wall Builder (IntApp) -- 72%
• CompliGuard Protect (The Frayman Group) -- 20%
• iMPrivate (DocAuto) -- 4%
• SecurityGuard (Olson Consulting) -- 4%
• WincWall (Wertheim Global Solutions) -- 0%
• MasterEthics (RBRO Solutions) -- 0%
• The Wall (Younts Consulting) -- 0%

(For additional data on confidentiality software adoption by firms with 150-349 and 350-699 lawyers, see the Legal Technology Insider.)

Docketing

• CompuLaw -- 35%
• CPI -- 23%
• MA3000 -- 18%
• PATTSY -- 18%
• Microsoft Outlook -- 9%
• Aderant -- 13%
• ProLaw -- 10%
• Law Bulletin -- 8%
• LegalKEY -- 5%
• Amicus -- 3%
• CourtAlert -- 3%
• IPMaster -- 3%

Conflicts Management

• LegalKEY (Open Text) -- 40%
• Elite (Thomson) -- 28%
• Aderant -- 13%
• Accutrac -- 3%

Law Firm Ethical Walls and Confidentiality Screens: Not Just for Conflicts

Nancy Beauchemin, president of law firm client intake and record management consultancy InOutsource, recently published an excellent article on law firm confidentiality management: "Ethical Walls and Confidentiality Screens: Not Just for Conflicts."

The piece provides a concise summary of the expanding confidentiality drivers facing law firms, from traditional scenarios like waiver-driven ethical screens, to expanding regulatory rules and increasingly stringent client outside counsel guidelines:

• "Today, law firms are applying confidentiality screens for a variety of reasons, including an increasingly complicated legal and regulatory environment that demands compliance with record-keeping requirements defined by their clients. Law firms are realizing that they must know where their information resides and how it is accessed and stored before they can protect it from inadvertent disclosure. Clients will sometimes exercise their right to audit a firm’s internal record-keeping processes to ensure compliance with their guidelines. In a legal proceeding, courts will require evidence that policies were consistently followed."

She cautions firms about the need to understand and update their current practices:

• Law firm confidentiality policies are often disconnected from requirements mandated by clients and regulatory bodies. Firms need to understand where they have gaps and commit to correcting deficiencies in policies and use of technology to ensure that their clients’ confidential information is protected.
• Ideally, repositories and applications that store confidential client matter information should be centrally maintained and managed by a firm’s IT department, and all client matter information should be readily identifiable by the applicable client matter.
• The screening function should be centralized within the office that is primarily concerned with risk management and loss prevention issues. This is sometimes the responsibility of the firm’s general counsel.
• There must be immediate and direct communication with affected users, records and IT staff. Screening processes should be documented and require affected individuals to acknowledge and comply with the screen.
• Screens should be regularly reviewed and removed when no longer needed. There should also be policies to notify appropriate governing bodies and clients of data breaches.

Law Firm Outside Counsel Guidelines: Webinar Recording Now Available

Content from our October webinar on managing risk and response to outside counsel guidelines is now online, for those who missed the live session:

1. Responding to Outside Counsel Guidelines -- Thanks again to our panelists. We welcomed another large group (100+ attendees) who heard speakers from Holland & Knight (Gilda Russel), Orrick, Herrington & Sutcliffe (Mike Guernon), and McKenna Long & Aldridge (Paul Hurdle).

Those who registered but were not able to attend these events should have received a link to the video recordings via email. Others interested in these sessions can view them online: [Law Firm Risk Management Webinars].

Update: Imputation Risk and Joint Defense Agreements

Eighteen months ago we noted Nintendo's move to disqualify plaintiff's counsel in a patent suit, arguing that a lawyer at the firm was exposed Nintendo's confidential information through participation in a previous,  unrelated joint-defense matter.

At the time, the plaintiff's firm's managing partner noted that if Nintendo prevails it would be: "extremely risky for a company entering into an joint defense agreement in that all knowledge is imputed to everyone in your organization. Companies often enter into joint defense agreements with their own competitors."

Now comes an update from a few turns later:

• World 2-1: The district court did indeed disqualify the firm, agreeing that the joint defense agreement provision in which the parties agreed not to seek future disqualifications did not apply once the lawyer in question moved from AMD to another organization. (A second judge dissented.)
• World 3-1: The U.S. Court of Appeals for the Federal Circuit overturned. No Disqualification Where Disclosure of Confidential Information Controlled by Joint Defense Agreement: "Considering the joint defense agreement as a whole and its use of the term “respective counsel” throughout, the Court rejected Nintendo’s argument, reasoning that Nintendo should have had the expectation that Cooper was a “respective counsel” who would be bound by the agreement’s confidentiality provisions. By analogy, the Court ruled that Cooper was also a “respective counsel” for purposes of the agreement’s waiver provision. Having so ruled, the Court granted the petition for writ and vacated the district court’s decision disqualifying F&B." (A second judge also dissented in this instance.)

[8/11: See also good discussion on this at the Legal Ethics Forum.]

Risk News & Updates: Conflicts of Interest, Side-Switching, Disqualification, ABA 20/20 Update

• Wachtell Switched Sides in United Technologies - Goodrich Deal – "...after working with Goodrich on the deal for months, the law firm — one of the most prominent firms in corporate M&A — switched sides and began working with United Technologies, according to a regulatory filing released today."
• ABA Ethics 20/20 Commission, which "Stands by Plans to Propose Latitude for Firms to Have Nonlawyer Owners," is working to extend the time frame for it to submit recommendations across all of the topics under consideration: "...if additional funding can be obtained, the panel's work will continue for an additional six months. Under this plan, commissioners will submit about half of their proposals for the delegates' review in August [2012], with the remaining recommendations to be presented for consideration in February 2013."
• Overzealous disqualification in Lewis v. State – A school superintendent, charged with crimes including corruption, hired Alston & Bird to represent him. The prosecutor successfully moved to disqualify the firm because it also represented "the employer of a witness for the State, albeit with respect to matters unrelated to both the witness and the prosecution." Upon review, the Court of Appeals overturned the decision as unwarranted and overreaching given the facts of the matter and applicable rules: "The record reveals merely that Alston & Bird has a relationship with Parsons. The remainder of the case for disqualification consists of one conjecture piled upon another."
• Nevada Supreme Court Adopts Disqualification Rule for Use of Information From Anonymous Source – "The Nevada Supreme Court held that a lawyer who received and used information regarding a case from an anonymous source should not be disqualified because he had promptly notified opposing counsel of the anonymous disclosure and did not review any privileged information contained in it."
• Finally, the oft-cited hypothetical divorce consultation/conflict scenario (aka "The Tony Soprano Maneuver") recently played out in real life: Firm’s Links to Both Sides in Divorce Result in Total Denial of Attorneys’ Fees.

"Side Switching" Decision: When Screening, It Helps to Actually Screen

[h/t to Bill Frievogel]. In Martin v. AtlantiCare, 2011 U.S. Dist. LEXIS 122987 (D.N.J. Oct. 25, 2011) the US District Court for the District of New Jersey disqualified a side switching lawyer.

A lawyer who performed material work for one side of a lawsuit moved to the firm representing the other side. The new firm argued it screened the incoming lawyer, who performed limited work on the matter.

But a judge disagreed, ruling that the lawyer had "primary responsibility" on the matter, which was enough to trigger the disqualification. The court also noted that even if the lawyer was less involved, the new firm's screening measures were significantly lacking and the firm would be disqualified on those grounds due to facts including:

• The screening notification was only oral, with no written document distributed among firm personnel
• The firm admitted that it did not even have a general written screening policy
• No notice was giving to opposing counsel regarding the movement of the lawyer, the screening of the lawyer or the screening measures employed
• Physical materials were not secured. The oral notification instructed that she "can't touch this file" and "can't go into that file drawer herself."
• Electronic information was not secured. The oral notification instructed the affected lawyer: not to "click on AtlantiCare on the case management system."

Interestingly, the opinion notes: "Although there is no definitive New Jersey guidance on the elements of an effective screen, the Court has no hesitation in finding CM's procedure inadequate." It goes on to repeatedly drive home the extent to which the disqualified firm missed the mark: "the file was not specially secured or 'kept under lock and key,' LG and CM's employees did not acknowledge in writing CM's procedures, and LG was not 'locked out' of the AtlantiCare file on CM's computer system."

Upcoming Roundtable Sessions Set for Toronto, Atlanta & Houston

Our next Risk Roundtable events are now scheduled for:

• Atlanta -- November 10, hosted by Ogletree Deakins
• Houston -- November 11, hosted by Baker Botts
• Toronto -- November 15, hosted by Fasken Martineau

The Atlanta and Toronto sessions will follow our standard approach of a brief update on industry risk news and trends, followed by moderated group discussion concerning issues of interest to attendees. We always invite registrants to participate in a pre-meeting survey, to help shape each session's agenda.

Based on local firm interest, the Houston session will focus on the ISO 27001 information security standard for law firms, building on the success of the recent New York Roundtable the same topic. It will feature a presentation by Andrew Rose, Principal Analyst, Forrester Research:

• Andrew is a leading expert in information security and risk management, ISO27001 frameworks, information security strategy; and governance, risk, and compliance (GRC) initiatives. Prior to joining Forrester, Andrew was a CISO in the legal sector. He transformed security management for two major global law firms, leading them both to ISO27001 certification.

Event attendance is by invitation only and is limited to qualified law firms and personnel. Please contact dan@riskroundtable.com for more details.

Risk News & Updates: Conflicts, Advance Waivers & More

• Firm’s Agreement With Opposing Party Creates Unconsentable Conflict – "The U.S. Court of Appeals for the Second Circuit held that an agreement between an opposing party and a law firm which called for the firm to aggregate its clients’ claims created a unconsentable conflict ... This opinion demonstrates how a conflict of interest can help form the basis for certain civil claims."
• Loyalty under Attack: The Pernicious Prospective Waiver – [h/t Legal Ethics Forum] – Lawrence J. Fox, a partner with Drinker Biddle offers provocative words against advance waivers and informed client consent: "Can one imagine a more Orwellian definition of informed consent? You’ve given informed consent because you are a sentient being who knows he or she is uninformed. The entire argument makes a mockery of the rules, in effect saying, not that these lawyers have obtained 'informed consent' but that these lawyers are above the rules, that when one deals in the rarified air of AmLaw 100 law firms and their clients, there are no ethical boundaries."
• "Inexcusable" ABS delay could cost [UK] law firms – "The 'inexcusable delay' in enabling the Solicitors Regulatory Authority to start licensing alternative business structures (ABSs) could make private investors think twice about entering the legal sector, the head of corporate finance at accountants Baker Tilly said this week."

Report from Yesterday's San Francisco Risk Roundtable Session Hosted at Orrick

Yesterday we held, a Risk Roundtable session in San Francisco. Many thanks to Orrick for hosting. Brian Lynch delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sent his customary summary of the wide ranging group discussion:

• Dan – We returned to San Francisco with our Risk Roundtable series. Today at Orrick we discussed legal trends in the US, UK, and Canada, spending a good portion of our time on disruptive technologies, more extensive client requirements, and defensible solutions for reducing the risk of insider trading.
• Mike Guernon of Orrick shared with the group their approach for using technology to simplify the risk management process. In many ways, the volume and complexity of information barriers was becoming very difficult to manage, and technology played a key part in freeing up the risk group to focus on other pressing issues.
• One of our attendees spoke about the dangers of disruptive technologies, how it's affecting the way lawyers work, and the security concerns they raise. With the recent breach at Dropbox, all firms should definitely take a look at where their lawyers are storing client work product outside of the four walls of their firms.
• It was a productive forum for risk professionals to ask their peers how they approach different issues, like balancing knowledge sharing and security or ensuring compliance with outside counsel guidelines. A good session with lots of food for thought.

We'll be announcing several regional additional Risk Roundtables Shortly...

Concerning Conflicts...

An assortment of conflicts management scenarios in the news recently:

• BofA seeks to oust AIG law firm from $10 billion case – They allege a partner working on behalf of AIG previously defended entities now owned by BofA: “…a London-based partner at Quinn Emanuel Urquhart & Sullivan. He is no longer working on the American International Group Inc case following Bank of America's objections, the bank said in the filing, made late on Monday.”
• Fordham law professor and legal ethics expert James Cohen weighed in against the motion to disqualify : "I don't think there is a conflict. They are unrelated matters and his representation of Merrill and First Franklin is more than two years in the past. The mere claim that a lawyer developed a strategy for defending this kind of lawsuit does not mean the lawsuits are significantly related." He also noted "...it could prove 'problematic' if presiding judge Barbara Jones decided Becker was not screened fast enough, but that an effective screen could address this issue."
• Firm disqualified 9 years after client interview – Prudential Insurance successfully disqualified a firm it argued received confidential information about the litigation at hand when it interviewed it as potential counsel: “Prudential representatives had spoken with lawyers from DeCotiis in November 2002 so that the firm could represent Prudential in the litigation, but Prudential decided to go with another firm the next day.”
• John Edwards affirms retention of counsel accused of conflicts – “Earlier this month, federal prosecutors filed a motion with the court requesting a hearing on the government’s contention that Lowell’s previous representation of two likely prosecution witnesses could impact Edwards’ constitutional rights to an attorney free of conflicts.” (For his part, Edwards says he’s “waiving any such conflict.”)
• Reexamining conflicts of interest in the current economic environment – Argues that clients should be cautious about identifying and waiving conflicts: “…one takeaway from the Great Recession, and specifically from the proliferation of litigation that has followed, is the importance of thoroughly vetting potential conflicts of interest when choosing outside counsel.” The author explores a recent case of a firm accused of representing both a mutual fund and advisor to the fund.
• Do contingency agreements create conflicts? – DLA Piper tried to get King & Spalding disqualified, arguing that its contingent fee agreement would cause the firm to push back against a settlement offer short of its own $35m “break even” point. A judge denied the motion, citing factors including the high cost to the client of having to change firms five years into the litigation.

Report from Yesterday's Chicago Risk Roundtable Session Hosted at Foley & Lardner

Yesterday we held, a Risk Roundtable session in Chicago. Many thanks to Foley & Lardner for hosting. Brian Lynch delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sent his customary summary of the wide ranging group discussion:

• Dan – We kicked off our Fall series of the Risk Roundtable at the Foley offices in Chicago. We discussed legal trends in the US, UK, and Canada, spending a good portion of our time on recent decisions regarding disqualification motions.
• Outside counsel guidelines continue to be a growing source of work for risk teams - federal government agencies seem to be creating requirements that are much more aggressive than those from the private sector. "Outside counsel management" has become a cottage industry for consulting firms. [Ed: See our upcoming webinar on this topic.]
• Foley shared with the group their approach for centralizing regulatory compliance. Many issues - ranging from unauthorized practice to lobbyist activity reporting to ITAR - fall within the scope of their Loss Prevention department. Kirkland & Ellis mentioned that they have a similar structure. It enables them to consistently apply appropriate controls and frees up lawyers to focus on billable work.
• It was a productive forum for risk professionals to ask their peers how they approach different issues, like balancing knowledge sharing and security or ensuring compliance with outside counsel guidelines. A good session with lots of food for thought.

Our next Risk Roundtable meeting will take place October 24th in San Francisco. Watch this space for more details. (If you'd like to join us in San Francisco, or host a Risk Roundtable in your neck of the woods, please feel free to get it touch: dan@riskroundtable.com.)

Facing Conflicts Allegations, Law Firm Representing Solyndra Cites Ethical Screen

Facts continue to come to light around the controversy underlying government loan guarantees to the now bankrupt Solyndra solar power company. Now Wilson Sonsini Goodrich & Rosati stands accused of a conflict in connecting with its work represented the company.

The firm worked with Solyndra on its aborted $300m IPO last year, among other matters, generating $2.4m in fees. As it turns out, a corporate partner at the firm was married to a senior official in the US Energy Department's loan guarantee oversight group (Steven Spinner). Information is coming to light alleging that Spinner exercised influence behind the scenes to push through loan guarantees for the firm.

As The American Lawyer reports: Spinner "...had pushed hard for the Obama administration to provide Solyndra with the loan that helped sink it."

When approached about the connect, Wilson Sonsini stated: "Allison [Spinner] did not work on the Solyndra transaction, nor has she ever worked with the company in any capacity... Also, the firm established an ethical wall around Allison with respect to [Wilson Sonsini's] representation of clients in matters involving [Energy Department] loan programs."

Furthermore, "No one from Wilson Sonsini was permitted to 'discuss or otherwise communicate' about those matters with Spinner, the firm said in its statement."

Screening & Confidentiality vs. Knowledge Sharing

Heenan Blaikie partner Simon Chester is an acknowledged leader in law firm professional responsibility and risk management issues. He recently published an article in Managing Partner Magazine entitled: "Managing Screens," which explores the tension between tightly controlling access to sensitive client (and firm) information and fostering internal sharing, which he characterizes as: "the potential of exploiting collective professional knowledge."

• "What has changed is that, in the past decade, so-called ethical screens have proliferated within law firms. Ethical screens are what used to be called Chinese walls: institutional mechanisms combined with technological safeguards and personal undertakings which ensure that confidential information is tightly protected."
• "These are also used when clients or courts require objective safeguards to ensure that confidentiality will be strictly maintained on a need-to-know basis. For example, firms which are retained to act on hostile takeover bids will generally open files under code names and limit access to market moving information."
• "Most large Canadian law firms have over 500 screens at any one time and, once erected, they are notoriously slow to get dismantled."
• "Why does this matter for KM? Because once a client and its matters are screened off, the entire contents of those files are unavailable for future use. It is as if that knowledge doesn’t exist in the firm."

He argues several provocative implications of the growing confidentiality trend: "At a certain point, the number of screens will not merely make KM impossible but will make the firm less than a partnership and more like a group of solo lawyers or small firms working within a scattered archipelago of practice."

And goes on to provide several suggestions and approaches for "creatively managing the tension between KM and professionalism."

Webinar: Responding to Outside Counsel Guidelines (CLE Eligible)

Following last month's webinar on managing risk tied to lateral hiring and law firm mergers, we're pleased to announced an October webinar on managing risk and response to outside counsel guidelines:

Date: Tuesday, October 18
Time: 9 am Pacific / 12 pm Eastern / 5 pm BST

Description: In the past five years, outside counsel guidelines ("OCGs") have become more commonplace and more stringent. The legal services world has shifted, as corporations (and their law departments) are being held to stricter budget accountability and risk management standards. Law departments have, in turn, held their external counsel to these same higher standards. In many ways, clients have become the true regulators.

When outside counsel guidelines are not appropriately reviewed or are not well-communicated to affected groups, firms open themselves to significant risk and exposure. Facing a variety of guidelines, a constant flux of new client intake activity and diverse (and sometimes decentralized) procedures, prudent firms can work to limit their risk by taking steps including:

In this session, panelists from : Holland & Knight, Orrick, Herrington & Sutcliffe, and McKenna Long & Aldridge will explore topics including:

• Establishing a firm committee or designee to review all OCGs before they are accepted
• Keeping OCGs in an accessible repository, available to risk and account department personnel for review
• Familiarizing risk management staff with any exceptional conditions laid out in these agreements, especially non-standard conflict protections or client information that should be treated as especially sensitive or confidential
• Similarly familiarizing the accounting department with exception and non-standard conditions tied to rates, billing structures, or mandated technologies for invoice submission

IntApp's Brian Lynch will moderate this discussion featuring representatives from the Risk Roundtable Compliance Consortium, a working group focused on developing risk response guidelines:

CLE Credit: Certificates will be provided to attendees upon request. (Attendees outside of California are responsible for confirming CLE reciprocity in their particular jurisdiction.)

Attendance: Attendance is by invitation only. Risk Roundtable members and qualified parties are invited to request more information by emailing: dan@riskroundtable.com.